Skip to content

Include definedness checks during exhale#457

Merged
gauravpartha merged 33 commits into
masterfrom
exhale_with_definedness
Apr 25, 2023
Merged

Include definedness checks during exhale#457
gauravpartha merged 33 commits into
masterfrom
exhale_with_definedness

Conversation

@gauravpartha

@gauravpartha gauravpartha commented Mar 24, 2023

Copy link
Copy Markdown
Contributor

Previously, the encoding for exhale A first checked well-definedness of A and in a second step performed the actual exhale. This approach is flawed, because (1) well-definedness of A depends on the actual exhale in the general case and (2) in cases where the exhale fails, the reported errors are not the expected ones. See #406 for examples illustrating these two problems.

This PR implements an exhale implementation, which (if enabled) does the well-definedness checks during the exhale (as we already do with inhale).

@gauravpartha
add definedness state option to DefinednessComponent trait
a091467 
This will allow one to be able to be able to do permission definendess checks in a different state than the standard evaluation state.
@gauravpartha
Take definedness state into account for definedness of unfolding and …
43a3a33 
…permission checks

The setDefState field in DefinednessState is now mutable such that when unfolding one can change the definedness state (assuming there is a separate definedness state). An alternative would be to keep the same definedness state during an unfolding statement but to then explicitly reset this state via a Boogie statement at the end of an unfolding. Since Boogie performs constant propagation the resulting VC should essentially be the same for both approaches. The currently implemented approach is more in-line with the way encoding is currently handled, where new states are constructed instead of reusing previous states.
@gauravpartha
wip
b5b101b
@gauravpartha
unfolding in exhale only as way to gain more information (or for defi…
b58a406 
…nedness check)

o special treatment for permission introspection since permission introspection within unfoldings still needs to be explored properly
@gauravpartha
avoid definedness checks in exhale invocations of translateStmt when …
2903488 
…inside a package statement
@gauravpartha
move DefinednessCheckData from the trait to its implementation
d7e0968
@gauravpartha
Unfolding in exhale to gain more information is done in the well-defi…
3b97011 
…nedness state. As a result, we can remove the predicate in this state (but do not check whether it is there, because in this mode well-definedness is assumed; analogous to inhale).
@gauravpartha
remove redundant import
7fda6d1
@gauravpartha
exhale: don't handle unfolding in a separate case inside package stat…
65fd2f4 
…ements
@gauravpartha
clearer definedness data interface
2dcdc5d
@gauravpartha
better documentation
60370f0
@gauravpartha
minor
a8329ab
@gauravpartha
update Silver to pr branch
a84a96e
@gauravpartha
minor fix
8f59ef5
@gauravpartha
better documentation
a768d86
@gauravpartha
fix
d2d886a
@gauravpartha
minor
0184907
@gauravpartha
remove checkDefinednessOfSpecAndExhale (subsumed by exhale)
62edf8f
@gauravpartha
fix exhale and definedness error order in call
43197c1
@gauravpartha
better documentation
2586461
@gauravpartha
fix
b97f738
@gauravpartha
use sequence of expressions directly in exhale
3da8ac5
@gauravpartha
update silver commit
a35d9fe
@gauravpartha
check whether predicate exists when unfolding for more information in…
2a87229 
… exhale

this check should not be required, but I add it as a sanity check
@gauravpartha
reuse temporary variable also for nonnegative permission check in exhale
f2865f1
@gauravpartha
for the exhale: only emit the initialization of the well-definedness …
8603c09 
…state if the exhale is non-empty
@gauravpartha
update Silver commit
a454c01
@gauravpartha
update silver commit
3d20bc4
@gauravpartha
update silver commit
2b4faac
@gauravpartha
minor fixes
85b7070
@gauravpartha

gauravpartha commented Apr 25, 2023
edited
Loading

Copy link
Copy Markdown
Contributor Author

One aspect that this PR does not resolve and that should be handled in another PR is when one of the following two cases occur during an exhale:

  • Permission introspection is used in function call arguments
  • Permission introspection is used in the predicate arguments of an unfolding expression

The expected behavior is to evaluate those occurrences of permission introspection in the evaluation permission mask, that is, the mask which the exhale modifies when permissions are removed. Currently, these occurrences are evaluated in the well-definedness permission mask, that is, the permission mask right before the exhale.

The code contains FIXME annotations for these two instances. One solution is to evaluate the arguments before checking the precondition of a function call or before executing an unfolding expressions, similarly to how method calls are currently encoded. Ideally, one would write code that could be reused by all three instances (method call encoding, function call encoding, unfolding encoding).

@gauravpartha gauravpartha merged commit bfce556 into master Apr 25, 2023
@gauravpartha gauravpartha mentioned this pull request Apr 25, 2023
Merged
gauravpartha added a commit to viperproject/silver that referenced this pull request Apr 25, 2023
@gauravpartha
Merge pull request #683 from viperproject/carbon_pr_457
ae4a123 
Update tests for Carbon exhale with well-definedness change (Carbon PR viperproject/carbon#457)
@gauravpartha gauravpartha mentioned this pull request May 1, 2023
Open
@gauravpartha gauravpartha mentioned this pull request Jul 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gauravpartha