Expressing invariant of a an array used to index into another array #900
Unanswered
ROMemories
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The following invariant (1) seems to correctly allow hax to verify that values of the
indices
array can always be used to index into thefoo
array, in the context of thef
function below:view in hax playground
Is there a better/shorter/cleaner way of expressing this invariant, maybe without relying on
forall
+implies
?Would there be a simpler way if we didn't have sentinel values in that
indices
array?That same invariant may prove useful in other functions so I think it is best to express that invariant on the struct field rather than on the
f
function directly (i.e., express it as a refined type "globally" instead of a function precondition).Beta Was this translation helpful? Give feedback.
All reactions