Fix broken interaction between triggers and inlining of function calls

The problem was that inlining would replace formals with arguments in triggers
as well, causing invalid expressions ("trigger killers") to pop up in triggers
after inlining.

This fix disables inlining if it can't be determined that it won't lead to an
invalid trigger. If that procedure is incomplete, then that's only by a narrow
margin, as the checks actually ensure that the formals that are getting trigger
killers are indeed used in triggers.

2 files changed, 19 insertions, 0 deletions

diff --git a/Test/new-tests/trigger-in-predicate.dfy b/Test/new-tests/trigger-in-predicate.dfy
new file mode 100644
index 00000000..880d3d1d
--- /dev/null
+++ b/Test/new-tests/trigger-in-predicate.dfy
@@ -0,0 +1,15 @@
+// RUN: %dafny /compile:0 /dprint:"%t.dprint" "%s" > "%t"

+// RUN: %diff "%s.expect" "%t"

+

+predicate A(x: bool, y: bool) { x }

+

+predicate B(x: bool, z: bool) { forall y {:trigger A(x, y) } :: A(x, y) && z }

+

+// Inlining is disabled here to prevent pollution of the trigger in B

+method C() requires B(true || false, true) {}

+

+// Inlining should work fine here

+method C'() requires B(true, true) {}

+

+// Inlining should work fine here

+method C''() requires B(true, true && false) {}

diff --git a/Test/new-tests/trigger-in-predicate.dfy.expect b/Test/new-tests/trigger-in-predicate.dfy.expect
new file mode 100644
index 00000000..211bc9a2
--- /dev/null
+++ b/Test/new-tests/trigger-in-predicate.dfy.expect
@@ -0,0 +1,4 @@
+c:/MSR/dafny-triggers/Test/new-tests/trigger-in-predicate.dfy(9,21): Info: This call cannot be safely inlined.

+c:/MSR/dafny-triggers/Test/new-tests/trigger-in-predicate.dfy(9,21): Info: This call cannot be safely inlined.

+

+Dafny program verifier finished with 8 verified, 0 errors