Open
Conversation
oskgo
force-pushed
the
weaken-phoare-abs-proc
branch
from
da4d7da to
11cfc9f
Compare
strub
requested changes
Feb 5, 2026
| | _ -> tc_error !!tc "bound must of \"= 1\"" | ||
| | _ -> tc_error !!tc "bound must \">= 1%%r\"" | ||
|
|
||
| let t_bdhoareF_abs_r inv tc = |
Member
There was a problem hiding this comment.
This function seems to be used nowhere.
Contributor
Author
There was a problem hiding this comment.
The diff might look a bit weird. The function you're highlighting is the original function, which is used to define t_bdhoareF_abs, which is used in a bunch of places.
The t_bdhoareF_abs_ge_r function above is the new one, though its implementation is nearly the same as the original.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I change the ground truth to be a (IMO easier to work with) variant with a >= 1 bound and instead recover the = 1 variant using conseq on the original goal and the generated side conditions.
This also means that the conseq used to link the invariant with the postcondition now generates a goal to show implication rather than equivalence, making it more consistent with abstract
procfor the other program logics, improving the documentation.This is a breaking change since it slightly changes one of the goals generated by the tactic.