public LemmaDecl GenerateEmptyBlockLemma(Block block, IEnumerable <Block> finalCfgSuccessors, string lemmaName)
{
//Term cmds = new TermList(cmdIsaVisitor.Translate(block.Cmds));
var blockDefName = isaBlockInfo.CmdsQualifiedName(block);
Term blockDefTerm = IsaCommonTerms.TermIdentFromName(blockDefName);
var cmdsReduce = IsaBoogieTerm.RedCmdList(boogieContext, blockDefTerm, initState, finalState);
var assumptions = new List <Term> {
cmdsReduce
};
if (finalCfgSuccessors.Any())
{
assumptions.Add(LemmaHelper.ConjunctionOfSuccessorBlocks(finalCfgSuccessors, declToVCMapping, vcinst));
}
var conclusion = ConclusionBlock(finalCfgSuccessors, normalInitState, finalState, declToVCMapping, vcinst);
var proof = new Proof(
new List <string>
{
"using assms",
"unfolding " + blockDefName + "_def",
"apply cases",
"by auto"
}
);
return(new LemmaDecl(lemmaName, ContextElem.CreateWithAssumptions(assumptions), conclusion, proof));
}
private static Term ConclusionBlock(
IEnumerable <Block> b_successors,
Term normalInitState,
Term finalState,
IDictionary <NamedDeclaration, Term> declToVCMapping,
VCInstantiation <Block> vcinst,
bool useMagicFinalState = false)
{
if (useMagicFinalState)
{
return(new TermBinary(finalState, IsaBoogieTerm.Magic(), TermBinary.BinaryOpCode.Eq));
}
Term nonFailureConclusion =
new TermBinary(finalState, IsaBoogieTerm.Failure(), TermBinary.BinaryOpCode.Neq);
var normalFinalState = IsaCommonTerms.TermIdentFromName("n_s'");
Term ifNormalConclusionLhs = new TermBinary(finalState, IsaBoogieTerm.Normal(normalFinalState),
TermBinary.BinaryOpCode.Eq);
Term ifNormalConclusionRhs1 = new TermBinary(normalFinalState, normalInitState, TermBinary.BinaryOpCode.Eq);
var ifNormalConclusionRhs =
!b_successors.Any()
? ifNormalConclusionRhs1
: new TermBinary(
ifNormalConclusionRhs1,
LemmaHelper.ConjunctionOfSuccessorBlocks(b_successors, declToVCMapping, vcinst),
TermBinary.BinaryOpCode.And);
Term ifNormalConclusion =
new TermQuantifier(
TermQuantifier.QuantifierKind.ALL,
new List <Identifier> {
normalFinalState.Id
},
new TermBinary(
ifNormalConclusionLhs,
ifNormalConclusionRhs,
TermBinary.BinaryOpCode.Implies)
);
return(new TermBinary(nonFailureConclusion, ifNormalConclusion, TermBinary.BinaryOpCode.And));
}
public LemmaDecl GenerateCfgLemma(
Block block,
Block finalCfgBlock,
bool isContainedInFinalCfg,
IEnumerable <Block> successors,
IEnumerable <Block> finalCfgSuccessors,
Term cfg,
Func <Block, string> cfgLemmaName,
LemmaDecl BlockLemma)
{
var red = IsaBoogieTerm.RedCFGMulti(
boogieContext,
cfg,
IsaBoogieTerm.CFGConfigNode(new NatConst(isaBlockInfo.BlockIds[block]),
IsaBoogieTerm.Normal(normalInitState)),
IsaBoogieTerm.CFGConfig(finalNode, finalState));
var assumption = new List <Term> {
red
};
var hasVcAssm = false;
if (isContainedInFinalCfg)
{
assumption.Add(vcinst.GetVCObjInstantiation(finalCfgBlock, declToVCMapping));
hasVcAssm = true;
}
else
{
//vc assumption is conjunction of reachable successors in final cfg
if (finalCfgSuccessors.Any())
{
assumption.Add(
LemmaHelper.ConjunctionOfSuccessorBlocks(finalCfgSuccessors, declToVCMapping, vcinst));
hasVcAssm = true;
}
}
Term conclusion = new TermBinary(finalState, IsaBoogieTerm.Failure(), TermBinary.BinaryOpCode.Neq);
var nodeLemma = isaBlockInfo.BlockCmdsMembershipLemma(block);
var outEdgesLemma = isaBlockInfo.OutEdgesMembershipLemma(block);
var proofMethods = new List <string>();
var eruleLocalBlock =
"erule " + (hasVcAssm ? ProofUtil.OF(BlockLemma.Name, "_", "assms(2)") : BlockLemma.Name);
if (isContainedInFinalCfg && LemmaHelper.FinalStateIsMagic(block))
{
proofMethods.Add("apply (rule converse_rtranclpE2[OF assms(1)], fastforce)");
proofMethods.Add(ProofUtil.Apply("rule " +
ProofUtil.OF("red_cfg_multi_backwards_step_magic", "assms(1)",
nodeLemma)));
proofMethods.Add(ProofUtil.By(eruleLocalBlock));
return(new LemmaDecl(cfgLemmaName(block), ContextElem.CreateWithAssumptions(assumption), conclusion,
new Proof(proofMethods)));
}
if (successors.Any())
{
proofMethods.Add("apply (rule converse_rtranclpE2[OF assms(1)], fastforce)");
var cfg_lemma = finalCfgSuccessors.Any()
? "red_cfg_multi_backwards_step"
: "red_cfg_multi_backwards_step_2";
proofMethods.Add(ProofUtil.Apply("rule " +
ProofUtil.OF(cfg_lemma, "assms(1)", nodeLemma)));
proofMethods.Add(ProofUtil.Apply(eruleLocalBlock));
proofMethods.Add("apply (" + ProofUtil.Simp(outEdgesLemma) + ")");
foreach (var bSuc in successors)
{
proofMethods.Add("apply (erule member_elim, simp)");
proofMethods.Add("apply (erule " + cfgLemmaName(bSuc) + ", simp?" + ")");
}
proofMethods.Add("by (simp add: member_rec(2))");
}
else
{
proofMethods.Add("apply (rule converse_rtranclpE2[OF assms(1)], fastforce)");
proofMethods.Add("apply (rule " + ProofUtil.OF("red_cfg_multi_backwards_step_no_succ", "assms(1)",
nodeLemma, outEdgesLemma) + ")");
if (isContainedInFinalCfg)
{
proofMethods.Add("using " + ProofUtil.OF(BlockLemma.Name, "_", "assms(2)") + " by blast");
}
else
{
proofMethods.Add("using " + BlockLemma.Name + " by blast");
}
}
return(new LemmaDecl(cfgLemmaName(block), ContextElem.CreateWithAssumptions(assumption), conclusion,
new Proof(proofMethods)));
}
