strengthened type checking

cleaned up the generation of mover checks (based on example from Chris)
added two examples from Chris to regressions

1 files changed, 8 insertions, 1 deletions

diff --git a/Test/og/ticket.bpl b/Test/og/ticket.bpl
index 68e308d0..91863e1a 100644
--- a/Test/og/ticket.bpl
+++ b/Test/og/ticket.bpl
@@ -33,8 +33,13 @@ function {:inline} Inv2(tickets: [int]bool, ticket: int, lock: X): (bool)
     if (lock == nil) then tickets == RightOpen(ticket) else tickets == RightClosed(ticket)

 }

 

-procedure {:yields} {:layer 2} Allocate({:linear_in "tid"} xls':[X]bool) returns ({:linear "tid"} xls: [X]bool, {:linear "tid"} xl: X);

+procedure {:yields} {:layer 2} Allocate({:linear_in "tid"} xls':[X]bool) returns ({:linear "tid"} xls: [X]bool, {:linear "tid"} xl: X)

 ensures {:layer 1} {:layer 2} xl != nil;

+{

+    yield;

+    call xls, xl := AllocateLow(xls');

+    yield;

+}

 

 procedure {:yields} {:layer 2} main({:linear_in "tid"} xls':[X]bool)

 requires {:layer 2} xls' == mapconstbool(true);

@@ -138,3 +143,5 @@ ensures {:atomic} |{ A: assume m <= s; cs := tid; return true; }|;
 procedure {:yields} {:layer 0,2} Leave({:linear "tid"} tid: X);

 ensures {:atomic} |{ A: s := s + 1; cs := nil; return true; }|;

 

+procedure {:yields} {:layer 0,2} AllocateLow({:linear_in "tid"} xls':[X]bool) returns ({:linear "tid"} xls: [X]bool, {:linear "tid"} xl: X);

+ensures {:atomic} |{ A: assume xl != nil; return true; }|;