private void GenerateConvertImpliesValidStepLemma(NextRoutine nextRoutine)
{
NextRoutine hNextRoutine = nextRoutineMap[nextRoutine];
string hNextRoutineName = hNextRoutine.NameSuffix;
var hstep_params = String.Join("", hNextRoutine.Formals.Select(f => $", hentry.{f.GloballyUniqueVarName}"));
var lpr = new ModuleStepPrinter("L");
lpr.State = "ls.s";
lpr.NextState = "ls'.s";
lpr.Step = "lstep";
var hpr = new ModuleStepPrinter("H");
hpr.State = "hs";
hpr.NextState = "hs'";
hpr.Step = "hstep";
var str = $@"
lemma lemma_Step_{nextRoutine.NameSuffix}_ImpliesConvertedIsValidStep(
ls: LPlusState,
ls': LPlusState,
lstep: L.Armada_Step,
hstep: H.Armada_Step,
tid: Armada_ThreadHandle
)
requires LPlus_ValidStep(ls, lstep, tid)
requires ls' == LPlus_GetNextState(ls, lstep, tid)
requires lstep.Armada_Step_{nextRoutine.NameSuffix}?
requires InductiveInv(ls)
requires hstep == ConvertStep_LH(ls, lstep, tid)
ensures H.Armada_ValidStep(ConvertTotalState_LPlusH(ls), hstep, tid)
{{
{ lpr.GetOpenValidStepInvocation(nextRoutine) }
var hs := ConvertTotalState_LPlusH(ls);
var hs' := H.Armada_GetNextState(hs, hstep, tid);
lemma_GetThreadLocalViewAlwaysCommutesWithConvert();
";
foreach (var globalVarName in strategy.GlobalVars)
{
str += $"lemma_DoesNotAppearInStoreBufferImpliesThreadLocalViewOf_GlobalStaticVar_{globalVarName}_AlwaysMatchesGlobalView();\n";
}
str += hpr.GetOpenStepInvocation(hNextRoutine);
str += "ProofCustomizationGoesHere(); }";
pgp.AddLemma(str, "lift");
}
public virtual string GetAssertValidPathInvocation(AtomicPath atomicPath)
{
string str = "";
foreach (var i in Enumerable.Range(0, atomicPath.NumNextRoutines))
{
var nextRoutine = atomicPath.NextRoutines[i];
var stepPrinter = new ModuleStepPrinter(ModuleName);
stepPrinter.State = atomicSpec.Low ? $"{States}.s{i}.s" : $"{States}.s{i}";
stepPrinter.NextState = atomicSpec.Low ? $"{States}.s{i + 1}.s" : $"{States}.s{i + 1}";
stepPrinter.Step = $"{Steps}.step{i}";
stepPrinter.Tid = Tid;
str += stepPrinter.GetAssertValidStepInvocation(nextRoutine);
}
str += $@"
assert {Prefix}_ValidPath_{atomicPath.Name}({State}, {Tid}, {Steps});
assert {Prefix}_ValidPath({State}, {Path}, {Tid});
assert {NextState} == {Prefix}_GetStateAfterPath({State}, {Path}, {Tid});
";
return(str);
}
public virtual string GetOpenValidPathInvocation(AtomicPath atomicPath)
{
string str = $@"
var {Steps}, {States} := lemma_{Prefix}_OpenPath_{atomicPath.Name}({State}, {Path}, {Tid});
";
/*
* assert {Path} == {Prefix}_Path_{atomicPath.Name}({Steps});
* assert {Prefix}_ValidPath_{atomicPath.Name}({State}, {Tid}, {Steps});
* assert {States} == {Prefix}_GetPathStates_{atomicPath.Name}({State}, {Tid}, {Steps});
* assert {Prefix}_GetStateAfterPath({State}, {Path}, {Tid}) == {States}.s{atomicPath.NumNextRoutines};
*/
foreach (var i in Enumerable.Range(0, atomicPath.NumNextRoutines))
{
var nextRoutine = atomicPath.NextRoutines[i];
var stepPrinter = new ModuleStepPrinter(ModuleName);
stepPrinter.State = atomicSpec.Low ? $"{States}.s{i}.s" : $"{States}.s{i}";
stepPrinter.Step = $"{Steps}.step{i}";
stepPrinter.Tid = Tid;
str += stepPrinter.GetOpenValidStepInvocation(nextRoutine);
}
return(str);
}