Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simple use of lemmas for preconditions (feature request?) #218

Open
BLepers opened this issue Jun 2, 2016 · 4 comments
Open

Simple use of lemmas for preconditions (feature request?) #218

BLepers opened this issue Jun 2, 2016 · 4 comments

Comments

@BLepers
Copy link

BLepers commented Jun 2, 2016
edited
Loading

Imagine I have the following lemma:

def lemma(l:List[A], e1:A, e2:A) = {
   e1.prop == e2.prop ==> cond(l, e1) == cond(l, e2)
}.holds;

and the following code:

case class B(l:List[A], e:A) {
   require(cond(l, e))
}

def f(b:B):B = {
   B(
        l,
        A(... with same .prop as b.e ...)
    ) // leon cannot prove that B can be built without the lemma
}

What is the best way to make sure that Leon can prove that the new B can be built ? (The precondition for creating B holds because of the lemma.)

if(lemma(l, b.e, A(...))) B(...) else error[]("...") // works but messes up postconditions

check(lemma(...)) //ok
B(...) // ko, lemma has been forgotten

I was wondering if it would be possible to write something such as:

B(...) because lemma(...) // or any better syntax

(Or have Leon remember what it "check(...)'ed" before.)

Sorry if a method already exists in Leon to do that or if the issue has already been raised! :)
@MikaelMayer
Copy link
Collaborator

B(...) because lemma(...) as you say can be represented as:

assert(lemma(...))
B(...)

But this would be nice to have the because statement. Would you think it would be clearer?

@BLepers
Copy link
Author

BLepers commented Jun 2, 2016

assert would be a nice solution, but it doesn't seem to work on my code :(

Scheduler.txt

   def insertBack(c: Core, t: Task): Core = {
      require(!contains(c.tasks, t))
      if(containsEquivLemma(c.tasks, t, tick(t))) {
         Core(c.id, sortedIns(c.tasks, tick(t)), None[Task]())
      } else {
         error[Core]("Tick changes task id\n");
      }
   }

   def insertBack2(c: Core, t: Task): Core = {
      require(!contains(c.tasks, t))
      assert(containsEquivLemma(c.tasks, t, tick(t)));
      Core(c.id, sortedIns(c.tasks, tick(t)), None[Task]())
   }

   leon Scheduler.scala --functions=insertBack,insertBack2
   // verifies insertBack but does not finish (precondition of sortedIns) on insertBack2

Am I missing something?

@MikaelMayer
Copy link
Collaborator

@regb @colder @samarion @manoskouk
Me too I want to use "assert" rather than if/else error. Anybody knows why it is not working? How did you implement assert?

@samarion
Copy link
Member

samarion commented Jun 2, 2016

@manoskouk disabled it (see TransformerWithPC). It's tagged with "to discuss", any reason we wouldn't want these?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BLepers @samarion @MikaelMayer