I'm trying to prove a contradiction from two aliased pointers
...
* data_at sha (tarray tulong 5) (map (fun x : Z => Vlong (Int64.repr x)) arra) a
* data_at shb (tarray tulong 5) (map (fun x : Z => Vlong (Int64.repr x)) arrb) b
|-- !! (a <> b)
I've tried
destruct (Val.eq a b) as [->|Hneq];[|entailer!].
data_at_conflict b.
However, the data_at_conflict b
tactic doesn't work, yielding the error
Unable to unify "shb" with "sha".
Why do the shares need to be unified to prove that alaised pointer to separated blocks is a contradiction?
Or am I misunderstanding how shares work? Normally I just assign each read-only pointer its own individual readable_share
. Are disjoint shares to the same memory block considered separated?
As to why I'm doing this, the function I'm using has a const
and restrict
parameter and I was trying to capture that notion in its specification. Should I be using identical shares when writing the specification of functions that use restrict
?
Perhaps these lemmas will be useful. In fact, perhaps useful enough we should add them to VST.