Skip to content

Allow substitutions of locals using the same memory as that used by a Pr #870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
oskgo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow substitutions of locals using the same memory as that used by a Pr #870

oskgo wants to merge 1 commit into from
+27 −12

Conversation

@oskgo
Copy link
Contributor

@oskgo oskgo commented Jan 21, 2026

Before, the following would fail:

require import Real.

module M = {var x: bool proc p()={}}.

lemma L (&m: {b:bool}): b{m}= true => Pr[M.p()@&m:true] = 1%r. 
proof. move => ->>.

We still prevent it in the case where the substitution uses a global, because in that case we'd be erasing information:

lemma L (&m: {b:bool}): M.x{m}= true => Pr[M.p()@&m:true] = 1%r. 
proof. move => ->>. (* This fails to substitute *)

This makes progress and /> more aggressive, which makes it a breaking change. It also fixes some bugs when nesting Pr formulas inside other program logic formulas:

lemma L: phoare[M.p{&m}: true ==> Pr[M.p()@&m:true] = 1%r] = 1%r.
proof.
proc. (* This line used to cause a memory clash anomaly *)

@oskgo oskgo requested a review from strub January 21, 2026 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strub strub Awaiting requested review from strub

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

breaking change bug enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oskgo