Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Ghost Types #773

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Support for Ghost Types #773

wants to merge 4 commits into from

Conversation

ArquintL
Copy link
Member

This PR adds support for Ghost Types, i.e., the ability to mark a named type or type alias as ghost such that this type is erased. This feature came up in the context of structs that are declared for verification-only purposes and, thus, contain only ghost fields.

In addition, this PR makes PPermissionType and PPredType ghost types, which did not use to be the case.

@ArquintL ArquintL requested a review from Felalolf June 24, 2024 15:06
@jcp19
Copy link
Contributor

jcp19 commented Jun 24, 2024

Oh, cool!

Do I see it correctly that, for two instances x and y of ghost struct type T (containing at least one field), x == y will always yield true? If so, maybe we can change the encoding such that it matches === in those cases.

Felalolf
Felalolf approved these changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@Felalolf Felalolf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only have one minor comment, the rest seems fine.

...ain/scala/viper/gobra/frontend/info/implementation/typing/ghost/separation/GhostTyping.scala Outdated Show resolved Hide resolved
@ArquintL ArquintL mentioned this pull request Jan 22, 2025
Open
@ArquintL
Copy link
Member Author

I'm not the biggest fan of special casing the encoding for ghost structs as this seems rather confusing to users. Instead, I've implemented a type checker warning for this case in the separate PR #826

@jcp19
Copy link
Contributor

jcp19 commented Jan 23, 2025
edited
Loading

I'm not the biggest fan of special casing the encoding for ghost structs as this seems rather confusing to users. Instead, I've implemented a type checker warning for this case in the separate PR #826

Hmm, in that case, I would rather throw a type error rather than a warning, given that == between ghost structs becomes rather useless. In fact, I think that the current solution introduces a special case - so far, for all ghost types, == matches ===. With the introduction of ghost structs, this will no longer be the case.

The way I see it, ghost structs are useful as alternatives to ADT with a single constructor. However, for ADTs we do have a meaningful ==, whereas for ghost structs, we can only resort to ===.

EDIT: To add to this, I had two instances where I was bitten by the unexpected semantics for ==, one in a first attempt while trying out these changes in scion (I changed some types to be ghost structs instead of adts and, without noticing, some of my specs became vacuously true), and one instance with my student who was verifying the go standard library stated a lemma that was also vacuously true without noticing. If you really insist on keeping these semantics for equality, then I think that reporting anything less than a type error here is way too dangerous.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Felalolf Felalolf Felalolf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ArquintL @jcp19 @Felalolf