forked from yav/sbv
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reject existential quantifiers in proof-mode queries.
- Loading branch information
1 parent
60cfa3d
commit ae2adfa
Showing
1 changed file
with
8 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joelburget Do you have an example SBV program that actually triggers this?
ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LeventErkok I have two answers which might help
@bts build a "tagging" system for our program analysis work, which uses a bunch of free variables, one for every point in the control-flow graph, to get the value of points within the execution of a program, ie, a trace. It looks like our uses of free in this system were causing this check to throw.
The simplest example I have is this:
Which fails with:
I believe (?) this should succeed.
ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. The issue here is that if you have a
query
, you're supposed to call it withrunSMT
; not withprove
etc. I think the fix should be in that direction. i.e., this should be rejected because you used aquery
call but in aprove
context. I thought I added that check, but obviously it's not working. I'll take a look.ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tracking this here now: LeventErkok/sbv#459
ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LeventErkok FWIW my example was perhaps a bit oversimplified. We're actually using
runSymbolic
, closer to this:ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an illegal use as well, and should be rejected too :-)
I'm working on a patch that'll reject all of these. The only legitimate way to have a
query
is to call viarunSMT
.ae2adfa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be clear: Returning an
SBool
out of the symbolic computation is dangerous. This is actually a known bug dating back to 2013 or so: LeventErkok/sbv#71We really need a
runST
like trick to avoid these right at the type level, but it is costly and complicates the use cases.