Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closure inference (again) #1294

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Closure inference (again) #1294

wants to merge 10 commits into from

Conversation

xldenis
Copy link
Collaborator

@xldenis xldenis commented Dec 8, 2024

Adds support for inferring the specifications of closures through Coma's novel extspec mechanism.

Using this, you can exclude a contract for your closure and Creusot will instead infer its contract as roughly the WP and SP for the pre and post conditions respectively. I've updated some of our iterator tests to use this feature.

@xldenis xldenis force-pushed the closure-infer-new-new-new branch from 85ffb7e to 06e7432 Compare December 8, 2024 14:41
Comment on lines +1038 to +1050
closure_args.insert(0, closure_env.clone());

let base = Term {
kind: TermKind::Postcondition { item: def_id, args, params: closure_args },
ty: self.types.bool,
span,
};
base
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand all the details, but I find quite suspicious that there is no special case here when postcond_kind is FnMut.

More generally, I would have expected to only generate the term when closure_kind is equal to postcond_kind, and rely on the various compatibility laws to let the provers deduce the other cases.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's because what matters here is mainly the underlying type of the closure:

  • If it's FnOnce it cannot have an FnMut
  • If its Fn then its FnMut instance ignores the result (since it must be equal to the initial parameter), this fact being provided by the compatibility law.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this fact being provided by the compatibility law.

Well, then, why not relying fully on the compatibility law for the whole post-condition?

@arnaudgolfouse
Copy link
Collaborator

I tried using the branch, and ran into a crash. Here is a minimal example:

pub fn foo() {
    let my_closure = |x: Option<i32>| match x {
        Some(y) => y,
        None => unreachable!("unwrapped None"),
    };
}

This crashes with error: internal compiler error: compiler/rustc_middle/src/ty/mod.rs:1607:13: item_name: no name for DefPath { data: [DisambiguatedDefPathData { data: ValueNs("foo"), disambiguator: 0 }, DisambiguatedDefPathData { data: Closure, disambiguator: 0 }], krate: crate0 }. It seems some code is trying to fetch the name of the type of the closure from rustc (but it does not exists).

@xldenis
Copy link
Collaborator Author

xldenis commented Dec 16, 2024

Does that crash happen on master?

@arnaudgolfouse
Copy link
Collaborator

Yes, it does 😕

@xldenis xldenis force-pushed the closure-infer-new-new-new branch from 06e7432 to 8ed9b72 Compare December 17, 2024 18:32
@arnaudgolfouse
Copy link
Collaborator

I tried using the branch, and ran into a crash. Here is a minimal example:

pub fn foo() {
    let my_closure = |x: Option<i32>| match x {
        Some(y) => y,
        None => unreachable!("unwrapped None"),
    };
}

This crashes with error: internal compiler error: compiler/rustc_middle/src/ty/mod.rs:1607:13: item_name: no name for DefPath { data: [DisambiguatedDefPathData { data: ValueNs("foo"), disambiguator: 0 }, DisambiguatedDefPathData { data: Closure, disambiguator: 0 }], krate: crate0 }. It seems some code is trying to fetch the name of the type of the closure from rustc (but it does not exists).

I opened #1312 to track this.

@@ -879,11 +927,11 @@ impl<'tcx> TranslationCtx<'tcx> {
let self_ = Term::var(Symbol::intern("self"), env_ty);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the second definition of self_, so this one can be removed (and the let mut csubst just below can be moved inside the if to avoid a borrow checker error)

@arnaudgolfouse
Copy link
Collaborator

Maybe related to @jhjourdan's remark: it seems code using spec inference with FnMut does not work:

extern crate creusot_contracts;
use creusot_contracts::*;

#[requires(f.precondition((2i32,)))]
#[ensures(exists<f_fin: F> f.postcondition_mut((2i32,), f_fin, result) && resolve(&f_fin))]
fn uses_closure_mut<F: FnMut(i32) -> i32>(mut f: F) -> i32 {
    f(2)
}

#[requires(f.precondition((2i32,)))]
#[ensures(f.postcondition((2i32,), result))]
fn uses_closure<F: Fn(i32) -> i32>(mut f: F) -> i32 {
    f(2)
}

fn foo() {
    let f = 
    // #[requires(x@ + 1 <= i32::MAX@)] // works with the explicit spec
    // #[ensures(result@ == x@ + 1)]
    |x| x + 1;

    let y = uses_closure_mut(f); // works with `uses_closure`
    assert!(y == 3);
}

The postcondition_mut'0 does not use the generated closure0'0'post predicate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants