VCExpr LetVC(Block block, Dictionary <int, Absy> label2absy, Hashtable /*<Block, VCExprVar!>*/ blockVariables, List <VCExprLetBinding> bindings, ProverContext proverCtxt, out int assertionCount) { Contract.Requires(label2absy != null); Contract.Requires(blockVariables != null); Contract.Requires(proverCtxt != null); Contract.Requires(cce.NonNullElements(bindings)); Contract.Ensures(Contract.Result <VCExpr>() != null); assertionCount = 0; VCExpressionGenerator gen = proverCtxt.ExprGen; Contract.Assert(gen != null); VCExprVar v = (VCExprVar)blockVariables[block]; if (v == null) { /* * For block A (= block), generate: * LET_binding A_correct = wp(A_body, (/\ S \in Successors(A) :: S_correct)) * with the side effect of adding the let bindings to "bindings" for any * successor not yet visited. */ VCExpr SuccCorrect; GotoCmd gotocmd = block.TransferCmd as GotoCmd; if (gotocmd == null) { if (CommandLineOptions.Clo.vcVariety == CommandLineOptions.VCVariety.Doomed) { SuccCorrect = VCExpressionGenerator.False; } else { SuccCorrect = VCExpressionGenerator.True; } } else { Contract.Assert(gotocmd.labelTargets != null); List <VCExpr> SuccCorrectVars = new List <VCExpr>(gotocmd.labelTargets.Count); foreach (Block successor in gotocmd.labelTargets) { Contract.Assert(successor != null); int ac; VCExpr s = LetVC(successor, label2absy, blockVariables, bindings, proverCtxt, out ac); assertionCount += ac; SuccCorrectVars.Add(s); } SuccCorrect = gen.NAry(VCExpressionGenerator.AndOp, SuccCorrectVars); } VCContext context = new VCContext(label2absy, proverCtxt); // m_Context = context; VCExpr vc = Wlp.Block(block, SuccCorrect, context); assertionCount += context.AssertionCount; v = gen.Variable(block.Label + "_correct", Microsoft.Boogie.Type.Bool); bindings.Add(gen.LetBinding(v, vc)); blockVariables.Add(block, v); } return(v); }
/// <summary> /// As a side effect, updates "this.parent.CumulativeAssertionCount". /// </summary> public void BeginCheck(Checker checker, VerifierCallback callback, ModelViewInfo mvInfo, int no, int timeout, int rlimit) { Contract.Requires(checker != null); Contract.Requires(callback != null); splitNo = no; impl.Blocks = blocks; this.checker = checker; Dictionary <int, Absy> label2absy = new Dictionary <int, Absy>(); ProverContext ctx = checker.TheoremProver.Context; Boogie2VCExprTranslator bet = ctx.BoogieExprTranslator; var cc = new VCGen.CodeExprConversionClosure(label2absy, ctx); bet.SetCodeExprConverter(cc.CodeExprToVerificationCondition); var exprGen = ctx.ExprGen; VCExpr controlFlowVariableExpr = exprGen.Integer(BigNum.ZERO); #region proofgen TypePremiseEraserFactory typePremiseEraserFactory; switch (CommandLineOptions.Clo.TypeEncodingMethod) { case CommandLineOptions.TypeEncoding.Predicates: typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, true); break; case CommandLineOptions.TypeEncoding.Monomorphic: typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, false); break; default: throw new NotImplementedException(); } ProofGenerationLayer.SetTypeEraserFactory(typePremiseEraserFactory); #endregion /* PROOF GEN: we pass "null" as the control flow variable expression, such that labels are not produced as they are * not relevant for proof generation of programs that verify */ VCExpr vc = parent.GenerateVCAux(impl, null, label2absy, checker.TheoremProver.Context); Contract.Assert(vc != null); #region proofgen if (!(ctx is DeclFreeProverContext)) { throw new NotImplementedException("Proof Generation only supports DeclFreeProverContext as context."); } var declFreeProverContext = ctx as DeclFreeProverContext; var premiseEraserProvider = typePremiseEraserFactory?.NewEraser(); VCExpr eraseVC(VCExpr vc, int polarity) { return(!premiseEraserProvider.ProgramIsPolymorphic ? vc : premiseEraserProvider.EraseAndSortLet(vc, polarity)); } VCExpr erasedVC = eraseVC(vc, 1); VCExpr erasedAxioms = eraseVC(declFreeProverContext.Axioms, -1); VCExpr typeAxioms = null; List <VCAxiomInfo> vcAxiomsInfo = null; if (premiseEraserProvider.ProgramIsPolymorphic) { typeAxioms = premiseEraserProvider.AxiomBuilder.GetNewAxiomsAndInfo(out vcAxiomsInfo); } ProofGenerationLayer.VCGenerateAllProofs( erasedVC, erasedAxioms, typeAxioms, vcAxiomsInfo, checker.TheoremProver.VCExprGen, checker.TheoremProver.Context.BoogieExprTranslator, premiseEraserProvider?.AxiomBuilder); #endregion /* PROOF GEN: comment out label specific parts * VCExpr controlFlowFunctionAppl = * exprGen.ControlFlowFunctionApplication(exprGen.Integer(BigNum.ZERO), exprGen.Integer(BigNum.ZERO)); * VCExpr eqExpr = exprGen.Eq(controlFlowFunctionAppl, exprGen.Integer(BigNum.FromInt(impl.Blocks[0].UniqueId))); * vc = exprGen.Implies(eqExpr, vc); */ reporter = new VCGen.ErrorReporter(gotoCmdOrigins, label2absy, impl.Blocks, parent.debugInfos, callback, mvInfo, this.Checker.TheoremProver.Context, parent.program); if (CommandLineOptions.Clo.TraceVerify && no >= 0) { Console.WriteLine("-- after split #{0}", no); Print(); } string desc = cce.NonNull(impl.Name); if (no >= 0) { desc += "_split" + no; } checker.BeginCheck(desc, vc, reporter, timeout, rlimit, impl.RandomSeed); }