Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to Lean 2024-09-26 broke bv_automata #660

Open
luisacicolini opened this issue Sep 27, 2024 · 8 comments
Open

Update to Lean 2024-09-26 broke bv_automata #660

luisacicolini opened this issue Sep 27, 2024 · 8 comments

Comments

@luisacicolini
Copy link
Contributor

luisacicolini commented Sep 27, 2024
edited by tobiasgrosser
Loading

Updating to the new Mathlib version (2024-09-26) broke AliveStatement bv_AddSub_1556:

theorem broken {x y : BitVec 1} : y - x = y ^^^ x := by
  bv_automata

The offending commit is likely leanprover/lean4-nightly@a3ca15d.
@tobiasgrosser
Copy link
Collaborator

A branch with the broken test case is available in #662.

@ineol
Copy link
Contributor

ineol commented Sep 27, 2024

I think the issue is that the statement is false (?). The error message is

application type mismatch
  Lean.ofReduceBool toto._nativeDecide_1 true (Eq.refl true)
argument has type
  true = true
but function has type
  Lean.reduceBool toto._nativeDecide_1 = true → broken._nativeDecide_1 = true

and Lean.reduceBool toto._nativeDecide_1 reduces to false, which makes the function application ill-typed.

There is the same error with an obviously false statement x = y.

In any case it would be good to have a more informative error message.

@tobiasgrosser tobiasgrosser changed the title Broken AliveStatement bv_AddSub_1556 Update to Lean 2024-09-26 broke bv_automata Sep 27, 2024
@tobiasgrosser
Copy link
Collaborator

The same issue arises with BitVec 1 instead of BitVec w. For BitVec 1, bv_decide successfully proofs the relevant statement.

@tobiasgrosser tobiasgrosser mentioned this issue Sep 27, 2024
Closed
@ineol
Copy link
Contributor

ineol commented Sep 27, 2024

As far as I understand, the bv_automata is a decision procedure for infinite bitstreams, so implicitly, it proves the result with arbitrary length.

Which version of Lean worked? I tried with 2024-09-20 and it has the same behavior.

@luisacicolini
Copy link
Contributor Author

luisacicolini commented Sep 27, 2024
edited
Loading

works for me at e6e6f63 - maybe try with bv_auto instead of bv_automata ?

@ineol
Copy link
Contributor

ineol commented Sep 27, 2024

I haven't found the source of the issue yet, but the problem is that now the bv_automata closes all the goals even if it fails, and produces an ill-typed proof. So in the bv_auto it stops the proof before bv_decide is able to prove the result. In the old version, it would leave the goal untouched, and bv_auto would try the next tactic.

@tobiasgrosser tobiasgrosser mentioned this issue Sep 27, 2024
Merged
github-merge-queue bot pushed a commit that referenced this issue Sep 27, 2024
@tobiasgrosser
chore: re-hide bv_automata bug (#663)
73e02a9 
The recent update of lean changed the behaviour of ring_nf, which led to
one simp lemma not firing exposing `bv_automata` to a state where it
would throw a bug: #660.
This PR adds a simp-lemma to simplify the offending statement, bringing
our CI back to the state before the recent lean update.

While not urgent anymore, the offending bug should anyhow be fixed at
some point.
@ineol ineol mentioned this issue Sep 30, 2024
Merged
@ineol
Copy link
Contributor

ineol commented Sep 30, 2024

I think what was happening is that before the update, ring_nf was broken (it had a multiplication by 1), and produced a goal that was refused by bv_automata before calling native_decide, which let the bv_decide tactic close the goal.

@tobiasgrosser
Copy link
Collaborator

I think what was happening is that before the update, ring_nf was broken (it had a multiplication by 1), and produced a goal that was refused by bv_automata before calling native_decide, which let the bv_decide tactic close the goal.

Indeed.

github-merge-queue bot pushed a commit that referenced this issue Oct 3, 2024
@ineol
Make bv_automata fallible (#670)
b4bdf9f 
Currently, `bv_automata` does not fail if the goal is false, because
`native_decide` doesn't fail, it produces an ill-typed proof.

On consequence is that it is awkward to use `bv_automata` in a tactic
such as `bv_auto`, since it relied on tactics to fail to be able to try
the next tactic (cf issue #660) It also give an error that is not
helpful at all after the proof is complete.

This PR is a proof of concept that modifies the implementation of
`native_decide` to check that the problem is solved by the decision
procedure before constructing the proof object.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ineol @tobiasgrosser @luisacicolini