Description
There is some redundancy in the generated requires clauses for rules. As an example, for the KEVM optimized.add rule. In the Lean generated rule, we have:
(defn_Val0 : «_<_>_SCHEDULE_Int_ScheduleConst_Schedule» (SortScheduleConst.Gverylow_SCHEDULE_ScheduleConst) SCHED = some _Val0)
So _Val0 is the gas cost of ADD according to SCHED.
We also have:
(defn_Val9 : «_<_>_SCHEDULE_Int_ScheduleConst_Schedule» (SortScheduleConst.Gverylow_SCHEDULE_ScheduleConst) SCHED = some _Val9)
Which means that _Val9 is also the gas cost of ADD according to SCHED.
Now, _Val0 is used to check if we have enough gas for the execution of the opcode:
(defn_Val1 : «_<=Gas__GAS-SYNTAX_Bool_Gas_Gas» ((@inj SortInt SortGas) _Val0) GAVAIL = some _Val1)
And then _Val9 is used to deduct the gas cost of ADD to GAVAIL:
(defn_Val10 : «_-Gas__GAS-SYNTAX_Gas_Gas_Gas» GAVAIL ((@inj SortInt SortGas) _Val9) = some _Val10)
This means that to prove Rewrites lhs rhs, even if we use the constructor for the ADD opcode summary, we need to discharge an extra proof obligation that boils down to showing _Val0 = _Val9. Luckily, this is easily discharged by a single tactic (cc), but maybe it would be ideal if we only had _Val0.
As per @tothtamas28:
When there are two identical function applications in a rule, separate binders for their definedness are generated.
It's possible that these two instances of the same application are not in the original KORE in this form, but through an alias.
The code generator inlines these aliases, so that's where the duplication might come from.
We could unify these definedness binders for ease of proving.