saw-script: Remove non-working command prove_by_bv_induction.#3159
saw-script: Remove non-working command prove_by_bv_induction.#3159brianhuffman merged 5 commits intomasterfrom
prove_by_bv_induction.#3159Conversation
|
I would probably be good to add a regression test that proves a goal using some kind of induction rule over a bit vector type. The strong induction principle that was formerly hard-coded into |
|
Yeah, it would be good to have a test. We should probably have some kind of (I am, perhaps naively, assuming there's some complication such that it made sense to add |
brianhuffman
force-pushed
the
bh/no-bv-induction
branch
from
109e1af to
d99ea40
Compare
|
I'm converting to "draft" status until I come up with a good induction rule and example proof that uses it. |
Currently any non-trivial use of `prove_by_induction` fails with an internal SAWCore type error. Instead of `prove_by_bv_induction`, tactic `goal_apply` should be used with a suitable induction rule. Fixes #2770.
brianhuffman
force-pushed
the
bh/no-bv-induction
branch
from
d99ea40 to
22a94af
Compare
|
I added a regression test in 22a94af that defines a bit-vector induction principle in SAWCore and proves some non-trivial properties using it: I show that two different functions defined by primitive recursion are equivalent to closed-form non-recursive definitions. I think this shows pretty convincingly that |
| axiom bvNat_Succ : | ||
| (n i : Nat) -> | ||
| Eq (Vec n Bool) (bvNat n (Succ i)) (bvAdd n (bvNat n i) (bvNat n 1)); | ||
|
|
There was a problem hiding this comment.
It seems unfortunate that this is necessary... but on review it also seems like it just belongs in Prelude.sawcore. Any reason not to move it there?
There was a problem hiding this comment.
Yes, we should probably figure out a minimal set of defining axioms for primitives like bvAdd and put those in the prelude.
An axiom like the following would let us prove bvNat_Succ and also the existing axioms bvAddZeroL and bvAddZeroR:
axiom bvNat_addNat:
Eq (Vec n Bool)
(bvNat n (addNat x y))
(bvAdd.n (bvNat n x) (bvNat n y);
saw-script/saw-core/prelude/Prelude.sawcore
Lines 1821 to 1822 in 9bd84f0
So maybe I'll update Prelude.sawcore accordingly.
There was a problem hiding this comment.
Changing the set of axioms in the Prelude means figuring out how to map the new axioms into Rocq for the Rocq back-end, and that seems like a bit of mission creep for this PR. I'll open a ticket to remind us to move stuff into Prelude.sawcore later.
There was a problem hiding this comment.
I opened issue #3222 to track the SAWCore prelude updates.
Co-authored-by: David Holland <120141909+sauclovian-g@users.noreply.github.com>
Co-authored-by: David Holland <120141909+sauclovian-g@users.noreply.github.com>
The number of experimental SAW commands has changed.
|
The only test failure is the infamous |
2 participants
Currently any non-trivial use of
prove_by_inductionfails with an internal SAWCore type error.Instead of
prove_by_bv_induction, tacticgoal_applyshould be used with a suitable induction rule.Fixes #2770.