Fix computation of targets in let expressions #1123
Conversation
core/src/main/scala/stainless/extraction/inlining/FunctionInlining.scala
Outdated
Show resolved
Hide resolved
| exprOps.freshenLocals(tfd.fullBody) | ||
| // simple path for inlining when all arguments are values, and the function's body doesn't contain other function invocations | ||
| if (specced.specs.isEmpty && args.forall(isValue) && !exprOps.exists { _.isInstanceOf[FunctionInvocation] }(tfd.fullBody)) { | ||
| exprOps.replaceFromSymbols(tfd.params.zip(args).toMap, exprOps.freshenLocals(tfd.fullBody)) |
There was a problem hiding this comment.
Doesn't this mean we'll be duplicating potential checks in the function's body?
There was a problem hiding this comment.
Yes it can happen. Maybe we should let the user decide when to avoid let-bindings?
There was a problem hiding this comment.
Could you just wrap the full body in @unchecked?
There was a problem hiding this comment.
This comment suggests that if we do that without let-binding, the @unchecked annotation could leak to not checking postconditions (I don't remember why):
There was a problem hiding this comment.
But this special case is guarded by specs being empty (so no postcondition)?
There was a problem hiding this comment.
The comment might be obsolete, I've tried to remove it and it worked on a small example (i.e. the postcondition of the caller of an inlined function wasn't ignored), let's see what happens on the full test suite.
There was a problem hiding this comment.
I found an example where we should avoid the unchecked annotation except in a let binding:
object InliningUnchecked2 {
@inline def nonNegative(x: Int): Boolean = x >= 0
def test: Int = {
-10
}.ensuring(nonNegative _)
}In postconditions, the unchecked annotation means we don't check the conjunct. I think we already had this discussion once, we're basically using unchecked annotation to mean slightly different things depending on placement.
There was a problem hiding this comment.
Ahhh, I understand. Wow, that's a bit dangerous. It means that if we inline lets before going to type checking, we'll stop checking post-conditions containing inlined calls?
Sounds like we should split @unchecked into two different annotations.
There was a problem hiding this comment.
(sorry I edited your post by mistake)
Ahhh, I understand. Wow, that's a bit dangerous. It means that if we inline lets before going to type checking, we'll stop checking post-conditions containing inlined calls?
Yes for instance this example (InliningUnchecked2) would go through.
Sounds like we should split
@uncheckedinto two different annotations.
Yes good idea I'll do the split in another PR. Can we give a (more or less) formal definition to the two annotations?
unchecked: don't generate VCs when type-checking this expression (that's a bit ambiguous)dropConjunct: drop this conjunct in VCs
Thanks for the review! I'll merge this PR for now and address this issue (and potentially others) in another one.
There was a problem hiding this comment.
Some extra considerations to take into account when reshuffling the Unchecked annotation: #1136
core/src/main/scala/stainless/extraction/inlining/FunctionInlining.scala
Outdated
Show resolved
Hide resolved
No sorry, I've added a bunch of unrelated commits that you can ignore, only "Fix computation of targets in let expressions" is related to that |
The example
LetTargetsis failing in the current master branch, because the computation of targets in let expressions duplicates thepath(once for the bound expressione, and once for the bodyb). We get targets which are not well-formed.