Trouble with SMT fallback and tactic left uninstantiated variable #215
Description
Here's an example that works
module IncrPair
open Steel.Memory
open Steel.Effect
open Steel.Reference
open Steel.FractionalPermission
open Steel.Effect.Atomic
open FStar.Ghost
assume
val pts_to (#a:Type u#0)
(r:ref a)
([@@@ smt_fallback] v:a)
: slprop u#1
assume
val read (#a:Type) (#v:Ghost.erased a) (r:ref a)
: Steel a (pts_to r v) (fun x -> pts_to r x)
(requires fun _ -> True)
(ensures fun _ x _ -> x == Ghost.reveal v)
assume
val write (#a:Type0) (#v:Ghost.erased a) (r:ref a) (x:a)
: SteelT unit (pts_to r v)
(fun _ -> pts_to r x)
let incr (#v:Ghost.erased int) (r:ref int) ()
: SteelT unit (pts_to r v)
(fun _ -> pts_to r (v + 1))
= let x = read r in
write #_ #(hide x) r (x + 1);
change_slprop (pts_to r (x + 1)) (pts_to r (v + 1)) (fun _ -> ())
But, this one fails, with a tactic trying to solve a non-trivial (but provable goal) with true_p
let incr (#v:Ghost.erased int) (r:ref int) ()
: SteelT unit (pts_to r v)
(fun _ -> pts_to r (v + 1))
= let x = read r in
write r (x + 1)
And this one fails too, with a tactic left uninstantiated variable message
let incr (#v:Ghost.erased int) (r:ref int) ()
: SteelT unit (pts_to r v)
(fun _ -> pts_to r (v + 1))
= let x = read r in
write #_ #_ r (x + 1);
change_slprop (pts_to r (x + 1)) (pts_to r (v + 1)) (fun _ -> ())