Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

General newtypes not supporting equality in a sound way #5978

Closed
MikaelMayer opened this issue Dec 12, 2024 · 0 comments · Fixed by #5980
Closed

General newtypes not supporting equality in a sound way #5978

MikaelMayer opened this issue Dec 12, 2024 · 0 comments · Fixed by #5980
Labels
during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label

Comments

@MikaelMayer
Copy link
Member

Dafny version

latest-nightly

Code to produce this issue

// RUN: %exits-with 2 %baredafny verify --type-system-refresh --general-newtypes %args "%s" > "%t"
// RUN: %diff "%s.expect" "%t"

newtype M<U> = m: map<int, U> | true

method CompareAnything<A>(f: A, g: A) returns (b: bool) 
   ensures b <==> f == g
{
  var m1 := map[0 := f] as M<A>;
  var m2 := map[0 := g] as M<A>;
  assert m1 == m2 <==> f == g by {
    if f == g {
      assert m1 == m2;
    }
    if m1 == m2 {
      assert m1[0] == m2[0];
    }
  }
  return m1 == m2;
}

newtype S<T> = s: seq<T> | true

method CompareAnythingS<A>(f: A, g: A) returns (b: bool) 
   ensures b <==> f == g
{
  var m1 := [f] as S<A>;
  var m2 := [g] as S<A>;
  assert m1 == m2 <==> f == g by {
    if f == g {
      assert m1 == m2;
    }
    if m1 == m2 {
      assert m1[0] == m2[0];
    }
  }
  return m1 == m2;
}

codatatype Stream = Stream(head: int, tail: Stream)
{
  static function From(i: int): Stream {
    Stream(i, From(i + 1))
  }
}

method Main() {
  var s1 := Stream.From(0);
  var s2 := Stream.From(0);
  var b := CompareAnything(s1, s2);
  var b2 := CompareAnythingS(s1, s2);
  if !b || !b2 {
    assert false;
    print 1/0;
  }
}

Command to run and resulting output

dafny run --type-system-refresh --general-newtypes

What happened?

It can run this incorrect program, which results in a crash.
Very similar to #5972

What type of operating system are you experiencing the problem on?

Windows

@MikaelMayer MikaelMayer added kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec labels Dec 12, 2024
MikaelMayer added a commit that referenced this issue Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label
Projects
None yet
1 participant