Conversation
src/main/scala/viper/gobra/translator/encodings/combinators/TypeEncoding.scala
Show resolved
Hide resolved
| } | ||
|
|
||
| @tailrec | ||
| private def cannotBeNil(l: in.Expr): Boolean = l match { |
There was a problem hiding this comment.
Is this meant to only check locations? If so, I would probably make the param type more restrictive (i.e., in.Location)
There was a problem hiding this comment.
No, it also checks expressions (in particular, see the body of the method, where we use it to check whether the receiver of an index and field-ref expression cannot be nil).
There was a problem hiding this comment.
I could change it to something along the lines of:
private def cannotBeNil(l: in.Location): Boolean = {
def aux(e: in.Expr): Boolean = {
// body of cannotBeNil
}
aux(l)
}
|
This PR still has issues because of which it is not merged |
For reference, the issue mentioned here is that Gobra is often not able to prove non-nilness of memory locations that are obviously non-nil. Consider the simple example below requires 8 <= len(raw)
preserves forall i int :: { &raw[i] } 0 <= i && i < len(raw) ==>
acc(&raw[i])
func DecodeFromBytes(raw []byte) {
assert forall i int :: 0 <= i && i < len(raw[2:4]) ==>
&raw[2:4][i] == &raw[2 + i]
}In the current status of the PR, we get the following error: [info] Error at: </Users/joao/000491-bug.gobra:7:58> Reading might fail.
[info] The receiver raw[2:4][i] might be nil |
This PR:
safeReferencefor more details.UncheckedRefnode. The node is necessary to make our encoding modular.InterfaceReceiverIsNilReasonto the more generalReceiverIsNilReason.There is one failing test. The test fails due to an error in the desugaring of closures. I will most likely add an
IgnoreFileannotation and open a separate issue. The currently generated internal representation should fail since it contains an unsafe dereference.