protected override void GenerateLiftAtomicPathLemmaForTauPath(AtomicPath atomicPath, string typeComparison,
string extraSignatureLines)
{
if (!canHideTau)
{
base.GenerateLiftAtomicPathLemmaForTauPath(atomicPath, typeComparison, extraSignatureLines);
return;
}
var lpr = new PrefixedVarsPathPrinter(lAtomic);
var hpr = new PrefixedVarsPathPrinter(hAtomic);
string str = $@"
lemma lemma_LiftAtomicPath_Tau(ls: LPlusState, lpath: LAtomic_Path, tid: Armada_ThreadHandle)
requires InductiveInv(ls)
requires LAtomic_ValidPath(ls, lpath, tid)
requires lpath.LAtomic_Path_Tau?
requires !IsSkippedTauPath(ls, lpath, tid)
ensures var ls' := LAtomic_GetStateAfterPath(ls, lpath, tid);
var hs := ConvertTotalState_LPlusH(ls);
var hpath := ConvertAtomicPath_LH(ls, lpath, tid);
var hs' := HAtomic_GetStateAfterPath(hs, hpath, tid);
var ty := LAtomic_GetPathType(lpath);
&& HAtomic_GetPathType(hpath) == ty
&& HAtomic_ValidPath(hs, hpath, tid)
&& hs' == ConvertTotalState_LPlusH(ls')
&& ls'.s.stop_reason.Armada_NotStopped? == hs'.stop_reason.Armada_NotStopped?
{{
{ lpr.GetOpenValidPathInvocation(lAtomic.TauPath) }
var ls' := LAtomic_GetStateAfterPath(ls, lpath, tid);
var hs := ConvertTotalState_LPlusH(ls);
var hpath := ConvertAtomicPath_LH(ls, lpath, tid);
var hs' := ConvertTotalState_LPlusH(ls');
{ hpr.GetOpenPathInvocation(hAtomic.TauPath) }
var lentry := ls.s.threads[tid].storeBuffer[0];
assert CanConvertStoreBufferEntry_LH(lentry);
var hentry := hs.threads[tid].storeBuffer[0];
var lmem := ls.s.mem;
var hmem1 := ConvertSharedMemory_LH(L.Armada_ApplyStoreBufferEntry(lmem, lentry));
var hmem2 := H.Armada_ApplyStoreBufferEntry(ConvertSharedMemory_LH(lmem), hentry);
lemma_ApplyStoreBufferEntryCommutesWithConvert(lmem, lentry, hentry, hmem1, hmem2);
var alt_hs' := HAtomic_GetStateAfterPath(hs, hpath, tid);
ProofCustomizationGoesHere();
assert hs'.threads[tid] == alt_hs'.threads[tid];
assert hs'.threads == alt_hs'.threads;
assert hs' == alt_hs';
/* { hpr.GetAssertValidPathInvocation(hAtomic.TauPath) } */
}}
";
pgp.AddLemma(str, "lift");
}
private void GenerateSkippablePathsLiftableLemma()
{
string str;
string finalCases = "";
var lpr = new PrefixedVarsPathPrinter(lAtomic);
if (canHideTau)
{
str = $@"
lemma lemma_SkippablePathLiftable_Tau(ls: LPlusState, ls': LPlusState, lpath: LAtomic_Path, tid: Armada_ThreadHandle)
requires InductiveInv(ls)
requires LAtomic_NextPath(ls, ls', lpath, tid)
requires lpath.LAtomic_Path_Tau?
requires IsSkippedTauPath(ls, lpath, tid)
ensures ConvertTotalState_LPlusH(ls) == ConvertTotalState_LPlusH(ls')
ensures ls'.s.stop_reason.Armada_NotStopped?
{{
{ lpr.GetOpenValidPathInvocation(lAtomic.TauPath) }
var hs := ConvertTotalState_LPlusH(ls);
var hs' := ConvertTotalState_LPlusH(ls');
var lentry := ls.s.threads[tid].storeBuffer[0];
ProofCustomizationGoesHere();
assert !CanConvertStoreBufferEntry_LH(lentry);
assert hs'.threads[tid].storeBuffer == hs.threads[tid].storeBuffer;
assert hs'.threads[tid] == hs.threads[tid];
assert hs'.threads == hs.threads;
assert hs'.stop_reason == hs.stop_reason;
assert hs' == hs;
}}
";
pgp.AddLemma(str, "lift");
finalCases += " case LAtomic_Path_Tau(_) => lemma_SkippablePathLiftable_Tau(ls, ls', lpath, tid);\n";
}
else
{
finalCases += " case LAtomic_Path_Tau(_) => assert false;\n";
}
var extraProof = canHideTau ? "lemma_AppendingHiddenStoreBufferEntryAlwaysDoesntAffectHighLevel(tid);" : "";
foreach (var atomicPath in lAtomic.AtomicPaths.Where(ap => !pathMap.ContainsKey(ap)))
{
var name = atomicPath.Name;
str = $@"
lemma lemma_SkippablePathLiftable_{name}(ls: LPlusState, ls': LPlusState, lpath: LAtomic_Path, tid: Armada_ThreadHandle)
requires InductiveInv(ls)
requires LAtomic_NextPath(ls, ls', lpath, tid)
requires lpath.LAtomic_Path_{name}?
ensures ConvertTotalState_LPlusH(ls) == ConvertTotalState_LPlusH(ls')
ensures ls'.s.stop_reason.Armada_NotStopped?
{{
{ lpr.GetOpenValidPathInvocation(atomicPath) }
var hs := ConvertTotalState_LPlusH(ls);
var hs' := ConvertTotalState_LPlusH(ls');
{ extraProof }
ProofCustomizationGoesHere();
assert hs'.stop_reason == hs.stop_reason;
if tid in hs'.threads {{
assert hs'.threads[tid] == hs.threads[tid];
}}
assert hs'.threads == hs.threads;
assert hs'.mem == hs.mem;
assert hs' == hs;
}}
";
pgp.AddLemma(str, "lift");
finalCases += $" case LAtomic_Path_{name}(_) => lemma_SkippablePathLiftable_{name}(ls, ls', lpath, tid);\n";
}
str = $@"
lemma lemma_SkippablePathLiftable(ls: LPlusState, ls': LPlusState, lpath: LAtomic_Path, tid: Armada_ThreadHandle)
requires InductiveInv(ls)
requires LAtomic_NextPath(ls, ls', lpath, tid)
requires IsSkippedPath(ls, lpath, tid)
ensures ConvertTotalState_LPlusH(ls) == ConvertTotalState_LPlusH(ls')
ensures ls'.s.stop_reason.Armada_NotStopped?
{{
match lpath {{
{ finalCases }
}}
}}
";
pgp.AddLemma(str, "lift");
}