You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In both of these snippets, one would expect the assertion to be verified as the contract/struct property is set to zero upon initialisation and there are no declared methods that later modify such property.
contract Assert {vari:Int}Assert::(any){public init(){
i =0}
public func failIfNotZero(){assert(self.i ==0)}}
The Boogie translation for the previous code looks valid, however, the assertion cannot be verified by boogie. This is also the case for a similar struct:
I initially speculated that the translation might be failing to keep track of initialisation, but that is certainly not the case for structs as the boogie translation explicitly requires that the struct instance on which a struct method is being called be among the ones which have been initialised so far. Thus, I fear that this might be either some boogie limitation or some unidentified conceptual issue with the current translation. In both cases, this issue needs further research.
The text was updated successfully, but these errors were encountered:
Inability to keep track of initialisation in the Boogie translation
In a similar manner, the assertion in the following contract also fails.
contract Assert {varinitialized:Bool= true
}Assert::(any){public init(){}
public func isInitialized(){assert(initialized)}}
Currently, the Flint contract above gets translated for verification into the Boogie code below (once the Flint stdlib and all the checks on assets have been removed for clarity).
However, such a translation fails to keep track of the fact that when the isInitialized method gets called on the singleton instance of the Assert contract, the init method must have already been called exactly once at some point in the past. The lack of this information causes the initialized contract property to assume any arbitrary value when isInitialized is called, thus, the assertion cannot be verified.
Even though I believe there should be a way to encode this information through the verifier language, with my current understanding of Boogie, I cannot think of a valid one: e.g. assigning an initial value to the initialized property in the global scope and immediately after declaration (initialized_Assert := false;) does not constitute valid Boogie code.
In both of these snippets, one would expect the assertion to be verified as the contract/struct property is set to zero upon initialisation and there are no declared methods that later modify such property.
The Boogie translation for the previous code looks valid, however, the assertion cannot be verified by boogie. This is also the case for a similar struct:
I initially speculated that the translation might be failing to keep track of initialisation, but that is certainly not the case for structs as the boogie translation explicitly requires that the struct instance on which a struct method is being called be among the ones which have been initialised so far. Thus, I fear that this might be either some boogie limitation or some unidentified conceptual issue with the current translation. In both cases, this issue needs further research.
The text was updated successfully, but these errors were encountered: