public DoomErrorHandler(Dictionary<int, Absy> label2Absy, VerifierCallback callback) { Contract.Requires(label2Absy != null); Contract.Requires(callback != null); this.label2Absy = label2Absy; this.callback = callback; }
public DoomErrorHandler(Dictionary <int, Absy> label2Absy, VerifierCallback callback) { Contract.Requires(label2Absy != null); Contract.Requires(callback != null); this.label2Absy = label2Absy; this.callback = callback; }
/// <summary> /// As a side effect, updates "this.parent.CumulativeAssertionCount". /// </summary> public void BeginCheck(Checker checker, VerifierCallback callback, ModelViewInfo mvInfo, int no, int timeout, int rlimit) { Contract.Requires(checker != null); Contract.Requires(callback != null); splitNum = no; impl.Blocks = blocks; this.checker = checker; Dictionary <int, Absy> label2absy = new Dictionary <int, Absy>(); ProverContext ctx = checker.TheoremProver.Context; Boogie2VCExprTranslator bet = ctx.BoogieExprTranslator; var cc = new VCGen.CodeExprConversionClosure(label2absy, ctx); bet.SetCodeExprConverter(cc.CodeExprToVerificationCondition); var exprGen = ctx.ExprGen; VCExpr controlFlowVariableExpr = exprGen.Integer(BigNum.ZERO); VCExpr vc = parent.GenerateVCAux(impl, controlFlowVariableExpr, label2absy, checker.TheoremProver.Context); Contract.Assert(vc != null); vc = QuantifierInstantiationEngine.Instantiate(impl, exprGen, bet, vc); VCExpr controlFlowFunctionAppl = exprGen.ControlFlowFunctionApplication(exprGen.Integer(BigNum.ZERO), exprGen.Integer(BigNum.ZERO)); VCExpr eqExpr = exprGen.Eq(controlFlowFunctionAppl, exprGen.Integer(BigNum.FromInt(impl.Blocks[0].UniqueId))); vc = exprGen.Implies(eqExpr, vc); reporter = new VCGen.ErrorReporter(gotoCmdOrigins, label2absy, impl.Blocks, parent.debugInfos, callback, mvInfo, this.Checker.TheoremProver.Context, parent.program); if (CommandLineOptions.Clo.TraceVerify && no >= 0) { Console.WriteLine("-- after split #{0}", no); Print(); } string desc = cce.NonNull(impl.Name); if (no >= 0) { desc += "_split" + no; } checker.BeginCheck(desc, vc, reporter, timeout, rlimit, impl.RandomSeed); }
bool ReCheckImpl(Variable reachvar, Implementation impl, VerifierCallback callback, out ProverInterface.Outcome outcome) { Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); Checker checker = FindCheckerFor(impl, 1000); Contract.Assert(checker != null); DoomCheck dc = new DoomCheck(impl, this.exitBlock, checker, m_UncheckableBlocks); dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); outcome = ProverInterface.Outcome.Undetermined; List <Variable> rv = new List <Variable>(); rv.Add(reachvar); if (!dc.CheckLabel(rv, null, out outcome)) { checker.Close(); return(false); } checker.Close(); return(true); }
public abstract VC.ConditionGeneration.Outcome VerifyImpl(TransHelper.TransEnv env, VC.VCGen vcgen, Implementation impl, Program prog, VerifierCallback reporter);
private void SearchCounterexample(Implementation impl, DoomErrorHandler errh, VerifierCallback callback) { Contract.Requires(impl != null); Contract.Requires(errh != null); Contract.Requires(callback != null); Contract.Requires(errh.m_Reachvar != null); //if (errh.m_Reachvar==null) { // Contract.Assert(false);throw new cce.UnreachableException(); //} m_doomedCmds.Clear(); Dictionary<Block, List<Cmd>> cmdbackup = new Dictionary<Block, List<Cmd>>(); BruteForceCESearch(errh.m_Reachvar, impl, callback, cmdbackup, 0, impl.Blocks.Count / 2 - 1); BruteForceCESearch(errh.m_Reachvar, impl, callback, cmdbackup, impl.Blocks.Count / 2, impl.Blocks.Count - 1); List<Cmd> causals = CollectCausalStatements(impl.Blocks[0]); foreach (Cmd c in causals) { Contract.Assert(c != null); GenerateErrorMessage(c, causals); } #region Undo all modifications foreach (KeyValuePair<Block, List<Cmd>> kvp in cmdbackup) { Contract.Assert(kvp.Key != null); Contract.Assert(kvp.Value != null); kvp.Key.Cmds = kvp.Value; } #endregion }
bool ReCheckImpl(Variable reachvar, Implementation impl, VerifierCallback callback, out ProverInterface.Outcome outcome) { Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); Checker checker = FindCheckerFor(impl, 1000); Contract.Assert(checker != null); DoomCheck dc = new DoomCheck(impl, this.exitBlock, checker, m_UncheckableBlocks); dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); outcome = ProverInterface.Outcome.Undetermined; List<Variable> rv = new List<Variable>(); rv.Add(reachvar); if (!dc.CheckLabel(rv,null, out outcome)) { checker.Close(); return false; } checker.Close(); return true; }
/// <summary> /// MSchaef: /// - remove loops and add reach variables /// - make it a passive program /// - compute the wlp for each block /// - check if |= (reach=false) => wlp.S.false holds for each reach /// /// </summary> public override Outcome VerifyImplementation(Implementation impl, VerifierCallback callback) { Contract.EnsuresOnThrow<UnexpectedProverOutputException>(true); Console.WriteLine(); Console.WriteLine("Checking function {0}", impl.Name); callback.OnProgress("doomdetector", 0, 0, 0); bool restartTP = CommandLineOptions.Clo.DoomRestartTP ; //Impl2Dot(impl, String.Format("c:/dot/{0}_orig.dot", impl.Name)); Transform4DoomedCheck(impl); //Impl2Dot(impl, String.Format("c:/dot/{0}_fin.dot", impl.Name)); Checker checker = FindCheckerFor(1000); Contract.Assert(checker != null); int assertionCount; DoomCheck dc = new DoomCheck(impl, this.exitBlock, checker, m_UncheckableBlocks, out assertionCount); CumulativeAssertionCount += assertionCount; //EmitImpl(impl, false); int _totalchecks = 0; ProverInterface.Outcome outcome; dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); System.TimeSpan ts = new TimeSpan(); if (_print_time) Console.WriteLine("Total number of blocks {0}", impl.Blocks.Count); List<Block> lb; List<Variable> lv = new List<Variable>(); while (dc.GetNextBlock(out lb)) { Contract.Assert(lb != null); outcome = ProverInterface.Outcome.Undetermined; Variable v = null; lv.Clear(); foreach (Block b_ in lb) { if (!m_BlockReachabilityMap.TryGetValue(b_, out v)) { // This should cause an error continue; } //Console.Write("{0}, ",b_.Label); lv.Add(v); } //Console.WriteLine(); Dictionary<Expr, int> finalreachvars = m_GetPostconditionVariables(impl.Blocks,lb); if (lv.Count < 1) { continue; } Contract.Assert(lv != null); _totalchecks++; if (!dc.CheckLabel(lv,finalreachvars, out outcome)) { return Outcome.Inconclusive; } ts += dc.DEBUG_ProverTime.Elapsed; if (restartTP) { checker.Close(); checker = FindCheckerFor(1000); dc.RespawnChecker(impl, checker); dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); } } checker.Close(); if (_print_time) { Console.WriteLine("Number of Checkes / #Blocks: {0} of {1}", _totalchecks, impl.Blocks.Count); dc.__DEBUG_PrintStatistics(); Console.WriteLine("Total time for this method: {0}", ts.ToString()); } #region Try to produce a counter example (brute force) if (dc.DoomedSequences.Count > 0) { int counter = 0; List<Block> _all = new List<Block>(); foreach (List<Block> lb_ in dc.DoomedSequences) { foreach (Block b_ in lb_) { if (!_all.Contains(b_) && !m_UncheckableBlocks.Contains(b_)) { _all.Add(b_); counter++; if (!_print_time) Console.WriteLine(b_.Label); } } } if (_all.Count > 0) { Console.WriteLine("#Dead Blocks found: {0}: ", counter); return Outcome.Errors; } } #endregion return Outcome.Correct; }
bool BruteForceCmd(Block b, int startidx, int endidx, Variable reachvar, Implementation impl, VerifierCallback callback) { Contract.Requires(b != null); Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); #region Modify Cmds List<Cmd> backup = b.Cmds; Contract.Assert(backup != null); List<Cmd> cs = new List<Cmd>(); for (int i = 0; i < startidx; i++) { cs.Add(b.Cmds[i]); } for (int i = startidx; i <= endidx; i++) { Cmd c = b.Cmds[i]; if (ContainsReachVariable(c)) { cs.Add(c); continue; } cs.Add(new AssertCmd(c.tok, Expr.True)); } for (int i = endidx + 1; i < b.Cmds.Length; i++) { cs.Add(b.Cmds[i]); } b.Cmds = cs; #endregion #region Recheck ProverInterface.Outcome outcome = ProverInterface.Outcome.Undetermined; if (!ReCheckImpl(reachvar, impl, callback, out outcome)) { b.Cmds = backup; return false; } #endregion if (outcome == ProverInterface.Outcome.Valid) { return true; } else if (outcome == ProverInterface.Outcome.Invalid) { b.Cmds = backup; if (startidx >= endidx) { if (!ContainsReachVariable(b.Cmds[endidx])) { // Console.Write(" Witness ("); // // ConsoleColor col = Console.ForegroundColor; // Console.ForegroundColor = ConsoleColor.White; // Console.Write("{0};{1}", b.Cmds[endidx].tok.line, b.Cmds[endidx].tok.col ); // Console.ForegroundColor = col; // Console.Write("): "); // Console.ForegroundColor = ConsoleColor.Yellow; // b.Cmds[endidx].Emit(new TokenTextWriter("<console>", Console.Out, false), 0); // Console.ForegroundColor = col; m_doomedCmds.Add(b.Cmds[endidx]); return true; } else { return false; } } else { int mid = startidx + (endidx - startidx) / 2; BruteForceCmd(b, startidx, mid, reachvar, impl, callback); BruteForceCmd(b, mid + 1, endidx, reachvar, impl, callback); return false; // This is pure random } } else { b.Cmds = backup; return false; } }
bool BruteForceCESearch(Variable reachvar, Implementation impl, VerifierCallback callback, Dictionary<Block, List<Cmd>> cmdbackup, int startidx, int endidx) { Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); Contract.Requires(cce.NonNullElements(cmdbackup)); #region Modify implementation for (int i = startidx; i <= endidx; i++) { if (_copiedBlock.Contains(impl.Blocks[i])) continue; List<Cmd> cs = new List<Cmd>(); cmdbackup.Add(impl.Blocks[i], impl.Blocks[i].Cmds); foreach (Cmd c in impl.Blocks[i].Cmds) { Contract.Assert(c != null); if (ContainsReachVariable(c)) { cs.Add(c); continue; } AssertCmd ac = c as AssertCmd; AssumeCmd uc = c as AssumeCmd; if (ac != null) { cs.Add(new AssertCmd(ac.tok, Expr.True)); } else if (uc != null) { cs.Add(new AssertCmd(uc.tok, Expr.True)); } else { cs.Add(c); } } impl.Blocks[i].Cmds = cs; } #endregion ProverInterface.Outcome outcome = ProverInterface.Outcome.Undetermined; if (!ReCheckImpl(reachvar, impl, callback, out outcome)) { UndoBlockModifications(impl, cmdbackup, startidx, endidx); return false; } if (outcome == ProverInterface.Outcome.Valid) { return true; } else if (outcome == ProverInterface.Outcome.Invalid) { UndoBlockModifications(impl, cmdbackup, startidx, endidx); int mid = startidx + (endidx - startidx) / 2; if (startidx >= endidx) { // Now we found an interesting Block and we have to // search for the interesting statements. int cmdcount = impl.Blocks[endidx].Cmds.Length; BruteForceCmd(impl.Blocks[endidx], 0, cmdcount / 2 - 1, reachvar, impl, callback); BruteForceCmd(impl.Blocks[endidx], cmdcount / 2, cmdcount - 1, reachvar, impl, callback); return true; } else { BruteForceCESearch(reachvar, impl, callback, cmdbackup, startidx, mid); BruteForceCESearch(reachvar, impl, callback, cmdbackup, mid + 1, endidx); return true; } } else { UndoBlockModifications(impl, cmdbackup, startidx, endidx); return false; } }
public override VC.VCGen.Outcome VerifyImplementation(Implementation impl, VerifierCallback collector) { var start = DateTime.Now; if (!generated) { Generate(); Console.WriteLine("generate: {0}s", (DateTime.Now - start).TotalSeconds); generated = true; } Procedure proc = impl.Proc; // we verify all the impls at once, so we need to execute only once // TODO: make sure needToCheck is true only once bool needToCheck = false; if (mode == Mode.OldCorral) needToCheck = proc.FindExprAttribute("inline") == null && !(proc is LoopProcedure); else if (mode == Mode.Corral) needToCheck = QKeyValue.FindBoolAttribute(impl.Attributes, "entrypoint") && !(proc is LoopProcedure); else needToCheck = impl.Name == main_proc_name; if (needToCheck) { Console.WriteLine("Verifying {0}...", impl.Name); RPFP.Node cexroot = null; // start = DateTime.Now; var checkres = Check(ref cexroot); Console.WriteLine("check: {0}s", (DateTime.Now - start).TotalSeconds); switch (checkres) { case RPFP.LBool.True: Console.WriteLine("Counterexample found.\n"); // start = DateTime.Now; Counterexample cex = CreateBoogieCounterExample(cexroot.owner, cexroot, impl); // cexroot.owner.DisposeDualModel(); // cex.Print(0); // just for testing collector.OnCounterexample(cex, "assertion failure"); Console.WriteLine("cex: {0}s", (DateTime.Now - start).TotalSeconds); return VC.ConditionGeneration.Outcome.Errors; case RPFP.LBool.False: Console.WriteLine("Procedure is correct."); return Outcome.Correct; case RPFP.LBool.Undef: Console.WriteLine("Inconclusive result."); return Outcome.ReachedBound; } } return Outcome.Inconclusive; }
public abstract VC.ConditionGeneration.Outcome VerifyImpl(TransHelper.TransEnv env, VC.VCGen vcgen, Implementation impl, Program prog, VerifierCallback reporter);
/// <summary> /// As a side effect, updates "this.parent.CumulativeAssertionCount". /// </summary> public void BeginCheck(Checker checker, VerifierCallback callback, ModelViewInfo mvInfo, int no, int timeout, int rlimit) { Contract.Requires(checker != null); Contract.Requires(callback != null); splitNo = no; impl.Blocks = blocks; this.checker = checker; Dictionary <int, Absy> label2absy = new Dictionary <int, Absy>(); ProverContext ctx = checker.TheoremProver.Context; Boogie2VCExprTranslator bet = ctx.BoogieExprTranslator; var cc = new VCGen.CodeExprConversionClosure(label2absy, ctx); bet.SetCodeExprConverter(cc.CodeExprToVerificationCondition); var exprGen = ctx.ExprGen; VCExpr controlFlowVariableExpr = exprGen.Integer(BigNum.ZERO); #region proofgen TypePremiseEraserFactory typePremiseEraserFactory; switch (CommandLineOptions.Clo.TypeEncodingMethod) { case CommandLineOptions.TypeEncoding.Predicates: typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, true); break; case CommandLineOptions.TypeEncoding.Monomorphic: typePremiseEraserFactory = new TypePremiseEraserFactory(checker.VCExprGen, bet, false); break; default: throw new NotImplementedException(); } ProofGenerationLayer.SetTypeEraserFactory(typePremiseEraserFactory); #endregion /* PROOF GEN: we pass "null" as the control flow variable expression, such that labels are not produced as they are * not relevant for proof generation of programs that verify */ VCExpr vc = parent.GenerateVCAux(impl, null, label2absy, checker.TheoremProver.Context); Contract.Assert(vc != null); #region proofgen if (!(ctx is DeclFreeProverContext)) { throw new NotImplementedException("Proof Generation only supports DeclFreeProverContext as context."); } var declFreeProverContext = ctx as DeclFreeProverContext; var premiseEraserProvider = typePremiseEraserFactory?.NewEraser(); VCExpr eraseVC(VCExpr vc, int polarity) { return(!premiseEraserProvider.ProgramIsPolymorphic ? vc : premiseEraserProvider.EraseAndSortLet(vc, polarity)); } VCExpr erasedVC = eraseVC(vc, 1); VCExpr erasedAxioms = eraseVC(declFreeProverContext.Axioms, -1); VCExpr typeAxioms = null; List <VCAxiomInfo> vcAxiomsInfo = null; if (premiseEraserProvider.ProgramIsPolymorphic) { typeAxioms = premiseEraserProvider.AxiomBuilder.GetNewAxiomsAndInfo(out vcAxiomsInfo); } ProofGenerationLayer.VCGenerateAllProofs( erasedVC, erasedAxioms, typeAxioms, vcAxiomsInfo, checker.TheoremProver.VCExprGen, checker.TheoremProver.Context.BoogieExprTranslator, premiseEraserProvider?.AxiomBuilder); #endregion /* PROOF GEN: comment out label specific parts * VCExpr controlFlowFunctionAppl = * exprGen.ControlFlowFunctionApplication(exprGen.Integer(BigNum.ZERO), exprGen.Integer(BigNum.ZERO)); * VCExpr eqExpr = exprGen.Eq(controlFlowFunctionAppl, exprGen.Integer(BigNum.FromInt(impl.Blocks[0].UniqueId))); * vc = exprGen.Implies(eqExpr, vc); */ reporter = new VCGen.ErrorReporter(gotoCmdOrigins, label2absy, impl.Blocks, parent.debugInfos, callback, mvInfo, this.Checker.TheoremProver.Context, parent.program); if (CommandLineOptions.Clo.TraceVerify && no >= 0) { Console.WriteLine("-- after split #{0}", no); Print(); } string desc = cce.NonNull(impl.Name); if (no >= 0) { desc += "_split" + no; } checker.BeginCheck(desc, vc, reporter, timeout, rlimit, impl.RandomSeed); }
bool BruteForceCmd(Block b, int startidx, int endidx, Variable reachvar, Implementation impl, VerifierCallback callback) { Contract.Requires(b != null); Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); #region Modify Cmds List <Cmd> backup = b.Cmds; Contract.Assert(backup != null); List <Cmd> cs = new List <Cmd>(); for (int i = 0; i < startidx; i++) { cs.Add(b.Cmds[i]); } for (int i = startidx; i <= endidx; i++) { Cmd c = b.Cmds[i]; if (ContainsReachVariable(c)) { cs.Add(c); continue; } cs.Add(new AssertCmd(c.tok, Expr.True)); } for (int i = endidx + 1; i < b.Cmds.Length; i++) { cs.Add(b.Cmds[i]); } b.Cmds = cs; #endregion #region Recheck ProverInterface.Outcome outcome = ProverInterface.Outcome.Undetermined; if (!ReCheckImpl(reachvar, impl, callback, out outcome)) { b.Cmds = backup; return(false); } #endregion if (outcome == ProverInterface.Outcome.Valid) { return(true); } else if (outcome == ProverInterface.Outcome.Invalid) { b.Cmds = backup; if (startidx >= endidx) { if (!ContainsReachVariable(b.Cmds[endidx])) { // Console.Write(" Witness ("); // // ConsoleColor col = Console.ForegroundColor; // Console.ForegroundColor = ConsoleColor.White; // Console.Write("{0};{1}", b.Cmds[endidx].tok.line, b.Cmds[endidx].tok.col ); // Console.ForegroundColor = col; // Console.Write("): "); // Console.ForegroundColor = ConsoleColor.Yellow; // b.Cmds[endidx].Emit(new TokenTextWriter("<console>", Console.Out, false), 0); // Console.ForegroundColor = col; m_doomedCmds.Add(b.Cmds[endidx]); return(true); } else { return(false); } } else { int mid = startidx + (endidx - startidx) / 2; BruteForceCmd(b, startidx, mid, reachvar, impl, callback); BruteForceCmd(b, mid + 1, endidx, reachvar, impl, callback); return(false); // This is pure random } } else { b.Cmds = backup; return(false); } }
bool BruteForceCESearch(Variable reachvar, Implementation impl, VerifierCallback callback, Dictionary <Block, List <Cmd> > cmdbackup, int startidx, int endidx) { Contract.Requires(reachvar != null); Contract.Requires(impl != null); Contract.Requires(callback != null); Contract.Requires(cce.NonNullElements(cmdbackup)); #region Modify implementation for (int i = startidx; i <= endidx; i++) { if (_copiedBlock.Contains(impl.Blocks[i])) { continue; } List <Cmd> cs = new List <Cmd>(); cmdbackup.Add(impl.Blocks[i], impl.Blocks[i].Cmds); foreach (Cmd c in impl.Blocks[i].Cmds) { Contract.Assert(c != null); if (ContainsReachVariable(c)) { cs.Add(c); continue; } AssertCmd ac = c as AssertCmd; AssumeCmd uc = c as AssumeCmd; if (ac != null) { cs.Add(new AssertCmd(ac.tok, Expr.True)); } else if (uc != null) { cs.Add(new AssertCmd(uc.tok, Expr.True)); } else { cs.Add(c); } } impl.Blocks[i].Cmds = cs; } #endregion ProverInterface.Outcome outcome = ProverInterface.Outcome.Undetermined; if (!ReCheckImpl(reachvar, impl, callback, out outcome)) { UndoBlockModifications(impl, cmdbackup, startidx, endidx); return(false); } if (outcome == ProverInterface.Outcome.Valid) { return(true); } else if (outcome == ProverInterface.Outcome.Invalid) { UndoBlockModifications(impl, cmdbackup, startidx, endidx); int mid = startidx + (endidx - startidx) / 2; if (startidx >= endidx) { // Now we found an interesting Block and we have to // search for the interesting statements. int cmdcount = impl.Blocks[endidx].Cmds.Length; BruteForceCmd(impl.Blocks[endidx], 0, cmdcount / 2 - 1, reachvar, impl, callback); BruteForceCmd(impl.Blocks[endidx], cmdcount / 2, cmdcount - 1, reachvar, impl, callback); return(true); } else { BruteForceCESearch(reachvar, impl, callback, cmdbackup, startidx, mid); BruteForceCESearch(reachvar, impl, callback, cmdbackup, mid + 1, endidx); return(true); } } else { UndoBlockModifications(impl, cmdbackup, startidx, endidx); return(false); } }
private void SearchCounterexample(Implementation impl, DoomErrorHandler errh, VerifierCallback callback) { Contract.Requires(impl != null); Contract.Requires(errh != null); Contract.Requires(callback != null); Contract.Requires(errh.m_Reachvar != null); //if (errh.m_Reachvar==null) { // Contract.Assert(false);throw new cce.UnreachableException(); //} m_doomedCmds.Clear(); Dictionary <Block, List <Cmd> > cmdbackup = new Dictionary <Block, List <Cmd> >(); BruteForceCESearch(errh.m_Reachvar, impl, callback, cmdbackup, 0, impl.Blocks.Count / 2 - 1); BruteForceCESearch(errh.m_Reachvar, impl, callback, cmdbackup, impl.Blocks.Count / 2, impl.Blocks.Count - 1); List <Cmd> causals = CollectCausalStatements(impl.Blocks[0]); foreach (Cmd c in causals) { Contract.Assert(c != null); GenerateErrorMessage(c, causals); } #region Undo all modifications foreach (KeyValuePair <Block, List <Cmd> > kvp in cmdbackup) { Contract.Assert(kvp.Key != null); Contract.Assert(kvp.Value != null); kvp.Key.Cmds = kvp.Value; } #endregion }
/// <summary> /// MSchaef: /// - remove loops and add reach variables /// - make it a passive program /// - compute the wlp for each block /// - check if |= (reach=false) => wlp.S.false holds for each reach /// /// </summary> public override Outcome VerifyImplementation(Implementation impl, VerifierCallback callback) { Contract.EnsuresOnThrow <UnexpectedProverOutputException>(true); Console.WriteLine(); Console.WriteLine("Checking function {0}", impl.Name); callback.OnProgress("doomdetector", 0, 0, 0); bool restartTP = CommandLineOptions.Clo.DoomRestartTP; //Impl2Dot(impl, String.Format("c:/dot/{0}_orig.dot", impl.Name)); Transform4DoomedCheck(impl); //Impl2Dot(impl, String.Format("c:/dot/{0}_fin.dot", impl.Name)); Checker checker = FindCheckerFor(1000); Contract.Assert(checker != null); int assertionCount; DoomCheck dc = new DoomCheck(impl, this.exitBlock, checker, m_UncheckableBlocks, out assertionCount); CumulativeAssertionCount += assertionCount; //EmitImpl(impl, false); int _totalchecks = 0; ProverInterface.Outcome outcome; dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); System.TimeSpan ts = new TimeSpan(); if (_print_time) { Console.WriteLine("Total number of blocks {0}", impl.Blocks.Count); } List <Block> lb; List <Variable> lv = new List <Variable>(); while (dc.GetNextBlock(out lb)) { Contract.Assert(lb != null); outcome = ProverInterface.Outcome.Undetermined; Variable v = null; lv.Clear(); foreach (Block b_ in lb) { if (!m_BlockReachabilityMap.TryGetValue(b_, out v)) { // This should cause an error continue; } //Console.Write("{0}, ",b_.Label); lv.Add(v); } //Console.WriteLine(); Dictionary <Expr, int> finalreachvars = m_GetPostconditionVariables(impl.Blocks, lb); if (lv.Count < 1) { continue; } Contract.Assert(lv != null); _totalchecks++; if (!dc.CheckLabel(lv, finalreachvars, out outcome)) { return(Outcome.Inconclusive); } ts += dc.DEBUG_ProverTime.Elapsed; if (restartTP) { checker.Close(); checker = FindCheckerFor(1000); dc.RespawnChecker(impl, checker); dc.ErrorHandler = new DoomErrorHandler(dc.Label2Absy, callback); } } checker.Close(); if (_print_time) { Console.WriteLine("Number of Checkes / #Blocks: {0} of {1}", _totalchecks, impl.Blocks.Count); dc.__DEBUG_PrintStatistics(); Console.WriteLine("Total time for this method: {0}", ts.ToString()); } #region Try to produce a counter example (brute force) if (dc.DoomedSequences.Count > 0) { int counter = 0; List <Block> _all = new List <Block>(); foreach (List <Block> lb_ in dc.DoomedSequences) { foreach (Block b_ in lb_) { if (!_all.Contains(b_) && !m_UncheckableBlocks.Contains(b_)) { _all.Add(b_); counter++; if (!_print_time) { Console.WriteLine(b_.Label); } } } } if (_all.Count > 0) { Console.WriteLine("#Dead Blocks found: {0}: ", counter); return(Outcome.Errors); } } #endregion return(Outcome.Correct); }