-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pulse re-typechecks postconditions of called functions #11
Comments
I think this is coming from a combination of
since it does not take a proof of typing for
This is triggered on every lift from ghost to atomic. Also, since in this example we are calling a function returning a val elim_pure_explicit (p:prop)
: stt_ghost (squash p) (pure p) (fun _ -> emp) This means the lift is required, and also the fact that I think a fix would be to make |
Pulse re-typechecks the postconditions of every function that is called. Aside from being a performance issue, this can also cause code to fail in unexpected ways:
I ran into this issue when calling
Pulse.Array.pts_to_range_split
, whose postcondition contains aSeq.slice
.Weirdly enough, it started working again once I proved
Seq.length s == j - i
at the call site. (Even though that should be in scope for the precondition ofSeq.slice
since it's on the right side of the conjunction.)The text was updated successfully, but these errors were encountered: