-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
this is not fresh and fresh in well-formedness #4700
Comments
|
Here is the relevant Boogie code:
We can see that we both assume that this is allocated, in the precondition of the procedure, while we also assume that it is not with the fresh. It seems like perhaps we consider the object to be allocated sooner than we should? Consequently, it really seems like a verifier problem rather than a logical one. |
The The |
That seems like it should be relatively straightforward to fix. Would you agree, @jtristan and @RustanLeino? And do you think that, with the understanding that you have in mind, either of you would be up for trying to implement a fix? |
#5248) Fixes #4700 ### Description Fix a soundness issue that could be triggered by calling ensures fresh in the post-condition of a constructor. ### How has this been tested? Added a littish test <small>By submitting this pull request, I confirm that my contribution is made under the terms of the [MIT license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
Given @RustanLeino's comment on #5248, I'm re-opening this. |
Dafny version
latest-nightly and 4.3.0
Code to produce this issue
Command to run and resulting output
What happened?
The well-formedness is proved using a contradiction, which we can leak with a predicate after the construction of the object and prove false.
What type of operating system are you experiencing the problem on?
Windows
The text was updated successfully, but these errors were encountered: