1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
module Translator
open Forro
open BoogieAst
open Resolver
open System.Collections.Generic
let rec Append a b =
match a with
| [] -> b
| hd::tl -> hd::(Append tl b)
let rec Flatten a =
match a with
| [] -> []
| list::rest -> Append list (Flatten rest)
// ---------- Prelude ----------
let Prelude =
@"// Forro
var $head: [int]int; // int -> int
var $tail: [int]int;
var $valid: [int]bool; // array int of bool
const null: int;
function GoodState([int]int, [int]int, [int]bool): bool;
axiom (forall hd, tl: [int]int, valid: [int]bool ::
{ GoodState(hd, tl, valid) }
GoodState(hd, tl, valid) ==> !valid[null]);
"
// ---------- Translate Expressions ----------
let TrField f =
match f with
| Head -> "$head"
| Tail -> "$tail"
| Valid -> "$valid"
let AllFields = ["$head" ; "$tail" ; "$valid"]
let MkPred term =
match term with
| BToTerm(p) -> p
| _ -> BToPred(term)
let MkTerm pred =
match pred with
| BToPred(e) -> e
| _ -> BToTerm(pred)
let rec TrExpr expr =
match expr with
| Constant(x) -> BConstant x
| Null -> BNull
| Identifier(Var(x)) -> BIdentifier(x)
| Not(e) -> BNot(TrExpr e)
| Binary(op,a,b) ->
let a = TrExpr a
let b = TrExpr b
match op with
| Eq -> MkTerm(BBinary(BEq,a,b))
| Neq -> MkTerm(BBinary(BNeq,a,b))
| Plus -> BBinary(BPlus,a,b)
| Minus -> BBinary(BMinus,a,b)
| Times -> BBinary(BTimes,a,b)
| Less -> MkTerm(BBinary(BLess,a,b))
| AtMost -> MkTerm(BBinary(BAtMost,a,b))
| And -> MkTerm(BBinary(BAnd, MkPred a, MkPred b))
| Or -> MkTerm(BBinary(BOr, MkPred a, MkPred b))
| Select(e,f) ->
let r = BSelect(TrField f, TrExpr e)
if f = Field.Valid then MkTerm(r) else r
| Old(e) -> BOld(TrExpr e)
let rec ListToConjunction list =
match list with
| [] -> BTrue
| [P] -> P
| hd::tl -> BBinary(BAnd, hd, ListToConjunction tl)
let rec DefL expr =
match expr with
| Constant(x) -> []
| Null -> []
| Identifier(Var(x)) -> []
| Not(e) -> DefL e
| Binary(op,a,b) ->
match op with
| And -> BBinary(BOr, BNot(MkPred (TrExpr a)), Def b) :: (DefL a) // (Def a) && ((TrExpr a) ==> (Def b))
| Or -> BBinary(BOr, MkPred (TrExpr a), Def b) :: (DefL a) // (Def a) && (!(TrExpr a) ==> (Def b))
| _ -> Append (DefL b) (DefL a)
| Select(e,f) ->
let def = DefL e
if f = Field.Valid then def // it is always okay to ask about .valid
else BSelect("$valid", TrExpr e) :: def
| Old(e) -> List.map BOld (DefL e)
and Def expr =
ListToConjunction (List.rev (DefL expr))
let AssumeGoodState =
BAssume (BFunc("GoodState", List.map BIdentifier AllFields))
// ---------- Translate Statements ----------
type LocalBookkeeping = LB of int * BVarDecl list
let FreshLocal locals =
match locals with
| LB(n, vars) ->
let name = "nw$" + n.ToString()
(BIdentifier(name), name, LB(n+1, BVar(name, BInt)::vars))
let rec TrStmt stmt locals =
match stmt with
| Assign(v,e) ->
let s = [ BAssert (Def e) ;
BAssign(VarName v, TrExpr e) ]
(s, locals)
| Update(obj,f,rhs) ->
let o = TrExpr obj
let s = [ BAssert(Def obj) ; BAssert (Def rhs) ;
BAssert(BSelect("$valid", o)) ;
BUpdate(TrField f, o, if f = Field.Valid then MkPred(TrExpr rhs) else TrExpr rhs) ;
AssumeGoodState ]
(s, locals)
| Alloc(v,hd,tl) ->
let nw, name, locals = FreshLocal locals
let s = [ BAssert (Def hd) ; BAssert (Def tl) ;
BHavoc [name] ;
BAssume(BNot(BSelect("$valid", nw))) ;
BAssume(BBinary(BEq, BSelect("$head", nw), TrExpr hd)) ;
BAssume(BBinary(BEq, BSelect("$tail", nw), TrExpr tl)) ;
BUpdate("$valid", nw, BTrue) ;
AssumeGoodState ;
BAssign(VarName v, nw) ]
(s, locals)
| IfStmt(guard,thn,els) ->
let check = BAssert(Def guard)
let thn, locals = TrStmtList thn locals
let els, locals = TrStmtList els locals
let s = BIfStmt(MkPred (TrExpr guard), thn, els)
([check ; s], locals)
| WhileStmt(guard,invs,body) ->
let ii = [Def guard]
let ii = List.fold (fun ii -> fun inv -> (MkPred (TrExpr inv))::(Def inv)::ii) ii invs
let s, locals = TrStmtList body locals
match s with
| BBlock(slist) ->
([BWhileStmt(MkPred (TrExpr guard), List.rev ii, BBlock(AssumeGoodState::slist)) ; AssumeGoodState], locals)
| CallStmt(outs,id,ins) ->
let check = List.map (fun e -> BAssert (Def e)) ins
let ins = List.map (fun e -> TrExpr e) ins
let outs = List.map (fun p -> VarName p) outs
let s = BCallStmt(outs, id + "#Proc", ins)
(Append check [s ; AssumeGoodState ], locals)
| Assert(e) ->
([ BAssert (Def e) ; BAssert (MkPred (TrExpr e)) ], locals)
and TrStmtList slist locals =
match slist with
| Block([]) -> (BBlock [], locals)
| Block(s::rest) ->
let s,locals = TrStmt s locals
let rest,locals = TrStmtList (Block rest) locals
match rest with
| BBlock(slist) -> (BBlock(Append s slist), locals)
// ---------- Translate Procedure Body ----------
let TrSignature ins outs =
let bIns = List.map (fun v -> BVar(VarName v, BInt)) ins
let bOuts = List.map (fun v -> BVar(VarName v, BInt)) outs
(bIns, bOuts)
let LocalDecls (vars: Dictionary<string,VarKind>) =
Flatten [ for kv in vars -> if kv.Value = VarKind.Local then [BVar(kv.Key, BInt)] else [] ]
let TrProc proc vars =
match proc with
| Proc(id, ins, outs, req, ens, body) ->
let bIns, bOuts = TrSignature ins outs
let pre = MkPred (TrExpr req)
let post = MkPred (TrExpr ens)
let locals = LocalDecls vars
let b, locals = TrStmtList body (LB(0,locals))
match b, locals with
| BBlock(slist), LB(n, vars) ->
BProc(id + "#Proc", bIns, bOuts, pre, AllFields, post,
List.rev vars, BBlock(AssumeGoodState::slist))
// --------------------
let TrSpec proc vars =
match proc with
| Proc(id, ins, outs, req, ens, body) ->
let bIns, bOuts = TrSignature ins outs
let b = [ AssumeGoodState ;
BAssert (Def req) ; BAssume (MkPred (TrExpr req)) ;
BHavoc AllFields ; AssumeGoodState ;
BAssert (Def ens) ]
BProc(id + "#WellFormedSpec", bIns, bOuts, BTrue, AllFields, BTrue, [], BBlock(b))
let TrProcedure rproc =
match rproc with
| proc, (vars: Dictionary<string,VarKind>) ->
let name = ProcedureName proc
(TrSpec proc vars, TrProc proc vars)
let Translate (rprog: (Procedure * Dictionary<string,VarKind>) list) =
let procs = List.fold (fun list -> fun (p,q) -> p::q::list) [] (List.map TrProcedure rprog)
BProg(Prelude, procs)
|