public VCVarFunTranslator(IEnumerable <Variable> vars,
IDictionary <Function, Function> origToErasedFun,
Boogie2VCExprTranslator translator,
TypeAxiomBuilderPremisses axiomBuilder)
{
this.origToErasedFun = origToErasedFun;
erasedToOrigFun = origToErasedFun.InverseDict();
boogieToVc = new Dictionary <Variable, VCExprVar>();
vcToBoogie = new Dictionary <VCExprVar, Variable>();
foreach (var v in vars)
{
var result = translator.TryLookupVariable(v);
if (result != null)
{
if (axiomBuilder != null)
{
result = axiomBuilder.TryTyped2Untyped(result);
if (result == null)
{
continue;
}
}
vcToBoogie.Add(result, v);
boogieToVc.Add(v, result);
}
}
}
protected DeclFreeProverContext(DeclFreeProverContext ctxt)
{
Contract.Requires(ctxt != null);
this.gen = ctxt.gen;
this.genOptions = ctxt.genOptions;
Boogie2VCExprTranslator t = (Boogie2VCExprTranslator)ctxt.translator.Clone();
Contract.Assert(t != null);
this.translator = t;
this.orderingAxiomBuilder = new OrderingAxiomBuilder(ctxt.gen, t, ctxt.orderingAxiomBuilder);
StringBuilder cmds = new StringBuilder();
distincts = new List <Variable>(ctxt.distincts);
axiomConjuncts = new List <VCExpr>(ctxt.axiomConjuncts);
if (ctxt.exprTranslator == null)
{
exprTranslator = null;
}
else
{
exprTranslator = (VCExprTranslator)cce.NonNull(ctxt.exprTranslator.Clone());
}
}
private void SetupOrderingAxiomBuilder(VCExpressionGenerator gen, Boogie2VCExprTranslator t)
{
OrderingAxiomBuilder oab = new OrderingAxiomBuilder(gen, t);
Contract.Assert(oab != null);
oab.Setup();
this.orderingAxiomBuilder = oab;
}
/// <summary>
/// Initializes a new instance of the <see cref="TypePremiseEraserFactory" /> class.
/// This factory can be used to produce <see cref="TypePremiseEraserProvider" /> objects.
/// </summary>
/// <param name="vcExprGen"></param>
/// <param name="vcTranslator"></param>
/// <param name="programIsPolymorphic">Set to true iff the input program is polymorphic</param>
public TypePremiseEraserFactory(
VCExpressionGenerator vcExprGen,
Boogie2VCExprTranslator vcTranslator,
bool programIsPolymorphic)
{
_vcExprGen = vcExprGen;
_vcTranslator = vcTranslator;
ProgramIsPolymorphic = programIsPolymorphic;
}
public static void InitializeVCGen(Program prog)
{
//create VC.vcgen/VC.proverInterface
VC.vcgen = new VCGen(prog, CommandLineOptions.Clo.SimplifyLogFilePath,
CommandLineOptions.Clo.SimplifyLogFileAppend, new List <Checker>());
VC.proverInterface = ProverInterface.CreateProver(prog, CommandLineOptions.Clo.SimplifyLogFilePath, CommandLineOptions.Clo.SimplifyLogFileAppend, CommandLineOptions.Clo.ProverKillTime);
VC.translator = VC.proverInterface.Context.BoogieExprTranslator;
VC.exprGen = VC.proverInterface.Context.ExprGen;
VC.collector = new ConditionGeneration.CounterexampleCollector();
}
public OrderingAxiomBuilder(VCExpressionGenerator gen,
Boogie2VCExprTranslator translator) {
Contract.Requires(gen != null);
Contract.Requires(translator != null);
this.Gen = gen;
this.Translator = translator;
OneStepFuns = new Dictionary<Type, Function>();
Constants = new List<Constant>();
CompleteConstantsOpen = new List<Constant>();
AllAxioms = new List<VCExpr>();
IncAxioms = new List<VCExpr>();
}
public OrderingAxiomBuilder(VCExpressionGenerator gen,
Boogie2VCExprTranslator translator)
{
Contract.Requires(gen != null);
Contract.Requires(translator != null);
this.Gen = gen;
this.Translator = translator;
OneStepFuns = new Dictionary <Type, Function>();
Constants = new List <Constant>();
CompleteConstantsOpen = new List <Constant>();
AllAxioms = new List <VCExpr>();
IncAxioms = new List <VCExpr>();
}
private VCExpr BuildAxiom(ProverInterface proverInterface, Dictionary <Variable, bool> currentAssignment)
{
ProverContext proverContext = proverInterface.Context;
Boogie2VCExprTranslator exprTranslator = proverContext.BoogieExprTranslator;
VCExpressionGenerator exprGen = proverInterface.VCExprGen;
VCExpr expr = VCExpressionGenerator.True;
foreach (KeyValuePair <Variable, bool> kv in currentAssignment)
{
Variable constant = kv.Key;
VCExprVar exprVar = exprTranslator.LookupVariable(constant);
if (kv.Value)
{
expr = exprGen.And(expr, exprVar);
}
else
{
expr = exprGen.And(expr, exprGen.Not(exprVar));
}
}
if (CommandLineOptions.Clo.ExplainHoudini)
{
// default values for ExplainHoudini control variables
foreach (var constant in explainConstantsNegative.Concat(explainConstantsPositive))
{
expr = exprGen.And(expr, exprTranslator.LookupVariable(constant));
}
}
/*
* foreach (Variable constant in this.houdiniConstants) {
* VCExprVar exprVar = exprTranslator.LookupVariable(constant);
* if (currentAssignment[constant]) {
* expr = exprGen.And(expr, exprVar);
* }
* else {
* expr = exprGen.And(expr, exprGen.Not(exprVar));
* }
* }
*/
if (CommandLineOptions.Clo.Trace)
{
Console.WriteLine("Houdini assignment axiom: " + expr);
}
return(expr);
}
/// <summary>
/// As a side effect, updates "this.parent.CumulativeAssertionCount".
/// </summary>
public void BeginCheck(Checker checker, VerifierCallback callback, ModelViewInfo mvInfo, int no, int timeout, int rlimit)
{
Contract.Requires(checker != null);
Contract.Requires(callback != null);
splitNum = no;
impl.Blocks = blocks;
this.checker = checker;
Dictionary <int, Absy> label2absy = new Dictionary <int, Absy>();
ProverContext ctx = checker.TheoremProver.Context;
Boogie2VCExprTranslator bet = ctx.BoogieExprTranslator;
var cc = new VCGen.CodeExprConversionClosure(label2absy, ctx);
bet.SetCodeExprConverter(cc.CodeExprToVerificationCondition);
var exprGen = ctx.ExprGen;
VCExpr controlFlowVariableExpr = exprGen.Integer(BigNum.ZERO);
VCExpr vc = parent.GenerateVCAux(impl, controlFlowVariableExpr, label2absy, checker.TheoremProver.Context);
Contract.Assert(vc != null);
vc = QuantifierInstantiationEngine.Instantiate(impl, exprGen, bet, vc);
VCExpr controlFlowFunctionAppl =
exprGen.ControlFlowFunctionApplication(exprGen.Integer(BigNum.ZERO), exprGen.Integer(BigNum.ZERO));
VCExpr eqExpr = exprGen.Eq(controlFlowFunctionAppl, exprGen.Integer(BigNum.FromInt(impl.Blocks[0].UniqueId)));
vc = exprGen.Implies(eqExpr, vc);
reporter = new VCGen.ErrorReporter(gotoCmdOrigins, label2absy, impl.Blocks, parent.debugInfos, callback,
mvInfo, this.Checker.TheoremProver.Context, parent.program);
if (CommandLineOptions.Clo.TraceVerify && no >= 0)
{
Console.WriteLine("-- after split #{0}", no);
Print();
}
string desc = cce.NonNull(impl.Name);
if (no >= 0)
{
desc += "_split" + no;
}
checker.BeginCheck(desc, vc, reporter, timeout, rlimit, impl.RandomSeed);
}
private QuantifierInstantiationEngine(VCExpressionGenerator vcExprGen, Boogie2VCExprTranslator exprTranslator)
{
this.quantifierBinding = new Dictionary <VCExprVar, VCExprQuantifier>();
this.lambdaDefinition = new Dictionary <Function, VCExprQuantifier>();
this.quantifierInstantiationInfo = new Dictionary <VCExprQuantifier, QuantifierInstantiationInfo>();
this.skolemConstants = new HashSet <VCExprVar>();
this.labelToInstances = new Dictionary <string, HashSet <VCExpr> >();
this.accLabelToInstances = new Dictionary <string, HashSet <VCExpr> >();
this.lambdaToInstances = new Dictionary <Function, HashSet <List <VCExpr> > >();
this.accLambdaToInstances = new Dictionary <Function, HashSet <List <VCExpr> > >();
this.quantifierBindingNamePrefix = "quantifierBinding";
this.skolemConstantNamePrefix = "skolemConstant";
this.vcExprGen = vcExprGen;
this.exprTranslator = exprTranslator;
}
public DeclFreeProverContext(VCExpressionGenerator gen,
VCGenerationOptions genOptions)
{
Contract.Requires(gen != null);
Contract.Requires(genOptions != null);
this.gen = gen;
this.genOptions = genOptions;
Boogie2VCExprTranslator t = new Boogie2VCExprTranslator (gen, genOptions);
this.translator = t;
SetupOrderingAxiomBuilder(gen, t);
distincts = new List<Variable>();
axiomConjuncts = new List<VCExpr>();
exprTranslator = null;
}
public void UpdateUnsatCore(ProverInterface proverInterface, Dictionary <Variable, bool> assignment)
{
DateTime now = DateTime.UtcNow;
Boogie2VCExprTranslator exprTranslator = proverInterface.Context.BoogieExprTranslator;
proverInterface.Push();
proverInterface.Assert(conjecture, false);
foreach (var v in assignment.Keys)
{
if (assignment[v])
{
continue;
}
proverInterface.Assert(exprTranslator.LookupVariable(v), false);
}
List <Variable> assumptionVars = new List <Variable>();
List <VCExpr> assumptionExprs = new List <VCExpr>();
foreach (var v in assignment.Keys)
{
if (!assignment[v])
{
continue;
}
assumptionVars.Add(v);
assumptionExprs.Add(exprTranslator.LookupVariable(v));
}
List <int> unsatCore;
ProverInterface.Outcome tmp = proverInterface.CheckAssumptions(assumptionExprs, out unsatCore, handler);
System.Diagnostics.Debug.Assert(tmp == ProverInterface.Outcome.Valid);
unsatCoreSet = new HashSet <Variable>();
foreach (int i in unsatCore)
{
unsatCoreSet.Add(assumptionVars[i]);
}
proverInterface.Pop();
double unsatCoreQueryTime = (DateTime.UtcNow - now).TotalSeconds;
stats.unsatCoreProverTime += unsatCoreQueryTime;
stats.numUnsatCoreProverQueries++;
}
public DeclFreeProverContext(VCExpressionGenerator gen,
VCGenerationOptions genOptions)
{
Contract.Requires(gen != null);
Contract.Requires(genOptions != null);
this.gen = gen;
this.genOptions = genOptions;
Boogie2VCExprTranslator t = new Boogie2VCExprTranslator(gen, genOptions);
this.translator = t;
SetupOrderingAxiomBuilder(gen, t);
distincts = new List <Variable>();
axiomConjuncts = new List <VCExpr>();
exprTranslator = null;
}
protected DeclFreeProverContext(DeclFreeProverContext ctxt)
{
Contract.Requires(ctxt != null);
this.gen = ctxt.gen;
this.genOptions = ctxt.genOptions;
Boogie2VCExprTranslator t = (Boogie2VCExprTranslator)ctxt.translator.Clone();
Contract.Assert(t != null);
this.translator = t;
this.orderingAxiomBuilder = new OrderingAxiomBuilder(ctxt.gen, t, ctxt.orderingAxiomBuilder);
StringBuilder cmds = new StringBuilder ();
distincts = new List<Variable>(ctxt.distincts);
axiomConjuncts = new List<VCExpr>(ctxt.axiomConjuncts);
if (ctxt.exprTranslator == null)
exprTranslator = null;
else
exprTranslator = (VCExprTranslator)cce.NonNull(ctxt.exprTranslator.Clone());
}
public TypePremiseEraserProvider(
VCExpressionGenerator vcExprGen,
Boogie2VCExprTranslator vcTranslator,
bool programIsPolymorphic,
bool extractTypeArgs = true)
{
_vcExprGen = vcExprGen;
ProgramIsPolymorphic = programIsPolymorphic;
if (programIsPolymorphic)
{
AxiomBuilder = new TypeAxiomBuilderPremisses(vcExprGen);
AxiomBuilder.Setup();
}
else
{
AxiomBuilder = null;
}
Eraser = new TypeEraserPremisses(AxiomBuilder, vcExprGen, extractTypeArgs);
_vcTranslator = vcTranslator;
}
private void SetupOrderingAxiomBuilder(VCExpressionGenerator gen, Boogie2VCExprTranslator t)
{
OrderingAxiomBuilder oab = new OrderingAxiomBuilder(gen, t);
Contract.Assert(oab != null);
oab.Setup();
this.orderingAxiomBuilder = oab;
}
public static VCExpr Instantiate(Implementation impl, VCExpressionGenerator vcExprGen, Boogie2VCExprTranslator exprTranslator, VCExpr vcExpr)
{
if (!InstantiationSourceChecker.HasInstantiationSources(impl))
{
return(vcExpr);
}
var qiEngine = new QuantifierInstantiationEngine(vcExprGen, exprTranslator);
return(qiEngine.Execute(impl, vcExpr));
}
public static LocaleDecl ConvertVC(
string localeName,
VCExpr vc,
IEnumerable <VCExpr> vcAxioms,
IActiveDeclGenerator activeDeclGenerator,
Boogie2VCExprTranslator translator,
TypeAxiomBuilderPremisses axiomBuilder,
BoogieMethodData methodData,
CFGRepr cfg,
out VCInstantiation <Block> vcinst,
out VCInstantiation <VCExpr> vcinstAxiom,
out IVCVarFunTranslator vcTranslator,
out IEnumerable <Function> vcTypeFunctions)
{
var vcLet = vc as VCExprLet;
Contract.Assert(vcLet != null);
var uniqueNamer = new IsaUniqueNamer();
var blockToVC = VCBlockExtractor.BlockToVCMapping(vcLet, cfg);
var declCollector = new VCFunDeclCollector();
var funToVCfun =
declCollector.CollectFunDeclarations(new List <VCExpr> {
vc
}.Concat(vcAxioms), methodData.Functions);
IVCVarFunTranslator varTranslator =
new VCVarFunTranslator(methodData.AllVariables(), funToVCfun, translator, axiomBuilder);
var activeDeclsPerBlock =
activeDeclGenerator.GetActiveDeclsPerBlock(blockToVC, varTranslator, cfg, out var blockToNewVars);
#region temporary: extend vc instantiation to support vc functions
IList <Function> otherFunctions = new List <Function>();
ISet <Function> otherFunctionsSet = new HashSet <Function>();
foreach (var decl in activeDeclsPerBlock[cfg.entry])
{
if (decl is Function fun && !varTranslator.TranslateBoogieFunction(fun, out _))
{
otherFunctions.Add(fun);
otherFunctionsSet.Add(fun);
}
}
//also record functions that are used elswhere (type axiom related functions)
var collector = new VCExprDeclCollector();
var vcExprs = vcAxioms.ToList();
foreach (var ax in vcExprs)
{
var decls = collector.CollectNamedDeclarations(ax, varTranslator);
foreach (var d in decls)
{
if (d is Function fun && !varTranslator.TranslateBoogieFunction(fun, out _) &&
!otherFunctions.Contains(d))
{
otherFunctions.Add(fun);
}
}
}
#endregion
IDictionary <Block, IList <NamedDeclaration> > activeDeclsPerBlockSorted =
SortActiveDecls(activeDeclsPerBlock, methodData.Functions.Union(otherFunctions), varTranslator,
out var activeVarsPerBlock);
var blockToNewVCVars = ConvertVariableToVCExpr(blockToNewVars, varTranslator);
var blockToIsaTranslator = new VCBlockToIsaTranslator(uniqueNamer);
var blockToVCExpr =
blockToIsaTranslator.IsaDefsFromVC(blockToVC, activeVarsPerBlock, cfg, blockToNewVCVars);
//add vc definitions of blocks in correct order
IList <OuterDecl> vcOuterDecls = new List <OuterDecl>();
foreach (var block in cfg.GetBlocksBackwards())
{
vcOuterDecls.Add(blockToVCExpr[block]);
}
vcinst = new VCInstantiation <Block>(blockToVCExpr, activeDeclsPerBlockSorted, localeName);
/*
*
* //reason for using second reference: cannot use out parameters in lambda expressions
* var vcinstInternal = vcinst;
*
* LemmaDecl vcCorrectLemma = new LemmaDecl("vc_correct",
* new TermApp(vcinstInternal.GetVCObjRef(cfg.entry, false),
* activeVarsPerBlock[cfg.entry].Select(v => (Term) IsaCommonTerms.TermIdentFromName(uniqueNamer.GetName(v, v.Name))).ToList()),
* new Proof(
* new List<string>() {
* "apply (simp only: " +
* cfg.GetBlocksForwards().Select(b => vcinstInternal.GetVCObjNameRef(b, false) + "_def").Concat(" ")
+ ")",
+ "oops"
+ }
+ ));
+
+ vcOuterDecls.Add(vcCorrectLemma);
*/
//axioms
var activeDeclsPerAxiom = VCInstAxioms(vcExprs, varTranslator);
IDictionary <VCExpr, IList <NamedDeclaration> > activeDeclsPerAxiomSorted =
SortActiveDecls(activeDeclsPerAxiom, methodData.Functions.Union(otherFunctions), varTranslator,
out var activeVarsPerAxiom);
var axiomToDef = new Dictionary <VCExpr, DefDecl>();
var vcExprIsaTranslator = new VCExprToIsaTranslator(uniqueNamer);
if (activeDeclsPerAxiomSorted.Count != vcExprs.Count())
{
throw new ProofGenUnexpectedStateException(typeof(VCToIsaInterface), "count not in-sync");
}
var axId = 0;
foreach (var vcAx in activeDeclsPerAxiomSorted.Keys)
{
IList <Term> args = activeVarsPerAxiom[vcAx].Select(v => vcExprIsaTranslator.Translate(v)).ToList();
var rhs = vcExprIsaTranslator.Translate(vcAx);
var def = new DefDecl("vcax_" + axId, new Tuple <IList <Term>, Term>(args, rhs));
axiomToDef.Add(vcAx, def);
axId++;
}
vcinstAxiom = new VCInstantiation <VCExpr>(axiomToDef, activeDeclsPerAxiomSorted, localeName);
vcOuterDecls.AddRange(axiomToDef.Values);
var vcFunctions = methodData.Functions.Where(f => varTranslator.TranslateBoogieFunction(f, out var result))
.Select(f =>
{
if (varTranslator.TranslateBoogieFunction(f, out var result))
{
return(result);
}
throw new InvalidOperationException();
}).Union(otherFunctions);
vcTranslator = varTranslator;
vcTypeFunctions = otherFunctions;
return(new LocaleDecl(localeName, ContextElem.CreateWithFixedVars(GetVarsInVC(vcFunctions, uniqueNamer)),
vcOuterDecls));
}
/// <summary>
/// Generate all proofs for the current procedure.
/// </summary>
/// <param name="vc">WP of the procedure body</param>
/// <param name="vcAxioms">VC assumptions for the Boogie axioms</param>
/// <param name="typeAxioms">VC assumptions for the Boogie type encoding</param>
/// <param name="typeAxiomInfo">Hints about the type encoding</param>
/// <param name="gen"></param>
/// <param name="translator"></param>
/// <param name="axiomBuilder"></param>
/// <exception cref="ArgumentException">
/// axiom builder must be null iff types are not erased (since no polymorphism in vc), otherwise exception is
/// thrown
/// </exception>
public static void VCGenerateAllProofs(
VCExpr vc,
VCExpr vcAxioms,
VCExpr typeAxioms,
List <VCAxiomInfo> typeAxiomInfo,
VCExpressionGenerator gen,
Boogie2VCExprTranslator translator,
TypeAxiomBuilderPremisses axiomBuilder)
{
var uniqueNamer = new IsaUniqueNamer();
var theories = new List <Theory>();
if (axiomBuilder == null && typeAxioms != null)
{
throw new ArgumentException("type axioms can only be null if axiom builder is null");
}
/* Since in the proofs calls are desugared, there can be more variables in "beforePassiveData". If only
* the progam should be generaed, then these variables should be ignored. */
var mainData = CommandLineOptions.Clo.GenerateIsaProgNoProofs ? beforeDagData : beforePassiveData;
var fixedVarTranslation2 = new DeBruijnFixedVarTranslation(mainData);
var fixedTyVarTranslation2 = new DeBruijnFixedTVarTranslation(mainData);
var varTranslationFactory2 =
new DeBruijnVarFactory(fixedVarTranslation2, fixedTyVarTranslation2, boogieGlobalData);
#region before cfg to dag program
var beforeCfgToDagTheoryName = uniqueNamer.GetName(afterPassificationImpl.Name + "_before_cfg_to_dag_prog");
//Hack: specs config used to distinguish between all (free + checks) (--> expression tuples) or just checked (no tuples)
var specsConfig = CommandLineOptions.Clo.GenerateIsaProgNoProofs ? SpecsConfig.All : SpecsConfig.AllPreCheckedPost;
var beforeCfgToDagConfig = new IsaProgramGeneratorConfig(globalDataProgAccess, false, false, false, true, specsConfig, true);
var beforeCfgToDagProgAccess = new IsaProgramGenerator().GetIsaProgram(
beforeCfgToDagTheoryName,
afterPassificationImpl.Name,
mainData, beforeCfgToDagConfig, varTranslationFactory2,
beforeDagCfg,
out var programDeclsBeforeCfgToDag,
!CommandLineOptions.Clo.GenerateIsaProgNoProofs);
procNameToTopLevelPrograms.Add(afterPassificationImpl.Proc.Name, beforeCfgToDagProgAccess);
var beforeCfgToDagProgTheory = new Theory(beforeCfgToDagTheoryName,
new List <string> {
"Boogie_Lang.Semantics", "Boogie_Lang.TypeSafety", "Boogie_Lang.Util", "\"../" + globalDataProgAccess.TheoryName() + "\""
},
programDeclsBeforeCfgToDag);
theories.Add(beforeCfgToDagProgTheory);
#endregion
if (CommandLineOptions.Clo.GenerateIsaProgNoProofs)
{
StoreResult("program_" + afterPassificationImpl.Proc.Name, theories);
return;
}
#region before passive program
var beforePassiveProgTheoryName = uniqueNamer.GetName(afterPassificationImpl.Name + "_before_passive_prog");
var beforePassiveConfig =
new IsaProgramGeneratorConfig(beforeCfgToDagProgAccess, false, false, false, false, SpecsConfig.None, false);
var beforePassiveProgAccess = new IsaProgramGenerator().GetIsaProgram(beforePassiveProgTheoryName,
afterPassificationImpl.Name,
mainData, beforePassiveConfig, varTranslationFactory2,
beforePassificationCfg,
out var programDeclsBeforePassive,
!CommandLineOptions.Clo.GenerateIsaProgNoProofs);
#endregion
var vcAllAxioms = AxiomHandler.AxiomInfo(
axiomBuilder != null,
boogieGlobalData.Axioms,
vcAxioms,
typeAxioms,
typeAxiomInfo,
out var allAxiomsInfo);
var vcLocale = VCToIsaInterface.ConvertVC(
"vc",
vc,
vcAllAxioms,
new StandardActiveDecl(),
translator,
axiomBuilder,
finalProgData,
afterUnreachablePruningCfg,
out var vcinst,
out var vcinstAxiom,
out var vcTranslator,
out var vcFunctions);
//use global version map for translation
var fixedVarTranslation = new SimpleFixedVarTranslation(globalVersionMap);
var fixedTyVarTranslation = new DeBruijnFixedTVarTranslation(finalProgData);
varTranslationFactory =
new DeBruijnVarFactory(fixedVarTranslation, fixedTyVarTranslation, boogieGlobalData);
var finalProgTheoryName = uniqueNamer.GetName(afterPassificationImpl.Name + "_passive_prog");
var passiveProgConfig =
new IsaProgramGeneratorConfig(beforePassiveProgAccess, false, false, false, true, SpecsConfig.None, false);
var passiveProgAccess = new IsaProgramGenerator().GetIsaProgram(finalProgTheoryName,
afterPassificationImpl.Name,
finalProgData, passiveProgConfig, varTranslationFactory,
//we use the CFG before the peep-hole transformations, so that we can directly use the VC to program proof in the passification phase
afterPassificationCfg,
out var programDecls,
!CommandLineOptions.Clo.GenerateIsaProgNoProofs);
var finalProgTheory =
new Theory(finalProgTheoryName,
new List <string>
{
"Boogie_Lang.Semantics", "Boogie_Lang.Util", beforePassiveProgAccess.TheoryName()
},
programDecls);
theories.Add(finalProgTheory);
var vcBoogieInfo = new VcBoogieInfo(vcinst, vcinstAxiom, vcAllAxioms, allAxiomsInfo);
var vcProofData = new ProgramVcProofData(
vcFunctions,
vcBoogieInfo,
vcHintManager,
vcLocale,
vcTranslator
);
var phasesTheories = new PhasesTheories(afterPassificationImpl.Name);
var theoryPassive = VcPhaseManager.ProgramToVcProof(
phasesTheories.TheoryName(PhasesTheories.Phase.Vc),
_proofGenConfig.GenerateVcE2E,
afterUnreachablePruningCfg,
afterPassificationCfg,
afterPassificationToAfterUnreachableBlock,
afterPassificationToOrigBlock,
passiveProgAccess,
beforePassiveProgAccess,
finalProgData,
vcProofData,
varTranslationFactory,
typePremiseEraserFactory,
gen,
out var vcAssm,
out var endToEndLemma
);
theories.Add(theoryPassive);
#region before passive
var passificationProgTheory = new Theory(beforePassiveProgTheoryName,
new List <string> {
"Boogie_Lang.Semantics", "Boogie_Lang.Util", beforeCfgToDagTheoryName
},
programDeclsBeforePassive);
theories.Add(passificationProgTheory);
/*
* Console.WriteLine("Passive prog mapping: " + fixedVarTranslation.OutputMapping());
* Console.WriteLine("Before passive prog mapping: " + fixedVarTranslation2.OutputMapping());
*/
var passificationProofTheory = PassificationManager.PassificationProof(
phasesTheories.TheoryName(PhasesTheories.Phase.Passification),
theoryPassive.TheoryName,
_proofGenConfig.GeneratePassifE2E,
endToEndLemma,
vcAssm,
beforePassificationCfg,
beforePassiveToAfterPassiveBlock,
passiveRelationGen,
beforePassiveProgAccess,
passiveProgAccess,
mainData,
varTranslationFactory2,
varTranslationFactory
);
theories.Add(passificationProofTheory);
#endregion
#region cfg to dag
var uniqueExitBlock =
uniqueExitBlockOrig != null
? beforePassiveOrigBlock.First(kv => kv.Value == uniqueExitBlockOrig).Key
: null;
var cfgToDagProofTheory = CfgToDagManager.CfgToDagProof(
phasesTheories,
_proofGenConfig.GenerateCfgDagE2E,
vcAssm,
beforeDagCfg,
beforePassificationCfg,
uniqueExitBlock,
beforeDagData,
cfgToDagHintManager,
beforeDagAfterDagBlock,
beforeCfgToDagProgAccess,
beforePassiveProgAccess,
varTranslationFactory2);
theories.Add(cfgToDagProofTheory);
#endregion
StoreResult(afterPassificationImpl.Proc.Name, theories);
}
public static Dictionary <string, HashSet <VCExpr> > FindInstantiationSources(ICarriesAttributes o, string attrName, Boogie2VCExprTranslator exprTranslator)
{
var freshInstances = new Dictionary <string, HashSet <VCExpr> >();
var iter = o.Attributes;
while (iter != null)
{
if (iter.Key == attrName)
{
var label = iter.Params[0] as string;
var instance = iter.Params[1] as Expr;
if (label != null && instance != null)
{
if (!freshInstances.ContainsKey(label))
{
freshInstances[label] = new HashSet <VCExpr>();
}
freshInstances[label].Add(exprTranslator.Translate(instance));
}
}
iter = iter.Next;
}
return(freshInstances);
}
// MAXSAT
public void Explain(ProverInterface proverInterface,
Dictionary <Variable, bool> assignment, Variable refutedConstant)
{
Contract.Assert(CommandLineOptions.Clo.ExplainHoudini);
collector.examples.Clear();
// debugging
houdiniAssertConstants.Iter(v => System.Diagnostics.Debug.Assert(assignment.ContainsKey(v)));
houdiniAssumeConstants.Iter(v => System.Diagnostics.Debug.Assert(assignment.ContainsKey(v)));
Contract.Assert(assignment.ContainsKey(refutedConstant));
Contract.Assert(houdiniAssertConstants.Contains(refutedConstant));
var hardAssumptions = new List <VCExpr>();
var softAssumptions = new List <VCExpr>();
Boogie2VCExprTranslator exprTranslator = proverInterface.Context.BoogieExprTranslator;
VCExpressionGenerator exprGen = proverInterface.VCExprGen;
var controlExpr = VCExpressionGenerator.True;
foreach (var tup in assignment)
{
Variable constant = tup.Key;
VCExprVar exprVar = exprTranslator.LookupVariable(constant);
var val = tup.Value;
if (houdiniAssumeConstants.Contains(constant))
{
if (tup.Value)
{
hardAssumptions.Add(exprVar);
}
else
{
// Previously removed assumed candidates are the soft constraints
softAssumptions.Add(exprVar);
}
}
else if (houdiniAssertConstants.Contains(constant))
{
if (constant == refutedConstant)
{
hardAssumptions.Add(exprVar);
}
else
{
hardAssumptions.Add(exprGen.Not(exprVar));
}
}
else
{
if (tup.Value)
{
hardAssumptions.Add(exprVar);
}
else
{
hardAssumptions.Add(exprGen.Not(exprVar));
}
}
// For an asserted condition (c ==> \phi),
// ExplainHoudini's extra control constants (c_pos, c_neg) are used as follows:
// (true, true): "assert \phi"
// (false, _): "assert false"
// (true, false): "assert true"
if (constant != refutedConstant && constantToControl.ContainsKey(constant.Name))
{
var posControl = constantToControl[constant.Name].Item1;
var negControl = constantToControl[constant.Name].Item2;
// Handle self-recursion
if (houdiniAssertConstants.Contains(constant) && houdiniAssumeConstants.Contains(constant))
{
// disable this assert
controlExpr = exprGen.And(controlExpr, exprGen.And(exprTranslator.LookupVariable(posControl), exprGen.Not(exprTranslator.LookupVariable(negControl))));
}
else
{
// default values for control variables
controlExpr = exprGen.And(controlExpr, exprGen.And(exprTranslator.LookupVariable(posControl), exprTranslator.LookupVariable(negControl)));
}
}
}
hardAssumptions.Add(exprGen.Not(conjecture));
// default values for control variables
Contract.Assert(constantToControl.ContainsKey(refutedConstant.Name));
var pc = constantToControl[refutedConstant.Name].Item1;
var nc = constantToControl[refutedConstant.Name].Item2;
var controlExprNoop = exprGen.And(controlExpr,
exprGen.And(exprTranslator.LookupVariable(pc), exprTranslator.LookupVariable(nc)));
var controlExprFalse = exprGen.And(controlExpr,
exprGen.And(exprGen.Not(exprTranslator.LookupVariable(pc)), exprGen.Not(exprTranslator.LookupVariable(nc))));
if (CommandLineOptions.Clo.Trace)
{
Console.WriteLine("Verifying (MaxSat) " + descriptiveName);
}
DateTime now = DateTime.UtcNow;
var el = CommandLineOptions.Clo.ProverCCLimit;
CommandLineOptions.Clo.ProverCCLimit = 1;
var outcome = ProverInterface.Outcome.Undetermined;
do
{
List <int> unsatisfiedSoftAssumptions;
hardAssumptions.Add(controlExprNoop);
outcome = proverInterface.CheckAssumptions(hardAssumptions, softAssumptions, out unsatisfiedSoftAssumptions, handler);
hardAssumptions.RemoveAt(hardAssumptions.Count - 1);
if (outcome == ProverInterface.Outcome.TimeOut || outcome == ProverInterface.Outcome.OutOfMemory || outcome == ProverInterface.Outcome.OutOfResource || outcome == ProverInterface.Outcome.Undetermined)
{
break;
}
var reason = new HashSet <string>();
unsatisfiedSoftAssumptions.Iter(i => reason.Add(softAssumptions[i].ToString()));
if (CommandLineOptions.Clo.Trace)
{
Console.Write("Reason for removal of {0}: ", refutedConstant.Name);
reason.Iter(r => Console.Write("{0} ", r));
Console.WriteLine();
}
// Get rid of those constants from the "reason" that can even make
// "assert false" pass
hardAssumptions.Add(controlExprFalse);
var softAssumptions2 = new List <VCExpr>();
for (int i = 0; i < softAssumptions.Count; i++)
{
if (unsatisfiedSoftAssumptions.Contains(i))
{
softAssumptions2.Add(softAssumptions[i]);
continue;
}
hardAssumptions.Add(softAssumptions[i]);
}
var unsatisfiedSoftAssumptions2 = new List <int>();
outcome = proverInterface.CheckAssumptions(hardAssumptions, softAssumptions2, out unsatisfiedSoftAssumptions2, handler);
if (outcome == ProverInterface.Outcome.TimeOut || outcome == ProverInterface.Outcome.OutOfMemory || outcome == ProverInterface.Outcome.OutOfResource || outcome == ProverInterface.Outcome.Undetermined)
{
break;
}
unsatisfiedSoftAssumptions2.Iter(i => reason.Remove(softAssumptions2[i].ToString()));
var reason1 = new HashSet <string>(); //these are the reasons for inconsistency
unsatisfiedSoftAssumptions2.Iter(i => reason1.Add(softAssumptions2[i].ToString()));
if (CommandLineOptions.Clo.Trace)
{
Console.Write("Revised reason for removal of {0}: ", refutedConstant.Name);
reason.Iter(r => Console.Write("{0} ", r));
Console.WriteLine();
}
foreach (var r in reason)
{
Houdini.explainHoudiniDottyFile.WriteLine("{0} -> {1} [ label = \"{2}\" color=red ];", refutedConstant.Name, r, descriptiveName);
}
//also add the removed reasons using dotted edges (requires- x != 0, requires- x == 0 ==> assert x != 0)
foreach (var r in reason1)
{
Houdini.explainHoudiniDottyFile.WriteLine("{0} -> {1} [ label = \"{2}\" color=blue style=dotted ];", refutedConstant.Name, r, descriptiveName);
}
} while (false);
if (outcome == ProverInterface.Outcome.TimeOut || outcome == ProverInterface.Outcome.OutOfMemory || outcome == ProverInterface.Outcome.OutOfResource || outcome == ProverInterface.Outcome.Undetermined)
{
Houdini.explainHoudiniDottyFile.WriteLine("{0} -> {1} [ label = \"{2}\" color=red ];", refutedConstant.Name, "TimeOut", descriptiveName);
}
CommandLineOptions.Clo.ProverCCLimit = el;
double queryTime = (DateTime.UtcNow - now).TotalSeconds;
stats.proverTime += queryTime;
stats.numProverQueries++;
if (CommandLineOptions.Clo.Trace)
{
Console.WriteLine("Time taken = " + queryTime);
}
}
/// <summary>
/// As a side effect, updates "this.parent.CumulativeAssertionCount".
/// </summary>
public void BeginCheck(Checker checker, VerifierCallback callback, ModelViewInfo mvInfo, int no, int timeout, int rlimit)
{
Contract.Requires(checker != null);
Contract.Requires(callback != null);
splitNo = no;
impl.Blocks = blocks;
this.checker = checker;
Dictionary <int, Absy> label2absy = new Dictionary <int, Absy>();
ProverContext ctx = checker.TheoremProver.Context;
Boogie2VCExprTranslator bet = ctx.BoogieExprTranslator;
var cc = new VCGen.CodeExprConversionClosure(label2absy, ctx);
bet.SetCodeExprConverter(cc.CodeExprToVerificationCondition);
var exprGen = ctx.ExprGen;
VCExpr controlFlowVariableExpr = exprGen.Integer(BigNum.ZERO);
#region proofgen
TypePremiseEraserFactory typePremiseEraserFactory;
switch (CommandLineOptions.Clo.TypeEncodingMethod)
{
case CommandLineOptions.TypeEncoding.Predicates:
typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, true);
break;
case CommandLineOptions.TypeEncoding.Monomorphic:
typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, false);
break;
default:
throw new NotImplementedException();
}
ProofGenerationLayer.SetTypeEraserFactory(typePremiseEraserFactory);
#endregion
/* PROOF GEN: we pass "null" as the control flow variable expression, such that labels are not produced as they are
* not relevant for proof generation of programs that verify */
VCExpr vc = parent.GenerateVCAux(impl, null, label2absy, checker.TheoremProver.Context);
Contract.Assert(vc != null);
#region proofgen
if (!(ctx is DeclFreeProverContext))
{
throw new NotImplementedException("Proof Generation only supports DeclFreeProverContext as context.");
}
var declFreeProverContext = ctx as DeclFreeProverContext;
var premiseEraserProvider = typePremiseEraserFactory?.NewEraser();
VCExpr eraseVC(VCExpr vc, int polarity)
{
return(!premiseEraserProvider.ProgramIsPolymorphic ? vc : premiseEraserProvider.EraseAndSortLet(vc, polarity));
}
VCExpr erasedVC = eraseVC(vc, 1);
VCExpr erasedAxioms = eraseVC(declFreeProverContext.Axioms, -1);
VCExpr typeAxioms = null;
List <VCAxiomInfo> vcAxiomsInfo = null;
if (premiseEraserProvider.ProgramIsPolymorphic)
{
typeAxioms = premiseEraserProvider.AxiomBuilder.GetNewAxiomsAndInfo(out vcAxiomsInfo);
}
ProofGenerationLayer.VCGenerateAllProofs(
erasedVC,
erasedAxioms,
typeAxioms,
vcAxiomsInfo,
checker.TheoremProver.VCExprGen,
checker.TheoremProver.Context.BoogieExprTranslator,
premiseEraserProvider?.AxiomBuilder);
#endregion
/* PROOF GEN: comment out label specific parts
* VCExpr controlFlowFunctionAppl =
* exprGen.ControlFlowFunctionApplication(exprGen.Integer(BigNum.ZERO), exprGen.Integer(BigNum.ZERO));
* VCExpr eqExpr = exprGen.Eq(controlFlowFunctionAppl, exprGen.Integer(BigNum.FromInt(impl.Blocks[0].UniqueId)));
* vc = exprGen.Implies(eqExpr, vc);
*/
reporter = new VCGen.ErrorReporter(gotoCmdOrigins, label2absy, impl.Blocks, parent.debugInfos, callback,
mvInfo, this.Checker.TheoremProver.Context, parent.program);
if (CommandLineOptions.Clo.TraceVerify && no >= 0)
{
Console.WriteLine("-- after split #{0}", no);
Print();
}
string desc = cce.NonNull(impl.Name);
if (no >= 0)
{
desc += "_split" + no;
}
checker.BeginCheck(desc, vc, reporter, timeout, rlimit, impl.RandomSeed);
}
