-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More tasks completed #12
base: main
Are you sure you want to change the base?
Conversation
@parno could you review please? |
Yes, I should be able to review this either tomorrow or Wednesday at the latest. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all of your hard work on this! I've added a small collection of comments.
result.len() == n + 1, | ||
forall|i: int| | ||
#![trigger result[i]] | ||
0 <= i < result.len() ==> result[i].is_some() ==> result[i].unwrap() == spec_tri( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we strengthen the None case to say that None implies that spec_tri(i) > u32::MAX
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can, but I don't think it's very easy to prove that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it should be straightforward to prove that spec_tri
is monotonic, which then means that if you locally discover that your computation of spec_tri(x)
overflows (i.e., doesn't stay in bounds), then you can use the monotonic property to say that spec_tri(n)
for any n > x
would also overflow, so you're justified in returning None
No description provided.