Verify The Jackbot 10684

[kammola]

No description provided.

[kammola]

@vakaras

[fpoli]

Could you remove the .DS_Store files from the PR?

[kammola]

Could you remove the .DS_Store files from the PR?

Done.

[vakaras]

@kammola The tests are failing because on CI we test with the overflow-checks enabled while IDE by default has them disabled. Here are the instructions on how to enable the checks in the IDE.

[vakaras]

I would say that it is not obvious that this function is computing the result we want it to compute. Therefore, we need to prove that this is indeed the case. One idea would be to do this as follows:

1. Write a function solve_naive(seq: &VecWrapperI32) -> i32 that solves the problem by using two nested loops (one loop checks all possible start positions of the subsequence, and the second one computes all possible sums that start at that position).
2. Prove that solve_rec(seq, seq.len()) >= solve_naive(seq) (it should be much easier to prove >= than ==).

Is it clear how to do that?

[kammola]

I will try to do it and see if I manage.

[vakaras]

If you get any questions, please let me know.

[kammola]

I have changed it but I am facing overflow problems now. Is there a way to avoid that or should I also verify the overflow won’t happen?

[vakaras]

I have changed it but I am facing overflow problems now. Is there a way to avoid that or should I also verify the overflow won’t happen?

I think the final version should be verified to be overflow free. Please let me know if you get problems with this.

[kammola]

I have changed it but I am facing overflow problems now. Is there a way to avoid that or should I also verify the overflow won’t happen?

I think the final version should be verified to be overflow free. Please let me know if you get problems with this.

The final version gives me overflow problems

[vakaras]

I have changed it but I am facing overflow problems now. Is there a way to avoid that or should I also verify the overflow won’t happen?

I think the final version should be verified to be overflow free. Please let me know if you get problems with this.

The final version gives me overflow problems

The task description says that each number is not larger than 1000. Adding this to the precondition and propagating down should allow convincing Prusti that there are no overflows.

[kammola]

I have changed it but I am facing overflow problems now. Is there a way to avoid that or should I also verify the overflow won’t happen?

I think the final version should be verified to be overflow free. Please let me know if you get problems with this.

The final version gives me overflow problems

The task description says that each number is not larger than 1000. Adding this to the precondition and propagating down should allow convincing Prusti that there are no overflows.

I am trying to add this condition #[ensures (result >= -1000 && result <= i * 10000)] , but i is usize and result is i32. it. gives me the error expected i32 found usize. is there a way to do the multiplication in the condition?

[fpoli]

I am trying to add this condition #[ensures (result >= -1000 && result <= i * 10000)] , but i is usize and result is i32. it. gives me the error expected i32 found usize. is there a way to do the multiplication in the condition?

Have you tried #[ensures (result >= -1000 && (result as u128) <= (i * 10000 as u128))]?

[kammola]

I am trying to add this condition #[ensures (result >= -1000 && result <= i * 10000)] , but i is usize and result is i32. it. gives me the error expected i32 found usize. is there a way to do the multiplication in the condition?

Have you tried #[ensures (result >= -1000 && (result as u128) <= (i * 10000 as u128))]?

Prusti complains without reporting the error. It gives an error at the beginning of the file whenever I use casting.

[fpoli]

Prusti complains without reporting the error. It gives an error at the beginning of the file whenever I use casting.

Uh, thanks for reporting that. PR #253 should fix the error reporting.

We actually don't support casting between usize and other integer types, because Rust gives no guarantee about the range of usize. I didn't remember that. The issue #252 that you opened mentions the proper solution.

[vakaras]

@kammola x as usize should work now if you compile Prusti from source code. (You can find the instructions in the developer guide.)

[vakaras]

@kammola I have added instructions on how to use a locally built version in Prusti Assistant: https://viperproject.github.io/prusti-dev/dev-guide/development/setup.html#using-locally-built-version-in-prusti-assistant

[Aurel300]

Does this work with an #[extern_spec] implementation, like here?

[vakaras]

Does #[extern_spec] allow adding a pure lookup function? (As far as I remember there were some serious problems with supporting the Index and IndexMut traits.)

[kammola]

I tried but I also couldn't find a way to support lookup.

[Aurel300]

Ah yes, you're right, the encoding panics when trying to call such a function. I suppose you could write a trusted wrapper only for the lookup function but then it's more messy.

[vakaras]

LGTM

[Aurel300]

Only noticed this now unfortunately; there is a typo in the folder name, should be "competitive".