refactor: replace simp_alive_split implementation with just simp.
#1220
Conversation
This PR changes the implementation of `simp_alive_split`---which used to call `split` and `split_ifs` and thus introduced new subgoals---with a single simp call (and some `intros` to preserve that behaviour). This is possible as the `if` statements used in the semantics follow a strict pattern, where one branch of the if is always `poison`. Suchs ifs with poison admit straightforward simplification lemmas, which this PR adds, thus removing the need to split on the condition.
The latter is the simp normal form, so it's better we use that to define semantics
|
Alive Statistics: 90 / 93 (3 failed) |
|
Alive Statistics: 90 / 93 (3 failed) |
|
Alive Statistics: 90 / 93 (3 failed) |
|
Alive Statistics: 90 / 93 (3 failed) |
|
Alive Statistics: 90 / 93 (3 failed) |
|
bitwuzla proved and leanSAT failed theorem 2 in file gexact_proof.lean |
|
Alive Statistics: 90 / 93 (3 failed) |
1 similar comment
|
Alive Statistics: 90 / 93 (3 failed) |
|
bitwuzla proved and leanSAT failed theorem 2 in file gexact_proof.lean |
…se `simp_all` instead of `simp`
|
Alive Statistics: 90 / 93 (3 failed) |
|
bitwuzla proved and leanSAT failed theorem 2 in file gexact_proof.lean |
|
bitwuzla proved and leanSAT failed theorem 2 in file gexact_proof.lean |
|
This seems to work well enough, but to avoid causing problems with the evaluation I'll not replace the implementation of the existing tactic, but rather make this into a new tactic, which will be specialized for the new SLLVM dialect (which models proper immediate UB). |
This PR adds a parser and proof automation for the new SLLVM dialect, based on the existing LLVM parser&proof automation, and incorporating some new stuff I proposed in #1220. I copied AliveStatements so I wouldn't interfere with the existing evaluation, and then semi-manually changed it to * use the SLLVM dialect (i.e., proper UB semantics) * instantiate rewrites to 64 bits (as I haven't bothered implementing MetaSLLVM yet), except for one testcase where bitblasting timed-out for any width > 7. All test cases that were proven before are now proven with proper UB semantics. Two rewrites that we sorried before turned out to just be plain false (even without UB), so I noted down the counter-example and ignored those test cases
This PR changes the implementation of
simp_alive_split---which used to callsplitandsplit_ifsand thus introduced new subgoals---with a single simp call (and someintrosto preserve that behaviour). This is possible as theifstatements used in the semantics follow a strict pattern, where one branch of the if is alwayspoison. Such ifs with poison admit straightforward simplification lemmas, which this PR adds, thus removing the need to split on the condition.NOTE: I've confirmed the new implementation of
simp_alive_splitsuccessfully closes all the expected goals inAliveStatements, but we ought to wait for the full evaluation to run before merging this PR, as there could be breakage there.Keep in mind that we do expect the numbers of solved theorems reported by the evaluation to go down, given that we are actively trying to reduce the number of subgoals generated by our automation (hence reducing the number of distinct calls to the SAT solvers).