Skip to content

Alternative proof style suggestion #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fabian-hk wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Alternative proof style suggestion #5

fabian-hk wants to merge 5 commits into from

Conversation

@fabian-hk
Copy link
Contributor

@fabian-hk fabian-hk commented Nov 11, 2024

This is a suggestion to discuss an alternative proof style that only needs one match per function instead of a match for every called function that returns traceful or option.

@fabian-hk fabian-hk requested a review from cwaldm November 11, 2024 15:53
@cwaldm
adapt proof and comments of send_ping
70aa06e
@cwaldm
adapting proof of second step
8c408df
@cwaldm
nsl: tried to apply simplified proof style - doesn't work for all fun…
ff03130 
…ctions - still comitting this state for later reference. the commit can be reverted to obtain the previous proofs
@cwaldm
Copy link
Contributor

cwaldm commented Nov 14, 2024

I like the idea of removing the many matches!
It works well for the small examples (Two-message and Online).
However, it doesn't work right away for NSL. I currently don't fully understand why not. I pushed the broken version of NSL (containing admits).
If we figure out, how to resolve those, we can switch to this new style.
But for now, I would keep the current version.

@TWal
Copy link
Contributor

TWal commented Nov 18, 2024

I have been experimenting with this proof style in the past, the problem is that if a function in the middle fails (say, get_state), we must still prove that every function called before preserve the trace invariant.
In other words, if the function we are proving fail, this doesn't automatically proves the theorem, hence we cannot just deal with the success case.

I also dislike having nested matches, but I haven't found a better way yet.

@fabian-hk fabian-hk force-pushed the alternative-proof-style branch from 6a86ff6 to c5fdbca Compare November 25, 2024 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cwaldm cwaldm Awaiting requested review from cwaldm

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fabian-hk @cwaldm @TWal