/// <summary>
/// Performs lambda lifting (see <see cref="LambdaHelper.ExpandLambdas"/>) by replacing with bound variables
/// maximally large subexpressions of a lambda that do not contain any of the lambda's bound variables.
/// </summary>
/// <param name="lambda">A lambda expression
/// <code>(lambda x1: T1 ... x_n: T_n :: t)</code>
/// where <c>t</c> contains the subexpressions <c>e1</c>, ..., <c>e_m</c>. These are maximally large
/// subexpressions that do not contain the lambda's bound variables.
/// </param>
/// <returns>
/// <list type="bullet">
/// <item>
/// A function application <c>f(y1, ..., y_m)</c> where <c>f</c>'s body is defined to be the result of
/// replacing the expressions <c>e1</c>, ..., <c>e_m</c> in <c>t</c> with bound variables
/// <c>b1</c>, ..., <c>b_m</c>.
/// </item>
/// <item>
/// Adds a definition and axiom for <c>f</c> to <see cref="lambdaFunctions"/> and <see cref="lambdaAxioms"/>.
/// Memoizes <c>f</c> as the lifted lambda for <para>lambda</para>.
/// </item>
/// </list>
/// </returns>
private Expr LiftLambdaMaxHoles(LambdaExpr lambda)
{
// We start by getting rid of `old` expressions. Instead, we replace the free variables `x_i` that are
// nested inside of `old` expressions with `old(x_i)` expressions.
var oldFinder = new OldFinder();
oldFinder.Visit(lambda);
var oldSubst = new Dictionary<Variable, Expr>();
foreach (var v in oldFinder.FreeOldVars)
if (v is GlobalVariable g)
{
oldSubst.Add(g, new OldExpr(g.tok, new IdentifierExpr(g.tok, g)) {Type = g.TypedIdent.Type});
}
var lambdaBody = Substituter.ApplyReplacingOldExprs(
Substituter.SubstitutionFromDictionary(new Dictionary<Variable, Expr>()),
Substituter.SubstitutionFromDictionary(oldSubst),
lambda.Body);
var lambdaAttrs = Substituter.ApplyReplacingOldExprs(
Substituter.SubstitutionFromDictionary(new Dictionary<Variable, Expr>()),
Substituter.SubstitutionFromDictionary(oldSubst),
lambda.Attributes);
var newLambda =
new LambdaExpr(lambda.tok, lambda.TypeParameters, lambda.Dummies, lambdaAttrs, lambdaBody)
{
Type = lambda.Type
};
// We perform lambda lifting on the resulting lambda which now contains only `old` expressions of the form
// `old(x)` where `x` is a variable that is free in the lambda.
return new MaxHolesLambdaLifter(
newLambda, liftedLambdas, FreshLambdaFunctionName(), lambdaFunctions, lambdaAxioms)
.VisitLambdaExpr(newLambda);
}
private List <Cmd> InlineYieldLoopInvariants(List <CallCmd> yieldInvariants)
{
var inlinedYieldInvariants = new List <Cmd>();
foreach (var callCmd in yieldInvariants)
{
var yieldInvariant = civlTypeChecker.procToYieldInvariant[callCmd.Proc];
if (layerNum == yieldInvariant.LayerNum)
{
Dictionary <Variable, Expr> map = callCmd.Proc.InParams.Zip(callCmd.Ins)
.ToDictionary(x => x.Item1, x => x.Item2);
Substitution subst = Substituter.SubstitutionFromDictionary(map);
foreach (Requires req in callCmd.Proc.Requires)
{
var newExpr = Substituter.Apply(subst, req.Condition);
if (req.Free)
{
inlinedYieldInvariants.Add(new AssumeCmd(req.tok, newExpr, req.Attributes));
}
else
{
inlinedYieldInvariants.Add(new AssertCmd(req.tok, newExpr, req.Attributes));
}
}
}
}
return(inlinedYieldInvariants);
}
private void TryElimination(IEnumerable <Variable> extraDefinedVariables)
{
bool Defined(Variable v) => varToExpr.ContainsKey(v) || extraDefinedVariables.Contains(v);
bool changed;
do
{
changed = false;
var remainingAssignments = new List <Assignment>();
foreach (var assignment in assignments)
{
if (!Defined(assignment.Var) &&
VariableCollector.Collect(assignment.Expr).Intersect(AllIntroducedVariables).All(Defined))
{
varToExpr[assignment.Var] = SubstitutionHelper.Apply(varToExpr, assignment.Expr);
changed = true;
}
else
{
remainingAssignments.Add(assignment);
}
}
Substitution sub = Substituter.SubstitutionFromDictionary(varToExpr);
foreach (var assignment in remainingAssignments)
{
assignment.Expr = Substituter.Apply(sub, assignment.Expr);
}
assignments = remainingAssignments;
assumes = SubstitutionHelper.Apply(sub, assumes).ToList();
} while (changed);
}
public NormalSubstituter(Substitution subst)
: base()
{
Contract.Requires(subst != null);
this.always = subst;
this.forold = Substituter.SubstitutionFromDictionary(new Dictionary <Variable, Expr>());
}
public static Substitution GetSubstitution(AtomicAction from, AtomicAction to)
{
Dictionary <Variable, Expr> map = new Dictionary <Variable, Expr>();
for (int i = 0; i < from.impl.InParams.Count; i++)
{
map[from.impl.InParams[i]] = Expr.Ident(to.impl.InParams[i]);
}
for (int i = 0; i < Math.Min(from.impl.OutParams.Count, to.impl.OutParams.Count); i++)
{
map[from.impl.OutParams[i]] = Expr.Ident(to.impl.OutParams[i]);
}
return(Substituter.SubstitutionFromDictionary(map));
}
public Tuple <Procedure, Implementation> GenerateStepChecker(AtomicAction pendingAsync, Function pendingAsyncAdd)
{
this.checkName = "step";
var requires = invariantAction.gate.Select(g => new Requires(false, g.Expr)).ToList();
var locals = new List <Variable>();
if (!HasChoice)
{
locals.Add(choice.Decl);
}
List <Cmd> cmds = new List <Cmd>();
cmds.Add(GetCallCmd(invariantAction));
cmds.Add(CmdHelper.AssumeCmd(ExprHelper.FunctionCall(pendingAsync.pendingAsyncCtor.membership, choice)));
cmds.Add(CmdHelper.AssumeCmd(Expr.Gt(Expr.Select(PAs, choice), Expr.Literal(0))));
cmds.Add(RemoveChoice);
AtomicAction abs = elim[pendingAsync];
Dictionary <Variable, Expr> map = new Dictionary <Variable, Expr>();
List <Expr> inputExprs = new List <Expr>();
for (int i = 0; i < abs.impl.InParams.Count; i++)
{
var pendingAsyncParam = ExprHelper.FunctionCall(pendingAsync.pendingAsyncCtor.selectors[i], choice);
map[abs.impl.InParams[i]] = pendingAsyncParam;
inputExprs.Add(pendingAsyncParam);
}
var subst = Substituter.SubstitutionFromDictionary(map);
cmds.AddRange(GetGateAsserts(abs, subst));
List <IdentifierExpr> outputVars = new List <IdentifierExpr>();
if (abs.HasPendingAsyncs)
{
locals.Add(newPAs.Decl);
outputVars.Add(newPAs);
}
cmds.Add(CmdHelper.CallCmd(abs.proc, inputExprs, outputVars));
if (abs.HasPendingAsyncs)
{
cmds.Add(AddNewPAs(pendingAsyncAdd));
}
cmds.Add(GetCheck(GetTransitionRelation(invariantAction)));
return(GetCheckerTuple(requires, locals, cmds, "_" + abs.proc.Name));
}
public override BinderExpr VisitBinderExpr(BinderExpr node)
{
var subst = new Dictionary <Variable, Expr>();
var newBound = new List <Variable>();
foreach (var bv in node.Dummies)
{
var bvNew = boundVars[boundVarCount++, bv.TypedIdent.Type];
newBound.Add(bvNew);
subst[bv] = new IdentifierExpr(Token.NoToken, bvNew);
}
node.Dummies = this.VisitVariableSeq(newBound);
node.Body = this.VisitExpr(Substituter.Apply(Substituter.SubstitutionFromDictionary(subst), node.Body));
return(node);
}
private Dictionary <Implementation, List <Cmd> > CreatePreconditions(
LinearPermissionInstrumentation linearPermissionInstrumentation)
{
var implToInitCmds = new Dictionary <Implementation, List <Cmd> >();
foreach (var impl in absyMap.Keys.OfType <Implementation>())
{
var initCmds = new List <Cmd>();
if (civlTypeChecker.GlobalVariables.Count() > 0)
{
initCmds.Add(CmdHelper.HavocCmd(
civlTypeChecker.GlobalVariables.Select(v => Expr.Ident(v)).ToList()));
linearPermissionInstrumentation.DisjointnessExprs(impl, true).ForEach(
expr => initCmds.Add(CmdHelper.AssumeCmd(expr)));
Substitution procToImplInParams = Substituter.SubstitutionFromDictionary(impl.Proc.InParams
.Zip(impl.InParams).ToDictionary(x => x.Item1, x => (Expr)Expr.Ident(x.Item2)));
impl.Proc.Requires.ForEach(req =>
initCmds.Add(new AssumeCmd(req.tok, Substituter.Apply(procToImplInParams, req.Condition))));
foreach (var callCmd in GetYieldingProc(impl).yieldRequires)
{
var yieldInvariant = civlTypeChecker.procToYieldInvariant[callCmd.Proc];
if (layerNum == yieldInvariant.LayerNum)
{
Substitution callFormalsToActuals = Substituter.SubstitutionFromDictionary(callCmd.Proc.InParams
.Zip(callCmd.Ins)
.ToDictionary(x => x.Item1, x => (Expr)ExprHelper.Old(x.Item2)));
callCmd.Proc.Requires.ForEach(req => initCmds.Add(new AssumeCmd(req.tok,
Substituter.Apply(procToImplInParams,
Substituter.Apply(callFormalsToActuals, req.Condition)))));
}
}
}
implToInitCmds[impl] = initCmds;
}
return(implToInitCmds);
}
private void InlineYieldRequiresAndEnsures()
{
foreach (var impl in absyMap.Keys.OfType <Implementation>())
{
var yieldingProc = GetYieldingProc(impl);
foreach (var callCmd in yieldingProc.yieldRequires)
{
var yieldInvariant = civlTypeChecker.procToYieldInvariant[callCmd.Proc];
if (layerNum == yieldInvariant.LayerNum)
{
Dictionary <Variable, Expr> map = callCmd.Proc.InParams.Zip(callCmd.Ins)
.ToDictionary(x => x.Item1, x => x.Item2);
Substitution subst = Substituter.SubstitutionFromDictionary(map);
foreach (Requires req in callCmd.Proc.Requires)
{
impl.Proc.Requires.Add(new Requires(req.tok, req.Free, Substituter.Apply(subst, req.Condition),
null,
req.Attributes));
}
}
}
foreach (var callCmd in yieldingProc.yieldEnsures)
{
var yieldInvariant = civlTypeChecker.procToYieldInvariant[callCmd.Proc];
if (layerNum == yieldInvariant.LayerNum)
{
Dictionary <Variable, Expr> map = callCmd.Proc.InParams.Zip(callCmd.Ins)
.ToDictionary(x => x.Item1, x => x.Item2);
Substitution subst = Substituter.SubstitutionFromDictionary(map);
foreach (Requires req in callCmd.Proc.Requires)
{
impl.Proc.Ensures.Add(new Ensures(req.tok, req.Free, Substituter.Apply(subst, req.Condition),
null,
req.Attributes));
}
}
}
}
}
/// <summary>
/// Performs lambda lifting (see <see cref="LambdaHelper.ExpandLambdas"/>) by replacing the lambda's
/// free variables with bound ones.
/// </summary>
/// <param name="lambda">A lambda expression
/// <code>(lambda x1: T1 ... x_n: T_n :: t)</code>
/// where <c>t</c> contains the free variables <c>y1</c>, ..., <c>y_m</c>.
/// </param>
/// <returns>
/// <list type="bullet">
/// <item>
/// A function application <c>f(y1, ..., y_m)</c> where <c>f</c>'s body is defined to be the result of
/// replacing the free variables <c>y1</c>, ..., <c>y_m</c> in <c>t</c> with bound variables
/// <c>b1</c>, ..., <c>b_m</c>.
/// </item>
/// <item>
/// Adds a definition and axiom for <c>f</c> to <see cref="lambdaFunctions"/> and <see cref="lambdaAxioms"/>.
/// Memoizes <c>f</c> as the lifted lambda for <para>lambda</para>.
/// </item>
/// </list>
/// </returns>
private Expr LiftLambdaFreeVars(LambdaExpr lambda)
{
// We start by getting rid of any use of "old" inside the lambda. This is done as follows.
// For each variable "g" occurring inside lambda as "old(... g ...)", create a new name "og".
// Replace each old occurrence of "g" with "og", removing the enclosing "old" wrappers.
var oldFinder = new OldFinder();
oldFinder.Visit(lambda);
var oldSubst = new Dictionary<Variable, Expr>(); // g -> g0
var callOldMapping = new Dictionary<Variable, Expr>(); // g0 -> old(g)
foreach (var v in oldFinder.FreeOldVars)
{
var g = v as GlobalVariable;
if (g != null)
{
var g0 = new GlobalVariable(g.tok, new TypedIdent(g.tok, g.TypedIdent.Name + "@old", g.TypedIdent.Type));
oldSubst.Add(g, new IdentifierExpr(g0.tok, g0));
callOldMapping.Add(g0, new OldExpr(g0.tok, new IdentifierExpr(g.tok, g)));
}
}
var lambdaBody = Substituter.ApplyReplacingOldExprs(
Substituter.SubstitutionFromDictionary(new Dictionary<Variable, Expr>()),
Substituter.SubstitutionFromDictionary(oldSubst),
lambda.Body);
var lambdaAttrs = Substituter.ApplyReplacingOldExprs(
Substituter.SubstitutionFromDictionary(new Dictionary<Variable, Expr>()),
Substituter.SubstitutionFromDictionary(oldSubst),
lambda.Attributes);
if (0 < CommandLineOptions.Clo.VerifySnapshots &&
QKeyValue.FindStringAttribute(lambdaAttrs, "checksum") == null)
{
// Attach a dummy checksum to avoid issues in the dependency analysis.
var checksumAttr = new QKeyValue(lambda.tok, "checksum", new List<object> {"lambda expression"}, null);
if (lambdaAttrs == null)
{
lambdaAttrs = checksumAttr;
}
else
{
lambdaAttrs.AddLast(checksumAttr);
}
}
// this is ugly, the output will depend on hashing order
var subst = new Dictionary<Variable, Expr>();
var substFnAttrs = new Dictionary<Variable, Expr>();
var formals = new List<Variable>();
var callArgs = new List<Expr>();
var axCallArgs = new List<Expr>();
var dummies = new List<Variable>(lambda.Dummies);
var freeTypeVars = new List<TypeVariable>();
var fnTypeVarActuals = new List<Type /*!*/>();
var freshTypeVars = new List<TypeVariable>(); // these are only used in the lambda@n function's definition
// compute the free variables of the lambda expression, but with lambdaBody instead of lambda.Body
Set freeVars = new Set();
BinderExpr.ComputeBinderFreeVariables(lambda.TypeParameters, lambda.Dummies, lambdaBody, null, lambdaAttrs,
freeVars);
foreach (object o in freeVars)
{
// 'o' is either a Variable or a TypeVariable.
if (o is Variable)
{
var v = o as Variable;
var ti = new TypedIdent(v.TypedIdent.tok, v.TypedIdent.Name, v.TypedIdent.Type);
var f = new Formal(v.tok, ti, true);
formals.Add(f);
substFnAttrs.Add(v, new IdentifierExpr(f.tok, f));
var b = new BoundVariable(v.tok, ti);
dummies.Add(b);
if (callOldMapping.ContainsKey(v))
{
callArgs.Add(callOldMapping[v]);
}
else
{
callArgs.Add(new IdentifierExpr(v.tok, v));
}
Expr id = new IdentifierExpr(b.tok, b);
subst.Add(v, id);
axCallArgs.Add(id);
}
else
{
var tv = (TypeVariable) o;
freeTypeVars.Add(tv);
fnTypeVarActuals.Add(tv);
freshTypeVars.Add(new TypeVariable(tv.tok, tv.Name));
}
}
var sw = new System.IO.StringWriter();
var wr = new TokenTextWriter(sw, true);
lambda.Emit(wr);
string lam_str = sw.ToString();
FunctionCall fcall;
IToken tok = lambda.tok;
Formal res = new Formal(tok, new TypedIdent(tok, TypedIdent.NoName, cce.NonNull(lambda.Type)), false);
if (liftedLambdas.TryGetValue(lambda, out fcall))
{
if (CommandLineOptions.Clo.TraceVerify)
{
Console.WriteLine("Old lambda: {0}", lam_str);
}
}
else
{
if (CommandLineOptions.Clo.TraceVerify)
{
Console.WriteLine("New lambda: {0}", lam_str);
}
Function fn = new Function(tok, FreshLambdaFunctionName(), freshTypeVars, formals, res,
"auto-generated lambda function",
Substituter.Apply(Substituter.SubstitutionFromDictionary(substFnAttrs), lambdaAttrs));
fn.OriginalLambdaExprAsString = lam_str;
fcall = new FunctionCall(new IdentifierExpr(tok, fn.Name));
fcall.Func = fn; // resolve here
liftedLambdas[lambda] = fcall;
List<Expr /*!*/> selectArgs = new List<Expr /*!*/>();
foreach (Variable /*!*/ v in lambda.Dummies)
{
Contract.Assert(v != null);
selectArgs.Add(new IdentifierExpr(v.tok, v));
}
NAryExpr axcall = new NAryExpr(tok, fcall, axCallArgs);
axcall.Type = res.TypedIdent.Type;
axcall.TypeParameters = SimpleTypeParamInstantiation.From(freeTypeVars, fnTypeVarActuals);
NAryExpr select = Expr.Select(axcall, selectArgs);
select.Type = lambdaBody.Type;
List<Type /*!*/> selectTypeParamActuals = new List<Type /*!*/>();
List<TypeVariable> forallTypeVariables = new List<TypeVariable>();
foreach (TypeVariable /*!*/ tp in lambda.TypeParameters)
{
Contract.Assert(tp != null);
selectTypeParamActuals.Add(tp);
forallTypeVariables.Add(tp);
}
forallTypeVariables.AddRange(freeTypeVars);
select.TypeParameters = SimpleTypeParamInstantiation.From(lambda.TypeParameters, selectTypeParamActuals);
Expr bb = Substituter.Apply(Substituter.SubstitutionFromDictionary(subst), lambdaBody);
NAryExpr body = Expr.Eq(select, bb);
body.Type = Type.Bool;
body.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
Trigger trig = new Trigger(select.tok, true, new List<Expr> {select});
lambdaFunctions.Add(fn);
lambdaAxioms.Add(new ForallExpr(tok, forallTypeVariables, dummies,
Substituter.Apply(Substituter.SubstitutionFromDictionary(subst), lambdaAttrs),
trig, body));
}
NAryExpr call = new NAryExpr(tok, fcall, callArgs);
call.Type = res.TypedIdent.Type;
call.TypeParameters = SimpleTypeParamInstantiation.From(freeTypeVars, fnTypeVarActuals);
return call;
}
public static List <Declaration> CreateNoninterferenceCheckers(
CivlTypeChecker civlTypeChecker,
int layerNum,
AbsyMap absyMap,
DeclWithFormals decl,
List <Variable> declLocalVariables)
{
var linearTypeChecker = civlTypeChecker.linearTypeChecker;
Dictionary <string, Variable> domainNameToHoleVar = new Dictionary <string, Variable>();
Dictionary <Variable, Variable> localVarMap = new Dictionary <Variable, Variable>();
Dictionary <Variable, Expr> map = new Dictionary <Variable, Expr>();
List <Variable> locals = new List <Variable>();
List <Variable> inputs = new List <Variable>();
foreach (var domainName in linearTypeChecker.linearDomains.Keys)
{
var inParam = linearTypeChecker.LinearDomainInFormal(domainName);
inputs.Add(inParam);
domainNameToHoleVar[domainName] = inParam;
}
foreach (Variable local in declLocalVariables.Union(decl.InParams).Union(decl.OutParams))
{
var copy = CopyLocal(local);
locals.Add(copy);
localVarMap[local] = copy;
map[local] = Expr.Ident(copy);
}
Dictionary <Variable, Expr> oldLocalMap = new Dictionary <Variable, Expr>();
Dictionary <Variable, Expr> assumeMap = new Dictionary <Variable, Expr>(map);
foreach (Variable g in civlTypeChecker.GlobalVariables)
{
var copy = OldGlobalLocal(civlTypeChecker, g);
locals.Add(copy);
oldLocalMap[g] = Expr.Ident(copy);
Formal f = SnapshotGlobalFormal(civlTypeChecker, g);
inputs.Add(f);
assumeMap[g] = Expr.Ident(f);
}
var linearPermissionInstrumentation = new LinearPermissionInstrumentation(civlTypeChecker,
layerNum, absyMap, domainNameToHoleVar, localVarMap);
List <YieldInfo> yieldInfos = null;
string noninterferenceCheckerName = null;
if (decl is Implementation impl)
{
noninterferenceCheckerName = $"impl_{absyMap.Original(impl).Name}_{layerNum}";
yieldInfos = CollectYields(civlTypeChecker, absyMap, layerNum, impl).Select(kv =>
new YieldInfo(linearPermissionInstrumentation.DisjointnessAssumeCmds(kv.Key, false), kv.Value)).ToList();
}
else if (decl is Procedure proc)
{
yieldInfos = new List <YieldInfo>();
if (civlTypeChecker.procToYieldInvariant.ContainsKey(proc))
{
noninterferenceCheckerName = $"yield_{proc.Name}";
if (proc.Requires.Count > 0)
{
var disjointnessCmds = linearPermissionInstrumentation.ProcDisjointnessAssumeCmds(proc, true);
var yieldPredicates = proc.Requires.Select(requires =>
requires.Free
? (PredicateCmd) new AssumeCmd(requires.tok, requires.Condition)
: (PredicateCmd) new AssertCmd(requires.tok, requires.Condition)).ToList();
yieldInfos.Add(new YieldInfo(disjointnessCmds, yieldPredicates));
}
}
else
{
noninterferenceCheckerName = $"proc_{absyMap.Original(proc).Name}_{layerNum}";
if (proc.Requires.Count > 0)
{
var entryDisjointnessCmds =
linearPermissionInstrumentation.ProcDisjointnessAssumeCmds(proc, true);
var entryYieldPredicates = proc.Requires.Select(requires =>
requires.Free
? (PredicateCmd) new AssumeCmd(requires.tok, requires.Condition)
: (PredicateCmd) new AssertCmd(requires.tok, requires.Condition)).ToList();
yieldInfos.Add(new YieldInfo(entryDisjointnessCmds, entryYieldPredicates));
}
if (proc.Ensures.Count > 0)
{
var exitDisjointnessCmds =
linearPermissionInstrumentation.ProcDisjointnessAssumeCmds(proc, false);
var exitYieldPredicates = proc.Ensures.Select(ensures =>
ensures.Free
? (PredicateCmd) new AssumeCmd(ensures.tok, ensures.Condition)
: (PredicateCmd) new AssertCmd(ensures.tok, ensures.Condition)).ToList();
yieldInfos.Add(new YieldInfo(exitDisjointnessCmds, exitYieldPredicates));
}
}
}
else
{
Debug.Assert(false);
}
var filteredYieldInfos = yieldInfos.Where(info =>
info.invariantCmds.Any(predCmd => new GlobalAccessChecker().AccessesGlobal(predCmd.Expr)));
if (filteredYieldInfos.Count() == 0)
{
return(new List <Declaration>());
}
Substitution assumeSubst = Substituter.SubstitutionFromDictionary(assumeMap);
Substitution oldSubst = Substituter.SubstitutionFromDictionary(oldLocalMap);
Substitution subst = Substituter.SubstitutionFromDictionary(map);
List <Block> noninterferenceCheckerBlocks = new List <Block>();
List <Block> labelTargets = new List <Block>();
Block noninterferenceCheckerBlock = BlockHelper.Block("exit", new List <Cmd>());
labelTargets.Add(noninterferenceCheckerBlock);
noninterferenceCheckerBlocks.Add(noninterferenceCheckerBlock);
int yieldCount = 0;
foreach (var kv in filteredYieldInfos)
{
var newCmds = new List <Cmd>(kv.disjointnessCmds);
foreach (var predCmd in kv.invariantCmds)
{
var newExpr = Substituter.ApplyReplacingOldExprs(assumeSubst, oldSubst, predCmd.Expr);
newCmds.Add(new AssumeCmd(predCmd.tok, newExpr));
}
foreach (var predCmd in kv.invariantCmds)
{
if (predCmd is AssertCmd)
{
var newExpr = Substituter.ApplyReplacingOldExprs(subst, oldSubst, predCmd.Expr);
AssertCmd assertCmd = new AssertCmd(predCmd.tok, newExpr, predCmd.Attributes);
assertCmd.ErrorData = "Non-interference check failed";
newCmds.Add(assertCmd);
}
}
newCmds.Add(CmdHelper.AssumeCmd(Expr.False));
noninterferenceCheckerBlock = BlockHelper.Block("L" + yieldCount++, newCmds);
labelTargets.Add(noninterferenceCheckerBlock);
noninterferenceCheckerBlocks.Add(noninterferenceCheckerBlock);
}
noninterferenceCheckerBlocks.Insert(0, BlockHelper.Block("enter", new List <Cmd>(), labelTargets));
// Create the yield checker procedure
noninterferenceCheckerName = civlTypeChecker.AddNamePrefix($"NoninterferenceChecker_{noninterferenceCheckerName}");
var noninterferenceCheckerProc = DeclHelper.Procedure(noninterferenceCheckerName,
inputs, new List <Variable>(), new List <Requires>(), new List <IdentifierExpr>(), new List <Ensures>());
CivlUtil.AddInlineAttribute(noninterferenceCheckerProc);
// Create the yield checker implementation
var noninterferenceCheckerImpl = DeclHelper.Implementation(noninterferenceCheckerProc,
inputs, new List <Variable>(), locals, noninterferenceCheckerBlocks);
CivlUtil.AddInlineAttribute(noninterferenceCheckerImpl);
return(new List <Declaration> {
noninterferenceCheckerProc, noninterferenceCheckerImpl
});
}
private void DesugarParCallCmdInBlock(Block block, bool isBlockInYieldingLoop)
{
var parCallCmd = (ParCallCmd)block.Cmds[0];
List <Cmd> newCmds = new List <Cmd>();
if (!isBlockInYieldingLoop)
{
newCmds.AddRange(refinementInstrumentation.CreateUpdatesToRefinementVars(IsParCallMarked(parCallCmd)));
}
List <Expr> ins = new List <Expr>();
List <IdentifierExpr> outs = new List <IdentifierExpr>();
string procName = "ParallelCall";
foreach (CallCmd callCmd in parCallCmd.CallCmds)
{
// Use original procedure names to make aggregated name more readable
procName = procName + "_" + absyMap.OriginalOrInput(callCmd.Proc).Name;
ins.AddRange(callCmd.Ins);
outs.AddRange(callCmd.Outs);
}
procName = civlTypeChecker.AddNamePrefix(procName) + "_" + layerNum;
if (!parallelCallAggregators.ContainsKey(procName))
{
List <Variable> inParams = new List <Variable>();
List <Variable> outParams = new List <Variable>();
List <Requires> requiresSeq = new List <Requires>();
List <Ensures> ensuresSeq = new List <Ensures>();
int count = 0;
foreach (CallCmd callCmd in parCallCmd.CallCmds)
{
Dictionary <Variable, Expr> map = new Dictionary <Variable, Expr>();
foreach (Variable x in callCmd.Proc.InParams)
{
Variable y = ParCallDesugarFormal(x, count, true);
inParams.Add(y);
map[x] = Expr.Ident(y);
}
foreach (Variable x in callCmd.Proc.OutParams)
{
Variable y = ParCallDesugarFormal(x, count, false);
outParams.Add(y);
map[x] = Expr.Ident(y);
}
Contract.Assume(callCmd.Proc.TypeParameters.Count == 0);
Substitution subst = Substituter.SubstitutionFromDictionary(map);
foreach (Requires req in callCmd.Proc.Requires)
{
requiresSeq.Add(new Requires(req.tok, req.Free, Substituter.Apply(subst, req.Condition), null,
req.Attributes));
}
foreach (Ensures ens in callCmd.Proc.Ensures)
{
ensuresSeq.Add(new Ensures(ens.tok, ens.Free, Substituter.Apply(subst, ens.Condition), null,
ens.Attributes));
}
count++;
}
parallelCallAggregators[procName] = DeclHelper.Procedure(
procName, inParams, outParams, requiresSeq,
civlTypeChecker.GlobalVariables.Select(v => Expr.Ident(v)).ToList(), ensuresSeq);
}
Procedure proc = parallelCallAggregators[procName];
CallCmd checkerCallCmd = new CallCmd(parCallCmd.tok, proc.Name, ins, outs, parCallCmd.Attributes)
{
Proc = proc
};
newCmds.Add(checkerCallCmd);
newCmds.AddRange(refinementInstrumentation.CreateAssumeCmds());
newCmds.AddRange(globalSnapshotInstrumentation.CreateUpdatesToOldGlobalVars());
newCmds.AddRange(refinementInstrumentation.CreateUpdatesToOldOutputVars());
newCmds.AddRange(noninterferenceInstrumentation.CreateUpdatesToPermissionCollector(parCallCmd));
newCmds.AddRange(block.cmds.GetRange(1, block.cmds.Count - 1));
block.cmds = newCmds;
}
public Implementation Inject(Implementation implementation, Program programInCachedSnapshot)
{
Contract.Requires(implementation != null && programInCachedSnapshot != null);
this.programInCachedSnapshot = programInCachedSnapshot;
assumptionVariableCount = 0;
temporaryVariableCount = 0;
currentImplementation = implementation;
#region Introduce explict assumption about the precondition.
var oldProc = programInCachedSnapshot.FindProcedure(currentImplementation.Proc.Name);
if (oldProc != null &&
oldProc.DependencyChecksum != currentImplementation.Proc.DependencyChecksum &&
currentImplementation.ExplicitAssumptionAboutCachedPrecondition == null)
{
var axioms = new List <Axiom>();
var after = new List <Cmd>();
Expr assumedExpr = new LiteralExpr(Token.NoToken, false);
var canUseSpecs = DependencyCollector.CanExpressOldSpecs(oldProc, Program, true);
if (canUseSpecs && oldProc.SignatureEquals(currentImplementation.Proc))
{
var always = Substituter.SubstitutionFromDictionary(currentImplementation.GetImplFormalMap(), true,
currentImplementation.Proc);
var forOld = Substituter.SubstitutionFromDictionary(new Dictionary <Variable, Expr>());
var clauses = oldProc.Requires.Select(r =>
Substituter.FunctionCallReresolvingApply(always, forOld, r.Condition, Program));
var conj = Expr.And(clauses, true);
assumedExpr = conj != null
? FunctionExtractor.Extract(conj, Program, axioms)
: new LiteralExpr(Token.NoToken, true);
}
if (assumedExpr != null)
{
var lv = new LocalVariable(Token.NoToken,
new TypedIdent(Token.NoToken, string.Format("a##cached##{0}", FreshAssumptionVariableName), Type.Bool),
new QKeyValue(Token.NoToken, "assumption", new List <object>(), null));
currentImplementation.InjectAssumptionVariable(lv, !canUseSpecs);
var lhs = new SimpleAssignLhs(Token.NoToken, new IdentifierExpr(Token.NoToken, lv));
var rhs = LiteralExpr.And(new IdentifierExpr(Token.NoToken, lv), assumedExpr);
var assumed = new AssignCmd(currentImplementation.tok, new List <AssignLhs> {
lhs
}, new List <Expr> {
rhs
});
assumed.IrrelevantForChecksumComputation = true;
currentImplementation.ExplicitAssumptionAboutCachedPrecondition = assumed;
after.Add(assumed);
}
if (CommandLineOptions.Clo.TraceCachingForTesting || CommandLineOptions.Clo.TraceCachingForBenchmarking)
{
using (var tokTxtWr = new TokenTextWriter("<console>", Console.Out, false, false))
{
var loc = currentImplementation.tok != null && currentImplementation.tok != Token.NoToken
? string.Format("{0}({1},{2})", currentImplementation.tok.filename, currentImplementation.tok.line,
currentImplementation.tok.col)
: "<unknown location>";
Console.Out.WriteLine("Processing implementation {0} (at {1}):", currentImplementation.Name, loc);
foreach (var a in axioms)
{
Console.Out.Write(" >>> added axiom: ");
a.Expr.Emit(tokTxtWr);
Console.Out.WriteLine();
}
foreach (var b in after)
{
Console.Out.Write(" >>> added after assuming the current precondition: ");
b.Emit(tokTxtWr, 0);
}
}
}
}
#endregion
var result = VisitImplementation(currentImplementation);
currentImplementation = null;
this.programInCachedSnapshot = null;
return(result);
}
public ActionRefinementInstrumentation(
CivlTypeChecker civlTypeChecker,
Implementation impl,
Implementation originalImpl,
Dictionary <Variable, Variable> oldGlobalMap)
{
this.civlTypeChecker = civlTypeChecker;
this.tok = impl.tok;
this.oldGlobalMap = new Dictionary <Variable, Variable>();
ActionProc actionProc = civlTypeChecker.procToYieldingProc[originalImpl.Proc] as ActionProc;
this.layerNum = actionProc.upperLayer;
foreach (Variable v in civlTypeChecker.GlobalVariables)
{
var layerRange = civlTypeChecker.GlobalVariableLayerRange(v);
if (layerRange.lowerLayerNum <= layerNum && layerNum < layerRange.upperLayerNum)
{
this.oldGlobalMap[v] = oldGlobalMap[v];
}
}
this.newLocalVars = new List <Variable>();
pc = civlTypeChecker.LocalVariable("pc", Type.Bool);
newLocalVars.Add(pc);
ok = civlTypeChecker.LocalVariable("ok", Type.Bool);
newLocalVars.Add(ok);
this.transitionRelationCache = new Dictionary <AtomicAction, Expr>();
oldOutputMap = new Dictionary <Variable, Variable>();
foreach (Variable f in impl.OutParams)
{
LocalVariable copy = Old(f);
newLocalVars.Add(copy);
oldOutputMap[f] = copy;
}
Dictionary <Variable, Expr> foroldMap = new Dictionary <Variable, Expr>();
foreach (Variable g in civlTypeChecker.GlobalVariables)
{
foroldMap[g] = Expr.Ident(oldGlobalMap[g]);
}
// The parameters of an atomic action come from the implementation that denotes the atomic action specification.
// To use the transition relation computed below in the context of the yielding procedure of the refinement check,
// we need to substitute the parameters.
AtomicAction atomicAction = actionProc.refinedAction;
Implementation atomicActionImpl = atomicAction.impl;
Dictionary <Variable, Expr> alwaysMap = new Dictionary <Variable, Expr>();
for (int i = 0, j = 0; i < impl.InParams.Count; i++)
{
if (civlTypeChecker.FormalRemainsInAction(actionProc, actionProc.proc.InParams[i]))
{
alwaysMap[atomicActionImpl.InParams[j]] = Expr.Ident(impl.InParams[i]);
j++;
}
}
for (int i = 0, j = 0; i < impl.OutParams.Count; i++)
{
if (civlTypeChecker.FormalRemainsInAction(actionProc, actionProc.proc.OutParams[i]))
{
alwaysMap[atomicActionImpl.OutParams[j]] = Expr.Ident(impl.OutParams[i]);
j++;
}
}
if (atomicAction.HasPendingAsyncs)
{
Variable collectedPAs = civlTypeChecker.implToPendingAsyncCollector[originalImpl];
alwaysMap[atomicActionImpl.OutParams.Last()] = Expr.Ident(collectedPAs);
LocalVariable copy = Old(collectedPAs);
newLocalVars.Add(copy);
oldOutputMap[collectedPAs] = copy;
}
Substitution always = Substituter.SubstitutionFromDictionary(alwaysMap);
Substitution forold = Substituter.SubstitutionFromDictionary(foroldMap);
Expr transitionRelationExpr = GetTransitionRelation(atomicAction);
transitionRelation = Substituter.ApplyReplacingOldExprs(always, forold, transitionRelationExpr);
Expr gateExpr = Expr.And(atomicAction.gate.Select(g => g.Expr));
gateExpr.Type = Type.Bool;
gate = Substituter.Apply(always, gateExpr);
}
