Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not recheck postconditions for lemmas #214

Open
mtzguido opened this issue Sep 17, 2024 · 1 comment
Open

Do not recheck postconditions for lemmas #214

mtzguido opened this issue Sep 17, 2024 · 1 comment

Comments

@mtzguido
Copy link
Member

In this module, we have a lemma hardpost whose spec is "hard" to verify (in this case, it's actually incorrect, so this example is not brittle). After verifying it, in this case just admitting it, we should be able to call without any further checking of the spec, but that is not the case, as test0 below fails.

module PostRecheck

#lang-pulse
open Pulse

#push-options "--admit_smt_queries true"
assume
val hardpost (x:int) : Lemma (1/x > 0)
#pop-options

fn test1 ()
  requires emp
  ensures emp
{
  hardpost 1;
  ();
}

fn test0 ()
  requires emp
  ensures emp
{
  hardpost 0;
  ();
}

This does not seem to happen for stt and stt_ghost functions, so maybe that's a workaround.
@gebner
Copy link
Contributor

gebner commented Sep 17, 2024

This does not seem to happen for stt and stt_ghost functions, so maybe that's a workaround.

Because Aseem fixed it in #23 (bug #11).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gebner @mtzguido