Here's a small Dafny example where the set comprehensions fail:
```
class Foo {
ghost var Repr: set<object>
}
function SeqRepr(s:seq<Foo>) : set<object>
reads set b | b in s
{
set o,b | b in s && b != null && o in b.Repr :: o // Works if you say "set b,o | ..."
}
```
As noted in the comment, the heuristics succeed if we swap the order of "o,b" in the set comprehension. The problem in this case is that the normal set comprehension heuristics for detecting finite bounds are successful, in that they observe that the set of possible b's is bounded by the heap, but for function definitions, this isn't sufficient.
The proposed fix is that the heuristics for determining bounds should only accept the heap as a bound as a last resort. That is, if the heuristics can't find a bound better than heap for a particular variable, they should set it aside and come back to it after trying to find bounds for the other variables.
```
class Foo {
ghost var Repr: set<object>
}
function SeqRepr(s:seq<Foo>) : set<object>
reads set b | b in s
{
set o,b | b in s && b != null && o in b.Repr :: o // Works if you say "set b,o | ..."
}
```
As noted in the comment, the heuristics succeed if we swap the order of "o,b" in the set comprehension. The problem in this case is that the normal set comprehension heuristics for detecting finite bounds are successful, in that they observe that the set of possible b's is bounded by the heap, but for function definitions, this isn't sufficient.
The proposed fix is that the heuristics for determining bounds should only accept the heap as a bound as a last resort. That is, if the heuristics can't find a bound better than heap for a particular variable, they should set it aside and come back to it after trying to find bounds for the other variables.