Reputation: 4419
array_eq_sub behavior for zero length
I have the following lemma in why3:
lemma trivial:
forall a : array 'a, b : array 'a.
array_eq_sub a b 0 0
This seems like it would be the base case behavior, but apparently isn't. Any ideas on why this isn't working?
UPDATE
I was able to reduce the issue to a single missing lemma:
lemma array_eq_2:
forall a : array 'a, b : array 'a.
map_eq_sub a.elts b.elts 0 0 -> array_eq_sub a b 0 0
This seems trivial as well, given the definition of array_eq_sub as specified in the documentation. Why can't my prover find a solution?
Upvotes: 1
Views: 58
Answers (1)
Reputation: 4419
After struggling with this issue, I decided to take a look at the why3 source code. I found a definition which was different from what was documented:
predicate array_eq_sub (a1 a2: array 'a) (l u: int) =
a1.length = a2.length /\ 0 <= l <= a1.length /\ 0 <= u <= a1.length /\
map_eq_sub a1.elts a2.elts l u
In short, the lengths of the arrays have to be equal in order for a portion of them to be equal. This was different than what was documented, and I suspect may be causing many theorems to be unsound.
Upvotes: 0
Related Questions
- Confusing Perl Array behavior
- C Programming: Why Can This Sample Line Have Not '0' OR '\0' Character At The End Of The Array?
- Why is the refcount for a sub higher than for an array?
- Program picking '\0' even when it is not mentioned - Clarification
- Confused with array_filter ignoring 0 values even if explicitly checking
- Why "0 not equivalent to "_1 when arguments are one dimensional arrays?
- Why is the first element in an array always 0?
- Understanding assigning to empty array
- Why doesn't this array become zero?
- What is the reason for this strange PHP behaviour?