In theory, giving a function a fuel of 0,0 should make it effectively opaque. However, in the example shown below this is not the case (compare the success of the assertion in the first instance of MethodX, where fuel is used, to the expected failure of the assertion in the second instance of MethodX when opaque is used).
The underlying issue appears to be that when the definition axiom for FunctionB is created, the call to FunctionA is given the default fuel argument of LS(LZ), which means that setting the fuel to 0,0 in MethodX has no effect. This suggests we may need a per-function fuel setting that can be adjusted locally based on context.
[Example](http://rise4fun.com/Dafny/OWHp)
```
module Fuel {
function FunctionA(x:int) : int
{
x + 2
}
function FunctionB(y:int) : int
{
FunctionA(y - 2)
}
method {:fuel FunctionA,0,0} MethodX(z:int)
{
assert FunctionB(z) == z;
}
}
module Opaque {
function {:opaque} FunctionA(x:int) : int
{
x + 2
}
function FunctionB(y:int) : int
{
FunctionA(y - 2)
}
method MethodX(z:int)
{
assert FunctionB(z) == z;
}
}
```
The underlying issue appears to be that when the definition axiom for FunctionB is created, the call to FunctionA is given the default fuel argument of LS(LZ), which means that setting the fuel to 0,0 in MethodX has no effect. This suggests we may need a per-function fuel setting that can be adjusted locally based on context.
[Example](http://rise4fun.com/Dafny/OWHp)
```
module Fuel {
function FunctionA(x:int) : int
{
x + 2
}
function FunctionB(y:int) : int
{
FunctionA(y - 2)
}
method {:fuel FunctionA,0,0} MethodX(z:int)
{
assert FunctionB(z) == z;
}
}
module Opaque {
function {:opaque} FunctionA(x:int) : int
{
x + 2
}
function FunctionB(y:int) : int
{
FunctionA(y - 2)
}
method MethodX(z:int)
{
assert FunctionB(z) == z;
}
}
```