Skip to content

[Bug][Prover] Enum Data Invariants Incorrectly Enforced #17132

New issue
New issue
Open
Bug
Open
[Bug][Prover] Enum Data Invariants Incorrectly Enforced#17132
Bug
Labels
bugSomething isn't workingmove-proverstale-exemptPrevents issues from being automatically marked and closed as stale
@JakeSilverman

Description

@JakeSilverman
JakeSilverman
opened on Jul 23, 2025

🐛 Bug

There is an issue with how data invariants are enforced in enum types.

To reproduce

The following program

module 0x42::M {

    struct Foo {
        foo: u64,
    }

    struct Bar {
        bar: u64,
    }

    spec Bar{
        invariant self.bar >= 0;
    }

    enum Foobar {
        First {
            foo: Foo,
        },
        Second {
            bar: Bar,
        }
    }

    fun add_one_if_first(self: &mut Foobar) {
        match(self) {
            Foobar::First { foo } => foo.foo = foo.foo + 1,
            Foobar::Second { bar } => bar.bar = bar.bar + 1,
        }
    }
}

will give the error

error: data invariant does not hold
   ┌─ /Users/jake/Desktop/basic_coin/sources/first_module.move:12:9
   │
12 │         invariant self.bar >= 0;
   │         ^^^^^^^^^^^^^^^^^^^^^^^^

when attempting to prove. But this data invariant should be trivial to prove (especially since bar is u64). It seems to have to do with enforcement of the Bar data invariant on the foo path.

Expected Behavior

The above program should verify.

System information

Please complete the following information:
Aptos Core Version: 0ff932a (Jul 21 latest commit)
Rust Version: 1.87.0
Computer OS: macOS 15.5
Boogie version: 3.5.1.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingmove-proverstale-exemptPrevents issues from being automatically marked and closed as stale

    Type

    Bug

    Projects

    Move Language and Runtime

    Status

    🆕 New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions