Skip to content

fix: nondeterministic crash in grind congruence closure#13027

Merged
leodemoura merged 1 commit intomasterfrom
grind_nondet_congr_issue
Mar 21, 2026
Merged

fix: nondeterministic crash in grind congruence closure#13027
leodemoura merged 1 commit intomasterfrom
grind_nondet_congr_issue

Conversation

@leodemoura
Copy link
Copy Markdown
Member

@leodemoura leodemoura commented Mar 21, 2026

This PR fixes a nondeterministic crash in grind caused by a BEq/Hashable invariant
violation in the congruence table. congrHash uses each expression's own funCC flag to
compute its hash (one-level decomposition for funCC = true, full recursive decomposition
for funCC = false), but isCongruent only checked the stored expression's flag. When two
expressions with mismatched funCC flags accidentally hash-collided (via pointer-based
ptrAddrUnsafe hashing), isCongruent could declare them congruent despite different
argument counts, leading to an assertion failure in mkCongrProof.

The fix requires matching funCC flags in isCongruent. The PR also fixes the debug
invariant checker (checkParents) to skip funCC parents and adds a regression test for
funCC congruence.

Observed as a nondeterministic crash in Mathlib at Analysis/ODE/PicardLindelof.lean.

@leodemoura @claude
fix: nondeterministic crash in grind congruence closure
1daa9f2 
`isCongruent` checked only `e₁`'s `funCC` flag when comparing two
expressions, but `congrHash` uses each expression's own flag to compute
its hash. When `e₁.funCC ≠ e₂.funCC`, the hash values are computed via
fundamentally different paths, so declaring them congruent violates the
`BEq`/`Hashable` invariant of `PHashSet`. With pointer-based hashing
(`ptrAddrUnsafe`), the different hash computations can accidentally
collide, leading to a nondeterministic assertion failure in
`mkCongrProof`.

This PR requires matching `funCC` flags in `isCongruent`, adds a
regression test for funCC congruence, and fixes the debug invariant
checker to skip `funCC` parents (whose parent-child relationships use
one-level decomposition rather than full `getAppArgs`/`getAppFn`).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@leodemoura leodemoura added the changelog-tactics User facing tactics label Mar 21, 2026
@leodemoura leodemoura enabled auto-merge March 21, 2026 22:44
@leodemoura leodemoura added this pull request to the merge queue Mar 21, 2026
@github-actions github-actions bot added the toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN label Mar 21, 2026
@mathlib-lean-pr-testing
Copy link
Copy Markdown

mathlib-lean-pr-testing bot commented Mar 21, 2026

Mathlib CI status (docs):

  • ❗ Mathlib CI can not be attempted yet, as the nightly-testing-2026-03-19-rev1 tag does not exist there yet. We will retry when you push more commits. If you rebase your branch onto nightly-with-mathlib, Mathlib CI should run now. You can force Mathlib CI using the force-mathlib-ci label. (2026-03-21 23:35:19)

@leanprover-bot
Copy link
Copy Markdown
Collaborator

leanprover-bot commented Mar 21, 2026

Reference manual CI status:

  • ❗ Reference manual CI can not be attempted yet, as the nightly-testing-2026-03-19-rev1 tag does not exist there yet. We will retry when you push more commits. If you rebase your branch onto nightly-with-manual, reference manual CI should run now. You can force reference manual CI using the force-manual-ci label. (2026-03-21 23:35:21)

Merged via the queue into master with commit 9fa1a25 Mar 21, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

changelog-tactics User facing tactics toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leodemoura @leanprover-bot