641a4548b6
The `no_confusion` construction is only generated for inductive datatypes supported in the kernel. Before this commit, given `h : T`, `cases h` could leak the internal encoding used by the inductive compiler WHEN a nested and/or mutual inductive datatype is used to index the inductive datatype `T`. The new test exposes the problem. The solution implemented in this commit uses inj_arrow lemmas generated by the inductive compiler. We only use the lemmas if the target is a proposition. If it is not, we sign an error. The reason for this limitation is documented in the source code. cc @jroesch @dselsam Jared: the information leakage has been fixed. So, students will not be confused by the internal encoding used in the inductive compiler. I added the example I posted on slack as a new test. Note that, the workaround I used has been removed. |
||
|---|---|---|
| .. | ||
| api | ||
| checker | ||
| cmake | ||
| frontends | ||
| init | ||
| kernel | ||
| library | ||
| shared | ||
| shell | ||
| tests | ||
| util | ||
| CMakeLists.txt | ||
| CTestConfig.cmake | ||
| CTestCustom.cmake.in | ||
| Doxyfile | ||
| githash.h.in | ||
| memcheck.supp | ||
| version.h.in | ||