You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
methodtest(m: Map[Int,Int])requires(range(m)==domain(m)){assumeforalli: Int,j: Int :: iinm&&jinm==>(i!=j==>(m[i]!=m[j]))assertforalli: Int,j: Int :: iinm&&jinm==>(i!=j==>(m[i]!=m[j]))}
Fails to verify in Silicon but works fine in Carbon, removing the precondition makes it work also in Silicon.
We were unable to find a combination of triggers to make it work in Silicon.
Silicon essentially runs into Z3 non-termination here after assuming i in m && j in m when evaluating the quantifier body. That step just doesn't happen in Carbon in the same way. So I think it's more likely that the map axiomatization of both has an issue that only shows up in Silicon here.
This program essentially illustrates the step, and if you give this to Carbon, it also needs ca. 3 seconds to report an error, which is longer than it should, so there is likely a problem here:
methodtest(m: Map[Int,Int])requires(range(m)==domain(m)){assumeforalli: Int,j: Int :: {m[i],m[j]}iinm&&jinm==>(i!=j==>(m[i]!=m[j]))varip: Intvarjp: Intassumeipinm&&jpinmassertfalse}
The text was updated successfully, but these errors were encountered:
Fails to verify in Silicon but works fine in Carbon, removing the precondition makes it work also in Silicon.
We were unable to find a combination of triggers to make it work in Silicon.
@marcoeilers remarked about this on zulip that
The text was updated successfully, but these errors were encountered: