Fix unsound contract equality fast check #1703
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1700.
For performance reason, the contract equality checker performs a quick pointer check to see if the two terms to compare are physically equal. In this case, it used to return
true
directly, eschewing more costly recursive checks.However, this is unsound, because the same term (physically) might be in two different environments, and thus evaluate in fine to two different values. This is typically the case with function application: when evaluating
f 1
andf 2
, both terms will physically point to the body off
, but in a different environment. Thus, we also need to ensure that environment are equals as well in this fast check.This commit adds a fast
ptr_eq
check to the environment, and now checks that both terms and their respective environments are pairwise physically equals.Passing by, this commits also fix unrelated clippy warning, after the udpate to clippy 1.73.