Multiple `(decreases ...)` clauses

Right now, the harness fails on some mutually recursive lemmas because it puts one decreases on the `val` for the lemma that we check and on the `let rec` for the other lemmas in the block.

This also happens with single `let rec`s:
```fstar
val  elim_of_list'': #a: Type -> i: nat -> s: seq a -> l: list a
  -> Lemma
      (requires
        (List.Tot.length l + i = length s /\ i <= length s /\ slice s i (length s) == seq_of_list l)
      ) (ensures (explode_and i s l)) (decreases (List.Tot.length l))
let rec elim_of_list'': #a:Type ->
  i:nat ->
  s:seq a ->
  l:list a ->
  Lemma
    (requires (
      List.Tot.length l + i = length s /\
      i <= length s /\
      slice s i (length s) == seq_of_list l))
    (ensures (
      explode_and i s l))
    (decreases (
      List.Tot.length l))
= fun #_ i s l ->
  match l with
  | [] -> ()
  | hd :: tl ->
      lemma_seq_of_list_induction l;
      elim_of_list'' (i + 1) s tl
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Multiple `(decreases ...)` clauses #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Multiple (decreases ...) clauses #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Multiple `(decreases ...)` clauses #6