From 82cd6194369a376e51a6b525e577f7cc8852ebef Mon Sep 17 00:00:00 2001 From: Clément Pit--Claudel Date: Mon, 20 Jul 2015 13:00:10 -0700 Subject: Split snapshot tests into separate files and add support for %S in runTests.py --- Test/dafny0/snapshots/Snapshots2.run.dfy.expect | 41 +++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Test/dafny0/snapshots/Snapshots2.run.dfy.expect (limited to 'Test/dafny0/snapshots/Snapshots2.run.dfy.expect') diff --git a/Test/dafny0/snapshots/Snapshots2.run.dfy.expect b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect new file mode 100644 index 00000000..a6a9bc4c --- /dev/null +++ b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect @@ -0,0 +1,41 @@ +Processing command (at Snapshots2.v0.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(4,10)) assert Lit(false); + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(11,11)) assert true; + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(11,15)) assert _module.__default.P($LS($LS($LZ)), $Heap) <==> _module.__default.Q($LS($LS($LZ)), $Heap); + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(14,11)) assert true; + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(14,15)) assert _module.__default.Q($LS($LS($LZ)), $Heap) <==> Lit(_module.__default.R($Heap)); + >>> DoNothingToAssert +Processing command (at Snapshots2.v0.dfy(18,3)) assert true; + >>> DoNothingToAssert + +Dafny program verifier finished with 6 verified, 0 errors +Processing call to procedure IntraModuleCall$$_module.__default.N in implementation Impl$$_module.__default.M (at Snapshots2.v1.dfy(3,4)): + >>> added after: a##cached##0 := a##cached##0 && false; +Processing implementation CheckWellformed$$_module.__default.P (at Snapshots2.v1.dfy(10,11)): + >>> added after assuming the current precondition: a##cached##0 := a##cached##0 && false; +Processing implementation CheckWellformed$$_module.__default.Q (at Snapshots2.v1.dfy(13,11)): + >>> added after assuming the current precondition: a##cached##0 := a##cached##0 && false; +Processing command (at Snapshots2.v1.dfy(18,3)) assert true; + >>> MarkAsFullyVerified +Processing command (at Snapshots2.v1.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); + >>> MarkAsFullyVerified +Processing command (at Snapshots2.v1.dfy(4,10)) assert Lit(false); + >>> DoNothingToAssert +Snapshots2.v1.dfy(4,10): Error: assertion violation +Execution trace: + (0,0): anon0 +Processing command (at Snapshots2.v1.dfy(11,11)) assert true; + >>> DoNothingToAssert +Processing command (at Snapshots2.v1.dfy(11,15)) assert _module.__default.P($LS($LS($LZ)), $Heap) <==> _module.__default.Q($LS($LS($LZ)), $Heap); + >>> DoNothingToAssert +Processing command (at Snapshots2.v1.dfy(14,11)) assert true; + >>> DoNothingToAssert +Processing command (at Snapshots2.v1.dfy(14,15)) assert _module.__default.Q($LS($LS($LZ)), $Heap) <==> Lit(_module.__default.R($Heap)); + >>> DoNothingToAssert + +Dafny program verifier finished with 5 verified, 1 error -- cgit v1.2.3 From 3f886d1789d50400ffba2befdc2ae0e8d5c79cbe Mon Sep 17 00:00:00 2001 From: Clément Pit--Claudel Date: Thu, 23 Jul 2015 11:57:19 -0700 Subject: Fix: Unify column numbers in Dafny's errors Dafny counts from 0, but Boogie counts from 1. Tokens are 1-based. Thus when we print tokens, we need to decrement the column number. This was done for resolver errors, but not for verification or parsing errors. In addition, parsing errors were inconsistent with resolution errors case-wise. Unfortunately, the fix affects the output of many tests. --- Source/Dafny/Parser.cs | 12 ++- Source/DafnyDriver/DafnyDriver.cs | 8 +- Test/dafny0/AdvancedLHS.dfy.expect | 2 +- Test/dafny0/Array.dfy.expect | 46 +++++----- Test/dafny0/AutoReq.dfy.expect | 38 ++++----- Test/dafny0/Backticks.dfy.expect | 4 +- Test/dafny0/BadFunction.dfy.expect | 2 +- Test/dafny0/Basics.dfy.expect | 36 ++++---- Test/dafny0/Calculations.dfy.expect | 12 +-- Test/dafny0/Char.dfy.expect | 6 +- Test/dafny0/CoPrefix.dfy.expect | 30 +++---- Test/dafny0/CoinductiveProofs.dfy.expect | 42 +++++----- Test/dafny0/Comprehensions.dfy.expect | 2 +- Test/dafny0/ComputationsLoop.dfy.expect | 4 +- Test/dafny0/ComputationsLoop2.dfy.expect | 6 +- Test/dafny0/ComputationsNeg.dfy.expect | 14 ++-- Test/dafny0/ControlStructures.dfy.expect | 20 ++--- Test/dafny0/Corecursion.dfy.expect | 16 ++-- Test/dafny0/DTypes.dfy.expect | 24 +++--- Test/dafny0/Datatypes.dfy.expect | 26 +++--- Test/dafny0/Definedness.dfy.expect | 98 +++++++++++----------- Test/dafny0/DeterministicPick.dfy.expect | 2 +- Test/dafny0/DiamondImports.dfy.expect | 10 +-- Test/dafny0/Fuel.dfy.expect | 50 +++++------ Test/dafny0/FunctionSpecifications.dfy.expect | 38 ++++----- Test/dafny0/IMaps.dfy.expect | 2 +- Test/dafny0/Include.dfy.expect | 10 +-- Test/dafny0/Includee.dfy.expect | 10 +-- Test/dafny0/IndexIntoUpdate.dfy.expect | 2 +- Test/dafny0/InductivePredicates.dfy.expect | 4 +- Test/dafny0/Inverses.dfy.expect | 8 +- Test/dafny0/Iterators.dfy.expect | 44 +++++----- Test/dafny0/LetExpr.dfy.expect | 18 ++-- Test/dafny0/LhsDuplicates.dfy.expect | 12 +-- Test/dafny0/LoopModifies.dfy.expect | 18 ++-- Test/dafny0/Maps.dfy.expect | 4 +- Test/dafny0/ModifyStmt.dfy.expect | 22 ++--- Test/dafny0/Modules0.dfy.expect | 4 +- Test/dafny0/Modules1.dfy.expect | 12 +-- Test/dafny0/MultiDimArray.dfy.expect | 4 +- Test/dafny0/MultiSets.dfy.expect | 14 ++-- Test/dafny0/NatTypes.dfy.expect | 18 ++-- Test/dafny0/Newtypes.dfy.expect | 26 +++--- Test/dafny0/OpaqueFunctions.dfy.expect | 52 ++++++------ Test/dafny0/Parallel.dfy.expect | 20 ++--- Test/dafny0/ParseErrors.dfy.expect | 32 +++---- Test/dafny0/PredExpr.dfy.expect | 8 +- Test/dafny0/Predicates.dfy.expect | 26 +++--- Test/dafny0/Protected.dfy.expect | 10 +-- Test/dafny0/RankNeg.dfy.expect | 8 +- Test/dafny0/Reads.dfy.expect | 18 ++-- Test/dafny0/RealCompare.dfy.expect | 10 +-- Test/dafny0/RealTypes.dfy.expect | 10 +-- Test/dafny0/Refinement.dfy.expect | 36 ++++---- Test/dafny0/Skeletons.dfy.expect | 4 +- Test/dafny0/SmallTests.dfy.expect | 76 ++++++++--------- Test/dafny0/SplitExpr.dfy.expect | 4 +- Test/dafny0/StatementExpressions.dfy.expect | 10 +-- Test/dafny0/Superposition.dfy.expect | 12 +-- Test/dafny0/Termination.dfy.expect | 16 ++-- .../Trait/TraitUsingParentMembers.dfy.expect | 2 +- Test/dafny0/Trait/TraitsDecreases.dfy.expect | 22 ++--- Test/dafny0/Tuples.dfy.expect | 4 +- Test/dafny0/TypeAntecedents.dfy.expect | 8 +- Test/dafny0/TypeParameters.dfy.expect | 30 +++---- Test/dafny0/columns.dfy | 10 +++ Test/dafny0/columns.dfy.expect | 18 ++++ Test/dafny0/snapshots/Snapshots0.run.dfy.expect | 2 +- Test/dafny0/snapshots/Snapshots1.run.dfy.expect | 2 +- Test/dafny0/snapshots/Snapshots2.run.dfy.expect | 2 +- Test/dafny0/snapshots/Snapshots3.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots4.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots6.run.dfy.expect | 2 +- Test/dafny0/snapshots/Snapshots7.run.dfy.expect | 2 +- Test/dafny1/MoreInduction.dfy.expect | 16 ++-- Test/dafny2/SnapshotableTrees.dfy.expect | 4 +- Test/dafny4/BinarySearch.dfy.expect | 2 +- Test/dafny4/Bug73.dfy.expect | 4 +- Test/dafny4/SoftwareFoundations-Basics.dfy.expect | 2 +- Test/hofs/Apply.dfy.expect | 2 +- Test/hofs/Classes.dfy.expect | 4 +- Test/hofs/Field.dfy.expect | 8 +- Test/hofs/FnRef.dfy.expect | 8 +- Test/hofs/Frame.dfy.expect | 14 ++-- Test/hofs/Lambda.dfy.expect | 2 +- Test/hofs/LambdaParsefail.dfy.expect | 10 +-- Test/hofs/LambdaParsefail2.dfy.expect | 2 +- Test/hofs/Naked.dfy.expect | 24 +++--- Test/hofs/OneShot.dfy.expect | 6 +- Test/hofs/ReadsReads.dfy.expect | 16 ++-- Test/hofs/Simple.dfy.expect | 12 +-- Test/hofs/Twice.dfy.expect | 4 +- Test/irondafny0/inheritreqs0.dfy.expect | 4 +- Test/irondafny0/inheritreqs1.dfy.expect | 4 +- Test/irondafny0/xrefine1.dfy.expect | 4 +- 95 files changed, 714 insertions(+), 682 deletions(-) create mode 100644 Test/dafny0/columns.dfy create mode 100644 Test/dafny0/columns.dfy.expect (limited to 'Test/dafny0/snapshots/Snapshots2.run.dfy.expect') diff --git a/Source/Dafny/Parser.cs b/Source/Dafny/Parser.cs index 01438f68..d50a4dd6 100644 --- a/Source/Dafny/Parser.cs +++ b/Source/Dafny/Parser.cs @@ -4429,8 +4429,8 @@ List/*!*/ decreases, ref Attributes decAttrs, ref Attributes mo public class Errors { public int count = 0; // number of errors detected public System.IO.TextWriter/*!*/ errorStream = Console.Out; // error messages go to this stream - public string errMsgFormat = "{0}({1},{2}): error: {3}"; // 0=filename, 1=line, 2=column, 3=text - public string warningMsgFormat = "{0}({1},{2}): warning: {3}"; // 0=filename, 1=line, 2=column, 3=text + public string errMsgFormat = "{0}({1},{2}): Error: {3}"; // 0=filename, 1=line, 2=column, 3=text + public string warningMsgFormat = "{0}({1},{2}): Warning: {3}"; // 0=filename, 1=line, 2=column, 3=text public void SynErr(string filename, int line, int col, int n) { SynErr(filename, line, col, GetSyntaxErrorString(n)); @@ -4438,7 +4438,7 @@ public class Errors { public virtual void SynErr(string filename, int line, int col, string/*!*/ msg) { Contract.Requires(msg != null); - errorStream.WriteLine(errMsgFormat, filename, line, col, msg); + errorStream.WriteLine(errMsgFormat, filename, line, col - 1, msg); count++; } @@ -4701,7 +4701,7 @@ public class Errors { public virtual void SemErr(string filename, int line, int col, string/*!*/ msg) { Contract.Requires(msg != null); - errorStream.WriteLine(errMsgFormat, filename, line, col, msg); + errorStream.WriteLine(errMsgFormat, filename, line, col - 1, msg); count++; } @@ -4713,7 +4713,7 @@ public class Errors { public virtual void Warning(string filename, int line, int col, string msg) { Contract.Requires(msg != null); - errorStream.WriteLine(warningMsgFormat, filename, line, col, msg); + errorStream.WriteLine(warningMsgFormat, filename, line, col - 1, msg); } } // Errors @@ -4721,6 +4721,4 @@ public class Errors { public class FatalError: Exception { public FatalError(string m): base(m) {} } - - } \ No newline at end of file diff --git a/Source/DafnyDriver/DafnyDriver.cs b/Source/DafnyDriver/DafnyDriver.cs index 9fdc9320..d22899ab 100644 --- a/Source/DafnyDriver/DafnyDriver.cs +++ b/Source/DafnyDriver/DafnyDriver.cs @@ -273,7 +273,13 @@ namespace Microsoft.Dafny { public override void ReportBplError(IToken tok, string message, bool error, TextWriter tw, string category = null) { - base.ReportBplError(tok, message, error, tw, category); + // Dafny has 0-indexed columns, but Boogie counts from 1 + var realigned_tok = new Token(tok.line, tok.col - 1); + realigned_tok.kind = tok.kind; + realigned_tok.pos = tok.pos; + realigned_tok.val = tok.val; + realigned_tok.filename = tok.filename; + base.ReportBplError(realigned_tok, message, error, tw, category); if (tok is Dafny.NestedToken) { diff --git a/Test/dafny0/AdvancedLHS.dfy.expect b/Test/dafny0/AdvancedLHS.dfy.expect index cb817605..aab12cfc 100644 --- a/Test/dafny0/AdvancedLHS.dfy.expect +++ b/Test/dafny0/AdvancedLHS.dfy.expect @@ -1,4 +1,4 @@ -AdvancedLHS.dfy(34,23): Error: target object may be null +AdvancedLHS.dfy(34,22): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon15_Else diff --git a/Test/dafny0/Array.dfy.expect b/Test/dafny0/Array.dfy.expect index 59dcb4bf..40fb318d 100644 --- a/Test/dafny0/Array.dfy.expect +++ b/Test/dafny0/Array.dfy.expect @@ -1,16 +1,16 @@ -Array.dfy(13,8): Error: assignment may update an array element not in the enclosing context's modifies clause +Array.dfy(13,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon2 (0,0): anon6_Then -Array.dfy(20,16): Error: target object may be null +Array.dfy(20,15): Error: target object may be null Execution trace: (0,0): anon0 -Array.dfy(27,6): Error: index out of range +Array.dfy(27,5): Error: index out of range Execution trace: (0,0): anon0 -Array.dfy(51,20): Error: assertion violation +Array.dfy(51,19): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon12_Then @@ -21,19 +21,19 @@ Execution trace: (0,0): anon16_Then (0,0): anon9 (0,0): anon11 -Array.dfy(59,8): Error: assignment may update an array element not in the enclosing context's modifies clause +Array.dfy(59,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon2 (0,0): anon6_Then -Array.dfy(66,8): Error: assignment may update an array element not in the enclosing context's modifies clause +Array.dfy(66,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon2 (0,0): anon6_Then -Array.dfy(110,21): Error: upper bound below lower bound or above length of array +Array.dfy(110,20): Error: upper bound below lower bound or above length of array Execution trace: (0,0): anon0 (0,0): anon14_Else @@ -41,7 +41,7 @@ Execution trace: (0,0): anon19_Then (0,0): anon20_Then (0,0): anon11 -Array.dfy(120,8): Error: insufficient reads clause to read the indicated range of array elements +Array.dfy(120,7): Error: insufficient reads clause to read the indicated range of array elements Execution trace: (0,0): anon0 (0,0): anon10_Else @@ -49,7 +49,7 @@ Execution trace: (0,0): anon12_Then (0,0): anon13_Then (0,0): anon9 -Array.dfy(122,8): Error: insufficient reads clause to read the indicated range of array elements +Array.dfy(122,7): Error: insufficient reads clause to read the indicated range of array elements Execution trace: (0,0): anon0 (0,0): anon10_Else @@ -57,7 +57,7 @@ Execution trace: (0,0): anon12_Then (0,0): anon13_Else (0,0): anon9 -Array.dfy(123,8): Error: insufficient reads clause to read the indicated range of array elements +Array.dfy(123,7): Error: insufficient reads clause to read the indicated range of array elements Execution trace: (0,0): anon0 (0,0): anon10_Else @@ -65,7 +65,7 @@ Execution trace: (0,0): anon12_Then (0,0): anon13_Else (0,0): anon9 -Array.dfy(124,8): Error: insufficient reads clause to read the indicated range of array elements +Array.dfy(124,7): Error: insufficient reads clause to read the indicated range of array elements Execution trace: (0,0): anon0 (0,0): anon10_Else @@ -73,45 +73,45 @@ Execution trace: (0,0): anon12_Then (0,0): anon13_Else (0,0): anon9 -Array.dfy(163,6): Error: insufficient reads clause to read array element +Array.dfy(163,5): Error: insufficient reads clause to read array element Execution trace: (0,0): anon0 (0,0): anon8_Else (0,0): anon9_Then (0,0): anon10_Then (0,0): anon7 -Array.dfy(171,6): Error: insufficient reads clause to read array element +Array.dfy(171,5): Error: insufficient reads clause to read array element Execution trace: (0,0): anon0 (0,0): anon8_Else (0,0): anon9_Then (0,0): anon10_Then (0,0): anon7 -Array.dfy(187,6): Error: assignment may update an array element not in the enclosing context's modifies clause +Array.dfy(187,5): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 -Array.dfy(194,6): Error: assignment may update an array element not in the enclosing context's modifies clause +Array.dfy(194,5): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 -Array.dfy(219,1): Error BP5003: A postcondition might not hold on this return path. -Array.dfy(218,11): Related location: This is the postcondition that might not hold. +Array.dfy(219,0): Error BP5003: A postcondition might not hold on this return path. +Array.dfy(218,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Array.dfy(243,1): Error BP5003: A postcondition might not hold on this return path. -Array.dfy(242,11): Related location: This is the postcondition that might not hold. +Array.dfy(243,0): Error BP5003: A postcondition might not hold on this return path. +Array.dfy(242,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Array.dfy(249,1): Error BP5003: A postcondition might not hold on this return path. -Array.dfy(248,11): Related location: This is the postcondition that might not hold. +Array.dfy(249,0): Error BP5003: A postcondition might not hold on this return path. +Array.dfy(248,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Array.dfy(264,10): Error: value assigned to a nat must be non-negative +Array.dfy(264,9): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon2 (0,0): anon6_Then -Array.dfy(265,5): Error: value assigned to a nat must be non-negative +Array.dfy(265,4): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/AutoReq.dfy.expect b/Test/dafny0/AutoReq.dfy.expect index 8486716d..b4b34e14 100644 --- a/Test/dafny0/AutoReq.dfy.expect +++ b/Test/dafny0/AutoReq.dfy.expect @@ -1,43 +1,43 @@ -AutoReq.dfy(247,5): Error: possible violation of function precondition -AutoReq.dfy(239,14): Related location +AutoReq.dfy(247,4): Error: possible violation of function precondition +AutoReq.dfy(239,13): Related location Execution trace: (0,0): anon0 (0,0): anon4_Else -AutoReq.dfy(13,3): Error: possible violation of function precondition -AutoReq.dfy(5,14): Related location +AutoReq.dfy(13,2): Error: possible violation of function precondition +AutoReq.dfy(5,13): Related location Execution trace: (0,0): anon0 (0,0): anon4_Else -AutoReq.dfy(25,3): Error: possible violation of function precondition -AutoReq.dfy(5,14): Related location +AutoReq.dfy(25,2): Error: possible violation of function precondition +AutoReq.dfy(5,13): Related location Execution trace: (0,0): anon0 (0,0): anon4_Else -AutoReq.dfy(38,12): Error: assertion violation -AutoReq.dfy(31,13): Related location -AutoReq.dfy(7,5): Related location +AutoReq.dfy(38,11): Error: assertion violation +AutoReq.dfy(31,12): Related location +AutoReq.dfy(7,4): Related location Execution trace: (0,0): anon0 (0,0): anon9_Then -AutoReq.dfy(38,12): Error: possible violation of function precondition -AutoReq.dfy(5,14): Related location +AutoReq.dfy(38,11): Error: possible violation of function precondition +AutoReq.dfy(5,13): Related location Execution trace: (0,0): anon0 (0,0): anon9_Then -AutoReq.dfy(40,12): Error: assertion violation -AutoReq.dfy(31,27): Related location -AutoReq.dfy(7,5): Related location +AutoReq.dfy(40,11): Error: assertion violation +AutoReq.dfy(31,26): Related location +AutoReq.dfy(7,4): Related location Execution trace: (0,0): anon0 (0,0): anon10_Then -AutoReq.dfy(40,12): Error: possible violation of function precondition -AutoReq.dfy(5,14): Related location +AutoReq.dfy(40,11): Error: possible violation of function precondition +AutoReq.dfy(5,13): Related location Execution trace: (0,0): anon0 (0,0): anon10_Then -AutoReq.dfy(45,12): Error: assertion violation -AutoReq.dfy(31,13): Related location -AutoReq.dfy(7,5): Related location +AutoReq.dfy(45,11): Error: assertion violation +AutoReq.dfy(31,12): Related location +AutoReq.dfy(7,4): Related location Execution trace: (0,0): anon0 (0,0): anon11_Then diff --git a/Test/dafny0/Backticks.dfy.expect b/Test/dafny0/Backticks.dfy.expect index 57761ab4..58977413 100644 --- a/Test/dafny0/Backticks.dfy.expect +++ b/Test/dafny0/Backticks.dfy.expect @@ -1,10 +1,10 @@ -Backticks.dfy(38,5): Error: insufficient reads clause to invoke function +Backticks.dfy(38,4): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Else (0,0): anon6 -Backticks.dfy(77,8): Error: call may violate context's modifies clause +Backticks.dfy(77,7): Error: call may violate context's modifies clause Execution trace: (0,0): anon0 (0,0): anon3_Then diff --git a/Test/dafny0/BadFunction.dfy.expect b/Test/dafny0/BadFunction.dfy.expect index 9c4ae81d..1af2608d 100644 --- a/Test/dafny0/BadFunction.dfy.expect +++ b/Test/dafny0/BadFunction.dfy.expect @@ -1,4 +1,4 @@ -BadFunction.dfy(9,3): Error: failure to decrease termination measure +BadFunction.dfy(9,2): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon4_Else diff --git a/Test/dafny0/Basics.dfy.expect b/Test/dafny0/Basics.dfy.expect index f28df20a..65d5d101 100644 --- a/Test/dafny0/Basics.dfy.expect +++ b/Test/dafny0/Basics.dfy.expect @@ -1,8 +1,8 @@ -Basics.dfy(45,14): Error: assertion violation +Basics.dfy(45,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else -Basics.dfy(69,42): Error: assertion violation +Basics.dfy(69,41): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon13_Then @@ -12,7 +12,7 @@ Execution trace: Basics.dfy(69,82): anon17_Else Basics.dfy(69,95): anon18_Else (0,0): anon12 -Basics.dfy(93,14): Error: assertion violation +Basics.dfy(93,13): Error: assertion violation Execution trace: (0,0): anon0 Basics.dfy(83,14): anon27_Else @@ -27,7 +27,7 @@ Execution trace: Basics.dfy(91,13): anon34_Else (0,0): anon35_Then (0,0): anon15 -Basics.dfy(99,14): Error: assertion violation +Basics.dfy(99,13): Error: assertion violation Execution trace: (0,0): anon0 Basics.dfy(83,14): anon27_Else @@ -42,7 +42,7 @@ Execution trace: Basics.dfy(97,19): anon40_Else (0,0): anon41_Then (0,0): anon26 -Basics.dfy(112,28): Error: target object may be null +Basics.dfy(112,27): Error: target object may be null Execution trace: (0,0): anon0 Basics.dfy(105,20): anon13_Else @@ -52,7 +52,7 @@ Execution trace: Basics.dfy(107,24): anon15_Else (0,0): anon6 (0,0): anon16_Then -Basics.dfy(114,14): Error: target object may be null +Basics.dfy(114,13): Error: target object may be null Execution trace: (0,0): anon0 Basics.dfy(105,20): anon13_Else @@ -62,11 +62,11 @@ Execution trace: Basics.dfy(107,24): anon15_Else (0,0): anon6 (0,0): anon16_Else -Basics.dfy(149,16): Error: assertion violation +Basics.dfy(149,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon10_Then -Basics.dfy(168,10): Error: when left-hand sides 0 and 1 may refer to the same location, they must be assigned the same value +Basics.dfy(168,9): Error: when left-hand sides 0 and 1 may refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 (0,0): anon10_Then @@ -75,28 +75,28 @@ Execution trace: (0,0): anon6 (0,0): anon12_Then (0,0): anon9 -Basics.dfy(182,10): Error: when left-hand sides 0 and 1 refer to the same location, they must be assigned the same value +Basics.dfy(182,9): Error: when left-hand sides 0 and 1 refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 -Basics.dfy(194,19): Error: assertion violation +Basics.dfy(194,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon11_Then -Basics.dfy(196,10): Error: assignment may update an object not in the enclosing context's modifies clause +Basics.dfy(196,9): Error: assignment may update an object not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon3 -Basics.dfy(196,10): Error: target object may be null +Basics.dfy(196,9): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon3 -Basics.dfy(201,12): Error: left-hand sides 0 and 1 may refer to the same location +Basics.dfy(201,11): Error: left-hand sides 0 and 1 may refer to the same location Execution trace: (0,0): anon0 (0,0): anon11_Then (0,0): anon3 (0,0): anon12_Then -Basics.dfy(212,15): Error: assertion violation +Basics.dfy(212,14): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon11_Then @@ -106,19 +106,19 @@ Execution trace: (0,0): anon13_Then (0,0): anon8 (0,0): anon14_Then -Basics.dfy(274,10): Error: when left-hand sides 0 and 1 refer to the same location, they must be assigned the same value +Basics.dfy(274,9): Error: when left-hand sides 0 and 1 refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 -Basics.dfy(465,12): Error: assertion violation +Basics.dfy(465,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then (0,0): anon3 -Basics.dfy(476,19): Error: assertion violation +Basics.dfy(476,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Else -Basics.dfy(478,12): Error: assertion violation +Basics.dfy(478,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then diff --git a/Test/dafny0/Calculations.dfy.expect b/Test/dafny0/Calculations.dfy.expect index 3427a5cb..d4559f53 100644 --- a/Test/dafny0/Calculations.dfy.expect +++ b/Test/dafny0/Calculations.dfy.expect @@ -1,24 +1,24 @@ -Calculations.dfy(7,6): Error: index out of range +Calculations.dfy(7,5): Error: index out of range Execution trace: (0,0): anon0 (0,0): anon24_Then -Calculations.dfy(12,15): Error: index out of range +Calculations.dfy(12,14): Error: index out of range Execution trace: (0,0): anon0 (0,0): anon26_Then -Calculations.dfy(12,19): Error: assertion violation +Calculations.dfy(12,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon26_Then -Calculations.dfy(56,12): Error: assertion violation +Calculations.dfy(56,11): Error: assertion violation Execution trace: (0,0): anon0 Calculations.dfy(51,3): anon5_Else -Calculations.dfy(79,15): Error: index out of range +Calculations.dfy(79,14): Error: index out of range Execution trace: (0,0): anon0 (0,0): anon12_Then -Calculations.dfy(79,19): Error: assertion violation +Calculations.dfy(79,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon12_Then diff --git a/Test/dafny0/Char.dfy.expect b/Test/dafny0/Char.dfy.expect index 55418934..874aaa65 100644 --- a/Test/dafny0/Char.dfy.expect +++ b/Test/dafny0/Char.dfy.expect @@ -1,14 +1,14 @@ -Char.dfy(48,21): Error: assertion violation +Char.dfy(48,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then (0,0): anon10_Then -Char.dfy(52,21): Error: assertion violation +Char.dfy(52,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then (0,0): anon11_Else -Char.dfy(63,17): Error: assertion violation +Char.dfy(63,16): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Else diff --git a/Test/dafny0/CoPrefix.dfy.expect b/Test/dafny0/CoPrefix.dfy.expect index c92a09c1..a7295367 100644 --- a/Test/dafny0/CoPrefix.dfy.expect +++ b/Test/dafny0/CoPrefix.dfy.expect @@ -1,48 +1,48 @@ -CoPrefix.dfy(164,3): Error BP5003: A postcondition might not hold on this return path. -CoPrefix.dfy(163,15): Related location: This is the postcondition that might not hold. +CoPrefix.dfy(164,2): Error BP5003: A postcondition might not hold on this return path. +CoPrefix.dfy(163,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Else -CoPrefix.dfy(169,3): Error BP5003: A postcondition might not hold on this return path. -CoPrefix.dfy(168,15): Related location: This is the postcondition that might not hold. +CoPrefix.dfy(169,2): Error BP5003: A postcondition might not hold on this return path. +CoPrefix.dfy(168,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Else -CoPrefix.dfy(176,11): Error: cannot prove termination; try supplying a decreases clause +CoPrefix.dfy(176,10): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon3_Then -CoPrefix.dfy(63,57): Error: failure to decrease termination measure +CoPrefix.dfy(63,56): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon7_Then (0,0): anon8_Else (0,0): anon9_Then -CoPrefix.dfy(76,56): Error: cannot prove termination; try supplying a decreases clause +CoPrefix.dfy(76,55): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon7_Then (0,0): anon8_Else (0,0): anon9_Then -CoPrefix.dfy(114,1): Error BP5003: A postcondition might not hold on this return path. -CoPrefix.dfy(113,11): Related location: This is the postcondition that might not hold. -CoPrefix.dfy(101,17): Related location +CoPrefix.dfy(114,0): Error BP5003: A postcondition might not hold on this return path. +CoPrefix.dfy(113,10): Related location: This is the postcondition that might not hold. +CoPrefix.dfy(101,16): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then -CoPrefix.dfy(138,25): Error: assertion violation +CoPrefix.dfy(138,24): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then (0,0): anon10_Then -CoPrefix.dfy(142,25): Error: assertion violation -CoPrefix.dfy(117,23): Related location +CoPrefix.dfy(142,24): Error: assertion violation +CoPrefix.dfy(117,22): Related location Execution trace: (0,0): anon0 (0,0): anon9_Then (0,0): anon12_Then -CoPrefix.dfy(151,1): Error BP5003: A postcondition might not hold on this return path. -CoPrefix.dfy(150,11): Related location: This is the postcondition that might not hold. +CoPrefix.dfy(151,0): Error BP5003: A postcondition might not hold on this return path. +CoPrefix.dfy(150,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Else diff --git a/Test/dafny0/CoinductiveProofs.dfy.expect b/Test/dafny0/CoinductiveProofs.dfy.expect index 12ce2f01..2a5a2b0b 100644 --- a/Test/dafny0/CoinductiveProofs.dfy.expect +++ b/Test/dafny0/CoinductiveProofs.dfy.expect @@ -1,48 +1,48 @@ -CoinductiveProofs.dfy(29,12): Error: assertion violation -CoinductiveProofs.dfy(13,17): Related location +CoinductiveProofs.dfy(29,11): Error: assertion violation +CoinductiveProofs.dfy(13,16): Related location Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon6_Then -CoinductiveProofs.dfy(59,1): Error BP5003: A postcondition might not hold on this return path. -CoinductiveProofs.dfy(58,11): Related location: This is the postcondition that might not hold. -CoinductiveProofs.dfy(54,3): Related location +CoinductiveProofs.dfy(59,0): Error BP5003: A postcondition might not hold on this return path. +CoinductiveProofs.dfy(58,10): Related location: This is the postcondition that might not hold. +CoinductiveProofs.dfy(54,2): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then -CoinductiveProofs.dfy(74,12): Error: assertion violation -CoinductiveProofs.dfy(54,3): Related location +CoinductiveProofs.dfy(74,11): Error: assertion violation +CoinductiveProofs.dfy(54,2): Related location Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon6_Then -CoinductiveProofs.dfy(91,1): Error BP5003: A postcondition might not hold on this return path. -CoinductiveProofs.dfy(90,11): Related location: This is the postcondition that might not hold. -CoinductiveProofs.dfy(80,3): Related location +CoinductiveProofs.dfy(91,0): Error BP5003: A postcondition might not hold on this return path. +CoinductiveProofs.dfy(90,10): Related location: This is the postcondition that might not hold. +CoinductiveProofs.dfy(80,2): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then -CoinductiveProofs.dfy(100,12): Error: assertion violation -CoinductiveProofs.dfy(80,3): Related location +CoinductiveProofs.dfy(100,11): Error: assertion violation +CoinductiveProofs.dfy(80,2): Related location Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon6_Then -CoinductiveProofs.dfy(111,1): Error BP5003: A postcondition might not hold on this return path. -CoinductiveProofs.dfy(110,11): Related location: This is the postcondition that might not hold. -CoinductiveProofs.dfy(106,3): Related location +CoinductiveProofs.dfy(111,0): Error BP5003: A postcondition might not hold on this return path. +CoinductiveProofs.dfy(110,10): Related location: This is the postcondition that might not hold. +CoinductiveProofs.dfy(106,2): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then -CoinductiveProofs.dfy(150,1): Error BP5003: A postcondition might not hold on this return path. -CoinductiveProofs.dfy(149,22): Related location: This is the postcondition that might not hold. -CoinductiveProofs.dfy(4,24): Related location +CoinductiveProofs.dfy(150,0): Error BP5003: A postcondition might not hold on this return path. +CoinductiveProofs.dfy(149,21): Related location: This is the postcondition that might not hold. +CoinductiveProofs.dfy(4,23): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then -CoinductiveProofs.dfy(156,1): Error BP5003: A postcondition might not hold on this return path. -CoinductiveProofs.dfy(155,22): Related location: This is the postcondition that might not hold. -CoinductiveProofs.dfy(4,24): Related location +CoinductiveProofs.dfy(156,0): Error BP5003: A postcondition might not hold on this return path. +CoinductiveProofs.dfy(155,21): Related location: This is the postcondition that might not hold. +CoinductiveProofs.dfy(4,23): Related location Execution trace: (0,0): anon0 (0,0): anon3_Then diff --git a/Test/dafny0/Comprehensions.dfy.expect b/Test/dafny0/Comprehensions.dfy.expect index 88873fd8..887a3249 100644 --- a/Test/dafny0/Comprehensions.dfy.expect +++ b/Test/dafny0/Comprehensions.dfy.expect @@ -1,4 +1,4 @@ -Comprehensions.dfy(12,14): Error: assertion violation +Comprehensions.dfy(12,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then diff --git a/Test/dafny0/ComputationsLoop.dfy.expect b/Test/dafny0/ComputationsLoop.dfy.expect index 91dc2af9..84674030 100644 --- a/Test/dafny0/ComputationsLoop.dfy.expect +++ b/Test/dafny0/ComputationsLoop.dfy.expect @@ -1,8 +1,8 @@ -ComputationsLoop.dfy(7,3): Error: failure to decrease termination measure +ComputationsLoop.dfy(7,2): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon4_Else -ComputationsLoop.dfy(12,26): Error: assertion violation +ComputationsLoop.dfy(12,25): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/ComputationsLoop2.dfy.expect b/Test/dafny0/ComputationsLoop2.dfy.expect index 816cbd31..48fc618f 100644 --- a/Test/dafny0/ComputationsLoop2.dfy.expect +++ b/Test/dafny0/ComputationsLoop2.dfy.expect @@ -1,12 +1,12 @@ -ComputationsLoop2.dfy(6,3): Error: cannot prove termination; try supplying a decreases clause +ComputationsLoop2.dfy(6,2): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -ComputationsLoop2.dfy(11,3): Error: cannot prove termination; try supplying a decreases clause +ComputationsLoop2.dfy(11,2): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -ComputationsLoop2.dfy(16,26): Error: assertion violation +ComputationsLoop2.dfy(16,25): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/ComputationsNeg.dfy.expect b/Test/dafny0/ComputationsNeg.dfy.expect index a6318087..598e9fa5 100644 --- a/Test/dafny0/ComputationsNeg.dfy.expect +++ b/Test/dafny0/ComputationsNeg.dfy.expect @@ -1,19 +1,19 @@ -ComputationsNeg.dfy(7,3): Error: failure to decrease termination measure +ComputationsNeg.dfy(7,2): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon4_Else -ComputationsNeg.dfy(11,1): Error BP5003: A postcondition might not hold on this return path. -ComputationsNeg.dfy(10,17): Related location: This is the postcondition that might not hold. +ComputationsNeg.dfy(11,0): Error BP5003: A postcondition might not hold on this return path. +ComputationsNeg.dfy(10,16): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -ComputationsNeg.dfy(23,1): Error BP5003: A postcondition might not hold on this return path. -ComputationsNeg.dfy(22,11): Related location: This is the postcondition that might not hold. +ComputationsNeg.dfy(23,0): Error BP5003: A postcondition might not hold on this return path. +ComputationsNeg.dfy(22,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -ComputationsNeg.dfy(36,13): Error: assertion violation +ComputationsNeg.dfy(36,12): Error: assertion violation Execution trace: (0,0): anon0 -ComputationsNeg.dfy(45,13): Error: assertion violation +ComputationsNeg.dfy(45,12): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/ControlStructures.dfy.expect b/Test/dafny0/ControlStructures.dfy.expect index 3f4dce92..5638bcbc 100644 --- a/Test/dafny0/ControlStructures.dfy.expect +++ b/Test/dafny0/ControlStructures.dfy.expect @@ -1,29 +1,29 @@ -ControlStructures.dfy(8,3): Error: missing case in case statement: Purple +ControlStructures.dfy(8,2): Error: missing case in case statement: Purple Execution trace: (0,0): anon0 (0,0): anon6_Else (0,0): anon7_Else (0,0): anon8_Then -ControlStructures.dfy(8,3): Error: missing case in case statement: Blue +ControlStructures.dfy(8,2): Error: missing case in case statement: Blue Execution trace: (0,0): anon0 (0,0): anon6_Else (0,0): anon7_Else (0,0): anon8_Else (0,0): anon9_Then -ControlStructures.dfy(17,3): Error: missing case in case statement: Purple +ControlStructures.dfy(17,2): Error: missing case in case statement: Purple Execution trace: (0,0): anon0 (0,0): anon6_Else (0,0): anon7_Else (0,0): anon8_Then -ControlStructures.dfy(46,5): Error: missing case in case statement: Red +ControlStructures.dfy(46,4): Error: missing case in case statement: Red Execution trace: (0,0): anon0 (0,0): anon8_Then (0,0): anon9_Else (0,0): anon10_Then -ControlStructures.dfy(54,3): Error: missing case in case statement: Red +ControlStructures.dfy(54,2): Error: missing case in case statement: Red Execution trace: (0,0): anon0 (0,0): anon9_Else @@ -31,11 +31,11 @@ Execution trace: (0,0): anon11_Else (0,0): anon12_Else (0,0): anon13_Then -ControlStructures.dfy(75,3): Error: alternative cases fail to cover all possibilties +ControlStructures.dfy(75,2): Error: alternative cases fail to cover all possibilties Execution trace: (0,0): anon0 (0,0): anon5_Else -ControlStructures.dfy(218,18): Error: assertion violation +ControlStructures.dfy(218,17): Error: assertion violation Execution trace: (0,0): anon0 ControlStructures.dfy(197,3): anon59_LoopHead @@ -51,7 +51,7 @@ Execution trace: (0,0): anon69_LoopBody ControlStructures.dfy(213,9): anon70_Else (0,0): anon71_Then -ControlStructures.dfy(235,21): Error: assertion violation +ControlStructures.dfy(235,20): Error: assertion violation Execution trace: (0,0): anon0 ControlStructures.dfy(197,3): anon59_LoopHead @@ -77,7 +77,7 @@ Execution trace: (0,0): anon38 (0,0): anon83_Then (0,0): anon52 -ControlStructures.dfy(238,30): Error: assertion violation +ControlStructures.dfy(238,29): Error: assertion violation Execution trace: (0,0): anon0 ControlStructures.dfy(197,3): anon59_LoopHead @@ -92,7 +92,7 @@ Execution trace: (0,0): anon84_Then (0,0): anon85_Then (0,0): anon56 -ControlStructures.dfy(241,17): Error: assertion violation +ControlStructures.dfy(241,16): Error: assertion violation Execution trace: (0,0): anon0 ControlStructures.dfy(197,3): anon59_LoopHead diff --git a/Test/dafny0/Corecursion.dfy.expect b/Test/dafny0/Corecursion.dfy.expect index 619a9c84..a6b3fdce 100644 --- a/Test/dafny0/Corecursion.dfy.expect +++ b/Test/dafny0/Corecursion.dfy.expect @@ -1,34 +1,34 @@ -Corecursion.dfy(17,13): Error: cannot prove termination; try supplying a decreases clause (note that only functions without side effects can be called co-recursively) +Corecursion.dfy(17,12): Error: cannot prove termination; try supplying a decreases clause (note that only functions without side effects can be called co-recursively) Execution trace: (0,0): anon0 (0,0): anon4_Else -Corecursion.dfy(23,13): Error: cannot prove termination; try supplying a decreases clause (note that only functions without any ensures clause can be called co-recursively) +Corecursion.dfy(23,12): Error: cannot prove termination; try supplying a decreases clause (note that only functions without any ensures clause can be called co-recursively) Execution trace: (0,0): anon0 (0,0): anon4_Else -Corecursion.dfy(58,5): Error: cannot prove termination; try supplying a decreases clause +Corecursion.dfy(58,4): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -Corecursion.dfy(71,16): Error: cannot prove termination; try supplying a decreases clause (note that calls cannot be co-recursive in this context) +Corecursion.dfy(71,15): Error: cannot prove termination; try supplying a decreases clause (note that calls cannot be co-recursive in this context) Execution trace: (0,0): anon0 (0,0): anon7_Else -Corecursion.dfy(93,15): Error: cannot prove termination; try supplying a decreases clause (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) +Corecursion.dfy(93,14): Error: cannot prove termination; try supplying a decreases clause (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Corecursion.dfy(103,15): Error: cannot prove termination; try supplying a decreases clause (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) +Corecursion.dfy(103,14): Error: cannot prove termination; try supplying a decreases clause (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Corecursion.dfy(148,13): Error: failure to decrease termination measure (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) +Corecursion.dfy(148,12): Error: failure to decrease termination measure (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) Execution trace: (0,0): anon0 (0,0): anon4_Else -Corecursion.dfy(161,13): Error: failure to decrease termination measure (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) +Corecursion.dfy(161,12): Error: failure to decrease termination measure (note that a call can be co-recursive only if all intra-cluster calls are in non-destructive contexts) Execution trace: (0,0): anon0 (0,0): anon4_Else diff --git a/Test/dafny0/DTypes.dfy.expect b/Test/dafny0/DTypes.dfy.expect index 9b4288e9..76088e9b 100644 --- a/Test/dafny0/DTypes.dfy.expect +++ b/Test/dafny0/DTypes.dfy.expect @@ -1,27 +1,27 @@ -DTypes.dfy(182,3): Error BP5003: A postcondition might not hold on this return path. -DTypes.dfy(181,15): Related location: This is the postcondition that might not hold. +DTypes.dfy(182,2): Error BP5003: A postcondition might not hold on this return path. +DTypes.dfy(181,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -DTypes.dfy(18,14): Error: assertion violation +DTypes.dfy(18,13): Error: assertion violation Execution trace: (0,0): anon0 -DTypes.dfy(56,18): Error: assertion violation +DTypes.dfy(56,17): Error: assertion violation Execution trace: (0,0): anon0 -DTypes.dfy(121,13): Error: assertion violation -DTypes.dfy(93,30): Related location +DTypes.dfy(121,12): Error: assertion violation +DTypes.dfy(93,29): Related location Execution trace: (0,0): anon0 -DTypes.dfy(127,13): Error: assertion violation -DTypes.dfy(93,20): Related location +DTypes.dfy(127,12): Error: assertion violation +DTypes.dfy(93,19): Related location Execution trace: (0,0): anon0 -DTypes.dfy(137,12): Error: assertion violation -DTypes.dfy(132,6): Related location -DTypes.dfy(93,20): Related location +DTypes.dfy(137,11): Error: assertion violation +DTypes.dfy(132,5): Related location +DTypes.dfy(93,19): Related location Execution trace: (0,0): anon0 -DTypes.dfy(158,12): Error: assertion violation +DTypes.dfy(158,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/Datatypes.dfy.expect b/Test/dafny0/Datatypes.dfy.expect index 4c0b1e96..7147ca60 100644 --- a/Test/dafny0/Datatypes.dfy.expect +++ b/Test/dafny0/Datatypes.dfy.expect @@ -1,43 +1,43 @@ -Datatypes.dfy(297,10): Error BP5003: A postcondition might not hold on this return path. -Datatypes.dfy(295,15): Related location: This is the postcondition that might not hold. +Datatypes.dfy(297,9): Error BP5003: A postcondition might not hold on this return path. +Datatypes.dfy(295,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon13_Then (0,0): anon14_Else (0,0): anon15_Then (0,0): anon6 -Datatypes.dfy(298,12): Error: missing case in case statement: Appendix +Datatypes.dfy(298,11): Error: missing case in case statement: Appendix Execution trace: (0,0): anon0 (0,0): anon13_Then (0,0): anon14_Else (0,0): anon15_Else (0,0): anon16_Then -Datatypes.dfy(349,5): Error: missing case in case statement: Cons +Datatypes.dfy(349,4): Error: missing case in case statement: Cons Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Datatypes.dfy(349,5): Error: missing case in case statement: Nil +Datatypes.dfy(349,4): Error: missing case in case statement: Nil Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Else (0,0): anon9_Then -Datatypes.dfy(356,8): Error: missing case in case statement: Cons +Datatypes.dfy(356,7): Error: missing case in case statement: Cons Execution trace: (0,0): anon0 (0,0): anon10_Else (0,0): anon11_Then (0,0): anon12_Then -Datatypes.dfy(356,8): Error: missing case in case statement: Nil +Datatypes.dfy(356,7): Error: missing case in case statement: Nil Execution trace: (0,0): anon0 (0,0): anon10_Else (0,0): anon11_Then (0,0): anon12_Else (0,0): anon13_Then -Datatypes.dfy(82,20): Error: assertion violation +Datatypes.dfy(82,19): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon20_Else @@ -47,23 +47,23 @@ Execution trace: (0,0): anon23_Then (0,0): anon24_Else (0,0): anon25_Then -Datatypes.dfy(170,16): Error: assertion violation +Datatypes.dfy(170,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then -Datatypes.dfy(172,16): Error: assertion violation +Datatypes.dfy(172,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Else (0,0): anon5_Then -Datatypes.dfy(201,13): Error: destructor 'Car' can only be applied to datatype values constructed by 'XCons' +Datatypes.dfy(201,12): Error: destructor 'Car' can only be applied to datatype values constructed by 'XCons' Execution trace: (0,0): anon0 -Datatypes.dfy(204,17): Error: destructor 'Car' can only be applied to datatype values constructed by 'XCons' +Datatypes.dfy(204,16): Error: destructor 'Car' can only be applied to datatype values constructed by 'XCons' Execution trace: (0,0): anon0 (0,0): anon6_Then -Datatypes.dfy(225,17): Error: destructor 'c' can only be applied to datatype values constructed by 'T'' +Datatypes.dfy(225,16): Error: destructor 'c' can only be applied to datatype values constructed by 'T'' Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/Definedness.dfy.expect b/Test/dafny0/Definedness.dfy.expect index af5b62b9..b5b015ad 100644 --- a/Test/dafny0/Definedness.dfy.expect +++ b/Test/dafny0/Definedness.dfy.expect @@ -1,87 +1,87 @@ -Definedness.dfy(11,7): Error: possible division by zero +Definedness.dfy(11,6): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon4_Else -Definedness.dfy(18,16): Error: possible division by zero +Definedness.dfy(18,15): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(27,16): Error: target object may be null +Definedness.dfy(27,15): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(28,21): Error: target object may be null +Definedness.dfy(28,20): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon3_Then -Definedness.dfy(29,17): Error: possible division by zero +Definedness.dfy(29,16): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(36,16): Error: target object may be null +Definedness.dfy(36,15): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(45,16): Error: target object may be null +Definedness.dfy(45,15): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(53,18): Error: target object may be null +Definedness.dfy(53,17): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(54,3): Error BP5003: A postcondition might not hold on this return path. -Definedness.dfy(53,22): Related location: This is the postcondition that might not hold. +Definedness.dfy(54,2): Error BP5003: A postcondition might not hold on this return path. +Definedness.dfy(53,21): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Definedness.dfy(60,18): Error: target object may be null +Definedness.dfy(60,17): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(61,3): Error BP5003: A postcondition might not hold on this return path. -Definedness.dfy(60,22): Related location: This is the postcondition that might not hold. +Definedness.dfy(61,2): Error BP5003: A postcondition might not hold on this return path. +Definedness.dfy(60,21): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Definedness.dfy(68,3): Error BP5003: A postcondition might not hold on this return path. -Definedness.dfy(67,22): Related location: This is the postcondition that might not hold. +Definedness.dfy(68,2): Error BP5003: A postcondition might not hold on this return path. +Definedness.dfy(67,21): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Definedness.dfy(88,7): Error: target object may be null +Definedness.dfy(88,6): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(89,5): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(89,4): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 -Definedness.dfy(89,10): Error: assignment may update an object not in the enclosing context's modifies clause +Definedness.dfy(89,9): Error: assignment may update an object not in the enclosing context's modifies clause Execution trace: (0,0): anon0 -Definedness.dfy(89,10): Error: target object may be null +Definedness.dfy(89,9): Error: target object may be null Execution trace: (0,0): anon0 -Definedness.dfy(90,10): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(90,9): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 -Definedness.dfy(95,14): Error: possible division by zero +Definedness.dfy(95,13): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(95,23): Error: possible division by zero +Definedness.dfy(95,22): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(96,15): Error: possible division by zero +Definedness.dfy(96,14): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(101,12): Error: possible division by zero +Definedness.dfy(101,11): Error: possible division by zero Execution trace: (0,0): anon0 -Definedness.dfy(108,15): Error: possible division by zero +Definedness.dfy(108,14): Error: possible division by zero Execution trace: Definedness.dfy(108,5): anon7_LoopHead (0,0): anon7_LoopBody Definedness.dfy(108,5): anon8_Else -Definedness.dfy(117,23): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(117,22): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 Definedness.dfy(116,5): anon12_LoopHead (0,0): anon12_LoopBody (0,0): anon13_Then -Definedness.dfy(123,17): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(123,16): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 Definedness.dfy(116,5): anon12_LoopHead @@ -91,30 +91,30 @@ Execution trace: Definedness.dfy(122,5): anon15_LoopHead (0,0): anon15_LoopBody (0,0): anon16_Then -Definedness.dfy(133,17): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(133,16): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 Definedness.dfy(132,5): anon6_LoopHead (0,0): anon6_LoopBody (0,0): anon7_Then -Definedness.dfy(133,22): Error BP5004: This loop invariant might not hold on entry. +Definedness.dfy(133,21): Error BP5004: This loop invariant might not hold on entry. Execution trace: (0,0): anon0 -Definedness.dfy(134,17): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(134,16): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 Definedness.dfy(132,5): anon6_LoopHead (0,0): anon6_LoopBody (0,0): anon7_Then -Definedness.dfy(143,15): Error: possible division by zero +Definedness.dfy(143,14): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(143,5): anon8_LoopHead (0,0): anon8_LoopBody Definedness.dfy(143,5): anon9_Else -Definedness.dfy(162,15): Error: possible division by zero +Definedness.dfy(162,14): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(156,5): anon16_LoopHead @@ -126,11 +126,11 @@ Execution trace: Definedness.dfy(162,5): anon20_LoopHead (0,0): anon20_LoopBody Definedness.dfy(162,5): anon21_Else -Definedness.dfy(175,28): Error BP5004: This loop invariant might not hold on entry. +Definedness.dfy(175,27): Error BP5004: This loop invariant might not hold on entry. Execution trace: (0,0): anon0 -Definedness.dfy(181,17): Error: possible violation of function precondition -Definedness.dfy(79,16): Related location +Definedness.dfy(181,16): Error: possible violation of function precondition +Definedness.dfy(79,15): Related location Execution trace: (0,0): anon0 Definedness.dfy(173,5): anon18_LoopHead @@ -142,32 +142,32 @@ Execution trace: (0,0): anon22_Then (0,0): anon23_Then (0,0): anon11 -Definedness.dfy(196,19): Error: possible division by zero +Definedness.dfy(196,18): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(194,5): anon6_LoopHead (0,0): anon6_LoopBody (0,0): anon7_Then -Definedness.dfy(196,23): Error BP5004: This loop invariant might not hold on entry. +Definedness.dfy(196,22): Error BP5004: This loop invariant might not hold on entry. Execution trace: (0,0): anon0 -Definedness.dfy(196,28): Error: possible division by zero +Definedness.dfy(196,27): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(194,5): anon6_LoopHead (0,0): anon6_LoopBody (0,0): anon7_Then -Definedness.dfy(215,10): Error BP5003: A postcondition might not hold on this return path. -Definedness.dfy(217,46): Related location: This is the postcondition that might not hold. +Definedness.dfy(215,9): Error BP5003: A postcondition might not hold on this return path. +Definedness.dfy(217,45): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Else -Definedness.dfy(224,22): Error: target object may be null +Definedness.dfy(224,21): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon4_Then -Definedness.dfy(237,10): Error BP5003: A postcondition might not hold on this return path. -Definedness.dfy(240,24): Related location: This is the postcondition that might not hold. +Definedness.dfy(237,9): Error BP5003: A postcondition might not hold on this return path. +Definedness.dfy(240,23): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Else diff --git a/Test/dafny0/DeterministicPick.dfy.expect b/Test/dafny0/DeterministicPick.dfy.expect index 0999294e..aef97ebd 100644 --- a/Test/dafny0/DeterministicPick.dfy.expect +++ b/Test/dafny0/DeterministicPick.dfy.expect @@ -1,4 +1,4 @@ -DeterministicPick.dfy(13,5): Error: to be compilable, the value of a let-such-that expression must be uniquely determined +DeterministicPick.dfy(13,4): Error: to be compilable, the value of a let-such-that expression must be uniquely determined Execution trace: (0,0): anon0 (0,0): anon4_Else diff --git a/Test/dafny0/DiamondImports.dfy.expect b/Test/dafny0/DiamondImports.dfy.expect index e9e8c2b9..1acca075 100644 --- a/Test/dafny0/DiamondImports.dfy.expect +++ b/Test/dafny0/DiamondImports.dfy.expect @@ -1,12 +1,12 @@ -DiamondImports.dfy(34,16): Error: assertion violation +DiamondImports.dfy(34,15): Error: assertion violation Execution trace: (0,0): anon0 -DiamondImports.dfy(50,16): Error: assertion violation +DiamondImports.dfy(50,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then (0,0): anon2 -DiamondImports.dfy(101,16): Error: assertion violation +DiamondImports.dfy(101,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon7_Then @@ -14,7 +14,7 @@ Execution trace: (0,0): anon8_Then (0,0): anon9_Then (0,0): anon6 -DiamondImports.dfy(120,16): Error: assertion violation +DiamondImports.dfy(120,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then @@ -25,7 +25,7 @@ Execution trace: (0,0): anon6 (0,0): anon12_Then (0,0): anon8 -DiamondImports.dfy(140,26): Error: assertion violation +DiamondImports.dfy(140,25): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Fuel.dfy.expect b/Test/dafny0/Fuel.dfy.expect index 4c180a9c..90fe877d 100644 --- a/Test/dafny0/Fuel.dfy.expect +++ b/Test/dafny0/Fuel.dfy.expect @@ -1,94 +1,94 @@ -Fuel.dfy(17,23): Error: assertion violation +Fuel.dfy(17,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(65,28): Error: assertion violation +Fuel.dfy(65,27): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Else -Fuel.dfy(69,28): Error: assertion violation +Fuel.dfy(69,27): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Then (0,0): anon7_Then -Fuel.dfy(92,23): Error: assertion violation +Fuel.dfy(92,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(94,23): Error: assertion violation +Fuel.dfy(94,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(120,23): Error: assertion violation +Fuel.dfy(120,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(122,23): Error: assertion violation +Fuel.dfy(122,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(129,39): Error: assertion violation +Fuel.dfy(129,38): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(132,27): Error: assertion violation +Fuel.dfy(132,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -Fuel.dfy(133,27): Error: assertion violation +Fuel.dfy(133,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -Fuel.dfy(157,23): Error: assertion violation +Fuel.dfy(157,22): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon10_Else (0,0): anon9 -Fuel.dfy(200,56): Error: assertion violation +Fuel.dfy(200,55): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(245,23): Error: assertion violation +Fuel.dfy(245,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(247,23): Error: assertion violation +Fuel.dfy(247,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(280,27): Error: assertion violation +Fuel.dfy(280,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon7_Then -Fuel.dfy(335,27): Error: possible violation of function precondition -Fuel.dfy(324,22): Related location +Fuel.dfy(335,26): Error: possible violation of function precondition +Fuel.dfy(324,21): Related location Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(335,50): Error: destructor 't' can only be applied to datatype values constructed by 'VTuple' +Fuel.dfy(335,49): Error: destructor 't' can only be applied to datatype values constructed by 'VTuple' Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(335,51): Error: index out of range +Fuel.dfy(335,50): Error: index out of range Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(336,39): Error: index out of range +Fuel.dfy(336,38): Error: index out of range Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(336,43): Error: destructor 'u' can only be applied to datatype values constructed by 'VUint64' +Fuel.dfy(336,42): Error: destructor 'u' can only be applied to datatype values constructed by 'VUint64' Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(346,43): Error: destructor 'u' can only be applied to datatype values constructed by 'VUint64' +Fuel.dfy(346,42): Error: destructor 'u' can only be applied to datatype values constructed by 'VUint64' Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -Fuel.dfy(397,23): Error: assertion violation +Fuel.dfy(397,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(398,23): Error: assertion violation +Fuel.dfy(398,22): Error: assertion violation Execution trace: (0,0): anon0 -Fuel.dfy(407,39): Error: assertion violation +Fuel.dfy(407,38): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/FunctionSpecifications.dfy.expect b/Test/dafny0/FunctionSpecifications.dfy.expect index 9f76313a..078afaef 100644 --- a/Test/dafny0/FunctionSpecifications.dfy.expect +++ b/Test/dafny0/FunctionSpecifications.dfy.expect @@ -1,5 +1,5 @@ -FunctionSpecifications.dfy(29,10): Error BP5003: A postcondition might not hold on this return path. -FunctionSpecifications.dfy(31,13): Related location: This is the postcondition that might not hold. +FunctionSpecifications.dfy(29,9): Error BP5003: A postcondition might not hold on this return path. +FunctionSpecifications.dfy(31,12): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon10_Else @@ -7,64 +7,64 @@ Execution trace: (0,0): anon12_Then (0,0): anon13_Else (0,0): anon9 -FunctionSpecifications.dfy(38,10): Error BP5003: A postcondition might not hold on this return path. -FunctionSpecifications.dfy(40,24): Related location: This is the postcondition that might not hold. +FunctionSpecifications.dfy(38,9): Error BP5003: A postcondition might not hold on this return path. +FunctionSpecifications.dfy(40,23): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon15_Else (0,0): anon18_Else (0,0): anon19_Then (0,0): anon14 -FunctionSpecifications.dfy(53,11): Error: cannot prove termination; try supplying a decreases clause +FunctionSpecifications.dfy(53,10): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon11_Then (0,0): anon5 -FunctionSpecifications.dfy(59,10): Error BP5003: A postcondition might not hold on this return path. -FunctionSpecifications.dfy(60,22): Related location: This is the postcondition that might not hold. +FunctionSpecifications.dfy(59,9): Error BP5003: A postcondition might not hold on this return path. +FunctionSpecifications.dfy(60,21): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon7_Else -FunctionSpecifications.dfy(108,23): Error: assertion violation +FunctionSpecifications.dfy(108,22): Error: assertion violation Execution trace: (0,0): anon0 -FunctionSpecifications.dfy(111,23): Error: assertion violation +FunctionSpecifications.dfy(111,22): Error: assertion violation Execution trace: (0,0): anon0 -FunctionSpecifications.dfy(126,27): Error: assertion violation +FunctionSpecifications.dfy(126,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -FunctionSpecifications.dfy(130,27): Error: assertion violation +FunctionSpecifications.dfy(130,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else -FunctionSpecifications.dfy(158,3): Error: cannot prove termination; try supplying a decreases clause +FunctionSpecifications.dfy(158,2): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(167,11): Error: cannot prove termination; try supplying a decreases clause +FunctionSpecifications.dfy(167,10): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(135,20): Error BP5003: A postcondition might not hold on this return path. -FunctionSpecifications.dfy(137,29): Related location: This is the postcondition that might not hold. +FunctionSpecifications.dfy(135,19): Error BP5003: A postcondition might not hold on this return path. +FunctionSpecifications.dfy(137,28): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(146,3): Error: failure to decrease termination measure +FunctionSpecifications.dfy(146,2): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(153,3): Error: failure to decrease termination measure +FunctionSpecifications.dfy(153,2): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(174,3): Error: cannot prove termination; try supplying a decreases clause +FunctionSpecifications.dfy(174,2): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -FunctionSpecifications.dfy(171,20): Error: cannot prove termination; try supplying a decreases clause +FunctionSpecifications.dfy(171,19): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 diff --git a/Test/dafny0/IMaps.dfy.expect b/Test/dafny0/IMaps.dfy.expect index c2da9505..28ca8ca3 100644 --- a/Test/dafny0/IMaps.dfy.expect +++ b/Test/dafny0/IMaps.dfy.expect @@ -1,4 +1,4 @@ -IMaps.dfy(52,8): Error: element may not be in domain +IMaps.dfy(52,7): Error: element may not be in domain Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/Include.dfy.expect b/Test/dafny0/Include.dfy.expect index 0921cec9..d4543afe 100644 --- a/Test/dafny0/Include.dfy.expect +++ b/Test/dafny0/Include.dfy.expect @@ -1,13 +1,13 @@ -Include.dfy(19,19): Error BP5003: A postcondition might not hold on this return path. -Includee.dfy(17,20): Related location: This is the postcondition that might not hold. +Include.dfy(19,18): Error BP5003: A postcondition might not hold on this return path. +Includee.dfy(17,19): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Else -Includee.dfy[Concrete](22,16): Error: assertion violation +Includee.dfy[Concrete](22,15): Error: assertion violation Execution trace: (0,0): anon0 -Include.dfy(27,7): Error BP5003: A postcondition might not hold on this return path. -Includee.dfy[Concrete](20,15): Related location: This is the postcondition that might not hold. +Include.dfy(27,6): Error BP5003: A postcondition might not hold on this return path. +Includee.dfy[Concrete](20,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon6_Then diff --git a/Test/dafny0/Includee.dfy.expect b/Test/dafny0/Includee.dfy.expect index e0f0689c..ce61e32a 100644 --- a/Test/dafny0/Includee.dfy.expect +++ b/Test/dafny0/Includee.dfy.expect @@ -1,12 +1,12 @@ -Includee.dfy(21,3): Error BP5003: A postcondition might not hold on this return path. -Includee.dfy(20,15): Related location: This is the postcondition that might not hold. +Includee.dfy(21,2): Error BP5003: A postcondition might not hold on this return path. +Includee.dfy(20,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Includee.dfy(24,18): Error: assertion violation +Includee.dfy(24,17): Error: assertion violation Execution trace: (0,0): anon0 -Includee.dfy(6,1): Error BP5003: A postcondition might not hold on this return path. -Includee.dfy(5,13): Related location: This is the postcondition that might not hold. +Includee.dfy(6,0): Error BP5003: A postcondition might not hold on this return path. +Includee.dfy(5,12): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 diff --git a/Test/dafny0/IndexIntoUpdate.dfy.expect b/Test/dafny0/IndexIntoUpdate.dfy.expect index 3423a20b..2db3aa0a 100644 --- a/Test/dafny0/IndexIntoUpdate.dfy.expect +++ b/Test/dafny0/IndexIntoUpdate.dfy.expect @@ -1,4 +1,4 @@ -IndexIntoUpdate.dfy(7,19): Error: assertion violation +IndexIntoUpdate.dfy(7,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then diff --git a/Test/dafny0/InductivePredicates.dfy.expect b/Test/dafny0/InductivePredicates.dfy.expect index b09b7903..ccf30643 100644 --- a/Test/dafny0/InductivePredicates.dfy.expect +++ b/Test/dafny0/InductivePredicates.dfy.expect @@ -1,8 +1,8 @@ -InductivePredicates.dfy(64,10): Error: assertion violation +InductivePredicates.dfy(64,9): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -InductivePredicates.dfy(76,11): Error: assertion violation +InductivePredicates.dfy(76,10): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Inverses.dfy.expect b/Test/dafny0/Inverses.dfy.expect index a04f21dc..29c67e5d 100644 --- a/Test/dafny0/Inverses.dfy.expect +++ b/Test/dafny0/Inverses.dfy.expect @@ -1,10 +1,10 @@ -Inverses.dfy(70,1): Error BP5003: A postcondition might not hold on this return path. -Inverses.dfy(69,11): Related location: This is the postcondition that might not hold. +Inverses.dfy(70,0): Error BP5003: A postcondition might not hold on this return path. +Inverses.dfy(69,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon6_Else -Inverses.dfy(83,1): Error BP5003: A postcondition might not hold on this return path. -Inverses.dfy(82,11): Related location: This is the postcondition that might not hold. +Inverses.dfy(83,0): Error BP5003: A postcondition might not hold on this return path. +Inverses.dfy(82,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon9_Else diff --git a/Test/dafny0/Iterators.dfy.expect b/Test/dafny0/Iterators.dfy.expect index f0c6e400..d9129e3e 100644 --- a/Test/dafny0/Iterators.dfy.expect +++ b/Test/dafny0/Iterators.dfy.expect @@ -1,55 +1,55 @@ -Iterators.dfy(251,10): Error: failure to decrease termination measure +Iterators.dfy(251,9): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(274,10): Error: failure to decrease termination measure +Iterators.dfy(274,9): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(284,32): Error: failure to decrease termination measure +Iterators.dfy(284,31): Error: failure to decrease termination measure Execution trace: (0,0): anon0 -Iterators.dfy(296,10): Error: cannot prove termination; try supplying a decreases clause +Iterators.dfy(296,9): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(317,10): Error: cannot prove termination; try supplying a decreases clause +Iterators.dfy(317,9): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(326,32): Error: cannot prove termination; try supplying a decreases clause +Iterators.dfy(326,31): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 -Iterators.dfy(343,10): Error: failure to decrease termination measure +Iterators.dfy(343,9): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(353,32): Error: cannot prove termination; try supplying a decreases clause +Iterators.dfy(353,31): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 -Iterators.dfy(370,10): Error: failure to decrease termination measure +Iterators.dfy(370,9): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Else -Iterators.dfy(103,22): Error: assertion violation +Iterators.dfy(103,21): Error: assertion violation Execution trace: (0,0): anon0 -Iterators.dfy(106,14): Error: assertion violation +Iterators.dfy(106,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then (0,0): anon3 -Iterators.dfy(177,28): Error: assertion violation +Iterators.dfy(177,27): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon15_Then -Iterators.dfy(208,7): Error: an assignment to _new is only allowed to shrink the set +Iterators.dfy(208,6): Error: an assignment to _new is only allowed to shrink the set Execution trace: (0,0): anon0 Iterators.dfy(197,3): anon16_LoopHead @@ -57,7 +57,7 @@ Execution trace: Iterators.dfy(197,3): anon17_Else Iterators.dfy(197,3): anon19_Else (0,0): anon20_Then -Iterators.dfy(212,21): Error: assertion violation +Iterators.dfy(212,20): Error: assertion violation Execution trace: (0,0): anon0 Iterators.dfy(197,3): anon16_LoopHead @@ -65,8 +65,8 @@ Execution trace: Iterators.dfy(197,3): anon17_Else Iterators.dfy(197,3): anon19_Else (0,0): anon21_Then -Iterators.dfy(40,22): Error BP5002: A precondition for this call might not hold. -Iterators.dfy(4,10): Related location: This is the precondition that might not hold. +Iterators.dfy(40,21): Error BP5002: A precondition for this call might not hold. +Iterators.dfy(4,9): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon35_Then @@ -74,24 +74,24 @@ Execution trace: (0,0): anon36_Then (0,0): anon5 (0,0): anon37_Then -Iterators.dfy(89,14): Error: assertion violation +Iterators.dfy(89,13): Error: assertion violation Execution trace: (0,0): anon0 -Iterators.dfy(119,16): Error: assertion violation +Iterators.dfy(119,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else -Iterators.dfy(150,16): Error: assertion violation +Iterators.dfy(150,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Else -Iterators.dfy(155,24): Error BP5002: A precondition for this call might not hold. -Iterators.dfy(125,10): Related location: This is the precondition that might not hold. +Iterators.dfy(155,23): Error BP5002: A precondition for this call might not hold. +Iterators.dfy(125,9): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Then (0,0): anon3 -Iterators.dfy(234,21): Error: assertion violation +Iterators.dfy(234,20): Error: assertion violation Execution trace: (0,0): anon0 Iterators.dfy(225,3): anon14_LoopHead diff --git a/Test/dafny0/LetExpr.dfy.expect b/Test/dafny0/LetExpr.dfy.expect index 66dc2764..f0f51274 100644 --- a/Test/dafny0/LetExpr.dfy.expect +++ b/Test/dafny0/LetExpr.dfy.expect @@ -1,35 +1,35 @@ -LetExpr.dfy(109,23): Error: assertion violation +LetExpr.dfy(109,22): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon11_Then -LetExpr.dfy(9,12): Error: assertion violation +LetExpr.dfy(9,11): Error: assertion violation Execution trace: (0,0): anon0 -LetExpr.dfy(254,19): Error: value assigned to a nat must be non-negative +LetExpr.dfy(254,18): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon5_Then -LetExpr.dfy(257,19): Error: value assigned to a nat must be non-negative +LetExpr.dfy(257,18): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon6_Then -LetExpr.dfy(259,24): Error: value assigned to a nat must be non-negative +LetExpr.dfy(259,23): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon6_Else -LetExpr.dfy(288,14): Error: RHS is not certain to look like the pattern 'Agnes' +LetExpr.dfy(288,13): Error: RHS is not certain to look like the pattern 'Agnes' Execution trace: (0,0): anon0 (0,0): anon3_Else -LetExpr.dfy(305,42): Error: value assigned to a nat must be non-negative +LetExpr.dfy(305,41): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon7_Else -LetExpr.dfy(307,12): Error: assertion violation +LetExpr.dfy(307,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon7_Else -LetExpr.dfy(317,12): Error: to be compilable, the value of a let-such-that expression must be uniquely determined +LetExpr.dfy(317,11): Error: to be compilable, the value of a let-such-that expression must be uniquely determined Execution trace: (0,0): anon0 (0,0): anon10_Then diff --git a/Test/dafny0/LhsDuplicates.dfy.expect b/Test/dafny0/LhsDuplicates.dfy.expect index a864390f..d6689047 100644 --- a/Test/dafny0/LhsDuplicates.dfy.expect +++ b/Test/dafny0/LhsDuplicates.dfy.expect @@ -1,27 +1,27 @@ -LhsDuplicates.dfy(18,10): Error: left-hand sides for different forall-statement bound variables may refer to the same location +LhsDuplicates.dfy(18,9): Error: left-hand sides for different forall-statement bound variables may refer to the same location Execution trace: (0,0): anon0 (0,0): anon16_Else (0,0): anon18_Else (0,0): anon21_Then (0,0): anon13 -LhsDuplicates.dfy(34,12): Error: left-hand sides for different forall-statement bound variables may refer to the same location +LhsDuplicates.dfy(34,11): Error: left-hand sides for different forall-statement bound variables may refer to the same location Execution trace: (0,0): anon0 (0,0): anon16_Else (0,0): anon18_Else (0,0): anon21_Then (0,0): anon13 -LhsDuplicates.dfy(42,12): Error: when left-hand sides 1 and 3 refer to the same location, they must be assigned the same value +LhsDuplicates.dfy(42,11): Error: when left-hand sides 1 and 3 refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 -LhsDuplicates.dfy(51,18): Error: when left-hand sides 0 and 2 refer to the same location, they must be assigned the same value +LhsDuplicates.dfy(51,17): Error: when left-hand sides 0 and 2 refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 -LhsDuplicates.dfy(60,16): Error: when left-hand sides 1 and 2 may refer to the same location, they must be assigned the same value +LhsDuplicates.dfy(60,15): Error: when left-hand sides 1 and 2 may refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 -LhsDuplicates.dfy(69,20): Error: when left-hand sides 1 and 2 refer to the same location, they must be assigned the same value +LhsDuplicates.dfy(69,19): Error: when left-hand sides 1 and 2 refer to the same location, they must be assigned the same value Execution trace: (0,0): anon0 diff --git a/Test/dafny0/LoopModifies.dfy.expect b/Test/dafny0/LoopModifies.dfy.expect index 682975fb..a7ded8a4 100644 --- a/Test/dafny0/LoopModifies.dfy.expect +++ b/Test/dafny0/LoopModifies.dfy.expect @@ -1,38 +1,38 @@ -LoopModifies.dfy(8,5): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(8,4): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 -LoopModifies.dfy(19,8): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(19,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(16,4): anon8_LoopHead (0,0): anon8_LoopBody LoopModifies.dfy(16,4): anon9_Else LoopModifies.dfy(16,4): anon11_Else -LoopModifies.dfy(48,8): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(48,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(44,4): anon8_LoopHead (0,0): anon8_LoopBody LoopModifies.dfy(44,4): anon9_Else LoopModifies.dfy(44,4): anon11_Else -LoopModifies.dfy(63,8): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(63,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(59,4): anon9_LoopHead (0,0): anon9_LoopBody LoopModifies.dfy(59,4): anon10_Else LoopModifies.dfy(59,4): anon12_Else -LoopModifies.dfy(76,4): Error: loop modifies clause may violate context's modifies clause +LoopModifies.dfy(76,3): Error: loop modifies clause may violate context's modifies clause Execution trace: (0,0): anon0 -LoopModifies.dfy(100,8): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(100,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(92,4): anon8_LoopHead (0,0): anon8_LoopBody LoopModifies.dfy(92,4): anon9_Else LoopModifies.dfy(92,4): anon11_Else -LoopModifies.dfy(148,11): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(148,10): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(136,4): anon17_LoopHead @@ -43,14 +43,14 @@ Execution trace: (0,0): anon21_LoopBody LoopModifies.dfy(141,7): anon22_Else LoopModifies.dfy(141,7): anon24_Else -LoopModifies.dfy(199,10): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(199,9): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(195,4): anon8_LoopHead (0,0): anon8_LoopBody LoopModifies.dfy(195,4): anon9_Else LoopModifies.dfy(195,4): anon11_Else -LoopModifies.dfy(287,13): Error: assignment may update an array element not in the enclosing context's modifies clause +LoopModifies.dfy(287,12): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 LoopModifies.dfy(275,4): anon16_LoopHead diff --git a/Test/dafny0/Maps.dfy.expect b/Test/dafny0/Maps.dfy.expect index f46549dd..8b4a6a36 100644 --- a/Test/dafny0/Maps.dfy.expect +++ b/Test/dafny0/Maps.dfy.expect @@ -1,7 +1,7 @@ -Maps.dfy(78,8): Error: element may not be in domain +Maps.dfy(78,7): Error: element may not be in domain Execution trace: (0,0): anon0 -Maps.dfy(128,13): Error: assertion violation +Maps.dfy(128,12): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/ModifyStmt.dfy.expect b/Test/dafny0/ModifyStmt.dfy.expect index 4ea872e0..019453d1 100644 --- a/Test/dafny0/ModifyStmt.dfy.expect +++ b/Test/dafny0/ModifyStmt.dfy.expect @@ -1,19 +1,19 @@ -ModifyStmt.dfy(27,14): Error: assertion violation +ModifyStmt.dfy(27,13): Error: assertion violation Execution trace: (0,0): anon0 -ModifyStmt.dfy(42,5): Error: modify statement may violate context's modifies clause +ModifyStmt.dfy(42,4): Error: modify statement may violate context's modifies clause Execution trace: (0,0): anon0 -ModifyStmt.dfy(48,5): Error: modify statement may violate context's modifies clause +ModifyStmt.dfy(48,4): Error: modify statement may violate context's modifies clause Execution trace: (0,0): anon0 -ModifyStmt.dfy(61,5): Error: modify statement may violate context's modifies clause +ModifyStmt.dfy(61,4): Error: modify statement may violate context's modifies clause Execution trace: (0,0): anon0 -ModifyStmt.dfy(70,14): Error: assertion violation +ModifyStmt.dfy(70,13): Error: assertion violation Execution trace: (0,0): anon0 -ModifyStmt.dfy(89,14): Error: assertion violation +ModifyStmt.dfy(89,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then @@ -22,20 +22,20 @@ Execution trace: ModifyStmt.dfy(81,7): anon11_Else (0,0): anon12_Then (0,0): anon8 -ModifyStmt.dfy(99,14): Error: assertion violation +ModifyStmt.dfy(99,13): Error: assertion violation Execution trace: (0,0): anon0 -ModifyStmt.dfy(110,14): Error: assertion violation +ModifyStmt.dfy(110,13): Error: assertion violation Execution trace: (0,0): anon0 -ModifyStmt.dfy(122,16): Error: assertion violation +ModifyStmt.dfy(122,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -ModifyStmt.dfy(134,7): Error: assignment may update an object not in the enclosing context's modifies clause +ModifyStmt.dfy(134,6): Error: assignment may update an object not in the enclosing context's modifies clause Execution trace: (0,0): anon0 -ModifyStmt.dfy(172,15): Error: assertion violation +ModifyStmt.dfy(172,14): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Modules0.dfy.expect b/Test/dafny0/Modules0.dfy.expect index c63ed937..e4b46cce 100644 --- a/Test/dafny0/Modules0.dfy.expect +++ b/Test/dafny0/Modules0.dfy.expect @@ -1,5 +1,5 @@ -Modules0.dfy(333,3): warning: module-level functions are always non-instance, so the 'static' keyword is not allowed here -Modules0.dfy(335,3): warning: module-level methods are always non-instance, so the 'static' keyword is not allowed here +Modules0.dfy(333,2): Warning: module-level functions are always non-instance, so the 'static' keyword is not allowed here +Modules0.dfy(335,2): Warning: module-level methods are always non-instance, so the 'static' keyword is not allowed here Modules0.dfy(8,8): Error: Duplicate name of top-level declaration: WazzupA Modules0.dfy(9,11): Error: Duplicate name of top-level declaration: WazzupA Modules0.dfy(10,7): Error: Duplicate name of top-level declaration: WazzupA diff --git a/Test/dafny0/Modules1.dfy.expect b/Test/dafny0/Modules1.dfy.expect index 342b5808..feddf46a 100644 --- a/Test/dafny0/Modules1.dfy.expect +++ b/Test/dafny0/Modules1.dfy.expect @@ -1,20 +1,20 @@ -Modules1.dfy(79,16): Error: assertion violation +Modules1.dfy(79,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -Modules1.dfy(92,16): Error: assertion violation +Modules1.dfy(92,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -Modules1.dfy(94,18): Error: assertion violation +Modules1.dfy(94,17): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else -Modules1.dfy(56,9): Error: decreases expression must be bounded below by 0 -Modules1.dfy(54,13): Related location +Modules1.dfy(56,8): Error: decreases expression must be bounded below by 0 +Modules1.dfy(54,12): Related location Execution trace: (0,0): anon0 -Modules1.dfy(62,9): Error: failure to decrease termination measure +Modules1.dfy(62,8): Error: failure to decrease termination measure Execution trace: (0,0): anon0 diff --git a/Test/dafny0/MultiDimArray.dfy.expect b/Test/dafny0/MultiDimArray.dfy.expect index 597ade30..f2bf74de 100644 --- a/Test/dafny0/MultiDimArray.dfy.expect +++ b/Test/dafny0/MultiDimArray.dfy.expect @@ -1,9 +1,9 @@ -MultiDimArray.dfy(56,21): Error: assertion violation +MultiDimArray.dfy(56,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon11_Then (0,0): anon12_Then -MultiDimArray.dfy(83,25): Error: assertion violation +MultiDimArray.dfy(83,24): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/MultiSets.dfy.expect b/Test/dafny0/MultiSets.dfy.expect index 30534b11..aed70bd2 100644 --- a/Test/dafny0/MultiSets.dfy.expect +++ b/Test/dafny0/MultiSets.dfy.expect @@ -1,24 +1,24 @@ -MultiSets.dfy(159,3): Error BP5003: A postcondition might not hold on this return path. -MultiSets.dfy(158,15): Related location: This is the postcondition that might not hold. +MultiSets.dfy(159,2): Error BP5003: A postcondition might not hold on this return path. +MultiSets.dfy(158,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -MultiSets.dfy(165,3): Error BP5003: A postcondition might not hold on this return path. -MultiSets.dfy(164,15): Related location: This is the postcondition that might not hold. +MultiSets.dfy(165,2): Error BP5003: A postcondition might not hold on this return path. +MultiSets.dfy(164,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -MultiSets.dfy(178,11): Error: new number of occurrences might be negative +MultiSets.dfy(178,10): Error: new number of occurrences might be negative Execution trace: (0,0): anon0 (0,0): anon4_Then (0,0): anon3 -MultiSets.dfy(269,24): Error: assertion violation +MultiSets.dfy(269,23): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon11_Then (0,0): anon3 (0,0): anon12_Then (0,0): anon14_Else -MultiSets.dfy(292,16): Error: assertion violation +MultiSets.dfy(292,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon8_Then diff --git a/Test/dafny0/NatTypes.dfy.expect b/Test/dafny0/NatTypes.dfy.expect index 5af90253..2bc00e95 100644 --- a/Test/dafny0/NatTypes.dfy.expect +++ b/Test/dafny0/NatTypes.dfy.expect @@ -1,41 +1,41 @@ -NatTypes.dfy(35,12): Error: value assigned to a nat must be non-negative +NatTypes.dfy(35,11): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 NatTypes.dfy(23,5): anon10_LoopHead (0,0): anon10_LoopBody NatTypes.dfy(23,5): anon11_Else (0,0): anon12_Then -NatTypes.dfy(10,5): Error: value assigned to a nat must be non-negative +NatTypes.dfy(10,4): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 -NatTypes.dfy(43,14): Error: assertion violation +NatTypes.dfy(43,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then -NatTypes.dfy(45,14): Error: assertion violation +NatTypes.dfy(45,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Then -NatTypes.dfy(62,16): Error: assertion violation +NatTypes.dfy(62,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -NatTypes.dfy(76,16): Error: assertion violation +NatTypes.dfy(76,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Else (0,0): anon6_Then -NatTypes.dfy(94,22): Error: value assigned to a nat must be non-negative +NatTypes.dfy(94,21): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon3_Then -NatTypes.dfy(109,45): Error: value assigned to a nat must be non-negative +NatTypes.dfy(109,44): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon8_Else (0,0): anon9_Else (0,0): anon10_Then -NatTypes.dfy(132,35): Error: value assigned to a nat must be non-negative +NatTypes.dfy(132,34): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon4_Then diff --git a/Test/dafny0/Newtypes.dfy.expect b/Test/dafny0/Newtypes.dfy.expect index 8e6ff4c5..425ee9a9 100644 --- a/Test/dafny0/Newtypes.dfy.expect +++ b/Test/dafny0/Newtypes.dfy.expect @@ -1,54 +1,54 @@ -Newtypes.dfy(74,11): Error: cannot find witness that shows type is inhabited (sorry, for now, only tried 0) +Newtypes.dfy(74,10): Error: cannot find witness that shows type is inhabited (sorry, for now, only tried 0) Execution trace: (0,0): anon0 -Newtypes.dfy(76,45): Error: possible division by zero +Newtypes.dfy(76,44): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon3_Then -Newtypes.dfy(87,14): Error: result of operation might violate newtype constraint +Newtypes.dfy(87,13): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 -Newtypes.dfy(95,12): Error: result of operation might violate newtype constraint +Newtypes.dfy(95,11): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 (0,0): anon3_Then -Newtypes.dfy(97,14): Error: result of operation might violate newtype constraint +Newtypes.dfy(97,13): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 (0,0): anon3_Else -Newtypes.dfy(104,16): Error: result of operation might violate newtype constraint +Newtypes.dfy(104,15): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 -Newtypes.dfy(177,14): Error: result of operation might violate newtype constraint +Newtypes.dfy(177,13): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 -Newtypes.dfy(193,64): Error: index 0 out of range +Newtypes.dfy(193,63): Error: index 0 out of range Execution trace: (0,0): anon0 (0,0): anon32_Then (0,0): anon33_Then (0,0): anon16 -Newtypes.dfy(194,67): Error: index 1 out of range +Newtypes.dfy(194,66): Error: index 1 out of range Execution trace: (0,0): anon0 (0,0): anon34_Then (0,0): anon35_Then (0,0): anon19 -Newtypes.dfy(222,16): Error: new number of occurrences might be negative +Newtypes.dfy(222,15): Error: new number of occurrences might be negative Execution trace: (0,0): anon0 (0,0): anon6_Then -Newtypes.dfy(225,40): Error: result of operation might violate newtype constraint +Newtypes.dfy(225,39): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 (0,0): anon8_Then -Newtypes.dfy(237,19): Error: result of operation might violate newtype constraint +Newtypes.dfy(237,18): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 Newtypes.dfy(236,5): anon9_LoopHead (0,0): anon9_LoopBody (0,0): anon10_Then -Newtypes.dfy(277,19): Error: result of operation might violate newtype constraint +Newtypes.dfy(277,18): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 Newtypes.dfy(276,5): anon9_LoopHead diff --git a/Test/dafny0/OpaqueFunctions.dfy.expect b/Test/dafny0/OpaqueFunctions.dfy.expect index 2fb1701f..e9f6e60c 100644 --- a/Test/dafny0/OpaqueFunctions.dfy.expect +++ b/Test/dafny0/OpaqueFunctions.dfy.expect @@ -1,86 +1,86 @@ -OpaqueFunctions.dfy(27,16): Error: assertion violation +OpaqueFunctions.dfy(27,15): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(52,8): Error BP5002: A precondition for this call might not hold. -OpaqueFunctions.dfy(24,16): Related location: This is the precondition that might not hold. +OpaqueFunctions.dfy(52,7): Error BP5002: A precondition for this call might not hold. +OpaqueFunctions.dfy(24,15): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(58,20): Error: assertion violation +OpaqueFunctions.dfy(58,19): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(60,21): Error: assertion violation +OpaqueFunctions.dfy(60,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then -OpaqueFunctions.dfy(63,21): Error: assertion violation +OpaqueFunctions.dfy(63,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Then -OpaqueFunctions.dfy(66,21): Error: assertion violation +OpaqueFunctions.dfy(66,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Else -OpaqueFunctions.dfy(77,21): Error: assertion violation +OpaqueFunctions.dfy(77,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -OpaqueFunctions.dfy(79,10): Error BP5002: A precondition for this call might not hold. -OpaqueFunctions.dfy[A'](24,16): Related location: This is the precondition that might not hold. +OpaqueFunctions.dfy(79,9): Error BP5002: A precondition for this call might not hold. +OpaqueFunctions.dfy[A'](24,15): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Else -OpaqueFunctions.dfy(86,20): Error: assertion violation +OpaqueFunctions.dfy(86,19): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(88,21): Error: assertion violation +OpaqueFunctions.dfy(88,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then -OpaqueFunctions.dfy(91,21): Error: assertion violation +OpaqueFunctions.dfy(91,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Then -OpaqueFunctions.dfy(94,21): Error: assertion violation +OpaqueFunctions.dfy(94,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Else -OpaqueFunctions.dfy(105,21): Error: assertion violation +OpaqueFunctions.dfy(105,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -OpaqueFunctions.dfy(107,10): Error BP5002: A precondition for this call might not hold. -OpaqueFunctions.dfy[A'](24,16): Related location: This is the precondition that might not hold. +OpaqueFunctions.dfy(107,9): Error BP5002: A precondition for this call might not hold. +OpaqueFunctions.dfy[A'](24,15): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Else -OpaqueFunctions.dfy(114,20): Error: assertion violation +OpaqueFunctions.dfy(114,19): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(116,21): Error: assertion violation +OpaqueFunctions.dfy(116,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then -OpaqueFunctions.dfy(119,21): Error: assertion violation +OpaqueFunctions.dfy(119,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Then -OpaqueFunctions.dfy(122,21): Error: assertion violation +OpaqueFunctions.dfy(122,20): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Else -OpaqueFunctions.dfy(138,13): Error: assertion violation +OpaqueFunctions.dfy(138,12): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(202,12): Error: assertion violation +OpaqueFunctions.dfy(202,11): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(218,12): Error: assertion violation +OpaqueFunctions.dfy(218,11): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(170,16): Error: assertion violation +OpaqueFunctions.dfy(170,15): Error: assertion violation Execution trace: (0,0): anon0 -OpaqueFunctions.dfy(185,20): Error: assertion violation +OpaqueFunctions.dfy(185,19): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Parallel.dfy.expect b/Test/dafny0/Parallel.dfy.expect index db551bba..5d9b044f 100644 --- a/Test/dafny0/Parallel.dfy.expect +++ b/Test/dafny0/Parallel.dfy.expect @@ -1,9 +1,9 @@ -Parallel.dfy(297,22): Error: assertion violation +Parallel.dfy(297,21): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Else -Parallel.dfy(34,10): Error BP5002: A precondition for this call might not hold. -Parallel.dfy(60,14): Related location: This is the precondition that might not hold. +Parallel.dfy(34,9): Error BP5002: A precondition for this call might not hold. +Parallel.dfy(60,13): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon29_Else @@ -12,7 +12,7 @@ Execution trace: (0,0): anon34_Then (0,0): anon35_Then (0,0): anon14 -Parallel.dfy(38,5): Error: target object may be null +Parallel.dfy(38,4): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon29_Else @@ -22,7 +22,7 @@ Execution trace: (0,0): anon37_Then (0,0): anon38_Then (0,0): anon20 -Parallel.dfy(42,18): Error: possible violation of postcondition of forall statement +Parallel.dfy(42,17): Error: possible violation of postcondition of forall statement Execution trace: (0,0): anon0 (0,0): anon29_Else @@ -32,7 +32,7 @@ Execution trace: (0,0): anon39_Then (0,0): anon40_Then (0,0): anon26 -Parallel.dfy(47,19): Error: assertion violation +Parallel.dfy(47,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon29_Else @@ -41,24 +41,24 @@ Execution trace: (0,0): anon36_Else (0,0): anon39_Then (0,0): anon40_Then -Parallel.dfy(93,19): Error: assertion violation +Parallel.dfy(93,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon10_Else (0,0): anon11_Then -Parallel.dfy(99,20): Error: possible violation of postcondition of forall statement +Parallel.dfy(99,19): Error: possible violation of postcondition of forall statement Execution trace: (0,0): anon0 (0,0): anon10_Else (0,0): anon11_Then (0,0): anon12_Then -Parallel.dfy(122,12): Error: value assigned to a nat must be non-negative +Parallel.dfy(122,11): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon6_Then (0,0): anon7_Then (0,0): anon3 -Parallel.dfy(185,12): Error: left-hand sides for different forall-statement bound variables may refer to the same location +Parallel.dfy(185,11): Error: left-hand sides for different forall-statement bound variables may refer to the same location Execution trace: (0,0): anon0 (0,0): anon19_Then diff --git a/Test/dafny0/ParseErrors.dfy.expect b/Test/dafny0/ParseErrors.dfy.expect index 30898479..660ed926 100644 --- a/Test/dafny0/ParseErrors.dfy.expect +++ b/Test/dafny0/ParseErrors.dfy.expect @@ -1,17 +1,17 @@ -ParseErrors.dfy(7,19): error: a chain cannot have more than one != operator -ParseErrors.dfy(9,37): error: this operator chain cannot continue with a descending operator -ParseErrors.dfy(10,38): error: this operator chain cannot continue with an ascending operator -ParseErrors.dfy(15,24): error: this operator chain cannot continue with a descending operator -ParseErrors.dfy(18,18): error: this operator cannot be part of a chain -ParseErrors.dfy(19,19): error: this operator cannot be part of a chain -ParseErrors.dfy(20,18): error: this operator cannot be part of a chain -ParseErrors.dfy(21,18): error: chaining not allowed from the previous operator -ParseErrors.dfy(28,19): error: chaining not allowed from the previous operator -ParseErrors.dfy(31,20): error: can only chain disjoint (!!) with itself. -ParseErrors.dfy(58,8): error: the main operator of a calculation must be transitive -ParseErrors.dfy(74,2): error: this operator cannot continue this calculation -ParseErrors.dfy(75,2): error: this operator cannot continue this calculation -ParseErrors.dfy(80,2): error: this operator cannot continue this calculation -ParseErrors.dfy(81,2): error: this operator cannot continue this calculation -ParseErrors.dfy(87,2): error: this operator cannot continue this calculation +ParseErrors.dfy(7,18): Error: a chain cannot have more than one != operator +ParseErrors.dfy(9,36): Error: this operator chain cannot continue with a descending operator +ParseErrors.dfy(10,37): Error: this operator chain cannot continue with an ascending operator +ParseErrors.dfy(15,23): Error: this operator chain cannot continue with a descending operator +ParseErrors.dfy(18,17): Error: this operator cannot be part of a chain +ParseErrors.dfy(19,18): Error: this operator cannot be part of a chain +ParseErrors.dfy(20,17): Error: this operator cannot be part of a chain +ParseErrors.dfy(21,17): Error: chaining not allowed from the previous operator +ParseErrors.dfy(28,18): Error: chaining not allowed from the previous operator +ParseErrors.dfy(31,19): Error: can only chain disjoint (!!) with itself. +ParseErrors.dfy(58,7): Error: the main operator of a calculation must be transitive +ParseErrors.dfy(74,1): Error: this operator cannot continue this calculation +ParseErrors.dfy(75,1): Error: this operator cannot continue this calculation +ParseErrors.dfy(80,1): Error: this operator cannot continue this calculation +ParseErrors.dfy(81,1): Error: this operator cannot continue this calculation +ParseErrors.dfy(87,1): Error: this operator cannot continue this calculation 16 parse errors detected in ParseErrors.dfy diff --git a/Test/dafny0/PredExpr.dfy.expect b/Test/dafny0/PredExpr.dfy.expect index 18d5d73f..80f311cb 100644 --- a/Test/dafny0/PredExpr.dfy.expect +++ b/Test/dafny0/PredExpr.dfy.expect @@ -1,16 +1,16 @@ -PredExpr.dfy(7,12): Error: assertion violation +PredExpr.dfy(7,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon4_Else -PredExpr.dfy(39,15): Error: value assigned to a nat must be non-negative +PredExpr.dfy(39,14): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Else -PredExpr.dfy(52,17): Error: assertion violation +PredExpr.dfy(52,16): Error: assertion violation Execution trace: (0,0): anon0 -PredExpr.dfy(77,14): Error: assertion violation +PredExpr.dfy(77,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon8_Else diff --git a/Test/dafny0/Predicates.dfy.expect b/Test/dafny0/Predicates.dfy.expect index dac4eb3c..2d7ea6f1 100644 --- a/Test/dafny0/Predicates.dfy.expect +++ b/Test/dafny0/Predicates.dfy.expect @@ -1,26 +1,26 @@ -Predicates.dfy[B](21,5): Error BP5003: A postcondition might not hold on this return path. -Predicates.dfy[B](20,15): Related location: This is the postcondition that might not hold. -Predicates.dfy(31,9): Related location +Predicates.dfy[B](21,4): Error BP5003: A postcondition might not hold on this return path. +Predicates.dfy[B](20,14): Related location: This is the postcondition that might not hold. +Predicates.dfy(31,8): Related location Execution trace: (0,0): anon0 -Predicates.dfy(88,16): Error: assertion violation +Predicates.dfy(88,15): Error: assertion violation Execution trace: (0,0): anon0 -Predicates.dfy(92,14): Error: assertion violation +Predicates.dfy(92,13): Error: assertion violation Execution trace: (0,0): anon0 -Predicates.dfy[Tricky_Full](126,5): Error BP5003: A postcondition might not hold on this return path. -Predicates.dfy[Tricky_Full](125,15): Related location: This is the postcondition that might not hold. -Predicates.dfy(136,7): Related location -Predicates.dfy[Tricky_Full](116,9): Related location +Predicates.dfy[Tricky_Full](126,4): Error BP5003: A postcondition might not hold on this return path. +Predicates.dfy[Tricky_Full](125,14): Related location: This is the postcondition that might not hold. +Predicates.dfy(136,6): Related location +Predicates.dfy[Tricky_Full](116,8): Related location Execution trace: (0,0): anon0 -Predicates.dfy(164,5): Error BP5003: A postcondition might not hold on this return path. -Predicates.dfy(163,15): Related location: This is the postcondition that might not hold. +Predicates.dfy(164,4): Error BP5003: A postcondition might not hold on this return path. +Predicates.dfy(163,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Predicates.dfy[Q1](154,5): Error BP5003: A postcondition might not hold on this return path. -Predicates.dfy[Q1](153,15): Related location: This is the postcondition that might not hold. +Predicates.dfy[Q1](154,4): Error BP5003: A postcondition might not hold on this return path. +Predicates.dfy[Q1](153,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Protected.dfy.expect b/Test/dafny0/Protected.dfy.expect index d50f2dd5..6796e847 100644 --- a/Test/dafny0/Protected.dfy.expect +++ b/Test/dafny0/Protected.dfy.expect @@ -1,20 +1,20 @@ -Protected.dfy(17,20): Error: assertion violation +Protected.dfy(17,19): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then -Protected.dfy(31,18): Error: assertion violation +Protected.dfy(31,17): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon12_Then (0,0): anon6 (0,0): anon13_Else -Protected.dfy(35,16): Error: assertion violation +Protected.dfy(35,15): Error: assertion violation Execution trace: (0,0): anon0 -Protected.dfy(48,20): Error: assertion violation +Protected.dfy(48,19): Error: assertion violation Execution trace: (0,0): anon0 -Protected.dfy(55,20): Error: assertion violation +Protected.dfy(55,19): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/RankNeg.dfy.expect b/Test/dafny0/RankNeg.dfy.expect index b2686b43..33cd4f1e 100644 --- a/Test/dafny0/RankNeg.dfy.expect +++ b/Test/dafny0/RankNeg.dfy.expect @@ -1,19 +1,19 @@ -RankNeg.dfy(10,26): Error: cannot prove termination; try supplying a decreases clause +RankNeg.dfy(10,25): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -RankNeg.dfy(15,28): Error: cannot prove termination; try supplying a decreases clause +RankNeg.dfy(15,27): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -RankNeg.dfy(22,31): Error: cannot prove termination; try supplying a decreases clause +RankNeg.dfy(22,30): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Then -RankNeg.dfy(32,25): Error: cannot prove termination; try supplying a decreases clause +RankNeg.dfy(32,24): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon7_Else diff --git a/Test/dafny0/Reads.dfy.expect b/Test/dafny0/Reads.dfy.expect index 1199797f..0ef90aec 100644 --- a/Test/dafny0/Reads.dfy.expect +++ b/Test/dafny0/Reads.dfy.expect @@ -1,32 +1,32 @@ -Reads.dfy(133,11): Error: insufficient reads clause to read field +Reads.dfy(133,10): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 -Reads.dfy(9,30): Error: insufficient reads clause to read field +Reads.dfy(9,29): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 -Reads.dfy(18,30): Error: insufficient reads clause to read field +Reads.dfy(18,29): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 -Reads.dfy(28,50): Error: insufficient reads clause to read field +Reads.dfy(28,49): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 -Reads.dfy(37,43): Error: insufficient reads clause to read field +Reads.dfy(37,42): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 (0,0): anon7_Then (0,0): anon4 -Reads.dfy(51,30): Error: insufficient reads clause to read field +Reads.dfy(51,29): Error: insufficient reads clause to read field Execution trace: (0,0): anon0 (0,0): anon10_Then (0,0): anon4 -Reads.dfy(117,36): Error: insufficient reads clause to invoke function +Reads.dfy(117,35): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 -Reads.dfy(117,36): Error: possible violation of function precondition +Reads.dfy(117,35): Error: possible violation of function precondition Execution trace: (0,0): anon0 -Reads.dfy(120,38): Error: insufficient reads clause to invoke function +Reads.dfy(120,37): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 diff --git a/Test/dafny0/RealCompare.dfy.expect b/Test/dafny0/RealCompare.dfy.expect index 5b25fa25..48524bdf 100644 --- a/Test/dafny0/RealCompare.dfy.expect +++ b/Test/dafny0/RealCompare.dfy.expect @@ -1,19 +1,19 @@ -RealCompare.dfy(35,6): Error: failure to decrease termination measure +RealCompare.dfy(35,5): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon3_Then -RealCompare.dfy(50,4): Error: decreases expression must be bounded below by 0.0 -RealCompare.dfy(48,13): Related location +RealCompare.dfy(50,3): Error: decreases expression must be bounded below by 0.0 +RealCompare.dfy(48,12): Related location Execution trace: (0,0): anon0 -RealCompare.dfy(141,12): Error: assertion violation +RealCompare.dfy(141,11): Error: assertion violation Execution trace: (0,0): anon0 RealCompare.dfy(133,3): anon7_LoopHead (0,0): anon7_LoopBody RealCompare.dfy(133,3): anon8_Else (0,0): anon9_Then -RealCompare.dfy(156,12): Error: assertion violation +RealCompare.dfy(156,11): Error: assertion violation Execution trace: (0,0): anon0 RealCompare.dfy(147,3): anon9_LoopHead diff --git a/Test/dafny0/RealTypes.dfy.expect b/Test/dafny0/RealTypes.dfy.expect index 0d132948..0fce4634 100644 --- a/Test/dafny0/RealTypes.dfy.expect +++ b/Test/dafny0/RealTypes.dfy.expect @@ -1,22 +1,22 @@ -RealTypes.dfy(12,16): Error: the real-based number must be an integer (if you want truncation, apply .Trunc to the real-based number) +RealTypes.dfy(12,15): Error: the real-based number must be an integer (if you want truncation, apply .Trunc to the real-based number) Execution trace: (0,0): anon0 (0,0): anon6_Then -RealTypes.dfy(14,28): Error: assertion violation +RealTypes.dfy(14,27): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon7_Then -RealTypes.dfy(21,12): Error: possible division by zero +RealTypes.dfy(21,11): Error: possible division by zero Execution trace: (0,0): anon0 RealTypes.dfy(20,23): anon3_Else (0,0): anon2 -RealTypes.dfy(21,20): Error: assertion violation +RealTypes.dfy(21,19): Error: assertion violation Execution trace: (0,0): anon0 RealTypes.dfy(20,23): anon3_Else (0,0): anon2 -RealTypes.dfy(29,12): Error: assertion violation +RealTypes.dfy(29,11): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Refinement.dfy.expect b/Test/dafny0/Refinement.dfy.expect index d03b9412..339c86b4 100644 --- a/Test/dafny0/Refinement.dfy.expect +++ b/Test/dafny0/Refinement.dfy.expect @@ -1,40 +1,40 @@ -Refinement.dfy(15,5): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy(14,17): Related location: This is the postcondition that might not hold. +Refinement.dfy(15,4): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy(14,16): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Refinement.dfy[B](15,5): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy(33,20): Related location: This is the postcondition that might not hold. +Refinement.dfy[B](15,4): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy(33,19): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Refinement.dfy(69,16): Error: assertion violation +Refinement.dfy(69,15): Error: assertion violation Execution trace: (0,0): anon0 -Refinement.dfy(80,17): Error: assertion violation +Refinement.dfy(80,16): Error: assertion violation Execution trace: (0,0): anon0 -Refinement.dfy(99,12): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy(78,15): Related location: This is the postcondition that might not hold. +Refinement.dfy(99,11): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy(78,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon4_Else -Refinement.dfy(102,3): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy(83,15): Related location: This is the postcondition that might not hold. +Refinement.dfy(102,2): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy(83,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -Refinement.dfy(189,5): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy[IncorrectConcrete](121,15): Related location: This is the postcondition that might not hold. -Refinement.dfy(186,9): Related location +Refinement.dfy(189,4): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy[IncorrectConcrete](121,14): Related location: This is the postcondition that might not hold. +Refinement.dfy(186,8): Related location Execution trace: (0,0): anon0 -Refinement.dfy(193,5): Error BP5003: A postcondition might not hold on this return path. -Refinement.dfy[IncorrectConcrete](129,15): Related location: This is the postcondition that might not hold. -Refinement.dfy(186,9): Related location +Refinement.dfy(193,4): Error BP5003: A postcondition might not hold on this return path. +Refinement.dfy[IncorrectConcrete](129,14): Related location: This is the postcondition that might not hold. +Refinement.dfy(186,8): Related location Execution trace: (0,0): anon0 (0,0): anon4_Then (0,0): anon3 -Refinement.dfy(199,7): Error: assertion violation -Refinement.dfy[IncorrectConcrete](137,24): Related location +Refinement.dfy(199,6): Error: assertion violation +Refinement.dfy[IncorrectConcrete](137,23): Related location Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Skeletons.dfy.expect b/Test/dafny0/Skeletons.dfy.expect index 43b372c3..4b48bad0 100644 --- a/Test/dafny0/Skeletons.dfy.expect +++ b/Test/dafny0/Skeletons.dfy.expect @@ -1,5 +1,5 @@ -Skeletons.dfy(45,3): Error BP5003: A postcondition might not hold on this return path. -Skeletons.dfy(44,15): Related location: This is the postcondition that might not hold. +Skeletons.dfy(45,2): Error BP5003: A postcondition might not hold on this return path. +Skeletons.dfy(44,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 Skeletons.dfy[C0](32,5): anon11_LoopHead diff --git a/Test/dafny0/SmallTests.dfy.expect b/Test/dafny0/SmallTests.dfy.expect index b0605d8e..eee0d4f1 100644 --- a/Test/dafny0/SmallTests.dfy.expect +++ b/Test/dafny0/SmallTests.dfy.expect @@ -1,41 +1,41 @@ -SmallTests.dfy(34,11): Error: index out of range +SmallTests.dfy(34,10): Error: index out of range Execution trace: (0,0): anon0 -SmallTests.dfy(65,36): Error: possible division by zero +SmallTests.dfy(65,35): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon13_Then -SmallTests.dfy(66,51): Error: possible division by zero +SmallTests.dfy(66,50): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon13_Else (0,0): anon14_Else -SmallTests.dfy(67,22): Error: target object may be null +SmallTests.dfy(67,21): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon13_Then (0,0): anon14_Then (0,0): anon15_Then -SmallTests.dfy(86,24): Error: target object may be null +SmallTests.dfy(86,23): Error: target object may be null Execution trace: (0,0): anon0 SmallTests.dfy(85,5): anon8_LoopHead (0,0): anon8_LoopBody (0,0): anon9_Then -SmallTests.dfy(120,6): Error: call may violate context's modifies clause +SmallTests.dfy(120,5): Error: call may violate context's modifies clause Execution trace: (0,0): anon0 (0,0): anon4_Else (0,0): anon3 -SmallTests.dfy(133,10): Error: call may violate context's modifies clause +SmallTests.dfy(133,9): Error: call may violate context's modifies clause Execution trace: (0,0): anon0 (0,0): anon3_Then -SmallTests.dfy(135,10): Error: call may violate context's modifies clause +SmallTests.dfy(135,9): Error: call may violate context's modifies clause Execution trace: (0,0): anon0 (0,0): anon3_Else -SmallTests.dfy(175,9): Error: assignment may update an object field not in the enclosing context's modifies clause +SmallTests.dfy(175,8): Error: assignment may update an object field not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon22_Else @@ -44,23 +44,23 @@ Execution trace: (0,0): anon28_Then (0,0): anon29_Then (0,0): anon19 -SmallTests.dfy(199,14): Error: assertion violation +SmallTests.dfy(199,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Then -SmallTests.dfy(206,14): Error: assertion violation +SmallTests.dfy(206,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Else (0,0): anon3 (0,0): anon10_Then -SmallTests.dfy(208,14): Error: assertion violation +SmallTests.dfy(208,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Else (0,0): anon3 (0,0): anon10_Else -SmallTests.dfy(213,14): Error: assertion violation +SmallTests.dfy(213,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Else @@ -68,7 +68,7 @@ Execution trace: (0,0): anon10_Then (0,0): anon6 (0,0): anon11_Then -SmallTests.dfy(215,14): Error: assertion violation +SmallTests.dfy(215,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon9_Else @@ -76,37 +76,37 @@ Execution trace: (0,0): anon10_Then (0,0): anon6 (0,0): anon11_Else -SmallTests.dfy(261,24): Error BP5002: A precondition for this call might not hold. -SmallTests.dfy(239,30): Related location: This is the precondition that might not hold. +SmallTests.dfy(261,23): Error BP5002: A precondition for this call might not hold. +SmallTests.dfy(239,29): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 SmallTests.dfy(256,19): anon3_Else (0,0): anon2 -SmallTests.dfy(367,12): Error: assertion violation +SmallTests.dfy(367,11): Error: assertion violation Execution trace: (0,0): anon0 -SmallTests.dfy(377,12): Error: assertion violation +SmallTests.dfy(377,11): Error: assertion violation Execution trace: (0,0): anon0 -SmallTests.dfy(387,6): Error: cannot prove termination; try supplying a decreases clause +SmallTests.dfy(387,5): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -SmallTests.dfy(692,14): Error: assertion violation +SmallTests.dfy(692,13): Error: assertion violation Execution trace: (0,0): anon0 SmallTests.dfy(689,5): anon7_LoopHead (0,0): anon7_LoopBody SmallTests.dfy(689,5): anon8_Else (0,0): anon9_Then -SmallTests.dfy(713,14): Error: assertion violation +SmallTests.dfy(713,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon7_Then (0,0): anon8_Then (0,0): anon3 -SmallTests.dfy(296,3): Error BP5003: A postcondition might not hold on this return path. -SmallTests.dfy(290,11): Related location: This is the postcondition that might not hold. +SmallTests.dfy(296,2): Error BP5003: A postcondition might not hold on this return path. +SmallTests.dfy(290,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon18_Else @@ -114,29 +114,29 @@ Execution trace: (0,0): anon24_Then (0,0): anon15 (0,0): anon25_Else -SmallTests.dfy(338,12): Error: assertion violation +SmallTests.dfy(338,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon8_Then (0,0): anon7 -SmallTests.dfy(345,10): Error: assertion violation +SmallTests.dfy(345,9): Error: assertion violation Execution trace: (0,0): anon0 -SmallTests.dfy(355,4): Error: cannot prove termination; try supplying a decreases clause +SmallTests.dfy(355,3): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -SmallTests.dfy(399,10): Error BP5003: A postcondition might not hold on this return path. -SmallTests.dfy(402,41): Related location: This is the postcondition that might not hold. +SmallTests.dfy(399,9): Error BP5003: A postcondition might not hold on this return path. +SmallTests.dfy(402,40): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon7_Else -SmallTests.dfy(563,12): Error: assertion violation +SmallTests.dfy(563,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then (0,0): anon2 -SmallTests.dfy(577,20): Error: left-hand sides 0 and 1 may refer to the same location +SmallTests.dfy(577,19): Error: left-hand sides 0 and 1 may refer to the same location Execution trace: (0,0): anon0 (0,0): anon27_Then @@ -148,7 +148,7 @@ Execution trace: (0,0): anon31_Then (0,0): anon32_Then (0,0): anon12 -SmallTests.dfy(579,15): Error: left-hand sides 1 and 2 may refer to the same location +SmallTests.dfy(579,14): Error: left-hand sides 1 and 2 may refer to the same location Execution trace: (0,0): anon0 (0,0): anon27_Then @@ -163,16 +163,16 @@ Execution trace: (0,0): anon37_Then (0,0): anon22 (0,0): anon38_Then -SmallTests.dfy(586,25): Error: target object may be null +SmallTests.dfy(586,24): Error: target object may be null Execution trace: (0,0): anon0 -SmallTests.dfy(599,10): Error: assertion violation +SmallTests.dfy(599,9): Error: assertion violation Execution trace: (0,0): anon0 -SmallTests.dfy(623,5): Error: cannot establish the existence of LHS values that satisfy the such-that predicate +SmallTests.dfy(623,4): Error: cannot establish the existence of LHS values that satisfy the such-that predicate Execution trace: (0,0): anon0 -SmallTests.dfy(646,23): Error: assertion violation +SmallTests.dfy(646,22): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon8_Then @@ -180,17 +180,17 @@ Execution trace: (0,0): anon4 (0,0): anon10_Then (0,0): anon7 -SmallTests.dfy(660,10): Error: cannot establish the existence of LHS values that satisfy the such-that predicate +SmallTests.dfy(660,9): Error: cannot establish the existence of LHS values that satisfy the such-that predicate Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon6_Then (0,0): anon3 -SmallTests.dfy(662,10): Error: cannot establish the existence of LHS values that satisfy the such-that predicate +SmallTests.dfy(662,9): Error: cannot establish the existence of LHS values that satisfy the such-that predicate Execution trace: (0,0): anon0 (0,0): anon5_Else -SmallTests.dfy(675,9): Error: cannot establish the existence of LHS values that satisfy the such-that predicate +SmallTests.dfy(675,8): Error: cannot establish the existence of LHS values that satisfy the such-that predicate Execution trace: (0,0): anon0 diff --git a/Test/dafny0/SplitExpr.dfy.expect b/Test/dafny0/SplitExpr.dfy.expect index b7ef524f..29dd6eda 100644 --- a/Test/dafny0/SplitExpr.dfy.expect +++ b/Test/dafny0/SplitExpr.dfy.expect @@ -1,5 +1,5 @@ -SplitExpr.dfy(92,15): Error: loop invariant violation -SplitExpr.dfy(86,44): Related location +SplitExpr.dfy(92,14): Error: loop invariant violation +SplitExpr.dfy(86,43): Related location Execution trace: SplitExpr.dfy(91,3): anon7_LoopHead diff --git a/Test/dafny0/StatementExpressions.dfy.expect b/Test/dafny0/StatementExpressions.dfy.expect index 9de6a5d1..936a3954 100644 --- a/Test/dafny0/StatementExpressions.dfy.expect +++ b/Test/dafny0/StatementExpressions.dfy.expect @@ -1,22 +1,22 @@ -StatementExpressions.dfy(55,12): Error: cannot prove termination; try supplying a decreases clause +StatementExpressions.dfy(55,11): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon6_Then (0,0): anon8_Then -StatementExpressions.dfy(59,14): Error: assertion violation +StatementExpressions.dfy(59,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon6_Then StatementExpressions.dfy(53,7): anon8_Else -StatementExpressions.dfy(77,6): Error: possible division by zero +StatementExpressions.dfy(77,5): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon4_Else -StatementExpressions.dfy(88,5): Error: value assigned to a nat must be non-negative +StatementExpressions.dfy(88,4): Error: value assigned to a nat must be non-negative Execution trace: (0,0): anon0 (0,0): anon4_Else -StatementExpressions.dfy(98,18): Error: cannot prove termination; try supplying a decreases clause +StatementExpressions.dfy(98,17): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon6_Then diff --git a/Test/dafny0/Superposition.dfy.expect b/Test/dafny0/Superposition.dfy.expect index 6497c712..04ec2f7d 100644 --- a/Test/dafny0/Superposition.dfy.expect +++ b/Test/dafny0/Superposition.dfy.expect @@ -10,16 +10,16 @@ Verifying CheckWellformed$$_0_M0.C.P ... Verifying CheckWellformed$$_0_M0.C.Q ... [5 proof obligations] error -Superposition.dfy(27,15): Error BP5003: A postcondition might not hold on this return path. -Superposition.dfy(28,26): Related location: This is the postcondition that might not hold. +Superposition.dfy(27,14): Error BP5003: A postcondition might not hold on this return path. +Superposition.dfy(28,25): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon7_Else Verifying CheckWellformed$$_0_M0.C.R ... [5 proof obligations] error -Superposition.dfy(33,15): Error BP5003: A postcondition might not hold on this return path. -Superposition.dfy(34,26): Related location: This is the postcondition that might not hold. +Superposition.dfy(33,14): Error BP5003: A postcondition might not hold on this return path. +Superposition.dfy(34,25): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon7_Else @@ -32,8 +32,8 @@ Verifying Impl$$_1_M1.C.M ... Verifying CheckWellformed$$_1_M1.C.P ... [2 proof obligations] error -Superposition.dfy(50,25): Error BP5003: A postcondition might not hold on this return path. -Superposition.dfy[M1](22,26): Related location: This is the postcondition that might not hold. +Superposition.dfy(50,24): Error BP5003: A postcondition might not hold on this return path. +Superposition.dfy[M1](22,25): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon9_Else diff --git a/Test/dafny0/Termination.dfy.expect b/Test/dafny0/Termination.dfy.expect index 77a9e70e..69cb360d 100644 --- a/Test/dafny0/Termination.dfy.expect +++ b/Test/dafny0/Termination.dfy.expect @@ -1,20 +1,20 @@ -Termination.dfy[TerminationRefinement1](441,6): Error: failure to decrease termination measure +Termination.dfy[TerminationRefinement1](441,5): Error: failure to decrease termination measure Execution trace: (0,0): anon0 -Termination.dfy(361,47): Error: failure to decrease termination measure +Termination.dfy(361,46): Error: failure to decrease termination measure Execution trace: (0,0): anon0 (0,0): anon9_Else (0,0): anon10_Then (0,0): anon11_Else -Termination.dfy(108,3): Error: cannot prove termination; try supplying a decreases clause for the loop +Termination.dfy(108,2): Error: cannot prove termination; try supplying a decreases clause for the loop Execution trace: (0,0): anon0 Termination.dfy(108,3): anon6_LoopHead (0,0): anon6_LoopBody Termination.dfy(108,3): anon7_Else Termination.dfy(108,3): anon8_Else -Termination.dfy(116,3): Error: cannot prove termination; try supplying a decreases clause for the loop +Termination.dfy(116,2): Error: cannot prove termination; try supplying a decreases clause for the loop Execution trace: (0,0): anon0 Termination.dfy(116,3): anon8_LoopHead @@ -23,7 +23,7 @@ Execution trace: (0,0): anon10_Then (0,0): anon5 Termination.dfy(116,3): anon11_Else -Termination.dfy(125,3): Error: decreases expression might not decrease +Termination.dfy(125,2): Error: decreases expression might not decrease Execution trace: (0,0): anon0 Termination.dfy(125,3): anon8_LoopHead @@ -32,7 +32,7 @@ Execution trace: (0,0): anon10_Then (0,0): anon5 Termination.dfy(125,3): anon11_Else -Termination.dfy(126,17): Error: decreases expression must be bounded below by 0 at end of loop iteration +Termination.dfy(126,16): Error: decreases expression must be bounded below by 0 at end of loop iteration Execution trace: (0,0): anon0 Termination.dfy(125,3): anon8_LoopHead @@ -41,13 +41,13 @@ Execution trace: (0,0): anon10_Then (0,0): anon5 Termination.dfy(125,3): anon11_Else -Termination.dfy(255,35): Error: cannot prove termination; try supplying a decreases clause +Termination.dfy(255,34): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon8_Else (0,0): anon9_Else (0,0): anon10_Then -Termination.dfy(296,3): Error: decreases expression might not decrease +Termination.dfy(296,2): Error: decreases expression might not decrease Execution trace: Termination.dfy(296,3): anon9_LoopHead (0,0): anon9_LoopBody diff --git a/Test/dafny0/Trait/TraitUsingParentMembers.dfy.expect b/Test/dafny0/Trait/TraitUsingParentMembers.dfy.expect index 9960c1d9..1517dee4 100644 --- a/Test/dafny0/Trait/TraitUsingParentMembers.dfy.expect +++ b/Test/dafny0/Trait/TraitUsingParentMembers.dfy.expect @@ -1,4 +1,4 @@ -TraitUsingParentMembers.dfy(10,8): Error: assignment may update an array element not in the enclosing context's modifies clause +TraitUsingParentMembers.dfy(10,7): Error: assignment may update an array element not in the enclosing context's modifies clause Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/dafny0/Trait/TraitsDecreases.dfy.expect b/Test/dafny0/Trait/TraitsDecreases.dfy.expect index 2607a0c6..7d646bd1 100644 --- a/Test/dafny0/Trait/TraitsDecreases.dfy.expect +++ b/Test/dafny0/Trait/TraitsDecreases.dfy.expect @@ -1,34 +1,34 @@ -TraitsDecreases.dfy(117,15): Error: predicate's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(117,14): Error: predicate's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(124,15): Error: predicate's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(124,14): Error: predicate's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(131,15): Error: predicate's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(131,14): Error: predicate's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(138,15): Error: predicate's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(138,14): Error: predicate's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(145,15): Error: predicate's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(145,14): Error: predicate's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(152,12): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(152,11): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(57,10): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(57,9): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(69,10): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(69,9): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(72,10): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(72,9): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(78,10): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(78,9): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 -TraitsDecreases.dfy(88,10): Error: method's decreases clause must be below or equal to that in the trait +TraitsDecreases.dfy(88,9): Error: method's decreases clause must be below or equal to that in the trait Execution trace: (0,0): anon0 diff --git a/Test/dafny0/Tuples.dfy.expect b/Test/dafny0/Tuples.dfy.expect index 13c706d3..9b5f3a83 100644 --- a/Test/dafny0/Tuples.dfy.expect +++ b/Test/dafny0/Tuples.dfy.expect @@ -1,7 +1,7 @@ -Tuples.dfy(22,19): Error: assertion violation +Tuples.dfy(22,18): Error: assertion violation Execution trace: (0,0): anon0 -Tuples.dfy(24,21): Error: possible division by zero +Tuples.dfy(24,20): Error: possible division by zero Execution trace: (0,0): anon0 diff --git a/Test/dafny0/TypeAntecedents.dfy.expect b/Test/dafny0/TypeAntecedents.dfy.expect index d6eb08e4..2e2f606d 100644 --- a/Test/dafny0/TypeAntecedents.dfy.expect +++ b/Test/dafny0/TypeAntecedents.dfy.expect @@ -1,8 +1,8 @@ -TypeAntecedents.dfy(35,13): Error: assertion violation +TypeAntecedents.dfy(35,12): Error: assertion violation Execution trace: (0,0): anon0 -TypeAntecedents.dfy(58,1): Error BP5003: A postcondition might not hold on this return path. -TypeAntecedents.dfy(57,15): Related location: This is the postcondition that might not hold. +TypeAntecedents.dfy(58,0): Error BP5003: A postcondition might not hold on this return path. +TypeAntecedents.dfy(57,14): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon25_Then @@ -16,7 +16,7 @@ Execution trace: (0,0): anon34_Then (0,0): anon35_Then (0,0): anon24 -TypeAntecedents.dfy(66,16): Error: assertion violation +TypeAntecedents.dfy(66,15): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon25_Else diff --git a/Test/dafny0/TypeParameters.dfy.expect b/Test/dafny0/TypeParameters.dfy.expect index 3d00e89a..aca0694d 100644 --- a/Test/dafny0/TypeParameters.dfy.expect +++ b/Test/dafny0/TypeParameters.dfy.expect @@ -1,43 +1,43 @@ -TypeParameters.dfy(47,22): Error: assertion violation +TypeParameters.dfy(47,21): Error: assertion violation Execution trace: (0,0): anon0 -TypeParameters.dfy(69,27): Error: assertion violation +TypeParameters.dfy(69,26): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then (0,0): anon2 -TypeParameters.dfy(156,12): Error: assertion violation -TypeParameters.dfy(156,28): Related location +TypeParameters.dfy(156,11): Error: assertion violation +TypeParameters.dfy(156,27): Related location Execution trace: (0,0): anon0 (0,0): anon20_Then TypeParameters.dfy(156,32): anon21_Else (0,0): anon5 -TypeParameters.dfy(158,12): Error: assertion violation -TypeParameters.dfy(158,33): Related location +TypeParameters.dfy(158,11): Error: assertion violation +TypeParameters.dfy(158,32): Related location Execution trace: (0,0): anon0 (0,0): anon23_Then TypeParameters.dfy(158,37): anon24_Else (0,0): anon11 -TypeParameters.dfy(160,12): Error: assertion violation -TypeParameters.dfy(160,20): Related location +TypeParameters.dfy(160,11): Error: assertion violation +TypeParameters.dfy(160,19): Related location Execution trace: (0,0): anon0 (0,0): anon25_Then -TypeParameters.dfy(162,12): Error: assertion violation -TypeParameters.dfy(147,5): Related location -TypeParameters.dfy(162,21): Related location +TypeParameters.dfy(162,11): Error: assertion violation +TypeParameters.dfy(147,4): Related location +TypeParameters.dfy(162,20): Related location Execution trace: (0,0): anon0 (0,0): anon26_Then -TypeParameters.dfy(164,12): Error: assertion violation -TypeParameters.dfy(149,8): Related location +TypeParameters.dfy(164,11): Error: assertion violation +TypeParameters.dfy(149,7): Related location Execution trace: (0,0): anon0 (0,0): anon27_Then -TypeParameters.dfy(178,15): Error BP5005: This loop invariant might not be maintained by the loop. -TypeParameters.dfy(178,38): Related location +TypeParameters.dfy(178,14): Error BP5005: This loop invariant might not be maintained by the loop. +TypeParameters.dfy(178,37): Related location Execution trace: (0,0): anon0 TypeParameters.dfy(171,3): anon16_LoopHead diff --git a/Test/dafny0/columns.dfy b/Test/dafny0/columns.dfy new file mode 100644 index 00000000..e36142be --- /dev/null +++ b/Test/dafny0/columns.dfy @@ -0,0 +1,10 @@ +// RUN: %dafny "%s" > "%t" +// RUN: %diff "%s.expect" "%t" + +// Dafny counts columns from 0, but Boogie from one, so for a while there were small bugs with that. + +static method A(x:int) requires x > 0 { // error os 's' + assert (forall y :: y > x ==> y > 100); // error on '(' + assert x != 1; // error on '!' + assert x in {}; // error on 'i' +} diff --git a/Test/dafny0/columns.dfy.expect b/Test/dafny0/columns.dfy.expect new file mode 100644 index 00000000..295ca351 --- /dev/null +++ b/Test/dafny0/columns.dfy.expect @@ -0,0 +1,18 @@ +columns.dfy(6,0): Warning: module-level methods are always non-instance, so the 'static' keyword is not allowed here +columns.dfy(7,9): Error: assertion violation +Execution trace: + (0,0): anon0 + (0,0): anon3_Then + (0,0): anon2 +columns.dfy(8,11): Error: assertion violation +Execution trace: + (0,0): anon0 + (0,0): anon3_Then + (0,0): anon2 +columns.dfy(9,11): Error: assertion violation +Execution trace: + (0,0): anon0 + (0,0): anon3_Then + (0,0): anon2 + +Dafny program verifier finished with 1 verified, 3 errors diff --git a/Test/dafny0/snapshots/Snapshots0.run.dfy.expect b/Test/dafny0/snapshots/Snapshots0.run.dfy.expect index 96c280d9..d32cd9bb 100644 --- a/Test/dafny0/snapshots/Snapshots0.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots0.run.dfy.expect @@ -18,7 +18,7 @@ Processing command (at ) a##cached##0 := a##cached##0 && ##ext >>> AssumeNegationOfAssumptionVariable Processing command (at Snapshots0.v1.dfy(4,10)) assert Lit(false); >>> MarkAsPartiallyVerified -Snapshots0.v1.dfy(4,10): Error: assertion violation +Snapshots0.v1.dfy(4,9): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/snapshots/Snapshots1.run.dfy.expect b/Test/dafny0/snapshots/Snapshots1.run.dfy.expect index 878f9905..6d5e43f8 100644 --- a/Test/dafny0/snapshots/Snapshots1.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots1.run.dfy.expect @@ -14,7 +14,7 @@ Processing command (at Snapshots1.v1.dfy(3,4)) assert (forall $o: ref, $f >>> MarkAsFullyVerified Processing command (at Snapshots1.v1.dfy(4,10)) assert Lit(false); >>> DoNothingToAssert -Snapshots1.v1.dfy(4,10): Error: assertion violation +Snapshots1.v1.dfy(4,9): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/snapshots/Snapshots2.run.dfy.expect b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect index a6a9bc4c..ee2ceecd 100644 --- a/Test/dafny0/snapshots/Snapshots2.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect @@ -26,7 +26,7 @@ Processing command (at Snapshots2.v1.dfy(3,4)) assert (forall $o: ref, $f >>> MarkAsFullyVerified Processing command (at Snapshots2.v1.dfy(4,10)) assert Lit(false); >>> DoNothingToAssert -Snapshots2.v1.dfy(4,10): Error: assertion violation +Snapshots2.v1.dfy(4,9): Error: assertion violation Execution trace: (0,0): anon0 Processing command (at Snapshots2.v1.dfy(11,11)) assert true; diff --git a/Test/dafny0/snapshots/Snapshots3.run.dfy.expect b/Test/dafny0/snapshots/Snapshots3.run.dfy.expect index 07e2d063..accacd90 100644 --- a/Test/dafny0/snapshots/Snapshots3.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots3.run.dfy.expect @@ -1,6 +1,6 @@ Processing command (at Snapshots3.v0.dfy(9,14)) assert Lit(0 != 0); >>> DoNothingToAssert -Snapshots3.v0.dfy(9,14): Error: assertion violation +Snapshots3.v0.dfy(9,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else @@ -10,7 +10,7 @@ Processing command (at Snapshots3.v1.dfy(5,12)) assert Lit(true); >>> DoNothingToAssert Processing command (at Snapshots3.v1.dfy(9,14)) assert Lit(0 != 0); >>> RecycleError -Snapshots3.v0.dfy(9,14): Error: assertion violation +Snapshots3.v0.dfy(9,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else diff --git a/Test/dafny0/snapshots/Snapshots4.run.dfy.expect b/Test/dafny0/snapshots/Snapshots4.run.dfy.expect index fdc97775..d56eb9d0 100644 --- a/Test/dafny0/snapshots/Snapshots4.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots4.run.dfy.expect @@ -8,11 +8,11 @@ Processing command (at Snapshots4.v1.dfy(9,14)) assert LitInt(0) == LitInt(0); >>> MarkAsFullyVerified Processing command (at Snapshots4.v1.dfy(10,14)) assert Lit(2 != 2); >>> DoNothingToAssert -Snapshots4.v1.dfy(5,14): Error: assertion violation +Snapshots4.v1.dfy(5,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Then -Snapshots4.v1.dfy(10,14): Error: assertion violation +Snapshots4.v1.dfy(10,13): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon3_Else diff --git a/Test/dafny0/snapshots/Snapshots6.run.dfy.expect b/Test/dafny0/snapshots/Snapshots6.run.dfy.expect index af440327..bef5a87d 100644 --- a/Test/dafny0/snapshots/Snapshots6.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots6.run.dfy.expect @@ -4,7 +4,7 @@ Processing command (at Snapshots6.v0.dfy(20,14)) assert Lit(false); Dafny program verifier finished with 4 verified, 0 errors Processing command (at Snapshots6.v1.dfy(20,14)) assert Lit(false); >>> DoNothingToAssert -Snapshots6.v1.dfy(20,14): Error: assertion violation +Snapshots6.v1.dfy(20,13): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny0/snapshots/Snapshots7.run.dfy.expect b/Test/dafny0/snapshots/Snapshots7.run.dfy.expect index 7c073a9a..b90a6034 100644 --- a/Test/dafny0/snapshots/Snapshots7.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots7.run.dfy.expect @@ -24,7 +24,7 @@ Processing command (at ) a##cached##0 := a##cached##0 && ##ext >>> AssumeNegationOfAssumptionVariable Processing command (at Snapshots7.v1.dfy(19,14)) assert Lit(false); >>> MarkAsPartiallyVerified -Snapshots7.v1.dfy(19,14): Error: assertion violation +Snapshots7.v1.dfy(19,13): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/dafny1/MoreInduction.dfy.expect b/Test/dafny1/MoreInduction.dfy.expect index c8785e56..5de0ace6 100644 --- a/Test/dafny1/MoreInduction.dfy.expect +++ b/Test/dafny1/MoreInduction.dfy.expect @@ -1,17 +1,17 @@ -MoreInduction.dfy(78,1): Error BP5003: A postcondition might not hold on this return path. -MoreInduction.dfy(77,11): Related location: This is the postcondition that might not hold. +MoreInduction.dfy(78,0): Error BP5003: A postcondition might not hold on this return path. +MoreInduction.dfy(77,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -MoreInduction.dfy(83,1): Error BP5003: A postcondition might not hold on this return path. -MoreInduction.dfy(82,21): Related location: This is the postcondition that might not hold. +MoreInduction.dfy(83,0): Error BP5003: A postcondition might not hold on this return path. +MoreInduction.dfy(82,20): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -MoreInduction.dfy(88,1): Error BP5003: A postcondition might not hold on this return path. -MoreInduction.dfy(87,11): Related location: This is the postcondition that might not hold. +MoreInduction.dfy(88,0): Error BP5003: A postcondition might not hold on this return path. +MoreInduction.dfy(87,10): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 -MoreInduction.dfy(93,1): Error BP5003: A postcondition might not hold on this return path. -MoreInduction.dfy(92,22): Related location: This is the postcondition that might not hold. +MoreInduction.dfy(93,0): Error BP5003: A postcondition might not hold on this return path. +MoreInduction.dfy(92,21): Related location: This is the postcondition that might not hold. Execution trace: (0,0): anon0 diff --git a/Test/dafny2/SnapshotableTrees.dfy.expect b/Test/dafny2/SnapshotableTrees.dfy.expect index 849b9e38..808fe0f9 100644 --- a/Test/dafny2/SnapshotableTrees.dfy.expect +++ b/Test/dafny2/SnapshotableTrees.dfy.expect @@ -1,5 +1,5 @@ -SnapshotableTrees.dfy(68,24): Error BP5002: A precondition for this call might not hold. -SnapshotableTrees.dfy(648,16): Related location: This is the precondition that might not hold. +SnapshotableTrees.dfy(68,23): Error BP5002: A precondition for this call might not hold. +SnapshotableTrees.dfy(648,15): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 (0,0): anon3_Then diff --git a/Test/dafny4/BinarySearch.dfy.expect b/Test/dafny4/BinarySearch.dfy.expect index 944f677a..a9f834b7 100644 --- a/Test/dafny4/BinarySearch.dfy.expect +++ b/Test/dafny4/BinarySearch.dfy.expect @@ -1,4 +1,4 @@ -BinarySearch.dfy(44,20): Error: result of operation might violate newtype constraint +BinarySearch.dfy(44,19): Error: result of operation might violate newtype constraint Execution trace: (0,0): anon0 BinarySearch.dfy(40,3): anon18_LoopHead diff --git a/Test/dafny4/Bug73.dfy.expect b/Test/dafny4/Bug73.dfy.expect index 6cf5c156..8beaa18c 100644 --- a/Test/dafny4/Bug73.dfy.expect +++ b/Test/dafny4/Bug73.dfy.expect @@ -1,9 +1,9 @@ -Bug73.dfy(7,14): Error: assertion violation +Bug73.dfy(7,13): Error: assertion violation Execution trace: (0,0): anon0 Bug73.dfy(7,19): anon3_Else (0,0): anon2 -Bug73.dfy(13,14): Error: assertion violation +Bug73.dfy(13,13): Error: assertion violation Execution trace: (0,0): anon0 Bug73.dfy(13,20): anon3_Else diff --git a/Test/dafny4/SoftwareFoundations-Basics.dfy.expect b/Test/dafny4/SoftwareFoundations-Basics.dfy.expect index 0f9eb8d0..f07b068f 100644 --- a/Test/dafny4/SoftwareFoundations-Basics.dfy.expect +++ b/Test/dafny4/SoftwareFoundations-Basics.dfy.expect @@ -1,4 +1,4 @@ -SoftwareFoundations-Basics.dfy(41,12): Error: assertion violation +SoftwareFoundations-Basics.dfy(41,11): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/hofs/Apply.dfy.expect b/Test/hofs/Apply.dfy.expect index 77d34c4c..0a923143 100644 --- a/Test/hofs/Apply.dfy.expect +++ b/Test/hofs/Apply.dfy.expect @@ -1,4 +1,4 @@ -Apply.dfy(27,16): Error: assertion violation +Apply.dfy(27,15): Error: assertion violation Execution trace: (0,0): anon0 Apply.dfy(26,27): anon15_Else diff --git a/Test/hofs/Classes.dfy.expect b/Test/hofs/Classes.dfy.expect index 1c9e31f0..a5b33522 100644 --- a/Test/hofs/Classes.dfy.expect +++ b/Test/hofs/Classes.dfy.expect @@ -1,7 +1,7 @@ -Classes.dfy(64,12): Error: assertion violation +Classes.dfy(64,11): Error: assertion violation Execution trace: (0,0): anon0 -Classes.dfy(40,6): Error: possible violation of function precondition +Classes.dfy(40,5): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon7_Else diff --git a/Test/hofs/Field.dfy.expect b/Test/hofs/Field.dfy.expect index 9f6998f5..0859d83c 100644 --- a/Test/hofs/Field.dfy.expect +++ b/Test/hofs/Field.dfy.expect @@ -1,13 +1,13 @@ -Field.dfy(12,12): Error: possible violation of function precondition +Field.dfy(12,11): Error: possible violation of function precondition Execution trace: (0,0): anon0 -Field.dfy(12,15): Error: assertion violation +Field.dfy(12,14): Error: assertion violation Execution trace: (0,0): anon0 -Field.dfy(21,12): Error: possible violation of function precondition +Field.dfy(21,11): Error: possible violation of function precondition Execution trace: (0,0): anon0 -Field.dfy(21,14): Error: assertion violation +Field.dfy(21,13): Error: assertion violation Execution trace: (0,0): anon0 diff --git a/Test/hofs/FnRef.dfy.expect b/Test/hofs/FnRef.dfy.expect index 0f6f2aa9..e665c830 100644 --- a/Test/hofs/FnRef.dfy.expect +++ b/Test/hofs/FnRef.dfy.expect @@ -1,19 +1,19 @@ -FnRef.dfy(17,45): Error: possible violation of function precondition +FnRef.dfy(17,44): Error: possible violation of function precondition Execution trace: (0,0): anon0 FnRef.dfy(15,12): anon5_Else (0,0): anon6_Then -FnRef.dfy(32,8): Error: possible violation of function precondition +FnRef.dfy(32,7): Error: possible violation of function precondition Execution trace: (0,0): anon0 FnRef.dfy(26,12): anon9_Else FnRef.dfy(28,8): anon10_Else -FnRef.dfy(46,12): Error: assertion violation +FnRef.dfy(46,11): Error: assertion violation Execution trace: (0,0): anon0 FnRef.dfy(43,12): anon7_Else (0,0): anon9_Then -FnRef.dfy(65,14): Error: assertion violation +FnRef.dfy(65,13): Error: assertion violation Execution trace: (0,0): anon0 FnRef.dfy(56,12): anon8_Else diff --git a/Test/hofs/Frame.dfy.expect b/Test/hofs/Frame.dfy.expect index 0ee2eadb..9964deb4 100644 --- a/Test/hofs/Frame.dfy.expect +++ b/Test/hofs/Frame.dfy.expect @@ -1,35 +1,35 @@ -Frame.dfy(23,16): Error: assertion violation +Frame.dfy(23,15): Error: assertion violation Execution trace: (0,0): anon0 Frame.dfy(19,12): anon5_Else (0,0): anon6_Then -Frame.dfy(37,14): Error: assertion violation +Frame.dfy(37,13): Error: assertion violation Execution trace: (0,0): anon0 Frame.dfy(33,12): anon3_Else -Frame.dfy(63,23): Error: assertion violation +Frame.dfy(63,22): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon13_Then Frame.dfy(55,12): anon14_Else (0,0): anon15_Then (0,0): anon5 -Frame.dfy(66,19): Error: insufficient reads clause to read array element +Frame.dfy(66,18): Error: insufficient reads clause to read array element Execution trace: (0,0): anon0 (0,0): anon16_Then (0,0): anon17_Then -Frame.dfy(68,28): Error: insufficient reads clause to read array element +Frame.dfy(68,27): Error: insufficient reads clause to read array element Execution trace: (0,0): anon0 (0,0): anon16_Else (0,0): anon18_Then -Frame.dfy(123,14): Error: possible violation of function precondition +Frame.dfy(123,13): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon5_Then (0,0): anon6_Else -Frame.dfy(123,19): Error: assertion violation +Frame.dfy(123,18): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/hofs/Lambda.dfy.expect b/Test/hofs/Lambda.dfy.expect index 4fe8275f..ab57fbe0 100644 --- a/Test/hofs/Lambda.dfy.expect +++ b/Test/hofs/Lambda.dfy.expect @@ -1,4 +1,4 @@ -Lambda.dfy(24,12): Error: assertion violation +Lambda.dfy(24,11): Error: assertion violation Execution trace: (0,0): anon0 Lambda.dfy(6,24): anon31_Else diff --git a/Test/hofs/LambdaParsefail.dfy.expect b/Test/hofs/LambdaParsefail.dfy.expect index 11deb9b0..a72fc978 100644 --- a/Test/hofs/LambdaParsefail.dfy.expect +++ b/Test/hofs/LambdaParsefail.dfy.expect @@ -1,6 +1,6 @@ -LambdaParsefail.dfy(5,19): error: this symbol not expected in VarDeclStatement -LambdaParsefail.dfy(6,19): error: this symbol not expected in VarDeclStatement -LambdaParsefail.dfy(7,21): error: this symbol not expected in VarDeclStatement -LambdaParsefail.dfy(8,15): error: cannot declare identifier beginning with underscore -LambdaParsefail.dfy(9,17): error: this symbol not expected in VarDeclStatement +LambdaParsefail.dfy(5,18): Error: this symbol not expected in VarDeclStatement +LambdaParsefail.dfy(6,18): Error: this symbol not expected in VarDeclStatement +LambdaParsefail.dfy(7,20): Error: this symbol not expected in VarDeclStatement +LambdaParsefail.dfy(8,14): Error: cannot declare identifier beginning with underscore +LambdaParsefail.dfy(9,16): Error: this symbol not expected in VarDeclStatement 5 parse errors detected in LambdaParsefail.dfy diff --git a/Test/hofs/LambdaParsefail2.dfy.expect b/Test/hofs/LambdaParsefail2.dfy.expect index 0c9ecb83..1a6a65dc 100644 --- a/Test/hofs/LambdaParsefail2.dfy.expect +++ b/Test/hofs/LambdaParsefail2.dfy.expect @@ -1,2 +1,2 @@ -LambdaParsefail2.dfy(6,39): error: invalid LambdaArrow +LambdaParsefail2.dfy(6,38): Error: invalid LambdaArrow 1 parse errors detected in LambdaParsefail2.dfy diff --git a/Test/hofs/Naked.dfy.expect b/Test/hofs/Naked.dfy.expect index 514952a1..9794478d 100644 --- a/Test/hofs/Naked.dfy.expect +++ b/Test/hofs/Naked.dfy.expect @@ -1,45 +1,45 @@ -Naked.dfy(9,16): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(9,15): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 (0,0): anon9_Else (0,0): anon10_Else (0,0): anon11_Then -Naked.dfy(12,8): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(12,7): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 (0,0): anon9_Else (0,0): anon10_Else (0,0): anon11_Else -Naked.dfy(17,53): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(17,52): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 (0,0): anon7_Else (0,0): anon8_Else -Naked.dfy(22,13): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(22,12): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 -Naked.dfy(26,14): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(26,13): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 -Naked.dfy(30,45): Error: possible violation of function precondition -Naked.dfy(32,14): Related location +Naked.dfy(30,44): Error: possible violation of function precondition +Naked.dfy(32,13): Related location Execution trace: (0,0): anon0 (0,0): anon4_Else -Naked.dfy(32,15): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(32,14): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 -Naked.dfy(38,9): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(38,8): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 -Naked.dfy(42,10): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(42,9): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 -Naked.dfy(45,30): Error: cannot prove termination; try supplying a decreases clause +Naked.dfy(45,29): Error: cannot prove termination; try supplying a decreases clause Execution trace: (0,0): anon0 (0,0): anon4_Else -Naked.dfy(48,11): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. +Naked.dfy(48,10): Error: cannot use naked function in recursive setting. Possible solution: eta expansion. Execution trace: (0,0): anon0 diff --git a/Test/hofs/OneShot.dfy.expect b/Test/hofs/OneShot.dfy.expect index 91b931b8..0b4a2bb8 100644 --- a/Test/hofs/OneShot.dfy.expect +++ b/Test/hofs/OneShot.dfy.expect @@ -1,16 +1,16 @@ -OneShot.dfy(20,12): Error: possible violation of function precondition +OneShot.dfy(20,11): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon5_Then OneShot.dfy(13,8): anon5_Else (0,0): anon6_Then -OneShot.dfy(22,12): Error: assertion violation +OneShot.dfy(22,11): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon5_Then OneShot.dfy(13,8): anon5_Else (0,0): anon6_Else -OneShot.dfy(22,13): Error: possible violation of function precondition +OneShot.dfy(22,12): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon5_Then diff --git a/Test/hofs/ReadsReads.dfy.expect b/Test/hofs/ReadsReads.dfy.expect index cd013630..0a374c44 100644 --- a/Test/hofs/ReadsReads.dfy.expect +++ b/Test/hofs/ReadsReads.dfy.expect @@ -1,33 +1,33 @@ -ReadsReads.dfy(31,7): Error: insufficient reads clause to invoke function +ReadsReads.dfy(31,6): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 (0,0): anon4_Else -ReadsReads.dfy(36,5): Error: insufficient reads clause to invoke function +ReadsReads.dfy(36,4): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 (0,0): anon4_Else -ReadsReads.dfy(47,12): Error: insufficient reads clause to invoke function +ReadsReads.dfy(47,11): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 (0,0): anon4_Else -ReadsReads.dfy(58,7): Error: insufficient reads clause to invoke function +ReadsReads.dfy(58,6): Error: insufficient reads clause to invoke function Execution trace: (0,0): anon0 (0,0): anon4_Else -ReadsReads.dfy(87,50): Error: assertion violation +ReadsReads.dfy(87,49): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon16_Then -ReadsReads.dfy(89,29): Error: assertion violation +ReadsReads.dfy(89,28): Error: assertion violation Execution trace: (0,0): anon0 (0,0): anon18_Then -ReadsReads.dfy(99,37): Error: assertion violation +ReadsReads.dfy(99,36): Error: assertion violation Execution trace: (0,0): anon0 ReadsReads.dfy(96,14): anon15_Else (0,0): anon19_Then -ReadsReads.dfy(101,29): Error: assertion violation +ReadsReads.dfy(101,28): Error: assertion violation Execution trace: (0,0): anon0 ReadsReads.dfy(96,14): anon15_Else diff --git a/Test/hofs/Simple.dfy.expect b/Test/hofs/Simple.dfy.expect index e2f16ef3..c0123c80 100644 --- a/Test/hofs/Simple.dfy.expect +++ b/Test/hofs/Simple.dfy.expect @@ -1,26 +1,26 @@ -Simple.dfy(14,10): Error: possible division by zero +Simple.dfy(14,9): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon6_Else (0,0): anon7_Then -Simple.dfy(27,10): Error: possible division by zero +Simple.dfy(27,9): Error: possible division by zero Execution trace: (0,0): anon0 (0,0): anon6_Else (0,0): anon7_Then -Simple.dfy(37,9): Error: possible violation of function precondition +Simple.dfy(37,8): Error: possible violation of function precondition Execution trace: (0,0): anon0 Simple.dfy(35,13): anon5_Else -Simple.dfy(49,9): Error: possible violation of function precondition +Simple.dfy(49,8): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon3_Then (0,0): anon2 -Simple.dfy(61,10): Error: possible violation of function precondition +Simple.dfy(61,9): Error: possible violation of function precondition Execution trace: (0,0): anon0 -Simple.dfy(73,10): Error: assertion violation +Simple.dfy(73,9): Error: assertion violation Execution trace: (0,0): anon0 Simple.dfy(72,38): anon5_Else diff --git a/Test/hofs/Twice.dfy.expect b/Test/hofs/Twice.dfy.expect index 2476b945..0ce2450c 100644 --- a/Test/hofs/Twice.dfy.expect +++ b/Test/hofs/Twice.dfy.expect @@ -1,8 +1,8 @@ -Twice.dfy(27,22): Error: assertion violation +Twice.dfy(27,21): Error: assertion violation Execution trace: (0,0): anon0 Twice.dfy(23,12): anon3_Else -Twice.dfy(35,32): Error: possible violation of function precondition +Twice.dfy(35,31): Error: possible violation of function precondition Execution trace: (0,0): anon0 (0,0): anon10_Else diff --git a/Test/irondafny0/inheritreqs0.dfy.expect b/Test/irondafny0/inheritreqs0.dfy.expect index eaadc85a..44e33bc0 100644 --- a/Test/irondafny0/inheritreqs0.dfy.expect +++ b/Test/irondafny0/inheritreqs0.dfy.expect @@ -1,5 +1,5 @@ -inheritreqs0.dfy(19,14): Error BP5002: A precondition for this call might not hold. -inheritreqs0.dfy[Impl](6,18): Related location: This is the precondition that might not hold. +inheritreqs0.dfy(19,13): Error BP5002: A precondition for this call might not hold. +inheritreqs0.dfy[Impl](6,17): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 diff --git a/Test/irondafny0/inheritreqs1.dfy.expect b/Test/irondafny0/inheritreqs1.dfy.expect index 27c76fee..a07d179d 100644 --- a/Test/irondafny0/inheritreqs1.dfy.expect +++ b/Test/irondafny0/inheritreqs1.dfy.expect @@ -1,5 +1,5 @@ -inheritreqs1.dfy(20,14): Error BP5002: A precondition for this call might not hold. -inheritreqs1.dfy(15,18): Related location: This is the precondition that might not hold. +inheritreqs1.dfy(20,13): Error BP5002: A precondition for this call might not hold. +inheritreqs1.dfy(15,17): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 diff --git a/Test/irondafny0/xrefine1.dfy.expect b/Test/irondafny0/xrefine1.dfy.expect index ae844fc8..ec946cda 100644 --- a/Test/irondafny0/xrefine1.dfy.expect +++ b/Test/irondafny0/xrefine1.dfy.expect @@ -1,5 +1,5 @@ -xrefine1.dfy(71,13): Error BP5002: A precondition for this call might not hold. -xrefine1.dfy[MainImpl](49,29): Related location: This is the precondition that might not hold. +xrefine1.dfy(71,12): Error BP5002: A precondition for this call might not hold. +xrefine1.dfy[MainImpl](49,28): Related location: This is the precondition that might not hold. Execution trace: (0,0): anon0 -- cgit v1.2.3 From 13a88d7263c02590f5be9bb9944c0ab43b76bccc Mon Sep 17 00:00:00 2001 From: qunyanm Date: Fri, 26 Feb 2016 09:56:59 -0800 Subject: Fix issue 136. Less aggressive Lit wrap for assert/assume. --- Source/Dafny/Translator.cs | 235 +-- Test/dafny0/DTypes.dfy | 2 +- Test/dafny0/snapshots/Snapshots0.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots1.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots2.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots3.run.dfy.expect | 6 +- Test/dafny0/snapshots/Snapshots4.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots6.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots7.run.dfy.expect | 4 +- Test/dafny0/snapshots/Snapshots8.run.dfy.expect | 4 +- Test/dafny4/Bug136.dfy | 12 + Test/dafny4/Bug136.dfy.expect | 1772 +++++++++++++++++++++++ 12 files changed, 1924 insertions(+), 131 deletions(-) create mode 100644 Test/dafny4/Bug136.dfy create mode 100644 Test/dafny4/Bug136.dfy.expect (limited to 'Test/dafny0/snapshots/Snapshots2.run.dfy.expect') diff --git a/Source/Dafny/Translator.cs b/Source/Dafny/Translator.cs index 52f52abf..c7552a79 100644 --- a/Source/Dafny/Translator.cs +++ b/Source/Dafny/Translator.cs @@ -1650,7 +1650,7 @@ namespace Microsoft.Dafny { // Next, we assume about this.* whatever we said that the iterator constructor promises foreach (var p in iter.Member_Init.Ens) { - builder.Add(new Bpl.AssumeCmd(p.E.tok, etran.TrExpr(p.E))); + builder.Add(TrAssumeCmd(p.E.tok, etran.TrExpr(p.E))); } // play havoc with the heap, except at the locations prescribed by (this._reads - this._modifies - {this}) @@ -1676,7 +1676,7 @@ namespace Microsoft.Dafny { validCall.TypeArgumentSubstitutions[p] = new UserDefinedType(p); } // resolved here. - builder.Add(new Bpl.AssumeCmd(iter.tok, etran.TrExpr(validCall))); + builder.Add(TrAssumeCmd(iter.tok, etran.TrExpr(validCall))); // check well-formedness of the user-defined part of the yield-requires foreach (var p in iter.YieldRequires) { @@ -1703,13 +1703,13 @@ namespace Microsoft.Dafny { setDiff.ResolvedOp = BinaryExpr.ResolvedOpcode.SetDifference; setDiff.Type = nw.Type; // resolve here Expression cond = new UnaryOpExpr(iter.tok, UnaryOpExpr.Opcode.Fresh, setDiff); cond.Type = Type.Bool; // resolve here - builder.Add(new Bpl.AssumeCmd(iter.tok, yeEtran.TrExpr(cond))); + builder.Add(TrAssumeCmd(iter.tok, yeEtran.TrExpr(cond))); // check wellformedness of postconditions var yeBuilder = new Bpl.StmtListBuilder(); var endBuilder = new Bpl.StmtListBuilder(); // In the yield-ensures case: assume this.Valid(); - yeBuilder.Add(new Bpl.AssumeCmd(iter.tok, yeEtran.TrExpr(validCall))); + yeBuilder.Add(TrAssumeCmd(iter.tok, yeEtran.TrExpr(validCall))); Contract.Assert(iter.OutsFields.Count == iter.OutsHistoryFields.Count); for (int i = 0; i < iter.OutsFields.Count; i++) { var y = iter.OutsFields[i]; @@ -1726,9 +1726,9 @@ namespace Microsoft.Dafny { concat.ResolvedOp = BinaryExpr.ResolvedOpcode.Concat; concat.Type = oldThisYs.Type; // resolve here // In the yield-ensures case: assume this.ys == old(this.ys) + [this.y]; - yeBuilder.Add(new Bpl.AssumeCmd(iter.tok, Bpl.Expr.Eq(yeEtran.TrExpr(thisYs), yeEtran.TrExpr(concat)))); + yeBuilder.Add(TrAssumeCmd(iter.tok, Bpl.Expr.Eq(yeEtran.TrExpr(thisYs), yeEtran.TrExpr(concat)))); // In the ensures case: assume this.ys == old(this.ys); - endBuilder.Add(new Bpl.AssumeCmd(iter.tok, Bpl.Expr.Eq(yeEtran.TrExpr(thisYs), yeEtran.TrExpr(oldThisYs)))); + endBuilder.Add(TrAssumeCmd(iter.tok, Bpl.Expr.Eq(yeEtran.TrExpr(thisYs), yeEtran.TrExpr(oldThisYs)))); } foreach (var p in iter.YieldEnsures) { @@ -1775,18 +1775,18 @@ namespace Microsoft.Dafny { // add locals for the yield-history variables and the extra variables // Assume the precondition and postconditions of the iterator constructor method foreach (var p in iter.Member_Init.Req) { - builder.Add(new Bpl.AssumeCmd(p.E.tok, etran.TrExpr(p.E))); + builder.Add(TrAssumeCmd(p.E.tok, etran.TrExpr(p.E))); } foreach (var p in iter.Member_Init.Ens) { // these postconditions are two-state predicates, but that's okay, because we haven't changed anything yet - builder.Add(new Bpl.AssumeCmd(p.E.tok, etran.TrExpr(p.E))); + builder.Add(TrAssumeCmd(p.E.tok, etran.TrExpr(p.E))); } // add the _yieldCount variable, and assume its initial value to be 0 yieldCountVariable = new Bpl.LocalVariable(iter.tok, new Bpl.TypedIdent(iter.tok, iter.YieldCountVariable.AssignUniqueName(currentDeclaration.IdGenerator), TrType(iter.YieldCountVariable.Type))); yieldCountVariable.TypedIdent.WhereExpr = YieldCountAssumption(iter, etran); // by doing this after setting "yieldCountVariable", the variable can be used by YieldCountAssumption localVariables.Add(yieldCountVariable); - builder.Add(new Bpl.AssumeCmd(iter.tok, Bpl.Expr.Eq(new Bpl.IdentifierExpr(iter.tok, yieldCountVariable), Bpl.Expr.Literal(0)))); + builder.Add(TrAssumeCmd(iter.tok, Bpl.Expr.Eq(new Bpl.IdentifierExpr(iter.tok, yieldCountVariable), Bpl.Expr.Literal(0)))); // add a variable $_OldIterHeap var oih = new Bpl.IdentifierExpr(iter.tok, "$_OldIterHeap", predef.HeapType); Bpl.Expr wh = BplAnd( @@ -2789,7 +2789,7 @@ namespace Microsoft.Dafny { if (dt != null) { var funcID = new Bpl.FunctionCall(new Bpl.IdentifierExpr(inFormal.tok, "$IsA#" + dt.FullSanitizedName, Bpl.Type.Bool)); var f = new Bpl.IdentifierExpr(inFormal.tok, inFormal.AssignUniqueName(m.IdGenerator), TrType(inFormal.Type)); - builder.Add(new Bpl.AssumeCmd(inFormal.tok, new Bpl.NAryExpr(inFormal.tok, funcID, new List { f }))); + builder.Add(TrAssumeCmd(inFormal.tok, new Bpl.NAryExpr(inFormal.tok, funcID, new List { f }))); } } @@ -2891,7 +2891,7 @@ namespace Microsoft.Dafny { foreach (BoilerplateTriple tri in GetTwoStateBoilerplate(m.tok, m.Mod.Expressions, m.IsGhost, etran.Old, etran, etran.Old)) { if (tri.IsFree) { - builder.Add(new Bpl.AssumeCmd(m.tok, tri.Expr)); + builder.Add(TrAssumeCmd(m.tok, tri.Expr)); } } @@ -3092,7 +3092,7 @@ namespace Microsoft.Dafny { //generating class post-conditions foreach (var en in f.Ens) { - builder.Add(new Bpl.AssumeCmd(f.tok, etran.TrExpr(en))); + builder.Add(TrAssumeCmd(f.tok, etran.TrExpr(en))); } //generating assume J.F(ins) == C.F(ins) @@ -3117,7 +3117,7 @@ namespace Microsoft.Dafny { } Bpl.Expr funcExpC = new Bpl.NAryExpr(f.tok, funcIdC, argsC); Bpl.Expr funcExpT = new Bpl.NAryExpr(f.OverriddenFunction.tok, funcIdT, argsT); - builder.Add(new Bpl.AssumeCmd(f.tok, Bpl.Expr.Eq(funcExpC, funcExpT))); + builder.Add(TrAssumeCmd(f.tok, Bpl.Expr.Eq(funcExpC, funcExpT))); //generating trait post-conditions with class variables foreach (var en in f.OverriddenFunction.Ens) @@ -3127,7 +3127,7 @@ namespace Microsoft.Dafny { var reqSplitedE = TrSplitExpr(postcond, etran,false, out splitHappened); foreach (var s in reqSplitedE) { - var assert = new Bpl.AssertCmd(f.tok, s.E); + var assert = TrAssertCmd(f.tok, s.E); assert.ErrorData = "Error: the function must provide an equal or more detailed postcondition than in its parent trait"; builder.Add(assert); } @@ -3143,7 +3143,7 @@ namespace Microsoft.Dafny { { if (tri.IsFree) { - builder.Add(new Bpl.AssumeCmd(f.tok, tri.Expr)); + builder.Add(TrAssumeCmd(f.tok, tri.Expr)); } } } @@ -3196,7 +3196,7 @@ namespace Microsoft.Dafny { foreach (var req in f.OverriddenFunction.Req) { Expression precond = Substitute(req, null, substMap); - builder.Add(new Bpl.AssumeCmd(f.tok, etran.TrExpr(precond))); + builder.Add(TrAssumeCmd(f.tok, etran.TrExpr(precond))); } //generating class pre-conditions foreach (var req in f.Req) @@ -3205,7 +3205,7 @@ namespace Microsoft.Dafny { var reqSplitedE = TrSplitExpr(req, etran,false, out splitHappened); foreach (var s in reqSplitedE) { - var assert = new Bpl.AssertCmd(f.tok, s.E); + var assert = TrAssertCmd(f.tok, s.E); assert.ErrorData = "Error: the function must provide an equal or more permissive precondition than in its parent trait"; builder.Add(assert); } @@ -3295,7 +3295,7 @@ namespace Microsoft.Dafny { { if (tri.IsFree) { - builder.Add(new Bpl.AssumeCmd(m.tok, tri.Expr)); + builder.Add(TrAssumeCmd(m.tok, tri.Expr)); } } } @@ -3305,7 +3305,7 @@ namespace Microsoft.Dafny { //generating class post-conditions foreach (var en in m.Ens) { - builder.Add(new Bpl.AssumeCmd(m.tok, etran.TrExpr(en.E))); + builder.Add(TrAssumeCmd(m.tok, etran.TrExpr(en.E))); } //generating trait post-conditions with class variables foreach (var en in m.OverriddenMethod.Ens) @@ -3315,7 +3315,7 @@ namespace Microsoft.Dafny { var reqSplitedE = TrSplitExpr(postcond, etran,false, out splitHappened); foreach (var s in reqSplitedE) { - var assert = new Bpl.AssertCmd(m.tok, s.E); + var assert = TrAssertCmd(m.tok, s.E); assert.ErrorData = "Error: the method must provide an equal or more detailed postcondition than in its parent trait"; builder.Add(assert); } @@ -3328,7 +3328,7 @@ namespace Microsoft.Dafny { foreach (var req in m.OverriddenMethod.Req) { Expression precond = Substitute(req.E, null, substMap); - builder.Add(new Bpl.AssumeCmd(m.tok, etran.TrExpr(precond))); + builder.Add(TrAssumeCmd(m.tok, etran.TrExpr(precond))); } //generating class pre-conditions foreach (var req in m.Req) @@ -3337,7 +3337,7 @@ namespace Microsoft.Dafny { var reqSplitedE = TrSplitExpr(req.E, etran,false, out splitHappened); foreach (var s in reqSplitedE) { - var assert = new Bpl.AssertCmd(m.tok, s.E); + var assert = TrAssertCmd(m.tok, s.E); assert.ErrorData = "Error: the method must provide an equal or more permissive precondition than in its parent trait"; builder.Add(assert); } @@ -3617,7 +3617,7 @@ namespace Microsoft.Dafny { var col = tok.col + (isEndToken ? tok.val.Length : 0); string description = ErrorReporter.ErrorToString_Internal(additionalInfo == null ? "" : ": ", tok.filename, tok.line, col, additionalInfo ?? ""); QKeyValue kv = new QKeyValue(tok, "captureState", new List() { description }, null); - return new Bpl.AssumeCmd(tok, Bpl.Expr.True, kv); + return TrAssumeCmd(tok, Bpl.Expr.True, kv); } Bpl.Cmd CaptureState(Statement stmt) { Contract.Requires(stmt != null); @@ -4086,7 +4086,7 @@ namespace Microsoft.Dafny { var wh = GetWhereClause(f.tok, funcAppl, f.ResultType, etran); if (wh != null) { - postCheckBuilder.Add(new Bpl.AssumeCmd(f.tok, wh)); + postCheckBuilder.Add(TrAssumeCmd(f.tok, wh)); } } // Now for the ensures clauses @@ -4098,7 +4098,7 @@ namespace Microsoft.Dafny { StmtListBuilder bodyCheckBuilder = new StmtListBuilder(); if (f.Body == null) { // don't fall through to postcondition checks - bodyCheckBuilder.Add(new Bpl.AssumeCmd(f.tok, Bpl.Expr.False)); + bodyCheckBuilder.Add(TrAssumeCmd(f.tok, Bpl.Expr.False)); } else { Bpl.FunctionCall funcID = new Bpl.FunctionCall(new Bpl.IdentifierExpr(f.tok, f.FullSanitizedName, TrType(f.ResultType))); List args = new List(); @@ -4126,7 +4126,7 @@ namespace Microsoft.Dafny { wfo.ProcessSavedReadsChecks(locals, builderInitializationArea, bodyCheckBuilder); } // Combine the two, letting the postcondition be checked on after the "bodyCheckBuilder" branch - postCheckBuilder.Add(new Bpl.AssumeCmd(f.tok, Bpl.Expr.False)); + postCheckBuilder.Add(TrAssumeCmd(f.tok, Bpl.Expr.False)); builder.Add(new Bpl.IfCmd(f.tok, null, postCheckBuilder.Collect(f.tok), null, bodyCheckBuilder.Collect(f.tok))); var s0 = builderInitializationArea.Collect(f.tok); @@ -4241,7 +4241,7 @@ namespace Microsoft.Dafny { Type t = mc.Ctor.Formals[i].Type; Bpl.Expr wh = GetWhereClause(p.tok, new Bpl.IdentifierExpr(p.tok, local), p.Type, etran); if (wh != null) { - localTypeAssumptions.Add(new Bpl.AssumeCmd(p.tok, wh)); + localTypeAssumptions.Add(TrAssumeCmd(p.tok, wh)); } args.Add(CondApplyBox(mc.tok, new Bpl.IdentifierExpr(p.tok, local), cce.NonNull(p.Type), t)); } @@ -4555,7 +4555,7 @@ namespace Microsoft.Dafny { var correctConstructor = FunctionCall(pat.tok, ctor.QueryField.FullSanitizedName, Bpl.Type.Bool, rhs); if (ctor.EnclosingDatatype.Ctors.Count == 1) { // There is only one constructor, so the value must have been constructed by it; might as well assume that here. - builder.Add(new Bpl.AssumeCmd(pat.tok, correctConstructor)); + builder.Add(TrAssumeCmd(pat.tok, correctConstructor)); } else { builder.Add(Assert(pat.tok, correctConstructor, string.Format("RHS is not certain to look like the pattern '{0}'", ctor.Name))); } @@ -4691,7 +4691,7 @@ namespace Microsoft.Dafny { kv = new Bpl.QKeyValue(expr.tok, "subsumption", args, null); } CheckWellformed(expr, new WFOptions(kv), locals, builder, etran); - builder.Add(new Bpl.AssumeCmd(expr.tok, CanCallAssumption(expr, etran))); + builder.Add(TrAssumeCmd(expr.tok, CanCallAssumption(expr, etran))); } void CheckWellformedAndAssume(Expression expr, WFOptions options, List locals, Bpl.StmtListBuilder builder, ExpressionTranslator etran) { @@ -4720,7 +4720,7 @@ namespace Microsoft.Dafny { CheckWellformedAndAssume(e.E0, options, locals, bAnd, etran); CheckWellformedAndAssume(e.E1, options, locals, bAnd, etran); var bImp = new Bpl.StmtListBuilder(); - bImp.Add(new Bpl.AssumeCmd(expr.tok, etran.TrExpr(expr))); + bImp.Add(TrAssumeCmd(expr.tok, etran.TrExpr(expr))); builder.Add(new Bpl.IfCmd(expr.tok, null, bAnd.Collect(expr.tok), null, bImp.Collect(expr.tok))); } return; @@ -4734,7 +4734,7 @@ namespace Microsoft.Dafny { var b0 = new Bpl.StmtListBuilder(); CheckWellformedAndAssume(e.E0, options, locals, b0, etran); var b1 = new Bpl.StmtListBuilder(); - b1.Add(new Bpl.AssumeCmd(expr.tok, Bpl.Expr.Not(etran.TrExpr(e.E0)))); + b1.Add(TrAssumeCmd(expr.tok, Bpl.Expr.Not(etran.TrExpr(e.E0)))); CheckWellformedAndAssume(e.E1, options, locals, b1, etran); builder.Add(new Bpl.IfCmd(expr.tok, null, b0.Collect(expr.tok), null, b1.Collect(expr.tok))); } @@ -4755,7 +4755,7 @@ namespace Microsoft.Dafny { CheckWellformedAndAssume(e.Test, options, locals, bThn, etran); CheckWellformedAndAssume(e.Thn, options, locals, bThn, etran); var bEls = new Bpl.StmtListBuilder(); - bEls.Add(new Bpl.AssumeCmd(expr.tok, Bpl.Expr.Not(etran.TrExpr(e.Test)))); + bEls.Add(TrAssumeCmd(expr.tok, Bpl.Expr.Not(etran.TrExpr(e.Test)))); CheckWellformedAndAssume(e.Els, options, locals, bEls, etran); builder.Add(new Bpl.IfCmd(expr.tok, null, bThn.Collect(expr.tok), null, bEls.Collect(expr.tok))); return; @@ -4781,7 +4781,7 @@ namespace Microsoft.Dafny { if (e is ForallExpr) { // Although we do the WF check on the original quantifier, we assume the split one. // This ensures that cases like forall x :: x != null && f(x.a) do not fail to verify. - builder.Add(new Bpl.AssumeCmd(expr.tok, etran.TrExpr(e.SplitQuantifierExpression ?? e))); + builder.Add(TrAssumeCmd(expr.tok, etran.TrExpr(e.SplitQuantifierExpression ?? e))); } return; } @@ -4793,7 +4793,7 @@ namespace Microsoft.Dafny { // the splitting and proceeded to decompose the full quantifier as // normal. This call to TrExpr, on the other hand, will indeed use the // split quantifier. - builder.Add(new Bpl.AssumeCmd(expr.tok, etran.TrExpr(expr))); + builder.Add(TrAssumeCmd(expr.tok, etran.TrExpr(expr))); } /// @@ -4852,7 +4852,7 @@ namespace Microsoft.Dafny { var correctConstructor = FunctionCall(e.tok, dtor.EnclosingCtor.QueryField.FullSanitizedName, Bpl.Type.Bool, etran.TrExpr(e.Obj)); if (dtor.EnclosingCtor.EnclosingDatatype.Ctors.Count == 1) { // There is only one constructor, so the value must be been constructed by it; might as well assume that here. - builder.Add(new Bpl.AssumeCmd(expr.tok, correctConstructor)); + builder.Add(TrAssumeCmd(expr.tok, correctConstructor)); } else { builder.Add(Assert(expr.tok, correctConstructor, string.Format("destructor '{0}' can only be applied to datatype values constructed by '{1}'", dtor.Name, dtor.EnclosingCtor.Name))); @@ -5048,7 +5048,7 @@ namespace Microsoft.Dafny { if (!etran.UsesOldHeap) { // the argument can't be assumed to be allocated for the old heap builder.Add(new Bpl.CommentCmd("assume allocatedness for argument to function")); - builder.Add(new Bpl.AssumeCmd(e.Args[i].tok, MkIsAlloc(lhs, et, etran.HeapExpr))); + builder.Add(TrAssumeCmd(e.Args[i].tok, MkIsAlloc(lhs, et, etran.HeapExpr))); } } // Check that every parameter is available in the state in which the function is invoked; this means checking that it has @@ -5087,7 +5087,7 @@ namespace Microsoft.Dafny { } if (options.AssertKv == null) { // assume only if no given assert attribute is given - builder.Add(new Bpl.AssumeCmd(expr.tok, etran.TrExpr(precond))); + builder.Add(TrAssumeCmd(expr.tok, etran.TrExpr(precond))); } } if (options.DoReadsChecks) { @@ -5148,7 +5148,7 @@ namespace Microsoft.Dafny { Bpl.IdentifierExpr canCallFuncID = new Bpl.IdentifierExpr(expr.tok, e.Function.FullSanitizedName + "#canCall", Bpl.Type.Bool); List args = etran.FunctionInvocationArguments(e, null); Bpl.Expr canCallFuncAppl = new Bpl.NAryExpr(expr.tok, new Bpl.FunctionCall(canCallFuncID), args); - builder.Add(new Bpl.AssumeCmd(expr.tok, allowance == null ? canCallFuncAppl : Bpl.Expr.Or(allowance, canCallFuncAppl))); + builder.Add(TrAssumeCmd(expr.tok, allowance == null ? canCallFuncAppl : Bpl.Expr.Or(allowance, canCallFuncAppl))); } else if (expr is DatatypeValue) { DatatypeValue dtv = (DatatypeValue)expr; @@ -5245,7 +5245,7 @@ namespace Microsoft.Dafny { var rIe = new Bpl.IdentifierExpr(pat.tok, r); CheckWellformedWithResult(e.RHSs[i], options, rIe, pat.Expr.Type, locals, builder, etran); CheckCasePatternShape(pat, rIe, builder); - builder.Add(new Bpl.AssumeCmd(pat.tok, Bpl.Expr.Eq(etran.TrExpr(Substitute(pat.Expr, null, substMap)), rIe))); + builder.Add(TrAssumeCmd(pat.tok, Bpl.Expr.Eq(etran.TrExpr(Substitute(pat.Expr, null, substMap)), rIe))); } CheckWellformedWithResult(Substitute(e.Body, null, substMap), options, result, resultType, locals, builder, etran); result = null; @@ -5276,7 +5276,7 @@ namespace Microsoft.Dafny { w = BplOr(body, w); } builder.Add(Assert(e.tok, w, "cannot establish the existence of LHS values that satisfy the such-that predicate")); - builder.Add(new Bpl.AssumeCmd(e.tok, etran.TrExpr(rhs))); + builder.Add(TrAssumeCmd(e.tok, etran.TrExpr(rhs))); var letBody = Substitute(e.Body, null, substMap); CheckWellformed(letBody, options, locals, builder, etran); if (e.Constraint_Bounds != null) { @@ -5284,9 +5284,9 @@ namespace Microsoft.Dafny { var substMap_prime = SetupBoundVarsAsLocals(lhsVars, builder, locals, etran); var rhs_prime = Substitute(e.RHSs[0], null, substMap_prime); var letBody_prime = Substitute(e.Body, null, substMap_prime); - builder.Add(new Bpl.AssumeCmd(e.tok, CanCallAssumption(rhs_prime, etran))); - builder.Add(new Bpl.AssumeCmd(e.tok, etran.TrExpr(rhs_prime))); - builder.Add(new Bpl.AssumeCmd(e.tok, CanCallAssumption(letBody_prime, etran))); + builder.Add(TrAssumeCmd(e.tok, CanCallAssumption(rhs_prime, etran))); + builder.Add(TrAssumeCmd(e.tok, etran.TrExpr(rhs_prime))); + builder.Add(TrAssumeCmd(e.tok, CanCallAssumption(letBody_prime, etran))); var eq = Expression.CreateEq(letBody, letBody_prime, e.Body.Type); builder.Add(Assert(e.tok, etran.TrExpr(eq), "to be compilable, the value of a let-such-that expression must be uniquely determined")); } @@ -5295,11 +5295,11 @@ namespace Microsoft.Dafny { Contract.Assert(resultType != null); var bResult = etran.TrExpr(letBody); CheckSubrange(letBody.tok, bResult, resultType, builder); - builder.Add(new Bpl.AssumeCmd(letBody.tok, Bpl.Expr.Eq(result, bResult))); - builder.Add(new Bpl.AssumeCmd(letBody.tok, CanCallAssumption(letBody, etran))); + builder.Add(TrAssumeCmd(letBody.tok, Bpl.Expr.Eq(result, bResult))); + builder.Add(TrAssumeCmd(letBody.tok, CanCallAssumption(letBody, etran))); builder.Add(new CommentCmd("CheckWellformedWithResult: Let expression")); - builder.Add(new Bpl.AssumeCmd(letBody.tok, MkIsAlloc(result, resultType, etran.HeapExpr))); - builder.Add(new Bpl.AssumeCmd(letBody.tok, MkIs(result, resultType))); + builder.Add(TrAssumeCmd(letBody.tok, MkIsAlloc(result, resultType, etran.HeapExpr))); + builder.Add(TrAssumeCmd(letBody.tok, MkIs(result, resultType))); result = null; } } @@ -5406,7 +5406,7 @@ namespace Microsoft.Dafny { Bpl.Expr src = etran.TrExpr(me.Source); Bpl.IfCmd ifCmd = null; StmtListBuilder elsBldr = new StmtListBuilder(); - elsBldr.Add(new Bpl.AssumeCmd(expr.tok, Bpl.Expr.False)); + elsBldr.Add(TrAssumeCmd(expr.tok, Bpl.Expr.False)); StmtList els = elsBldr.Collect(expr.tok); foreach (var missingCtor in me.MissingCases) { // havoc all bound variables @@ -5460,11 +5460,11 @@ namespace Microsoft.Dafny { Contract.Assert(resultType != null); var bResult = etran.TrExpr(expr); CheckSubrange(expr.tok, bResult, resultType, builder); - builder.Add(new Bpl.AssumeCmd(expr.tok, Bpl.Expr.Eq(result, bResult))); - builder.Add(new Bpl.AssumeCmd(expr.tok, CanCallAssumption(expr, etran))); + builder.Add(TrAssumeCmd(expr.tok, Bpl.Expr.Eq(result, bResult))); + builder.Add(TrAssumeCmd(expr.tok, CanCallAssumption(expr, etran))); builder.Add(new CommentCmd("CheckWellformedWithResult: any expression")); - builder.Add(new Bpl.AssumeCmd(expr.tok, MkIsAlloc(result, resultType, etran.HeapExpr))); - builder.Add(new Bpl.AssumeCmd(expr.tok, MkIs(result, resultType))); + builder.Add(TrAssumeCmd(expr.tok, MkIsAlloc(result, resultType, etran.HeapExpr))); + builder.Add(TrAssumeCmd(expr.tok, MkIs(result, resultType))); } } @@ -6499,7 +6499,7 @@ namespace Microsoft.Dafny { foreach (var p in m.Ens) { bool splitHappened; // we actually don't care foreach (var s in TrSplitExpr(p.E, etran, true, out splitHappened)) { - var assert = new Bpl.AssertCmd(method.tok, s.E, ErrorMessageAttribute(s.E.tok, "This is the postcondition that may not hold.")); + var assert = TrAssertCmd(method.tok, s.E, ErrorMessageAttribute(s.E.tok, "This is the postcondition that may not hold.")); assert.ErrorData = "Error: A postcondition of the refined method may not hold."; builder.Add(assert); } @@ -6984,9 +6984,9 @@ namespace Microsoft.Dafny { if (assertAsAssume || (RefinementToken.IsInherited(refinesToken, currentModule) && (codeContext == null || !codeContext.MustReverify))) { // produce an assume instead - return new Bpl.AssumeCmd(tok, condition, kv); + return TrAssumeCmd(tok, condition, kv); } else { - var cmd = new Bpl.AssertCmd(ForceCheckToken.Unwrap(tok), condition, kv); + var cmd = TrAssertCmd(ForceCheckToken.Unwrap(tok), condition, kv); cmd.ErrorData = "Error: " + errorMessage; return cmd; } @@ -7003,12 +7003,12 @@ namespace Microsoft.Dafny { if (RefinementToken.IsInherited(refinesTok, currentModule) && (codeContext == null || !codeContext.MustReverify)) { // produce a "skip" instead - return new Bpl.AssumeCmd(tok, Bpl.Expr.True, kv); + return TrAssumeCmd(tok, Bpl.Expr.True, kv); } else { tok = ForceCheckToken.Unwrap(tok); var args = new List(); args.Add(Bpl.Expr.Literal(0)); - Bpl.AssertCmd cmd = new Bpl.AssertCmd(tok, condition, new Bpl.QKeyValue(tok, "subsumption", args, kv)); + Bpl.AssertCmd cmd = TrAssertCmd(tok, condition, new Bpl.QKeyValue(tok, "subsumption", args, kv)); cmd.ErrorData = "Error: " + errorMessage; return cmd; } @@ -7022,9 +7022,9 @@ namespace Microsoft.Dafny { if (assertAsAssume || (RefinementToken.IsInherited(tok, currentModule) && (codeContext == null || !codeContext.MustReverify))) { // produce an assume instead - return new Bpl.AssumeCmd(tok, condition, kv); + return TrAssumeCmd(tok, condition, kv); } else { - var cmd = new Bpl.AssertCmd(ForceCheckToken.Unwrap(tok), condition, kv); + var cmd = TrAssertCmd(ForceCheckToken.Unwrap(tok), condition, kv); cmd.ErrorData = "Error: " + errorMessage; return cmd; } @@ -7097,13 +7097,13 @@ namespace Microsoft.Dafny { builder.Add(AssertNS(tok, split.E, "assertion violation", stmt.Tok, etran.TrAttributes(stmt.Attributes, null))); // attributes go on every split } } - builder.Add(new Bpl.AssumeCmd(stmt.Tok, etran.TrExpr(s.Expr))); + builder.Add(TrAssumeCmd(stmt.Tok, etran.TrExpr(s.Expr))); } } else if (stmt is AssumeStmt) { AddComment(builder, stmt, "assume statement"); AssumeStmt s = (AssumeStmt)stmt; TrStmt_CheckWellformed(s.Expr, builder, locals, etran, false); - builder.Add(new Bpl.AssumeCmd(stmt.Tok, etran.TrExpr(s.Expr), etran.TrAttributes(stmt.Attributes, null))); + builder.Add(TrAssumeCmd(stmt.Tok, etran.TrExpr(s.Expr), etran.TrAttributes(stmt.Attributes, null))); } this.fuelContext = FuelSetting.PopFuelContext(); } else if (stmt is PrintStmt) { @@ -7161,7 +7161,7 @@ namespace Microsoft.Dafny { var yc = new Bpl.IdentifierExpr(s.Tok, yieldCountVariable); var incYieldCount = Bpl.Cmd.SimpleAssign(s.Tok, yc, Bpl.Expr.Binary(s.Tok, Bpl.BinaryOperator.Opcode.Add, yc, Bpl.Expr.Literal(1))); builder.Add(incYieldCount); - builder.Add(new Bpl.AssumeCmd(s.Tok, YieldCountAssumption(iter, etran))); + builder.Add(TrAssumeCmd(s.Tok, YieldCountAssumption(iter, etran))); // assume $IsGoodHeap($Heap); builder.Add(AssumeGoodHeap(s.Tok, etran)); // assert YieldEnsures[subst]; // where 'subst' replaces "old(E)" with "E" being evaluated in $_OldIterHeap @@ -7180,7 +7180,7 @@ namespace Microsoft.Dafny { builder.Add(AssertNS(yieldToken, split.E, "possible violation of yield-ensures condition", stmt.Tok, null)); } } - builder.Add(new Bpl.AssumeCmd(stmt.Tok, yeEtran.TrExpr(p.E))); + builder.Add(TrAssumeCmd(stmt.Tok, yeEtran.TrExpr(p.E))); } } YieldHavoc(iter.tok, iter, builder, etran); @@ -7245,7 +7245,7 @@ namespace Microsoft.Dafny { builder.Add(Assert(s.Tok, w, "cannot establish the existence of LHS values that satisfy the such-that predicate")); } // End by doing the assume - builder.Add(new Bpl.AssumeCmd(s.Tok, etran.TrExpr(s.Expr))); + builder.Add(TrAssumeCmd(s.Tok, etran.TrExpr(s.Expr))); builder.Add(CaptureState(s)); // just do one capture state--here, at the very end (that is, don't do one before the assume) } else if (stmt is UpdateStmt) { @@ -7320,7 +7320,7 @@ namespace Microsoft.Dafny { Bpl.IfCmd elsIf = null; b = new Bpl.StmtListBuilder(); if (s.IsExistentialGuard) { - b.Add(new Bpl.AssumeCmd(guard.tok, Bpl.Expr.Not(etran.TrExpr(guard)))); + b.Add(TrAssumeCmd(guard.tok, Bpl.Expr.Not(etran.TrExpr(guard)))); } if (s.Els == null) { els = b.Collect(s.Tok); @@ -7383,11 +7383,11 @@ namespace Microsoft.Dafny { // havoc $Heap; builder.Add(new Bpl.HavocCmd(s.Tok, new List { (Bpl.IdentifierExpr/*TODO: this cast is rather dubious*/)etran.HeapExpr })); // assume $HeapSucc(preModifyHeap, $Heap); OR $HeapSuccGhost - builder.Add(new Bpl.AssumeCmd(s.Tok, HeapSucc(preModifyHeap, etran.HeapExpr, s.IsGhost))); + builder.Add(TrAssumeCmd(s.Tok, HeapSucc(preModifyHeap, etran.HeapExpr, s.IsGhost))); // assume nothing outside the frame was changed var etranPreLoop = new ExpressionTranslator(this, predef, preModifyHeap); var updatedFrameEtran = new ExpressionTranslator(etran, modifyFrameName); - builder.Add(new Bpl.AssumeCmd(s.Tok, FrameConditionUsingDefinedFrame(s.Tok, etranPreLoop, etran, updatedFrameEtran))); + builder.Add(TrAssumeCmd(s.Tok, FrameConditionUsingDefinedFrame(s.Tok, etranPreLoop, etran, updatedFrameEtran))); } else { // do the body, but with preModifyHeapVar as the governing frame var updatedFrameEtran = new ExpressionTranslator(etran, modifyFrameName); @@ -7486,7 +7486,7 @@ namespace Microsoft.Dafny { if (s.Steps[i] is BinaryExpr && (((BinaryExpr)s.Steps[i]).ResolvedOp == BinaryExpr.ResolvedOpcode.Imp)) { // assume line: AddComment(b, stmt, "assume lhs"); - b.Add(new Bpl.AssumeCmd(s.Tok, etran.TrExpr(CalcStmt.Lhs(s.Steps[i])))); + b.Add(TrAssumeCmd(s.Tok, etran.TrExpr(CalcStmt.Lhs(s.Steps[i])))); } // hint: AddComment(b, stmt, "Hint" + i.ToString()); @@ -7514,7 +7514,7 @@ namespace Microsoft.Dafny { } } } - b.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + b.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); ifCmd = new Bpl.IfCmd(s.Tok, null, b.Collect(s.Tok), ifCmd, null); CurrentIdGenerator.Pop(); } @@ -7523,12 +7523,12 @@ namespace Microsoft.Dafny { AddComment(b, stmt, "assert wf[initial]"); Contract.Assert(s.Result != null); // established by the resolver TrStmt_CheckWellformed(CalcStmt.Lhs(s.Result), b, locals, etran, false); - b.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + b.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); ifCmd = new Bpl.IfCmd(s.Tok, null, b.Collect(s.Tok), ifCmd, null); builder.Add(ifCmd); // assume result: if (s.Steps.Count > 1) { - builder.Add(new Bpl.AssumeCmd(s.Tok, etran.TrExpr(s.Result))); + builder.Add(TrAssumeCmd(s.Tok, etran.TrExpr(s.Result))); } } CurrentIdGenerator.Pop(); @@ -7539,7 +7539,7 @@ namespace Microsoft.Dafny { Bpl.Expr source = etran.TrExpr(s.Source); var b = new Bpl.StmtListBuilder(); - b.Add(new Bpl.AssumeCmd(stmt.Tok, Bpl.Expr.False)); + b.Add(TrAssumeCmd(stmt.Tok, Bpl.Expr.False)); Bpl.StmtList els = b.Collect(stmt.Tok); Bpl.IfCmd ifCmd = null; foreach (var missingCtor in s.MissingCases) { @@ -7617,7 +7617,7 @@ namespace Microsoft.Dafny { builder.Add(new Bpl.HavocCmd(bv.Tok, new List { bIe })); Bpl.Expr wh = GetWhereClause(bv.Tok, bIe, bv.Type, etran); if (wh != null) { - builder.Add(new Bpl.AssumeCmd(bv.Tok, wh)); + builder.Add(TrAssumeCmd(bv.Tok, wh)); } } Contract.Assert(s.LHSs.Count == s.RHSs.Count); // checked by resolution @@ -7632,7 +7632,7 @@ namespace Microsoft.Dafny { TrStmt_CheckWellformed(s.RHSs[i], builder, locals, etran, false); CheckWellformedWithResult(s.RHSs[i], new WFOptions(null, false, false), rIe, pat.Expr.Type, locals, builder, etran); CheckCasePatternShape(pat, rIe, builder); - builder.Add(new Bpl.AssumeCmd(pat.tok, Bpl.Expr.Eq(etran.TrExpr(pat.Expr), rIe))); + builder.Add(TrAssumeCmd(pat.tok, Bpl.Expr.Eq(etran.TrExpr(pat.Expr), rIe))); } } else { Contract.Assert(false); throw new cce.UnreachableException(); // unexpected statement @@ -7656,7 +7656,7 @@ namespace Microsoft.Dafny { iesForHavoc.Add(new Bpl.IdentifierExpr(local.tok, local)); } builderOutsideIfConstruct.Add(new Bpl.HavocCmd(exists.tok, iesForHavoc)); - builder.Add(new Bpl.AssumeCmd(exists.tok, etran.TrExpr(exists.Term))); + builder.Add(TrAssumeCmd(exists.tok, etran.TrExpr(exists.Term))); } void TrStmtList(List stmts, Bpl.StmtListBuilder builder, List locals, ExpressionTranslator etran) { @@ -7738,7 +7738,7 @@ namespace Microsoft.Dafny { new List())); // assume YieldRequires; foreach (var p in iter.YieldRequires) { - builder.Add(new Bpl.AssumeCmd(tok, etran.TrExpr(p.E))); + builder.Add(TrAssumeCmd(tok, etran.TrExpr(p.E))); } // $_OldIterHeap := Heap; builder.Add(Bpl.Cmd.SimpleAssign(tok, new Bpl.IdentifierExpr(tok, "$_OldIterHeap", predef.HeapType), etran.HeapExpr)); @@ -7953,7 +7953,7 @@ namespace Microsoft.Dafny { var substMap = SetupBoundVarsAsLocals(s.BoundVars, definedness, locals, etran); Expression range = Substitute(s.Range, null, substMap); TrStmt_CheckWellformed(range, definedness, locals, etran, false); - definedness.Add(new Bpl.AssumeCmd(s.Range.tok, etran.TrExpr(range))); + definedness.Add(TrAssumeCmd(s.Range.tok, etran.TrExpr(range))); var lhs = Substitute(s0.Lhs.Resolved, null, substMap); TrStmt_CheckWellformed(lhs, definedness, locals, etran, false); @@ -7989,7 +7989,7 @@ namespace Microsoft.Dafny { var substMapPrime = SetupBoundVarsAsLocals(s.BoundVars, definedness, locals, etran); var lhsPrime = Substitute(s0.Lhs.Resolved, null, substMapPrime); range = Substitute(s.Range, null, substMapPrime); - definedness.Add(new Bpl.AssumeCmd(range.tok, etran.TrExpr(range))); + definedness.Add(TrAssumeCmd(range.tok, etran.TrExpr(range))); // assume !(x == x' && y == y'); Bpl.Expr eqs = Bpl.Expr.True; foreach (var bv in s.BoundVars) { @@ -7998,7 +7998,7 @@ namespace Microsoft.Dafny { // TODO: in the following line, is the term equality okay, or does it have to include things like Set#Equal sometimes too? eqs = BplAnd(eqs, Bpl.Expr.Eq(etran.TrExpr(x), etran.TrExpr(xPrime))); } - definedness.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.Not(eqs))); + definedness.Add(TrAssumeCmd(s.Tok, Bpl.Expr.Not(eqs))); Bpl.Expr objPrime, FPrime; GetObjFieldDetails(lhsPrime, etran, out objPrime, out FPrime); var Rhs = ((ExprRhs)s0.Rhs).Expr; @@ -8011,7 +8011,7 @@ namespace Microsoft.Dafny { "left-hand sides for different forall-statement bound variables may refer to the same location")); } - definedness.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + definedness.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); // Now for the translation of the update itself @@ -8019,7 +8019,7 @@ namespace Microsoft.Dafny { var prevEtran = new ExpressionTranslator(this, predef, prevHeap); updater.Add(Bpl.Cmd.SimpleAssign(s.Tok, prevHeap, etran.HeapExpr)); updater.Add(new Bpl.HavocCmd(s.Tok, new List { (Bpl.IdentifierExpr/*TODO: this cast is rather dubious*/)etran.HeapExpr })); - updater.Add(new Bpl.AssumeCmd(s.Tok, HeapSucc(prevHeap, etran.HeapExpr))); + updater.Add(TrAssumeCmd(s.Tok, HeapSucc(prevHeap, etran.HeapExpr))); // Here comes: // assume (forall o: ref, f: Field alpha :: @@ -8046,7 +8046,7 @@ namespace Microsoft.Dafny { Bpl.Expr body = Bpl.Expr.Or(Bpl.Expr.Eq(heapOF, oldHeapOF), xObjField); var tr = new Trigger(s.Tok, true, new List() { heapOF }); Bpl.Expr qq = new Bpl.ForallExpr(s.Tok, new List { alpha }, new List { oVar, fVar }, null, tr, body); - updater.Add(new Bpl.AssumeCmd(s.Tok, qq)); + updater.Add(TrAssumeCmd(s.Tok, qq)); if (s.ForallExpressions != null) { foreach (ForallExpr expr in s.ForallExpressions) { @@ -8055,7 +8055,7 @@ namespace Microsoft.Dafny { var e0 = Substitute(((BinaryExpr)term).E0.Resolved, null, substMap); var e1 = Substitute(((BinaryExpr)term).E1, null, substMap); qq = TrForall_NewValueAssumption(expr.tok, expr.BoundVars, expr.Range, e0, e1, expr.Attributes, etran, prevEtran); - updater.Add(new Bpl.AssumeCmd(s.Tok, qq)); + updater.Add(TrAssumeCmd(s.Tok, qq)); } } } @@ -8158,18 +8158,18 @@ namespace Microsoft.Dafny { havocIds.Add(new Bpl.IdentifierExpr(tok, bv)); } definedness.Add(new Bpl.HavocCmd(tok, havocIds)); - definedness.Add(new Bpl.AssumeCmd(tok, ante)); + definedness.Add(TrAssumeCmd(tok, ante)); } TrStmt_CheckWellformed(range, definedness, locals, etran, false); - definedness.Add(new Bpl.AssumeCmd(range.tok, etran.TrExpr(range))); + definedness.Add(TrAssumeCmd(range.tok, etran.TrExpr(range))); if (additionalRange != null) { var es = additionalRange(new Dictionary(), etran); - definedness.Add(new Bpl.AssumeCmd(es.tok, es)); + definedness.Add(TrAssumeCmd(es.tok, es)); } TrStmt(s0, definedness, locals, etran); - definedness.Add(new Bpl.AssumeCmd(tok, Bpl.Expr.False)); + definedness.Add(TrAssumeCmd(tok, Bpl.Expr.False)); } // Now for the other branch, where the postcondition of the call is exported. @@ -8186,7 +8186,7 @@ namespace Microsoft.Dafny { Contract.Assert(s0.Method.Mod.Expressions.Count == 0); // checked by the resolver foreach (BoilerplateTriple tri in GetTwoStateBoilerplate(tok, new List(), s0.IsGhost, initEtran, etran, initEtran)) { if (tri.IsFree) { - exporter.Add(new Bpl.AssumeCmd(tok, tri.Expr)); + exporter.Add(TrAssumeCmd(tok, tri.Expr)); } } if (codeContext is IteratorDecl) { @@ -8214,7 +8214,7 @@ namespace Microsoft.Dafny { var receiver = new BoogieWrapper(initEtran.TrExpr(Substitute(s0.Receiver, null, substMap, s0.MethodSelect.TypeArgumentSubstitutions())), s0.Receiver.Type); var p = Substitute(e, receiver, argsSubstMap, s0.MethodSelect.TypeArgumentSubstitutions()); // substitute the call's actuals for the method's formals qq = callEtran.TrExpr(p, initEtran); - exporter.Add(new Bpl.AssumeCmd(tok, qq)); + exporter.Add(TrAssumeCmd(tok, qq)); } } else { var bvars = new List(); @@ -8242,7 +8242,7 @@ namespace Microsoft.Dafny { // TRIG (forall $ih#pat0#0: Seq Box, $ih#a0#0: Seq Box :: $Is($ih#pat0#0, TSeq(_module._default.Same0$T)) && $IsAlloc($ih#pat0#0, TSeq(_module._default.Same0$T), $initHeapForallStmt#0) && $Is($ih#a0#0, TSeq(_module._default.Same0$T)) && $IsAlloc($ih#a0#0, TSeq(_module._default.Same0$T), $initHeapForallStmt#0) && Seq#Length($ih#pat0#0) <= Seq#Length($ih#a0#0) && Seq#SameUntil($ih#pat0#0, $ih#a0#0, Seq#Length($ih#pat0#0)) && (Seq#Rank($ih#pat0#0) < Seq#Rank(pat#0) || (Seq#Rank($ih#pat0#0) == Seq#Rank(pat#0) && Seq#Rank($ih#a0#0) < Seq#Rank(a#0))) ==> _module.__default.IsRelaxedPrefixAux(_module._default.Same0$T, $LS($LZ), $Heap, $ih#pat0#0, $ih#a0#0, LitInt(1)))' // TRIG (forall $ih#m0#0: DatatypeType, $ih#n0#0: DatatypeType :: $Is($ih#m0#0, Tclass._module.Nat()) && $IsAlloc($ih#m0#0, Tclass._module.Nat(), $initHeapForallStmt#0) && $Is($ih#n0#0, Tclass._module.Nat()) && $IsAlloc($ih#n0#0, Tclass._module.Nat(), $initHeapForallStmt#0) && Lit(true) && (DtRank($ih#m0#0) < DtRank(m#0) || (DtRank($ih#m0#0) == DtRank(m#0) && DtRank($ih#n0#0) < DtRank(n#0))) ==> _module.__default.mult($LS($LZ), $Heap, $ih#m0#0, _module.__default.plus($LS($LZ), $Heap, $ih#n0#0, $ih#n0#0)) == _module.__default.mult($LS($LZ), $Heap, _module.__default.plus($LS($LZ), $Heap, $ih#m0#0, $ih#m0#0), $ih#n0#0)) qq = new Bpl.ForallExpr(tok, bvars, Bpl.Expr.Imp(ante, post)); // SMART_TRIGGER - exporter.Add(new Bpl.AssumeCmd(tok, qq)); + exporter.Add(TrAssumeCmd(tok, qq)); } } } @@ -8309,10 +8309,10 @@ namespace Microsoft.Dafny { havocIds.Add(new Bpl.IdentifierExpr(s.Tok, bv)); } definedness.Add(new Bpl.HavocCmd(s.Tok, havocIds)); - definedness.Add(new Bpl.AssumeCmd(s.Tok, typeAntecedent)); + definedness.Add(TrAssumeCmd(s.Tok, typeAntecedent)); } TrStmt_CheckWellformed(s.Range, definedness, locals, etran, false); - definedness.Add(new Bpl.AssumeCmd(s.Range.tok, etran.TrExpr(s.Range))); + definedness.Add(TrAssumeCmd(s.Range.tok, etran.TrExpr(s.Range))); if (s.Body != null) { TrStmt(s.Body, definedness, locals, etran); @@ -8330,7 +8330,7 @@ namespace Microsoft.Dafny { } } - definedness.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + definedness.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); // Now for the other branch, where the ensures clauses are exported. @@ -8344,7 +8344,7 @@ namespace Microsoft.Dafny { exporter.Add(new Bpl.HavocCmd(s.Tok, new List { (Bpl.IdentifierExpr/*TODO: this cast is rather dubious*/)etran.HeapExpr, etran.Tick() })); foreach (BoilerplateTriple tri in GetTwoStateBoilerplate(s.Tok, new List(), s.IsGhost, initEtran, etran, initEtran)) { if (tri.IsFree) { - exporter.Add(new Bpl.AssumeCmd(s.Tok, tri.Expr)); + exporter.Add(TrAssumeCmd(s.Tok, tri.Expr)); } } @@ -8352,9 +8352,9 @@ namespace Microsoft.Dafny { var p = Substitute(s.ForallExpressions[0], null, substMap); Bpl.Expr qq = etran.TrExpr(p, initEtran); if (s.BoundVars.Count != 0) { - exporter.Add(new Bpl.AssumeCmd(s.Tok, qq)); + exporter.Add(TrAssumeCmd(s.Tok, qq)); } else { - exporter.Add(new Bpl.AssumeCmd(s.Tok, ((Bpl.ForallExpr)qq).Body)); + exporter.Add(TrAssumeCmd(s.Tok, ((Bpl.ForallExpr)qq).Body)); } } @@ -8379,6 +8379,15 @@ namespace Microsoft.Dafny { return description; } + Bpl.AssumeCmd TrAssumeCmd(IToken tok, Bpl.Expr expr, Bpl.QKeyValue attributes = null) { + var lit = RemoveLit(expr); + return attributes == null ? new Bpl.AssumeCmd(tok, lit) : new Bpl.AssumeCmd(tok, lit, attributes); + } + + Bpl.AssertCmd TrAssertCmd(IToken tok, Bpl.Expr expr, Bpl.QKeyValue attributes = null) { + var lit = RemoveLit(expr); + return attributes == null ? new Bpl.AssertCmd(tok, lit) : new Bpl.AssertCmd(tok, lit, attributes); + } delegate void BodyTranslator(Bpl.StmtListBuilder builder, ExpressionTranslator etran); @@ -8427,11 +8436,11 @@ namespace Microsoft.Dafny { Bpl.StmtListBuilder invDefinednessBuilder = new Bpl.StmtListBuilder(); foreach (MaybeFreeExpression loopInv in s.Invariants) { TrStmt_CheckWellformed(loopInv.E, invDefinednessBuilder, locals, etran, false); - invDefinednessBuilder.Add(new Bpl.AssumeCmd(loopInv.E.tok, etran.TrExpr(loopInv.E))); + invDefinednessBuilder.Add(TrAssumeCmd(loopInv.E.tok, etran.TrExpr(loopInv.E))); - invariants.Add(new Bpl.AssumeCmd(loopInv.E.tok, Bpl.Expr.Imp(w, CanCallAssumption(loopInv.E, etran)))); + invariants.Add(TrAssumeCmd(loopInv.E.tok, Bpl.Expr.Imp(w, CanCallAssumption(loopInv.E, etran)))); if (loopInv.IsFree && !DafnyOptions.O.DisallowSoundnessCheating) { - invariants.Add(new Bpl.AssumeCmd(loopInv.E.tok, Bpl.Expr.Imp(w, etran.TrExpr(loopInv.E)))); + invariants.Add(TrAssumeCmd(loopInv.E.tok, Bpl.Expr.Imp(w, etran.TrExpr(loopInv.E)))); } else { bool splitHappened; var ss = TrSplitExpr(loopInv.E, etran, false, out splitHappened); @@ -8444,7 +8453,7 @@ namespace Microsoft.Dafny { if (split.IsChecked) { invariants.Add(Assert(split.E.tok, wInv, "loop invariant violation")); // TODO: it would be fine to have this use {:subsumption 0} } else { - invariants.Add(new Bpl.AssumeCmd(split.E.tok, wInv)); + invariants.Add(TrAssumeCmd(split.E.tok, wInv)); } } } @@ -8460,14 +8469,14 @@ namespace Microsoft.Dafny { // include boilerplate invariants foreach (BoilerplateTriple tri in GetTwoStateBoilerplate(s.Tok, modifiesClause, s.IsGhost, etranPreLoop, etran, etran.Old)) { if (tri.IsFree) { - invariants.Add(new Bpl.AssumeCmd(s.Tok, tri.Expr)); + invariants.Add(TrAssumeCmd(s.Tok, tri.Expr)); } else { Contract.Assert(tri.ErrorMessage != null); // follows from BoilerplateTriple invariant invariants.Add(Assert(s.Tok, tri.Expr, tri.ErrorMessage)); } } // add a free invariant which says that the heap hasn't changed outside of the modifies clause. - invariants.Add(new Bpl.AssumeCmd(s.Tok, FrameConditionUsingDefinedFrame(s.Tok, etranPreLoop, etran, updatedFrameEtran))); + invariants.Add(TrAssumeCmd(s.Tok, FrameConditionUsingDefinedFrame(s.Tok, etranPreLoop, etran, updatedFrameEtran))); } // include a free invariant that says that all completed iterations so far have only decreased the termination metric @@ -8481,13 +8490,13 @@ namespace Microsoft.Dafny { decrs.Add(etran.TrExpr(e)); } Bpl.Expr decrCheck = DecreasesCheck(toks, types, types, decrs, initDecr, null, null, true, false); - invariants.Add(new Bpl.AssumeCmd(s.Tok, decrCheck)); + invariants.Add(TrAssumeCmd(s.Tok, decrCheck)); } Bpl.StmtListBuilder loopBodyBuilder = new Bpl.StmtListBuilder(); loopBodyBuilder.Add(CaptureState(s.Tok, true, "after some loop iterations")); // as the first thing inside the loop, generate: if (!w) { CheckWellformed(inv); assume false; } - invDefinednessBuilder.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + invDefinednessBuilder.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); loopBodyBuilder.Add(new Bpl.IfCmd(s.Tok, Bpl.Expr.Not(w), invDefinednessBuilder.Collect(s.Tok), null, null)); // generate: CheckWellformed(guard); if (!guard) { break; } Bpl.Expr guard = null; @@ -8528,13 +8537,13 @@ namespace Microsoft.Dafny { loopBodyBuilder.Add(Assert(s.Tok, decrCheck, msg)); } } else { - loopBodyBuilder.Add(new Bpl.AssumeCmd(s.Tok, Bpl.Expr.False)); + loopBodyBuilder.Add(TrAssumeCmd(s.Tok, Bpl.Expr.False)); // todo(maria): havoc stuff } // Finally, assume the well-formedness of the invariant (which has been checked once and for all above), so that the check // of invariant-maintenance can use the appropriate canCall predicates. foreach (MaybeFreeExpression loopInv in s.Invariants) { - loopBodyBuilder.Add(new Bpl.AssumeCmd(loopInv.E.tok, CanCallAssumption(loopInv.E, etran))); + loopBodyBuilder.Add(TrAssumeCmd(loopInv.E.tok, CanCallAssumption(loopInv.E, etran))); } Bpl.StmtList body = loopBodyBuilder.Collect(s.Tok); @@ -8569,7 +8578,7 @@ namespace Microsoft.Dafny { var b = new Bpl.StmtListBuilder(); var elseTok = elseCase0 != null ? elseCase0.tok : elseCase1.tok; - b.Add(new Bpl.AssumeCmd(elseTok, noGuard)); + b.Add(TrAssumeCmd(elseTok, noGuard)); if (elseCase0 != null) { b.Add(elseCase0); } else { @@ -8838,7 +8847,7 @@ namespace Microsoft.Dafny { // the out-parameter. Bpl.Cmd cmd = new Bpl.HavocCmd(bLhs.tok, new List { bLhs }); builder.Add(cmd); - cmd = new Bpl.AssumeCmd(bLhs.tok, Bpl.Expr.Eq(bLhs, FunctionCall(bLhs.tok, BuiltinFunction.Unbox, TrType(LhsTypes[i]), tmpVarIdE))); + cmd = TrAssumeCmd(bLhs.tok, Bpl.Expr.Eq(bLhs, FunctionCall(bLhs.tok, BuiltinFunction.Unbox, TrType(LhsTypes[i]), tmpVarIdE))); builder.Add(cmd); } } @@ -8866,7 +8875,7 @@ namespace Microsoft.Dafny { builder.Add(new Bpl.HavocCmd(bv.tok, new List { bIe })); Bpl.Expr wh = GetWhereClause(bv.tok, bIe, local.Type, etran); if (wh != null) { - builder.Add(new Bpl.AssumeCmd(bv.tok, wh)); + builder.Add(TrAssumeCmd(bv.tok, wh)); } } return substMap; @@ -9792,7 +9801,7 @@ namespace Microsoft.Dafny { } else if (rhs is HavocRhs) { builder.Add(new Bpl.HavocCmd(tok, new List { bLhs })); var isNat = CheckSubrange_Expr(tok, bLhs, rhsTypeConstraint); - builder.Add(new Bpl.AssumeCmd(tok, isNat)); + builder.Add(TrAssumeCmd(tok, isNat)); return CondApplyBox(tok, bLhs, rhsTypeConstraint, lhsType); } else { // x := new Something @@ -9817,13 +9826,13 @@ namespace Microsoft.Dafny { Bpl.Expr nwNotNull = Bpl.Expr.Neq(nw, predef.Null); Bpl.Expr rightType; rightType = etran.GoodRef_(tok, nw, tRhs.Type, true); - builder.Add(new Bpl.AssumeCmd(tok, Bpl.Expr.And(nwNotNull, rightType))); + builder.Add(TrAssumeCmd(tok, Bpl.Expr.And(nwNotNull, rightType))); if (tRhs.ArrayDimensions != null) { int i = 0; foreach (Expression dim in tRhs.ArrayDimensions) { // assume Array#Length($nw, i) == arraySize; Bpl.Expr arrayLength = ArrayLength(tok, nw, tRhs.ArrayDimensions.Count, i); - builder.Add(new Bpl.AssumeCmd(tok, Bpl.Expr.Eq(arrayLength, etran.TrExpr(dim)))); + builder.Add(TrAssumeCmd(tok, Bpl.Expr.Eq(arrayLength, etran.TrExpr(dim)))); i++; } } @@ -9929,7 +9938,7 @@ namespace Microsoft.Dafny { Contract.Requires(etran != null); Contract.Ensures(Contract.Result() != null); - return new Bpl.AssumeCmd(tok, FunctionCall(tok, BuiltinFunction.IsGoodHeap, null, etran.HeapExpr)); + return TrAssumeCmd(tok, FunctionCall(tok, BuiltinFunction.IsGoodHeap, null, etran.HeapExpr)); } /// diff --git a/Test/dafny0/DTypes.dfy b/Test/dafny0/DTypes.dfy index 9e36e64c..9891c040 100644 --- a/Test/dafny0/DTypes.dfy +++ b/Test/dafny0/DTypes.dfy @@ -1,4 +1,4 @@ -// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t" +// RUN: %dafny /compile:0 /autoTriggers:1 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t" // RUN: %diff "%s.expect" "%t" class C { diff --git a/Test/dafny0/snapshots/Snapshots0.run.dfy.expect b/Test/dafny0/snapshots/Snapshots0.run.dfy.expect index d32cd9bb..bf7388cf 100644 --- a/Test/dafny0/snapshots/Snapshots0.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots0.run.dfy.expect @@ -1,6 +1,6 @@ Processing command (at Snapshots0.v0.dfy(3,6)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); >>> DoNothingToAssert -Processing command (at Snapshots0.v0.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots0.v0.dfy(4,10)) assert false; >>> DoNothingToAssert Dafny program verifier finished with 3 verified, 0 errors @@ -16,7 +16,7 @@ Processing command (at Snapshots0.v1.dfy(3,6)) assert (forall $o: ref, $f >>> MarkAsFullyVerified Processing command (at ) a##cached##0 := a##cached##0 && ##extracted_function##2(call0old#AT#$Heap, $Heap); >>> AssumeNegationOfAssumptionVariable -Processing command (at Snapshots0.v1.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots0.v1.dfy(4,10)) assert false; >>> MarkAsPartiallyVerified Snapshots0.v1.dfy(4,9): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots1.run.dfy.expect b/Test/dafny0/snapshots/Snapshots1.run.dfy.expect index 6d5e43f8..1b5c8d24 100644 --- a/Test/dafny0/snapshots/Snapshots1.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots1.run.dfy.expect @@ -1,6 +1,6 @@ Processing command (at Snapshots1.v0.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); >>> DoNothingToAssert -Processing command (at Snapshots1.v0.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots1.v0.dfy(4,10)) assert false; >>> DoNothingToAssert Processing command (at Snapshots1.v0.dfy(12,3)) assert true; >>> DoNothingToAssert @@ -12,7 +12,7 @@ Processing command (at Snapshots1.v1.dfy(12,3)) assert true; >>> MarkAsFullyVerified Processing command (at Snapshots1.v1.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); >>> MarkAsFullyVerified -Processing command (at Snapshots1.v1.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots1.v1.dfy(4,10)) assert false; >>> DoNothingToAssert Snapshots1.v1.dfy(4,9): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots2.run.dfy.expect b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect index ee2ceecd..949ecec9 100644 --- a/Test/dafny0/snapshots/Snapshots2.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots2.run.dfy.expect @@ -1,6 +1,6 @@ Processing command (at Snapshots2.v0.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); >>> DoNothingToAssert -Processing command (at Snapshots2.v0.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots2.v0.dfy(4,10)) assert false; >>> DoNothingToAssert Processing command (at Snapshots2.v0.dfy(11,11)) assert true; >>> DoNothingToAssert @@ -24,7 +24,7 @@ Processing command (at Snapshots2.v1.dfy(18,3)) assert true; >>> MarkAsFullyVerified Processing command (at Snapshots2.v1.dfy(3,4)) assert (forall $o: ref, $f: Field alpha :: false ==> $_Frame[$o, $f]); >>> MarkAsFullyVerified -Processing command (at Snapshots2.v1.dfy(4,10)) assert Lit(false); +Processing command (at Snapshots2.v1.dfy(4,10)) assert false; >>> DoNothingToAssert Snapshots2.v1.dfy(4,9): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots3.run.dfy.expect b/Test/dafny0/snapshots/Snapshots3.run.dfy.expect index accacd90..a7f05a68 100644 --- a/Test/dafny0/snapshots/Snapshots3.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots3.run.dfy.expect @@ -1,4 +1,4 @@ -Processing command (at Snapshots3.v0.dfy(9,14)) assert Lit(0 != 0); +Processing command (at Snapshots3.v0.dfy(9,14)) assert 0 != 0; >>> DoNothingToAssert Snapshots3.v0.dfy(9,13): Error: assertion violation Execution trace: @@ -6,9 +6,9 @@ Execution trace: (0,0): anon3_Else Dafny program verifier finished with 1 verified, 1 error -Processing command (at Snapshots3.v1.dfy(5,12)) assert Lit(true); +Processing command (at Snapshots3.v1.dfy(5,12)) assert true; >>> DoNothingToAssert -Processing command (at Snapshots3.v1.dfy(9,14)) assert Lit(0 != 0); +Processing command (at Snapshots3.v1.dfy(9,14)) assert 0 != 0; >>> RecycleError Snapshots3.v0.dfy(9,13): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots4.run.dfy.expect b/Test/dafny0/snapshots/Snapshots4.run.dfy.expect index d56eb9d0..e0f07849 100644 --- a/Test/dafny0/snapshots/Snapshots4.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots4.run.dfy.expect @@ -2,11 +2,11 @@ Processing command (at Snapshots4.v0.dfy(9,14)) assert LitInt(0) == LitInt(0); >>> DoNothingToAssert Dafny program verifier finished with 2 verified, 0 errors -Processing command (at Snapshots4.v1.dfy(5,14)) assert Lit(1 != 1); +Processing command (at Snapshots4.v1.dfy(5,14)) assert 1 != 1; >>> DoNothingToAssert Processing command (at Snapshots4.v1.dfy(9,14)) assert LitInt(0) == LitInt(0); >>> MarkAsFullyVerified -Processing command (at Snapshots4.v1.dfy(10,14)) assert Lit(2 != 2); +Processing command (at Snapshots4.v1.dfy(10,14)) assert 2 != 2; >>> DoNothingToAssert Snapshots4.v1.dfy(5,13): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots6.run.dfy.expect b/Test/dafny0/snapshots/Snapshots6.run.dfy.expect index bef5a87d..cdb942bb 100644 --- a/Test/dafny0/snapshots/Snapshots6.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots6.run.dfy.expect @@ -1,8 +1,8 @@ -Processing command (at Snapshots6.v0.dfy(20,14)) assert Lit(false); +Processing command (at Snapshots6.v0.dfy(20,14)) assert false; >>> DoNothingToAssert Dafny program verifier finished with 4 verified, 0 errors -Processing command (at Snapshots6.v1.dfy(20,14)) assert Lit(false); +Processing command (at Snapshots6.v1.dfy(20,14)) assert false; >>> DoNothingToAssert Snapshots6.v1.dfy(20,13): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots7.run.dfy.expect b/Test/dafny0/snapshots/Snapshots7.run.dfy.expect index b90a6034..a08b32c6 100644 --- a/Test/dafny0/snapshots/Snapshots7.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots7.run.dfy.expect @@ -1,4 +1,4 @@ -Processing command (at Snapshots7.v0.dfy(19,14)) assert Lit(false); +Processing command (at Snapshots7.v0.dfy(19,14)) assert false; >>> DoNothingToAssert Dafny program verifier finished with 4 verified, 0 errors @@ -22,7 +22,7 @@ Processing command (at ) a##cached##0 := a##cached##0 && ##ext >>> AssumeNegationOfAssumptionVariable Processing command (at ) a##cached##0 := a##cached##0 && ##extracted_function##4(); >>> AssumeNegationOfAssumptionVariable -Processing command (at Snapshots7.v1.dfy(19,14)) assert Lit(false); +Processing command (at Snapshots7.v1.dfy(19,14)) assert false; >>> MarkAsPartiallyVerified Snapshots7.v1.dfy(19,13): Error: assertion violation Execution trace: diff --git a/Test/dafny0/snapshots/Snapshots8.run.dfy.expect b/Test/dafny0/snapshots/Snapshots8.run.dfy.expect index 625b71b4..e1cbdbe0 100644 --- a/Test/dafny0/snapshots/Snapshots8.run.dfy.expect +++ b/Test/dafny0/snapshots/Snapshots8.run.dfy.expect @@ -20,7 +20,7 @@ Snapshots8.v0.dfy(13,12): Related location: This is the postcondition that might Processing command (at Snapshots8.v0.dfy(23,12)) assert u#0 != 53; >>> DoNothingToAssert Snapshots8.v0.dfy(23,11): Error: assertion violation -Processing command (at Snapshots8.v0.dfy(28,10)) assert Lit(true); +Processing command (at Snapshots8.v0.dfy(28,10)) assert true; >>> DoNothingToAssert Dafny program verifier finished with 7 verified, 4 errors @@ -45,7 +45,7 @@ Snapshots8.v1.dfy(12,20): Related location: This is the precondition that might Snapshots8.v1.dfy(7,11): Error: assertion violation Processing command (at Snapshots8.v1.dfy(21,12)) assert true; >>> MarkAsFullyVerified -Processing command (at Snapshots8.v1.dfy(23,12)) assert Lit(true); +Processing command (at Snapshots8.v1.dfy(23,12)) assert true; >>> DoNothingToAssert Processing command (at Snapshots8.v1.dfy(19,13)) assert LitInt(2) <= z#0; >>> DoNothingToAssert diff --git a/Test/dafny4/Bug136.dfy b/Test/dafny4/Bug136.dfy new file mode 100644 index 00000000..5f3cde69 --- /dev/null +++ b/Test/dafny4/Bug136.dfy @@ -0,0 +1,12 @@ +// RUN: %dafny /compile:0 /print:- "%s" > "%t" +// RUN: %diff "%s.expect" "%t" + +method test() +{ + assume false; + assert true; +} + + + + diff --git a/Test/dafny4/Bug136.dfy.expect b/Test/dafny4/Bug136.dfy.expect new file mode 100644 index 00000000..8b9d32a8 --- /dev/null +++ b/Test/dafny4/Bug136.dfy.expect @@ -0,0 +1,1772 @@ +// Dafny program verifier version 1.9.6.21116, Copyright (c) 2003-2015, Microsoft. +// Command Line Options: -nologo -countVerificationErrors:0 -useBaseNameForFileName /compile:0 /print:- c:\dafny\Test\dafny4\Bug136.dfy + +const $$Language$Dafny: bool; + +axiom $$Language$Dafny; + +type Ty; + +const unique TBool: Ty; + +const unique TChar: Ty; + +const unique TInt: Ty; + +const unique TNat: Ty; + +const unique TReal: Ty; + +function TSet(Ty) : Ty; + +function TISet(Ty) : Ty; + +function TMultiSet(Ty) : Ty; + +function TSeq(Ty) : Ty; + +function TMap(Ty, Ty) : Ty; + +function TIMap(Ty, Ty) : Ty; + +function Inv0_TSet(Ty) : Ty; + +axiom (forall t: Ty :: { TSet(t) } Inv0_TSet(TSet(t)) == t); + +function Inv0_TISet(Ty) : Ty; + +axiom (forall t: Ty :: { TISet(t) } Inv0_TISet(TISet(t)) == t); + +function Inv0_TSeq(Ty) : Ty; + +axiom (forall t: Ty :: { TSeq(t) } Inv0_TSeq(TSeq(t)) == t); + +function Inv0_TMultiSet(Ty) : Ty; + +axiom (forall t: Ty :: { TMultiSet(t) } Inv0_TMultiSet(TMultiSet(t)) == t); + +function Inv0_TMap(Ty) : Ty; + +function Inv1_TMap(Ty) : Ty; + +axiom (forall t: Ty, u: Ty :: { TMap(t, u) } Inv0_TMap(TMap(t, u)) == t); + +axiom (forall t: Ty, u: Ty :: { TMap(t, u) } Inv1_TMap(TMap(t, u)) == u); + +function Inv0_TIMap(Ty) : Ty; + +function Inv1_TIMap(Ty) : Ty; + +axiom (forall t: Ty, u: Ty :: { TIMap(t, u) } Inv0_TIMap(TIMap(t, u)) == t); + +axiom (forall t: Ty, u: Ty :: { TIMap(t, u) } Inv1_TIMap(TIMap(t, u)) == u); + +type TyTag; + +function Tag(Ty) : TyTag; + +const unique TagBool: TyTag; + +const unique TagChar: TyTag; + +const unique TagInt: TyTag; + +const unique TagNat: TyTag; + +const unique TagReal: TyTag; + +const unique TagSet: TyTag; + +const unique TagISet: TyTag; + +const unique TagMultiSet: TyTag; + +const unique TagSeq: TyTag; + +const unique TagMap: TyTag; + +const unique TagIMap: TyTag; + +const unique TagClass: TyTag; + +axiom Tag(TBool) == TagBool; + +axiom Tag(TChar) == TagChar; + +axiom Tag(TInt) == TagInt; + +axiom Tag(TNat) == TagNat; + +axiom Tag(TReal) == TagReal; + +axiom (forall t: Ty :: { TSet(t) } Tag(TSet(t)) == TagSet); + +axiom (forall t: Ty :: { TISet(t) } Tag(TISet(t)) == TagISet); + +axiom (forall t: Ty :: { TMultiSet(t) } Tag(TMultiSet(t)) == TagMultiSet); + +axiom (forall t: Ty :: { TSeq(t) } Tag(TSeq(t)) == TagSeq); + +axiom (forall t: Ty, u: Ty :: { TMap(t, u) } Tag(TMap(t, u)) == TagMap); + +axiom (forall t: Ty, u: Ty :: { TIMap(t, u) } Tag(TIMap(t, u)) == TagIMap); + +function {:identity} LitInt(x: int) : int; + +axiom (forall x: int :: {:identity} { LitInt(x): int } LitInt(x): int == x); + +axiom (forall x: int :: { $Box(LitInt(x)) } $Box(LitInt(x)) == Lit($Box(x))); + +function {:identity} LitReal(x: real) : real; + +axiom (forall x: real :: {:identity} { LitReal(x): real } LitReal(x): real == x); + +axiom (forall x: real :: { $Box(LitReal(x)) } $Box(LitReal(x)) == Lit($Box(x))); + +function {:identity} Lit(x: T) : T; + +axiom (forall x: T :: {:identity} { Lit(x): T } Lit(x): T == x); + +axiom (forall x: T :: { $Box(Lit(x)) } $Box(Lit(x)) == Lit($Box(x))); + +type char; + +function char#FromInt(int) : char; + +function char#ToInt(char) : int; + +axiom (forall ch: char :: { char#ToInt(ch) } char#FromInt(char#ToInt(ch)) == ch); + +axiom (forall n: int :: + { char#FromInt(n) } + 0 <= n && n < 65536 ==> char#ToInt(char#FromInt(n)) == n); + +type ref; + +const null: ref; + +const unique NoTraitAtAll: ClassName; + +function TraitParent(ClassName) : ClassName; + +type Box; + +const $ArbitraryBoxValue: Box; + +function $Box(T) : Box; + +function $Unbox(Box) : T; + +axiom (forall x: T :: { $Box(x) } $Unbox($Box(x)) == x); + +axiom (forall bx: Box :: + { $IsBox(bx, TInt) } + $IsBox(bx, TInt) ==> $Box($Unbox(bx): int) == bx && $Is($Unbox(bx): int, TInt)); + +axiom (forall bx: Box :: + { $IsBox(bx, TNat) } + $IsBox(bx, TNat) ==> $Box($Unbox(bx): int) == bx && $Is($Unbox(bx): int, TNat)); + +axiom (forall bx: Box :: + { $IsBox(bx, TReal) } + $IsBox(bx, TReal) + ==> $Box($Unbox(bx): real) == bx && $Is($Unbox(bx): real, TReal)); + +axiom (forall bx: Box :: + { $IsBox(bx, TBool) } + $IsBox(bx, TBool) + ==> $Box($Unbox(bx): bool) == bx && $Is($Unbox(bx): bool, TBool)); + +axiom (forall bx: Box :: + { $IsBox(bx, TChar) } + $IsBox(bx, TChar) + ==> $Box($Unbox(bx): char) == bx && $Is($Unbox(bx): char, TChar)); + +axiom (forall bx: Box, t: Ty :: + { $IsBox(bx, TSet(t)) } + $IsBox(bx, TSet(t)) + ==> $Box($Unbox(bx): Set Box) == bx && $Is($Unbox(bx): Set Box, TSet(t))); + +axiom (forall bx: Box, t: Ty :: + { $IsBox(bx, TISet(t)) } + $IsBox(bx, TISet(t)) + ==> $Box($Unbox(bx): ISet Box) == bx && $Is($Unbox(bx): ISet Box, TISet(t))); + +axiom (forall bx: Box, t: Ty :: + { $IsBox(bx, TMultiSet(t)) } + $IsBox(bx, TMultiSet(t)) + ==> $Box($Unbox(bx): MultiSet Box) == bx + && $Is($Unbox(bx): MultiSet Box, TMultiSet(t))); + +axiom (forall bx: Box, t: Ty :: + { $IsBox(bx, TSeq(t)) } + $IsBox(bx, TSeq(t)) + ==> $Box($Unbox(bx): Seq Box) == bx && $Is($Unbox(bx): Seq Box, TSeq(t))); + +axiom (forall bx: Box, s: Ty, t: Ty :: + { $IsBox(bx, TMap(s, t)) } + $IsBox(bx, TMap(s, t)) + ==> $Box($Unbox(bx): Map Box Box) == bx && $Is($Unbox(bx): Map Box Box, TMap(s, t))); + +axiom (forall bx: Box, s: Ty, t: Ty :: + { $IsBox(bx, TIMap(s, t)) } + $IsBox(bx, TIMap(s, t)) + ==> $Box($Unbox(bx): IMap Box Box) == bx + && $Is($Unbox(bx): IMap Box Box, TIMap(s, t))); + +axiom (forall v: T, t: Ty :: + { $IsBox($Box(v), t) } + $IsBox($Box(v), t) <==> $Is(v, t)); + +axiom (forall v: T, t: Ty, h: Heap :: + { $IsAllocBox($Box(v), t, h) } + $IsAllocBox($Box(v), t, h) <==> $IsAlloc(v, t, h)); + +function $Is(T, Ty) : bool; + +function $IsAlloc(T, Ty, Heap) : bool; + +function $IsBox(T, Ty) : bool; + +function $IsAllocBox(T, Ty, Heap) : bool; + +axiom (forall v: int :: { $Is(v, TInt) } $Is(v, TInt)); + +axiom (forall v: int :: { $Is(v, TNat) } $Is(v, TNat) <==> v >= 0); + +axiom (forall v: real :: { $Is(v, TReal) } $Is(v, TReal)); + +axiom (forall v: bool :: { $Is(v, TBool) } $Is(v, TBool)); + +axiom (forall v: char :: { $Is(v, TChar) } $Is(v, TChar)); + +axiom (forall h: Heap, v: int :: { $IsAlloc(v, TInt, h) } $IsAlloc(v, TInt, h)); + +axiom (forall h: Heap, v: int :: { $IsAlloc(v, TNat, h) } $IsAlloc(v, TNat, h)); + +axiom (forall h: Heap, v: real :: { $IsAlloc(v, TReal, h) } $IsAlloc(v, TReal, h)); + +axiom (forall h: Heap, v: bool :: { $IsAlloc(v, TBool, h) } $IsAlloc(v, TBool, h)); + +axiom (forall h: Heap, v: char :: { $IsAlloc(v, TChar, h) } $IsAlloc(v, TChar, h)); + +axiom (forall v: Set Box, t0: Ty :: + { $Is(v, TSet(t0)) } + $Is(v, TSet(t0)) <==> (forall bx: Box :: { v[bx] } v[bx] ==> $IsBox(bx, t0))); + +axiom (forall v: ISet Box, t0: Ty :: + { $Is(v, TISet(t0)) } + $Is(v, TISet(t0)) <==> (forall bx: Box :: { v[bx] } v[bx] ==> $IsBox(bx, t0))); + +axiom (forall v: MultiSet Box, t0: Ty :: + { $Is(v, TMultiSet(t0)) } + $Is(v, TMultiSet(t0)) + <==> (forall bx: Box :: { v[bx] } 0 < v[bx] ==> $IsBox(bx, t0))); + +axiom (forall v: MultiSet Box, t0: Ty :: + { $Is(v, TMultiSet(t0)) } + $Is(v, TMultiSet(t0)) ==> $IsGoodMultiSet(v)); + +axiom (forall v: Seq Box, t0: Ty :: + { $Is(v, TSeq(t0)) } + $Is(v, TSeq(t0)) + <==> (forall i: int :: + { Seq#Index(v, i) } + 0 <= i && i < Seq#Length(v) ==> $IsBox(Seq#Index(v, i), t0))); + +axiom (forall v: Set Box, t0: Ty, h: Heap :: + { $IsAlloc(v, TSet(t0), h) } + $IsAlloc(v, TSet(t0), h) + <==> (forall bx: Box :: { v[bx] } v[bx] ==> $IsAllocBox(bx, t0, h))); + +axiom (forall v: ISet Box, t0: Ty, h: Heap :: + { $IsAlloc(v, TISet(t0), h) } + $IsAlloc(v, TISet(t0), h) + <==> (forall bx: Box :: { v[bx] } v[bx] ==> $IsAllocBox(bx, t0, h))); + +axiom (forall v: MultiSet Box, t0: Ty, h: Heap :: + { $IsAlloc(v, TMultiSet(t0), h) } + $IsAlloc(v, TMultiSet(t0), h) + <==> (forall bx: Box :: { v[bx] } 0 < v[bx] ==> $IsAllocBox(bx, t0, h))); + +axiom (forall v: Seq Box, t0: Ty, h: Heap :: + { $IsAlloc(v, TSeq(t0), h) } + $IsAlloc(v, TSeq(t0), h) + <==> (forall i: int :: + { Seq#Index(v, i) } + 0 <= i && i < Seq#Length(v) ==> $IsAllocBox(Seq#Index(v, i), t0, h))); + +axiom (forall v: Map Box Box, t0: Ty, t1: Ty :: + { $Is(v, TMap(t0, t1)) } + $Is(v, TMap(t0, t1)) + <==> (forall bx: Box :: + { Map#Elements(v)[bx] } { Map#Domain(v)[bx] } + Map#Domain(v)[bx] ==> $IsBox(Map#Elements(v)[bx], t1) && $IsBox(bx, t0))); + +axiom (forall v: Map Box Box, t0: Ty, t1: Ty, h: Heap :: + { $IsAlloc(v, TMap(t0, t1), h) } + $IsAlloc(v, TMap(t0, t1), h) + <==> (forall bx: Box :: + { Map#Elements(v)[bx] } { Map#Domain(v)[bx] } + Map#Domain(v)[bx] + ==> $IsAllocBox(Map#Elements(v)[bx], t1, h) && $IsAllocBox(bx, t0, h))); + +axiom (forall v: IMap Box Box, t0: Ty, t1: Ty :: + { $Is(v, TIMap(t0, t1)) } + $Is(v, TIMap(t0, t1)) + <==> (forall bx: Box :: + { IMap#Elements(v)[bx] } { IMap#Domain(v)[bx] } + IMap#Domain(v)[bx] ==> $IsBox(IMap#Elements(v)[bx], t1) && $IsBox(bx, t0))); + +axiom (forall v: IMap Box Box, t0: Ty, t1: Ty, h: Heap :: + { $IsAlloc(v, TIMap(t0, t1), h) } + $IsAlloc(v, TIMap(t0, t1), h) + <==> (forall bx: Box :: + { IMap#Elements(v)[bx] } { IMap#Domain(v)[bx] } + IMap#Domain(v)[bx] + ==> $IsAllocBox(IMap#Elements(v)[bx], t1, h) && $IsAllocBox(bx, t0, h))); + +type ClassName; + +const unique class._System.int: ClassName; + +const unique class._System.bool: ClassName; + +const unique class._System.set: ClassName; + +const unique class._System.seq: ClassName; + +const unique class._System.multiset: ClassName; + +function Tclass._System.object() : Ty; + +function dtype(ref) : Ty; + +function TypeTuple(a: ClassName, b: ClassName) : ClassName; + +function TypeTupleCar(ClassName) : ClassName; + +function TypeTupleCdr(ClassName) : ClassName; + +axiom (forall a: ClassName, b: ClassName :: + { TypeTuple(a, b) } + TypeTupleCar(TypeTuple(a, b)) == a && TypeTupleCdr(TypeTuple(a, b)) == b); + +type HandleType; + +function SetRef_to_SetBox(s: [ref]bool) : Set Box; + +axiom (forall s: [ref]bool, bx: Box :: + { SetRef_to_SetBox(s)[bx] } + SetRef_to_SetBox(s)[bx] == s[$Unbox(bx): ref]); + +axiom (forall s: [ref]bool :: + { SetRef_to_SetBox(s) } + $Is(SetRef_to_SetBox(s), TSet(Tclass._System.object()))); + +type DatatypeType; + +type DtCtorId; + +function DatatypeCtorId(DatatypeType) : DtCtorId; + +function DtRank(DatatypeType) : int; + +function BoxRank(Box) : int; + +axiom (forall d: DatatypeType :: { BoxRank($Box(d)) } BoxRank($Box(d)) == DtRank(d)); + +const $ModuleContextHeight: int; + +const $FunctionContextHeight: int; + +type LayerType; + +const $LZ: LayerType; + +function $LS(LayerType) : LayerType; + +function AtLayer([LayerType]A, LayerType) : A; + +axiom (forall f: [LayerType]A, ly: LayerType :: + { AtLayer(f, ly) } + AtLayer(f, ly) == f[ly]); + +axiom (forall f: [LayerType]A, ly: LayerType :: + { AtLayer(f, $LS(ly)) } + AtLayer(f, $LS(ly)) == AtLayer(f, ly)); + +type Field _; + +function FDim(Field T) : int; + +function IndexField(int) : Field Box; + +axiom (forall i: int :: { IndexField(i) } FDim(IndexField(i)) == 1); + +function IndexField_Inverse(Field T) : int; + +axiom (forall i: int :: { IndexField(i) } IndexField_Inverse(IndexField(i)) == i); + +function MultiIndexField(Field Box, int) : Field Box; + +axiom (forall f: Field Box, i: int :: + { MultiIndexField(f, i) } + FDim(MultiIndexField(f, i)) == FDim(f) + 1); + +function MultiIndexField_Inverse0(Field T) : Field T; + +function MultiIndexField_Inverse1(Field T) : int; + +axiom (forall f: Field Box, i: int :: + { MultiIndexField(f, i) } + MultiIndexField_Inverse0(MultiIndexField(f, i)) == f + && MultiIndexField_Inverse1(MultiIndexField(f, i)) == i); + +function DeclType(Field T) : ClassName; + +type NameFamily; + +function DeclName(Field T) : NameFamily; + +function FieldOfDecl(ClassName, NameFamily) : Field alpha; + +axiom (forall cl: ClassName, nm: NameFamily :: + { FieldOfDecl(cl, nm): Field T } + DeclType(FieldOfDecl(cl, nm): Field T) == cl + && DeclName(FieldOfDecl(cl, nm): Field T) == nm); + +function $IsGhostField(Field T) : bool; + +axiom (forall h: Heap, k: Heap, v: T, t: Ty :: + { $HeapSucc(h, k), $IsAlloc(v, t, h) } + $HeapSucc(h, k) ==> $IsAlloc(v, t, h) ==> $IsAlloc(v, t, k)); + +axiom (forall h: Heap, k: Heap, bx: Box, t: Ty :: + { $HeapSucc(h, k), $IsAllocBox(bx, t, h) } + $HeapSucc(h, k) ==> $IsAllocBox(bx, t, h) ==> $IsAllocBox(bx, t, k)); + +const unique alloc: Field bool; + +axiom FDim(alloc) == 0 && !$IsGhostField(alloc); + +function _System.array.Length(a: ref) : int; + +axiom (forall o: ref :: 0 <= _System.array.Length(o)); + +function Int(x: real) : int; + +axiom (forall x: real :: { Int(x): int } Int(x): int == int(x)); + +function Real(x: int) : real; + +axiom (forall x: int :: { Real(x): real } Real(x): real == real(x)); + +axiom (forall i: int :: { Int(Real(i)) } Int(Real(i)) == i); + +function {:inline true} _System.real.Trunc(x: real) : int +{ + Int(x) +} + +type Heap = [ref,Field alpha]alpha; + +function {:inline true} read(H: Heap, r: ref, f: Field alpha) : alpha +{ + H[r, f] +} + +function {:inline true} update(H: Heap, r: ref, f: Field alpha, v: alpha) : Heap +{ + H[r, f := v] +} + +function $IsGoodHeap(Heap) : bool; + +function $IsHeapAnchor(Heap) : bool; + +var $Heap: Heap where $IsGoodHeap($Heap) && $IsHeapAnchor($Heap); + +function $HeapSucc(Heap, Heap) : bool; + +axiom (forall h: Heap, r: ref, f: Field alpha, x: alpha :: + { update(h, r, f, x) } + $IsGoodHeap(update(h, r, f, x)) ==> $HeapSucc(h, update(h, r, f, x))); + +axiom (forall a: Heap, b: Heap, c: Heap :: + { $HeapSucc(a, b), $HeapSucc(b, c) } + $HeapSucc(a, b) && $HeapSucc(b, c) ==> $HeapSucc(a, c)); + +axiom (forall h: Heap, k: Heap :: + { $HeapSucc(h, k) } + $HeapSucc(h, k) + ==> (forall o: ref :: { read(k, o, alloc) } read(h, o, alloc) ==> read(k, o, alloc))); + +function $HeapSuccGhost(Heap, Heap) : bool; + +axiom (forall h: Heap, k: Heap :: + { $HeapSuccGhost(h, k) } + $HeapSuccGhost(h, k) + ==> $HeapSucc(h, k) + && (forall o: ref, f: Field alpha :: + { read(k, o, f) } + !$IsGhostField(f) ==> read(h, o, f) == read(k, o, f))); + +type TickType; + +var $Tick: TickType; + +procedure $YieldHavoc(this: ref, rds: Set Box, nw: Set Box); + modifies $Heap; + ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> + $o == this || rds[$Box($o)] || nw[$Box($o)] + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + ensures $HeapSucc(old($Heap), $Heap); + + + +procedure $IterHavoc0(this: ref, rds: Set Box, modi: Set Box); + modifies $Heap; + ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> + rds[$Box($o)] && !modi[$Box($o)] && $o != this + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + ensures $HeapSucc(old($Heap), $Heap); + + + +procedure $IterHavoc1(this: ref, modi: Set Box, nw: Set Box); + modifies $Heap; + ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f) + || $o == this + || modi[$Box($o)] + || nw[$Box($o)]); + ensures $HeapSucc(old($Heap), $Heap); + + + +procedure $IterCollectNewObjects(prevHeap: Heap, newHeap: Heap, this: ref, NW: Field (Set Box)) + returns (s: Set Box); + ensures (forall bx: Box :: + { s[bx] } + s[bx] + <==> read(newHeap, this, NW)[bx] + || ( + $Unbox(bx) != null + && !read(prevHeap, $Unbox(bx): ref, alloc) + && read(newHeap, $Unbox(bx): ref, alloc))); + + + +type Set T = [T]bool; + +function Set#Card(Set T) : int; + +axiom (forall s: Set T :: { Set#Card(s) } 0 <= Set#Card(s)); + +function Set#Empty() : Set T; + +axiom (forall o: T :: { Set#Empty()[o] } !Set#Empty()[o]); + +axiom (forall s: Set T :: + { Set#Card(s) } + (Set#Card(s) == 0 <==> s == Set#Empty()) + && (Set#Card(s) != 0 ==> (exists x: T :: s[x]))); + +function Set#Singleton(T) : Set T; + +axiom (forall r: T :: { Set#Singleton(r) } Set#Singleton(r)[r]); + +axiom (forall r: T, o: T :: + { Set#Singleton(r)[o] } + Set#Singleton(r)[o] <==> r == o); + +axiom (forall r: T :: + { Set#Card(Set#Singleton(r)) } + Set#Card(Set#Singleton(r)) == 1); + +function Set#UnionOne(Set T, T) : Set T; + +axiom (forall a: Set T, x: T, o: T :: + { Set#UnionOne(a, x)[o] } + Set#UnionOne(a, x)[o] <==> o == x || a[o]); + +axiom (forall a: Set T, x: T :: { Set#UnionOne(a, x) } Set#UnionOne(a, x)[x]); + +axiom (forall a: Set T, x: T, y: T :: + { Set#UnionOne(a, x), a[y] } + a[y] ==> Set#UnionOne(a, x)[y]); + +axiom (forall a: Set T, x: T :: + { Set#Card(Set#UnionOne(a, x)) } + a[x] ==> Set#Card(Set#UnionOne(a, x)) == Set#Card(a)); + +axiom (forall a: Set T, x: T :: + { Set#Card(Set#UnionOne(a, x)) } + !a[x] ==> Set#Card(Set#UnionOne(a, x)) == Set#Card(a) + 1); + +function Set#Union(Set T, Set T) : Set T; + +axiom (forall a: Set T, b: Set T, o: T :: + { Set#Union(a, b)[o] } + Set#Union(a, b)[o] <==> a[o] || b[o]); + +axiom (forall a: Set T, b: Set T, y: T :: + { Set#Union(a, b), a[y] } + a[y] ==> Set#Union(a, b)[y]); + +axiom (forall a: Set T, b: Set T, y: T :: + { Set#Union(a, b), b[y] } + b[y] ==> Set#Union(a, b)[y]); + +axiom (forall a: Set T, b: Set T :: + { Set#Union(a, b) } + Set#Disjoint(a, b) + ==> Set#Difference(Set#Union(a, b), a) == b + && Set#Difference(Set#Union(a, b), b) == a); + +function Set#Intersection(Set T, Set T) : Set T; + +axiom (forall a: Set T, b: Set T, o: T :: + { Set#Intersection(a, b)[o] } + Set#Intersection(a, b)[o] <==> a[o] && b[o]); + +axiom (forall a: Set T, b: Set T :: + { Set#Union(Set#Union(a, b), b) } + Set#Union(Set#Union(a, b), b) == Set#Union(a, b)); + +axiom (forall a: Set T, b: Set T :: + { Set#Union(a, Set#Union(a, b)) } + Set#Union(a, Set#Union(a, b)) == Set#Union(a, b)); + +axiom (forall a: Set T, b: Set T :: + { Set#Intersection(Set#Intersection(a, b), b) } + Set#Intersection(Set#Intersection(a, b), b) == Set#Intersection(a, b)); + +axiom (forall a: Set T, b: Set T :: + { Set#Intersection(a, Set#Intersection(a, b)) } + Set#Intersection(a, Set#Intersection(a, b)) == Set#Intersection(a, b)); + +axiom (forall a: Set T, b: Set T :: + { Set#Card(Set#Union(a, b)) } { Set#Card(Set#Intersection(a, b)) } + Set#Card(Set#Union(a, b)) + Set#Card(Set#Intersection(a, b)) + == Set#Card(a) + Set#Card(b)); + +function Set#Difference(Set T, Set T) : Set T; + +axiom (forall a: Set T, b: Set T, o: T :: + { Set#Difference(a, b)[o] } + Set#Difference(a, b)[o] <==> a[o] && !b[o]); + +axiom (forall a: Set T, b: Set T, y: T :: + { Set#Difference(a, b), b[y] } + b[y] ==> !Set#Difference(a, b)[y]); + +axiom (forall a: Set T, b: Set T :: + { Set#Card(Set#Difference(a, b)) } + Set#Card(Set#Difference(a, b)) + + Set#Card(Set#Difference(b, a)) + + Set#Card(Set#Intersection(a, b)) + == Set#Card(Set#Union(a, b)) + && Set#Card(Set#Difference(a, b)) == Set#Card(a) - Set#Card(Set#Intersection(a, b))); + +function Set#Subset(Set T, Set T) : bool; + +axiom (forall a: Set T, b: Set T :: + { Set#Subset(a, b) } + Set#Subset(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] ==> b[o])); + +function Set#Equal(Set T, Set T) : bool; + +axiom (forall a: Set T, b: Set T :: + { Set#Equal(a, b) } + Set#Equal(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] <==> b[o])); + +axiom (forall a: Set T, b: Set T :: { Set#Equal(a, b) } Set#Equal(a, b) ==> a == b); + +function Set#Disjoint(Set T, Set T) : bool; + +axiom (forall a: Set T, b: Set T :: + { Set#Disjoint(a, b) } + Set#Disjoint(a, b) <==> (forall o: T :: { a[o] } { b[o] } !a[o] || !b[o])); + +type ISet T = [T]bool; + +function ISet#Empty() : Set T; + +axiom (forall o: T :: { ISet#Empty()[o] } !ISet#Empty()[o]); + +function ISet#UnionOne(ISet T, T) : ISet T; + +axiom (forall a: ISet T, x: T, o: T :: + { ISet#UnionOne(a, x)[o] } + ISet#UnionOne(a, x)[o] <==> o == x || a[o]); + +axiom (forall a: ISet T, x: T :: { ISet#UnionOne(a, x) } ISet#UnionOne(a, x)[x]); + +axiom (forall a: ISet T, x: T, y: T :: + { ISet#UnionOne(a, x), a[y] } + a[y] ==> ISet#UnionOne(a, x)[y]); + +function ISet#Union(ISet T, ISet T) : ISet T; + +axiom (forall a: ISet T, b: ISet T, o: T :: + { ISet#Union(a, b)[o] } + ISet#Union(a, b)[o] <==> a[o] || b[o]); + +axiom (forall a: ISet T, b: ISet T, y: T :: + { ISet#Union(a, b), a[y] } + a[y] ==> ISet#Union(a, b)[y]); + +axiom (forall a: Set T, b: Set T, y: T :: + { ISet#Union(a, b), b[y] } + b[y] ==> ISet#Union(a, b)[y]); + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Union(a, b) } + ISet#Disjoint(a, b) + ==> ISet#Difference(ISet#Union(a, b), a) == b + && ISet#Difference(ISet#Union(a, b), b) == a); + +function ISet#Intersection(ISet T, ISet T) : ISet T; + +axiom (forall a: ISet T, b: ISet T, o: T :: + { ISet#Intersection(a, b)[o] } + ISet#Intersection(a, b)[o] <==> a[o] && b[o]); + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Union(ISet#Union(a, b), b) } + ISet#Union(ISet#Union(a, b), b) == ISet#Union(a, b)); + +axiom (forall a: Set T, b: Set T :: + { ISet#Union(a, ISet#Union(a, b)) } + ISet#Union(a, ISet#Union(a, b)) == ISet#Union(a, b)); + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Intersection(ISet#Intersection(a, b), b) } + ISet#Intersection(ISet#Intersection(a, b), b) == ISet#Intersection(a, b)); + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Intersection(a, ISet#Intersection(a, b)) } + ISet#Intersection(a, ISet#Intersection(a, b)) == ISet#Intersection(a, b)); + +function ISet#Difference(ISet T, ISet T) : ISet T; + +axiom (forall a: ISet T, b: ISet T, o: T :: + { ISet#Difference(a, b)[o] } + ISet#Difference(a, b)[o] <==> a[o] && !b[o]); + +axiom (forall a: ISet T, b: ISet T, y: T :: + { ISet#Difference(a, b), b[y] } + b[y] ==> !ISet#Difference(a, b)[y]); + +function ISet#Subset(ISet T, ISet T) : bool; + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Subset(a, b) } + ISet#Subset(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] ==> b[o])); + +function ISet#Equal(ISet T, ISet T) : bool; + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Equal(a, b) } + ISet#Equal(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] <==> b[o])); + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Equal(a, b) } + ISet#Equal(a, b) ==> a == b); + +function ISet#Disjoint(ISet T, ISet T) : bool; + +axiom (forall a: ISet T, b: ISet T :: + { ISet#Disjoint(a, b) } + ISet#Disjoint(a, b) <==> (forall o: T :: { a[o] } { b[o] } !a[o] || !b[o])); + +function Math#min(a: int, b: int) : int; + +axiom (forall a: int, b: int :: { Math#min(a, b) } a <= b <==> Math#min(a, b) == a); + +axiom (forall a: int, b: int :: { Math#min(a, b) } b <= a <==> Math#min(a, b) == b); + +axiom (forall a: int, b: int :: + { Math#min(a, b) } + Math#min(a, b) == a || Math#min(a, b) == b); + +function Math#clip(a: int) : int; + +axiom (forall a: int :: { Math#clip(a) } 0 <= a ==> Math#clip(a) == a); + +axiom (forall a: int :: { Math#clip(a) } a < 0 ==> Math#clip(a) == 0); + +type MultiSet T = [T]int; + +function $IsGoodMultiSet(ms: MultiSet T) : bool; + +axiom (forall ms: MultiSet T :: + { $IsGoodMultiSet(ms) } + $IsGoodMultiSet(ms) + <==> (forall bx: T :: { ms[bx] } 0 <= ms[bx] && ms[bx] <= MultiSet#Card(ms))); + +function MultiSet#Card(MultiSet T) : int; + +axiom (forall s: MultiSet T :: { MultiSet#Card(s) } 0 <= MultiSet#Card(s)); + +axiom (forall s: MultiSet T, x: T, n: int :: + { MultiSet#Card(s[x := n]) } + 0 <= n ==> MultiSet#Card(s[x := n]) == MultiSet#Card(s) - s[x] + n); + +function MultiSet#Empty() : MultiSet T; + +axiom (forall o: T :: { MultiSet#Empty()[o] } MultiSet#Empty()[o] == 0); + +axiom (forall s: MultiSet T :: + { MultiSet#Card(s) } + (MultiSet#Card(s) == 0 <==> s == MultiSet#Empty()) + && (MultiSet#Card(s) != 0 ==> (exists x: T :: 0 < s[x]))); + +function MultiSet#Singleton(T) : MultiSet T; + +axiom (forall r: T, o: T :: + { MultiSet#Singleton(r)[o] } + (MultiSet#Singleton(r)[o] == 1 <==> r == o) + && (MultiSet#Singleton(r)[o] == 0 <==> r != o)); + +axiom (forall r: T :: + { MultiSet#Singleton(r) } + MultiSet#Singleton(r) == MultiSet#UnionOne(MultiSet#Empty(), r)); + +function MultiSet#UnionOne(MultiSet T, T) : MultiSet T; + +axiom (forall a: MultiSet T, x: T, o: T :: + { MultiSet#UnionOne(a, x)[o] } + 0 < MultiSet#UnionOne(a, x)[o] <==> o == x || 0 < a[o]); + +axiom (forall a: MultiSet T, x: T :: + { MultiSet#UnionOne(a, x) } + MultiSet#UnionOne(a, x)[x] == a[x] + 1); + +axiom (forall a: MultiSet T, x: T, y: T :: + { MultiSet#UnionOne(a, x), a[y] } + 0 < a[y] ==> 0 < MultiSet#UnionOne(a, x)[y]); + +axiom (forall a: MultiSet T, x: T, y: T :: + { MultiSet#UnionOne(a, x), a[y] } + x != y ==> a[y] == MultiSet#UnionOne(a, x)[y]); + +axiom (forall a: MultiSet T, x: T :: + { MultiSet#Card(MultiSet#UnionOne(a, x)) } + MultiSet#Card(MultiSet#UnionOne(a, x)) == MultiSet#Card(a) + 1); + +function MultiSet#Union(MultiSet T, MultiSet T) : MultiSet T; + +axiom (forall a: MultiSet T, b: MultiSet T, o: T :: + { MultiSet#Union(a, b)[o] } + MultiSet#Union(a, b)[o] == a[o] + b[o]); + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Card(MultiSet#Union(a, b)) } + MultiSet#Card(MultiSet#Union(a, b)) == MultiSet#Card(a) + MultiSet#Card(b)); + +function MultiSet#Intersection(MultiSet T, MultiSet T) : MultiSet T; + +axiom (forall a: MultiSet T, b: MultiSet T, o: T :: + { MultiSet#Intersection(a, b)[o] } + MultiSet#Intersection(a, b)[o] == Math#min(a[o], b[o])); + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Intersection(MultiSet#Intersection(a, b), b) } + MultiSet#Intersection(MultiSet#Intersection(a, b), b) + == MultiSet#Intersection(a, b)); + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Intersection(a, MultiSet#Intersection(a, b)) } + MultiSet#Intersection(a, MultiSet#Intersection(a, b)) + == MultiSet#Intersection(a, b)); + +function MultiSet#Difference(MultiSet T, MultiSet T) : MultiSet T; + +axiom (forall a: MultiSet T, b: MultiSet T, o: T :: + { MultiSet#Difference(a, b)[o] } + MultiSet#Difference(a, b)[o] == Math#clip(a[o] - b[o])); + +axiom (forall a: MultiSet T, b: MultiSet T, y: T :: + { MultiSet#Difference(a, b), b[y], a[y] } + a[y] <= b[y] ==> MultiSet#Difference(a, b)[y] == 0); + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Card(MultiSet#Difference(a, b)) } + MultiSet#Card(MultiSet#Difference(a, b)) + + MultiSet#Card(MultiSet#Difference(b, a)) + + 2 * MultiSet#Card(MultiSet#Intersection(a, b)) + == MultiSet#Card(MultiSet#Union(a, b)) + && MultiSet#Card(MultiSet#Difference(a, b)) + == MultiSet#Card(a) - MultiSet#Card(MultiSet#Intersection(a, b))); + +function MultiSet#Subset(MultiSet T, MultiSet T) : bool; + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Subset(a, b) } + MultiSet#Subset(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] <= b[o])); + +function MultiSet#Equal(MultiSet T, MultiSet T) : bool; + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Equal(a, b) } + MultiSet#Equal(a, b) <==> (forall o: T :: { a[o] } { b[o] } a[o] == b[o])); + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Equal(a, b) } + MultiSet#Equal(a, b) ==> a == b); + +function MultiSet#Disjoint(MultiSet T, MultiSet T) : bool; + +axiom (forall a: MultiSet T, b: MultiSet T :: + { MultiSet#Disjoint(a, b) } + MultiSet#Disjoint(a, b) + <==> (forall o: T :: { a[o] } { b[o] } a[o] == 0 || b[o] == 0)); + +function MultiSet#FromSet(Set T) : MultiSet T; + +axiom (forall s: Set T, a: T :: + { MultiSet#FromSet(s)[a] } + (MultiSet#FromSet(s)[a] == 0 <==> !s[a]) + && (MultiSet#FromSet(s)[a] == 1 <==> s[a])); + +axiom (forall s: Set T :: + { MultiSet#Card(MultiSet#FromSet(s)) } + MultiSet#Card(MultiSet#FromSet(s)) == Set#Card(s)); + +function MultiSet#FromSeq(Seq T) : MultiSet T; + +axiom (forall s: Seq T :: + { MultiSet#FromSeq(s) } + $IsGoodMultiSet(MultiSet#FromSeq(s))); + +axiom (forall s: Seq T :: + { MultiSet#Card(MultiSet#FromSeq(s)) } + MultiSet#Card(MultiSet#FromSeq(s)) == Seq#Length(s)); + +axiom (forall s: Seq T, v: T :: + { MultiSet#FromSeq(Seq#Build(s, v)) } + MultiSet#FromSeq(Seq#Build(s, v)) == MultiSet#UnionOne(MultiSet#FromSeq(s), v)); + +axiom (forall :: + MultiSet#FromSeq(Seq#Empty(): Seq T) == MultiSet#Empty(): MultiSet T); + +axiom (forall a: Seq T, b: Seq T :: + { MultiSet#FromSeq(Seq#Append(a, b)) } + MultiSet#FromSeq(Seq#Append(a, b)) + == MultiSet#Union(MultiSet#FromSeq(a), MultiSet#FromSeq(b))); + +axiom (forall s: Seq T, i: int, v: T, x: T :: + { MultiSet#FromSeq(Seq#Update(s, i, v))[x] } + 0 <= i && i < Seq#Length(s) + ==> MultiSet#FromSeq(Seq#Update(s, i, v))[x] + == MultiSet#Union(MultiSet#Difference(MultiSet#FromSeq(s), MultiSet#Singleton(Seq#Index(s, i))), + MultiSet#Singleton(v))[x]); + +axiom (forall s: Seq T, x: T :: + { MultiSet#FromSeq(s)[x] } + (exists i: int :: + { Seq#Index(s, i) } + 0 <= i && i < Seq#Length(s) && x == Seq#Index(s, i)) + <==> 0 < MultiSet#FromSeq(s)[x]); + +type Seq _; + +function Seq#Length(Seq T) : int; + +axiom (forall s: Seq T :: { Seq#Length(s) } 0 <= Seq#Length(s)); + +function Seq#Empty() : Seq T; + +axiom (forall :: Seq#Length(Seq#Empty(): Seq T) == 0); + +axiom (forall s: Seq T :: + { Seq#Length(s) } + Seq#Length(s) == 0 ==> s == Seq#Empty()); + +axiom (forall t: Ty :: { $Is(Seq#Empty(): Seq T, t) } $Is(Seq#Empty(): Seq T, t)); + +function Seq#Singleton(T) : Seq T; + +axiom (forall t: T :: + { Seq#Length(Seq#Singleton(t)) } + Seq#Length(Seq#Singleton(t)) == 1); + +function Seq#Build(s: Seq T, val: T) : Seq T; + +axiom (forall s: Seq T, v: T :: + { Seq#Length(Seq#Build(s, v)) } + Seq#Length(Seq#Build(s, v)) == 1 + Seq#Length(s)); + +axiom (forall s: Seq T, i: int, v: T :: + { Seq#Index(Seq#Build(s, v), i) } + (i == Seq#Length(s) ==> Seq#Index(Seq#Build(s, v), i) == v) + && (i != Seq#Length(s) ==> Seq#Index(Seq#Build(s, v), i) == Seq#Index(s, i))); + +axiom (forall s: Seq Box, bx: Box, t: Ty :: + { $Is(Seq#Build(s, bx), TSeq(t)) } + $Is(s, TSeq(t)) && $IsBox(bx, t) ==> $Is(Seq#Build(s, bx), TSeq(t))); + +function Seq#Append(Seq T, Seq T) : Seq T; + +axiom (forall s0: Seq T, s1: Seq T :: + { Seq#Length(Seq#Append(s0, s1)) } + Seq#Length(Seq#Append(s0, s1)) == Seq#Length(s0) + Seq#Length(s1)); + +axiom (forall s0: Seq Box, s1: Seq Box, t: Ty :: + { $Is(Seq#Append(s0, s1), t) } + $Is(s0, t) && $Is(s1, t) ==> $Is(Seq#Append(s0, s1), t)); + +function Seq#Index(Seq T, int) : T; + +axiom (forall t: T :: + { Seq#Index(Seq#Singleton(t), 0) } + Seq#Index(Seq#Singleton(t), 0) == t); + +axiom (forall s0: Seq T, s1: Seq T, n: int :: + { Seq#Index(Seq#Append(s0, s1), n) } + (n < Seq#Length(s0) ==> Seq#Index(Seq#Append(s0, s1), n) == Seq#Index(s0, n)) + && (Seq#Length(s0) <= n + ==> Seq#Index(Seq#Append(s0, s1), n) == Seq#Index(s1, n - Seq#Length(s0)))); + +function Seq#Update(Seq T, int, T) : Seq T; + +axiom (forall s: Seq T, i: int, v: T :: + { Seq#Length(Seq#Update(s, i, v)) } + 0 <= i && i < Seq#Length(s) ==> Seq#Length(Seq#Update(s, i, v)) == Seq#Length(s)); + +axiom (forall s: Seq T, i: int, v: T, n: int :: + { Seq#Index(Seq#Update(s, i, v), n) } + 0 <= n && n < Seq#Length(s) + ==> (i == n ==> Seq#Index(Seq#Update(s, i, v), n) == v) + && (i != n ==> Seq#Index(Seq#Update(s, i, v), n) == Seq#Index(s, n))); + +function Seq#Contains(Seq T, T) : bool; + +axiom (forall s: Seq T, x: T :: + { Seq#Contains(s, x) } + Seq#Contains(s, x) + <==> (exists i: int :: + { Seq#Index(s, i) } + 0 <= i && i < Seq#Length(s) && Seq#Index(s, i) == x)); + +axiom (forall x: T :: + { Seq#Contains(Seq#Empty(), x) } + !Seq#Contains(Seq#Empty(), x)); + +axiom (forall s0: Seq T, s1: Seq T, x: T :: + { Seq#Contains(Seq#Append(s0, s1), x) } + Seq#Contains(Seq#Append(s0, s1), x) + <==> Seq#Contains(s0, x) || Seq#Contains(s1, x)); + +axiom (forall s: Seq T, v: T, x: T :: + { Seq#Contains(Seq#Build(s, v), x) } + Seq#Contains(Seq#Build(s, v), x) <==> v == x || Seq#Contains(s, x)); + +axiom (forall s: Seq T, n: int, x: T :: + { Seq#Contains(Seq#Take(s, n), x) } + Seq#Contains(Seq#Take(s, n), x) + <==> (exists i: int :: + { Seq#Index(s, i) } + 0 <= i && i < n && i < Seq#Length(s) && Seq#Index(s, i) == x)); + +axiom (forall s: Seq T, n: int, x: T :: + { Seq#Contains(Seq#Drop(s, n), x) } + Seq#Contains(Seq#Drop(s, n), x) + <==> (exists i: int :: + { Seq#Index(s, i) } + 0 <= n && n <= i && i < Seq#Length(s) && Seq#Index(s, i) == x)); + +function Seq#Equal(Seq T, Seq T) : bool; + +axiom (forall s0: Seq T, s1: Seq T :: + { Seq#Equal(s0, s1) } + Seq#Equal(s0, s1) + <==> Seq#Length(s0) == Seq#Length(s1) + && (forall j: int :: + { Seq#Index(s0, j) } { Seq#Index(s1, j) } + 0 <= j && j < Seq#Length(s0) ==> Seq#Index(s0, j) == Seq#Index(s1, j))); + +axiom (forall a: Seq T, b: Seq T :: { Seq#Equal(a, b) } Seq#Equal(a, b) ==> a == b); + +function Seq#SameUntil(Seq T, Seq T, int) : bool; + +axiom (forall s0: Seq T, s1: Seq T, n: int :: + { Seq#SameUntil(s0, s1, n) } + Seq#SameUntil(s0, s1, n) + <==> (forall j: int :: + { Seq#Index(s0, j) } { Seq#Index(s1, j) } + 0 <= j && j < n ==> Seq#Index(s0, j) == Seq#Index(s1, j))); + +function Seq#Take(s: Seq T, howMany: int) : Seq T; + +axiom (forall s: Seq T, n: int :: + { Seq#Length(Seq#Take(s, n)) } + 0 <= n && n <= Seq#Length(s) ==> Seq#Length(Seq#Take(s, n)) == n); + +axiom (forall s: Seq T, n: int, j: int :: + {:weight 25} { Seq#Index(Seq#Take(s, n), j) } { Seq#Index(s, j), Seq#Take(s, n) } + 0 <= j && j < n && j < Seq#Length(s) + ==> Seq#Index(Seq#Take(s, n), j) == Seq#Index(s, j)); + +function Seq#Drop(s: Seq T, howMany: int) : Seq T; + +axiom (forall s: Seq T, n: int :: + { Seq#Length(Seq#Drop(s, n)) } + 0 <= n && n <= Seq#Length(s) ==> Seq#Length(Seq#Drop(s, n)) == Seq#Length(s) - n); + +axiom (forall s: Seq T, n: int, j: int :: + {:weight 25} { Seq#Index(Seq#Drop(s, n), j) } + 0 <= n && 0 <= j && j < Seq#Length(s) - n + ==> Seq#Index(Seq#Drop(s, n), j) == Seq#Index(s, j + n)); + +axiom (forall s: Seq T, n: int, k: int :: + {:weight 25} { Seq#Index(s, k), Seq#Drop(s, n) } + 0 <= n && n <= k && k < Seq#Length(s) + ==> Seq#Index(Seq#Drop(s, n), k - n) == Seq#Index(s, k)); + +axiom (forall s: Seq T, t: Seq T :: + { Seq#Append(s, t) } + Seq#Take(Seq#Append(s, t), Seq#Length(s)) == s + && Seq#Drop(Seq#Append(s, t), Seq#Length(s)) == t); + +function Seq#FromArray(h: Heap, a: ref) : Seq Box; + +axiom (forall h: Heap, a: ref :: + { Seq#Length(Seq#FromArray(h, a)) } + Seq#Length(Seq#FromArray(h, a)) == _System.array.Length(a)); + +axiom (forall h: Heap, a: ref :: + { Seq#FromArray(h, a) } + (forall i: int :: + { read(h, a, IndexField(i)) } { Seq#Index(Seq#FromArray(h, a): Seq Box, i) } + 0 <= i && i < Seq#Length(Seq#FromArray(h, a)) + ==> Seq#Index(Seq#FromArray(h, a), i) == read(h, a, IndexField(i)))); + +axiom (forall h0: Heap, h1: Heap, a: ref :: + { Seq#FromArray(h1, a), $HeapSucc(h0, h1) } + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && $HeapSucc(h0, h1) + && (forall i: int :: + 0 <= i && i < _System.array.Length(a) + ==> read(h0, a, IndexField(i)) == read(h1, a, IndexField(i))) + ==> Seq#FromArray(h0, a) == Seq#FromArray(h1, a)); + +axiom (forall h: Heap, i: int, v: Box, a: ref :: + { Seq#FromArray(update(h, a, IndexField(i), v), a) } + 0 <= i && i < _System.array.Length(a) + ==> Seq#FromArray(update(h, a, IndexField(i), v), a) + == Seq#Update(Seq#FromArray(h, a), i, v)); + +axiom (forall s: Seq T, i: int, v: T, n: int :: + { Seq#Take(Seq#Update(s, i, v), n) } + 0 <= i && i < n && n <= Seq#Length(s) + ==> Seq#Take(Seq#Update(s, i, v), n) == Seq#Update(Seq#Take(s, n), i, v)); + +axiom (forall s: Seq T, i: int, v: T, n: int :: + { Seq#Take(Seq#Update(s, i, v), n) } + n <= i && i < Seq#Length(s) + ==> Seq#Take(Seq#Update(s, i, v), n) == Seq#Take(s, n)); + +axiom (forall s: Seq T, i: int, v: T, n: int :: + { Seq#Drop(Seq#Update(s, i, v), n) } + 0 <= n && n <= i && i < Seq#Length(s) + ==> Seq#Drop(Seq#Update(s, i, v), n) == Seq#Update(Seq#Drop(s, n), i - n, v)); + +axiom (forall s: Seq T, i: int, v: T, n: int :: + { Seq#Drop(Seq#Update(s, i, v), n) } + 0 <= i && i < n && n < Seq#Length(s) + ==> Seq#Drop(Seq#Update(s, i, v), n) == Seq#Drop(s, n)); + +axiom (forall h: Heap, a: ref, n0: int, n1: int :: + { Seq#Take(Seq#FromArray(h, a), n0), Seq#Take(Seq#FromArray(h, a), n1) } + n0 + 1 == n1 && 0 <= n0 && n1 <= _System.array.Length(a) + ==> Seq#Take(Seq#FromArray(h, a), n1) + == Seq#Build(Seq#Take(Seq#FromArray(h, a), n0), read(h, a, IndexField(n0): Field Box))); + +axiom (forall s: Seq T, v: T, n: int :: + { Seq#Drop(Seq#Build(s, v), n) } + 0 <= n && n <= Seq#Length(s) + ==> Seq#Drop(Seq#Build(s, v), n) == Seq#Build(Seq#Drop(s, n), v)); + +function Seq#Rank(Seq T) : int; + +axiom (forall s: Seq Box, i: int :: + { DtRank($Unbox(Seq#Index(s, i)): DatatypeType) } + 0 <= i && i < Seq#Length(s) + ==> DtRank($Unbox(Seq#Index(s, i)): DatatypeType) < Seq#Rank(s)); + +axiom (forall s: Seq T, i: int :: + { Seq#Rank(Seq#Drop(s, i)) } + 0 < i && i <= Seq#Length(s) ==> Seq#Rank(Seq#Drop(s, i)) < Seq#Rank(s)); + +axiom (forall s: Seq T, i: int :: + { Seq#Rank(Seq#Take(s, i)) } + 0 <= i && i < Seq#Length(s) ==> Seq#Rank(Seq#Take(s, i)) < Seq#Rank(s)); + +axiom (forall s: Seq T, i: int, j: int :: + { Seq#Rank(Seq#Append(Seq#Take(s, i), Seq#Drop(s, j))) } + 0 <= i && i < j && j <= Seq#Length(s) + ==> Seq#Rank(Seq#Append(Seq#Take(s, i), Seq#Drop(s, j))) < Seq#Rank(s)); + +axiom (forall s: Seq T, n: int :: + { Seq#Drop(s, n) } + n == 0 ==> Seq#Drop(s, n) == s); + +axiom (forall s: Seq T, n: int :: + { Seq#Take(s, n) } + n == 0 ==> Seq#Take(s, n) == Seq#Empty()); + +axiom (forall s: Seq T, m: int, n: int :: + { Seq#Drop(Seq#Drop(s, m), n) } + 0 <= m && 0 <= n && m + n <= Seq#Length(s) + ==> Seq#Drop(Seq#Drop(s, m), n) == Seq#Drop(s, m + n)); + +type Map _ _; + +function Map#Domain(Map U V) : [U]bool; + +function Map#Elements(Map U V) : [U]V; + +function Map#Card(Map U V) : int; + +axiom (forall m: Map U V :: { Map#Card(m) } 0 <= Map#Card(m)); + +function Map#Empty() : Map U V; + +axiom (forall u: U :: + { Map#Domain(Map#Empty(): Map U V)[u] } + !Map#Domain(Map#Empty(): Map U V)[u]); + +axiom (forall m: Map U V :: + { Map#Card(m) } + (Map#Card(m) == 0 <==> m == Map#Empty()) + && (Map#Card(m) != 0 ==> (exists x: U :: Map#Domain(m)[x]))); + +function Map#Glue([U]bool, [U]V, Ty) : Map U V; + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { Map#Domain(Map#Glue(a, b, t)) } + Map#Domain(Map#Glue(a, b, t)) == a); + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { Map#Elements(Map#Glue(a, b, t)) } + Map#Elements(Map#Glue(a, b, t)) == b); + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { $Is(Map#Glue(a, b, t), t) } + $Is(Map#Glue(a, b, t), t)); + +function Map#Build(Map U V, U, V) : Map U V; + +axiom (forall m: Map U V, u: U, u': U, v: V :: + { Map#Domain(Map#Build(m, u, v))[u'] } { Map#Elements(Map#Build(m, u, v))[u'] } + (u' == u + ==> Map#Domain(Map#Build(m, u, v))[u'] && Map#Elements(Map#Build(m, u, v))[u'] == v) + && (u' != u + ==> Map#Domain(Map#Build(m, u, v))[u'] == Map#Domain(m)[u'] + && Map#Elements(Map#Build(m, u, v))[u'] == Map#Elements(m)[u'])); + +axiom (forall m: Map U V, u: U, v: V :: + { Map#Card(Map#Build(m, u, v)) } + Map#Domain(m)[u] ==> Map#Card(Map#Build(m, u, v)) == Map#Card(m)); + +axiom (forall m: Map U V, u: U, v: V :: + { Map#Card(Map#Build(m, u, v)) } + !Map#Domain(m)[u] ==> Map#Card(Map#Build(m, u, v)) == Map#Card(m) + 1); + +function Map#Equal(Map U V, Map U V) : bool; + +axiom (forall m: Map U V, m': Map U V :: + { Map#Equal(m, m') } + Map#Equal(m, m') + <==> (forall u: U :: Map#Domain(m)[u] == Map#Domain(m')[u]) + && (forall u: U :: Map#Domain(m)[u] ==> Map#Elements(m)[u] == Map#Elements(m')[u])); + +axiom (forall m: Map U V, m': Map U V :: + { Map#Equal(m, m') } + Map#Equal(m, m') ==> m == m'); + +function Map#Disjoint(Map U V, Map U V) : bool; + +axiom (forall m: Map U V, m': Map U V :: + { Map#Disjoint(m, m') } + Map#Disjoint(m, m') + <==> (forall o: U :: + { Map#Domain(m)[o] } { Map#Domain(m')[o] } + !Map#Domain(m)[o] || !Map#Domain(m')[o])); + +type IMap _ _; + +function IMap#Domain(IMap U V) : [U]bool; + +function IMap#Elements(IMap U V) : [U]V; + +function IMap#Empty() : IMap U V; + +axiom (forall u: U :: + { IMap#Domain(IMap#Empty(): IMap U V)[u] } + !IMap#Domain(IMap#Empty(): IMap U V)[u]); + +function IMap#Glue([U]bool, [U]V, Ty) : IMap U V; + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { IMap#Domain(IMap#Glue(a, b, t)) } + IMap#Domain(IMap#Glue(a, b, t)) == a); + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { IMap#Elements(IMap#Glue(a, b, t)) } + IMap#Elements(IMap#Glue(a, b, t)) == b); + +axiom (forall a: [U]bool, b: [U]V, t: Ty :: + { $Is(IMap#Glue(a, b, t), t) } + $Is(IMap#Glue(a, b, t), t)); + +function IMap#Build(IMap U V, U, V) : IMap U V; + +axiom (forall m: IMap U V, u: U, u': U, v: V :: + { IMap#Domain(IMap#Build(m, u, v))[u'] } + { IMap#Elements(IMap#Build(m, u, v))[u'] } + (u' == u + ==> IMap#Domain(IMap#Build(m, u, v))[u'] + && IMap#Elements(IMap#Build(m, u, v))[u'] == v) + && (u' != u + ==> IMap#Domain(IMap#Build(m, u, v))[u'] == IMap#Domain(m)[u'] + && IMap#Elements(IMap#Build(m, u, v))[u'] == IMap#Elements(m)[u'])); + +function IMap#Equal(IMap U V, IMap U V) : bool; + +axiom (forall m: IMap U V, m': IMap U V :: + { IMap#Equal(m, m') } + IMap#Equal(m, m') + <==> (forall u: U :: IMap#Domain(m)[u] == IMap#Domain(m')[u]) + && (forall u: U :: + IMap#Domain(m)[u] ==> IMap#Elements(m)[u] == IMap#Elements(m')[u])); + +axiom (forall m: IMap U V, m': IMap U V :: + { IMap#Equal(m, m') } + IMap#Equal(m, m') ==> m == m'); + +function INTERNAL_add_boogie(x: int, y: int) : int; + +axiom (forall x: int, y: int :: + { INTERNAL_add_boogie(x, y): int } + INTERNAL_add_boogie(x, y): int == x + y); + +function INTERNAL_sub_boogie(x: int, y: int) : int; + +axiom (forall x: int, y: int :: + { INTERNAL_sub_boogie(x, y): int } + INTERNAL_sub_boogie(x, y): int == x - y); + +function INTERNAL_mul_boogie(x: int, y: int) : int; + +axiom (forall x: int, y: int :: + { INTERNAL_mul_boogie(x, y): int } + INTERNAL_mul_boogie(x, y): int == x * y); + +function INTERNAL_div_boogie(x: int, y: int) : int; + +axiom (forall x: int, y: int :: + { INTERNAL_div_boogie(x, y): int } + INTERNAL_div_boogie(x, y): int == x div y); + +function INTERNAL_mod_boogie(x: int, y: int) : int; + +axiom (forall x: int, y: int :: + { INTERNAL_mod_boogie(x, y): int } + INTERNAL_mod_boogie(x, y): int == x mod y); + +function {:never_pattern true} INTERNAL_lt_boogie(x: int, y: int) : bool; + +axiom (forall x: int, y: int :: + {:never_pattern true} { INTERNAL_lt_boogie(x, y): bool } + INTERNAL_lt_boogie(x, y): bool == (x < y)); + +function {:never_pattern true} INTERNAL_le_boogie(x: int, y: int) : bool; + +axiom (forall x: int, y: int :: + {:never_pattern true} { INTERNAL_le_boogie(x, y): bool } + INTERNAL_le_boogie(x, y): bool == (x <= y)); + +function {:never_pattern true} INTERNAL_gt_boogie(x: int, y: int) : bool; + +axiom (forall x: int, y: int :: + {:never_pattern true} { INTERNAL_gt_boogie(x, y): bool } + INTERNAL_gt_boogie(x, y): bool == (x > y)); + +function {:never_pattern true} INTERNAL_ge_boogie(x: int, y: int) : bool; + +axiom (forall x: int, y: int :: + {:never_pattern true} { INTERNAL_ge_boogie(x, y): bool } + INTERNAL_ge_boogie(x, y): bool == (x >= y)); + +const unique class._System.object: ClassName; + +// Tclass._System.object Tag +axiom Tag(Tclass._System.object()) == Tagclass._System.object; + +const unique Tagclass._System.object: TyTag; + +// Box/unbox axiom for Tclass._System.object +axiom (forall bx: Box :: + { $IsBox(bx, Tclass._System.object()) } + $IsBox(bx, Tclass._System.object()) + ==> $Box($Unbox(bx): ref) == bx && $Is($Unbox(bx): ref, Tclass._System.object())); + +// object: Class $Is +axiom (forall $o: ref :: + { $Is($o, Tclass._System.object()) } + $Is($o, Tclass._System.object())); + +// object: Class $IsAlloc +axiom (forall $o: ref, $h: Heap :: + { $IsAlloc($o, Tclass._System.object(), $h) } + $IsAlloc($o, Tclass._System.object(), $h) <==> $o == null || read($h, $o, alloc)); + +const unique class._System.array: ClassName; + +function Tclass._System.array(Ty) : Ty; + +// Tclass._System.array Tag +axiom (forall #$arg: Ty :: + { Tclass._System.array(#$arg) } + Tag(Tclass._System.array(#$arg)) == Tagclass._System.array); + +const unique Tagclass._System.array: TyTag; + +// Tclass._System.array injectivity 0 +axiom (forall #$arg: Ty :: + { Tclass._System.array(#$arg) } + Tclass._System.array_0(Tclass._System.array(#$arg)) == #$arg); + +function Tclass._System.array_0(Ty) : Ty; + +// Box/unbox axiom for Tclass._System.array +axiom (forall #$arg: Ty, bx: Box :: + { $IsBox(bx, Tclass._System.array(#$arg)) } + $IsBox(bx, Tclass._System.array(#$arg)) + ==> $Box($Unbox(bx): ref) == bx && $Is($Unbox(bx): ref, Tclass._System.array(#$arg))); + +// array.: Allocation axiom +axiom (forall #$arg: Ty, $i0: int, $h: Heap, $o: ref :: + { read($h, $o, IndexField($i0)), Tclass._System.array(#$arg) } + $IsGoodHeap($h) + && $o != null + && dtype($o) == Tclass._System.array(#$arg) + && + 0 <= $i0 + && $i0 < _System.array.Length($o) + ==> $IsBox(read($h, $o, IndexField($i0)), #$arg) + && (read($h, $o, alloc) ==> $IsAllocBox(read($h, $o, IndexField($i0)), #$arg, $h))); + +// array: Class $Is +axiom (forall #$arg: Ty, $o: ref :: + { $Is($o, Tclass._System.array(#$arg)) } + $Is($o, Tclass._System.array(#$arg)) + <==> $o == null || dtype($o) == Tclass._System.array(#$arg)); + +// array: Class $IsAlloc +axiom (forall #$arg: Ty, $o: ref, $h: Heap :: + { $IsAlloc($o, Tclass._System.array(#$arg), $h) } + $IsAlloc($o, Tclass._System.array(#$arg), $h) + <==> $o == null || read($h, $o, alloc)); + +// array.Length: Allocation axiom +axiom (forall #$arg: Ty, $h: Heap, $o: ref :: + $IsGoodHeap($h) && $o != null && dtype($o) == Tclass._System.array(#$arg) + ==> $Is(_System.array.Length($o), TInt) + && (read($h, $o, alloc) ==> $IsAlloc(_System.array.Length($o), TInt, $h))); + +function Tclass._System.___hFunc0(Ty) : Ty; + +// Tclass._System.___hFunc0 Tag +axiom (forall #$T0: Ty :: + { Tclass._System.___hFunc0(#$T0) } + Tag(Tclass._System.___hFunc0(#$T0)) == Tagclass._System.___hFunc0); + +const unique Tagclass._System.___hFunc0: TyTag; + +// Tclass._System.___hFunc0 injectivity 0 +axiom (forall #$T0: Ty :: + { Tclass._System.___hFunc0(#$T0) } + Tclass._System.___hFunc0_0(Tclass._System.___hFunc0(#$T0)) == #$T0); + +function Tclass._System.___hFunc0_0(Ty) : Ty; + +// Box/unbox axiom for Tclass._System.___hFunc0 +axiom (forall #$T0: Ty, bx: Box :: + { $IsBox(bx, Tclass._System.___hFunc0(#$T0)) } + $IsBox(bx, Tclass._System.___hFunc0(#$T0)) + ==> $Box($Unbox(bx): HandleType) == bx + && $Is($Unbox(bx): HandleType, Tclass._System.___hFunc0(#$T0))); + +function Handle0([Heap]Box, [Heap]bool, [Heap]Set Box) : HandleType; + +function Apply0(Ty, HandleType, Heap) : Box; + +function Requires0(Ty, HandleType, Heap) : bool; + +function Reads0(Ty, HandleType, Heap) : Set Box; + +axiom (forall t0: Ty, heap: Heap, h: [Heap]Box, r: [Heap]bool, rd: [Heap]Set Box :: + { Apply0(t0, Handle0(h, r, rd), heap) } + Apply0(t0, Handle0(h, r, rd), heap) == h[heap]); + +axiom (forall t0: Ty, heap: Heap, h: [Heap]Box, r: [Heap]bool, rd: [Heap]Set Box :: + { Requires0(t0, Handle0(h, r, rd), heap) } + r[heap] ==> Requires0(t0, Handle0(h, r, rd), heap)); + +axiom (forall t0: Ty, heap: Heap, h: [Heap]Box, r: [Heap]bool, rd: [Heap]Set Box, bx: Box :: + { Reads0(t0, Handle0(h, r, rd), heap)[bx] } + Reads0(t0, Handle0(h, r, rd), heap)[bx] == rd[heap][bx]); + +function {:inline true} _System.___hFunc0.requires(t0: Ty, heap: Heap, f: HandleType) : bool +{ + Requires0(t0, f, heap) +} + +function {:inline true} _System.___hFunc0.requires#canCall(t0: Ty, heap: Heap, f: HandleType) : bool +{ + true +} + +function {:inline true} _System.___hFunc0.reads(t0: Ty, heap: Heap, f: HandleType) : Set Box +{ + Reads0(t0, f, heap) +} + +function {:inline true} _System.___hFunc0.reads#canCall(t0: Ty, heap: Heap, f: HandleType) : bool +{ + true +} + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Reads0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h0)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Reads0(t0, f, h0) == Reads0(t0, f, h1)); + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Reads0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h1)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Reads0(t0, f, h0) == Reads0(t0, f, h1)); + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Requires0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h0)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Requires0(t0, f, h0) == Requires0(t0, f, h1)); + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Requires0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h1)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Requires0(t0, f, h0) == Requires0(t0, f, h1)); + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Apply0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h0)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Apply0(t0, f, h0) == Apply0(t0, f, h1)); + +axiom (forall t0: Ty, h0: Heap, h1: Heap, f: HandleType :: + { $HeapSucc(h0, h1), Apply0(t0, f, h1) } + $HeapSucc(h0, h1) + && + $IsGoodHeap(h0) + && $IsGoodHeap(h1) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h0) + && (forall o: ref, fld: Field a :: + o != null + && read(h0, o, alloc) + && read(h1, o, alloc) + && Reads0(t0, f, h1)[$Box(o)] + ==> read(h0, o, fld) == read(h1, o, fld)) + ==> Apply0(t0, f, h0) == Apply0(t0, f, h1)); + +axiom (forall t0: Ty, h: Heap, f: HandleType :: + { Apply0(t0, f, h) } + $IsGoodHeap(h) + && + $Is(f, Tclass._System.___hFunc0(t0)) + && $IsAlloc(f, Tclass._System.___hFunc0(t0), h) + ==> $IsBox(Apply0(t0, f, h), t0) && $IsAllocBox(Apply0(t0, f, h), t0, h)); + +const unique class._module.__default: ClassName; + +function Tclass._module.__default() : Ty; + +// Tclass._module.__default Tag +axiom Tag(Tclass._module.__default()) == Tagclass._module.__default; + +const unique Tagclass._module.__default: TyTag; + +// Box/unbox axiom for Tclass._module.__default +axiom (forall bx: Box :: + { $IsBox(bx, Tclass._module.__default()) } + $IsBox(bx, Tclass._module.__default()) + ==> $Box($Unbox(bx): ref) == bx && $Is($Unbox(bx): ref, Tclass._module.__default())); + +// _default: Class $Is +axiom (forall $o: ref :: + { $Is($o, Tclass._module.__default()) } + $Is($o, Tclass._module.__default()) + <==> $o == null || dtype($o) == Tclass._module.__default()); + +// _default: Class $IsAlloc +axiom (forall $o: ref, $h: Heap :: + { $IsAlloc($o, Tclass._module.__default(), $h) } + $IsAlloc($o, Tclass._module.__default(), $h) + <==> $o == null || read($h, $o, alloc)); + +procedure CheckWellformed$$_module.__default.test(); + free requires 0 == $ModuleContextHeight && 0 == $FunctionContextHeight; + modifies $Heap, $Tick; + + + +implementation CheckWellformed$$_module.__default.test() +{ + var $_Frame: [ref,Field beta]bool; + + // AddMethodImpl: test, CheckWellformed$$_module.__default.test + $_Frame := (lambda $o: ref, $f: Field alpha :: + $o != null && read($Heap, $o, alloc) ==> false); + assume {:captureState "Bug136.dfy(4,7): initial state"} true; + havoc $Heap; + assume (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + assume $HeapSucc(old($Heap), $Heap); +} + + + +procedure InterModuleCall$$_module.__default.test(); + modifies $Heap, $Tick; + // frame condition + free ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + // boilerplate + free ensures $HeapSucc(old($Heap), $Heap); + + + +procedure IntraModuleCall$$_module.__default.test(); + modifies $Heap, $Tick; + // frame condition + free ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + // boilerplate + free ensures $HeapSucc(old($Heap), $Heap); + + + +procedure Impl$$_module.__default.test() returns ($_reverifyPost: bool); + free requires 0 == $ModuleContextHeight && 0 == $FunctionContextHeight; + modifies $Heap, $Tick; + // frame condition + free ensures (forall $o: ref, $f: Field alpha :: + { read($Heap, $o, $f) } + $o != null && read(old($Heap), $o, alloc) + ==> read($Heap, $o, $f) == read(old($Heap), $o, $f)); + // boilerplate + free ensures $HeapSucc(old($Heap), $Heap); + + + +implementation Impl$$_module.__default.test() returns ($_reverifyPost: bool) +{ + var $_Frame: [ref,Field beta]bool; + + // AddMethodImpl: test, Impl$$_module.__default.test + $_Frame := (lambda $o: ref, $f: Field alpha :: + $o != null && read($Heap, $o, alloc) ==> false); + assume {:captureState "Bug136.dfy(5,1): initial state"} true; + $_reverifyPost := false; + // ----- assume statement ----- Bug136.dfy(6,5) + assume true; + assume false; + // ----- assert statement ----- Bug136.dfy(7,5) + assume true; + assert true; +} + + + +Dafny program verifier finished with 2 verified, 0 errors -- cgit v1.2.3