Best practices when defining a new effect to benefit from SMT automation #3031
Unanswered
andricicezar
asked this question in
Q&A
Replies: 1 comment
-
Hi @andricicezar , I tried a few things:
With these two changes, the proof works without any options tweaking. And the smt file size for the I tried another thing, specify a
This is a recent addition (https://github.com/FStarLang/FStar/wiki/Indexed-effects). This makes smt file a little bit smaller but not by much. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi! Recently I defined a Dijkstra Monad that at its base it is the Free monad with the
Require
andReturn
constructors, which is indexed by the pure specification monad. You can find the entire file here.While defining the Dijkstra Monad and the effect was easy, it was quite tedious to make it produce VCs that benefit from SMT automation. @TheoWinterhalter shared with me some of the strategies he remembered by marking things with unfold. The process had to be precise since forgetting an unfold or adding an extra one would break the automation.
While now it works on simple tests, there is still a difference in performance compared to the Pure effect. I tried to import the proof of correctness of the Quick Sort algorithm (from the tutorial), and try to do it in my effect and not Pure. However, the SMT cannot automatically prove it when using my effect. The logged query for the version using my effect is 6x bigger than the query for the Pure version.
I suppose that are many more tricks and practices that one can use, by hiding stuff from SMT or marking things with unfold. Could you share some of these practices you learnt over time?
Beta Was this translation helpful? Give feedback.
All reactions