Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect optimization for inhale-exhale expressions #461

Open
gauravpartha opened this issue May 31, 2023 · 0 comments
Open

Incorrect optimization for inhale-exhale expressions #461

gauravpartha opened this issue May 31, 2023 · 0 comments

Comments

@gauravpartha
Copy link
Contributor

Carbon omits well-definedness checks for inhale and exhale of assertions in cases where Carbon has already checked that those assertions are self-framing. For example, Carbon emits a single self-framing check for every precondition and then omits the well-definedness check when exhaling preconditions as part of a method call. This optimization is in general correct, but Carbon also applies it in cases where the assertions contain perm expressions in which case it is incorrect, because Carbon always does self-framing checks starting from the empty mask.

The following example, which verifies in Carbon, shows the incorrect behavior:

field f: Ref
field g: Int

method callee(x: Ref) 
    requires [true, perm(x.f) > none ==> 0/0 == 0/0 ]
{ 
}

method caller(x: Ref) {
    inhale acc(x.f)
    callee(x)
}

The call to callee should fail, because perm(x.f) evaluates to 1 and thus there is a division by 0. In the self-framing check of callee's precondition Carbon does not catch any error because perm(x.f) evaluates to 0 in that context.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gauravpartha