Skip to content

Variants #1622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Sep 22, 2025
Merged

Variants #1622

merged 18 commits into from
Sep 22, 2025

Conversation

arnaudgolfouse
Copy link
Collaborator

@arnaudgolfouse arnaudgolfouse commented Jul 9, 2025
edited by jhjourdan
Loading

This allow variants in various places:

  • simply recursive functions (logic and program)
  • loops (this allows loops in ghost code!)

Together with a rework of the WellFounded trait, to allow variants on custom types.

Fixes #561, #754.

jhjourdan
jhjourdan reviewed Jul 9, 2025
View reviewed changes
Copy link
Collaborator

@jhjourdan jhjourdan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job!

All in all, I think that most of this is OK, but the way variant assertion are inserted need to be improved:

  • For loops, it should really rely on the WTO, and therefore I think that this should really be done by the backend. In particular, I'm not sure that we should store sets of variants to check at "continue" blocks. Instead, when entering a WTO component whose head has a variant, create a new handler for the head of the loop that will check the variant decrease, and make all the jumps from inside the component point to this new handler.

  • For recursive calls in program code, I would really prefer not translating operands to terms. This would be yet another translation from places to XXX, and I'm afraid of subtle semantic differences betwen the versions. Instead, please use a method similar to the one for loop I propose above: create a new sub-handler for recursive calls, and make it check that the variant decreases before performing the actual recursive call.

@ethanbb ethanbb mentioned this pull request Aug 1, 2025
Merged
@arnaudgolfouse arnaudgolfouse force-pushed the loop-variants branch 4 times, most recently from 7f93023 to 3d9bc4e Compare August 10, 2025 09:59
@arnaudgolfouse arnaudgolfouse force-pushed the loop-variants branch 2 times, most recently from 63f7676 to b54e227 Compare September 17, 2025 08:48
@jhjourdan
Copy link
Collaborator

(I'm in the process of reviewing this.)

@arnaudgolfouse arnaudgolfouse force-pushed the loop-variants branch 2 times, most recently from 7203c3b to df20c42 Compare September 17, 2025 09:12
@jhjourdan jhjourdan linked an issue Sep 17, 2025 that may be closed by this pull request
Allow variants to be specified on loops #754
Closed
jhjourdan
jhjourdan requested changes Sep 17, 2025
View reviewed changes
Copy link
Collaborator

@jhjourdan jhjourdan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great work. I have a few comments here and there, and two other concerns:

  • the definition of well foundedness is broken (see my comment)

  • it would be great to demonstrate this new features on some of the already existing examples : PA and union find, of course, and perhaps binary search or other examples. This should not be so difficult, all the needed ingredients are already there.

@arnaudgolfouse
Specify WellFounded for tuples
0211631
@arnaudgolfouse
Reorganize variant fields in Contract and others
7c7b086 
The variant in `PreContract` stays here: I interpreted this type as a
"creusot" contract, so it can contain a variant.
@arnaudgolfouse
Add tests
add82fa
@jhjourdan
Copy link
Collaborator

If you feel this is ready to merge, then please press the button ;)

@arnaudgolfouse arnaudgolfouse merged commit acd7d5a into creusot-rs:master Sep 22, 2025
7 checks passed
@arnaudgolfouse arnaudgolfouse deleted the loop-variants branch September 23, 2025 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhjourdan jhjourdan jhjourdan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow variants to be specified on loops Clarify the status of Well-founded
2 participants
@arnaudgolfouse @jhjourdan