Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsoundness due to loop invariant #740

Closed
bruggerl opened this issue Aug 11, 2023 · 2 comments
Closed

Unsoundness due to loop invariant #740

bruggerl opened this issue Aug 11, 2023 · 2 comments
Assignees
@marcoeilers
Labels
bug Something isn't working unsoundness

Comments

@bruggerl
Copy link
Contributor

If you run Silicon with option --numberOfErrorsToReport=0 on the Viper code below, it successfully detects the failing assert false inside the loop, but fails to catch the error which should arise from the second assert false at the end of the method, even though it should report both errors. Using the second invariant which is commented out in the snippet below instead of the first one solves the problem, although the invariants are actually equivalent.

field f: Bool

method test()
{
    var curr: Ref := null

    while (curr != null)
        invariant curr != null ==> acc(curr.f) // problematic invariant
        // invariant acc(curr.f, curr != null ? write : none) // if you use this invariant instead, it works as expected
    {
        assert false // error detected
        curr := null
    }
    assert false // no error detected
}
@bruggerl bruggerl added bug Something isn't working unsoundness labels Aug 11, 2023
@vakaras
Copy link
Contributor

vakaras commented Aug 12, 2023

The original example was:

field f: Bool

method fails(a: Bool)
{
    var curr: Ref := null

    while (curr != null) 
        invariant curr != null ==> acc(curr.f)
    {
        refute false
        curr := null
    }

    assert false
}

This verifies, while it clearly should not.

marcoeilers added a commit that referenced this issue Aug 14, 2023
@marcoeilers
Don't always stop verification on FatalResult (fixes issue #740)
e07b536
marcoeilers added a commit that referenced this issue Aug 14, 2023
@marcoeilers
Merge pull request #741 from viperproject/meilers_fix_740
70c0892 
Fixing issue #740
@marcoeilers
Copy link
Contributor

Fixed in PR #741

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcoeilers marcoeilers

Labels
bug Something isn't working unsoundness
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vakaras @marcoeilers @bruggerl