Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification: map should not allow .Values if the value type is not equality supporting #1373

Closed
sorawee opened this issue Aug 22, 2021 · 3 comments · Fixed by #4551
Closed

Verification: map should not allow .Values if the value type is not equality supporting #1373

sorawee opened this issue Aug 22, 2021 · 3 comments · Fixed by #4551
Labels
kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label logic An inconsistency in Dafny's logic (e.g. in the Boogie prelude) part: resolver Resolution and typechecking

Comments

@sorawee
Copy link
Contributor

sorawee commented Aug 22, 2021 

method Main() {
  var x := map[1 := () => 1];
  print x.Values;
}

verifies, but it should not.
@robin-aws robin-aws added kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: resolver Resolution and typechecking labels Aug 27, 2021
@robin-aws
Copy link
Member

Good catch!

@robin-aws robin-aws added the logic An inconsistency in Dafny's logic (e.g. in the Boogie prelude) label Jul 22, 2022
@cpitclaudel
Copy link
Member

This is a soundness issue:

function method makefun(y: int): int -> int {
  x => x + y
}

method Main() {
  var f := makefun(0);
  var g := makefun(0);
  assert f == g;

  var m := map[0 := g];
  assert m[0] == g;
  assert f in m.Values;

  if f !in m.Values {
    print 1 / 0;
  }
}

@RustanLeino
Copy link
Collaborator

For sequences, I think the type seq<X> is allowed even if X doesn’t support equality. However, seq<X> itself supports equality only if X does.

Therefore, I like the idea (suggested in a private conversion by @MikaelMayer) of allowing map<A, B> even if B doesn’t support equality, but with the restrictions that:

  • we require B to support equality for any map where .Values or .Items is used
  • we consider a type map<A, B> as supporting equality only if (A and) B do(es)

@robin-aws robin-aws mentioned this issue Feb 16, 2023
Merged
@jtristan jtristan mentioned this issue Sep 14, 2023
Merged
jtristan added a commit that referenced this issue Sep 15, 2023
@jtristan
Checker for .Values and .Items on maps (#4551)
8a158a3 
Fixes #1373 

<!-- Is this a user-visible change? Remember to update RELEASE_NOTES.md
-->

<!-- Is this a bug fix? Remember to include a test in Test/git-issues/
-->

<!-- Is this a bug fix for an issue introduced in the latest release?
Mention this in the PR details and ensure a patch release is considered
-->

<!-- Does this PR need tests? Add them to `Test/` or to
`Source/*.Test/…` and run them with `dotnet test` -->

<!-- Are you moving a large amount of code? Read CONTRIBUTING.md to
learn how to do that while maintaining git history -->

<small>By submitting this pull request, I confirm that my contribution
is made under the terms of the [MIT
license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label logic An inconsistency in Dafny's logic (e.g. in the Boogie prelude) part: resolver Resolution and typechecking
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Checker for .Values and .Items on maps dafny-lang/dafny
4 participants
@cpitclaudel @sorawee @RustanLeino @robin-aws