silicon icon indicating copy to clipboard operation
silicon copied to clipboard

Published 20 hours ago verified publisher icon viperproject

Corner-case incompleteness with vacuous magic wand

Open mschwerhoff opened this issue 4 years ago • 0 comments

Silicon fails to assert false after a vacuous wand has been applied. The program originates from the discussion around #485.

field val: Bool

method first(x: Ref)
    requires acc(x.val)
    ensures acc(x.val)
    ensures acc(x.val) --* acc(x.val) && x.val
{
    package acc(x.val) --* acc(x.val) && x.val {
        assume x.val == true // In general unsound
    }
}

method second(x: Ref)
    requires acc(x.val)
{
    first(x)
    x.val := false
    apply acc(x.val) --* acc(x.val) && x.val
    assert x.val == true
    assert x.val == false // Fails in Silicon, but not in Carbon
    assert false          // Likewise
}

mschwerhoff avatar Apr 08 '20 09:04 mschwerhoff