-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issue 491 #531
base: master
Are you sure you want to change the base?
Fix issue 491 #531
Conversation
src/main/scala/viper/gobra/translator/encodings/combinators/TypeEncoding.scala
Show resolved
Hide resolved
} | ||
|
||
@tailrec | ||
private def cannotBeNil(l: in.Expr): Boolean = l match { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this meant to only check locations? If so, I would probably make the param type more restrictive (i.e., in.Location
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it also checks expressions (in particular, see the body of the method, where we use it to check whether the receiver of an index and field-ref expression cannot be nil).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I could change it to something along the lines of:
private def cannotBeNil(l: in.Location): Boolean = {
def aux(e: in.Expr): Boolean = {
// body of cannotBeNil
}
aux(l)
}
This PR still has issues because of which it is not merged |
For reference, the issue mentioned here is that Gobra is often not able to prove non-nilness of memory locations that are obviously non-nil. Consider the simple example below requires 8 <= len(raw)
preserves forall i int :: { &raw[i] } 0 <= i && i < len(raw) ==>
acc(&raw[i])
func DecodeFromBytes(raw []byte) {
assert forall i int :: 0 <= i && i < len(raw[2:4]) ==>
&raw[2:4][i] == &raw[2 + i]
} In the current status of the PR, we get the following error: [info] Error at: </Users/joao/000491-bug.gobra:7:58> Reading might fail.
[info] The receiver raw[2:4][i] might be nil |
This PR:
safeReference
for more details.UncheckedRef
node. The node is necessary to make our encoding modular.InterfaceReceiverIsNilReason
to the more generalReceiverIsNilReason
.There is one failing test. The test fails due to an error in the desugaring of closures. I will most likely add an
IgnoreFile
annotation and open a separate issue. The currently generated internal representation should fail since it contains an unsafe dereference.