-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected behaviour in proving sum-to-n-foundry-spec.k
#2617
Comments
So, |
I think that there is a remainder branch that gets incorrectly characterised with that |
It is possible that it is vacuous, yes, because I think at that point the circularity should just apply for |
In this branch
the circularity gets applied. |
@goodlyrottenapple and I have understood what's happening. There's an additional constraint in the path condition,
***Technically, a disjunction of a bunch of negations, but in which the only disjunct to possibly hold is |
Well, the problem has not been fixed, but the test has. |
The
sum-to-n-foundry-spec.k
file contains a circular proof of the usual sum of the firstn
integers. Currently, at the critical point, the branching that happens is unexpected to me and appears to require a lemma that I don't think should be required. I believe that Kore incorrectly returns a result that can then be interpreted as a split instead of a non-deterministic branch. The lemma in question is:The most important parts of the claim are the K cell and the word stack, and they are as expected:
and the path condition is
Now, the critical node in the proof is node 18, whose K cell and word stack are
and whose path condition is the same as above. Without the lemma above, the execution branches into the following split:
and since the second branch carries no additional information, the execution keeps branching infinitely. This appears to be a remainder branch of some kind, but the backend returns a non-empty rule predicate for every next state.
With the lemma above in place, Kore somehow uses it to make the split condition of node 20 become
N ==Int 1
. I have looked at all possible logs and I do not understand how.As part of one of the latest PRs, I have added that lemma locally to that file so that it could pass, but I think that we should not have that lemma anywhere and that have a bug either in the backend reasoning or in the results returned by the backend or in how we interpret these results.
I am attaching the failing (without the lemma) and successful (with the lemma) bug reports for inspection by the backend team (@geo2a @goodlyrottenapple @jberthold).
succ.tar.gz
fail.tar.gz
The text was updated successfully, but these errors were encountered: