Fix SMT SetOf n-ary extensionality axiom#266
Conversation
|
As noted in the related issue, TLAPS not supporting constructs binding more than one variable applies in a much broader sense than just for the SMT backend. While your fix may go some way for introducing support for the SMT backend specifically, supporting such constructs needs more pervasive changes to tlapm and the different backends. Note that outputs error message concerning SMT, Zenon, and Isabelle. |
|
Thanks, that makes sense. I agree this PR does not implement general support for multi-variable binders across TLAPS and all backends. I will update the PR description to make the scope explicit: this is only an SMT backend arity fix for the existing SetOf_n encoding, not a full fix for #265. I will also change "Closes #265" to "Refs #265". If you prefer not to accept partial SMT-only support for this unsupported construct, I can close the PR. |
Signed-off-by: 叶落寒塘 <22316734+ylht@users.noreply.github.com>
2 participants
Summary
Fix the SMT extensionality helper axiom for
SetOf_nso n-ary set comprehensions pass allnbound-domain arguments to the SMTSetOf_napplication.Refs #265.
Scope
This PR is intentionally limited to an SMT backend arity fix. It does not add general TLAPS support for TLA+ constructs that bind more than one variable, and it does not address support in the Zenon or Isabelle backends.
The broader multi-variable binding limitation is discussed in #265 and in the TLAPS unsupported features documentation.
Root Cause
SetOf_nis declared as takingndomain arguments plus one predicate/function argument:But
assert_issetof nencoded the assertion as if everySetOf_nwere unary:This is accidentally correct for
n = 1, but wrong forn >= 2.Changes
Pthe typeidv^n -> idvinassert_issetof n.nbound-domain arguments.SetOf_n(a1, ..., an, P)in the trigger and assertion.Validation
New regression test on the fixed binary:
Result:
The same test fails on
471b481with fingerprints disabled:Build: