-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add by { ... }
block to method calls
#5582
Comments
This is existing discussion on this topic here: #5192 |
by { ... }
block to method calls
I argue that the same functionality is useful for function calls. For example, one may want to hide the proof of function F(x: int): int {
var r := Foo(x) by {
ProveP(x);
}
assert R(r); // I'm imagining that R(r) is the precondition to Roo(r)
Roo(r)
} |
I don't follow your example well. Did you make any typos? However, expressions, in which function calls occur, already have a space for specifying proofs that are specific to that expression, using expression statements. predicate P(x: int)
function Foo(x: int): int requires P(x)
lemma ProveP(x: int) ensures P(x)
method Bar(x: int) {
var z := (ProveP(x); Foo(x));
assert P(x); // Currently passes since the expression statement is not properly scoped
// However, we will change that so the call to ProveP(x) is out of scope at this point
// And then the assertion will fail
} |
Fixes #5582. To enable this, we split method calls into two separate calls on the boogie level. ``` TODAY: // check termination... call z := Call$$MyMethod(u); AFTER SPLITTING Call$$, we have: // check termination... call Call_Pre$$MyMethod(u); call z := Call_Post$$MyMethod(u); FOR CALL-BY, WE HAVE: // check termination... if (*) { // include the proof here LemmaAboutP(); call Call_Pre$$MyMethod(u); assume false; } call z := Call_Post$$MyMethod(u); ```
Dafny has method calls. Here's an example that shows calling a method with a precondition, and how you can prove that precondition before doing the method call:
However, we would like our proof of the precondition of the called method, not to affect any of the surrounding proofs. For that we propose the following syntax:
For function calls, which occur in expressions, it is not necessary to add
by { ... }
clauses, because there is already syntax for proving the preconditions of expression only in the scope of that expression, using statement expressions.Example:
The text was updated successfully, but these errors were encountered: