strengthened type checking

cleaned up the generation of mover checks (based on example from Chris)
added two examples from Chris to regressions

1 files changed, 18 insertions, 2 deletions

diff --git a/Test/og/linear-set2.bpl b/Test/og/linear-set2.bpl
index a3b84702..24d8a13a 100644
--- a/Test/og/linear-set2.bpl
+++ b/Test/og/linear-set2.bpl
@@ -24,11 +24,21 @@ var {:layer 0,1} x: int;
 var {:layer 0,1} l: X;

 const nil: X;

 

-procedure {:yields} {:layer 1} Split({:linear_in "x"} xls: [X]bool) returns ({:linear "x"} xls1: [X]bool, {:linear "x"} xls2: [X]bool);

+procedure {:yields} {:layer 1} Split({:linear_in "x"} xls: [X]bool) returns ({:linear "x"} xls1: [X]bool, {:linear "x"} xls2: [X]bool)

 ensures {:layer 1} xls == MapOr(xls1, xls2) && xls1 != None() && xls2 != None();

+{

+  yield;

+  call xls1, xls2 := SplitLow(xls);

+  yield;

+}

 

-procedure {:yields} {:layer 1} Allocate() returns ({:linear "tid"} xls: X);

+procedure {:yields} {:layer 1} Allocate() returns ({:linear "tid"} xls: X)

 ensures {:layer 1} xls != nil;

+{

+  yield;

+  call xls := AllocateLow();

+  yield;

+}

 

 procedure {:yields} {:layer 0,1} Set(v: int);

 ensures {:atomic} |{A: x := v; return true; }|;

@@ -39,6 +49,12 @@ ensures {:atomic} |{A: assume l == nil; l := tidls; return true; }|;
 procedure {:yields} {:layer 0,1} Unlock();

 ensures {:atomic} |{A: l := nil; return true; }|;

 

+procedure {:yields} {:layer 0,1} SplitLow({:linear_in "x"} xls: [X]bool) returns ({:linear "x"} xls1: [X]bool, {:linear "x"} xls2: [X]bool);

+ensures {:atomic} |{ A: assume xls == MapOr(xls1, xls2) && xls1 != None() && xls2 != None(); return true; }|;

+

+procedure {:yields} {:layer 0,1} AllocateLow() returns ({:linear "tid"} xls: X);

+ensures {:atomic} |{ A: assume xls != nil; return true; }|;

+

 procedure {:yields} {:layer 1} main({:linear_in "tid"} tidls': X, {:linear_in "x"} xls': [X]bool) 

 requires {:layer 1} tidls' != nil && xls' == All();

 {