Skip to content

Fixing the free memory of the second goal of byehoare #869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
namasikanam wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixing the free memory of the second goal of byehoare #869

namasikanam wants to merge 1 commit into from
+32 −3

Conversation

@namasikanam
Copy link
Collaborator

@namasikanam namasikanam commented Jan 20, 2026
edited
Loading

The second goal generated from byehoare is unsound, in which the procedure arguments are bound in a free memory.

This is a small bug introduced in #789 . We need to bind the precondition to the memory in probability expression.

Thank @lyonel2017 for helping fix this bug.

@namasikanam namasikanam requested a review from oskgo January 20, 2026 17:19
@oskgo
Copy link
Contributor

oskgo commented Jan 20, 2026

Nice catch.

There's still a bug though:

require import Real Xreal.

module M = {
  proc main(x : bool) = {
    return x; 
  }
}.

lemma L1 (&m: {arg: bool}): !arg{m} =>
  Pr [ M.main(true) @ &m : true] <= 0%r.
proof.
move => arg_eq.
byehoare (_: (!arg{m})%xr ==> _) => //.
proc; auto. by rewrite arg_eq.
qed.

strub
strub requested changes Jan 21, 2026
View reviewed changes
Copy link
Member

@strub strub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Write a better commit message.

(explain what you actually fix. It is OK to have the commit message be the PR message. But "fix ehoare" is useless when you look at the history)

@namasikanam namasikanam requested a review from strub January 22, 2026 10:15
@strub strub force-pushed the byehoare-mem-rebind branch 2 times, most recently from c796444 to d121ca4 Compare January 22, 2026 15:00
@strub strub enabled auto-merge (rebase) January 22, 2026 15:00
@namasikanam @strub
fix the free memory of the second goal of byehoare
f4a7005 
The second goal generated from byehoare is unsound, in
which the procedure arguments are bound in a free memory.

This is a small bug introduced in #789 . We need to bind
the precondition to the memory in probability expression.
@strub strub force-pushed the byehoare-mem-rebind branch from d121ca4 to f4a7005 Compare January 22, 2026 15:48
@strub
Copy link
Member

strub commented Jan 22, 2026

@oskgo I incorporated your example, but it is not working. Is qed should be a abort?

@namasikanam
Copy link
Collaborator Author

namasikanam commented Jan 22, 2026

@oskgo I incorporated your example, but it is not working. Is qed should be a abort?

@strub This is a counterexample, which should not be working. I'm not sure what's the best way to incorporate this example. Do we have other negative examples in tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strub strub strub approved these changes

@oskgo oskgo oskgo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@namasikanam @oskgo @strub