Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Functions scCryptolType and mkTypedTerm considered harmful #718

Closed
brianhuffman opened this issue May 17, 2020 · 7 comments
Closed

Functions scCryptolType and mkTypedTerm considered harmful #718

brianhuffman opened this issue May 17, 2020 · 7 comments
Assignees
@brianhuffman
Labels
tech debt Issues that document or involve technical debt

Comments

@brianhuffman
Copy link
Contributor

Function scCryptolType from module Verifier.SAW.Cryptol in package cryptol-verifier should pretty much never be used. Nor should function mkTypedTerm from module Verifier.SAW.TypedTerm, or scCryptolEq from module Verifier.SAW.Cryptol, which are defined in terms of it.

The main problem is that scCryptolType can call error or panic if it is given a type that it cannot recognize as corresponding to a Cryptol type. The second problem is that it is supposed to be an inverse function to importType, which converts a Cryptol type to a saw-core term, but it's not: importType is not injective, so even if it works, it may return a different Cryptol type than the one you started with.

Unfortunately scCryptolType and especially mkTypedTerm are used in lots of places in saw-script. Every one of these uses is a potential bug or panic waiting to happen. We need to remove all of them.
@brianhuffman brianhuffman added the tech debt Issues that document or involve technical debt label May 17, 2020
@brianhuffman brianhuffman mentioned this issue May 18, 2020
Closed
@brianhuffman brianhuffman self-assigned this May 19, 2020
brianhuffman pushed a commit that referenced this issue May 19, 2020
Remove unnecessary calls to mkTypedTerm.
f7bb948 
This is a step toward fixing #718.

The use of mkTypedTerm is redundant in these cases in the
SAWScript.Prover modules, as the computed schema in all cases
is only used to check that the return type is Bool, and the
prior calls to `propToPredicate` already ensure that.
@brianhuffman brianhuffman mentioned this issue May 29, 2020
Merged
@brianhuffman brianhuffman mentioned this issue Jul 21, 2020
Open
@brianhuffman
Copy link
Contributor Author

The fundamental reason why scCryptolType and mkTypedTerm are a problem is that the mapping from Cryptol types to saw-core types is not injective. Honestly, that is probably the real problem we should fix, especially considering issues like #878.

@robdockins
Copy link
Contributor

Do we have a plan for addressing this?

Ultimately, I think the problem here is assuming that a Term always has a corresponding Cryptol type. I've run into a situation where I'd like to represent a tuple containing the arguments to a SAWCore function, but those arguments contain things that don't have corresponding Cryptol value types (Cryptol.Num, in particular).

Maybe we should just get rid of the TypedTerm construct altogether?

@robdockins
Copy link
Contributor

See also #1248

@robdockins
Copy link
Contributor

Or, perhaps less drastically, make TypedTerm basically have a Maybe Schema to recognize that some SAWCore terms don't make sense as Cryptol values.

@brianhuffman
Copy link
Contributor Author

Yes, making TypedTerms have a Maybe Schema is something I've been thinking about for a while. It's definitely important for some TypedTerms (i.e. things of saw-script type Term) to have a cryptol type, so that we can refer to them from within cryptol syntax and use the cryptol type checker. But it makes sense to have terms with more general non-cryptol types too.

The other thing I want to do is make a new saw-core encoding of cryptol tuples and records (again) so that the mapping from cryptol types to saw-core types is injective. Instead of getting rid of scCryptolType and mkTypedTerm, the goal should be to make it so that we can implement them properly: For terms translated from cryptol, they should faithfully return the original cryptol type, and they should return a Maybe Schema so that they never need to panic or call error.

@robdockins
Copy link
Contributor

OK, I think I'm going to take a crack at making TypedTerm appropriately partial, since that's what I need for the moment.

robdockins added a commit that referenced this issue May 25, 2021
@robdockins
Actually pass through the replacement value tuples.
058b772 
This currently fails because `mkTypedTerm` doesn't know what
to do with `Cryptol.Num` values, etc.

CF #718
@robdockins robdockins mentioned this issue Jun 11, 2021
Merged
robdockins added a commit that referenced this issue Jun 15, 2021
@robdockins
Actually pass through the replacement value tuples.
b3fd9ae 
This currently fails because `mkTypedTerm` doesn't know what
to do with `Cryptol.Num` values, etc.

CF #718
robdockins added a commit that referenced this issue Jun 16, 2021
@robdockins
Reimplement extract_uninterp via the new term model.
2bcfaf8 
Actually pass through the replacement value tuples.

This currently fails because `mkTypedTerm` doesn't know what
to do with `Cryptol.Num` values, etc.

CF #718

Make `extract_uninterp2` return tuples containing only the
Cryptol-value arguments to an uninterpreted function.
robdockins added a commit that referenced this issue Jun 16, 2021
@robdockins
Reimplement extract_uninterp via the new term model.
ea6dd69 
Actually pass through the replacement value tuples.

This currently fails because `mkTypedTerm` doesn't know what
to do with `Cryptol.Num` values, etc.

CF #718

Make `extract_uninterp2` return tuples containing only the
Cryptol-value arguments to an uninterpreted function.
@brianhuffman brianhuffman mentioned this issue Mar 16, 2022
Open
@brianhuffman
Copy link
Contributor Author

Closing because avoiding scCryptolType and mkTypedTerm is not the right long-term approach in my opinion; we should just make them work correctly and return Maybe types. This will require fixing #1613.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianhuffman brianhuffman

Labels
tech debt Issues that document or involve technical debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brianhuffman @robdockins