Showing preview only (9,748K chars total). Download the full file or copy to clipboard to get everything.
Repository: microsoft/Armada
Branch: main
Commit: da7497dcf506
Files: 921
Total size: 9.1 MB
Directory structure:
gitextract_4_a407x8/
├── .gitattributes
├── .gitignore
├── Armada/
│ ├── .gitignore
│ ├── ArmadaCommonDefinitions.dfy
│ ├── spec/
│ │ └── refinement.s.dfy
│ ├── strategies/
│ │ ├── chl/
│ │ │ ├── AtomicConcurrentHoareLogic.i.dfy
│ │ │ ├── AtomicConcurrentHoareLogicLemmas.i.dfy
│ │ │ ├── AtomicConcurrentHoareLogicSpec.i.dfy
│ │ │ ├── ConcurrentHoareLogic.i.dfy
│ │ │ ├── ConcurrentHoareLogicLemmas.i.dfy
│ │ │ └── ConcurrentHoareLogicSpec.i.dfy
│ │ ├── combining/
│ │ │ ├── ArmadaCombining.i.dfy
│ │ │ ├── ArmadaCombiningLemmas.i.dfy
│ │ │ └── ArmadaCombiningSpec.i.dfy
│ │ ├── generic/
│ │ │ ├── GenericArmadaAtomic.i.dfy
│ │ │ ├── GenericArmadaLemmas.i.dfy
│ │ │ ├── GenericArmadaPlus.i.dfy
│ │ │ ├── GenericArmadaSpec.i.dfy
│ │ │ ├── LiftAtomicToAtomic.i.dfy
│ │ │ ├── LiftFromAtomic.i.dfy
│ │ │ └── LiftToAtomic.i.dfy
│ │ ├── invariants.i.dfy
│ │ ├── reduction/
│ │ │ ├── AtomicReduction.i.dfy
│ │ │ ├── AtomicReductionLemmas.i.dfy
│ │ │ ├── AtomicReductionSpec.i.dfy
│ │ │ ├── CohenLamportReduction.i.dfy
│ │ │ ├── CohenLamportReductionLemmas.i.dfy
│ │ │ ├── CohenLamportReductionSpec.i.dfy
│ │ │ ├── RefinementViaReduction.i.dfy
│ │ │ ├── RefinementViaReductionLemmas.i.dfy
│ │ │ └── RefinementViaReductionSpec.i.dfy
│ │ ├── refinement/
│ │ │ ├── AnnotatedBehavior.i.dfy
│ │ │ ├── GeneralRefinementLemmas.i.dfy
│ │ │ └── RefinementConvolution.i.dfy
│ │ ├── starweakening/
│ │ │ ├── StarWeakening.i.dfy
│ │ │ └── StarWeakeningSpec.i.dfy
│ │ ├── tsoelimination/
│ │ │ ├── TSOElimination.i.dfy
│ │ │ ├── TSOEliminationLemmas.i.dfy
│ │ │ └── TSOEliminationSpec.i.dfy
│ │ ├── varhiding/
│ │ │ ├── VarHiding.i.dfy
│ │ │ └── VarHidingSpec.i.dfy
│ │ ├── varintro/
│ │ │ ├── VarIntro.i.dfy
│ │ │ └── VarIntroSpec.i.dfy
│ │ └── weakening/
│ │ ├── Weakening.i.dfy
│ │ └── WeakeningSpec.i.dfy
│ └── util/
│ ├── collections/
│ │ ├── MapSum.i.dfy
│ │ ├── SeqSum.i.dfy
│ │ ├── maps.i.dfy
│ │ ├── maps.s.dfy
│ │ ├── seqs.i.dfy
│ │ ├── seqs.s.dfy
│ │ └── sets.i.dfy
│ ├── functions.i.dfy
│ ├── math/
│ │ ├── .gitignore
│ │ ├── div.i.dfy
│ │ ├── div_auto.i.dfy
│ │ ├── div_auto_proofs.i.dfy
│ │ ├── div_boogie.i.dfy
│ │ ├── div_def.i.dfy
│ │ ├── div_nonlinear.i.dfy
│ │ ├── mod_auto.i.dfy
│ │ ├── mod_auto_proofs.i.dfy
│ │ ├── mul.i.dfy
│ │ ├── mul_auto.i.dfy
│ │ ├── mul_auto_proofs.i.dfy
│ │ ├── mul_nonlinear.i.dfy
│ │ ├── power.i.dfy
│ │ └── powers.i.dfy
│ ├── option.s.dfy
│ └── types.s.dfy
├── BUILD.md
├── CODE_OF_CONDUCT.md
├── LICENSE
├── NOTICE.txt
├── README.md
├── SConstruct1
├── SConstruct2
├── SECURITY.md
├── Source/
│ ├── Armada/
│ │ ├── AbstractProofGenerator.cs
│ │ ├── Armada.atg
│ │ ├── ArmadaAst.cs
│ │ ├── ArmadaExpr.cs
│ │ ├── ArmadaHelper.cs
│ │ ├── ArmadaMain.cs
│ │ ├── ArmadaOptions.cs
│ │ ├── ArmadaParser.cs
│ │ ├── ArmadaPipeline.csproj
│ │ ├── ArmadaRValue.cs
│ │ ├── ArmadaStructs.cs
│ │ ├── AssumeIntro.cs
│ │ ├── AtomicSpec.cs
│ │ ├── BigIntegerParser.cs
│ │ ├── Cloner.cs
│ │ ├── Combining.cs
│ │ ├── Compiler-clight.cs
│ │ ├── Compiler.cs
│ │ ├── ConstraintCollector.cs
│ │ ├── DeclCollector.cs
│ │ ├── ExpressionBuilder.cs
│ │ ├── GlobalVarHiding.cs
│ │ ├── GlobalVarIntro.cs
│ │ ├── NextRoutine.cs
│ │ ├── PathPrinter.cs
│ │ ├── PredicateBuilder.cs
│ │ ├── Printer.cs
│ │ ├── Prioritization.cs
│ │ ├── ProofFiles.cs
│ │ ├── ProofGenerationParams.cs
│ │ ├── ProofGenerator.cs
│ │ ├── Reduction.cs
│ │ ├── RefinementTransformer.cs
│ │ ├── Reporting.cs
│ │ ├── ResolutionContext.cs
│ │ ├── Resolver.cs
│ │ ├── Rewriter.cs
│ │ ├── SccGraph.cs
│ │ ├── StackVarHiding.cs
│ │ ├── StackVarIntro.cs
│ │ ├── StarWeakening.cs
│ │ ├── StateMachineTranslator.cs
│ │ ├── StepPrinter.cs
│ │ ├── StraightlineBehavior.cs
│ │ ├── SymbolTable.cs
│ │ ├── TSOElimination.cs
│ │ ├── Translator.cs
│ │ ├── Triggers/
│ │ │ ├── QuantifierSplitter.cs
│ │ │ ├── QuantifiersCollection.cs
│ │ │ ├── QuantifiersCollector.cs
│ │ │ ├── TriggerExtensions.cs
│ │ │ ├── TriggerUtils.cs
│ │ │ └── TriggersCollector.cs
│ │ ├── Util.cs
│ │ ├── VarHiding.cs
│ │ ├── VarIntro.cs
│ │ └── Weakening.cs
│ ├── Armada.sln
│ ├── ArmadaDriver/
│ │ ├── ArmadaDriver.cs
│ │ └── ArmadaDriver.csproj
│ ├── Directory.Build.props
│ └── dotnet-tools.json
├── Test/
│ ├── armada-parser/
│ │ ├── .gitignore
│ │ ├── OGcounter.arm
│ │ ├── scheduler_atomic.arm
│ │ ├── scheduler_impl.arm
│ │ ├── scheduler_simplify.arm
│ │ ├── scheduler_spec.arm
│ │ ├── test-var-hiding-fail.arm
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ ├── test4.arm
│ │ ├── test5.arm
│ │ ├── test6.arm
│ │ └── test7.arm
│ ├── assume-intro/
│ │ ├── .gitignore
│ │ ├── ABHelpers.dfy
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ └── test3.arm
│ ├── barrier/
│ │ ├── .gitignore
│ │ ├── barrier.arm
│ │ └── extra.dfy
│ ├── bitvector/
│ │ ├── .gitignore
│ │ ├── bv.dfy
│ │ └── test.arm
│ ├── clight/
│ │ ├── .gitignore
│ │ ├── Makefile
│ │ ├── barrier.arm
│ │ ├── bench/
│ │ │ ├── bench_armada.c
│ │ │ ├── bench_armada_gcc.c
│ │ │ ├── bench_lfds.c
│ │ │ └── bench_sound_queue.c
│ │ ├── extern.h
│ │ ├── failed/
│ │ │ ├── failed_0.c
│ │ │ └── failed_1.c
│ │ ├── lock.arm
│ │ ├── queue.arm
│ │ ├── sqrt.arm
│ │ └── upload.sh
│ ├── combining/
│ │ ├── .gitignore
│ │ └── test.arm
│ ├── counter/
│ │ ├── .gitignore
│ │ ├── A.arm
│ │ ├── AB.arm
│ │ ├── B.arm
│ │ ├── BC.arm
│ │ ├── C.arm
│ │ ├── CD.arm
│ │ ├── D.arm
│ │ ├── DE.arm
│ │ ├── E.arm
│ │ ├── EF.arm
│ │ ├── F.arm
│ │ ├── FG.arm
│ │ ├── G.arm
│ │ ├── GI.arm
│ │ ├── I.arm
│ │ ├── IJ.arm
│ │ ├── J.arm
│ │ ├── SharedStructs.arm
│ │ ├── Z.arm
│ │ └── extra.dfy
│ ├── estimate-sqrt/
│ │ ├── .gitignore
│ │ └── sqrt.arm
│ ├── mcslock/
│ │ ├── .gitignore
│ │ ├── lock-array.arm
│ │ └── lock.c
│ ├── qbss/
│ │ ├── .gitignore
│ │ ├── assumeintroproof_invariant.dfy
│ │ ├── auxiliary_helper.dfy
│ │ ├── bv.dfy
│ │ ├── queue.arm
│ │ ├── queue_abstractloginvariant.dfy
│ │ ├── queue_tsobypassing_abstractloginvariant.dfy
│ │ └── tau_invariant_helper.dfy
│ ├── qbss_benchmark/
│ │ ├── .gitignore
│ │ ├── Makefile
│ │ ├── benchmark.c
│ │ ├── benchmark_lfds.c
│ │ ├── liblfds711/
│ │ │ ├── build/
│ │ │ │ ├── gcc_gnumake/
│ │ │ │ │ └── Makefile
│ │ │ │ ├── gcc_gnumake_kbuild/
│ │ │ │ │ ├── Kbuild
│ │ │ │ │ └── Makefile
│ │ │ │ ├── msvc_gnumake/
│ │ │ │ │ ├── liblfds711.def
│ │ │ │ │ └── makefile
│ │ │ │ └── wdk_7.1/
│ │ │ │ ├── dirs
│ │ │ │ ├── driver_entry_renamed_to_avoid_compiler_warning.c
│ │ │ │ ├── liblfds711.def
│ │ │ │ ├── readme_before_win_kernel_build.txt
│ │ │ │ ├── runme_before_win_kernel_dynamic_lib_build.bat
│ │ │ │ ├── runme_before_win_kernel_static_lib_build.bat
│ │ │ │ ├── sources.dynamic
│ │ │ │ └── sources.static
│ │ │ ├── inc/
│ │ │ │ ├── liblfds711/
│ │ │ │ │ ├── lfds711_btree_addonly_unbalanced.h
│ │ │ │ │ ├── lfds711_freelist.h
│ │ │ │ │ ├── lfds711_hash_addonly.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered.h
│ │ │ │ │ ├── lfds711_misc.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_compiler.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_operating_system.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_processor.h
│ │ │ │ │ ├── lfds711_prng.h
│ │ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer.h
│ │ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_ringbuffer.h
│ │ │ │ │ └── lfds711_stack.h
│ │ │ │ └── liblfds711.h
│ │ │ ├── obj/
│ │ │ │ └── .gitkeep
│ │ │ └── src/
│ │ │ ├── lfds711_btree_addonly_unbalanced/
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_cleanup.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_get.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_init.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_insert.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_internal.h
│ │ │ │ └── lfds711_btree_addonly_unbalanced_query.c
│ │ │ ├── lfds711_freelist/
│ │ │ │ ├── lfds711_freelist_cleanup.c
│ │ │ │ ├── lfds711_freelist_init.c
│ │ │ │ ├── lfds711_freelist_internal.h
│ │ │ │ ├── lfds711_freelist_pop.c
│ │ │ │ ├── lfds711_freelist_push.c
│ │ │ │ └── lfds711_freelist_query.c
│ │ │ ├── lfds711_hash_addonly/
│ │ │ │ ├── lfds711_hash_addonly_cleanup.c
│ │ │ │ ├── lfds711_hash_addonly_get.c
│ │ │ │ ├── lfds711_hash_addonly_init.c
│ │ │ │ ├── lfds711_hash_addonly_insert.c
│ │ │ │ ├── lfds711_hash_addonly_internal.h
│ │ │ │ ├── lfds711_hash_addonly_iterate.c
│ │ │ │ └── lfds711_hash_addonly_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_ordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_ordered_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_unordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_unordered_query.c
│ │ │ ├── lfds711_misc/
│ │ │ │ ├── lfds711_misc_globals.c
│ │ │ │ ├── lfds711_misc_internal.h
│ │ │ │ ├── lfds711_misc_internal_backoff_init.c
│ │ │ │ └── lfds711_misc_query.c
│ │ │ ├── lfds711_prng/
│ │ │ │ ├── lfds711_prng_init.c
│ │ │ │ └── lfds711_prng_internal.h
│ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_bounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer/
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.ll
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_internal.h
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_query.c
│ │ │ │ └── test.ll
│ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_unbounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_ringbuffer/
│ │ │ │ ├── lfds711_ringbuffer_cleanup.c
│ │ │ │ ├── lfds711_ringbuffer_init.c
│ │ │ │ ├── lfds711_ringbuffer_internal.h
│ │ │ │ ├── lfds711_ringbuffer_query.c
│ │ │ │ ├── lfds711_ringbuffer_read.c
│ │ │ │ └── lfds711_ringbuffer_write.c
│ │ │ ├── lfds711_stack/
│ │ │ │ ├── lfds711_stack_cleanup.c
│ │ │ │ ├── lfds711_stack_init.c
│ │ │ │ ├── lfds711_stack_internal.h
│ │ │ │ ├── lfds711_stack_pop.c
│ │ │ │ ├── lfds711_stack_push.c
│ │ │ │ └── lfds711_stack_query.c
│ │ │ └── liblfds711_internal.h
│ │ ├── liblfds711_modulo/
│ │ │ ├── build/
│ │ │ │ ├── gcc_gnumake/
│ │ │ │ │ └── Makefile
│ │ │ │ ├── gcc_gnumake_kbuild/
│ │ │ │ │ ├── Kbuild
│ │ │ │ │ └── Makefile
│ │ │ │ ├── msvc_gnumake/
│ │ │ │ │ ├── liblfds711.def
│ │ │ │ │ └── makefile
│ │ │ │ └── wdk_7.1/
│ │ │ │ ├── dirs
│ │ │ │ ├── driver_entry_renamed_to_avoid_compiler_warning.c
│ │ │ │ ├── liblfds711.def
│ │ │ │ ├── readme_before_win_kernel_build.txt
│ │ │ │ ├── runme_before_win_kernel_dynamic_lib_build.bat
│ │ │ │ ├── runme_before_win_kernel_static_lib_build.bat
│ │ │ │ ├── sources.dynamic
│ │ │ │ └── sources.static
│ │ │ ├── inc/
│ │ │ │ ├── liblfds711/
│ │ │ │ │ ├── lfds711_btree_addonly_unbalanced.h
│ │ │ │ │ ├── lfds711_freelist.h
│ │ │ │ │ ├── lfds711_hash_addonly.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered.h
│ │ │ │ │ ├── lfds711_misc.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_compiler.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_operating_system.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_processor.h
│ │ │ │ │ ├── lfds711_prng.h
│ │ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer.h
│ │ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_ringbuffer.h
│ │ │ │ │ └── lfds711_stack.h
│ │ │ │ └── liblfds711.h
│ │ │ ├── obj/
│ │ │ │ └── .gitkeep
│ │ │ └── src/
│ │ │ ├── lfds711_btree_addonly_unbalanced/
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_cleanup.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_get.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_init.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_insert.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_internal.h
│ │ │ │ └── lfds711_btree_addonly_unbalanced_query.c
│ │ │ ├── lfds711_freelist/
│ │ │ │ ├── lfds711_freelist_cleanup.c
│ │ │ │ ├── lfds711_freelist_init.c
│ │ │ │ ├── lfds711_freelist_internal.h
│ │ │ │ ├── lfds711_freelist_pop.c
│ │ │ │ ├── lfds711_freelist_push.c
│ │ │ │ └── lfds711_freelist_query.c
│ │ │ ├── lfds711_hash_addonly/
│ │ │ │ ├── lfds711_hash_addonly_cleanup.c
│ │ │ │ ├── lfds711_hash_addonly_get.c
│ │ │ │ ├── lfds711_hash_addonly_init.c
│ │ │ │ ├── lfds711_hash_addonly_insert.c
│ │ │ │ ├── lfds711_hash_addonly_internal.h
│ │ │ │ ├── lfds711_hash_addonly_iterate.c
│ │ │ │ └── lfds711_hash_addonly_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_ordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_ordered_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_unordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_unordered_query.c
│ │ │ ├── lfds711_misc/
│ │ │ │ ├── lfds711_misc_globals.c
│ │ │ │ ├── lfds711_misc_internal.h
│ │ │ │ ├── lfds711_misc_internal_backoff_init.c
│ │ │ │ └── lfds711_misc_query.c
│ │ │ ├── lfds711_prng/
│ │ │ │ ├── lfds711_prng_init.c
│ │ │ │ └── lfds711_prng_internal.h
│ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_bounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer/
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.ll
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_internal.h
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_query.c
│ │ │ │ └── test.ll
│ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_unbounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_ringbuffer/
│ │ │ │ ├── lfds711_ringbuffer_cleanup.c
│ │ │ │ ├── lfds711_ringbuffer_init.c
│ │ │ │ ├── lfds711_ringbuffer_internal.h
│ │ │ │ ├── lfds711_ringbuffer_query.c
│ │ │ │ ├── lfds711_ringbuffer_read.c
│ │ │ │ └── lfds711_ringbuffer_write.c
│ │ │ ├── lfds711_stack/
│ │ │ │ ├── lfds711_stack_cleanup.c
│ │ │ │ ├── lfds711_stack_init.c
│ │ │ │ ├── lfds711_stack_internal.h
│ │ │ │ ├── lfds711_stack_pop.c
│ │ │ │ ├── lfds711_stack_push.c
│ │ │ │ └── lfds711_stack_query.c
│ │ │ └── liblfds711_internal.h
│ │ ├── queue.arm
│ │ ├── queue.patch
│ │ └── run_benchmarks.py
│ ├── reduction/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ └── test2.arm
│ ├── regions/
│ │ ├── .gitignore
│ │ ├── pointers.arm
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── starweakening/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── tsoelim/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── varhiding/
│ │ ├── .gitignore
│ │ ├── VarHidingManualProof.i.dfy
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ ├── test4.arm
│ │ └── test5.arm
│ ├── varintro/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ └── weakening/
│ ├── .gitignore
│ ├── ArithmeticFacts.dfy
│ ├── TestWeakeningProof.dfy
│ ├── test.arm
│ ├── test2.arm
│ └── test3.arm
├── experimental/
│ ├── .gitignore
│ ├── EditorPlugins/
│ │ └── mle-vscode/
│ │ ├── .eslintrc.json
│ │ ├── .gitignore
│ │ ├── .vscodeignore
│ │ ├── changelog.md
│ │ ├── notes.md
│ │ ├── package.json
│ │ ├── readme.md
│ │ ├── src/
│ │ │ ├── extension.ts
│ │ │ ├── refactor-view.ts
│ │ │ ├── test/
│ │ │ │ ├── runTest.ts
│ │ │ │ └── suite/
│ │ │ │ ├── extension.test.ts
│ │ │ │ └── index.ts
│ │ │ └── utils.ts
│ │ ├── tsconfig.json
│ │ ├── view/
│ │ │ ├── main.css
│ │ │ ├── main.js
│ │ │ ├── reset.css
│ │ │ └── vscode.css
│ │ └── vsc-extension-quickstart.md
│ ├── README.md
│ ├── SConstruct
│ ├── Source/
│ │ ├── .gitignore
│ │ ├── Armada/
│ │ │ ├── .gitignore
│ │ │ ├── AST/
│ │ │ │ ├── Base.cs
│ │ │ │ ├── Expr.cs
│ │ │ │ ├── Printer.cs
│ │ │ │ ├── ProofStrategy.cs
│ │ │ │ ├── Scope.cs
│ │ │ │ ├── Statement.cs
│ │ │ │ └── Type.cs
│ │ │ ├── Armada.csproj
│ │ │ ├── Atomic/
│ │ │ │ ├── AtomicPrinter.cs
│ │ │ │ └── AtomicSpec.cs
│ │ │ ├── IncludeProcessor.cs
│ │ │ ├── Program.cs
│ │ │ ├── Proof/
│ │ │ │ ├── InvariantPrinter.cs
│ │ │ │ ├── Myers.cs
│ │ │ │ ├── ProofPrinter.cs
│ │ │ │ ├── ProofSpec.cs
│ │ │ │ ├── VarHidingPrinter.cs
│ │ │ │ ├── VarIntroPrinter.cs
│ │ │ │ ├── WeakeningPrinter.cs
│ │ │ │ └── WeakeningSpec.cs
│ │ │ ├── Reporting.cs
│ │ │ ├── Resolver.cs
│ │ │ ├── Starmada.atg
│ │ │ ├── Util.cs
│ │ │ └── dotnet-tools.json
│ │ ├── Armada.sln
│ │ └── Editor/
│ │ ├── BasicEquality.cs
│ │ ├── Driver.cs
│ │ ├── Editor.cs
│ │ ├── Editor.csproj
│ │ ├── IO.cs
│ │ ├── Mapper.cs
│ │ ├── Paper.md
│ │ ├── Position.cs
│ │ ├── Readme.md
│ │ ├── RefactorBuffer.cs
│ │ ├── StatementEquality.cs
│ │ ├── StatementSeq.cs
│ │ ├── Summary.cs
│ │ └── Utils.cs
│ ├── Tests/
│ │ ├── .gitignore
│ │ ├── editor/
│ │ │ ├── .gitignore
│ │ │ ├── basic/
│ │ │ │ ├── ab/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── AB.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── AB.arm
│ │ │ │ ├── atomic/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── if/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── ifcond/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ └── while/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ └── t.arm
│ │ │ └── range/
│ │ │ ├── AST/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ ├── ASTC/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ ├── ASTS/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ └── counter/
│ │ │ ├── arg
│ │ │ ├── in
│ │ │ └── proj/
│ │ │ ├── A.arm
│ │ │ ├── AB.arm
│ │ │ ├── B.arm
│ │ │ ├── BC.arm
│ │ │ ├── C.arm
│ │ │ ├── CD.arm
│ │ │ ├── D.arm
│ │ │ ├── DE.arm
│ │ │ ├── E.arm
│ │ │ ├── EF.arm
│ │ │ ├── F.arm
│ │ │ ├── FG.arm
│ │ │ ├── G.arm
│ │ │ ├── GI.arm
│ │ │ ├── I.arm
│ │ │ ├── IJ.arm
│ │ │ ├── J.arm
│ │ │ ├── SharedStructs.arm
│ │ │ ├── Z.arm
│ │ │ └── extra.dfy
│ │ ├── fail/
│ │ │ ├── arr.arm
│ │ │ └── fail.arm
│ │ ├── legacy-armada/
│ │ │ ├── .gitignore
│ │ │ └── MyConcreteAProg.arm
│ │ ├── libcuckoo/
│ │ │ ├── Makefile
│ │ │ ├── armada.sh
│ │ │ ├── carmada.cpp
│ │ │ ├── cpp/
│ │ │ │ ├── cuckoohash_config.hh
│ │ │ │ ├── cuckoohash_map.hh
│ │ │ │ ├── cuckoohash_util.hh
│ │ │ │ └── libcuckoo_bucket_container.hh
│ │ │ ├── cuckoo.arm
│ │ │ └── cuckoo2.arm
│ │ ├── parser/
│ │ │ ├── AST/
│ │ │ │ ├── A.arm
│ │ │ │ ├── A.arm.expect
│ │ │ │ ├── AB.arm
│ │ │ │ ├── AB.arm.expect
│ │ │ │ ├── B.arm
│ │ │ │ ├── B.arm.expect
│ │ │ │ ├── BC.arm
│ │ │ │ ├── BC.arm.expect
│ │ │ │ ├── C.arm
│ │ │ │ ├── C.arm.expect
│ │ │ │ ├── CD.arm
│ │ │ │ ├── CD.arm.expect
│ │ │ │ ├── D.arm
│ │ │ │ ├── D.arm.expect
│ │ │ │ ├── DE.arm
│ │ │ │ ├── E.arm
│ │ │ │ ├── EndlessExpression.arm
│ │ │ │ ├── EndlessExpression.arm.expect
│ │ │ │ ├── Statement.arm
│ │ │ │ ├── Statement.arm.expect
│ │ │ │ ├── array.arm
│ │ │ │ ├── array.c
│ │ │ │ ├── state.arm
│ │ │ │ ├── state.arm.expect
│ │ │ │ ├── struct.arm
│ │ │ │ ├── struct.arm.expect
│ │ │ │ ├── suffix.arm
│ │ │ │ └── suffix.arm.expect
│ │ │ ├── TypeResolver/
│ │ │ │ ├── boundedInt.arm
│ │ │ │ ├── boundedInt.arm.expect
│ │ │ │ ├── collectionType.arm
│ │ │ │ ├── collectionType.arm.expect
│ │ │ │ ├── ifExpr.arm
│ │ │ │ ├── literalExpr.arm
│ │ │ │ ├── malloc.arm
│ │ │ │ ├── method.arm
│ │ │ │ ├── pointer.arm
│ │ │ │ └── struct.arm
│ │ │ ├── compilerTest/
│ │ │ │ ├── arrayDecl.arm
│ │ │ │ ├── createThread.arm
│ │ │ │ ├── joinThread.arm
│ │ │ │ ├── memoryAlloc.arm
│ │ │ │ ├── methodDecl.arm
│ │ │ │ ├── pointerUsage.arm
│ │ │ │ ├── primitiveTypes.arm
│ │ │ │ └── structDecl.arm
│ │ │ ├── counter/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ ├── D.arm
│ │ │ │ ├── DE.arm
│ │ │ │ ├── E.arm
│ │ │ │ ├── EF.arm
│ │ │ │ ├── F.arm
│ │ │ │ ├── FG.arm
│ │ │ │ ├── G.arm
│ │ │ │ ├── GI.arm
│ │ │ │ ├── I.arm
│ │ │ │ ├── IJ.arm
│ │ │ │ ├── J.arm
│ │ │ │ ├── SharedStructs.arm
│ │ │ │ ├── Z.arm
│ │ │ │ └── extra.dfy
│ │ │ ├── fstar/
│ │ │ │ ├── alloc/
│ │ │ │ │ └── alloc.arm
│ │ │ │ ├── arraytest/
│ │ │ │ │ └── arraytest.arm
│ │ │ │ ├── assert/
│ │ │ │ │ └── assert.arm
│ │ │ │ ├── assume/
│ │ │ │ │ └── assume.arm
│ │ │ │ ├── atomic/
│ │ │ │ │ └── atomic.arm
│ │ │ │ ├── atomicExchange/
│ │ │ │ │ └── atomicExchange.arm
│ │ │ │ ├── atomicMethodCall/
│ │ │ │ │ └── atomicMethodCall.arm
│ │ │ │ ├── atomicRecursive/
│ │ │ │ │ └── atomicRecursive.arm
│ │ │ │ ├── atomicWhile/
│ │ │ │ │ └── atomicWhile.arm
│ │ │ │ ├── binaryOperator/
│ │ │ │ │ └── binaryOperator.arm
│ │ │ │ ├── boundedInt/
│ │ │ │ │ └── boundedInt.arm
│ │ │ │ ├── break/
│ │ │ │ │ └── break.arm
│ │ │ │ ├── code/
│ │ │ │ │ └── code.arm
│ │ │ │ ├── compareAndSwap/
│ │ │ │ │ └── compareAndSwap.arm
│ │ │ │ ├── conversionExpr/
│ │ │ │ │ └── conversionExpr.arm
│ │ │ │ ├── createThread/
│ │ │ │ │ └── createThread.arm
│ │ │ │ ├── datatype/
│ │ │ │ │ └── datatype.arm
│ │ │ │ ├── fence/
│ │ │ │ │ └── fence.arm
│ │ │ │ ├── generatedAssign/
│ │ │ │ │ └── generatedAssign.arm
│ │ │ │ ├── goto/
│ │ │ │ │ └── goto.arm
│ │ │ │ ├── ifExpr/
│ │ │ │ │ └── ifExpr.arm
│ │ │ │ ├── ifStmt/
│ │ │ │ │ └── ifStmt.arm
│ │ │ │ ├── ifundefined/
│ │ │ │ │ └── ifundefined.arm
│ │ │ │ ├── invariantDecl_MaintainedIfStmtSatisfies/
│ │ │ │ │ └── invariantDecl.arm
│ │ │ │ ├── invariantDecl_MaintainedIfVarsUnchanged/
│ │ │ │ │ └── invariantDecl.arm
│ │ │ │ ├── literalExpr/
│ │ │ │ │ └── literalExpr.arm
│ │ │ │ ├── mapComprehension/
│ │ │ │ │ └── mapComprehension.arm
│ │ │ │ ├── maptest/
│ │ │ │ │ └── maptest.arm
│ │ │ │ ├── matchCase/
│ │ │ │ │ └── matchCase.arm
│ │ │ │ ├── methodCall/
│ │ │ │ │ └── methodCall.arm
│ │ │ │ ├── quantifierexpr/
│ │ │ │ │ └── quantifierexpr.arm
│ │ │ │ ├── recursiveMatch/
│ │ │ │ │ └── recursiveMatch.arm
│ │ │ │ ├── relation/
│ │ │ │ │ └── relation.arm
│ │ │ │ ├── seqtest/
│ │ │ │ │ └── seqtest.arm
│ │ │ │ ├── setComprehension/
│ │ │ │ │ └── setComprehension.arm
│ │ │ │ ├── settest/
│ │ │ │ │ └── settest.arm
│ │ │ │ ├── somehow/
│ │ │ │ │ └── somehow.arm
│ │ │ │ ├── somehowLock/
│ │ │ │ │ └── somehow.arm
│ │ │ │ ├── struct/
│ │ │ │ │ └── struct.arm
│ │ │ │ ├── subroutine/
│ │ │ │ │ └── subroutine.arm
│ │ │ │ ├── unaryOperator/
│ │ │ │ │ └── unaryOperator.arm
│ │ │ │ ├── while/
│ │ │ │ │ └── while.arm
│ │ │ │ └── wildcard/
│ │ │ │ └── wildcard.arm
│ │ │ ├── includeTest/
│ │ │ │ ├── A.arm
│ │ │ │ ├── A.arm.expect
│ │ │ │ ├── B.arm
│ │ │ │ ├── B.arm.expect
│ │ │ │ ├── C.arm
│ │ │ │ └── C.arm.expect
│ │ │ ├── ogCounterExample.arm
│ │ │ └── test.arm
│ │ └── proof/
│ │ ├── globalVarsUnmodifiable/
│ │ │ └── globalVarsUnmodifiable.arm
│ │ ├── varHiding/
│ │ │ └── varHiding.arm
│ │ ├── varIntro/
│ │ │ └── varIntro.arm
│ │ └── varIntroWithAtomic/
│ │ └── varIntro.arm
│ ├── docker/
│ │ └── Dockerfile
│ ├── fstar.opam
│ ├── grammar.txt
│ ├── lib/
│ │ ├── .gitignore
│ │ ├── Armada.Action.fst
│ │ ├── Armada.Base.fst
│ │ ├── Armada.BinaryOp.fst
│ │ ├── Armada.BoundedInt.fst
│ │ ├── Armada.Computation.fst
│ │ ├── Armada.Expression.fst
│ │ ├── Armada.Globals.fst
│ │ ├── Armada.Init.fst
│ │ ├── Armada.Memory.fst
│ │ ├── Armada.Pointer.fst
│ │ ├── Armada.Program.fst
│ │ ├── Armada.State.fst
│ │ ├── Armada.Statement.fst
│ │ ├── Armada.Step.fst
│ │ ├── Armada.Thread.fst
│ │ ├── Armada.Threads.fst
│ │ ├── Armada.Transition.fst
│ │ ├── Armada.Type.fst
│ │ ├── Armada.UnaryOp.fst
│ │ ├── GlobalVarExampleInvariant.fst
│ │ ├── Makefile
│ │ ├── MyAProg.fst
│ │ ├── MyAtomicAProg.fst
│ │ ├── MyAtomicBInvariant.fst
│ │ ├── MyAtomicBProg.fst
│ │ ├── MyAtomicHProg.fst
│ │ ├── MyAtomicLProg.fst
│ │ ├── MyAtomicToRegularRefinement.fst
│ │ ├── MyBProg.fst
│ │ ├── MyHProg.arm
│ │ ├── MyHProg.fst
│ │ ├── MyLProg.arm
│ │ ├── MyLProg.fst
│ │ ├── MyList.fst
│ │ ├── MyProgramInvariant.fst
│ │ ├── MyProgramProof.fst
│ │ ├── MyRegularToAtomicRefinement.fst
│ │ ├── MyVarHidingProof.fst
│ │ ├── MyVarIntroProof.fst
│ │ ├── Spec.Behavior.fst
│ │ ├── Spec.List.fst
│ │ ├── Spec.Logic.fst
│ │ ├── Spec.Map.fst
│ │ ├── Spec.Ubool.fst
│ │ ├── Strategies.ArmadaInvariant.PositionsValid.fst
│ │ ├── Strategies.ArmadaInvariant.PositionsValid.fsti
│ │ ├── Strategies.ArmadaInvariant.RootsMatch.fst
│ │ ├── Strategies.ArmadaInvariant.UnstartedThreads.fst
│ │ ├── Strategies.ArmadaInvariant.UnstartedThreads.fsti
│ │ ├── Strategies.ArmadaStatement.Breaking.fst
│ │ ├── Strategies.ArmadaStatement.Nonyielding.fst
│ │ ├── Strategies.ArmadaStatement.Opaque.fst
│ │ ├── Strategies.ArmadaStatement.Propagate.fst
│ │ ├── Strategies.ArmadaStatement.Status.fst
│ │ ├── Strategies.ArmadaStatement.Status.fsti
│ │ ├── Strategies.ArmadaStatement.ThreadState.fst
│ │ ├── Strategies.ArmadaStatement.fst
│ │ ├── Strategies.Atomic.fst
│ │ ├── Strategies.AtomicToRegular.Armada.fst
│ │ ├── Strategies.AtomicToRegular.Armada.fsti
│ │ ├── Strategies.AtomicToRegular.fst
│ │ ├── Strategies.AtomicToRegular.fsti
│ │ ├── Strategies.Breaking.fst
│ │ ├── Strategies.Common.fst
│ │ ├── Strategies.GlobalVars.Init.fst
│ │ ├── Strategies.GlobalVars.Permanent.fst
│ │ ├── Strategies.GlobalVars.Pointer.fst
│ │ ├── Strategies.GlobalVars.Statement.fst
│ │ ├── Strategies.GlobalVars.Statement.fsti
│ │ ├── Strategies.GlobalVars.Types.fst
│ │ ├── Strategies.GlobalVars.Unaddressed.fst
│ │ ├── Strategies.GlobalVars.UnaddressedStatement.fst
│ │ ├── Strategies.GlobalVars.Util.fst
│ │ ├── Strategies.GlobalVars.Value.fst
│ │ ├── Strategies.GlobalVars.VarHiding.fst
│ │ ├── Strategies.GlobalVars.VarHiding.fsti
│ │ ├── Strategies.GlobalVars.VarIntro.fst
│ │ ├── Strategies.GlobalVars.VarIntro.fsti
│ │ ├── Strategies.GlobalVars.fst
│ │ ├── Strategies.GlobalVarsProof.fst
│ │ ├── Strategies.Invariant.Armada.Atomic.fst
│ │ ├── Strategies.Invariant.Armada.Atomic.fsti
│ │ ├── Strategies.Invariant.Armada.AtomicSubstep.fst
│ │ ├── Strategies.Invariant.Armada.AtomicSubstep.fsti
│ │ ├── Strategies.Invariant.Armada.fst
│ │ ├── Strategies.Invariant.Armada.fsti
│ │ ├── Strategies.Invariant.Atomic.fst
│ │ ├── Strategies.Invariant.Atomic.fsti
│ │ ├── Strategies.Invariant.fst
│ │ ├── Strategies.Invariant.fsti
│ │ ├── Strategies.Lift.Generic.fst
│ │ ├── Strategies.Lift.Generic.fsti
│ │ ├── Strategies.Nonyielding.fst
│ │ ├── Strategies.PCIndices.fst
│ │ ├── Strategies.PCRelation.fst
│ │ ├── Strategies.RegularToAtomic.Armada.Helper.fst
│ │ ├── Strategies.RegularToAtomic.Armada.fst
│ │ ├── Strategies.RegularToAtomic.Armada.fsti
│ │ ├── Strategies.RegularToAtomic.fst
│ │ ├── Strategies.RegularToAtomic.fsti
│ │ ├── Strategies.Semantics.Armada.fst
│ │ ├── Strategies.Semantics.Armada.fsti
│ │ ├── Strategies.Semantics.fst
│ │ ├── Strategies.VarHiding.Defs.fst
│ │ ├── Strategies.VarHiding.Efficient.fst
│ │ ├── Strategies.VarHiding.Efficient.fsti
│ │ ├── Strategies.VarHiding.Helpers.fst
│ │ ├── Strategies.VarHiding.Inefficient.fst
│ │ ├── Strategies.VarHiding.Inefficient.fsti
│ │ ├── Strategies.VarHiding.Initialization.fst
│ │ ├── Strategies.VarHiding.Initialization.fsti
│ │ ├── Strategies.VarHiding.Invariant.fst
│ │ ├── Strategies.VarHiding.Propagate.fst
│ │ ├── Strategies.VarHiding.Relation.fst
│ │ ├── Strategies.VarHiding.Relation.fsti
│ │ ├── Strategies.VarIntro.Defs.fst
│ │ ├── Strategies.VarIntro.Efficient.fst
│ │ ├── Strategies.VarIntro.Efficient.fsti
│ │ ├── Strategies.VarIntro.Helpers.fst
│ │ ├── Strategies.VarIntro.Inefficient.fst
│ │ ├── Strategies.VarIntro.Inefficient.fsti
│ │ ├── Strategies.VarIntro.Initialization.fst
│ │ ├── Strategies.VarIntro.Initialization.fsti
│ │ ├── Strategies.VarIntro.Invariant.fst
│ │ ├── Strategies.VarIntro.Propagate.fst
│ │ ├── Strategies.VarIntro.Relation.fst
│ │ ├── Strategies.VarIntro.Relation.fsti
│ │ ├── Strategies.Weakening.Armada.fst
│ │ ├── Strategies.Weakening.Armada.fsti
│ │ ├── Strategies.Weakening.fst
│ │ ├── Strategies.Weakening.fsti
│ │ ├── Util.Behavior.fst
│ │ ├── Util.ImmutableArray.fst
│ │ ├── Util.ImmutableArray.fsti
│ │ ├── Util.List.fst
│ │ ├── Util.Logic.fst
│ │ ├── Util.Nth.fst
│ │ ├── Util.Range.fst
│ │ ├── Util.Range.fsti
│ │ ├── Util.Relation.fst
│ │ ├── Util.Seq.fst
│ │ ├── Util.Seq.fsti
│ │ ├── Util.Tactics.fst
│ │ └── Util.Trigger.fst
│ ├── output.c
│ └── third_party/
│ └── Coco/
│ ├── LICENSE.txt
│ ├── README.txt
│ └── src/
│ ├── Parser.frame
│ └── Scanner.frame
├── third_party/
│ └── Coco/
│ ├── LICENSE.txt
│ ├── README.txt
│ └── src/
│ ├── Coco.atg
│ ├── Coco.build
│ ├── Coco.cs
│ ├── Coco.csproj
│ ├── DFA.cs
│ ├── Parser.cs
│ ├── Parser.frame
│ ├── ParserGen.cs
│ ├── Scanner.cs
│ ├── Scanner.frame
│ ├── Tab.cs
│ ├── build.bat
│ └── coc.bat
└── tools/
└── scripts/
├── .gitignore
├── __init__.py
├── dafny-oneproc.py
└── dafny_profiler.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitattributes
================================================
* text=auto
#Explicitly set here just for sanity.
*.cs text
*.dfy text
*.expect text
*.bpl text
*.atg text
*.mdk text
*.json text
*.sty text
*.md text
*.tmp text
#Needs to be crlf
*.sln text eol=crlf
*.csproj text eol=crlf
*.vsixmanifest eol=crlf
*.config eol=crlf
*.bat eol=crlf
*.transcript eol=crlf
#Needs to be lr
Binaries/dafny text eol=lf
Binaries/dafny-server text eol=lf
#Never convert these
*.dll binary
*.exe binary
*.png binary
*.jpg binary
*.xcf binary
*.snk binary
================================================
FILE: .gitignore
================================================
*.config
*.manifest
*.pkgdef
*.suo
*.userprefs
*.vsix
*.vsixmanifest
*~
*.vdfy
.idea/
Binaries/*
Package/
Source/*/bin/
Source/*/obj/
Source/Armada/Parser.cs
Source/Armada/Scanner.cs
Source/Armada/Parser.cs.old
Source/Armada/Scanner.cs.old
Source/packages
Source/DafnyExtension/DafnyPrelude.bpl
Source/DafnyExtension/DafnyRuntime.cs
Source/DafnyExtension/Z3-LICENSE.txt
Source/DafnyExtension/z3.exe
*.csproj.user
Test/**/.sconsign.dblite
Test/**/*.exe
Test/**/*.dll
Test/**/*.mdb
Test/**/*.pdb
Test/**/Output/
Test/server/model.bvd
Test/dafny0/Extern.cs
Test/dafny0/ExternCopyFromTrait.cs
Test/git-issues/github-issue-305-*.cs
Test/desktop/*
Test/node_modules/
Test/package-lock.json
Docs/OnlineTutorial/DocumentationTransducer.exe
Docs/OnlineTutorial/DocumentationTransducer.pdb
Docs/OnlineTutorial/DocumentationTransducer/obj
Docs/OnlineTutorial/manuscripts/*.htm
Docs/OnlineTutorial/manuscripts/*.*.dfy
Test/comp/*.cs
Test/comp/*.js
Test/comp/*-go
# Generated by Rider IDE
*.sln.DotSettings.user
*.sln.DotSettings
# Generated by Visual Studio 2019
*.csproj.user
Source/.vs
Binaries/CodeContracts/
bin/
.sconsign.dblite
*.tmp
Misc/
================================================
FILE: Armada/.gitignore
================================================
*.tmp
*.vdfy
bin/
cache/
.sconsign.dblite
================================================
FILE: Armada/ArmadaCommonDefinitions.dfy
================================================
include "util/collections/seqs.i.dfy"
include "util/option.s.dfy"
include "spec/refinement.s.dfy"
module ArmadaCommonDefinitions {
import opened util_collections_seqs_i
import opened util_option_s
import opened GeneralRefinementModule
////////////////////////////////
// Primitive types
////////////////////////////////
newtype uint8 = n: int | 0 <= n < 256
newtype uint16 = n: int | 0 <= n < 65536
newtype uint32 = n: int | 0 <= n < 4294967296
newtype uint64 = n: int | 0 <= n < 18446744073709551616
newtype int8 = n: int | -128 <= n < 128
newtype int16 = n: int | -32768 <= n < 32768
newtype int32 = n: int | -2147483648 <= n < 2147483648
newtype int64 = n: int | -9223372036854775808 <= n < 9223372036854775808
function Armada_CastTo_uint8(n: int): (n': uint8)
ensures 0 <= n < 256 ==> n' as int == n
{
(n % 256) as uint8
}
function Armada_CastTo_uint16(n: int): (n': uint16)
ensures 0 <= n < 65536 ==> n' as int == n
{
(n % 65536) as uint16
}
function Armada_CastTo_uint32(n: int): (n': uint32)
ensures 0 <= n < 4294967296 ==> n' as int == n
{
(n % 4294967296) as uint32
}
function Armada_CastTo_uint64(n: int): (n': uint64)
ensures 0 <= n < 18446744073709551616 ==> n' as int == n
{
(n % 18446744073709551616) as uint64
}
function {:axiom} Armada_CastTo_int8(n: int): (n': int8)
ensures -128 <= n < 128 ==> n' as int == n
function {:axiom} Armada_CastTo_int16(n: int): (n': int16)
ensures -32768 <= n < 32768 ==> n' as int == n
function {:axiom} Armada_CastTo_int32(n: int): (n': int32)
ensures -2147483648 <= n < 2147483648 ==> n' as int == n
function {:axiom} Armada_CastTo_int64(n: int): (n': int64)
ensures -9223372036854775808 <= n < 9223372036854775808 ==> n' as int == n
datatype Armada_PrimitiveValue =
Armada_PrimitiveValueNone
| Armada_PrimitiveValue_uint8(n_uint8: uint8)
| Armada_PrimitiveValue_uint16(n_uint16: uint16)
| Armada_PrimitiveValue_uint32(n_uint32: uint32)
| Armada_PrimitiveValue_uint64(n_uint64: uint64)
| Armada_PrimitiveValue_int8(n_int8: int8)
| Armada_PrimitiveValue_int16(n_int16: int16)
| Armada_PrimitiveValue_int32(n_int32: int32)
| Armada_PrimitiveValue_int64(n_int64: int64)
datatype Armada_PrimitiveType =
Armada_PrimitiveType_uint8
| Armada_PrimitiveType_uint16
| Armada_PrimitiveType_uint32
| Armada_PrimitiveType_uint64
| Armada_PrimitiveType_int8
| Armada_PrimitiveType_int16
| Armada_PrimitiveType_int32
| Armada_PrimitiveType_int64
predicate Armada_PrimitiveValueMatchesType(v: Armada_PrimitiveValue, ty: Armada_PrimitiveType)
{
match ty
case Armada_PrimitiveType_uint8 =>
v.Armada_PrimitiveValue_uint8?
case Armada_PrimitiveType_uint16 =>
v.Armada_PrimitiveValue_uint16?
case Armada_PrimitiveType_uint32 =>
v.Armada_PrimitiveValue_uint32?
case Armada_PrimitiveType_uint64 =>
v.Armada_PrimitiveValue_uint64?
case Armada_PrimitiveType_int8 =>
v.Armada_PrimitiveValue_int8?
case Armada_PrimitiveType_int16 =>
v.Armada_PrimitiveValue_int16?
case Armada_PrimitiveType_int32 =>
v.Armada_PrimitiveValue_int32?
case Armada_PrimitiveType_int64 =>
v.Armada_PrimitiveValue_int64?
}
predicate Armada_PrimitiveValuesOfSameType(v: Armada_PrimitiveValue, v': Armada_PrimitiveValue)
{
match v
case Armada_PrimitiveValueNone => v'.Armada_PrimitiveValueNone?
case Armada_PrimitiveValue_uint8(_) => v'.Armada_PrimitiveValue_uint8?
case Armada_PrimitiveValue_uint16(_) => v'.Armada_PrimitiveValue_uint16?
case Armada_PrimitiveValue_uint32(_) => v'.Armada_PrimitiveValue_uint32?
case Armada_PrimitiveValue_uint64(_) => v'.Armada_PrimitiveValue_uint64?
case Armada_PrimitiveValue_int8(_) => v'.Armada_PrimitiveValue_int8?
case Armada_PrimitiveValue_int16(_) => v'.Armada_PrimitiveValue_int16?
case Armada_PrimitiveValue_int32(_) => v'.Armada_PrimitiveValue_int32?
case Armada_PrimitiveValue_int64(_) => v'.Armada_PrimitiveValue_int64?
}
////////////////////////////////
// Bit vectors
////////////////////////////////
function {:opaque} U32(b:bv32) : uint32 { b as uint32 }
function {:opaque} B32(u:uint32) : bv32 { u as bv32 }
function {:opaque} U64(b:bv64) : uint64 { b as uint64 }
function {:opaque} B64(u:uint64) : bv64 { u as bv64 }
// 32 bits
function {:opaque} bit_and32(b0:bv32, b1:bv32) : bv32
{ b0 & b1 }
function {:opaque} bit_or32(b0:bv32, b1:bv32) : bv32
{ b0 | b1 }
function {:opaque} bit_mod32(b0:bv32, b1:bv32) : bv32
requires b1 != 0;
{ b0 % b1 }
function {:opaque} bit_xor32(b0:bv32, b1:bv32) : bv32
{ b0 ^ b1 }
function {:opaque} bit_lshift32(b0:bv32, b1:bv32) : bv32
requires b1 <= 32;
{ b0 << b1 }
function {:opaque} bit_rshift32(b0:bv32, b1:bv32) : bv32
requires b1 <= 32;
{ b0 >> b1 }
function {:opaque} bit_and_uint32(u0:uint32, u1:uint32) : uint32
{
U32(bit_and32(B32(u0), B32(u1)))
}
function {:opaque} bit_or_uint32(u0:uint32, u1:uint32) : uint32
{
U32(bit_or32(B32(u0), B32(u1)))
}
function {:opaque} bit_mod_uint32(u0:uint32, u1:uint32) : uint32
requires u1 != 0;
{
reveal B32();
U32(bit_mod32(B32(u0), B32(u1)))
}
function {:opaque} bit_xor_uint32(u0:uint32, u1:uint32) : uint32
{
U32(bit_xor32(B32(u0), B32(u1)))
}
function {:opaque} bit_lshift_uint32(u0:uint32, u1:uint32) : uint32
requires u1 <= 32;
{
bv32_inequality(u1);
U32(bit_lshift32(B32(u0), B32(u1)))
}
function {:opaque} bit_rshift_uint32(u0:uint32, u1:uint32) : uint32
requires u1 <= 32;
{
bv32_inequality(u1);
U32(bit_rshift32(B32(u0), B32(u1)))
}
// 64 bits
function {:opaque} bit_and64(b0:bv64, b1:bv64) : bv64
{ b0 & b1 }
function {:opaque} bit_or64(b0:bv64, b1:bv64) : bv64
{ b0 | b1 }
function {:opaque} bit_mod64(b0:bv64, b1:bv64) : bv64
requires b1 != 0;
{ b0 % b1 }
function {:opaque} bit_xor64(b0:bv64, b1:bv64) : bv64
{ b0 ^ b1 }
function {:opaque} bit_lshift64(b0:bv64, b1:bv64) : bv64
requires b1 <= 64;
{ b0 << b1 }
function {:opaque} bit_rshift64(b0:bv64, b1:bv64) : bv64
requires b1 <= 64;
{ b0 >> b1 }
function {:opaque} bit_and_uint64(u0:uint64, u1:uint64) : uint64
{
U64(bit_and64(B64(u0), B64(u1)))
}
function {:opaque} bit_or_uint64(u0:uint64, u1:uint64) : uint64
{
U64(bit_or64(B64(u0), B64(u1)))
}
function {:opaque} bit_mod_uint64(u0:uint64, u1:uint64) : uint64
requires u1 != 0;
{
reveal B64();
U64(bit_mod64(B64(u0), B64(u1)))
}
function {:opaque} bit_xor_uint64(u0:uint64, u1:uint64) : uint64
{
U64(bit_xor64(B64(u0), B64(u1)))
}
function {:opaque} bit_lshift_uint64(u0:uint64, u1:uint64) : uint64
requires u1 <= 64;
{
bv64_inequality(u1);
U64(bit_lshift64(B64(u0), B64(u1)))
}
function {:opaque} bit_rshift_uint64(u0:uint64, u1:uint64) : uint64
requires u1 <= 64;
{
bv64_inequality(u1);
U64(bit_rshift64(B64(u0), B64(u1)))
}
lemma {:axiom} bv_core_properties()
ensures forall u:uint32 :: U32(B32(u)) == u;
ensures forall b:bv32 :: B32(U32(b)) == b;
ensures forall x:uint32, m:uint32 ::
m != 0 && B32(m) != 0 ==> (x % m) == U32(bit_mod32(B32(x), B32(m)));
ensures forall u:uint64 :: U64(B64(u)) == u;
ensures forall b:bv64 :: B64(U64(b)) == b;
ensures forall x:uint64, m:uint64 ::
m != 0 && B64(m) != 0 ==> (x % m) == U64(bit_mod64(B64(x), B64(m)));
// 32 bits
lemma B32_injective(u0:uint32, u1:uint32)
ensures u0 == u1 <==> B32(u0) == B32(u1);
{
bv_core_properties();
assert u0 == u1 ==> B32(u0) == B32(u1);
var b0 := B32(u0);
var b1 := B32(u1);
assert b0 == b1 ==> U32(b0) == U32(b1);
}
lemma U32_injective(b0:bv32, b1:bv32)
ensures b0 == b1 <==> U32(b0) == U32(b1);
{
bv_core_properties();
assert b0 == b1 ==> U32(b0) == U32(b1);
var u0 := U32(b0);
var u1 := U32(b1);
assert u0 == u1 ==> B32(u0) == B32(u1);
}
lemma bv32_injectivity()
ensures forall u0:uint32, u1:uint32 :: u0 == u1 <==> B32(u0) == B32(u1)
ensures forall b0, b1 :: b0 == b1 <==> U32(b0) == U32(b1)
{
reveal B32(); // Without this, Dafny can't seem to translate the forall statement to the forall expression
reveal U32(); // Without this, Dafny can't seem to translate the forall statement to the forall expression
forall u0:uint32, u1:uint32 ensures u0 == u1 <==> B32(u0) == B32(u1) { B32_injective(u0, u1); }
forall b0, b1 ensures b0 == b1 <==> U32(b0) == U32(b1) { U32_injective(b0, b1); }
}
lemma bv32_inequality(u:uint32)
requires u <= 32;
ensures B32(u) <= 32;
{
reveal B32();
reveal U32();
bv_core_properties();
bv32_injectivity();
}
// 64 bits
lemma B64_injective(u0:uint64, u1:uint64)
ensures u0 == u1 <==> B64(u0) == B64(u1);
{
bv_core_properties();
assert u0 == u1 ==> B64(u0) == B64(u1);
var b0 := B64(u0);
var b1 := B64(u1);
assert b0 == b1 ==> U64(b0) == U64(b1);
}
lemma U64_injective(b0:bv64, b1:bv64)
ensures b0 == b1 <==> U64(b0) == U64(b1);
{
bv_core_properties();
assert b0 == b1 ==> U64(b0) == U64(b1);
var u0 := U64(b0);
var u1 := U64(b1);
assert u0 == u1 ==> B64(u0) == B64(u1);
}
lemma bv64_injectivity()
ensures forall u0:uint64, u1:uint64 :: u0 == u1 <==> B64(u0) == B64(u1)
ensures forall b0, b1 :: b0 == b1 <==> U64(b0) == U64(b1)
{
reveal B64(); // Without this, Dafny can't seem to translate the forall statement to the forall expression
reveal U64(); // Without this, Dafny can't seem to translate the forall statement to the forall expression
forall u0:uint64, u1:uint64 ensures u0 == u1 <==> B64(u0) == B64(u1) { B64_injective(u0, u1); }
forall b0, b1 ensures b0 == b1 <==> U64(b0) == U64(b1) { U64_injective(b0, b1); }
}
lemma bv64_inequality(u:uint64)
requires u <= 64;
ensures B64(u) <= 64;
{
reveal B64();
reveal U64();
bv_core_properties();
bv64_injectivity();
}
// Example uses
lemma bv_test(b:bv64)
//ensures bit_and64(b, 0) == 0;
//ensures bit_and64(b, 0xFFFFFFFFFFFFFFFF) == b
ensures bit_xor64(b, 0) == b;
{
//reveal bit_and64();
var all_ones:bv64 := 0xFFFFFFFFFFFFFFFF;
//assert bit_and64(b, all_ones) == b;
reveal_bit_xor64();
}
lemma bv64_properties()
ensures forall u0:uint64 :: bit_and_uint64(u0, 0) == 0
{
reveal bit_and_uint64(); // Without this, Dafny can't seem to translate the forall statement to the forall expression
forall u0 ensures bit_and_uint64(u0, 0) == 0 { bv64_properties_specific(u0, 0); }
}
lemma bv64_properties_specific(u0:uint64, u1:uint64)
ensures bit_and_uint64(u0, 0) == 0
ensures bit_and_uint64(u0, u1) == bit_and_uint64(u1, u0)
ensures bit_xor_uint64(u0, u0) == 0
ensures bit_xor_uint64(u0, u1) == bit_xor_uint64(u1, u0)
{
bv_core_properties(); reveal U64(); reveal B64();
var all_ones:uint64 := 0xFFFFFFFFFFFFFFFF;
assert B64(0) == 0; // Help Z3 with constant conversion
assert B64(all_ones) == 0xFFFFFFFFFFFFFFFF; // Help Z3 with constant conversion
// AND
assert bit_and_uint64(u0, 0) == 0 by { reveal bit_and_uint64(); reveal bit_and64(); }
assert bit_and_uint64(u0, all_ones) == u0 by { reveal bit_and_uint64(); reveal bit_and64(); }
assert bit_and_uint64(u0, u1) == bit_and_uint64(u1, u0) by { reveal bit_and_uint64(); reveal bit_and64(); }
// OR
assert bit_or_uint64(u0, 0) == u0 by { reveal bit_or_uint64(); reveal bit_or64(); }
assert bit_or_uint64(u0, all_ones) == all_ones by { reveal bit_or_uint64(); reveal bit_or64(); }
assert bit_or_uint64(u0, u1) == bit_or_uint64(u1, u0) by { reveal bit_or_uint64(); reveal bit_or64(); }
// XOR
assert bit_xor_uint64(u0, u0) == 0 by { reveal bit_xor_uint64(); reveal bit_xor64(); }
assert bit_xor_uint64(u0, u1) == bit_xor_uint64(u1, u0) by { reveal bit_xor_uint64(); reveal bit_xor64(); }
assert bit_xor_uint64(u0, 0) == u0 by { reveal bit_xor_uint64(); reveal bit_xor64(); }
}
// method bitwise_and(x:uint64, y:uint64) returns (z:uint64)
// ensures z == bit_and_uint64(x, y)
////////////////////////////////
// Thread handle
////////////////////////////////
type Armada_ThreadHandle = uint64
////////////////////////////////
// Termination
////////////////////////////////
datatype Armada_StopReason = Armada_NotStopped
| Armada_StopReasonTerminated
| Armada_StopReasonAssertionFailure
| Armada_StopReasonUndefinedBehavior
////////////////////////////////
// Multisteps
////////////////////////////////
datatype Armada_SpecFunctions<!State, !OneStep, !PC> =
Armada_SpecFunctions(
init:State->bool,
step_valid:(State, OneStep, Armada_ThreadHandle)->bool,
step_next:(State, OneStep, Armada_ThreadHandle)->State,
is_step_tau:OneStep->bool,
state_ok:State->bool,
get_thread_pc:(State, Armada_ThreadHandle)->Option<PC>,
is_pc_nonyielding:PC->bool
)
predicate Armada_ThreadYielding<State, OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
s:State,
tid:Armada_ThreadHandle
)
{
// Either the process has crashed, the thread isn't running, or the thread is at a yield point
var pc := asf.get_thread_pc(s, tid);
!asf.state_ok(s) || pc.None? || !asf.is_pc_nonyielding(pc.v)
}
predicate Armada_StepsStartNonyielding<State, OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
s:State,
s':State,
steps:seq<OneStep>,
tid:Armada_ThreadHandle
)
{
|steps| > 0 ==>
&& !Armada_ThreadYielding(asf, s, tid)
&& !asf.is_step_tau(steps[0])
&& Armada_StepsStartNonyielding(asf, asf.step_next(s, steps[0], tid), s', steps[1..], tid)
}
predicate Armada_NextMultipleSteps<State, OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
s:State,
s':State,
steps:seq<OneStep>,
tid:Armada_ThreadHandle
)
{
if |steps| == 0 then
s' == s
else
&& asf.step_valid(s, steps[0], tid)
&& Armada_NextMultipleSteps(asf, asf.step_next(s, steps[0], tid), s', steps[1..], tid)
}
predicate Armada_NextMultistep<State, OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
s:State,
s':State,
steps:seq<OneStep>,
tid:Armada_ThreadHandle,
tau:bool
)
{
&& Armada_NextMultipleSteps(asf, s, s', steps, tid)
&& (|steps| > 0 ==>
if tau then
&& |steps| == 1
&& asf.is_step_tau(steps[0])
else
&& Armada_ThreadYielding(asf, s, tid)
&& Armada_ThreadYielding(asf, s', tid)
&& !asf.is_step_tau(steps[0])
&& Armada_StepsStartNonyielding(asf, asf.step_next(s, steps[0], tid), s', steps[1..], tid)
)
}
function Armada_SpecFunctionsToSpec<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
) : Spec<State>
{
Spec(iset s | asf.init(s),
iset s, s', steps, tid, tau | Armada_NextMultistep(asf, s, s', steps, tid, tau) :: StatePair(s, s'))
}
////////////////////////////////
// Heap types
////////////////////////////////
datatype Armada_ObjectType = Armada_ObjectTypePrimitive(pty: Armada_PrimitiveType)
| Armada_ObjectTypeStruct(fieldTypes: seq<Armada_ObjectType>)
| Armada_ObjectTypeArray(subtype: Armada_ObjectType, sz: int)
////////////////////////////////
// Pointers and heaps
////////////////////////////////
type Armada_Pointer = uint64
function Armada_TriggerPointer(p:Armada_Pointer) : Armada_Pointer { p }
datatype Armada_RootType = Armada_RootTypeStaticHeap | Armada_RootTypeDynamicHeap | Armada_RootTypeStack
datatype Armada_ChildType = Armada_ChildTypeRoot(rt: Armada_RootType) | Armada_ChildTypeIndex(i: int)
datatype Armada_Node = Armada_Node(parent: Armada_Pointer, child_type: Armada_ChildType,
children: seq<Armada_Pointer>, ty: Armada_ObjectType)
type Armada_HeapValues = map<Armada_Pointer, Armada_PrimitiveValue>
datatype Armada_Heap = Armada_Heap(tree: map<Armada_Pointer, Armada_Node>, valid: set<Armada_Pointer>, freed: set<Armada_Pointer>,
values: Armada_HeapValues)
predicate Armada_TreeForestProperties(tree: map<Armada_Pointer, Armada_Node>)
{
&& (forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree ==> tree[p].parent in tree)
&& (forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree ==> (tree[p].child_type.Armada_ChildTypeRoot? <==> tree[p].parent == p))
&& (forall p, i {:trigger Armada_TriggerPointer(p), tree[p].children[i]} ::
Armada_TriggerPointer(p) in tree && 0 <= i < |tree[p].children|
==> var q := tree[p].children[i]; q in tree && tree[q].parent == p && tree[q].child_type == Armada_ChildTypeIndex(i))
&& (forall q {:trigger Armada_TriggerPointer(q)} ::
Armada_TriggerPointer(q) in tree && !tree[q].child_type.Armada_ChildTypeRoot?
==> var p, f := tree[q].parent, tree[q].child_type;
p in tree && 0 <= f.i < |tree[p].children| && tree[p].children[f.i] == q)
}
predicate Armada_TreeStructProperties(tree: map<Armada_Pointer, Armada_Node>)
{
&& (forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree && tree[p].ty.Armada_ObjectTypeStruct? ==> |tree[p].children| == |tree[p].ty.fieldTypes|)
&& (forall p, i {:trigger Armada_TriggerPointer(p), tree[p].children[i]} ::
Armada_TriggerPointer(p) in tree && tree[p].ty.Armada_ObjectTypeStruct? && 0 <= i < |tree[p].children| ==>
var q := tree[p].children[i];
q in tree && tree[q].ty == tree[p].ty.fieldTypes[i])
}
predicate Armada_TreeArrayProperties(tree: map<Armada_Pointer, Armada_Node>)
{
&& (forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree && tree[p].ty.Armada_ObjectTypeArray? ==> tree[p].ty.sz >= 0)
&& (forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree && tree[p].ty.Armada_ObjectTypeArray? ==> |tree[p].children| == tree[p].ty.sz)
&& (forall p, q {:trigger Armada_TriggerPointer(p), Armada_TriggerPointer(q), tree[p].ty.Armada_ObjectTypeArray?} ::
&& Armada_TriggerPointer(p) in tree && Armada_TriggerPointer(q) in tree
&& tree[p].ty.Armada_ObjectTypeArray? && tree[q].parent == p && q != p
==> tree[q].ty == tree[p].ty.subtype)
}
predicate Armada_TreePrimitiveProperties(tree: map<Armada_Pointer, Armada_Node>)
{
forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in tree && tree[p].ty.Armada_ObjectTypePrimitive? ==> |tree[p].children| == 0
}
predicate Armada_TreeProperties(tree: map<Armada_Pointer, Armada_Node>)
{
&& Armada_TreeForestProperties(tree)
&& Armada_TreeStructProperties(tree)
&& Armada_TreeArrayProperties(tree)
&& Armada_TreePrimitiveProperties(tree)
}
predicate Armada_HeapInvariant(h: Armada_Heap)
{
&& (forall p :: p in h.valid ==> p !in h.freed)
&& 0 in h.freed
&& !(0 in h.valid)
&& Armada_TreeProperties(h.tree)
&& (forall p {:trigger Armada_TriggerPointer(p)} {:trigger Armada_TriggerPointer(h.tree[p].parent)} ::
Armada_TriggerPointer(p) in h.tree ==>
(p in h.valid <==> Armada_TriggerPointer(h.tree[p].parent) in h.valid))
&& forall p {:trigger Armada_TriggerPointer(p)} ::
Armada_TriggerPointer(p) in h.tree &&
h.tree[p].ty.Armada_ObjectTypePrimitive? ==>
p in h.values &&
Armada_PrimitiveValueMatchesType(h.values[p], h.tree[p].ty.pty)
}
predicate Armada_HeapMetadataUnchanged(h: Armada_Heap, h': Armada_Heap)
{
&& h'.tree == h.tree
&& h'.valid == h.valid
&& h'.freed == h.freed
}
predicate Armada_ComparablePointer(p: Armada_Pointer, h: Armada_Heap)
{
p !in h.freed || p == 0
}
/////////////////////////////////////////////
// Pointer subtree structural correctness
/////////////////////////////////////////////
predicate Armada_PointerSubtreeHasObjectType(tree: map<Armada_Pointer, Armada_Node>, p: Armada_Pointer, ty: Armada_ObjectType)
decreases ty
{
&& p in tree
&& tree[p].ty == ty
&& match tree[p].ty
case Armada_ObjectTypePrimitive(pty) =>
|tree[p].children| == 0
case Armada_ObjectTypeStruct(fieldTypes) =>
&& |tree[p].children| == |fieldTypes|
&& (forall i {:trigger tree[p].children[i]} :: 0 <= i < |fieldTypes| ==>
Armada_PointerSubtreeHasObjectType(tree, tree[p].children[i], fieldTypes[i]))
case Armada_ObjectTypeArray(subtype, sz) =>
&& |tree[p].children| == sz
&& (forall i {:trigger tree[p].children[i]} :: 0 <= i < sz ==>
Armada_PointerSubtreeHasObjectType(tree, tree[p].children[i], subtype))
}
predicate Armada_PointerSubtreeCorrect(tree: map<Armada_Pointer, Armada_Node>, p: Armada_Pointer)
{
p in tree && Armada_PointerSubtreeHasObjectType(tree, p, tree[p].ty)
}
////////////////////////////////////
// Descendants in heap tree
////////////////////////////////////
function Armada_DescendantsOfPointerToObjectType(
tree: map<Armada_Pointer, Armada_Node>,
p: Armada_Pointer,
ty: Armada_ObjectType
) : set<Armada_Pointer>
decreases ty
{
match ty
case Armada_ObjectTypePrimitive(_) =>
{Armada_TriggerPointer(p)}
case Armada_ObjectTypeStruct(fieldTypes) =>
{Armada_TriggerPointer(p)}
+ (set q, i, ty {:trigger q in Armada_DescendantsOfPointerToObjectType(tree, tree[p].children[i], ty)}
| && p in tree
&& 0 <= i < |tree[p].children| && i < |fieldTypes|
&& ty == fieldTypes[i]
&& q in Armada_DescendantsOfPointerToObjectType(tree, tree[p].children[i], ty)
:: Armada_TriggerPointer(q))
case Armada_ObjectTypeArray(subtype, _) =>
{Armada_TriggerPointer(p)}
+ (set q, i {:trigger q in Armada_DescendantsOfPointerToObjectType(tree, tree[p].children[i], subtype)}
| && p in tree
&& 0 <= i < |tree[p].children|
&& q in Armada_DescendantsOfPointerToObjectType(tree, tree[p].children[i], subtype)
:: Armada_TriggerPointer(q))
}
function Armada_DescendantsOfPointer(tree: map<Armada_Pointer, Armada_Node>, p: Armada_Pointer) : set<Armada_Pointer>
requires p in tree
{
Armada_DescendantsOfPointerToObjectType(tree, p, tree[p].ty)
}
////////////////////////////////////
// Pointer validity
////////////////////////////////////
function Armada_ValidPointerToObjectType(h: Armada_Heap, p: Armada_Pointer, ty: Armada_ObjectType) : (b: bool)
ensures b ==> Armada_PointerSubtreeHasObjectType(h.tree, p, ty)
decreases ty
{
&& Armada_TriggerPointer(p) in h.tree
&& p in h.valid
&& h.tree[p].ty == ty
&& match h.tree[p].ty
case Armada_ObjectTypePrimitive(pty) =>
&& |h.tree[p].children| == 0
&& p in h.values
&& Armada_PrimitiveValueMatchesType(h.values[p], pty)
case Armada_ObjectTypeStruct(fieldTypes) =>
&& |h.tree[p].children| == |fieldTypes|
&& (forall i {:trigger h.tree[p].children[i]} :: 0 <= i < |fieldTypes| ==>
Armada_ValidPointerToObjectType(h, h.tree[p].children[i], fieldTypes[i]))
case Armada_ObjectTypeArray(subtype, sz) =>
&& |h.tree[p].children| == sz
&& (forall i {:trigger h.tree[p].children[i]} :: 0 <= i < sz ==>
Armada_ValidPointerToObjectType(h, h.tree[p].children[i], subtype))
}
function Armada_ValidPointer(h: Armada_Heap, p: Armada_Pointer) : (b: bool)
ensures b ==> Armada_PointerSubtreeCorrect(h.tree, p)
{
p in h.tree && Armada_ValidPointerToObjectType(h, p, h.tree[p].ty)
}
////////////////////////////////////
// Updating heap via pointers
////////////////////////////////////
function Armada_UpdateHeapValuesWithPrimitiveValue(
values: map<Armada_Pointer, Armada_PrimitiveValue>,
p: Armada_Pointer,
new_value: Armada_PrimitiveValue
) : (
new_values: map<Armada_Pointer, Armada_PrimitiveValue>
)
{
map q | q in values :: if q == p then new_value else values[q]
}
predicate Armada_ArbitrarilyResolveConflictingUpdatesTrigger(p: Armada_Pointer)
{
true
}
function {:opaque} Armada_ArbitrarilyResolveConflictingUpdates(update_set: set<(Armada_Pointer, Armada_PrimitiveValue)>)
: (update_map : map<Armada_Pointer, Armada_PrimitiveValue>)
ensures forall p :: p in update_map ==> (p, update_map[p]) in update_set
ensures forall p, v :: (p, v) in update_set ==> p in update_map
{
map p {:trigger Armada_ArbitrarilyResolveConflictingUpdatesTrigger(p)}
| Armada_ArbitrarilyResolveConflictingUpdatesTrigger(p) && (exists v :: (p, v) in update_set)
:: (var v :| (p, v) in update_set; v)
}
function Armada_UpdateHeapValuesSimultaneously(
values: Armada_HeapValues,
updates: set<(Armada_Pointer, Armada_PrimitiveValue)>
) : (
values': Armada_HeapValues
)
{
var update_map := Armada_ArbitrarilyResolveConflictingUpdates(updates);
map p | p in values :: if p in update_map then update_map[p] else values[p]
}
////////////////////////////////
// Configuration
////////////////////////////////
datatype Armada_Config = Armada_Config(tid_init: Armada_ThreadHandle, new_ptrs: set<Armada_Pointer>)
////////////////////////////////
// Placeholder types
////////////////////////////////
type ArmadaPlaceholder_ExtendedFrame
datatype ArmadaPlaceholder_StoreBufferEntry = ArmadaPlaceholder_StoreBufferEntry(value: Armada_PrimitiveValue)
datatype ArmadaPlaceholder_Thread =
ArmadaPlaceholder_Thread(stack: seq<ArmadaPlaceholder_ExtendedFrame>, storeBuffer: seq<ArmadaPlaceholder_StoreBufferEntry>)
datatype ArmadaPlaceholder_TotalState =
ArmadaPlaceholder_TotalState(stop_reason: Armada_StopReason, threads: map<Armada_ThreadHandle, ArmadaPlaceholder_Thread>,
joinable_tids: set<Armada_ThreadHandle>)
}
================================================
FILE: Armada/spec/refinement.s.dfy
================================================
include "../util/collections/seqs.s.dfy"
module GeneralRefinementModule {
import opened util_collections_seqs_s
datatype StatePair<State> = StatePair(s:State, s':State)
datatype Spec<!State> = Spec(init:iset<State>, next:iset<StatePair<State>>)
predicate BehaviorSatisfiesSpec<State>(b:seq<State>, sm:Spec<State>)
{
&& |b| > 0
&& b[0] in sm.init
&& (forall i {:trigger StatePair(b[i], b[i+1]) in sm.next} :: 0 <= i < |b|-1 ==> StatePair(b[i], b[i+1]) in sm.next)
}
datatype RefinementRange = RefinementRange(first:int, last:int)
type RefinementMap = seq<RefinementRange>
datatype RefinementPair<L, H> = RefinementPair(low:L, high:H)
type RefinementRelation<!L(==), !H(==)> = iset<RefinementPair<L, H>>
predicate IsValidRefinementMap(low_level_behavior_size:int, high_level_behavior_size:int, lh_map:RefinementMap)
{
&& |lh_map| == low_level_behavior_size
&& low_level_behavior_size > 0
&& (forall pair :: pair in lh_map ==> 0 <= pair.first <= pair.last < high_level_behavior_size)
&& lh_map[0].first == 0
&& last(lh_map).last == high_level_behavior_size - 1
&& (forall i :: 0 <= i < |lh_map| - 1 ==> lh_map[i+1].first == lh_map[i].last || lh_map[i+1].first == lh_map[i].last + 1)
}
predicate BehaviorRefinesBehaviorUsingRefinementMap<L, H>(
lb:seq<L>,
hb:seq<H>,
relation:RefinementRelation<L, H>,
lh_map:RefinementMap
)
{
&& IsValidRefinementMap(|lb|, |hb|, lh_map)
&& (forall i, j {:trigger RefinementPair(lb[i], hb[j]) in relation} ::
0 <= i < |lb| && lh_map[i].first <= j <= lh_map[i].last ==> RefinementPair(lb[i], hb[j]) in relation)
}
predicate BehaviorRefinesBehavior<L, H>(
lb:seq<L>,
hb:seq<H>,
relation:RefinementRelation<L, H>
)
{
exists lh_map :: BehaviorRefinesBehaviorUsingRefinementMap(lb, hb, relation, lh_map)
}
predicate BehaviorRefinesSpec<L, H(!new)>(
lb:seq<L>,
spec:Spec<H>,
relation:RefinementRelation<L, H>
)
{
exists hb :: BehaviorRefinesBehavior(lb, hb, relation) && BehaviorSatisfiesSpec(hb, spec)
}
predicate SpecRefinesSpec<L(!new), H(!new)>(
l_spec:Spec<L>,
h_spec:Spec<H>,
relation:RefinementRelation<L, H>
)
{
forall lb :: BehaviorSatisfiesSpec(lb, l_spec) ==> BehaviorRefinesSpec(lb, h_spec, relation)
}
}
================================================
FILE: Armada/strategies/chl/AtomicConcurrentHoareLogic.i.dfy
================================================
include "../../util/option.s.dfy"
include "../../util/collections/seqs.s.dfy"
include "../../util/collections/seqs.i.dfy"
include "../refinement/GeneralRefinementLemmas.i.dfy"
include "../refinement/RefinementConvolution.i.dfy"
include "../refinement/AnnotatedBehavior.i.dfy"
include "../invariants.i.dfy"
include "../generic/GenericArmadaLemmas.i.dfy"
include "../generic/LiftAtomicToAtomic.i.dfy"
include "ConcurrentHoareLogicSpec.i.dfy"
include "AtomicConcurrentHoareLogicLemmas.i.dfy"
module AtomicConcurrentHoareLogicModule {
import opened util_option_s
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened RefinementConvolutionModule
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened ArmadaCommonDefinitions
import opened GenericArmadaSpecModule
import opened GenericArmadaLemmasModule
import opened GenericArmadaAtomicModule
import opened LiftAtomicToAtomicModule
import opened ConcurrentHoareLogicSpecModule
import opened AtomicConcurrentHoareLogicSpecModule
import opened AtomicConcurrentHoareLogicLemmasModule
lemma lemma_LiftAtomicToAtomicUsingCHLRequest<LState(!new), LPath(!new), LPC(!new), LProc(!new), HState(!new), HPath(!new), HPC(!new)>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
requires IsValidAtomicConcurrentHoareLogicRequest(ar)
ensures SpecRefinesSpec(AtomicSpec(ar.l), AtomicSpec(ar.h), ar.relation)
{
var inv := ExtractInv(ar);
var relation := ExtractLiftingRelation(ar);
lemma_EstablishInitRequirements(ar, inv, relation);
lemma_EstablishAtomicPathsLiftable(ar, inv, relation);
lemma_LiftAtomicToAtomicGivenAtomicPathsLiftable(ar.l, ar.h, inv, relation, ar.relation);
}
}
================================================
FILE: Armada/strategies/chl/AtomicConcurrentHoareLogicLemmas.i.dfy
================================================
include "../../util/option.s.dfy"
include "../../util/collections/seqs.s.dfy"
include "../../util/collections/seqs.i.dfy"
include "../refinement/GeneralRefinementLemmas.i.dfy"
include "../refinement/RefinementConvolution.i.dfy"
include "../refinement/AnnotatedBehavior.i.dfy"
include "../invariants.i.dfy"
include "../generic/GenericArmadaLemmas.i.dfy"
include "../generic/LiftAtomicToAtomic.i.dfy"
include "ConcurrentHoareLogic.i.dfy"
include "AtomicConcurrentHoareLogicSpec.i.dfy"
module AtomicConcurrentHoareLogicLemmasModule {
import opened util_option_s
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened RefinementConvolutionModule
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened ArmadaCommonDefinitions
import opened GenericArmadaSpecModule
import opened GenericArmadaLemmasModule
import opened GenericArmadaAtomicModule
import opened LiftAtomicToAtomicModule
import opened ConcurrentHoareLogicSpecModule
import opened ConcurrentHoareLogicLemmasModule
import opened ConcurrentHoareLogicModule
import opened AtomicConcurrentHoareLogicSpecModule
function ExtractInv<LState(!new), LPath(!new), LPC(!new), LProc(!new), HState(!new), HPath(!new), HPC(!new)>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
) : LState->bool
{
s => s in AnnotatedReachables(ar.cr.spec)
}
function ExtractLiftingRelation<LState, LPath, LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
) : (LState, HState)->bool
{
(ls, hs) => hs == ar.lstate_to_hstate(ls)
}
lemma lemma_EstablishInitRequirements<LState(!new), LPath(!new), LPC(!new), LProc(!new), HState(!new), HPath(!new), HPC(!new)>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>,
inv:LState->bool,
relation:(LState, HState)->bool
)
requires IsValidAtomicConcurrentHoareLogicRequest(ar)
requires inv == ExtractInv(ar)
requires relation == ExtractLiftingRelation(ar)
ensures AtomicInitImpliesInv(ar.l, inv)
ensures forall ls :: ar.l.init(ls) ==> exists hs :: ar.h.init(hs) && relation(ls, hs)
{
forall ls | ar.l.init(ls)
ensures inv(ls)
ensures exists hs :: ar.h.init(hs) && relation(ls, hs)
{
lemma_InitStateInAnnotatedReachables(ls, ar.cr.spec);
var hs := ar.lstate_to_hstate(ls);
assert ar.h.init(hs) && relation(ls, hs);
}
}
lemma lemma_EstablishAtomicPathsLiftable<LState(!new), LPath(!new), LPC(!new), LProc(!new), HState(!new), HPath(!new), HPC(!new)>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>,
inv:LState->bool,
relation:(LState, HState)->bool
)
requires IsValidAtomicConcurrentHoareLogicRequest(ar)
requires inv == ExtractInv(ar)
requires relation == ExtractLiftingRelation(ar)
ensures forall ls, lpath, tid, hs ::
inv(ls) && relation(ls, hs) && ar.l.path_valid(ls, lpath, tid)
==> exists hpath :: LiftAtomicPathSuccessful(ar.l, ar.h, inv, relation, ls, lpath, tid, hs, hpath)
{
forall ls, lpath, tid, hs | inv(ls) && relation(ls, hs) && ar.l.path_valid(ls, lpath, tid)
ensures exists hpath :: LiftAtomicPathSuccessful(ar.l, ar.h, inv, relation, ls, lpath, tid, hs, hpath)
{
assert ls in AnnotatedReachables(ar.cr.spec);
var lb :| AnnotatedBehaviorSatisfiesSpec(lb, ar.cr.spec) && last(lb.states) == ls;
var ls' := ar.l.path_next(ls, lpath, tid);
var lpath_and_tid := PathAndTid(lpath, tid);
lemma_ExtendStateNextSeqRight(lb.states, lb.trace, ar.cr.spec.next, ls', lpath_and_tid);
var lb' := AnnotatedBehavior(lb.states + [ls'], lb.trace + [lpath_and_tid]);
var pos := |lb.trace|;
assert AnnotatedBehaviorSatisfiesSpec(lb', ar.cr.spec);
assert lb'.states[pos] == ls;
assert lb'.states[pos + 1] == ls';
assert lb'.trace[pos] == lpath_and_tid;
lemma_InvariantPredicateHoldsAtStep(lb', pos, ar.cr.spec, ar.cr.established_inv);
var hpath := ar.lpath_to_hpath(lpath);
assert CorrectCHLStepEffect(ar.cr, ls, ls', lpath_and_tid);
assert ar.cr.state_ok(ls);
lemma_CHLGlobalInvariantHoldsWhenActorPresent(ar.cr, lb', pos, tid);
if !ar.l.path_type(lpath).AtomicPathType_Tau? {
lemma_CHLLocalInvariantHoldsWhenActorAboutToStep(ar.cr, lb', pos, tid);
}
assert LPathImpliesHPathConditions(ar, ls, lpath, tid);
assert LiftAtomicPathSuccessful(ar.l, ar.h, inv, relation, ls, lpath, tid, hs, hpath);
}
}
}
================================================
FILE: Armada/strategies/chl/AtomicConcurrentHoareLogicSpec.i.dfy
================================================
include "../refinement/AnnotatedBehavior.i.dfy"
include "../invariants.i.dfy"
include "../generic/GenericArmadaAtomic.i.dfy"
include "ConcurrentHoareLogicSpec.i.dfy"
module AtomicConcurrentHoareLogicSpecModule {
import opened util_option_s
import opened GeneralRefinementModule
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened ArmadaCommonDefinitions
import opened GenericArmadaSpecModule
import opened GenericArmadaAtomicModule
import opened ConcurrentHoareLogicSpecModule
datatype PathAndTid<Path> = PathAndTid(path: Path, tid: Armada_ThreadHandle)
datatype AtomicConcurrentHoareLogicRequest<!LState, !LPath(==), !LPC, !LProc, !HState, !HPath, !HPC> =
AtomicConcurrentHoareLogicRequest(
cr:ConcurrentHoareLogicRequest<LState, Armada_ThreadHandle, PathAndTid<LPath>, LPC, LProc>,
l:AtomicSpecFunctions<LState, LPath, LPC>,
h:AtomicSpecFunctions<HState, HPath, HPC>,
relation:RefinementRelation<LState, HState>,
lstate_to_hstate:LState->HState,
lpath_to_hpath:LPath->HPath,
lpc_to_hpc:LPC->HPC
)
predicate LInitImpliesHInit<LState(!new), LPath, LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall ls :: ar.l.init(ls) ==> ar.h.init(ar.lstate_to_hstate(ls))
}
predicate LStateToHStateMapsPCsCorrectly<LState(!new), LPath, LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall ls, tid :: var hs := ar.lstate_to_hstate(ls);
var lpc := ar.l.get_thread_pc(ls, tid);
var hpc := ar.h.get_thread_pc(hs, tid);
hpc == if lpc.Some? then Some(ar.lpc_to_hpc(lpc.v)) else None()
}
predicate LHPathPropertiesMatch<LState(!new), LPath(!new), LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall lpath :: var hpath := ar.lpath_to_hpath(lpath);
ar.l.path_type(lpath) == ar.h.path_type(hpath)
}
predicate LPathImpliesHPathConditions<LState(!new), LPath(!new), LPC, LProc, HState, HPath, HPC>(
ar: AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>,
ls: LState,
lpath: LPath,
tid: Armada_ThreadHandle
)
{
&& ar.l.path_valid(ls, lpath, tid)
&& ar.cr.established_inv(ls)
&& (!ar.l.path_type(lpath).AtomicPathType_Tau? ==> ar.cr.local_inv(ls, tid))
&& ar.cr.global_inv(ls)
}
predicate LPathImpliesHPath<LState(!new), LPath(!new), LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall ls, lpath, tid {:trigger LPathImpliesHPathConditions(ar, ls, lpath, tid)} :: LPathImpliesHPathConditions(ar, ls, lpath, tid) ==>
var ls' := ar.l.path_next(ls, lpath, tid);
var hs := ar.lstate_to_hstate(ls);
var hpath := ar.lpath_to_hpath(lpath);
var hs' := ar.lstate_to_hstate(ls');
&& ar.h.path_valid(hs, hpath, tid)
&& hs' == ar.h.path_next(hs, hpath, tid)
}
predicate StateConversionPreservesOK<LState(!new), LPath, LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall ls :: ar.h.state_ok(ar.lstate_to_hstate(ls)) == ar.l.state_ok(ls)
}
predicate StateConversionSatisfiesRelation<LState(!new), LPath, LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
forall ls :: RefinementPair(ls, ar.lstate_to_hstate(ls)) in ar.relation
}
predicate EmbeddedRequestCorresponds<LState(!new), LPath(!new), LPC, LProc, HState, HPath, HPC>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
&& (forall s :: ar.l.init(s) <==> s in ar.cr.spec.init)
&& (forall s :: ar.l.state_ok(s) <==> ar.cr.state_ok(s))
&& (forall s, s', path, tid :: ActionTuple(s, s', PathAndTid(path, tid)) in ar.cr.spec.next <==>
ar.l.path_valid(s, path, tid) && s' == ar.l.path_next(s, path, tid))
&& (forall path, tid :: ar.cr.step_to_actor(PathAndTid(path, tid)) ==
if ar.l.path_type(path).AtomicPathType_Tau? then None else Some(tid))
&& (forall s, tid :: ar.cr.get_actor_pc_stack(s, tid).Some? <==> ar.l.get_thread_pc(s, tid).Some?)
}
predicate IsValidAtomicConcurrentHoareLogicRequest<LState(!new), LPath(!new), LPC(!new), LProc(!new), HState(!new), HPath(!new), HPC(!new)>(
ar:AtomicConcurrentHoareLogicRequest<LState, LPath, LPC, LProc, HState, HPath, HPC>
)
{
&& IsValidConcurrentHoareLogicRequest(ar.cr)
&& LPathImpliesHPath(ar)
&& EmbeddedRequestCorresponds(ar)
&& AtomicInitImpliesOK(ar.l)
&& AtomicPathRequiresOK(ar.l)
&& AtomicSteppingThreadHasPC(ar.l)
&& AtomicTauLeavesPCUnchanged(ar.l)
&& AtomicThreadCantAffectOtherThreadPCExceptViaFork(ar.l)
&& LInitImpliesHInit(ar)
&& LStateToHStateMapsPCsCorrectly(ar)
&& LHPathPropertiesMatch(ar)
&& StateConversionPreservesOK(ar)
&& StateConversionSatisfiesRelation(ar)
}
}
================================================
FILE: Armada/strategies/chl/ConcurrentHoareLogic.i.dfy
================================================
include "ConcurrentHoareLogicLemmas.i.dfy"
module ConcurrentHoareLogicModule {
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened util_collections_seqs_s
import opened util_option_s
import opened ConcurrentHoareLogicSpecModule
import opened ConcurrentHoareLogicLemmasModule
lemma lemma_CHLGlobalInvariantHoldsWhenActorPresent<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr: ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b: AnnotatedBehavior<State, Step>,
pos: int,
actor: Actor
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 <= pos < |b.states|
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires cr.state_ok(b.states[pos])
ensures cr.global_inv(b.states[pos])
{
var pc := cr.get_actor_pc_stack(b.states[pos], actor).v.pc;
var proc := cr.pc_to_proc(pc);
var overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos, actor, proc);
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay.sb, actor, proc, |overlay.sb.states| - 1);
}
lemma lemma_CHLLocalInvariantHoldsWhenActorAboutToStep<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr: ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b: AnnotatedBehavior<State, Step>,
pos: int,
actor: Actor
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 <= pos < |b.trace|
requires cr.step_to_actor(b.trace[pos]).Some?
ensures cr.local_inv(b.states[pos], cr.step_to_actor(b.trace[pos]).v)
{
var s := b.states[pos];
var s' := b.states[pos + 1];
var step := b.trace[pos];
assert ActionTuple(s, s', step) in cr.spec.next;
var actor := cr.step_to_actor(step).v;
var effect := cr.step_to_effect(step);
var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var proc := cr.pc_to_proc(pc);
var overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos, actor, proc);
assert AnnotatedBehaviorSatisfiesSpec(overlay.sb, GetStraightlineSpec(cr, actor, proc));
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay.sb, step, s');
}
}
================================================
FILE: Armada/strategies/chl/ConcurrentHoareLogicLemmas.i.dfy
================================================
include "ConcurrentHoareLogicSpec.i.dfy"
module ConcurrentHoareLogicLemmasModule {
import opened util_collections_maps_s
import opened util_collections_seqs_s
import opened util_option_s
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened ConcurrentHoareLogicSpecModule
///////////////////////////////////////////
// Sequence monotonicity
///////////////////////////////////////////
predicate {:opaque} SequenceMonotonic(s:seq<int>)
{
forall i, j :: 0 <= i <= j < |s| ==> s[i] <= s[j]
}
lemma lemma_TakeSequenceMonotonic(s:seq<int>, n:int)
requires SequenceMonotonic(s)
requires 0 <= n < |s|
ensures SequenceMonotonic(s[..n])
{
reveal SequenceMonotonic();
}
lemma lemma_ExtendSequenceMonotonic(s:seq<int>, n:int)
requires SequenceMonotonic(s)
requires |s| > 0 ==> n >= last(s)
ensures SequenceMonotonic(s + [n])
{
reveal SequenceMonotonic();
}
lemma lemma_UseSequenceMonotonic(s:seq<int>, i:int, j:int)
requires SequenceMonotonic(s)
requires 0 <= i <= j < |s|
ensures s[i] <= s[j]
{
reveal SequenceMonotonic();
}
lemma lemma_EstablishSequenceMonotonic(s:seq<int>)
requires forall i, j :: 0 <= i <= j < |s| ==> s[i] <= s[j]
ensures SequenceMonotonic(s)
{
reveal SequenceMonotonic();
}
lemma lemma_ReplaceLastSequenceMonotonic(s:seq<int>, n:int)
requires SequenceMonotonic(s)
requires |s| > 0
requires n >= last(s)
ensures SequenceMonotonic(all_but_last(s) + [n])
{
reveal SequenceMonotonic();
}
///////////////////////////////////////////
// Overlay validity
///////////////////////////////////////////
datatype HowStarted = HowStartedInit | HowStartedCall | HowStartedFork
datatype StraightlineOverlay<State, Step, PC, Proc> = StraightlineOverlay(
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
how_started:HowStarted,
positions:seq<int>
)
predicate IsCallStep<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
actor:Actor,
step:Step
)
{
var step_actor := cr.step_to_actor(step);
var effect := cr.step_to_effect(step);
&& step_actor.Some?
&& step_actor.v == actor
&& (effect.CHLStepEffectCall? || effect.CHLStepEffectReturnThenCall?)
}
predicate IsForkStep<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
actor:Actor,
s:State
)
{
cr.get_actor_pc_stack(s, actor).None?
}
predicate StraightlineOverlayValid<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
overlay:StraightlineOverlay<State, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc
)
{
&& AnnotatedBehaviorSatisfiesSpec(overlay.sb, GetStraightlineSpec(cr, actor, proc))
&& |overlay.positions| == |overlay.sb.states|
&& |overlay.positions| > 0
&& SequenceMonotonic(overlay.positions)
&& (forall i :: 0 <= i < |overlay.positions| ==>
&& 0 <= overlay.positions[i] < |b.states|
&& b.states[overlay.positions[i]] == overlay.sb.states[i].state)
&& (var pos := overlay.positions[0];
match overlay.how_started
case HowStartedInit => pos == 0
case HowStartedCall => 0 < pos <= |b.trace| && IsCallStep(cr, actor, b.trace[pos-1])
case HowStartedFork => 0 < pos <= |b.trace| && IsForkStep(cr, actor, b.states[pos-1]))
}
predicate StraightlineOverlayLeadsToPos<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
overlay:StraightlineOverlay<State, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc,
pos:int
)
{
&& StraightlineOverlayValid(cr, overlay, b, actor, proc)
&& last(overlay.positions) == pos
}
///////////////////////////////////////////
// Lemmas about straightline behaviors
///////////////////////////////////////////
predicate ActorInProc<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
actor:Actor,
proc:Proc
)
{
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
cr.pc_to_proc(pc) == proc
}
lemma lemma_StraightlineBehaviorSatisfiesGlobalInvariant<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc,
pos:int
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
requires 0 <= pos < |sb.states|
ensures cr.global_inv(sb.states[pos].state)
ensures cr.state_ok(sb.states[pos].state)
{
if pos == 0 {
return;
}
var sspec := GetStraightlineSpec(cr, actor, proc);
var prev := pos-1;
var ss := sb.states[prev];
var ss' := sb.states[prev+1];
var sstep := sb.trace[prev];
assert ActionTuple(ss, ss', sstep) in sspec.next;
assert StraightlineSpecNext(cr, ss, ss', sstep, actor, proc);
assert StraightlineSpecNextCommon(cr, ss, ss', sstep, actor);
assert cr.global_inv(ss'.state);
}
lemma lemma_StraightlineBehaviorNeverChangesStack<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc,
pos:int
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
requires 0 <= pos < |sb.states|
ensures var ss0 := sb.states[0];
var ss' := sb.states[pos];
var s0 := ss0.state;
var StraightlineState(s', aux') := ss';
&& cr.get_actor_pc_stack(s0, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
&& var PCStack(pc0, stack0) := cr.get_actor_pc_stack(s0, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
if aux'.phase.StraightlinePhaseCalled? || aux'.phase.StraightlinePhaseEnsured? then
&& |stack'| > 0
&& stack'[0] == proc
&& stack'[1..] == stack0
else
&& cr.pc_to_proc(pc') == proc
&& stack' == stack0
decreases pos
{
if pos == 0 {
return;
}
var prev := pos-1;
var ss := sb.states[prev];
var ss' := sb.states[prev+1];
var sstep := sb.trace[prev];
var sspec := GetStraightlineSpec(cr, actor, proc);
assert ActionTuple(ss, ss', sstep) in sspec.next;
lemma_StraightlineBehaviorNeverChangesStack(cr, sb, actor, proc, pos-1);
assert StraightlineSpecNext(cr, ss, ss', sstep, actor, proc);
}
lemma lemma_VisitedLoopsOnlyContainsLoopHeads<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc,
pc:PC,
pos:int
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
requires 0 <= pos < |sb.states|
ensures pc in sb.states[pos].aux.visited_loops ==> cr.is_loop_head(pc)
{
if pos == 0 {
return;
}
var prev := pos-1;
var ss := sb.states[prev];
var ss' := sb.states[prev+1];
var step := sb.trace[prev];
var sspec := GetStraightlineSpec(cr, actor, proc);
assert ActionTuple(ss, ss', step) in sspec.next;
lemma_VisitedLoopsOnlyContainsLoopHeads(cr, sb, actor, proc, pc, prev);
}
lemma lemma_PCVisitedIfInLoopedPhase<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc,
pos:int
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
requires 0 <= pos < |sb.states|
ensures cr.get_actor_pc_stack(sb.states[pos].state, actor).Some?
ensures var StraightlineState(s, aux) := sb.states[pos];
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var phase := aux.phase;
&& (cr.is_loop_head(pc) && phase.StraightlinePhaseLooped? ==> pc in aux.visited_loops)
&& (pc in aux.visited_loops ==> cr.is_loop_head(pc))
{
if pos == 0 {
return;
}
var prev := pos-1;
lemma_PCVisitedIfInLoopedPhase(cr, sb, actor, proc, prev);
var sspec := GetStraightlineSpec(cr, actor, proc);
assert ActionTuple(sb.states[prev], sb.states[prev+1], sb.trace[prev]) in sspec.next;
var pc := cr.get_actor_pc_stack(sb.states[pos].state, actor).v.pc;
lemma_VisitedLoopsOnlyContainsLoopHeads(cr, sb, actor, proc, pc, pos);
}
///////////////////////////////////////////
// Lemmas about overlays
///////////////////////////////////////////
lemma lemma_FindWhenLoopBegan<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc,
overlay:StraightlineOverlay<State, Step, PC, Proc>,
pc:PC,
pos:int
) returns (
earlier_pos:int
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires StraightlineOverlayValid(cr, overlay, b, actor, proc)
requires 0 <= pos < |overlay.sb.states|
requires pc in overlay.sb.states[pos].aux.visited_loops
requires cr.get_actor_pc_stack(overlay.sb.states[pos].state, actor).Some?
ensures 0 <= earlier_pos < pos
ensures cr.is_loop_head(pc)
ensures cr.get_actor_pc_stack(overlay.sb.states[earlier_pos].state, actor).Some?
ensures cr.get_actor_pc_stack(overlay.sb.states[earlier_pos].state, actor).v.pc == pc
ensures overlay.sb.states[earlier_pos].aux.phase.StraightlinePhaseYielded?
ensures pc !in overlay.sb.states[earlier_pos].aux.visited_loops
ensures pc in overlay.sb.states[earlier_pos+1].aux.visited_loops
ensures overlay.sb.states[earlier_pos+1].aux.visited_loops[pc] == overlay.sb.states[pos].aux.visited_loops[pc]
== overlay.sb.states[earlier_pos].state
ensures overlay.sb.trace[earlier_pos] == StraightlineStepLoopModifies(pc)
{
if pos == 0 {
assert false;
return;
}
lemma_VisitedLoopsOnlyContainsLoopHeads(cr, overlay.sb, actor, proc, pc, pos);
var sspec := GetStraightlineSpec(cr, actor, proc);
var prev := pos-1;
assert ActionTuple(overlay.sb.states[prev], overlay.sb.states[prev+1], overlay.sb.trace[prev]) in sspec.next;
lemma_PCVisitedIfInLoopedPhase(cr, overlay.sb, actor, proc, prev);
if pc !in overlay.sb.states[prev].aux.visited_loops {
earlier_pos := prev;
return;
}
earlier_pos := lemma_FindWhenLoopBegan(cr, b, actor, proc, overlay, pc, pos-1);
}
lemma lemma_ExtendYieldingOverlayOneStep<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc,
pos:int,
overlay_prev:StraightlineOverlay<State, Step, PC, Proc>
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires StraightlineOverlayLeadsToPos(cr, overlay_prev, b, actor, proc, pos-1)
requires last(overlay_prev.sb.states).aux.phase.StraightlinePhaseYielded?
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires cr.yield_pred(b.states[pos-1], b.states[pos], actor)
requires cr.global_inv(b.states[pos])
requires cr.get_actor_pc_stack(b.states[pos], actor) == cr.get_actor_pc_stack(b.states[pos-1], actor)
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
{
var s' := b.states[pos];
var sspec := GetStraightlineSpec(cr, actor, proc);
var opos := |overlay_prev.sb.trace| - 1;
var ss := overlay_prev.sb.states[opos];
var ss' := overlay_prev.sb.states[opos+1];
var sstep := overlay_prev.sb.trace[opos];
assert ActionTuple(ss, ss', sstep) in sspec.next;
assert StraightlineSpecNextYield(cr, ss, ss', sstep, actor, proc);
var new_aux' := StraightlineUpdateAux(cr, ss, actor, sstep, s');
var new_ss' := StraightlineState(s', new_aux');
var sstates := all_but_last(overlay_prev.sb.states) + [new_ss'];
lemma_InvariantPredicateHoldsAtStep(b, overlay_prev.positions[opos], cr.spec, cr.established_inv);
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, opos);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
assert StraightlineSpecNextYield(cr, ss, new_ss', sstep, actor, proc);
assert StraightlineSpecNext(cr, ss, new_ss', sstep, actor, proc);
lemma_ReplaceStateOnlyStateNextSeqRight(overlay_prev.sb.states, overlay_prev.sb.trace, sspec.next, new_ss');
lemma_ReplaceLastSequenceMonotonic(overlay_prev.positions, pos);
overlay := overlay_prev.(sb := overlay_prev.sb.(states := sstates), positions := all_but_last(overlay_prev.positions) + [pos]);
}
lemma lemma_ExtendOverlayWithYielding<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc,
pos:int,
overlay_prev:StraightlineOverlay<State, Step, PC, Proc>
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires StraightlineOverlayValid(cr, overlay_prev, b, actor, proc)
requires last(overlay_prev.positions) == pos
requires last(overlay_prev.sb.states).aux.phase.StraightlinePhaseNormal?
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
{
var ss := last(overlay_prev.sb.states);
var StraightlineState(s, aux) := ss;
var phase := aux.phase;
var overlay_pos := |overlay_prev.sb.trace|;
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_prev.sb, actor, proc, overlay_pos);
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var sspec := GetStraightlineSpec(cr, actor, proc);
var AnnotatedBehavior(sstates, strace) := overlay_prev.sb;
var positions := overlay_prev.positions;
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, overlay_pos);
lemma_InvariantPredicateHoldsAtStep(b, last(overlay_prev.positions), cr.spec, cr.established_inv);
var sstep := StraightlineStepYield();
var aux2 := StraightlineUpdateAux(cr, last(sstates), actor, sstep, s);
var sstate' := StraightlineState(s, aux2);
assert StraightlineSpecNextYield(cr, last(sstates), sstate', sstep, actor, proc);
assert StraightlineSpecNext(cr, last(sstates), sstate', sstep, actor, proc);
lemma_ExtendStateNextSeqRight(sstates, strace, sspec.next, sstate', sstep);
sstates := sstates + [sstate'];
strace := strace + [sstep];
lemma_ExtendSequenceMonotonic(positions, pos);
positions := positions + [pos];
overlay := overlay_prev.(sb := AnnotatedBehavior(sstates, strace), positions := positions);
}
lemma lemma_ExtendOverlayWithLooping<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc,
pos:int,
overlay_prev:StraightlineOverlay<State, Step, PC, Proc>
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires StraightlineOverlayValid(cr, overlay_prev, b, actor, proc)
requires last(overlay_prev.positions) == pos
requires last(overlay_prev.sb.states).aux.phase.StraightlinePhaseYielded?
requires cr.get_actor_pc_stack(last(overlay_prev.sb.states).state, actor).Some?
requires var s := last(overlay_prev.sb.states).state;
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
cr.is_loop_head(pc)
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseLooped?
{
var ss := last(overlay_prev.sb.states);
var StraightlineState(s, aux) := ss;
var phase := aux.phase;
var overlay_pos := |overlay_prev.sb.trace|;
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_prev.sb, actor, proc, overlay_pos);
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var sspec := GetStraightlineSpec(cr, actor, proc);
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, overlay_pos);
if pc in aux.visited_loops {
lemma_VisitedLoopsOnlyContainsLoopHeads(cr, overlay_prev.sb, actor, proc, pc, overlay_pos);
assert StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBackConditions(cr, overlay_prev.sb, actor, proc);
var earlier_pos := lemma_FindWhenLoopBegan(cr, b, actor, proc, overlay_prev, pc, overlay_pos);
var ss_earlier := overlay_prev.sb.states[earlier_pos];
var sstep := overlay_prev.sb.trace[earlier_pos];
var aux_new := StraightlineUpdateAux(cr, ss_earlier, actor, sstep, s);
var ss_new := StraightlineState(s, aux_new);
var states := overlay_prev.sb.states[..earlier_pos + 1] + [ss_new];
var trace := overlay_prev.sb.trace[..earlier_pos] + [sstep];
var positions := overlay_prev.positions[..earlier_pos + 1] + [pos];
lemma_TakeSequenceMonotonic(overlay_prev.positions, earlier_pos + 1);
lemma_UseSequenceMonotonic(overlay_prev.positions, earlier_pos, |overlay_prev.positions|-1);
lemma_ExtendSequenceMonotonic(overlay_prev.positions[..earlier_pos + 1], pos);
lemma_TakeStateNextSeq(overlay_prev.sb.states, overlay_prev.sb.trace, sspec.next, earlier_pos);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_prev.sb, actor, proc, 0);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_prev.sb, actor, proc, earlier_pos);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_prev.sb, actor, proc, |overlay_prev.sb.states|-1);
assert StraightlineSpecNextLoopModifies(cr, ss_earlier, ss_new, sstep, actor, proc, pc);
assert StraightlineSpecNext(cr, ss_earlier, ss_new, sstep, actor, proc);
lemma_ExtendStateNextSeqRight(overlay_prev.sb.states[..earlier_pos + 1], overlay_prev.sb.trace[..earlier_pos], sspec.next,
ss_new, sstep);
var sb := AnnotatedBehavior(states, trace);
assert AnnotatedBehaviorSatisfiesSpec(sb, sspec);
overlay := StraightlineOverlay(sb, overlay_prev.how_started, positions);
}
else {
var AnnotatedBehavior(sstates, strace) := overlay_prev.sb;
var positions := overlay_prev.positions;
var sstep0 := StraightlineStepLoopModifies(pc);
var aux1 := StraightlineUpdateAux(cr, last(sstates), actor, sstep0, s);
var sstate1 := StraightlineState(s, aux1);
lemma_InvariantPredicateHoldsAtStep(b, last(overlay_prev.positions), cr.spec, cr.established_inv);
assert StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntryConditions(cr, overlay_prev.sb, actor, proc);
assert StraightlineSpecNextLoopModifies(cr, last(sstates), sstate1, sstep0, actor, proc, pc);
assert StraightlineSpecNext(cr, last(sstates), sstate1, sstep0, actor, proc);
lemma_ExtendStateNextSeqRight(sstates, strace, sspec.next, sstate1, sstep0);
sstates := sstates + [sstate1];
strace := strace + [sstep0];
lemma_ExtendSequenceMonotonic(positions, pos);
positions := positions + [pos];
overlay := overlay_prev.(sb := AnnotatedBehavior(sstates, strace), positions := positions);
}
}
///////////////////////////////////////////////
// Cases of obtaining straightline behaviors
///////////////////////////////////////////////
lemma lemma_GetStraightlineBehaviorCaseInit<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires cr.get_actor_pc_stack(b.states[0], actor).Some?
requires ActorInProc(cr, b.states[0], actor, proc)
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, 0)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
{
var positions := [0];
lemma_EstablishSequenceMonotonic(positions);
var s := b.states[0];
assert ActorsBeginAtEntryPointsWithEmptyStacksConditions(cr, s, actor);
assert RequiresClausesSatisfiedInitiallyConditions(cr, s, actor);
var ss := StraightlineState(s, StraightlineInitAux());
var sb := AnnotatedBehavior([ss], []);
lemma_InvariantPredicateHoldsAtStart(s, cr.spec, cr.established_inv);
assert StraightlineSpecInit(cr, sb.states[0], actor, proc);
var overlay_prev := StraightlineOverlay(sb, HowStartedInit, [0]);
overlay := lemma_ExtendOverlayWithYielding(cr, b, actor, proc, 0, overlay_prev);
}
lemma lemma_GetStraightlineBehaviorCaseNormal<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.step_to_actor(b.trace[pos-1]).Some?
requires cr.step_to_actor(b.trace[pos-1]).v == actor
requires cr.step_to_effect(b.trace[pos-1]).CHLStepEffectNormal?
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 1
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
assert ActionTuple(s, s', step) in cr.spec.next;
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var pc' := cr.get_actor_pc_stack(s', actor).v.pc;
assert cr.pc_to_proc(pc') == cr.pc_to_proc(pc);
var overlay_prev := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos-1, actor, proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_prev.sb, step, s');
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, overlay_prev.sb, step, s');
if cr.is_loop_head(pc) {
overlay_prev := lemma_ExtendOverlayWithLooping(cr, b, actor, proc, pos-1, overlay_prev);
}
var sspec := GetStraightlineSpec(cr, actor, proc);
var sstates := overlay_prev.sb.states;
var strace := overlay_prev.sb.trace;
var ss := last(sstates);
var sstep := StraightlineStepNormal(step);
var aux := ss.aux;
var aux' := StraightlineUpdateAux(cr, ss, actor, sstep, s');
var ss' := StraightlineState(s', aux');
var overlay_pos := |overlay_prev.sb.states| - 1;
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, overlay_pos);
lemma_PCVisitedIfInLoopedPhase(cr, overlay_prev.sb, actor, proc, overlay_pos);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
assert StraightlineSpecNextNormal(cr, last(sstates), ss', sstep, actor, proc, step);
lemma_ExtendStateNextSeqRight(sstates, strace, sspec.next, ss', sstep);
var sb_next := AnnotatedBehavior(sstates + [ss'], strace + [sstep]);
var positions := overlay_prev.positions + [pos];
lemma_ExtendSequenceMonotonic(overlay_prev.positions, pos);
var overlay_next := StraightlineOverlay(sb_next, overlay_prev.how_started, positions);
overlay := lemma_ExtendOverlayWithYielding(cr, b, actor, proc, pos, overlay_next);
}
lemma lemma_GetStraightlineBehaviorCaseFork<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires cr.get_actor_pc_stack(b.states[pos-1], actor).None?
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires cr.step_to_actor(b.trace[pos-1]).Some?
requires cr.step_to_actor(b.trace[pos-1]).v != actor
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 0
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
var effect := cr.step_to_effect(step);
assert ActionTuple(s, s', step) in cr.spec.next;
var pc' := cr.get_actor_pc_stack(s', actor).v.pc;
var forker_actor := cr.step_to_actor(step).v;
var PCStack(forker_pc, forker_stack) := cr.get_actor_pc_stack(s, forker_actor).v;
assert ForkedActorsStartAtEntryPointsWithEmptyStacksConditions(cr, s, s', step, actor);
assert !effect.CHLStepEffectExit?;
var forker_proc, forker_overlay;
if effect.CHLStepEffectReturn? || effect.CHLStepEffectReturnThenCall? {
var overlay_alt := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, prev, forker_actor, cr.pc_to_proc(forker_pc));
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_alt.sb, step, s');
forker_proc := forker_stack[0];
forker_overlay := lemma_GetStraightlineBehaviorForCallerProc(cr, b, prev, forker_actor, forker_proc);
}
else {
forker_proc := cr.step_to_proc(step);
forker_overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, prev, forker_actor, forker_proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, forker_overlay.sb, step, s');
}
assert StraightlineBehaviorsSatisfyPreconditionsForForksConditions(cr, forker_overlay.sb, step, s', actor);
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, forker_overlay.sb, step, s');
assert cr.global_inv(s');
var myb := forker_overlay.sb;
assert AnnotatedBehaviorSatisfiesSpec(myb, GetStraightlineSpec(cr, forker_actor, forker_proc));
assert ActionTuple(s, s', step) in cr.spec.next;
assert cr.step_to_actor(step).v == forker_actor;
assert cr.get_actor_pc_stack(s, forker_actor).Some?;
assert cr.get_actor_pc_stack(s, actor).None?;
assert cr.get_actor_pc_stack(s', actor).Some?;
assert pc' == cr.get_actor_pc_stack(s', actor).v.pc;
assert proc == cr.pc_to_proc(pc');
assert cr.requires_clauses(proc, s', actor);
var ss := StraightlineState(s', StraightlineInitAux());
var overlay_prev := StraightlineOverlay(AnnotatedBehavior([ss], []), HowStartedFork, [pos]);
lemma_EstablishSequenceMonotonic(overlay_prev.positions);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
assert IsForkStep(cr, actor, s);
assert StraightlineSpecInit(cr, ss, actor, proc);
assert StraightlineOverlayValid(cr, overlay_prev, b, actor, proc);
overlay := lemma_ExtendOverlayWithYielding(cr, b, actor, proc, pos, overlay_prev);
}
lemma lemma_GetStraightlineBehaviorCaseOtherActor<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.step_to_actor(b.trace[pos-1]).Some?
requires cr.step_to_actor(b.trace[pos-1]).v != actor
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 1
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
assert ActionTuple(s, s', step) in cr.spec.next;
if cr.get_actor_pc_stack(s, actor).None? {
overlay := lemma_GetStraightlineBehaviorCaseFork(cr, b, pos, actor, proc);
return;
}
var other_actor := cr.step_to_actor(step).v;
var PCStack(other_pc, other_stack) := cr.get_actor_pc_stack(s, other_actor).v;
var effect := cr.step_to_effect(step);
var other_proc, overlay_other;
if effect.CHLStepEffectReturn? || effect.CHLStepEffectReturnThenCall? {
var overlay_alt := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos - 1, other_actor, cr.pc_to_proc(other_pc));
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_alt.sb, step, s');
other_proc := other_stack[0];
overlay_other := lemma_GetStraightlineBehaviorForCallerProc(cr, b, pos - 1, other_actor, other_proc);
}
else {
other_proc := cr.step_to_proc(step);
overlay_other := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos - 1, other_actor, other_proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_other.sb, step, s');
}
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, overlay_other.sb, step, s');
assert StraightlineBehaviorsSatisfyYieldPredicateConditions(cr, overlay_other.sb, step, s', actor);
assert StepsDontChangeOtherActorsExceptViaForkConditions(cr, s, s', step, actor);
var overlay_prev := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos - 1, actor, proc);
overlay := lemma_ExtendYieldingOverlayOneStep(cr, b, actor, proc, pos, overlay_prev);
}
lemma lemma_GetStraightlineBehaviorCaseActorless<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.step_to_actor(b.trace[pos-1]).None?
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 1
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
assert ActionTuple(s, s', step) in cr.spec.next;
lemma_InvariantPredicateHoldsAtStep(b, prev, cr.spec, cr.established_inv);
assert ActorlessStepsDontChangeActorsConditions(cr, s, s', step, actor);
var overlay_prev := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos-1, actor, proc);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, |overlay_prev.sb.states|-1);
assert ActorlessStepsMaintainYieldPredicateAndGlobalInvariantConditions(cr, s, s', step, actor);
overlay := lemma_ExtendYieldingOverlayOneStep(cr, b, actor, proc, pos, overlay_prev);
}
lemma lemma_GetStraightlineBehaviorCaseCall<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.step_to_actor(b.trace[pos-1]).Some?
requires cr.step_to_actor(b.trace[pos-1]).v == actor
requires var effect := cr.step_to_effect(b.trace[pos-1]); effect.CHLStepEffectCall? || effect.CHLStepEffectReturnThenCall?
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 1
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
assert ActionTuple(s, s', step) in cr.spec.next;
var effect := cr.step_to_effect(step);
var pc' := cr.get_actor_pc_stack(s', actor).v.pc;
var caller_pc := cr.get_actor_pc_stack(s, actor).v.pc;
var caller_proc := cr.step_to_proc(step);
var caller_overlay;
if effect.CHLStepEffectCall? {
caller_overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos-1, actor, caller_proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, caller_overlay.sb, step, s');
}
else {
var overlay_alt := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos-1, actor, cr.pc_to_proc(caller_pc));
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_alt.sb, step, s');
caller_overlay := lemma_GetStraightlineBehaviorForCallerProc(cr, b, pos-1, actor, caller_proc);
}
assert StraightlineBehaviorsSatisfyPreconditionsForCallsConditions(cr, caller_overlay.sb, step, s');
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, caller_overlay.sb, step, s');
assert cr.requires_clauses(proc, s', actor);
assert cr.global_inv(s');
var positions := [pos];
lemma_EstablishSequenceMonotonic(positions);
var ss := StraightlineState(s', StraightlineInitAux());
var sb := AnnotatedBehavior([ss], []);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
var overlay_prev := StraightlineOverlay(sb, HowStartedCall, positions);
assert StraightlineSpecInit(cr, ss, actor, proc);
overlay := lemma_ExtendOverlayWithYielding(cr, b, actor, proc, pos, overlay_prev);
}
lemma lemma_GetStraightlineBehaviorCaseReturn<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 < pos < |b.states|
requires cr.state_ok(b.states[pos])
requires ActorInProc(cr, b.states[pos], actor, proc)
requires cr.step_to_actor(b.trace[pos-1]).Some?
requires cr.step_to_actor(b.trace[pos-1]).v == actor
requires cr.step_to_effect(b.trace[pos-1]).CHLStepEffectReturn?
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 1
{
var prev := pos-1;
var s := b.states[prev];
var s' := b.states[prev+1];
var step := b.trace[prev];
assert ActionTuple(s, s', step) in cr.spec.next;
assert s' == b.states[pos];
var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
var caller_proc := cr.pc_to_proc(pc);
var caller_overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos-1, actor, caller_proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, caller_overlay.sb, step, s');
var overlay_prev := lemma_GetStraightlineBehaviorForCallerProc(cr, b, pos-1, actor, proc);
var sspec := GetStraightlineSpec(cr, actor, proc);
var sstates := overlay_prev.sb.states;
var strace := overlay_prev.sb.trace;
var ss := last(sstates);
var aux := ss.aux;
var sstep := StraightlineStepReturn(step);
var aux' := StraightlineUpdateAux(cr, ss, actor, sstep, s');
var ss' := StraightlineState(s', aux');
var overlay_pos := |overlay_prev.sb.states| - 1;
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_prev.sb, actor, proc, overlay_pos);
lemma_PCVisitedIfInLoopedPhase(cr, overlay_prev.sb, actor, proc, overlay_pos);
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, overlay_prev.sb, step, s');
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
assert StraightlineSpecNextReturn(cr, last(sstates), ss', sstep, actor, proc, step);
lemma_ExtendStateNextSeqRight(sstates, strace, sspec.next, ss', sstep);
var sb_next := AnnotatedBehavior(sstates + [ss'], strace + [sstep]);
var positions := overlay_prev.positions + [pos];
lemma_ExtendSequenceMonotonic(overlay_prev.positions, pos);
var overlay_next := StraightlineOverlay(sb_next, overlay_prev.how_started, positions);
overlay := lemma_ExtendOverlayWithYielding(cr, b, actor, proc, pos, overlay_next);
}
///////////////////////////////////////////
// Obtaining straightline behaviors
///////////////////////////////////////////
lemma lemma_GetStraightlineBehaviorForCallerProc<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 <= pos < |b.states|
requires cr.state_ok(b.states[pos])
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires var PCStack(pc, stack) := cr.get_actor_pc_stack(b.states[pos], actor).v;
|stack| > 0 && stack[0] == proc && cr.is_return_site(pc)
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseEnsured?
decreases pos, 3
{
var s := b.states[pos];
var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var callee := cr.pc_to_proc(pc);
var overlay_alt := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, pos, actor, callee);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_alt.sb, actor, callee, 0);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_alt.sb, actor, callee, |overlay_alt.sb.states|-1);
var call_pos := overlay_alt.positions[0] - 1;
if overlay_alt.how_started.HowStartedInit? {
assert ActorsBeginAtEntryPointsWithEmptyStacksConditions(cr, b.states[overlay_alt.positions[0]], actor);
assert false;
}
var call_s := b.states[call_pos];
var call_s' := b.states[call_pos+1];
var call_step := b.trace[call_pos];
assert ActionTuple(call_s, call_s', call_step) in cr.spec.next;
if overlay_alt.how_started.HowStartedFork? {
assert ForkedActorsStartAtEntryPointsWithEmptyStacksConditions(cr, call_s, call_s', call_step, actor);
assert false;
}
assert overlay_alt.how_started.HowStartedCall?;
assert IsCallStep(cr, actor, call_step);
assert proc == cr.step_to_proc(call_step);
var call_effect := cr.step_to_effect(call_step);
assert call_effect.CHLStepEffectCall? || call_effect.CHLStepEffectReturnThenCall?;
var simple_call := call_effect.CHLStepEffectCall?;
assert cr.requires_clauses(callee, call_s', actor);
assert StraightlineBehaviorsSatisfyPostconditionsConditions(cr, overlay_alt.sb, actor, callee);
assert cr.ensures_clauses(callee, overlay_alt.sb.states[0].state, last(overlay_alt.sb.states).state, actor);
assert cr.ensures_clauses(callee, call_s', s, actor);
lemma_UseSequenceMonotonic(overlay_alt.positions, 0, |overlay_alt.positions|-1);
lemma_StraightlineBehaviorNeverChangesStack(cr, overlay_alt.sb, actor, callee, |overlay_alt.sb.states| - 1);
var overlay_prev;
if simple_call {
overlay_prev := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, call_pos, actor, proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, overlay_prev.sb, call_step, call_s');
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, overlay_prev.sb, call_step, call_s');
if cr.is_loop_head(cr.get_actor_pc_stack(call_s, actor).v.pc) {
overlay_prev := lemma_ExtendOverlayWithLooping(cr, b, actor, proc, call_pos, overlay_prev);
}
}
else {
var caller_pc := cr.get_actor_pc_stack(call_s, actor).v.pc;
var caller_proc := cr.pc_to_proc(caller_pc);
var caller_overlay := lemma_GetStraightlineBehaviorForCurrentProc(cr, b, call_pos, actor, caller_proc);
assert StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, caller_overlay.sb, call_step, call_s');
overlay_prev := lemma_GetStraightlineBehaviorForCallerProc(cr, b, call_pos, actor, proc);
assert StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, overlay_prev.sb, call_step, call_s');
}
var sspec := GetStraightlineSpec(cr, actor, proc);
var sstates := overlay_prev.sb.states;
var strace := overlay_prev.sb.trace;
var positions := overlay_prev.positions;
var sstep0;
if simple_call {
sstep0 := StraightlineStepCall(call_step);
}
else {
sstep0 := StraightlineStepReturnThenCall(call_step);
}
var aux0 := StraightlineUpdateAux(cr, last(sstates), actor, sstep0, call_s');
var sstate0 := StraightlineState(call_s', aux0);
var sstep1 := StraightlineStepEnsures(callee);
var aux1 := StraightlineUpdateAux(cr, sstate0, actor, sstep1, s);
var sstate1 := StraightlineState(s, aux1);
var overlay_pos := |overlay_prev.sb.states| - 1;
lemma_ExtendSequenceMonotonic(positions, call_pos + 1);
lemma_PCVisitedIfInLoopedPhase(cr, overlay_prev.sb, actor, proc, overlay_pos);
if simple_call {
assert StraightlineSpecNextCall(cr, last(sstates), sstate0, sstep0, actor, proc, call_step);
}
else {
assert StraightlineSpecNextReturnThenCall(cr, last(sstates), sstate0, sstep0, actor, proc, call_step);
}
assert StraightlineSpecNext(cr, last(sstates), sstate0, sstep0, actor, proc);
lemma_ExtendStateNextSeqRight(sstates, strace, sspec.next, sstate0, sstep0);
lemma_ExtendSequenceMonotonic(positions + [call_pos + 1], pos);
lemma_StraightlineBehaviorSatisfiesGlobalInvariant(cr, overlay_alt.sb, actor, callee, |overlay_alt.sb.states| - 1);
lemma_InvariantPredicateHoldsAtStep(b, pos, cr.spec, cr.established_inv);
assert StraightlineSpecNextEnsures(cr, sstate0, sstate1, sstep1, actor, proc, callee);
assert StraightlineSpecNext(cr, sstate0, sstate1, sstep1, actor, proc);
lemma_ExtendStateNextSeqRight(sstates + [sstate0], strace + [sstep0], sspec.next, sstate1, sstep1);
var sb := AnnotatedBehavior(sstates + [sstate0] + [sstate1], strace + [sstep0] + [sstep1]);
overlay := StraightlineOverlay(sb, overlay_prev.how_started, positions + [call_pos + 1] + [pos]);
}
lemma lemma_GetStraightlineBehaviorForCurrentProc<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
b:AnnotatedBehavior<State, Step>,
pos:int,
actor:Actor,
proc:Proc
) returns (
overlay:StraightlineOverlay<State, Step, PC, Proc>
)
requires IsValidConcurrentHoareLogicRequest(cr)
requires AnnotatedBehaviorSatisfiesSpec(b, cr.spec)
requires 0 <= pos < |b.states|
requires cr.get_actor_pc_stack(b.states[pos], actor).Some?
requires cr.state_ok(b.states[pos])
requires ActorInProc(cr, b.states[pos], actor, proc)
ensures StraightlineOverlayLeadsToPos(cr, overlay, b, actor, proc, pos)
ensures last(overlay.sb.states).aux.phase.StraightlinePhaseYielded?
decreases pos, 2
{
if pos == 0 {
overlay := lemma_GetStraightlineBehaviorCaseInit(cr, b, actor, proc);
return;
}
var prev := pos-1;
var step := b.trace[prev];
if cr.step_to_actor(step).Some? && cr.step_to_actor(step).v != actor {
overlay := lemma_GetStraightlineBehaviorCaseOtherActor(cr, b, pos, actor, proc);
return;
}
assert ActionTuple(b.states[prev], b.states[prev+1], b.trace[prev]) in cr.spec.next;
var effect := cr.step_to_effect(step);
match effect {
case CHLStepEffectNormal => overlay := lemma_GetStraightlineBehaviorCaseNormal(cr, b, pos, actor, proc);
case CHLStepEffectCall(_) => overlay := lemma_GetStraightlineBehaviorCaseCall(cr, b, pos, actor, proc);
case CHLStepEffectReturnThenCall(_) => overlay := lemma_GetStraightlineBehaviorCaseCall(cr, b, pos, actor, proc);
case CHLStepEffectReturn => overlay := lemma_GetStraightlineBehaviorCaseReturn(cr, b, pos, actor, proc);
case CHLStepEffectActorless => overlay := lemma_GetStraightlineBehaviorCaseActorless(cr, b, pos, actor, proc);
case CHLStepEffectExit => assert false;
}
}
}
================================================
FILE: Armada/strategies/chl/ConcurrentHoareLogicSpec.i.dfy
================================================
include "../refinement/AnnotatedBehavior.i.dfy"
include "../invariants.i.dfy"
include "../../util/collections/maps.s.dfy"
include "../../util/collections/seqs.s.dfy"
include "../../util/option.s.dfy"
module ConcurrentHoareLogicSpecModule {
// Yields are dealt with as follows.
// * On a call, the callee has to deal with a yield happening after the requires clause is satisfied.
// * On reaching a loop head for the first time, the loop modifies clause must hold before the yield.
// * On reaching a loop a subsequent time, the loop modifies clause must hold between s1 and s2, where s1 is the
// state on reaching the loop head before a yield, and s2 is the state on returning to the loop head before yielding.
// * After executing a loop-modifies clause, a yield can happen.
// * On a return, the callee/returner must deal with a yield happening after reaching the return site. That is,
// it must ensure the postcondition even after a yield.
// * After executing an ensures clause, one does not have to worry about a yield happening.
// The result of calling cr.step_to_proc on a step indicates which procedure that step is part of.
// * A step that calls from method X into method Y is considered part of method X.
// * A step that returns from method Y to method X is considered part of method X. That's not a typo: it's considered
// part of the caller, not the callee.
// * A step that returns from method Y to method X and then calls method Z is likewise considered part of method X.
import opened util_collections_maps_s
import opened util_collections_seqs_s
import opened util_option_s
import opened AnnotatedBehaviorModule
import opened InvariantsModule
/////////////////////////////////////////////////////
// Type definitions
/////////////////////////////////////////////////////
datatype StraightlineStep<Step, PC, Proc> = StraightlineStepNormal(step:Step)
| StraightlineStepLoopModifies(pc:PC)
| StraightlineStepYield
| StraightlineStepCall(step:Step)
| StraightlineStepEnsures(callee:Proc)
| StraightlineStepReturn(step:Step)
| StraightlineStepReturnThenCall(step:Step)
datatype StraightlinePhase = StraightlinePhaseNormal
| StraightlinePhaseLooped
| StraightlinePhaseYielded
| StraightlinePhaseCalled
| StraightlinePhaseEnsured
datatype StraightlineAux<State, PC> = StraightlineAux(phase:StraightlinePhase, visited_loops:map<PC, State>)
datatype StraightlineState<State, PC> = StraightlineState(state:State, aux:StraightlineAux<State, PC>)
datatype PCStack<PC, Proc> = PCStack(pc:PC, stack:seq<Proc>)
datatype CHLStepEffect<Proc> = CHLStepEffectNormal
| CHLStepEffectCall(callee:Proc)
| CHLStepEffectReturn
| CHLStepEffectExit
| CHLStepEffectReturnThenCall(callee:Proc)
| CHLStepEffectActorless
| CHLStepEffectStop
datatype ConcurrentHoareLogicRequest<!State(==), !Actor(==), !Step(==), !PC(==), !Proc(==)> = ConcurrentHoareLogicRequest(
spec:AnnotatedBehaviorSpec<State, Step>,
step_to_actor:Step->Option<Actor>,
step_to_proc:Step->Proc,
get_actor_pc_stack:(State, Actor)->Option<PCStack<PC, Proc>>,
state_ok:State->bool,
pc_to_proc:PC->Proc,
is_entry_point:PC->bool,
is_loop_head:PC->bool,
is_return_site:PC->bool,
step_to_effect:Step->CHLStepEffect<Proc>,
established_inv:State->bool,
global_inv:State->bool,
local_inv:(State, Actor)->bool,
yield_pred:(State, State, Actor)->bool,
requires_clauses:(Proc, State, Actor)->bool,
ensures_clauses:(Proc, State, State, Actor)->bool,
loop_modifies_clauses:(PC, State, State, Actor)->bool
)
/////////////////////////////////////////////////////
// Straightline behavior specification
/////////////////////////////////////////////////////
function StraightlineInitAux<State, PC>() : StraightlineAux<State, PC>
{
StraightlineAux(StraightlinePhaseNormal, map [])
}
predicate StraightlineSpecInit<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
actor:Actor,
proc:Proc
)
{
// A straightline behavior begins with the actor at the beginning of a procedure
var s := ss.state;
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
&& cr.pc_to_proc(pc) == proc
&& cr.is_entry_point(pc)
&& cr.established_inv(s)
&& cr.global_inv(s)
&& cr.state_ok(s)
&& cr.requires_clauses(proc, s, actor)
&& ss.aux == StraightlineInitAux()
}
function StraightlineUpdateAux<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
actor:Actor,
sstep:StraightlineStep<Step, PC, Proc>,
s':State
) : StraightlineAux<State, PC>
{
var phase' :=
match sstep
case StraightlineStepNormal(_) => StraightlinePhaseNormal
case StraightlineStepLoopModifies(_) => StraightlinePhaseLooped
case StraightlineStepYield() => StraightlinePhaseYielded
case StraightlineStepCall(_) => StraightlinePhaseCalled
case StraightlineStepEnsures(_) => StraightlinePhaseEnsured
case StraightlineStepReturn(_) => StraightlinePhaseNormal
case StraightlineStepReturnThenCall(_) => StraightlinePhaseCalled
;
var StraightlineState(s, aux) := ss;
var visited_loops' := if sstep.StraightlineStepLoopModifies? && cr.get_actor_pc_stack(s, actor).Some? then
aux.visited_loops[cr.get_actor_pc_stack(s, actor).v.pc := s]
else
aux.visited_loops;
StraightlineAux(phase', visited_loops')
}
predicate StraightlineSpecNextCommon<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor
)
{
var StraightlineState(s, aux) := ss;
var StraightlineState(s', aux') := ss';
// The actor must be present both before and after the step.
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
// The type of step the state machine can take is dictated by the current phase. (The phase depends on the previous
// step, so this restriction restricts consecutive pairs of steps.)
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
&& (match aux.phase
case StraightlinePhaseNormal => sstep.StraightlineStepYield?
case StraightlinePhaseLooped => sstep.StraightlineStepNormal? || sstep.StraightlineStepCall?
case StraightlinePhaseYielded => if cr.is_loop_head(pc) then sstep.StraightlineStepLoopModifies?
else sstep.StraightlineStepNormal? || sstep.StraightlineStepCall?
case StraightlinePhaseCalled => sstep.StraightlineStepEnsures?
case StraightlinePhaseEnsured => sstep.StraightlineStepReturn? || sstep.StraightlineStepReturnThenCall?)
// The established and global invariants are always preserved, and the state is always OK.
&& cr.established_inv(s')
&& cr.global_inv(s')
&& cr.state_ok(s')
// The auxiliary information is a deterministic function of the current state and the straightline step taken.
&& aux' == StraightlineUpdateAux(cr, ss, actor, sstep, s')
// If the state machine has reached an already-visited loop head and yielded, it can't execute further.
&& !(pc in aux.visited_loops && aux.phase.StraightlinePhaseYielded?)
// The state machine can never return, except to return from a call that it made to another method.
&& (sstep.StraightlineStepReturn? || sstep.StraightlineStepReturnThenCall? ==> ss.aux.phase.StraightlinePhaseEnsured?)
}
predicate StraightlineSpecNextStep<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
step:Step
)
{
&& StraightlineSpecNextCommon(cr, ss, ss', sstep, actor)
&& cr.step_to_actor(step).Some?
&& cr.step_to_actor(step).v == actor
&& cr.step_to_proc(step) == proc
&& ActionTuple(ss.state, ss'.state, step) in cr.spec.next
&& cr.local_inv(ss.state, actor)
}
predicate StraightlineSpecNextNormal<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
step:Step
)
requires sstep.StraightlineStepNormal?
{
&& StraightlineSpecNextStep(cr, ss, ss', sstep, actor, proc, step)
&& cr.step_to_effect(step).CHLStepEffectNormal?
}
predicate StraightlineSpecNextCall<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
step:Step
)
requires sstep.StraightlineStepCall?
{
&& StraightlineSpecNextStep(cr, ss, ss', sstep, actor, proc, step)
&& cr.step_to_effect(step).CHLStepEffectCall?
&& var s' := ss'.state;
var callee := cr.step_to_effect(step).callee;
&& callee == cr.pc_to_proc(cr.get_actor_pc_stack(s', actor).v.pc)
&& cr.requires_clauses(callee, s', actor)
}
predicate StraightlineSpecNextReturn<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
step:Step
)
requires sstep.StraightlineStepReturn?
{
&& StraightlineSpecNextStep(cr, ss, ss', sstep, actor, proc, step)
&& cr.step_to_effect(step).CHLStepEffectReturn?
}
predicate StraightlineSpecNextReturnThenCall<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
step:Step
)
requires sstep.StraightlineStepReturnThenCall?
{
&& StraightlineSpecNextStep(cr, ss, ss', sstep, actor, proc, step)
&& cr.step_to_effect(step).CHLStepEffectReturnThenCall?
&& var s' := ss'.state;
var callee := cr.step_to_effect(step).callee;
&& callee == cr.pc_to_proc(cr.get_actor_pc_stack(s', actor).v.pc)
&& cr.requires_clauses(callee, s', actor)
}
predicate StraightlineSpecNextYield<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc
)
requires sstep.StraightlineStepYield?
{
&& StraightlineSpecNextCommon(cr, ss, ss', sstep, actor)
&& var s := ss.state;
var s' := ss'.state;
&& cr.get_actor_pc_stack(s', actor) == cr.get_actor_pc_stack(s, actor)
&& cr.yield_pred(s, s', actor)
}
predicate StraightlineSpecNextLoopModifies<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
pc:PC
)
requires sstep.StraightlineStepLoopModifies?
{
&& StraightlineSpecNextCommon(cr, ss, ss', sstep, actor)
&& var s := ss.state;
var s' := ss'.state;
&& pc == cr.get_actor_pc_stack(s, actor).v.pc
&& cr.is_loop_head(pc)
&& cr.get_actor_pc_stack(s', actor) == cr.get_actor_pc_stack(s, actor)
&& cr.loop_modifies_clauses(pc, s, s', actor)
}
predicate StraightlineSpecNextEnsures<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc,
callee:Proc
)
requires sstep.StraightlineStepEnsures?
{
&& StraightlineSpecNextCommon(cr, ss, ss', sstep, actor)
&& var s := ss.state;
var s' := ss'.state;
var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
&& callee == cr.pc_to_proc(pc)
&& callee == cr.pc_to_proc(pc')
&& cr.is_return_site(pc')
&& stack' == stack
&& cr.ensures_clauses(callee, s, s', actor)
}
predicate StraightlineSpecNext<State, Actor, Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
ss:StraightlineState<State, PC>,
ss':StraightlineState<State, PC>,
sstep:StraightlineStep<Step, PC, Proc>,
actor:Actor,
proc:Proc
)
{
match sstep
case StraightlineStepNormal(step) =>
StraightlineSpecNextNormal(cr, ss, ss', sstep, actor, proc, step)
case StraightlineStepLoopModifies(pc) =>
StraightlineSpecNextLoopModifies(cr, ss, ss', sstep, actor, proc, pc)
case StraightlineStepYield() =>
StraightlineSpecNextYield(cr, ss, ss', sstep, actor, proc)
case StraightlineStepCall(step) =>
StraightlineSpecNextCall(cr, ss, ss', sstep, actor, proc, step)
case StraightlineStepEnsures(callee) =>
StraightlineSpecNextEnsures(cr, ss, ss', sstep, actor, proc, callee)
case StraightlineStepReturn(step) =>
StraightlineSpecNextReturn(cr, ss, ss', sstep, actor, proc, step)
case StraightlineStepReturnThenCall(step) =>
StraightlineSpecNextReturnThenCall(cr, ss, ss', sstep, actor, proc, step)
}
function GetStraightlineSpec<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
actor:Actor,
proc:Proc
) :
AnnotatedBehaviorSpec<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>
{
AnnotatedBehaviorSpec(iset s | StraightlineSpecInit(cr, s, actor, proc),
iset s, s', step | StraightlineSpecNext(cr, s, s', step, actor, proc) :: ActionTuple(s, s', step))
}
/////////////////////////////////////////////////////
// Simple parameter validity
/////////////////////////////////////////////////////
predicate LoopHeadsArentReturnSites<PC(!new)>(
is_loop_head:PC->bool,
is_return_site:PC->bool
)
{
forall pc :: !(is_loop_head(pc) && is_return_site(pc))
}
predicate YieldPredicateReflexive<State(!new), Actor(!new), Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s, actor {:trigger cr.yield_pred(s, s, actor)} ::
cr.state_ok(s) && cr.get_actor_pc_stack(s, actor).Some? ==> cr.yield_pred(s, s, actor)
}
predicate YieldPredicateTransitive<State(!new), Actor(!new), Step, PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s1, s2, s3, actor {:trigger cr.yield_pred(s1, s2, actor), cr.yield_pred(s2, s3, actor)} ::
&& cr.established_inv(s1)
&& cr.global_inv(s1)
&& cr.established_inv(s2)
&& cr.global_inv(s2)
&& cr.yield_pred(s1, s2, actor)
&& cr.yield_pred(s2, s3, actor)
==> cr.yield_pred(s1, s3, actor)
}
/////////////////////////////////////////////////////
// State initialization
/////////////////////////////////////////////////////
predicate ActorsBeginAtEntryPointsWithEmptyStacksConditions<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
actor:Actor
)
{
&& s in cr.spec.init
&& cr.get_actor_pc_stack(s, actor).Some?
}
predicate ActorsBeginAtEntryPointsWithEmptyStacks<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
// At initialization, each thread is at a procedure entry point with an empty stack
forall s, actor {:trigger ActorsBeginAtEntryPointsWithEmptyStacksConditions(cr, s, actor)} ::
ActorsBeginAtEntryPointsWithEmptyStacksConditions(cr, s, actor)
==> var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
&& cr.is_entry_point(pc)
&& |stack| == 0
}
predicate GlobalInvariantSatisfiedInitially<State(!new), Actor(!new), Step, PC, Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s :: s in cr.spec.init ==> cr.global_inv(s) && cr.state_ok(s)
}
predicate RequiresClausesSatisfiedInitiallyConditions<State(!new), Actor(!new), Step, PC, Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
actor:Actor
)
{
&& s in cr.spec.init
&& cr.get_actor_pc_stack(s, actor).Some?
}
predicate RequiresClausesSatisfiedInitially<State(!new), Actor(!new), Step, PC, Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s, actor {:trigger RequiresClausesSatisfiedInitiallyConditions(cr, s, actor)} ::
RequiresClausesSatisfiedInitiallyConditions(cr, s, actor)
==> var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var proc := cr.pc_to_proc(pc);
cr.requires_clauses(proc, s, actor)
}
/////////////////////////////////////////////////////
// Actorless steps
/////////////////////////////////////////////////////
predicate ActorlessStepsDontChangeActorsConditions<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
actor:Actor
)
{
&& cr.established_inv(s)
&& ActionTuple(s, s', step) in cr.spec.next
&& cr.step_to_actor(step).None?
}
predicate ActorlessStepsDontChangeActors<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s, s', step, actor {:trigger ActorlessStepsDontChangeActorsConditions(cr, s, s', step, actor)} ::
ActorlessStepsDontChangeActorsConditions(cr, s, s', step, actor)
==> cr.get_actor_pc_stack(s', actor) == cr.get_actor_pc_stack(s, actor)
}
predicate ActorlessStepsMaintainYieldPredicateAndGlobalInvariantConditions<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
actor:Actor
)
{
&& cr.established_inv(s)
&& cr.global_inv(s)
&& cr.established_inv(s')
&& ActionTuple(s, s', step) in cr.spec.next
&& cr.step_to_actor(step).None?
&& cr.get_actor_pc_stack(s, actor).Some?
}
predicate ActorlessStepsMaintainYieldPredicateAndGlobalInvariant<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s, s', step, actor {:trigger ActorlessStepsMaintainYieldPredicateAndGlobalInvariantConditions(cr, s, s', step, actor)} ::
ActorlessStepsMaintainYieldPredicateAndGlobalInvariantConditions(cr, s, s', step, actor)
==> cr.yield_pred(s, s', actor) && cr.global_inv(s') && cr.state_ok(s')
}
/////////////////////////////////////////////////////
// Step effects
/////////////////////////////////////////////////////
predicate CorrectCHLStepEffectNormal<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
&& var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
&& !cr.is_return_site(pc)
&& cr.pc_to_proc(pc') == cr.pc_to_proc(pc) == cr.step_to_proc(step)
&& stack' == stack
}
predicate CorrectCHLStepEffectCall<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
callee:Proc
)
{
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
&& var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
&& !cr.is_return_site(pc)
&& cr.is_entry_point(pc')
&& cr.pc_to_proc(pc') == callee
&& |stack'| > 0
&& stack'[0] == cr.pc_to_proc(pc) == cr.step_to_proc(step)
&& stack'[1..] == stack
}
predicate CorrectCHLStepEffectReturn<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
&& var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
&& cr.is_return_site(pc)
&& |stack| > 0
&& cr.pc_to_proc(pc') == stack[0] == cr.step_to_proc(step)
&& stack' == stack[1..]
}
predicate CorrectCHLStepEffectExit<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).None?
&& var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
&& cr.is_return_site(pc)
&& cr.pc_to_proc(pc) == cr.step_to_proc(step)
&& |stack| == 0
}
predicate CorrectCHLStepEffectReturnThenCall<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
callee:Proc
)
{
// Step that returns to a caller, then does another call
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& cr.get_actor_pc_stack(s', actor).Some?
&& var PCStack(pc, stack) := cr.get_actor_pc_stack(s, actor).v;
var PCStack(pc', stack') := cr.get_actor_pc_stack(s', actor).v;
&& cr.is_return_site(pc)
&& |stack| > 0
&& stack[0] == cr.step_to_proc(step)
&& cr.pc_to_proc(pc') == callee
&& cr.is_entry_point(pc')
&& stack' == stack
}
predicate CorrectCHLStepEffectActorless<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
&& cr.state_ok(s)
&& cr.state_ok(s')
&& cr.step_to_actor(step).None?
}
predicate CorrectCHLStepEffectStop<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
&& cr.state_ok(s)
&& !cr.state_ok(s')
&& (cr.step_to_actor(step).Some? ==> cr.get_actor_pc_stack(s, cr.step_to_actor(step).v).Some?)
}
predicate CorrectCHLStepEffect<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step
)
{
match cr.step_to_effect(step)
case CHLStepEffectNormal => CorrectCHLStepEffectNormal(cr, s, s', step)
case CHLStepEffectCall(callee) => CorrectCHLStepEffectCall(cr, s, s', step, callee)
case CHLStepEffectReturn => CorrectCHLStepEffectReturn(cr, s, s', step)
case CHLStepEffectExit => CorrectCHLStepEffectExit(cr, s, s', step)
case CHLStepEffectReturnThenCall(callee) => CorrectCHLStepEffectReturnThenCall(cr, s, s', step, callee)
case CHLStepEffectActorless => CorrectCHLStepEffectActorless(cr, s, s', step)
case CHLStepEffectStop => CorrectCHLStepEffectStop(cr, s, s', step)
}
predicate CHLStepEffectsCorrect<State(!new), Actor, Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall s, s', step :: ActionTuple(s, s', step) in cr.spec.next ==> CorrectCHLStepEffect(cr, s, s', step)
}
/////////////////////////////////////////////////////
// Other control flow
/////////////////////////////////////////////////////
predicate ForkedActorsStartAtEntryPointsWithEmptyStacksConditions<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
forked_actor:Actor
)
{
&& ActionTuple(s, s', step) in cr.spec.next
&& cr.get_actor_pc_stack(s, forked_actor).None?
&& cr.get_actor_pc_stack(s', forked_actor).Some?
}
predicate ForkedActorsStartAtEntryPointsWithEmptyStacks<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
// When a thread starts (i.e., is forked), the forking step isn't actorless or an exit and the forked thread
// is at a procedure entry point with an empty stack
forall s, s', step, forked_actor {:trigger ForkedActorsStartAtEntryPointsWithEmptyStacksConditions(cr, s, s', step, forked_actor)} ::
ForkedActorsStartAtEntryPointsWithEmptyStacksConditions(cr, s, s', step, forked_actor)
==> && cr.step_to_actor(step).Some?
&& !cr.step_to_effect(step).CHLStepEffectExit?
&& var PCStack(pc', stack') := cr.get_actor_pc_stack(s', forked_actor).v;
&& cr.is_entry_point(pc')
&& |stack'| == 0
}
predicate StepsDontChangeOtherActorsExceptViaForkConditions<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
s:State,
s':State,
step:Step,
other_actor:Actor
)
{
&& ActionTuple(s, s', step) in cr.spec.next
&& cr.step_to_actor(step) != Some(other_actor)
&& cr.get_actor_pc_stack(s, other_actor).Some?
}
predicate StepsDontChangeOtherActorsExceptViaFork<State(!new), Actor(!new), Step(!new), PC, Proc>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
// One actor taking a step leaves each other actor's PC and stack unchanged
// (unless that other actor didn't have a PC before, i.e., this actor was forking that actor)
forall s, s', step, other_actor {:trigger StepsDontChangeOtherActorsExceptViaForkConditions(cr, s, s', step, other_actor)} ::
StepsDontChangeOtherActorsExceptViaForkConditions(cr, s, s', step, other_actor)
==> cr.get_actor_pc_stack(s', other_actor) == cr.get_actor_pc_stack(s, other_actor)
}
/////////////////////////////////////////////////////
// Requirements for straightline behaviors
/////////////////////////////////////////////////////
predicate StraightlineBehaviorsSatisfyGlobalInvariantConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
step:Step,
s':State
)
{
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
var proc := cr.step_to_proc(step);
var effect := cr.step_to_effect(step);
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.local_inv(s, actor)
&& ActionTuple(s, s', step) in cr.spec.next
&& !effect.CHLStepEffectStop?
&& (if effect.CHLStepEffectReturn? || effect.CHLStepEffectReturnThenCall? then
phase.StraightlinePhaseEnsured?
else
phase.StraightlinePhaseYielded?)
}
predicate StraightlineBehaviorsSatisfyGlobalInvariant<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, step, s' {:trigger StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, sb, step, s')} ::
StraightlineBehaviorsSatisfyGlobalInvariantConditions(cr, sb, step, s')
==> cr.global_inv(s')
}
predicate StraightlineBehaviorsSatisfyLocalInvariantConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
step:Step,
s':State
)
{
&& cr.step_to_actor(step).Some?
&& |sb.states| > 0
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
var actor := cr.step_to_actor(step).v;
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
var proc := cr.pc_to_proc(pc);
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& ActionTuple(s, s', step) in cr.spec.next
&& phase.StraightlinePhaseYielded?
}
predicate StraightlineBehaviorsSatisfyLocalInvariant<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, step, s' {:trigger StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, sb, step, s')} ::
StraightlineBehaviorsSatisfyLocalInvariantConditions(cr, sb, step, s')
==> cr.local_inv(last(sb.states).state, cr.step_to_actor(step).v)
}
predicate StraightlineBehaviorsSatisfyPreconditionsForCallsConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
step:Step,
s':State
)
{
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
var proc := cr.step_to_proc(step);
var effect := cr.step_to_effect(step);
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.local_inv(s, actor)
&& ActionTuple(s, s', step) in cr.spec.next
&& (|| (effect.CHLStepEffectCall? && phase.StraightlinePhaseYielded?)
|| (effect.CHLStepEffectReturnThenCall? && phase.StraightlinePhaseEnsured?))
&& cr.get_actor_pc_stack(s', actor).Some?
}
predicate StraightlineBehaviorsSatisfyPreconditionsForCalls<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, step, s' {:trigger StraightlineBehaviorsSatisfyPreconditionsForCallsConditions(cr, sb, step, s')} ::
StraightlineBehaviorsSatisfyPreconditionsForCallsConditions(cr, sb, step, s')
==> var actor := cr.step_to_actor(step).v;
var callee := cr.step_to_effect(step).callee;
cr.requires_clauses(callee, s', actor)
}
predicate StraightlineBehaviorsSatisfyPreconditionsForForksConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
step:Step,
s':State,
forked_actor:Actor
)
{
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
var proc := cr.step_to_proc(step);
var effect := cr.step_to_effect(step);
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.local_inv(s, actor)
&& ActionTuple(s, s', step) in cr.spec.next
&& !effect.CHLStepEffectStop?
&& (if effect.CHLStepEffectReturn? || effect.CHLStepEffectReturnThenCall? then
phase.StraightlinePhaseEnsured?
else
phase.StraightlinePhaseYielded?)
&& actor != forked_actor
&& cr.get_actor_pc_stack(s, forked_actor).None?
&& cr.get_actor_pc_stack(s', forked_actor).Some?
}
predicate StraightlineBehaviorsSatisfyPreconditionsForForks<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, step, s', forked_actor {:trigger StraightlineBehaviorsSatisfyPreconditionsForForksConditions(cr, sb, step, s', forked_actor)} ::
StraightlineBehaviorsSatisfyPreconditionsForForksConditions(cr, sb, step, s', forked_actor)
==> var forked_pc := cr.get_actor_pc_stack(s', forked_actor).v.pc;
var forked_proc := cr.pc_to_proc(forked_pc);
cr.requires_clauses(forked_proc, s', forked_actor)
}
predicate StraightlineBehaviorsSatisfyPostconditionsConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc
)
{
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
&& cr.is_return_site(pc)
&& phase.StraightlinePhaseYielded?
}
predicate StraightlineBehaviorsSatisfyPostconditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, actor, proc {:trigger StraightlineBehaviorsSatisfyPostconditionsConditions(cr, sb, actor, proc)} ::
StraightlineBehaviorsSatisfyPostconditionsConditions(cr, sb, actor, proc)
==> cr.ensures_clauses(proc, sb.states[0].state, last(sb.states).state, actor)
}
predicate StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntryConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc
)
{
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var StraightlineState(s, aux) := ss;
var phase := aux.phase;
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
&& cr.is_loop_head(pc)
&& pc !in aux.visited_loops
&& phase.StraightlinePhaseYielded?
}
predicate StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntry<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, actor, proc {:trigger StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntryConditions(cr, sb, actor, proc)} ::
StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntryConditions(cr, sb, actor, proc)
==> var s := last(sb.states).state;
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
cr.loop_modifies_clauses(pc, s, s, actor)
}
predicate StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBackConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
actor:Actor,
proc:Proc
)
{
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.get_actor_pc_stack(s, actor).Some?
&& var pc := cr.get_actor_pc_stack(s, actor).v.pc;
&& cr.is_loop_head(pc)
&& pc in ss.aux.visited_loops
&& phase.StraightlinePhaseYielded?
}
predicate StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBack<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, actor, proc {:trigger StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBackConditions(cr, sb, actor, proc)} ::
StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBackConditions(cr, sb, actor, proc)
==> var StraightlineState(s, aux) := last(sb.states);
var pc := cr.get_actor_pc_stack(s, actor).v.pc;
cr.loop_modifies_clauses(pc, aux.visited_loops[pc], s, actor)
}
predicate StraightlineBehaviorsSatisfyYieldPredicateConditions<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>,
sb:AnnotatedBehavior<StraightlineState<State, PC>, StraightlineStep<Step, PC, Proc>>,
step:Step,
s':State,
other_actor:Actor
)
{
&& cr.step_to_actor(step).Some?
&& var actor := cr.step_to_actor(step).v;
var proc := cr.step_to_proc(step);
var effect := cr.step_to_effect(step);
&& AnnotatedBehaviorSatisfiesSpec(sb, GetStraightlineSpec(cr, actor, proc))
&& var ss := last(sb.states);
var s := ss.state;
var phase := ss.aux.phase;
&& cr.local_inv(s, actor)
&& ActionTuple(s, s', step) in cr.spec.next
&& !effect.CHLStepEffectStop?
&& (if effect.CHLStepEffectReturn? || effect.CHLStepEffectReturnThenCall? then
phase.StraightlinePhaseEnsured?
else
phase.StraightlinePhaseYielded?)
&& actor != other_actor
&& cr.get_actor_pc_stack(s, other_actor).Some?
}
predicate StraightlineBehaviorsSatisfyYieldPredicate<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
forall sb, step, s', other_actor {:trigger StraightlineBehaviorsSatisfyYieldPredicateConditions(cr, sb, step, s', other_actor)} ::
StraightlineBehaviorsSatisfyYieldPredicateConditions(cr, sb, step, s', other_actor)
==> cr.yield_pred(last(sb.states).state, s', other_actor)
}
/////////////////////////////////////////////////////
// Request validity
/////////////////////////////////////////////////////
predicate IsValidConcurrentHoareLogicRequest<State(!new), Actor(!new), Step(!new), PC(!new), Proc(!new)>(
cr:ConcurrentHoareLogicRequest<State, Actor, Step, PC, Proc>
)
{
// Simple parameter validity
&& IsInvariantPredicateOfSpec(cr.established_inv, cr.spec)
&& LoopHeadsArentReturnSites(cr.is_loop_head, cr.is_return_site)
&& YieldPredicateReflexive(cr)
&& YieldPredicateTransitive(cr)
// Initialization
&& ActorsBeginAtEntryPointsWithEmptyStacks(cr)
&& GlobalInvariantSatisfiedInitially(cr)
&& RequiresClausesSatisfiedInitially(cr)
// Actorless steps
&& ActorlessStepsDontChangeActors(cr)
&& ActorlessStepsMaintainYieldPredicateAndGlobalInvariant(cr)
// Control flow
&& CHLStepEffectsCorrect(cr)
&& ForkedActorsStartAtEntryPointsWithEmptyStacks(cr)
&& StepsDontChangeOtherActorsExceptViaFork(cr)
// Straightline behaviors
&& StraightlineBehaviorsSatisfyGlobalInvariant(cr)
&& StraightlineBehaviorsSatisfyLocalInvariant(cr)
&& StraightlineBehaviorsSatisfyPreconditionsForCalls(cr)
&& StraightlineBehaviorsSatisfyPreconditionsForForks(cr)
&& StraightlineBehaviorsSatisfyPostconditions(cr)
&& StraightlineBehaviorsSatisfyLoopModifiesClausesOnEntry(cr)
&& StraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBack(cr)
&& StraightlineBehaviorsSatisfyYieldPredicate(cr)
}
}
================================================
FILE: Armada/strategies/combining/ArmadaCombining.i.dfy
================================================
/////////////////////////////////////////////////////////////////////////////////////////////////////
//
// This file contains a lemma for performing refinement via combining on an Armada behavior. Such a
// combining takes a behavior satisfying a low-level spec, which has a certain atomic step
// represented as a multistep consisting of two or more mini-steps, and returns a behavior
// satisfying a higher-level specification that has that atomic step consist of a single mini-step.
// It does so by lifting multi-step multisteps in the lower-level specification to single-step
// multisteps in the higher-level specification.
//
// To use this lemma, first create a request r of type ArmadaCombiningRequest (defined in
// ArmadaCombiningSpec.i.dfy). Then, prove that it's a valid request, i.e., that
// ValidArmadaCombiningRequest(r).
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
include "ArmadaCombiningSpec.i.dfy"
include "ArmadaCombiningLemmas.i.dfy"
module ArmadaCombiningModule {
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened GeneralRefinementModule
import opened AnnotatedBehaviorModule
import opened ArmadaCombiningSpecModule
import opened ArmadaCombiningLemmasModule
import opened GenericArmadaLemmasModule
import opened ArmadaCommonDefinitions
import opened GenericArmadaSpecModule
lemma lemma_PerformArmadaCombining<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
lb:AnnotatedBehavior<LState, Armada_Multistep<LOneStep>>
) returns (
hb:AnnotatedBehavior<HState, Armada_Multistep<HOneStep>>
)
requires ValidArmadaCombiningRequest(acr)
requires AnnotatedBehaviorSatisfiesSpec(lb, SpecFunctionsToSpec(acr.l))
ensures BehaviorRefinesBehavior(lb.states, hb.states, acr.relation)
ensures AnnotatedBehaviorSatisfiesSpec(hb, SpecFunctionsToSpec(acr.h))
{
var hstates := MapSeqToSeq(lb.states, acr.lstate_to_hstate);
var htrace := [];
var pos := 0;
while pos < |lb.trace|
invariant 0 <= pos <= |lb.trace|
invariant |htrace| == pos
invariant AnnotatedBehaviorSatisfiesSpec(AnnotatedBehavior(hstates[..pos+1], htrace), SpecFunctionsToSpec(acr.h))
invariant acr.inv(lb.states[pos])
{
lemma_MultistepNextMaintainsInv(acr.l, acr.inv, lb.states[pos], lb.states[pos+1], lb.trace[pos]);
lemma_AllThreadsYieldingAtPos(acr.l, lb, pos);
lemma_AllThreadsYieldingAtPos(acr.l, lb, pos+1);
var hstep := lemma_LiftMultistep(acr, lb.states[pos], lb.states[pos+1], lb.trace[pos], hstates[pos], hstates[pos+1]);
htrace := htrace + [hstep];
pos := pos + 1;
}
hb := AnnotatedBehavior(hstates, htrace);
var lh_map := ConvertMapToSeq(|lb.states|, map i | 0 <= i < |lb.states| :: RefinementRange(i, i));
assert BehaviorRefinesBehaviorUsingRefinementMap(lb.states, hstates, acr.relation, lh_map);
}
}
================================================
FILE: Armada/strategies/combining/ArmadaCombiningLemmas.i.dfy
================================================
/////////////////////////////////////////////////////////////////////////////////////////////////////
//
// This file contains lemmas useful in effecting a refinement via combining on an Armada behavior.
// They support lemma_PerformArmadaCombining (in ArmadaCombining.i.dfy).
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
include "ArmadaCombiningSpec.i.dfy"
include "../../util/collections/seqs.i.dfy"
include "../generic/GenericArmadaLemmas.i.dfy"
module ArmadaCombiningLemmasModule {
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened util_option_s
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened RefinementConvolutionModule
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened ArmadaCombiningSpecModule
import opened GenericArmadaSpecModule
import opened GenericArmadaLemmasModule
import opened ArmadaCommonDefinitions
lemma lemma_LiftMultistepCaseNoSteps<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires |lstep.steps| == 0
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
hstep := Armada_Multistep([], lstep.tid, lstep.tau);
}
lemma lemma_LiftMultistepCaseTau<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires lstep.tau
requires |lstep.steps| == 1
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
var lonestep := lstep.steps[0];
assert acr.l.step_valid(ls, lonestep);
assert acr.l.state_ok(ls);
var tid := acr.l.step_to_thread(lonestep);
assert Armada_NextMultipleSteps(acr.l, acr.l.step_next(ls, lonestep), ls', lstep.steps[1..]);
assert lstep.steps[1..] == [];
assert ls' == acr.l.step_next(ls, lonestep);
assert Armada_ThreadYielding(acr.l, ls, tid);
assert !IsInnerStep(acr, ls, ls', lonestep);
var honestep := acr.lonestep_to_honestep(lonestep);
assert NonInnerStepsLiftableConditions(acr, ls, lonestep);
assert acr.h.step_valid(hs, honestep) && hs' == acr.h.step_next(hs, honestep);
hstep := Armada_Multistep([honestep], acr.h.step_to_thread(honestep), acr.h.is_step_tau(honestep));
assert Armada_NextMultistep(acr.h, hs, hs', hstep.steps, hstep.tid, hstep.tau);
}
lemma lemma_LiftMultistepCaseCombinable<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires !lstep.tau
requires |lstep.steps| > 0
requires IsInnerOptionalPC(acr, acr.l.get_thread_pc(acr.l.step_next(ls, lstep.steps[0]), lstep.tid))
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
assert CanCombineInnerStepsConditions(acr, ls, ls', lstep.steps, lstep.tid);
var honestep :| InnerStepsCombined(acr, ls, ls', honestep);
assert !acr.h.is_step_tau(honestep) && acr.h.step_valid(hs, honestep) && hs' == acr.h.step_next(hs, honestep);
hstep := Armada_Multistep([honestep], acr.h.step_to_thread(honestep), false);
assert Armada_ThreadYielding(acr.l, ls, hstep.tid);
assert Armada_ThreadYielding(acr.l, ls', hstep.tid);
assert Armada_NextMultistep(acr.h, hs, hs', hstep.steps, hstep.tid, hstep.tau);
assert ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next;
}
lemma lemma_LiftMultistepCaseAllNonInnerSteps
<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState,
lstates:seq<LState>
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires lstates == Armada_GetStateSequence(acr.l, ls, lstep.steps);
requires !lstep.tau
requires |lstep.steps| > 0
requires forall i :: 0 <= i < |lstep.steps| ==> !IsInnerStep(acr, lstates[i], lstates[i+1], lstep.steps[i])
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
var tid := lstep.tid;
var lsteps := lstep.steps;
var hsteps := MapSeqToSeq(lsteps, acr.lonestep_to_honestep);
hstep := Armada_Multistep(hsteps, tid, lstep.tau);
var hstates := Armada_GetStateSequence(acr.h, hs, hsteps);
var pos := 0;
while pos < |hsteps|
invariant 0 <= pos <= |hsteps|
invariant forall i :: 0 <= i <= pos ==> hstates[i] == acr.lstate_to_hstate(lstates[i])
invariant forall i :: 0 <= i < pos ==> acr.h.step_to_thread(hsteps[i]) == acr.l.step_to_thread(lsteps[i])
invariant forall i :: 0 <= i < pos ==> acr.h.is_step_tau(hsteps[i]) == acr.l.is_step_tau(lsteps[i])
invariant forall i :: 0 <= i < pos ==> acr.h.step_valid(hstates[i], hsteps[i])
invariant forall i :: 0 <= i < pos ==> hstates[i+1] == acr.h.step_next(hstates[i], hsteps[i])
invariant forall i :: 0 < i < pos ==> var pc := acr.h.get_thread_pc(hstates[i], tid); pc.Some? && acr.h.is_pc_nonyielding(pc.v)
{
lemma_InvariantHoldsAtIntermediateState(acr.l, acr.inv, ls, ls', lsteps, lstates, pos);
lemma_ArmadaNextMultipleStepsImpliesValidStep(acr.l, ls, ls', lsteps, lstates, pos);
assert !IsInnerStep(acr, lstates[pos], lstates[pos+1], lsteps[pos]);
assert NonInnerStepsLiftableConditions(acr, lstates[pos], lsteps[pos]);
lemma_ArmadaGetStateSequenceOnePos(acr.h, hs, hsteps, pos);
assert hstates[pos+1] == acr.h.step_next(hstates[pos], hsteps[pos]);
assert hstates[pos+1] == acr.lstate_to_hstate(lstates[pos+1]);
pos := pos + 1;
}
lemma_ArmadaNextMultipleStepsLastElement(acr.l, ls, ls', lsteps, lstates);
lemma_IfAllStepsValidThenArmadaNextMultipleSteps(acr.h, hstates, hsteps);
assert Armada_NextMultistep(acr.h, hs, hs', hsteps, tid, lstep.tau);
}
lemma lemma_LiftMultistepCaseNonInnerPC<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires !lstep.tau
requires |lstep.steps| > 0
requires !IsInnerOptionalPC(acr, acr.l.get_thread_pc(acr.l.step_next(ls, lstep.steps[0]), lstep.tid))
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
var tid := lstep.tid;
var lsteps := lstep.steps;
var lstates := Armada_GetStateSequence(acr.l, ls, lstep.steps);
var pos := 1;
while pos < |lsteps|
invariant 1 <= pos <= |lsteps|
invariant forall i :: 0 <= i <= pos ==> !IsInnerOptionalPC(acr, acr.l.get_thread_pc(lstates[i], tid))
{
var pc := acr.l.get_thread_pc(lstates[pos], tid);
var pc' := acr.l.get_thread_pc(lstates[pos+1], tid);
lemma_ArmadaNextMultipleStepsImpliesValidStep(acr.l, ls, ls', lsteps, lstates, pos);
assert !acr.l.is_step_tau(lsteps[pos]);
assert acr.l.step_valid(lstates[pos], lsteps[pos]);
assert lstates[pos+1] == acr.l.step_next(lstates[pos], lsteps[pos]);
if pc'.Some? && acr.is_inner_pc(pc'.v) {
assert InnerPCPrecededByInnerOrYieldingPCConditions(acr, lstates[pos], lsteps[pos]);
assert pc.Some? && (acr.is_inner_pc(pc.v) || !acr.l.is_pc_nonyielding(pc.v));
assert !IsInnerOptionalPC(acr, pc);
assert !acr.l.is_pc_nonyielding(pc.v);
assert false;
}
assert !IsInnerOptionalPC(acr, pc');
pos := pos + 1;
}
assert forall i :: 0 <= i <= |lsteps| ==> !IsInnerOptionalPC(acr, acr.l.get_thread_pc(lstates[i], tid));
hstep := lemma_LiftMultistepCaseAllNonInnerSteps(acr, ls, ls', lstep, hs, hs', lstates);
}
lemma lemma_LiftMultistep<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lstep:Armada_Multistep<LOneStep>,
hs:HState,
hs':HState
) returns (
hstep:Armada_Multistep<HOneStep>
)
requires ValidArmadaCombiningRequest(acr)
requires acr.inv(ls)
requires ActionTuple(ls, ls', lstep) in SpecFunctionsToSpec(acr.l).next
requires forall tid :: Armada_ThreadYielding(acr.l, ls, tid)
requires forall tid :: Armada_ThreadYielding(acr.l, ls', tid)
requires hs == acr.lstate_to_hstate(ls)
requires hs' == acr.lstate_to_hstate(ls')
ensures ActionTuple(hs, hs', hstep) in SpecFunctionsToSpec(acr.h).next
{
var lstates := Armada_GetStateSequence(acr.l, ls, lstep.steps);
if |lstep.steps| == 0 {
hstep := lemma_LiftMultistepCaseNoSteps(acr, ls, ls', lstep, hs, hs');
}
else if lstep.tau {
hstep := lemma_LiftMultistepCaseTau(acr, ls, ls', lstep, hs, hs');
}
else if IsInnerOptionalPC(acr, acr.l.get_thread_pc(acr.l.step_next(ls, lstep.steps[0]), lstep.tid)) {
hstep := lemma_LiftMultistepCaseCombinable(acr, ls, ls', lstep, hs, hs');
}
else {
hstep := lemma_LiftMultistepCaseNonInnerPC(acr, ls, ls', lstep, hs, hs');
}
}
}
================================================
FILE: Armada/strategies/combining/ArmadaCombiningSpec.i.dfy
================================================
/////////////////////////////////////////////////////////////////////////////////////////////////////
//
// This file is the specification for a request to perform combining on an Armada behavior. Such a
// combining takes a behavior satisfying a low-level spec, which has a certain atomic step
// represented as a multistep consisting of two or more mini-steps, and returns a behavior
// satisfying a higher-level specification that has that atomic step consist of a single mini-step.
// It does so by lifting multi-step multisteps in the lower-level specification to single-step
// multisteps in the higher-level specification.
//
// To use this specification, first create a request r of type ArmadaCombiningRequest. Then, prove
// that it's a valid request, i.e., that ValidArmadaCombiningRequest(r). Finally, call
// lemma_PerformArmadaCombining (in ArmadaCombining.i.dfy).
//
// The request describes the Armada state machine in an abstract way. It models the Armada
// multisteps as instances of ArrStepSequence, which include a sequence of steps of type LOneStep.
// It models the steps as being either tau steps or non-tau steps.
//
/////////////////////////////////////////////////////////////////////////////////////////////////////
include "../../util/option.s.dfy"
include "../../util/collections/seqs.s.dfy"
include "../refinement/GeneralRefinementLemmas.i.dfy"
include "../refinement/RefinementConvolution.i.dfy"
include "../refinement/AnnotatedBehavior.i.dfy"
include "../invariants.i.dfy"
include "../generic/GenericArmadaSpec.i.dfy"
module ArmadaCombiningSpecModule {
import opened util_option_s
import opened util_collections_seqs_s
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened RefinementConvolutionModule
import opened AnnotatedBehaviorModule
import opened InvariantsModule
import opened GenericArmadaSpecModule
import opened ArmadaCommonDefinitions
datatype ArmadaCombiningRequest<!LState, !LOneStep, !LPC, !HState, !HOneStep, !HPC> =
ArmadaCombiningRequest(
l:Armada_SpecFunctions<LState, LOneStep, LPC>,
h:Armada_SpecFunctions<HState, HOneStep, HPC>,
relation:RefinementRelation<LState, HState>,
inv:LState->bool,
lstate_to_hstate:LState->HState,
lonestep_to_honestep:LOneStep->HOneStep,
lpc_to_hpc:LPC->HPC,
is_inner_pc:LPC->bool
)
predicate IsInnerOptionalPC
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
pc:Option<LPC>
)
{
pc.Some? && acr.is_inner_pc(pc.v)
}
predicate IsInnerStep
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
s:LState,
s':LState,
step:LOneStep
)
{
var tid := acr.l.step_to_thread(step);
|| IsInnerOptionalPC(acr, acr.l.get_thread_pc(s, tid))
|| IsInnerOptionalPC(acr, acr.l.get_thread_pc(s', tid))
}
predicate LInitImpliesHInit<LState(!new), LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls :: acr.l.init(ls) ==> acr.h.init(acr.lstate_to_hstate(ls))
}
predicate LStateToHStateMapsPCsCorrectly
<LState(!new), LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls, tid :: var hs := acr.lstate_to_hstate(ls);
var lpc := acr.l.get_thread_pc(ls, tid);
var hpc := acr.h.get_thread_pc(hs, tid);
hpc == if lpc.Some? then Some(acr.lpc_to_hpc(lpc.v)) else None()
}
predicate LHYieldingCorrespondence<LState, LOneStep, LPC(!new), HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall lpc :: var hpc := acr.lpc_to_hpc(lpc);
acr.is_inner_pc(lpc) || (acr.h.is_pc_nonyielding(hpc) <==> acr.l.is_pc_nonyielding(lpc))
}
predicate StateConversionPreservesOK<LState(!new), LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls :: acr.h.state_ok(acr.lstate_to_hstate(ls)) == acr.l.state_ok(ls)
}
predicate StateConversionSatisfiesRelation
<LState(!new), LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls :: RefinementPair(ls, acr.lstate_to_hstate(ls)) in acr.relation
}
predicate InnerPCsDontYield<LState, LOneStep, LPC(!new), HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall pc :: acr.is_inner_pc(pc) ==> acr.l.is_pc_nonyielding(pc)
}
predicate InnerPCPrecededByInnerOrYieldingPCConditions
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
lstep:LOneStep
)
{
var ls' := acr.l.step_next(ls, lstep);
var tid := acr.l.step_to_thread(lstep);
var pc' := acr.l.get_thread_pc(ls', tid);
&& !acr.l.is_step_tau(lstep)
&& acr.l.step_valid(ls, lstep)
&& pc'.Some?
&& acr.is_inner_pc(pc'.v)
}
predicate InnerPCPrecededByInnerOrYieldingPC
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls, lstep {:trigger InnerPCPrecededByInnerOrYieldingPCConditions(acr, ls, lstep)} ::
InnerPCPrecededByInnerOrYieldingPCConditions(acr, ls, lstep)
==> var tid := acr.l.step_to_thread(lstep);
var pc := acr.l.get_thread_pc(ls, tid);
pc.Some? && (acr.is_inner_pc(pc.v) || !acr.l.is_pc_nonyielding(pc.v))
}
predicate InnerPCSucceededByInnerOrYieldingPCConditions
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
lstep:LOneStep
)
{
var tid := acr.l.step_to_thread(lstep);
var pc := acr.l.get_thread_pc(ls, tid);
&& !acr.l.is_step_tau(lstep)
&& acr.l.step_valid(ls, lstep)
&& pc.Some?
&& acr.is_inner_pc(pc.v)
}
predicate InnerPCSucceededByInnerOrYieldingPC
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls, lstep {:trigger InnerPCSucceededByInnerOrYieldingPCConditions(acr, ls, lstep)} ::
InnerPCSucceededByInnerOrYieldingPCConditions(acr, ls, lstep)
==> var tid := acr.l.step_to_thread(lstep);
var ls' := acr.l.step_next(ls, lstep);
var pc' := acr.l.get_thread_pc(ls', tid);
pc'.Some? && (acr.is_inner_pc(pc'.v) || !acr.l.is_pc_nonyielding(pc'.v))
}
predicate NonInnerStepsLiftableConditions
<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
lstep:LOneStep
)
{
var ls' := acr.l.step_next(ls, lstep);
&& acr.inv(ls)
&& acr.l.step_valid(ls, lstep)
&& !IsInnerStep(acr, ls, ls', lstep)
}
predicate NonInnerStepsLiftable<LState(!new), LOneStep(!new), LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls, lstep {:trigger NonInnerStepsLiftableConditions(acr, ls, lstep)} ::
NonInnerStepsLiftableConditions(acr, ls, lstep)
==> var ls' := acr.l.step_next(ls, lstep);
var hs := acr.lstate_to_hstate(ls);
var hstep := acr.lonestep_to_honestep(lstep);
var hs' := acr.lstate_to_hstate(ls');
&& acr.l.step_to_thread(lstep) == acr.h.step_to_thread(hstep)
&& acr.l.is_step_tau(lstep) == acr.h.is_step_tau(hstep)
&& acr.h.step_valid(hs, hstep)
&& hs' == acr.h.step_next(hs, hstep)
}
predicate CanCombineInnerStepsConditions
<LState(!new), LOneStep(!new), LPC, HState, HOneStep(!new), HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
lsteps:seq<LOneStep>,
tid:Armada_ThreadHandle
)
{
&& acr.inv(ls)
&& Armada_NextMultistep(acr.l, ls, ls', lsteps, tid, false)
&& |lsteps| > 0
&& IsInnerOptionalPC(acr, acr.l.get_thread_pc(acr.l.step_next(ls, lsteps[0]), tid))
}
predicate InnerStepsCombined
<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>,
ls:LState,
ls':LState,
hstep:HOneStep
)
{
var hs := acr.lstate_to_hstate(ls);
var hs' := acr.lstate_to_hstate(ls');
!acr.h.is_step_tau(hstep) && acr.h.step_valid(hs, hstep) && hs' == acr.h.step_next(hs, hstep)
}
predicate CanCombineInnerSteps
<LState(!new), LOneStep(!new), LPC, HState, HOneStep(!new), HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
forall ls, ls', lsteps, tid {:trigger CanCombineInnerStepsConditions(acr, ls, ls', lsteps, tid)} ::
CanCombineInnerStepsConditions(acr, ls, ls', lsteps, tid)
==> exists hstep :: InnerStepsCombined(acr, ls, ls', hstep)
}
predicate ValidArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>(
acr:ArmadaCombiningRequest<LState, LOneStep, LPC, HState, HOneStep, HPC>
)
{
&& InitImpliesInv(acr.l, acr.inv)
&& OneStepPreservesInv(acr.l, acr.inv)
&& OneStepRequiresOK(acr.l)
&& InitImpliesYielding(acr.l)
&& InitImpliesOK(acr.l)
&& SteppingThreadHasPC(acr.l)
&& TauLeavesPCUnchanged(acr.l)
&& ThreadCantAffectOtherThreadPCExceptViaFork(acr.l)
&& LInitImpliesHInit(acr)
&& LStateToHStateMapsPCsCorrectly(acr)
&& LHYieldingCorrespondence(acr)
&& StateConversionPreservesOK(acr)
&& StateConversionSatisfiesRelation(acr)
&& InnerPCsDontYield(acr)
&& InnerPCPrecededByInnerOrYieldingPC(acr)
&& InnerPCSucceededByInnerOrYieldingPC(acr)
&& NonInnerStepsLiftable(acr)
&& CanCombineInnerSteps(acr)
}
}
================================================
FILE: Armada/strategies/generic/GenericArmadaAtomic.i.dfy
================================================
include "GenericArmadaSpec.i.dfy"
include "GenericArmadaLemmas.i.dfy"
include "../invariants.i.dfy"
include "../../util/collections/seqs.i.dfy"
include "../../strategies/refinement/GeneralRefinementLemmas.i.dfy"
module GenericArmadaAtomicModule {
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened util_option_s
import opened GenericArmadaSpecModule
import opened AnnotatedBehaviorModule
import opened ArmadaCommonDefinitions
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened InvariantsModule
import opened GenericArmadaLemmasModule
//////////////////////////////////////////////
// DEFINITIONS
//////////////////////////////////////////////
datatype AtomicPathType = AtomicPathType_Tau
| AtomicPathType_YY
| AtomicPathType_YS
| AtomicPathType_YR
| AtomicPathType_RY
| AtomicPathType_RS
| AtomicPathType_RR
datatype AtomicTraceEntry<Path> =
AtomicTraceEntry_Stutter()
| AtomicTraceEntry_Tau(tau_tid: Armada_ThreadHandle, tau: Path)
| AtomicTraceEntry_Normal(normal_tid: Armada_ThreadHandle, path: Path)
| AtomicTraceEntry_Recurrent(recurrent_tid: Armada_ThreadHandle, yr: Path, rrs: seq<Path>, rx: Path)
datatype AtomicSpecFunctions<!State, !Path, !PC> =
AtomicSpecFunctions(
init: State->bool,
path_valid: (State, Path, Armada_ThreadHandle)->bool,
path_next: (State, Path, Armada_ThreadHandle)->State,
path_type: Path->AtomicPathType,
state_ok: State->bool,
get_thread_pc: (State, Armada_ThreadHandle)->Option<PC>,
is_pc_nonyielding: PC->bool
)
predicate AtomicValidPathSequence<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
paths: seq<Path>,
tid: Armada_ThreadHandle
)
{
|paths| > 0 ==>
&& asf.path_type(paths[0]).AtomicPathType_RR?
&& asf.path_valid(s, paths[0], tid)
&& AtomicValidPathSequence(asf, asf.path_next(s, paths[0], tid), paths[1..], tid)
}
function AtomicGetStateAfterPaths<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
paths: seq<Path>,
tid: Armada_ThreadHandle
) : State
{
if |paths| == 0 then s else AtomicGetStateAfterPaths(asf, asf.path_next(s, paths[0], tid), paths[1..], tid)
}
function AtomicGetStateSequence<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
paths: seq<Path>,
tid: Armada_ThreadHandle
) : (states: seq<State>)
ensures |states| == |paths| + 1
{
if |paths| == 0 then [s] else [s] + AtomicGetStateSequence(asf, asf.path_next(s, paths[0], tid), paths[1..], tid)
}
function AtomicGetNextStateAlways<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
entry: AtomicTraceEntry<Path>
) : State
{
match entry
case AtomicTraceEntry_Stutter() => s
case AtomicTraceEntry_Tau(tid, path) => asf.path_next(s, path, tid)
case AtomicTraceEntry_Normal(tid, path) => asf.path_next(s, path, tid)
case AtomicTraceEntry_Recurrent(tid, yr, rrs, rx) =>
var s1 := asf.path_next(s, yr, tid);
var s2 := AtomicGetStateAfterPaths(asf, s1, rrs, tid);
asf.path_next(s2, rx, tid)
}
predicate AtomicValidRecursiveStep<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
tid: Armada_ThreadHandle,
yr: Path,
rrs: seq<Path>,
rx: Path
)
{
// The first path has the type YR
&& asf.path_type(yr).AtomicPathType_YR?
// All the paths are valid
&& var s1 := asf.path_next(s, yr, tid);
var s2 := AtomicGetStateAfterPaths(asf, s1, rrs, tid);
var s3 := asf.path_next(s2, rx, tid);
&& asf.path_valid(s, yr, tid)
&& AtomicValidPathSequence(asf, s1, rrs, tid)
&& asf.path_valid(s2, rx, tid)
// The final state has ok-ness matching the path type
&& (if asf.state_ok(s3) then asf.path_type(rx).AtomicPathType_RY? else asf.path_type(rx).AtomicPathType_RS?)
}
predicate AtomicValidStep<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
entry: AtomicTraceEntry<Path>
)
{
match entry
case AtomicTraceEntry_Stutter() =>
true
case AtomicTraceEntry_Tau(tid, path) =>
&& asf.path_type(path).AtomicPathType_Tau?
&& asf.path_valid(s, path, tid)
case AtomicTraceEntry_Normal(tid, path) =>
&& asf.path_valid(s, path, tid)
&& (if asf.state_ok(asf.path_next(s, path, tid)) then asf.path_type(path).AtomicPathType_YY? else asf.path_type(path).AtomicPathType_YS?)
case AtomicTraceEntry_Recurrent(tid, yr, rrs, rx) =>
AtomicValidRecursiveStep(asf, s, tid, yr, rrs, rx)
}
predicate AtomicNext<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
s': State,
entry: AtomicTraceEntry<Path>
)
{
&& AtomicValidStep(asf, s, entry)
&& s' == AtomicGetNextStateAlways(asf, s, entry)
}
function AtomicAnnotatedSpec<State(!new), Path(!new), PC>(asf: AtomicSpecFunctions<State, Path, PC>)
: AnnotatedBehaviorSpec<State, AtomicTraceEntry<Path>>
{
AnnotatedBehaviorSpec(iset s | asf.init(s) :: s,
iset s, s', entry | AtomicNext(asf, s, s', entry) :: ActionTuple(s, s', entry))
}
function AtomicSpec<State(!new), Path(!new), PC>(asf: AtomicSpecFunctions<State, Path, PC>) : Spec<State>
{
Spec(iset s | asf.init(s) :: s,
iset s, s', entry: AtomicTraceEntry<Path> | AtomicNext(asf, s, s', entry) :: StatePair(s, s'))
}
function GenericAtomicLiftTraceEntry<LPath, HPath>(lentry: AtomicTraceEntry<LPath>, pathLift: LPath->HPath) : AtomicTraceEntry<HPath>
{
match lentry
case AtomicTraceEntry_Stutter() => AtomicTraceEntry_Stutter()
case AtomicTraceEntry_Tau(tid, path) => AtomicTraceEntry_Tau(tid, pathLift(path))
case AtomicTraceEntry_Normal(tid, path) => AtomicTraceEntry_Normal(tid, pathLift(path))
case AtomicTraceEntry_Recurrent(tid, yr, rrs, rx) =>
AtomicTraceEntry_Recurrent(tid, pathLift(yr), MapSeqToSeq(rrs, pathLift), pathLift(rx))
}
function GenericAtomicLiftPathSeqStateDependent<LState(!new), LPath(!new), LPC, HPath>(
asf: AtomicSpecFunctions<LState, LPath, LPC>,
ls: LState,
paths: seq<LPath>,
tid: Armada_ThreadHandle,
lift_fn: (LState, LPath)-->HPath
) : seq<HPath>
requires AtomicValidPathSequence(asf, ls, paths, tid)
requires forall ls, lpath :: asf.path_valid(ls, lpath, tid) ==> lift_fn.requires(ls, lpath)
decreases |paths|
{
if |paths| == 0 then
[]
else
var ls_next := asf.path_next(ls, paths[0], tid);
[lift_fn(ls, paths[0])] + GenericAtomicLiftPathSeqStateDependent(asf, ls_next, paths[1..], tid, lift_fn)
}
function GenericAtomicLiftTraceEntryStateDependent<LState(!new), LPath(!new), LPC, HPath>(
asf: AtomicSpecFunctions<LState, LPath, LPC>,
ls: LState,
lentry: AtomicTraceEntry<LPath>,
lift_fn: (LState, LPath)-->HPath
) : AtomicTraceEntry<HPath>
requires AtomicValidStep(asf, ls, lentry)
requires forall ls, lpath, tid :: asf.path_valid(ls, lpath, tid) ==> lift_fn.requires(ls, lpath)
{
match lentry
case AtomicTraceEntry_Stutter() => AtomicTraceEntry_Stutter()
case AtomicTraceEntry_Tau(tid, path) => AtomicTraceEntry_Tau(tid, lift_fn(ls, path))
case AtomicTraceEntry_Normal(tid, path) => AtomicTraceEntry_Normal(tid, lift_fn(ls, path))
case AtomicTraceEntry_Recurrent(tid, yr, rrs, rx) =>
var ls1 := asf.path_next(ls, yr, tid);
var ls2 := AtomicGetStateAfterPaths(asf, ls1, rrs, tid);
var rrs' := GenericAtomicLiftPathSeqStateDependent(asf, ls1, rrs, tid, lift_fn);
AtomicTraceEntry_Recurrent(tid, lift_fn(ls, yr), rrs', lift_fn(ls2, rx))
}
predicate AtomicInitImpliesInv<State(!new), Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
inv: State->bool
)
{
forall s :: asf.init(s) ==> inv(s)
}
predicate AtomicInitImpliesYielding<State(!new), Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, tid :: asf.init(s) && asf.get_thread_pc(s, tid).Some? ==> !asf.is_pc_nonyielding(asf.get_thread_pc(s, tid).v)
}
predicate AtomicInitImpliesOK<State(!new), Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s :: asf.init(s) ==> asf.state_ok(s)
}
predicate AtomicPathPreservesInv<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
inv: State->bool
)
{
forall s, path, tid :: inv(s) && asf.path_valid(s, path, tid) ==> inv(asf.path_next(s, path, tid))
}
predicate AtomicPathRequiresOK<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, path, tid :: asf.path_valid(s, path, tid) ==> asf.state_ok(s)
}
predicate AtomicSteppingThreadHasPC<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, path, tid :: asf.path_valid(s, path, tid) ==> asf.get_thread_pc(s, tid).Some?
}
predicate AtomicTauLeavesPCUnchanged<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, path, tid :: asf.path_valid(s, path, tid) && asf.path_type(path).AtomicPathType_Tau? ==>
var s' := asf.path_next(s, path, tid);
asf.get_thread_pc(s', tid) == asf.get_thread_pc(s, tid)
}
predicate AtomicThreadYielding<State(!new), Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
tid: Armada_ThreadHandle
)
{
var pc := asf.get_thread_pc(s, tid);
!asf.state_ok(s) || pc.None? || !asf.is_pc_nonyielding(pc.v)
}
predicate AtomicThreadCantAffectOtherThreadPCExceptViaFork<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, path, tid, other_tid :: asf.path_valid(s, path, tid) && tid != other_tid
==> var s' := asf.path_next(s, path, tid);
var pc := asf.get_thread_pc(s, other_tid);
var pc' := asf.get_thread_pc(s', other_tid);
(pc' != pc ==> pc.None? && !asf.is_pc_nonyielding(pc'.v))
}
predicate AtomicPathTypeMatchesPCTypes<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
path: Path,
tid: Armada_ThreadHandle
)
{
var s' := asf.path_next(s, path, tid);
match asf.path_type(path)
case AtomicPathType_Tau => true
case AtomicPathType_YY => AtomicThreadYielding(asf, s, tid) && asf.state_ok(s') && AtomicThreadYielding(asf, s', tid)
case AtomicPathType_YS => AtomicThreadYielding(asf, s, tid) && !asf.state_ok(s')
case AtomicPathType_YR => AtomicThreadYielding(asf, s, tid) && !AtomicThreadYielding(asf, s', tid)
case AtomicPathType_RY => !AtomicThreadYielding(asf, s, tid) && asf.state_ok(s') && AtomicThreadYielding(asf, s', tid)
case AtomicPathType_RS => !AtomicThreadYielding(asf, s, tid) && !asf.state_ok(s')
case AtomicPathType_RR => !AtomicThreadYielding(asf, s, tid) && !AtomicThreadYielding(asf, s', tid)
}
predicate AtomicPathTypeAlwaysMatchesPCTypes<State(!new), Path(!new), PC>(
asf: AtomicSpecFunctions<State, Path, PC>
)
{
forall s, path, tid :: asf.path_valid(s, path, tid) ==> AtomicPathTypeMatchesPCTypes(asf, s, path, tid)
}
//////////////////////////////////////////////
// UTILITY LEMMAS
//////////////////////////////////////////////
lemma lemma_AtomicGetStateSequenceOnePos<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
paths: seq<Path>,
tid: Armada_ThreadHandle,
pos: int
)
requires 0 <= pos < |paths|
ensures var states := AtomicGetStateSequence(asf, s, paths, tid); states[pos+1] == asf.path_next(states[pos], paths[pos], tid)
{
if |paths| > 0 && pos > 0 {
lemma_AtomicGetStateSequenceOnePos(asf, asf.path_next(s, paths[0], tid), paths[1..], tid, pos-1);
}
}
lemma lemma_AtomicValidPathSequenceImpliesValidPath<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
s': State,
paths: seq<Path>,
tid: Armada_ThreadHandle,
states: seq<State>,
i: int
)
requires AtomicValidPathSequence(asf, s, paths, tid)
requires 0 <= i < |paths|
requires states == AtomicGetStateSequence(asf, s, paths, tid)
ensures asf.path_valid(states[i], paths[i], tid)
ensures states[i+1] == asf.path_next(states[i], paths[i], tid)
{
if i > 0 {
var s_mid := asf.path_next(s, paths[0], tid);
lemma_AtomicValidPathSequenceImpliesValidPath(asf, s_mid, s', paths[1..], tid, states[1..], i-1);
}
}
lemma lemma_AtomicNextLastElement<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
s': State,
paths: seq<Path>,
tid: Armada_ThreadHandle,
states: seq<State>
)
requires s' == AtomicGetStateAfterPaths(asf, s, paths, tid)
requires states == AtomicGetStateSequence(asf, s, paths, tid)
ensures last(states) == s'
{
if |paths| > 0 {
var s_mid := asf.path_next(s, paths[0], tid);
lemma_AtomicNextLastElement(asf, s_mid, s', paths[1..], tid, states[1..]);
}
}
lemma lemma_ExtendAtomicGetStateAfterPaths<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
s': State,
paths: seq<Path>,
tid: Armada_ThreadHandle,
path: Path
)
requires s' == AtomicGetStateAfterPaths(asf, s, paths, tid)
ensures asf.path_next(s', path, tid) == AtomicGetStateAfterPaths(asf, s, paths + [path], tid)
decreases |paths|
{
if |paths| > 0 {
var s_next := asf.path_next(s, paths[0], tid);
lemma_ExtendAtomicGetStateAfterPaths(asf, s_next, s', paths[1..], tid, path);
assert paths + [path] == [paths[0]] + (paths[1..] + [path]);
}
}
lemma lemma_ExtendAtomicValidPathSequence<State, Path, PC>(
asf: AtomicSpecFunctions<State, Path, PC>,
s: State,
s': State,
paths: seq<Path>,
tid: Armada_ThreadHandle,
path: Path
)
requires AtomicValidPathSequence(asf, s, paths, tid)
requires s' == AtomicGetStateAfterPaths(asf, s, paths, tid)
requires asf.path_valid(s', path, tid)
requires asf.path_type(path).AtomicPathType_RR?
ensures AtomicValidPathSequence(asf, s, paths + [path], tid)
decreases |paths|
{
if |paths| > 0 {
var s_next := asf.path_next(s, paths[0], tid);
lemma_ExtendAtomicValidPathSequence(asf, s_next, s', paths[1..], tid, path);
assert paths + [path] == [paths[0]] + (paths[1..] + [path]);
}
}
lemma lemma_AtomicBehaviorToAnnotatedBehavior<State(!new), Path(!new), PC(!new)>(
asf:AtomicSpecFunctions<State, Path, PC>,
b:seq<State>
) returns (
ab:AnnotatedBehavior<State, AtomicTraceEntry<Path>>
)
requires BehaviorSatisfiesSpec(b, AtomicSpec(asf))
ensures AnnotatedBehaviorSatisfiesSpec(ab, AtomicAnnotatedSpec(asf))
ensures ab.states == b
{
var trace:seq<AtomicTraceEntry<Path>> := [];
var pos := 0;
while pos < |b| - 1
invariant 0 <= pos < |b|
invariant |trace| == pos
invariant AnnotatedBehaviorSatisfiesSpec(AnnotatedBehavior(b[..pos + 1], trace), AtomicAnnotatedSpec(asf))
{
assert StatePair(b[pos], b[pos + 1]) in AtomicSpec(asf).next;
var entry :| AtomicNext(asf, b[pos], b[pos + 1], entry);
lemma_ExtendStateNextSeqRight(b[..pos + 1], trace, AtomicAnnotatedSpec(asf).next, b[pos + 1], entry);
assert b[..pos + 1] + [b[pos + 1]] == b[..(pos + 1) + 1];
trace := trace + [entry];
pos := pos + 1;
}
assert b[..pos + 1] == b;
ab := AnnotatedBehavior(b, trace);
}
lemma lemma_AtomicAnnotatedBehaviorSatisfiesAtomicSpec<State(!new), Path(!new), PC(!new)>(
asf:AtomicSpecFunctions<State, Path, PC>,
ab:AnnotatedBehavior<State, AtomicTraceEntry<Path>>
)
requires AnnotatedBehaviorSatisfiesSpec(ab, AtomicAnnotatedSpec(asf))
ensures BehaviorSatisfiesSpec(ab.states, AtomicSpec(asf))
{
var b := ab.states;
var spec := AtomicSpec(asf);
forall i {:trigger StatePair(b[i], b[i + 1]) in spec.next} | 0 <= i < |b| - 1
ensures StatePair(b[i], b[i + 1]) in spec.next
{
assert ActionTuple(ab.states[i], ab.states[i + 1], ab.trace[i]) in AtomicAnnotatedSpec(asf).next;
}
}
}
================================================
FILE: Armada/strategies/generic/GenericArmadaLemmas.i.dfy
================================================
include "GenericArmadaSpec.i.dfy"
include "../refinement/GeneralRefinementLemmas.i.dfy"
module GenericArmadaLemmasModule {
import opened util_collections_seqs_s
import opened AnnotatedBehaviorModule
import opened ArmadaCommonDefinitions
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened GenericArmadaSpecModule
lemma lemma_BehaviorToAnnotatedBehavior<State(!new), OneStep(!new), PC(!new)>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
b:seq<State>
) returns (
ab:AnnotatedBehavior<State, Armada_Multistep<OneStep>>
)
requires BehaviorSatisfiesSpec(b, Armada_SpecFunctionsToSpec(asf))
ensures AnnotatedBehaviorSatisfiesSpec(ab, SpecFunctionsToAnnotatedSpec(asf))
ensures ab.states == b
{
var spec := Armada_SpecFunctionsToSpec(asf);
var aspec := SpecFunctionsToAnnotatedSpec(asf);
var pos := 0;
var trace := [];
while pos < |b|-1
invariant pos == |trace|
invariant pos < |b|
invariant AnnotatedBehaviorSatisfiesSpec(AnnotatedBehavior(b[..pos+1], trace), aspec)
{
var s := b[pos];
var s' := b[pos+1];
assert StatePair(s, s') in spec.next;
var steps, tid, tau :| Armada_NextMultistep(asf, s, s', steps, tid, tau);
var multistep := Armada_Multistep(steps, tid, tau);
assert StatePair(b[pos], b[pos+1]) in spec.next;
lemma_ExtendStateNextSeqRight(b[..pos+1], trace, aspec.next, b[pos+1], multistep);
assert b[..(pos+1)+1] == b[..pos+1] + [b[pos+1]];
trace := trace + [multistep];
pos := pos + 1;
}
return AnnotatedBehavior(b, trace);
}
lemma lemma_IfAnnotatedBehaviorSatisfiesSpecThenBehaviorDoes<State(!new), OneStep(!new), PC(!new)>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
ab:AnnotatedBehavior<State, Armada_Multistep<OneStep>>
)
requires AnnotatedBehaviorSatisfiesSpec(ab, SpecFunctionsToAnnotatedSpec(asf))
ensures BehaviorSatisfiesSpec(ab.states, Armada_SpecFunctionsToSpec(asf))
{
var aspec := SpecFunctionsToAnnotatedSpec(asf);
var spec := Armada_SpecFunctionsToSpec(asf);
forall pos | 0 <= pos < |ab.states|-1
ensures StatePair(ab.states[pos], ab.states[pos+1]) in spec.next
{
assert ActionTuple(ab.states[pos], ab.states[pos+1], ab.trace[pos]) in aspec.next;
}
}
lemma lemma_ExtendArmadaNextMultipleSteps<State(!new), OneStep(!new), PC(!new)>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
s': State,
s'': State,
steps: seq<OneStep>,
step: OneStep,
tid: Armada_ThreadHandle
)
requires Armada_NextMultipleSteps(asf, s, s', steps, tid)
requires asf.step_valid(s', step, tid)
requires s'' == asf.step_next(s', step, tid)
ensures Armada_NextMultipleSteps(asf, s, s'', steps + [step], tid)
decreases |steps|
{
if |steps| > 0 {
var s_next := asf.step_next(s, steps[0], tid);
lemma_ExtendArmadaNextMultipleSteps(asf, s_next, s', s'', steps[1..], step, tid);
var all_steps := steps + [step];
assert all_steps[0] == steps[0];
assert all_steps[1..] == steps[1..] + [step];
assert Armada_NextMultipleSteps(asf, s_next, s'', all_steps[1..], tid);
}
}
lemma lemma_ExtendArmadaStepsStartNonyielding<State(!new), OneStep(!new), PC(!new)>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
s': State,
s'': State,
steps: seq<OneStep>,
step: OneStep,
tid: Armada_ThreadHandle
)
requires Armada_StepsStartNonyielding(asf, s, s', steps, tid)
requires Armada_NextMultipleSteps(asf, s, s', steps, tid)
requires !Armada_ThreadYielding(asf, s', tid)
requires !asf.is_step_tau(step)
requires asf.step_valid(s', step, tid)
requires s'' == asf.step_next(s', step, tid)
ensures Armada_StepsStartNonyielding(asf, s, s'', steps + [step], tid)
ensures Armada_NextMultipleSteps(asf, s, s'', steps + [step], tid)
decreases |steps|
{
if |steps| > 0 {
var s_next := asf.step_next(s, steps[0], tid);
lemma_ExtendArmadaStepsStartNonyielding(asf, s_next, s', s'', steps[1..], step, tid);
var all_steps := steps + [step];
assert all_steps[0] == steps[0];
assert all_steps[1..] == steps[1..] + [step];
assert Armada_StepsStartNonyielding(asf, s_next, s'', all_steps[1..], tid);
assert Armada_StepsStartNonyielding(asf, s, s'', steps + [step], tid);
assert Armada_NextMultipleSteps(asf, s, s'', steps + [step], tid);
}
else {
assert Armada_StepsStartNonyielding(asf, s, s'', steps + [step], tid);
assert Armada_NextMultipleSteps(asf, s, s'', steps + [step], tid);
}
}
lemma lemma_CombineArmadaNextMultipleSteps<State(!new), OneStep(!new), PC(!new)>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
s': State,
s'': State,
steps1: seq<OneStep>,
steps2: seq<OneStep>,
tid: Armada_ThreadHandle
)
requires Armada_NextMultipleSteps(asf, s, s', steps1, tid)
requires Armada_NextMultipleSteps(asf, s', s'', steps2, tid)
ensures Armada_NextMultipleSteps(asf, s, s'', steps1 + steps2, tid)
decreases |steps2|
{
if |steps2| == 0 {
assert s'' == s';
assert steps1 + steps2 == steps1;
return;
}
var s_next := asf.step_next(s', steps2[0], tid);
lemma_ExtendArmadaNextMultipleSteps(asf, s, s', s_next, steps1, steps2[0], tid);
lemma_CombineArmadaNextMultipleSteps(asf, s, s_next, s'', steps1 + [steps2[0]], steps2[1..], tid);
calc {
steps1 + steps2;
steps1 + ([steps2[0]] + steps2[1..]);
(steps1 + [steps2[0]]) + steps2[1..];
}
}
lemma lemma_CombineArmadaStepsStartNonyielding<State(!new), OneStep(!new), PC(!new)>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
s': State,
s'': State,
steps1: seq<OneStep>,
steps2: seq<OneStep>,
tid: Armada_ThreadHandle
)
requires Armada_StepsStartNonyielding(asf, s, s', steps1, tid)
requires Armada_NextMultipleSteps(asf, s, s', steps1, tid)
requires Armada_StepsStartNonyielding(asf, s', s'', steps2, tid)
requires Armada_NextMultipleSteps(asf, s', s'', steps2, tid)
ensures Armada_StepsStartNonyielding(asf, s, s'', steps1 + steps2, tid)
ensures Armada_NextMultipleSteps(asf, s, s'', steps1 + steps2, tid)
decreases |steps2|
{
if |steps2| == 0 {
assert s'' == s';
assert steps1 + steps2 == steps1;
return;
}
var s_next := asf.step_next(s', steps2[0], tid);
lemma_ExtendArmadaStepsStartNonyielding(asf, s, s', s_next, steps1, steps2[0], tid);
lemma_CombineArmadaStepsStartNonyielding(asf, s, s_next, s'', steps1 + [steps2[0]], steps2[1..], tid);
calc {
steps1 + steps2;
steps1 + ([steps2[0]] + steps2[1..]);
(steps1 + [steps2[0]]) + steps2[1..];
}
}
}
================================================
FILE: Armada/strategies/generic/GenericArmadaPlus.i.dfy
================================================
include "GenericArmadaSpec.i.dfy"
include "GenericArmadaLemmas.i.dfy"
include "../refinement/GeneralRefinementLemmas.i.dfy"
module GenericArmadaPlusModule
{
import opened util_collections_seqs_s
import opened AnnotatedBehaviorModule
import opened ArmadaCommonDefinitions
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened GenericArmadaLemmasModule
predicate InitsMatch<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall ls :: lasf.init(ls) ==> exists hs :: hasf.init(hs) && ls == convert(hs)
}
predicate NextsMatch<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall ls, hs, step, tid :: lasf.step_valid(ls, step, tid) && ls == convert(hs)
==> hasf.step_valid(hs, step, tid) && lasf.step_next(ls, step, tid) == convert(hasf.step_next(hs, step, tid))
}
predicate TausMatch<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall step :: lasf.is_step_tau(step) <==> hasf.is_step_tau(step)
}
predicate ThreadPCsMatch<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall ls, hs, tid :: ls == convert(hs) ==> lasf.get_thread_pc(ls, tid) == hasf.get_thread_pc(hs, tid)
}
predicate NonyieldingPCsMatch<LState(!new), HState(!new), OneStep(!new), PC(!new)>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall pc :: lasf.is_pc_nonyielding(pc) <==> hasf.is_pc_nonyielding(pc)
}
predicate StateOKsMatch<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
forall ls, hs :: ls == convert(hs) ==> lasf.state_ok(ls) == hasf.state_ok(hs)
}
predicate RequirementsForSpecRefinesPlusSpec<LState(!new), HState(!new), OneStep(!new), PC(!new)>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
)
{
&& InitsMatch(lasf, hasf, convert)
&& NextsMatch(lasf, hasf, convert)
&& TausMatch(lasf, hasf, convert)
&& ThreadPCsMatch(lasf, hasf, convert)
&& NonyieldingPCsMatch(lasf, hasf, convert)
&& StateOKsMatch(lasf, hasf, convert)
}
lemma lemma_LiftStepsStartNonyielding<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState,
ls: LState,
ls': LState,
hs: HState,
steps: seq<OneStep>,
tid: Armada_ThreadHandle
) returns (
hs': HState
)
requires RequirementsForSpecRefinesPlusSpec(lasf, hasf, convert)
requires Armada_NextMultipleSteps(lasf, ls, ls', steps, tid)
requires Armada_StepsStartNonyielding(lasf, ls, ls', steps, tid)
requires ls == convert(hs)
ensures Armada_NextMultipleSteps(hasf, hs, hs', steps, tid)
ensures Armada_StepsStartNonyielding(hasf, hs, hs', steps, tid)
ensures ls' == convert(hs')
{
if |steps| == 0 {
hs' := hs;
return;
}
var step := steps[0];
var ls_next := lasf.step_next(ls, step, tid);
var hs_next := hasf.step_next(hs, step, tid);
hs' := lemma_LiftStepsStartNonyielding(lasf, hasf, convert, ls_next, ls', hs_next, steps[1..], tid);
}
lemma lemma_LiftMultistep<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState,
ls: LState,
ls': LState,
hs: HState,
steps: seq<OneStep>,
tid: Armada_ThreadHandle,
tau: bool
) returns (
hs': HState
)
requires RequirementsForSpecRefinesPlusSpec(lasf, hasf, convert)
requires Armada_NextMultistep(lasf, ls, ls', steps, tid, tau)
requires ls == convert(hs)
ensures Armada_NextMultistep(hasf, hs, hs', steps, tid, tau)
ensures ls' == convert(hs')
{
if |steps| == 0 {
hs' := hs;
return;
}
var step := steps[0];
var ls_next := lasf.step_next(ls, step, tid);
var hs_next := hasf.step_next(hs, step, tid);
if tau {
hs' := hs_next;
assert Armada_NextMultipleSteps(lasf, ls_next, ls', steps[1..], tid);
}
else {
hs' := lemma_LiftStepsStartNonyielding(lasf, hasf, convert, ls_next, ls', hs_next, steps[1..], tid);
}
}
lemma lemma_LiftBehavior<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState,
refinement_relation: RefinementRelation<LState, HState>,
lb: seq<LState>
) returns (
hb: seq<HState>
)
requires RequirementsForSpecRefinesPlusSpec(lasf, hasf, convert)
requires BehaviorSatisfiesSpec(lb, Armada_SpecFunctionsToSpec(lasf))
requires refinement_relation == iset ls, hs | ls == convert(hs) :: RefinementPair(ls, hs)
ensures BehaviorRefinesBehavior(lb, hb, refinement_relation)
ensures BehaviorSatisfiesSpec(hb, Armada_SpecFunctionsToSpec(hasf))
{
assert lasf.init(lb[0]);
var hs0 :| hasf.init(hs0) && lb[0] == convert(hs0);
hb := [hs0];
var pos := 0;
var lspec := Armada_SpecFunctionsToSpec(lasf);
var hspec := Armada_SpecFunctionsToSpec(hasf);
assert BehaviorRefinesBehaviorUsingRefinementMap(lb[..pos+1], hb, refinement_relation, [RefinementRange(0, 0)]);
assert BehaviorRefinesBehavior(lb[..pos+1], hb, refinement_relation);
while pos + 1 < |lb|
invariant |hb| == pos + 1
invariant pos < |lb|
invariant BehaviorRefinesBehavior(lb[..pos+1], hb, refinement_relation)
invariant BehaviorSatisfiesSpec(hb, hspec)
{
var ls := lb[pos];
var ls' := lb[pos+1];
var hs := hb[pos];
assert RefinementPair(ls, hs) in refinement_relation;
assert StatePair(ls, ls') in lspec.next;
var steps, tid, tau :| Armada_NextMultistep(lasf, ls, ls', steps, tid, tau);
var hs' := lemma_LiftMultistep(lasf, hasf, convert, ls, ls', hs, steps, tid, tau);
assert Armada_NextMultistep(hasf, hs, hs', steps, tid, tau);
assert StatePair(hs, hs') in hspec.next;
lemma_ExtendBehaviorRefinesBehaviorRightOne_LH(lb[..pos+1], hb, refinement_relation, ls', hs');
lemma_ExtendBehaviorSatisfiesSpecRightOne(hb, hspec, hs');
assert lb[..(pos+1)+1] == lb[..pos+1] + [ls'];
pos := pos + 1;
hb := hb + [hs'];
}
assert lb[..pos+1] == lb;
}
lemma lemma_SpecRefinesPlusSpec<LState(!new), HState(!new), OneStep(!new), PC>(
lasf: Armada_SpecFunctions<LState, OneStep, PC>,
hasf: Armada_SpecFunctions<HState, OneStep, PC>,
convert: HState->LState
) returns (
refinement_relation: RefinementRelation<LState, HState>
)
requires RequirementsForSpecRefinesPlusSpec(lasf, hasf, convert)
ensures SpecRefinesSpec(Armada_SpecFunctionsToSpec(lasf), Armada_SpecFunctionsToSpec(hasf), refinement_relation)
ensures refinement_relation == iset ls, hs | ls == convert(hs) :: RefinementPair(ls, hs)
{
refinement_relation := iset ls, hs | ls == convert(hs) :: RefinementPair(ls, hs);
var hspec := Armada_SpecFunctionsToSpec(hasf);
forall lb | BehaviorSatisfiesSpec(lb, Armada_SpecFunctionsToSpec(lasf))
ensures exists hb :: BehaviorRefinesBehavior(lb, hb, refinement_relation) && BehaviorSatisfiesSpec(hb, hspec)
{
var hb := lemma_LiftBehavior(lasf, hasf, convert, refinement_relation, lb);
assert BehaviorRefinesBehavior(lb, hb, refinement_relation) && BehaviorSatisfiesSpec(hb, hspec);
}
}
}
================================================
FILE: Armada/strategies/generic/GenericArmadaSpec.i.dfy
================================================
include "../../util/option.s.dfy"
include "../refinement/AnnotatedBehavior.i.dfy"
include "../../ArmadaCommonDefinitions.dfy"
module GenericArmadaSpecModule {
import opened util_option_s
import opened AnnotatedBehaviorModule
import opened ArmadaCommonDefinitions
/////////////////////////////////////////////
// Constructing an AnnotatedBehaviorSpec
/////////////////////////////////////////////
datatype Armada_Multistep<OneStep> = Armada_Multistep(steps:seq<OneStep>, tid:Armada_ThreadHandle, tau:bool)
function SpecFunctionsToAnnotatedSpec<State(!new), OneStep(!new), PC>(
asf: Armada_SpecFunctions<State, OneStep, PC>
) : AnnotatedBehaviorSpec<State, Armada_Multistep<OneStep>>
{
AnnotatedBehaviorSpec(
iset s | asf.init(s) :: s,
iset s, s', entry:Armada_Multistep<OneStep>
| Armada_NextMultistep(asf, s, s', entry.steps, entry.tid, entry.tau)
:: ActionTuple(s, s', entry)
)
}
predicate Armada_Next<State(!new), OneStep(!new), PC>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
s': State,
multistep: Armada_Multistep<OneStep>
)
{
Armada_NextMultistep(asf, s, s', multistep.steps, multistep.tid, multistep.tau)
}
/////////////////////////////////////////////
// Predicates about an Armada spec
/////////////////////////////////////////////
predicate InitImpliesInv<State(!new), OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
inv:State->bool
)
{
forall s :: asf.init(s) ==> inv(s)
}
predicate InitImpliesYielding<State(!new), OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s, tid :: asf.init(s) && asf.get_thread_pc(s, tid).Some? ==> !asf.is_pc_nonyielding(asf.get_thread_pc(s, tid).v)
}
predicate InitImpliesOK<State(!new), OneStep, PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s :: asf.init(s) ==> asf.state_ok(s)
}
predicate OneStepPreservesInv<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>,
inv:State->bool
)
{
forall s, step, tid :: inv(s) && asf.step_valid(s, step, tid) ==> inv(asf.step_next(s, step, tid))
}
predicate OneStepRequiresOK<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s, step, tid :: asf.step_valid(s, step, tid) ==> asf.state_ok(s)
}
predicate SteppingThreadHasPC<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s, step, tid :: asf.step_valid(s, step, tid) ==> asf.get_thread_pc(s, tid).Some?
}
predicate TauLeavesPCUnchanged<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s, step, tid :: asf.step_valid(s, step, tid) && asf.is_step_tau(step) ==>
var s' := asf.step_next(s, step, tid);
asf.get_thread_pc(s', tid) == asf.get_thread_pc(s, tid)
}
predicate ThreadCantAffectOtherThreadPCExceptViaFork<State(!new), OneStep(!new), PC>(
asf:Armada_SpecFunctions<State, OneStep, PC>
)
{
forall s, step, tid, other_tid :: asf.step_valid(s, step, tid) && tid != other_tid
==> var s' := asf.step_next(s, step, tid);
var pc := asf.get_thread_pc(s, other_tid);
var pc' := asf.get_thread_pc(s', other_tid);
(pc' != pc ==> pc.None? && !asf.is_pc_nonyielding(pc'.v))
}
////////////////////////////////////////////////////////////////////////
// Extracting a sequence of states from a sequence of steps
////////////////////////////////////////////////////////////////////////
function Armada_GetStateSequence<State, OneStep, PC>(
asf: Armada_SpecFunctions<State, OneStep, PC>,
s: State,
steps: seq<OneStep>,
tid: Armada_ThreadHandle
) : (states: seq<State>)
ensures |states| == |steps| + 1
ensures states[0] == s
decreases |steps|
{
if |steps| == 0 then
[s]
else
[s] + Armada_GetStateSequence(asf, asf.step_next(s, steps[0], tid), steps[1..], tid)
}
}
================================================
FILE: Armada/strategies/generic/LiftAtomicToAtomic.i.dfy
================================================
include "GenericArmadaAtomic.i.dfy"
module LiftAtomicToAtomicModule
{
import opened util_collections_seqs_s
import opened util_collections_seqs_i
import opened util_option_s
import opened GenericArmadaSpecModule
import opened AnnotatedBehaviorModule
import opened ArmadaCommonDefinitions
import opened GeneralRefinementModule
import opened GeneralRefinementLemmasModule
import opened InvariantsModule
import opened GenericArmadaLemmasModule
import opened GenericArmadaAtomicModule
//////////////////////////////////////////////
// LIFTING BETWEEN TWO ATOMIC SPECS
//////////////////////////////////////////////
predicate LiftAtomicPathSuccessful<LState, LPath, LPC, HState, HPath, HPC>(
lasf: AtomicSpecFunctions<LState, LPath, LPC>,
hasf: AtomicSpecFunctions<HState, HPath, HPC>,
inv: LState->bool,
relation: (LState, HState)->bool,
ls: LState,
lpath: LPath,
tid: Armada_ThreadHandle,
hs: HState,
hpath: HPath
)
{
var ls' := lasf.path_next(ls, lpath, tid);
var hs' := hasf.path_next(hs, hpath, tid);
&& inv(ls')
&& hasf.path_valid(hs, hpath, tid)
&& relation(ls', hs')
&& hasf.path_type(hpath) == lasf.path_type(lpath)
&& lasf.state_ok(ls') == hasf.state_ok(hs')
}
predicate LiftAtomicTraceEntrySuccessful<LState, LPath, LPC, HState, HPath, HPC>(
lasf: AtomicSpecFunctions<LState, LPath, LPC>,
hasf: AtomicSpecFunctions<HState, HPath, HPC>,
inv: LState->bool,
relation: (LState, HState)->bool,
ls: LState,
lentry: AtomicTraceEntry<LPath>,
hs: HState,
hentry: AtomicTraceEntry<HPath>
)
{
var ls' := AtomicGetNextStateAlways(lasf, ls, lentry);
&& inv(ls')
&& AtomicValidStep(hasf, hs, hentry)
&& relation(ls', AtomicGetNextStateAlways(hasf, hs, hentry))
}
predicate AtomicPathSkippable<LState, LPath, LPC, HState>(
lasf: AtomicSpecFunctions<LState, LPath, LPC>,
inv: LState->bool,
relation: (LState, HState)->bool,
ls: LState,
lpath: LPath,
tid: Armada_ThreadHandle,
hs: HState
)
{
var ls' := lasf.path_next(ls, lpath, tid);
var ty := lasf.path_type(lpath);
&& inv(ls')
&& relation(ls', hs)
&& lasf.state_ok(ls')
&& (ty.AtomicPathType_Tau? || ty.AtomicPathType_YY? || ty.AtomicPathType_YS? || ty.AtomicPathType_RR?)
}
predicate ProgressMade(value: (int, int), value': (int, int))
{
var (x, y) := value;
var (x', y') := value';
&& 0 <= x
&& 0 <= x'
&& 0 <= y
&& 0 <= y'
&& (x' < x || (x' == x && y' < y))
}
predicate AtomicPathIntroduced<LState, LPath, LPC, HState, HPath, HPC>(
lasf: AtomicSpecFunctions<LState, LPath, LPC>,
hasf: AtomicSpecFunctions<HState, HPath, HPC>,
relation: (LState, HState)->bool,
progress_measure: (HState, LPath, Armada_ThreadHandle)->(int, int),
ls: LState,
lpath: LPath,
tid: Armada_ThreadHandle,
hs: HState,
hpath: HPath
)
{
var lty := lasf.path_type(lpath);
var hty := hasf.path_type(hpath);
var hs' := hasf.path_next(hs, hpath, tid);
&& hasf.path_valid(hs, hpath, tid)
&& relation(ls, hs')
&& hasf.state_ok(hs')
&& ProgressMade(progress_measure(hs, lpath, tid), progress_measure(hs', lpath, tid))
&& match lty
case AtomicPathType_Tau => hty.AtomicPathType_Tau?
case AtomicPathType_YY => hty.AtomicPathType_YY? || hty.AtomicPathType_Tau?
case AtomicPathType_YS => hty.AtomicPathType_YY? || hty.AtomicPathType_Tau?
case AtomicPathType_YR => hty.AtomicPathType_YY? || hty.AtomicPathType_T
gitextract_4_a407x8/
├── .gitattributes
├── .gitignore
├── Armada/
│ ├── .gitignore
│ ├── ArmadaCommonDefinitions.dfy
│ ├── spec/
│ │ └── refinement.s.dfy
│ ├── strategies/
│ │ ├── chl/
│ │ │ ├── AtomicConcurrentHoareLogic.i.dfy
│ │ │ ├── AtomicConcurrentHoareLogicLemmas.i.dfy
│ │ │ ├── AtomicConcurrentHoareLogicSpec.i.dfy
│ │ │ ├── ConcurrentHoareLogic.i.dfy
│ │ │ ├── ConcurrentHoareLogicLemmas.i.dfy
│ │ │ └── ConcurrentHoareLogicSpec.i.dfy
│ │ ├── combining/
│ │ │ ├── ArmadaCombining.i.dfy
│ │ │ ├── ArmadaCombiningLemmas.i.dfy
│ │ │ └── ArmadaCombiningSpec.i.dfy
│ │ ├── generic/
│ │ │ ├── GenericArmadaAtomic.i.dfy
│ │ │ ├── GenericArmadaLemmas.i.dfy
│ │ │ ├── GenericArmadaPlus.i.dfy
│ │ │ ├── GenericArmadaSpec.i.dfy
│ │ │ ├── LiftAtomicToAtomic.i.dfy
│ │ │ ├── LiftFromAtomic.i.dfy
│ │ │ └── LiftToAtomic.i.dfy
│ │ ├── invariants.i.dfy
│ │ ├── reduction/
│ │ │ ├── AtomicReduction.i.dfy
│ │ │ ├── AtomicReductionLemmas.i.dfy
│ │ │ ├── AtomicReductionSpec.i.dfy
│ │ │ ├── CohenLamportReduction.i.dfy
│ │ │ ├── CohenLamportReductionLemmas.i.dfy
│ │ │ ├── CohenLamportReductionSpec.i.dfy
│ │ │ ├── RefinementViaReduction.i.dfy
│ │ │ ├── RefinementViaReductionLemmas.i.dfy
│ │ │ └── RefinementViaReductionSpec.i.dfy
│ │ ├── refinement/
│ │ │ ├── AnnotatedBehavior.i.dfy
│ │ │ ├── GeneralRefinementLemmas.i.dfy
│ │ │ └── RefinementConvolution.i.dfy
│ │ ├── starweakening/
│ │ │ ├── StarWeakening.i.dfy
│ │ │ └── StarWeakeningSpec.i.dfy
│ │ ├── tsoelimination/
│ │ │ ├── TSOElimination.i.dfy
│ │ │ ├── TSOEliminationLemmas.i.dfy
│ │ │ └── TSOEliminationSpec.i.dfy
│ │ ├── varhiding/
│ │ │ ├── VarHiding.i.dfy
│ │ │ └── VarHidingSpec.i.dfy
│ │ ├── varintro/
│ │ │ ├── VarIntro.i.dfy
│ │ │ └── VarIntroSpec.i.dfy
│ │ └── weakening/
│ │ ├── Weakening.i.dfy
│ │ └── WeakeningSpec.i.dfy
│ └── util/
│ ├── collections/
│ │ ├── MapSum.i.dfy
│ │ ├── SeqSum.i.dfy
│ │ ├── maps.i.dfy
│ │ ├── maps.s.dfy
│ │ ├── seqs.i.dfy
│ │ ├── seqs.s.dfy
│ │ └── sets.i.dfy
│ ├── functions.i.dfy
│ ├── math/
│ │ ├── .gitignore
│ │ ├── div.i.dfy
│ │ ├── div_auto.i.dfy
│ │ ├── div_auto_proofs.i.dfy
│ │ ├── div_boogie.i.dfy
│ │ ├── div_def.i.dfy
│ │ ├── div_nonlinear.i.dfy
│ │ ├── mod_auto.i.dfy
│ │ ├── mod_auto_proofs.i.dfy
│ │ ├── mul.i.dfy
│ │ ├── mul_auto.i.dfy
│ │ ├── mul_auto_proofs.i.dfy
│ │ ├── mul_nonlinear.i.dfy
│ │ ├── power.i.dfy
│ │ └── powers.i.dfy
│ ├── option.s.dfy
│ └── types.s.dfy
├── BUILD.md
├── CODE_OF_CONDUCT.md
├── LICENSE
├── NOTICE.txt
├── README.md
├── SConstruct1
├── SConstruct2
├── SECURITY.md
├── Source/
│ ├── Armada/
│ │ ├── AbstractProofGenerator.cs
│ │ ├── Armada.atg
│ │ ├── ArmadaAst.cs
│ │ ├── ArmadaExpr.cs
│ │ ├── ArmadaHelper.cs
│ │ ├── ArmadaMain.cs
│ │ ├── ArmadaOptions.cs
│ │ ├── ArmadaParser.cs
│ │ ├── ArmadaPipeline.csproj
│ │ ├── ArmadaRValue.cs
│ │ ├── ArmadaStructs.cs
│ │ ├── AssumeIntro.cs
│ │ ├── AtomicSpec.cs
│ │ ├── BigIntegerParser.cs
│ │ ├── Cloner.cs
│ │ ├── Combining.cs
│ │ ├── Compiler-clight.cs
│ │ ├── Compiler.cs
│ │ ├── ConstraintCollector.cs
│ │ ├── DeclCollector.cs
│ │ ├── ExpressionBuilder.cs
│ │ ├── GlobalVarHiding.cs
│ │ ├── GlobalVarIntro.cs
│ │ ├── NextRoutine.cs
│ │ ├── PathPrinter.cs
│ │ ├── PredicateBuilder.cs
│ │ ├── Printer.cs
│ │ ├── Prioritization.cs
│ │ ├── ProofFiles.cs
│ │ ├── ProofGenerationParams.cs
│ │ ├── ProofGenerator.cs
│ │ ├── Reduction.cs
│ │ ├── RefinementTransformer.cs
│ │ ├── Reporting.cs
│ │ ├── ResolutionContext.cs
│ │ ├── Resolver.cs
│ │ ├── Rewriter.cs
│ │ ├── SccGraph.cs
│ │ ├── StackVarHiding.cs
│ │ ├── StackVarIntro.cs
│ │ ├── StarWeakening.cs
│ │ ├── StateMachineTranslator.cs
│ │ ├── StepPrinter.cs
│ │ ├── StraightlineBehavior.cs
│ │ ├── SymbolTable.cs
│ │ ├── TSOElimination.cs
│ │ ├── Translator.cs
│ │ ├── Triggers/
│ │ │ ├── QuantifierSplitter.cs
│ │ │ ├── QuantifiersCollection.cs
│ │ │ ├── QuantifiersCollector.cs
│ │ │ ├── TriggerExtensions.cs
│ │ │ ├── TriggerUtils.cs
│ │ │ └── TriggersCollector.cs
│ │ ├── Util.cs
│ │ ├── VarHiding.cs
│ │ ├── VarIntro.cs
│ │ └── Weakening.cs
│ ├── Armada.sln
│ ├── ArmadaDriver/
│ │ ├── ArmadaDriver.cs
│ │ └── ArmadaDriver.csproj
│ ├── Directory.Build.props
│ └── dotnet-tools.json
├── Test/
│ ├── armada-parser/
│ │ ├── .gitignore
│ │ ├── OGcounter.arm
│ │ ├── scheduler_atomic.arm
│ │ ├── scheduler_impl.arm
│ │ ├── scheduler_simplify.arm
│ │ ├── scheduler_spec.arm
│ │ ├── test-var-hiding-fail.arm
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ ├── test4.arm
│ │ ├── test5.arm
│ │ ├── test6.arm
│ │ └── test7.arm
│ ├── assume-intro/
│ │ ├── .gitignore
│ │ ├── ABHelpers.dfy
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ └── test3.arm
│ ├── barrier/
│ │ ├── .gitignore
│ │ ├── barrier.arm
│ │ └── extra.dfy
│ ├── bitvector/
│ │ ├── .gitignore
│ │ ├── bv.dfy
│ │ └── test.arm
│ ├── clight/
│ │ ├── .gitignore
│ │ ├── Makefile
│ │ ├── barrier.arm
│ │ ├── bench/
│ │ │ ├── bench_armada.c
│ │ │ ├── bench_armada_gcc.c
│ │ │ ├── bench_lfds.c
│ │ │ └── bench_sound_queue.c
│ │ ├── extern.h
│ │ ├── failed/
│ │ │ ├── failed_0.c
│ │ │ └── failed_1.c
│ │ ├── lock.arm
│ │ ├── queue.arm
│ │ ├── sqrt.arm
│ │ └── upload.sh
│ ├── combining/
│ │ ├── .gitignore
│ │ └── test.arm
│ ├── counter/
│ │ ├── .gitignore
│ │ ├── A.arm
│ │ ├── AB.arm
│ │ ├── B.arm
│ │ ├── BC.arm
│ │ ├── C.arm
│ │ ├── CD.arm
│ │ ├── D.arm
│ │ ├── DE.arm
│ │ ├── E.arm
│ │ ├── EF.arm
│ │ ├── F.arm
│ │ ├── FG.arm
│ │ ├── G.arm
│ │ ├── GI.arm
│ │ ├── I.arm
│ │ ├── IJ.arm
│ │ ├── J.arm
│ │ ├── SharedStructs.arm
│ │ ├── Z.arm
│ │ └── extra.dfy
│ ├── estimate-sqrt/
│ │ ├── .gitignore
│ │ └── sqrt.arm
│ ├── mcslock/
│ │ ├── .gitignore
│ │ ├── lock-array.arm
│ │ └── lock.c
│ ├── qbss/
│ │ ├── .gitignore
│ │ ├── assumeintroproof_invariant.dfy
│ │ ├── auxiliary_helper.dfy
│ │ ├── bv.dfy
│ │ ├── queue.arm
│ │ ├── queue_abstractloginvariant.dfy
│ │ ├── queue_tsobypassing_abstractloginvariant.dfy
│ │ └── tau_invariant_helper.dfy
│ ├── qbss_benchmark/
│ │ ├── .gitignore
│ │ ├── Makefile
│ │ ├── benchmark.c
│ │ ├── benchmark_lfds.c
│ │ ├── liblfds711/
│ │ │ ├── build/
│ │ │ │ ├── gcc_gnumake/
│ │ │ │ │ └── Makefile
│ │ │ │ ├── gcc_gnumake_kbuild/
│ │ │ │ │ ├── Kbuild
│ │ │ │ │ └── Makefile
│ │ │ │ ├── msvc_gnumake/
│ │ │ │ │ ├── liblfds711.def
│ │ │ │ │ └── makefile
│ │ │ │ └── wdk_7.1/
│ │ │ │ ├── dirs
│ │ │ │ ├── driver_entry_renamed_to_avoid_compiler_warning.c
│ │ │ │ ├── liblfds711.def
│ │ │ │ ├── readme_before_win_kernel_build.txt
│ │ │ │ ├── runme_before_win_kernel_dynamic_lib_build.bat
│ │ │ │ ├── runme_before_win_kernel_static_lib_build.bat
│ │ │ │ ├── sources.dynamic
│ │ │ │ └── sources.static
│ │ │ ├── inc/
│ │ │ │ ├── liblfds711/
│ │ │ │ │ ├── lfds711_btree_addonly_unbalanced.h
│ │ │ │ │ ├── lfds711_freelist.h
│ │ │ │ │ ├── lfds711_hash_addonly.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered.h
│ │ │ │ │ ├── lfds711_misc.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_compiler.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_operating_system.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_processor.h
│ │ │ │ │ ├── lfds711_prng.h
│ │ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer.h
│ │ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_ringbuffer.h
│ │ │ │ │ └── lfds711_stack.h
│ │ │ │ └── liblfds711.h
│ │ │ ├── obj/
│ │ │ │ └── .gitkeep
│ │ │ └── src/
│ │ │ ├── lfds711_btree_addonly_unbalanced/
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_cleanup.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_get.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_init.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_insert.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_internal.h
│ │ │ │ └── lfds711_btree_addonly_unbalanced_query.c
│ │ │ ├── lfds711_freelist/
│ │ │ │ ├── lfds711_freelist_cleanup.c
│ │ │ │ ├── lfds711_freelist_init.c
│ │ │ │ ├── lfds711_freelist_internal.h
│ │ │ │ ├── lfds711_freelist_pop.c
│ │ │ │ ├── lfds711_freelist_push.c
│ │ │ │ └── lfds711_freelist_query.c
│ │ │ ├── lfds711_hash_addonly/
│ │ │ │ ├── lfds711_hash_addonly_cleanup.c
│ │ │ │ ├── lfds711_hash_addonly_get.c
│ │ │ │ ├── lfds711_hash_addonly_init.c
│ │ │ │ ├── lfds711_hash_addonly_insert.c
│ │ │ │ ├── lfds711_hash_addonly_internal.h
│ │ │ │ ├── lfds711_hash_addonly_iterate.c
│ │ │ │ └── lfds711_hash_addonly_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_ordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_ordered_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_unordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_unordered_query.c
│ │ │ ├── lfds711_misc/
│ │ │ │ ├── lfds711_misc_globals.c
│ │ │ │ ├── lfds711_misc_internal.h
│ │ │ │ ├── lfds711_misc_internal_backoff_init.c
│ │ │ │ └── lfds711_misc_query.c
│ │ │ ├── lfds711_prng/
│ │ │ │ ├── lfds711_prng_init.c
│ │ │ │ └── lfds711_prng_internal.h
│ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_bounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer/
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.ll
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_internal.h
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_query.c
│ │ │ │ └── test.ll
│ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_unbounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_ringbuffer/
│ │ │ │ ├── lfds711_ringbuffer_cleanup.c
│ │ │ │ ├── lfds711_ringbuffer_init.c
│ │ │ │ ├── lfds711_ringbuffer_internal.h
│ │ │ │ ├── lfds711_ringbuffer_query.c
│ │ │ │ ├── lfds711_ringbuffer_read.c
│ │ │ │ └── lfds711_ringbuffer_write.c
│ │ │ ├── lfds711_stack/
│ │ │ │ ├── lfds711_stack_cleanup.c
│ │ │ │ ├── lfds711_stack_init.c
│ │ │ │ ├── lfds711_stack_internal.h
│ │ │ │ ├── lfds711_stack_pop.c
│ │ │ │ ├── lfds711_stack_push.c
│ │ │ │ └── lfds711_stack_query.c
│ │ │ └── liblfds711_internal.h
│ │ ├── liblfds711_modulo/
│ │ │ ├── build/
│ │ │ │ ├── gcc_gnumake/
│ │ │ │ │ └── Makefile
│ │ │ │ ├── gcc_gnumake_kbuild/
│ │ │ │ │ ├── Kbuild
│ │ │ │ │ └── Makefile
│ │ │ │ ├── msvc_gnumake/
│ │ │ │ │ ├── liblfds711.def
│ │ │ │ │ └── makefile
│ │ │ │ └── wdk_7.1/
│ │ │ │ ├── dirs
│ │ │ │ ├── driver_entry_renamed_to_avoid_compiler_warning.c
│ │ │ │ ├── liblfds711.def
│ │ │ │ ├── readme_before_win_kernel_build.txt
│ │ │ │ ├── runme_before_win_kernel_dynamic_lib_build.bat
│ │ │ │ ├── runme_before_win_kernel_static_lib_build.bat
│ │ │ │ ├── sources.dynamic
│ │ │ │ └── sources.static
│ │ │ ├── inc/
│ │ │ │ ├── liblfds711/
│ │ │ │ │ ├── lfds711_btree_addonly_unbalanced.h
│ │ │ │ │ ├── lfds711_freelist.h
│ │ │ │ │ ├── lfds711_hash_addonly.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered.h
│ │ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered.h
│ │ │ │ │ ├── lfds711_misc.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_compiler.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_operating_system.h
│ │ │ │ │ ├── lfds711_porting_abstraction_layer_processor.h
│ │ │ │ │ ├── lfds711_prng.h
│ │ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer.h
│ │ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer.h
│ │ │ │ │ ├── lfds711_ringbuffer.h
│ │ │ │ │ └── lfds711_stack.h
│ │ │ │ └── liblfds711.h
│ │ │ ├── obj/
│ │ │ │ └── .gitkeep
│ │ │ └── src/
│ │ │ ├── lfds711_btree_addonly_unbalanced/
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_cleanup.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_get.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_init.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_insert.c
│ │ │ │ ├── lfds711_btree_addonly_unbalanced_internal.h
│ │ │ │ └── lfds711_btree_addonly_unbalanced_query.c
│ │ │ ├── lfds711_freelist/
│ │ │ │ ├── lfds711_freelist_cleanup.c
│ │ │ │ ├── lfds711_freelist_init.c
│ │ │ │ ├── lfds711_freelist_internal.h
│ │ │ │ ├── lfds711_freelist_pop.c
│ │ │ │ ├── lfds711_freelist_push.c
│ │ │ │ └── lfds711_freelist_query.c
│ │ │ ├── lfds711_hash_addonly/
│ │ │ │ ├── lfds711_hash_addonly_cleanup.c
│ │ │ │ ├── lfds711_hash_addonly_get.c
│ │ │ │ ├── lfds711_hash_addonly_init.c
│ │ │ │ ├── lfds711_hash_addonly_insert.c
│ │ │ │ ├── lfds711_hash_addonly_internal.h
│ │ │ │ ├── lfds711_hash_addonly_iterate.c
│ │ │ │ └── lfds711_hash_addonly_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_ordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_ordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_ordered_query.c
│ │ │ ├── lfds711_list_addonly_singlylinked_unordered/
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_cleanup.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_get.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_init.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_insert.c
│ │ │ │ ├── lfds711_list_addonly_singlylinked_unordered_internal.h
│ │ │ │ └── lfds711_list_addonly_singlylinked_unordered_query.c
│ │ │ ├── lfds711_misc/
│ │ │ │ ├── lfds711_misc_globals.c
│ │ │ │ ├── lfds711_misc_internal.h
│ │ │ │ ├── lfds711_misc_internal_backoff_init.c
│ │ │ │ └── lfds711_misc_query.c
│ │ │ ├── lfds711_prng/
│ │ │ │ ├── lfds711_prng_init.c
│ │ │ │ └── lfds711_prng_internal.h
│ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_bounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer/
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_enqueue.ll
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_init.c
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_internal.h
│ │ │ │ ├── lfds711_queue_bounded_singleproducer_singleconsumer_query.c
│ │ │ │ └── test.ll
│ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer/
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_cleanup.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_dequeue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_enqueue.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_init.c
│ │ │ │ ├── lfds711_queue_unbounded_manyproducer_manyconsumer_internal.h
│ │ │ │ └── lfds711_queue_unbounded_manyproducer_manyconsumer_query.c
│ │ │ ├── lfds711_ringbuffer/
│ │ │ │ ├── lfds711_ringbuffer_cleanup.c
│ │ │ │ ├── lfds711_ringbuffer_init.c
│ │ │ │ ├── lfds711_ringbuffer_internal.h
│ │ │ │ ├── lfds711_ringbuffer_query.c
│ │ │ │ ├── lfds711_ringbuffer_read.c
│ │ │ │ └── lfds711_ringbuffer_write.c
│ │ │ ├── lfds711_stack/
│ │ │ │ ├── lfds711_stack_cleanup.c
│ │ │ │ ├── lfds711_stack_init.c
│ │ │ │ ├── lfds711_stack_internal.h
│ │ │ │ ├── lfds711_stack_pop.c
│ │ │ │ ├── lfds711_stack_push.c
│ │ │ │ └── lfds711_stack_query.c
│ │ │ └── liblfds711_internal.h
│ │ ├── queue.arm
│ │ ├── queue.patch
│ │ └── run_benchmarks.py
│ ├── reduction/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ └── test2.arm
│ ├── regions/
│ │ ├── .gitignore
│ │ ├── pointers.arm
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── starweakening/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── tsoelim/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ ├── varhiding/
│ │ ├── .gitignore
│ │ ├── VarHidingManualProof.i.dfy
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ ├── test4.arm
│ │ └── test5.arm
│ ├── varintro/
│ │ ├── .gitignore
│ │ ├── test.arm
│ │ ├── test2.arm
│ │ ├── test3.arm
│ │ └── test4.arm
│ └── weakening/
│ ├── .gitignore
│ ├── ArithmeticFacts.dfy
│ ├── TestWeakeningProof.dfy
│ ├── test.arm
│ ├── test2.arm
│ └── test3.arm
├── experimental/
│ ├── .gitignore
│ ├── EditorPlugins/
│ │ └── mle-vscode/
│ │ ├── .eslintrc.json
│ │ ├── .gitignore
│ │ ├── .vscodeignore
│ │ ├── changelog.md
│ │ ├── notes.md
│ │ ├── package.json
│ │ ├── readme.md
│ │ ├── src/
│ │ │ ├── extension.ts
│ │ │ ├── refactor-view.ts
│ │ │ ├── test/
│ │ │ │ ├── runTest.ts
│ │ │ │ └── suite/
│ │ │ │ ├── extension.test.ts
│ │ │ │ └── index.ts
│ │ │ └── utils.ts
│ │ ├── tsconfig.json
│ │ ├── view/
│ │ │ ├── main.css
│ │ │ ├── main.js
│ │ │ ├── reset.css
│ │ │ └── vscode.css
│ │ └── vsc-extension-quickstart.md
│ ├── README.md
│ ├── SConstruct
│ ├── Source/
│ │ ├── .gitignore
│ │ ├── Armada/
│ │ │ ├── .gitignore
│ │ │ ├── AST/
│ │ │ │ ├── Base.cs
│ │ │ │ ├── Expr.cs
│ │ │ │ ├── Printer.cs
│ │ │ │ ├── ProofStrategy.cs
│ │ │ │ ├── Scope.cs
│ │ │ │ ├── Statement.cs
│ │ │ │ └── Type.cs
│ │ │ ├── Armada.csproj
│ │ │ ├── Atomic/
│ │ │ │ ├── AtomicPrinter.cs
│ │ │ │ └── AtomicSpec.cs
│ │ │ ├── IncludeProcessor.cs
│ │ │ ├── Program.cs
│ │ │ ├── Proof/
│ │ │ │ ├── InvariantPrinter.cs
│ │ │ │ ├── Myers.cs
│ │ │ │ ├── ProofPrinter.cs
│ │ │ │ ├── ProofSpec.cs
│ │ │ │ ├── VarHidingPrinter.cs
│ │ │ │ ├── VarIntroPrinter.cs
│ │ │ │ ├── WeakeningPrinter.cs
│ │ │ │ └── WeakeningSpec.cs
│ │ │ ├── Reporting.cs
│ │ │ ├── Resolver.cs
│ │ │ ├── Starmada.atg
│ │ │ ├── Util.cs
│ │ │ └── dotnet-tools.json
│ │ ├── Armada.sln
│ │ └── Editor/
│ │ ├── BasicEquality.cs
│ │ ├── Driver.cs
│ │ ├── Editor.cs
│ │ ├── Editor.csproj
│ │ ├── IO.cs
│ │ ├── Mapper.cs
│ │ ├── Paper.md
│ │ ├── Position.cs
│ │ ├── Readme.md
│ │ ├── RefactorBuffer.cs
│ │ ├── StatementEquality.cs
│ │ ├── StatementSeq.cs
│ │ ├── Summary.cs
│ │ └── Utils.cs
│ ├── Tests/
│ │ ├── .gitignore
│ │ ├── editor/
│ │ │ ├── .gitignore
│ │ │ ├── basic/
│ │ │ │ ├── ab/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── AB.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── AB.arm
│ │ │ │ ├── atomic/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── if/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── ifcond/
│ │ │ │ │ ├── arg
│ │ │ │ │ ├── expect/
│ │ │ │ │ │ └── t.arm
│ │ │ │ │ ├── in
│ │ │ │ │ └── proj/
│ │ │ │ │ └── t.arm
│ │ │ │ └── while/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ └── t.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ └── t.arm
│ │ │ └── range/
│ │ │ ├── AST/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ ├── ASTC/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ ├── ASTS/
│ │ │ │ ├── arg
│ │ │ │ ├── expect/
│ │ │ │ │ ├── A.arm
│ │ │ │ │ ├── AB.arm
│ │ │ │ │ ├── B.arm
│ │ │ │ │ ├── BC.arm
│ │ │ │ │ ├── C.arm
│ │ │ │ │ ├── CD.arm
│ │ │ │ │ └── D.arm
│ │ │ │ ├── in
│ │ │ │ └── proj/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ └── D.arm
│ │ │ └── counter/
│ │ │ ├── arg
│ │ │ ├── in
│ │ │ └── proj/
│ │ │ ├── A.arm
│ │ │ ├── AB.arm
│ │ │ ├── B.arm
│ │ │ ├── BC.arm
│ │ │ ├── C.arm
│ │ │ ├── CD.arm
│ │ │ ├── D.arm
│ │ │ ├── DE.arm
│ │ │ ├── E.arm
│ │ │ ├── EF.arm
│ │ │ ├── F.arm
│ │ │ ├── FG.arm
│ │ │ ├── G.arm
│ │ │ ├── GI.arm
│ │ │ ├── I.arm
│ │ │ ├── IJ.arm
│ │ │ ├── J.arm
│ │ │ ├── SharedStructs.arm
│ │ │ ├── Z.arm
│ │ │ └── extra.dfy
│ │ ├── fail/
│ │ │ ├── arr.arm
│ │ │ └── fail.arm
│ │ ├── legacy-armada/
│ │ │ ├── .gitignore
│ │ │ └── MyConcreteAProg.arm
│ │ ├── libcuckoo/
│ │ │ ├── Makefile
│ │ │ ├── armada.sh
│ │ │ ├── carmada.cpp
│ │ │ ├── cpp/
│ │ │ │ ├── cuckoohash_config.hh
│ │ │ │ ├── cuckoohash_map.hh
│ │ │ │ ├── cuckoohash_util.hh
│ │ │ │ └── libcuckoo_bucket_container.hh
│ │ │ ├── cuckoo.arm
│ │ │ └── cuckoo2.arm
│ │ ├── parser/
│ │ │ ├── AST/
│ │ │ │ ├── A.arm
│ │ │ │ ├── A.arm.expect
│ │ │ │ ├── AB.arm
│ │ │ │ ├── AB.arm.expect
│ │ │ │ ├── B.arm
│ │ │ │ ├── B.arm.expect
│ │ │ │ ├── BC.arm
│ │ │ │ ├── BC.arm.expect
│ │ │ │ ├── C.arm
│ │ │ │ ├── C.arm.expect
│ │ │ │ ├── CD.arm
│ │ │ │ ├── CD.arm.expect
│ │ │ │ ├── D.arm
│ │ │ │ ├── D.arm.expect
│ │ │ │ ├── DE.arm
│ │ │ │ ├── E.arm
│ │ │ │ ├── EndlessExpression.arm
│ │ │ │ ├── EndlessExpression.arm.expect
│ │ │ │ ├── Statement.arm
│ │ │ │ ├── Statement.arm.expect
│ │ │ │ ├── array.arm
│ │ │ │ ├── array.c
│ │ │ │ ├── state.arm
│ │ │ │ ├── state.arm.expect
│ │ │ │ ├── struct.arm
│ │ │ │ ├── struct.arm.expect
│ │ │ │ ├── suffix.arm
│ │ │ │ └── suffix.arm.expect
│ │ │ ├── TypeResolver/
│ │ │ │ ├── boundedInt.arm
│ │ │ │ ├── boundedInt.arm.expect
│ │ │ │ ├── collectionType.arm
│ │ │ │ ├── collectionType.arm.expect
│ │ │ │ ├── ifExpr.arm
│ │ │ │ ├── literalExpr.arm
│ │ │ │ ├── malloc.arm
│ │ │ │ ├── method.arm
│ │ │ │ ├── pointer.arm
│ │ │ │ └── struct.arm
│ │ │ ├── compilerTest/
│ │ │ │ ├── arrayDecl.arm
│ │ │ │ ├── createThread.arm
│ │ │ │ ├── joinThread.arm
│ │ │ │ ├── memoryAlloc.arm
│ │ │ │ ├── methodDecl.arm
│ │ │ │ ├── pointerUsage.arm
│ │ │ │ ├── primitiveTypes.arm
│ │ │ │ └── structDecl.arm
│ │ │ ├── counter/
│ │ │ │ ├── A.arm
│ │ │ │ ├── AB.arm
│ │ │ │ ├── B.arm
│ │ │ │ ├── BC.arm
│ │ │ │ ├── C.arm
│ │ │ │ ├── CD.arm
│ │ │ │ ├── D.arm
│ │ │ │ ├── DE.arm
│ │ │ │ ├── E.arm
│ │ │ │ ├── EF.arm
│ │ │ │ ├── F.arm
│ │ │ │ ├── FG.arm
│ │ │ │ ├── G.arm
│ │ │ │ ├── GI.arm
│ │ │ │ ├── I.arm
│ │ │ │ ├── IJ.arm
│ │ │ │ ├── J.arm
│ │ │ │ ├── SharedStructs.arm
│ │ │ │ ├── Z.arm
│ │ │ │ └── extra.dfy
│ │ │ ├── fstar/
│ │ │ │ ├── alloc/
│ │ │ │ │ └── alloc.arm
│ │ │ │ ├── arraytest/
│ │ │ │ │ └── arraytest.arm
│ │ │ │ ├── assert/
│ │ │ │ │ └── assert.arm
│ │ │ │ ├── assume/
│ │ │ │ │ └── assume.arm
│ │ │ │ ├── atomic/
│ │ │ │ │ └── atomic.arm
│ │ │ │ ├── atomicExchange/
│ │ │ │ │ └── atomicExchange.arm
│ │ │ │ ├── atomicMethodCall/
│ │ │ │ │ └── atomicMethodCall.arm
│ │ │ │ ├── atomicRecursive/
│ │ │ │ │ └── atomicRecursive.arm
│ │ │ │ ├── atomicWhile/
│ │ │ │ │ └── atomicWhile.arm
│ │ │ │ ├── binaryOperator/
│ │ │ │ │ └── binaryOperator.arm
│ │ │ │ ├── boundedInt/
│ │ │ │ │ └── boundedInt.arm
│ │ │ │ ├── break/
│ │ │ │ │ └── break.arm
│ │ │ │ ├── code/
│ │ │ │ │ └── code.arm
│ │ │ │ ├── compareAndSwap/
│ │ │ │ │ └── compareAndSwap.arm
│ │ │ │ ├── conversionExpr/
│ │ │ │ │ └── conversionExpr.arm
│ │ │ │ ├── createThread/
│ │ │ │ │ └── createThread.arm
│ │ │ │ ├── datatype/
│ │ │ │ │ └── datatype.arm
│ │ │ │ ├── fence/
│ │ │ │ │ └── fence.arm
│ │ │ │ ├── generatedAssign/
│ │ │ │ │ └── generatedAssign.arm
│ │ │ │ ├── goto/
│ │ │ │ │ └── goto.arm
│ │ │ │ ├── ifExpr/
│ │ │ │ │ └── ifExpr.arm
│ │ │ │ ├── ifStmt/
│ │ │ │ │ └── ifStmt.arm
│ │ │ │ ├── ifundefined/
│ │ │ │ │ └── ifundefined.arm
│ │ │ │ ├── invariantDecl_MaintainedIfStmtSatisfies/
│ │ │ │ │ └── invariantDecl.arm
│ │ │ │ ├── invariantDecl_MaintainedIfVarsUnchanged/
│ │ │ │ │ └── invariantDecl.arm
│ │ │ │ ├── literalExpr/
│ │ │ │ │ └── literalExpr.arm
│ │ │ │ ├── mapComprehension/
│ │ │ │ │ └── mapComprehension.arm
│ │ │ │ ├── maptest/
│ │ │ │ │ └── maptest.arm
│ │ │ │ ├── matchCase/
│ │ │ │ │ └── matchCase.arm
│ │ │ │ ├── methodCall/
│ │ │ │ │ └── methodCall.arm
│ │ │ │ ├── quantifierexpr/
│ │ │ │ │ └── quantifierexpr.arm
│ │ │ │ ├── recursiveMatch/
│ │ │ │ │ └── recursiveMatch.arm
│ │ │ │ ├── relation/
│ │ │ │ │ └── relation.arm
│ │ │ │ ├── seqtest/
│ │ │ │ │ └── seqtest.arm
│ │ │ │ ├── setComprehension/
│ │ │ │ │ └── setComprehension.arm
│ │ │ │ ├── settest/
│ │ │ │ │ └── settest.arm
│ │ │ │ ├── somehow/
│ │ │ │ │ └── somehow.arm
│ │ │ │ ├── somehowLock/
│ │ │ │ │ └── somehow.arm
│ │ │ │ ├── struct/
│ │ │ │ │ └── struct.arm
│ │ │ │ ├── subroutine/
│ │ │ │ │ └── subroutine.arm
│ │ │ │ ├── unaryOperator/
│ │ │ │ │ └── unaryOperator.arm
│ │ │ │ ├── while/
│ │ │ │ │ └── while.arm
│ │ │ │ └── wildcard/
│ │ │ │ └── wildcard.arm
│ │ │ ├── includeTest/
│ │ │ │ ├── A.arm
│ │ │ │ ├── A.arm.expect
│ │ │ │ ├── B.arm
│ │ │ │ ├── B.arm.expect
│ │ │ │ ├── C.arm
│ │ │ │ └── C.arm.expect
│ │ │ ├── ogCounterExample.arm
│ │ │ └── test.arm
│ │ └── proof/
│ │ ├── globalVarsUnmodifiable/
│ │ │ └── globalVarsUnmodifiable.arm
│ │ ├── varHiding/
│ │ │ └── varHiding.arm
│ │ ├── varIntro/
│ │ │ └── varIntro.arm
│ │ └── varIntroWithAtomic/
│ │ └── varIntro.arm
│ ├── docker/
│ │ └── Dockerfile
│ ├── fstar.opam
│ ├── grammar.txt
│ ├── lib/
│ │ ├── .gitignore
│ │ ├── Armada.Action.fst
│ │ ├── Armada.Base.fst
│ │ ├── Armada.BinaryOp.fst
│ │ ├── Armada.BoundedInt.fst
│ │ ├── Armada.Computation.fst
│ │ ├── Armada.Expression.fst
│ │ ├── Armada.Globals.fst
│ │ ├── Armada.Init.fst
│ │ ├── Armada.Memory.fst
│ │ ├── Armada.Pointer.fst
│ │ ├── Armada.Program.fst
│ │ ├── Armada.State.fst
│ │ ├── Armada.Statement.fst
│ │ ├── Armada.Step.fst
│ │ ├── Armada.Thread.fst
│ │ ├── Armada.Threads.fst
│ │ ├── Armada.Transition.fst
│ │ ├── Armada.Type.fst
│ │ ├── Armada.UnaryOp.fst
│ │ ├── GlobalVarExampleInvariant.fst
│ │ ├── Makefile
│ │ ├── MyAProg.fst
│ │ ├── MyAtomicAProg.fst
│ │ ├── MyAtomicBInvariant.fst
│ │ ├── MyAtomicBProg.fst
│ │ ├── MyAtomicHProg.fst
│ │ ├── MyAtomicLProg.fst
│ │ ├── MyAtomicToRegularRefinement.fst
│ │ ├── MyBProg.fst
│ │ ├── MyHProg.arm
│ │ ├── MyHProg.fst
│ │ ├── MyLProg.arm
│ │ ├── MyLProg.fst
│ │ ├── MyList.fst
│ │ ├── MyProgramInvariant.fst
│ │ ├── MyProgramProof.fst
│ │ ├── MyRegularToAtomicRefinement.fst
│ │ ├── MyVarHidingProof.fst
│ │ ├── MyVarIntroProof.fst
│ │ ├── Spec.Behavior.fst
│ │ ├── Spec.List.fst
│ │ ├── Spec.Logic.fst
│ │ ├── Spec.Map.fst
│ │ ├── Spec.Ubool.fst
│ │ ├── Strategies.ArmadaInvariant.PositionsValid.fst
│ │ ├── Strategies.ArmadaInvariant.PositionsValid.fsti
│ │ ├── Strategies.ArmadaInvariant.RootsMatch.fst
│ │ ├── Strategies.ArmadaInvariant.UnstartedThreads.fst
│ │ ├── Strategies.ArmadaInvariant.UnstartedThreads.fsti
│ │ ├── Strategies.ArmadaStatement.Breaking.fst
│ │ ├── Strategies.ArmadaStatement.Nonyielding.fst
│ │ ├── Strategies.ArmadaStatement.Opaque.fst
│ │ ├── Strategies.ArmadaStatement.Propagate.fst
│ │ ├── Strategies.ArmadaStatement.Status.fst
│ │ ├── Strategies.ArmadaStatement.Status.fsti
│ │ ├── Strategies.ArmadaStatement.ThreadState.fst
│ │ ├── Strategies.ArmadaStatement.fst
│ │ ├── Strategies.Atomic.fst
│ │ ├── Strategies.AtomicToRegular.Armada.fst
│ │ ├── Strategies.AtomicToRegular.Armada.fsti
│ │ ├── Strategies.AtomicToRegular.fst
│ │ ├── Strategies.AtomicToRegular.fsti
│ │ ├── Strategies.Breaking.fst
│ │ ├── Strategies.Common.fst
│ │ ├── Strategies.GlobalVars.Init.fst
│ │ ├── Strategies.GlobalVars.Permanent.fst
│ │ ├── Strategies.GlobalVars.Pointer.fst
│ │ ├── Strategies.GlobalVars.Statement.fst
│ │ ├── Strategies.GlobalVars.Statement.fsti
│ │ ├── Strategies.GlobalVars.Types.fst
│ │ ├── Strategies.GlobalVars.Unaddressed.fst
│ │ ├── Strategies.GlobalVars.UnaddressedStatement.fst
│ │ ├── Strategies.GlobalVars.Util.fst
│ │ ├── Strategies.GlobalVars.Value.fst
│ │ ├── Strategies.GlobalVars.VarHiding.fst
│ │ ├── Strategies.GlobalVars.VarHiding.fsti
│ │ ├── Strategies.GlobalVars.VarIntro.fst
│ │ ├── Strategies.GlobalVars.VarIntro.fsti
│ │ ├── Strategies.GlobalVars.fst
│ │ ├── Strategies.GlobalVarsProof.fst
│ │ ├── Strategies.Invariant.Armada.Atomic.fst
│ │ ├── Strategies.Invariant.Armada.Atomic.fsti
│ │ ├── Strategies.Invariant.Armada.AtomicSubstep.fst
│ │ ├── Strategies.Invariant.Armada.AtomicSubstep.fsti
│ │ ├── Strategies.Invariant.Armada.fst
│ │ ├── Strategies.Invariant.Armada.fsti
│ │ ├── Strategies.Invariant.Atomic.fst
│ │ ├── Strategies.Invariant.Atomic.fsti
│ │ ├── Strategies.Invariant.fst
│ │ ├── Strategies.Invariant.fsti
│ │ ├── Strategies.Lift.Generic.fst
│ │ ├── Strategies.Lift.Generic.fsti
│ │ ├── Strategies.Nonyielding.fst
│ │ ├── Strategies.PCIndices.fst
│ │ ├── Strategies.PCRelation.fst
│ │ ├── Strategies.RegularToAtomic.Armada.Helper.fst
│ │ ├── Strategies.RegularToAtomic.Armada.fst
│ │ ├── Strategies.RegularToAtomic.Armada.fsti
│ │ ├── Strategies.RegularToAtomic.fst
│ │ ├── Strategies.RegularToAtomic.fsti
│ │ ├── Strategies.Semantics.Armada.fst
│ │ ├── Strategies.Semantics.Armada.fsti
│ │ ├── Strategies.Semantics.fst
│ │ ├── Strategies.VarHiding.Defs.fst
│ │ ├── Strategies.VarHiding.Efficient.fst
│ │ ├── Strategies.VarHiding.Efficient.fsti
│ │ ├── Strategies.VarHiding.Helpers.fst
│ │ ├── Strategies.VarHiding.Inefficient.fst
│ │ ├── Strategies.VarHiding.Inefficient.fsti
│ │ ├── Strategies.VarHiding.Initialization.fst
│ │ ├── Strategies.VarHiding.Initialization.fsti
│ │ ├── Strategies.VarHiding.Invariant.fst
│ │ ├── Strategies.VarHiding.Propagate.fst
│ │ ├── Strategies.VarHiding.Relation.fst
│ │ ├── Strategies.VarHiding.Relation.fsti
│ │ ├── Strategies.VarIntro.Defs.fst
│ │ ├── Strategies.VarIntro.Efficient.fst
│ │ ├── Strategies.VarIntro.Efficient.fsti
│ │ ├── Strategies.VarIntro.Helpers.fst
│ │ ├── Strategies.VarIntro.Inefficient.fst
│ │ ├── Strategies.VarIntro.Inefficient.fsti
│ │ ├── Strategies.VarIntro.Initialization.fst
│ │ ├── Strategies.VarIntro.Initialization.fsti
│ │ ├── Strategies.VarIntro.Invariant.fst
│ │ ├── Strategies.VarIntro.Propagate.fst
│ │ ├── Strategies.VarIntro.Relation.fst
│ │ ├── Strategies.VarIntro.Relation.fsti
│ │ ├── Strategies.Weakening.Armada.fst
│ │ ├── Strategies.Weakening.Armada.fsti
│ │ ├── Strategies.Weakening.fst
│ │ ├── Strategies.Weakening.fsti
│ │ ├── Util.Behavior.fst
│ │ ├── Util.ImmutableArray.fst
│ │ ├── Util.ImmutableArray.fsti
│ │ ├── Util.List.fst
│ │ ├── Util.Logic.fst
│ │ ├── Util.Nth.fst
│ │ ├── Util.Range.fst
│ │ ├── Util.Range.fsti
│ │ ├── Util.Relation.fst
│ │ ├── Util.Seq.fst
│ │ ├── Util.Seq.fsti
│ │ ├── Util.Tactics.fst
│ │ └── Util.Trigger.fst
│ ├── output.c
│ └── third_party/
│ └── Coco/
│ ├── LICENSE.txt
│ ├── README.txt
│ └── src/
│ ├── Parser.frame
│ └── Scanner.frame
├── third_party/
│ └── Coco/
│ ├── LICENSE.txt
│ ├── README.txt
│ └── src/
│ ├── Coco.atg
│ ├── Coco.build
│ ├── Coco.cs
│ ├── Coco.csproj
│ ├── DFA.cs
│ ├── Parser.cs
│ ├── Parser.frame
│ ├── ParserGen.cs
│ ├── Scanner.cs
│ ├── Scanner.frame
│ ├── Tab.cs
│ ├── build.bat
│ └── coc.bat
└── tools/
└── scripts/
├── .gitignore
├── __init__.py
├── dafny-oneproc.py
└── dafny_profiler.py
Showing preview only (662K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (6754 symbols across 265 files)
FILE: Source/Armada/AbstractProofGenerator.cs
class AuxiliaryInfo (line 13) | public class AuxiliaryInfo
method AuxiliaryInfo (line 20) | public AuxiliaryInfo(string i_FieldName, string i_TypeName, string i_I...
class InvariantInfo (line 29) | public abstract class InvariantInfo
method InvariantInfo (line 39) | public InvariantInfo(string i_key, string i_name, List<string> i_depen...
method FindMatchingDependency (line 56) | private string FindMatchingDependency(string dependency, IEnumerable<I...
method GetRevelations (line 66) | private string GetRevelations(IEnumerable<InvariantInfo> allInvariants)
method GenerateInitLemma (line 82) | public virtual void GenerateInitLemma(ProofGenerationParams pgp)
method GenerateSpecificNextLemma (line 97) | public virtual string GenerateSpecificNextLemma(ProofGenerationParams ...
method GenerateAtomicNextLemma (line 132) | public virtual void GenerateAtomicNextLemma(ProofGenerationParams pgp,...
method GenerateProofs (line 169) | public virtual void GenerateProofs(ProofGenerationParams pgp, IEnumera...
class UserInvariantInfo (line 177) | public class UserInvariantInfo : InvariantInfo
method UserInvariantInfo (line 179) | public UserInvariantInfo(string i_key, string i_name, List<string> i_d...
class InternalInvariantInfo (line 185) | public class InternalInvariantInfo : InvariantInfo
method InternalInvariantInfo (line 187) | public InternalInvariantInfo(string i_key, string i_name, List<string>...
class AbstractProofGenerator (line 193) | public abstract class AbstractProofGenerator
method AbstractProofGenerator (line 209) | public AbstractProofGenerator(ProofGenerationParams i_pgp, bool i_stat...
method GenerateProof (line 331) | public abstract void GenerateProof();
method CheckEquivalence (line 337) | protected virtual bool CheckEquivalence()
method CheckStructsEquivalence (line 342) | protected virtual bool CheckStructsEquivalence()
method CheckGlobalVariableEquivalence (line 352) | protected bool CheckGlobalVariableEquivalence(string name, ArmadaVaria...
method CheckGlobalsEquivalence (line 385) | protected virtual bool CheckGlobalsEquivalence()
method CheckGlobalsEquivalenceAbstract (line 390) | protected bool CheckGlobalsEquivalenceAbstract()
method CheckVariableNameListEquivalence (line 414) | protected virtual bool CheckVariableNameListEquivalence(IEnumerable<st...
method CheckMethodsEquivalence (line 443) | protected virtual bool CheckMethodsEquivalence()
method GeneratePCEffectLemmas (line 490) | protected void GeneratePCEffectLemmas()
method GeneratePCEffectLemmas (line 496) | protected void GeneratePCEffectLemmas(string m, ArmadaSymbolTable symb...
method MakeTrivialPCMap (line 586) | protected void MakeTrivialPCMap()
method ExtendPCMapWithExternalAndStructsMethods (line 597) | protected virtual void ExtendPCMapWithExternalAndStructsMethods()
method LiftPC (line 611) | protected ArmadaPC LiftPC(ArmadaPC pc)
method TranslateFormalNameUsingPcMap (line 619) | protected virtual String TranslateFormalNameUsingPcMap(NextFormal form...
method GenerateNextRoutineMap (line 630) | protected virtual void GenerateNextRoutineMap(bool warnOnMissingRoutin...
method LiftNextRoutine (line 660) | protected virtual NextRoutine LiftNextRoutine(NextRoutine lNextRoutine)
method LiftAtomicPath (line 667) | protected virtual AtomicPath LiftAtomicPath(AtomicPath lPath)
method AddInductiveInvariant (line 678) | private void AddInductiveInvariant(InductiveInvariantArmadaProofDecl d)
method ParseImports (line 723) | private void ParseImports()
method AddIncludesAndImports (line 788) | protected virtual void AddIncludesAndImports()
method GenerateRevelationLemmas (line 797) | protected void GenerateRevelationLemmas()
method GenerateRevelationLemmas (line 803) | protected void GenerateRevelationLemmas(string moduleName, ArmadaSymbo...
method GenerateAtomicSpecs (line 835) | protected void GenerateAtomicSpecs(bool avoidFinalUnmappedStoppingStep...
method GenerateLiftToAtomicSimpleRequirementsLemma (line 867) | public void GenerateLiftToAtomicSimpleRequirementsLemma()
method GenerateTausLiftableLemma (line 883) | public void GenerateTausLiftableLemma()
method GenerateCompressStepSequenceBodyForPathPrefix (line 923) | public string GenerateCompressStepSequenceBodyForPathPrefix(AtomicPath...
method GenerateCompressStepSequenceIntoPathStartingAt (line 970) | public void GenerateCompressStepSequenceIntoPathStartingAt(ArmadaPC st...
method GenerateCompressStepSequenceLemmas (line 1011) | public void GenerateCompressStepSequenceLemmas()
method GenerateSequencesCompressibleLemma (line 1056) | public void GenerateSequencesCompressibleLemma()
method GenerateLiftToAtomicLemma (line 1076) | public void GenerateLiftToAtomicLemma()
method GenerateLiftTauPathFromAtomicLemma (line 1114) | private void GenerateLiftTauPathFromAtomicLemma(AtomicPath atomicPath)
method GenerateSpecificLiftPathFromAtomicLemma (line 1143) | private void GenerateSpecificLiftPathFromAtomicLemma(AtomicPath atomic...
method GenerateLiftPathFromAtomicLemma (line 1205) | private void GenerateLiftPathFromAtomicLemma()
method GenerateLiftFromAtomicLemma (line 1239) | public void GenerateLiftFromAtomicLemma()
method GetConversionFunctionForTypeName_LH (line 1278) | protected string GetConversionFunctionForTypeName_LH(string s)
method GetConversionFunctionForTypeName_HL (line 1288) | protected string GetConversionFunctionForTypeName_HL(string s)
method AddModuleNameToArmadaType (line 1298) | protected Type AddModuleNameToArmadaType(Type ty, string moduleName)
method GetCalleeNameForCallStmt (line 1319) | protected string GetCalleeNameForCallStmt(Statement stmt)
method GenerateConvertPC_LH (line 1333) | protected virtual void GenerateConvertPC_LH()
method GenerateConvertStackVars_LH (line 1346) | protected virtual void GenerateConvertStackVars_LH(string methodName)
method GenerateConvertStackFrame_LH (line 1359) | protected virtual void GenerateConvertStackFrame_LH()
method GenerateConvertGlobals_LH (line 1378) | protected virtual void GenerateConvertGlobals_LH()
method GenerateConvertGhosts_LH (line 1396) | protected virtual void GenerateConvertGhosts_LH()
method GenerateConvertAddrs_LH (line 1414) | protected virtual void GenerateConvertAddrs_LH()
method GenerateConvertGlobalStaticVar_LH (line 1432) | protected virtual void GenerateConvertGlobalStaticVar_LH()
method GenerateConvertSharedMemory_LH (line 1451) | protected virtual void GenerateConvertSharedMemory_LH()
method GenerateConvertStoreBufferLocation_LH (line 1462) | protected virtual void GenerateConvertStoreBufferLocation_LH()
method GenerateConvertStoreBufferEntry_LH (line 1477) | protected virtual void GenerateConvertStoreBufferEntry_LH()
method GenerateConvertStoreBuffer_LH (line 1488) | protected virtual void GenerateConvertStoreBuffer_LH()
method GenerateConvertExtendedFrame_LH (line 1499) | protected virtual void GenerateConvertExtendedFrame_LH()
method GenerateConvertStack_LH (line 1510) | protected virtual void GenerateConvertStack_LH()
method GenerateConvertThread_LH (line 1521) | protected virtual void GenerateConvertThread_LH()
method GenerateConvertThreads_LH (line 1533) | protected virtual void GenerateConvertThreads_LH()
method GenerateConvertTotalState_LH (line 1544) | protected virtual void GenerateConvertTotalState_LH()
method GenerateConvertConfig_LH (line 1564) | protected virtual void GenerateConvertConfig_LH()
method GenerateStateAbstractionFunctions_LH (line 1575) | protected virtual void GenerateStateAbstractionFunctions_LH()
method GetStepCaseForSuppressedNextRoutine_LH (line 1599) | protected virtual string GetStepCaseForSuppressedNextRoutine_LH(NextRo...
method GetStepCaseForNormalNextRoutine_LH (line 1611) | protected virtual string GetStepCaseForNormalNextRoutine_LH(NextRoutin...
method GetStepCaseForNextRoutine_LH (line 1634) | protected virtual string GetStepCaseForNextRoutine_LH(NextRoutine next...
method GenerateConvertStep_LH (line 1639) | protected virtual void GenerateConvertStep_LH()
method GenerateConvertAtomicPathStateDependent_LH (line 1652) | protected virtual void GenerateConvertAtomicPathStateDependent_LH()
method GenerateConvertAtomicPath_LH (line 1687) | protected virtual void GenerateConvertAtomicPath_LH()
method GenerateConvertAtomicTraceEntry_LH (line 1717) | protected virtual void GenerateConvertAtomicTraceEntry_LH()
method GenerateConvertPC_HL (line 1745) | protected virtual void GenerateConvertPC_HL(Dictionary<ArmadaPC, Armad...
method GenerateConvertStackVars_HL (line 1758) | protected virtual void GenerateConvertStackVars_HL(string methodName)
method GenerateConvertStackFrame_HL (line 1771) | protected virtual void GenerateConvertStackFrame_HL()
method GenerateConvertGlobals_HL (line 1789) | protected virtual void GenerateConvertGlobals_HL()
method GenerateConvertGhosts_HL (line 1802) | protected virtual void GenerateConvertGhosts_HL()
method GenerateConvertAddrs_HL (line 1820) | protected virtual void GenerateConvertAddrs_HL()
method GenerateConvertGlobalStaticVar_HL (line 1838) | protected virtual void GenerateConvertGlobalStaticVar_HL()
method GenerateConvertSharedMemory_HL (line 1857) | protected virtual void GenerateConvertSharedMemory_HL()
method GenerateConvertStoreBufferLocation_HL (line 1868) | protected virtual void GenerateConvertStoreBufferLocation_HL()
method GenerateConvertStoreBufferEntry_HL (line 1883) | protected virtual void GenerateConvertStoreBufferEntry_HL()
method GenerateConvertStoreBuffer_HL (line 1894) | protected virtual void GenerateConvertStoreBuffer_HL()
method GenerateConvertExtendedFrame_HL (line 1905) | protected virtual void GenerateConvertExtendedFrame_HL()
method GenerateConvertStack_HL (line 1916) | protected virtual void GenerateConvertStack_HL()
method GenerateConvertThread_HL (line 1927) | protected virtual void GenerateConvertThread_HL()
method GenerateConvertThreads_HL (line 1939) | protected virtual void GenerateConvertThreads_HL()
method GenerateConvertTotalState_HL (line 1950) | protected virtual void GenerateConvertTotalState_HL()
method GenerateConvertConfig_HL (line 1962) | protected virtual void GenerateConvertConfig_HL()
method GenerateStateAbstractionFunctions_HL (line 1973) | protected virtual void GenerateStateAbstractionFunctions_HL(Dictionary...
method AddCommonHeaderElements (line 1997) | public void AddCommonHeaderElements(ProofFile proof)
method GenerateProofHeader (line 2026) | protected void GenerateProofHeader()
method GenerateSpecsFile (line 2033) | protected void GenerateSpecsFile()
method GenerateAddressableInvariant_Global (line 2215) | protected virtual List<string> GenerateAddressableInvariant_Global()
method GenerateAddressableInvariant_StackFrame (line 2246) | protected virtual List<string> GenerateAddressableInvariant_StackFrame...
method GenerateAddressableMapInit (line 2276) | protected virtual void GenerateAddressableMapInit()
method GenerateAddressableMapNextCase_Call (line 2306) | protected virtual string GenerateAddressableMapNextCase_Call(NextRouti...
method GenerateAddressableMapNextCase_CreateThread (line 2330) | protected virtual string GenerateAddressableMapNextCase_CreateThread(N...
method GenerateAddressableMapNextCase (line 2357) | protected virtual string GenerateAddressableMapNextCase(NextRoutine ne...
method GenerateAddressableMapNext (line 2377) | protected virtual void GenerateAddressableMapNext()
method GenerateAddressableMapAux (line 2402) | protected virtual void GenerateAddressableMapAux(List<string> abstract...
method GenerateAddressableInvariant (line 2417) | protected virtual void GenerateAddressableInvariant()
method GenerateValidStackMethod (line 2456) | protected virtual void GenerateValidStackMethod(string methodName) {
method GenerateValidStackFramePredicate (line 2490) | protected virtual void GenerateValidStackFramePredicate()
class RegionInfo (line 2519) | public class RegionInfo
method RegionInfo (line 2527) | public RegionInfo()
method GetGlobalRegionId (line 2536) | public string GetGlobalRegionId(string varName)
method GetLocalRegionId (line 2548) | public string GetLocalRegionId(string methodName, string varName)
method GetRegionId (line 2563) | public string GetRegionId(string methodName, string varName)
method GenerateInitialRegionInfo (line 2579) | private RegionInfo GenerateInitialRegionInfo()
method GetPossibleResultantVariables (line 2618) | protected virtual List<string> GetPossibleResultantVariables(Expressio...
method GenerateVariableRegionMap (line 2637) | protected virtual RegionInfo GenerateVariableRegionMap()
method GenerateRegionMapNextCase_CreateThread (line 2782) | protected virtual string GenerateRegionMapNextCase_CreateThread(NextRo...
method GenerateRegionMapNextCase_Call (line 2803) | protected virtual string GenerateRegionMapNextCase_Call(NextRoutine ne...
method GenerateRegionMapNextCase (line 2822) | protected virtual string GenerateRegionMapNextCase(NextRoutine nextRou...
method GenerateRegionMapNext (line 2854) | protected virtual void GenerateRegionMapNext(RegionInfo regionInfo)
method GenerateRegionMap (line 2869) | protected virtual void GenerateRegionMap(IEnumerable<string> regionIds)
method GenerateRegionInvariant (line 2875) | protected virtual void GenerateRegionInvariant()
method GenerateRegionInvariantHoldsOnLocalViewLemmas (line 3054) | protected virtual void GenerateRegionInvariantHoldsOnLocalViewLemmas()
method GenerateHeapInvariant (line 3100) | protected virtual void GenerateHeapInvariant() {
method GenerateLemmasHelpfulForProvingInitPreservation_LH (line 3111) | protected virtual void GenerateLemmasHelpfulForProvingInitPreservation...
method GenerateLocalViewCommutativityLemmas (line 3155) | protected virtual void GenerateLocalViewCommutativityLemmas()
method GenerateAppendStoreBufferOtherWay (line 3334) | protected virtual void GenerateAppendStoreBufferOtherWay()
method GenerateGenericStoreBufferLemmas_L (line 3454) | protected void GenerateGenericStoreBufferLemmas_L()
method AddInvariant (line 3535) | protected void AddInvariant(InvariantInfo inv)
method GenerateInductiveInv (line 3540) | private void GenerateInductiveInv(ProofGenerationParams pgp, bool only...
method GenerateInitImpliesInductiveInvLemma (line 3559) | private void GenerateInitImpliesInductiveInvLemma(ProofGenerationParam...
method GenerateAtomicPathMaintainsInductiveInvLemma (line 3572) | private void GenerateAtomicPathMaintainsInductiveInvLemma(ProofGenerat...
method GenerateInvariantProof (line 3587) | public void GenerateInvariantProof(ProofGenerationParams pgp, bool onl...
method GenerateLiftAtomicPathLemmaForNormalPath (line 3606) | protected virtual void GenerateLiftAtomicPathLemmaForNormalPath(Atomic...
method GenerateLiftAtomicPathLemmaForTauPath (line 3691) | protected virtual void GenerateLiftAtomicPathLemmaForTauPath(AtomicPat...
method GenerateLiftAtomicPathLemmaForUnmappedPath (line 3744) | protected virtual void GenerateLiftAtomicPathLemmaForUnmappedPath(Atom...
method GenerateLiftAtomicPathLemmas (line 3766) | protected virtual void GenerateLiftAtomicPathLemmas(string typeCompari...
method GenerateLiftingRelation (line 3808) | protected virtual void GenerateLiftingRelation()
method GenerateEstablishAtomicPathLiftableLemma (line 3819) | protected virtual void GenerateEstablishAtomicPathLiftableLemma()
method GenerateEstablishAtomicPathsLiftableLemma (line 3851) | protected virtual void GenerateEstablishAtomicPathsLiftableLemma(bool ...
method GenerateEstablishInitRequirementsLemma (line 3918) | protected virtual void GenerateEstablishInitRequirementsLemma()
method GenerateEstablishStateOKRequirementLemma (line 3949) | protected virtual void GenerateEstablishStateOKRequirementLemma()
method GenerateEstablishRelationRequirementLemma (line 3967) | protected virtual void GenerateEstablishRelationRequirementLemma()
method GenerateLiftLAtomicToHAtomicLemma (line 3993) | protected virtual void GenerateLiftLAtomicToHAtomicLemma(bool skippabl...
method GenerateGenericAtomicPropertyLemmas (line 4048) | protected void GenerateGenericAtomicPropertyLemmas()
method GenerateFinalProof (line 4089) | protected virtual void GenerateFinalProof()
method GeneratePCFunctions (line 4123) | protected virtual void GeneratePCFunctions(bool low)
method GeneratePCFunctions_L (line 4206) | protected virtual void GeneratePCFunctions_L()
method GeneratePCFunctions_H (line 4211) | protected virtual void GeneratePCFunctions_H()
method AddStackMatchesMethodInvariant (line 4216) | protected void AddStackMatchesMethodInvariant()
FILE: Source/Armada/ArmadaAst.cs
class Program (line 16) | public class Program {
method ObjectInvariant (line 17) | [ContractInvariantMethod]
method Program (line 36) | public Program(string name, [Captured] ModuleDecl module, [Captured] B...
method Modules (line 51) | public IEnumerable<ModuleDefinition> Modules() {
method RawModules (line 61) | public IEnumerable<ModuleDefinition> RawModules() {
class Include (line 82) | public class Include : IComparable
method Include (line 91) | public Include(IToken tok, string includer, string theFilename, string...
method CompareTo (line 100) | public int CompareTo(object obj) {
class BuiltIns (line 110) | public class BuiltIns
method Nat (line 122) | public UserDefinedType Nat() { return new UserDefinedType(Token.NoToke...
method ObjectQ (line 124) | public UserDefinedType ObjectQ() {
method BuiltIns (line 129) | public BuiltIns() {
method DontCompile (line 153) | private Attributes DontCompile() {
method AxiomAttribute (line 158) | public static Attributes AxiomAttribute() {
method ArrayType (line 162) | public UserDefinedType ArrayType(int dims, Type arg, bool allowCreatio...
method ArrayType (line 167) | public UserDefinedType ArrayType(IToken tok, int dims, List<Type> optT...
method ArrayClassName (line 192) | public static string ArrayClassName(int dims) {
method CreateArrowTypeDecl (line 205) | public void CreateArrowTypeDecl(int arity) {
method ArrowSubtypeConstraint (line 269) | private Expression ArrowSubtypeConstraint(IToken tok, BoundVar id, Fun...
method TupleType (line 305) | public TupleTypeDecl TupleType(IToken tok, int dims, bool allowCreatio...
method TupleTypeName (line 325) | public static string TupleTypeName(int dims) {
method IsTupleTypeName (line 329) | public static bool IsTupleTypeName(string s) {
type IAttributeBearingDeclaration (line 339) | public interface IAttributeBearingDeclaration
class Attributes (line 343) | public class Attributes {
method ObjectInvariant (line 344) | [ContractInvariantMethod]
method Attributes (line 355) | public Attributes(string name, [Captured] List<Expression> args, Attri...
method SubExpressions (line 363) | public static IEnumerable<Expression> SubExpressions(Attributes attrs) {
method Contains (line 367) | public static bool Contains(Attributes attrs, string nm) {
method ContainsBool (line 378) | [Pure]
method ContainsBoolAtAnyLevel (line 400) | public static bool ContainsBoolAtAnyLevel(MemberDecl decl, string attr...
method FindExpressions (line 427) | public static List<Expression> FindExpressions(Attributes attrs, strin...
method FindAllExpressions (line 441) | public static List<List<Expression>> FindAllExpressions(Attributes att...
type MatchingValueOption (line 463) | public enum MatchingValueOption { Empty, Bool, Int, String, Expression }
method ContainsMatchingValue (line 464) | public static bool ContainsMatchingValue(Attributes attrs, string nm, ...
class AttributesExtensions (line 505) | public static class AttributesExtensions {
method AsEnumerable (line 509) | public static IEnumerable<Attributes> AsEnumerable(this Attributes att...
class UserSuppliedAttributes (line 517) | public class UserSuppliedAttributes : Attributes
method UserSuppliedAttributes (line 523) | public UserSuppliedAttributes(IToken tok, IToken openBrace, IToken clo...
class VisibilityScope (line 536) | public class VisibilityScope {
method overlaps (line 544) | private bool overlaps(SortedSet<uint> set1, SortedSet<uint> set2) {
method VisibleInScope (line 555) | public bool VisibleInScope(VisibilityScope other) {
method IsEmpty (line 575) | [Pure]
method Augment (line 582) | public void Augment(VisibilityScope other) {
method VisibilityScope (line 590) | public VisibilityScope(bool newScope, string name) {
method VisibilityScope (line 599) | public VisibilityScope() {
class Type (line 607) | public abstract class Type {
method Nat (line 612) | public static Type Nat() { return new UserDefinedType(Token.NoToken, "...
method String (line 613) | public static Type String() { return new UserDefinedType(Token.NoToken...
method PushScope (line 622) | public static void PushScope(VisibilityScope scope) {
method ResetScopes (line 626) | public static void ResetScopes() {
method PopScope (line 632) | public static void PopScope() {
method PopScope (line 637) | public static void PopScope(VisibilityScope expected) {
method GetScope (line 643) | public static VisibilityScope GetScope() {
method EnableScopes (line 650) | public static void EnableScopes() {
method DisableScopes (line 655) | public static void DisableScopes() {
method TypeArgsToString (line 661) | public static string TypeArgsToString(ModuleDefinition/*?*/ context, L...
method TypeArgsToString (line 674) | public static string TypeArgsToString(List<Type> typeArgs, bool parseA...
method TypeArgsToString (line 678) | public string TypeArgsToString(ModuleDefinition/*?*/ context, bool par...
method TypeName (line 685) | [Pure]
method ToString (line 687) | [Pure]
method Normalize (line 695) | public Type Normalize() {
method NormalizeExpand (line 711) | [Pure]
method NormalizeExpandKeepConstraints (line 766) | [Pure]
method Equals (line 774) | [Pure]
method IsNumericBased (line 784) | public bool IsNumericBased() {
type NumericPersuation (line 788) | public enum NumericPersuation { Int, Real }
method IsNumericBased (line 789) | [Pure]
method IsSupertype (line 1153) | public static bool IsSupertype(Type super, Type sub) {
method GetPolarities (line 1187) | public static List<TypeParameter.TPVariance> GetPolarities(Type type) {
method FromSameHead_Subtype (line 1207) | public static bool FromSameHead_Subtype(Type t, Type u, BuiltIns built...
method FromSameHead (line 1237) | public static bool FromSameHead(Type t, Type u, out Type a, out Type b) {
method SameHead (line 1257) | public static bool SameHead(Type t, Type u) {
method IsHeadSupertypeOf (line 1289) | public static bool IsHeadSupertypeOf(Type super, Type sub) {
method Equal_Improved (line 1383) | public static bool Equal_Improved(Type a, Type b) {
method HeadWithProxyArgs (line 1448) | public static Type HeadWithProxyArgs(Type t) {
method GetTowerOfSubsetTypes (line 1489) | public static List<Type> GetTowerOfSubsetTypes(Type type) {
method ComputeExtrema (line 1512) | public static List<Type> ComputeExtrema(List<TypeParameter.TPVariance>...
method Meet (line 1546) | public static Type Meet(Type a, Type b, BuiltIns builtIns) {
method MeetX (line 1556) | public static Type MeetX(Type a, Type b, BuiltIns builtIns) {
method Join (line 1742) | public static Type Join(Type a, Type b, BuiltIns builtIns) {
method JoinX (line 1778) | public static Type JoinX(Type a, Type b, BuiltIns builtIns) {
method ForeachTypeComponent (line 1949) | public void ForeachTypeComponent(Action<Type> action) {
method ContainsProxy (line 1954) | public bool ContainsProxy(TypeProxy proxy) {
class ArtificialType (line 1967) | public abstract class ArtificialType : Type
class IntVarietiesSupertype (line 1974) | public class IntVarietiesSupertype : ArtificialType
method TypeName (line 1976) | [Pure]
method Equals (line 1980) | public override bool Equals(Type that) {
class RealVarietiesSupertype (line 1984) | public class RealVarietiesSupertype : ArtificialType
method TypeName (line 1986) | [Pure]
method Equals (line 1990) | public override bool Equals(Type that) {
class NonProxyType (line 1998) | public abstract class NonProxyType : Type
class BasicType (line 2002) | public abstract class BasicType : NonProxyType
class BoolType (line 2006) | public class BoolType : BasicType {
method TypeName (line 2007) | [Pure]
method Equals (line 2011) | public override bool Equals(Type that) {
class CharType (line 2016) | public class CharType : BasicType
method TypeName (line 2018) | [Pure]
method Equals (line 2022) | public override bool Equals(Type that) {
class IntType (line 2027) | public class IntType : BasicType
method TypeName (line 2029) | [Pure]
method Equals (line 2033) | public override bool Equals(Type that) {
class RealType (line 2038) | public class RealType : BasicType {
method TypeName (line 2039) | [Pure]
method Equals (line 2043) | public override bool Equals(Type that) {
class BigOrdinalType (line 2048) | public class BigOrdinalType : BasicType
method TypeName (line 2050) | [Pure]
method Equals (line 2054) | public override bool Equals(Type that) {
class BitvectorType (line 2059) | public class BitvectorType : BasicType
method BitvectorType (line 2063) | public BitvectorType(int width)
method TypeName (line 2075) | [Pure]
method Equals (line 2079) | public override bool Equals(Type that) {
class SelfType (line 2085) | public class SelfType : NonProxyType
method SelfType (line 2089) | public SelfType() : base() {
method TypeName (line 2093) | [Pure]
method Equals (line 2097) | public override bool Equals(Type that) {
class ArrowType (line 2102) | public class ArrowType : UserDefinedType
method ArrowType (line 2119) | public ArrowType(IToken tok, List<Type> args, Type result)
method ArrowType (line 2128) | public ArrowType(IToken tok, ArrowTypeDecl atd, List<Type> typeArgsAnd...
method ArrowType (line 2138) | public ArrowType(IToken tok, ArrowTypeDecl atd, List<Type> typeArgs, T...
method ArrowTypeName (line 2149) | public static string ArrowTypeName(int arity) {
method IsArrowTypeName (line 2153) | [Pure]
method PartialArrowTypeName (line 2158) | public static string PartialArrowTypeName(int arity) {
method IsPartialArrowTypeName (line 2162) | [Pure]
method TotalArrowTypeName (line 2167) | public static string TotalArrowTypeName(int arity) {
method IsTotalArrowTypeName (line 2171) | [Pure]
method TypeName (line 2180) | public override string TypeName(ModuleDefinition context, bool parseAb...
method PrettyArrowTypeName (line 2188) | public static string PrettyArrowTypeName(string arrow, List<Type> type...
class CollectionType (line 2225) | public abstract class CollectionType : NonProxyType
method TypeName (line 2228) | public override string TypeName(ModuleDefinition context, bool parseAb...
method HasTypeArg (line 2242) | public bool HasTypeArg() {
method SetTypeArg (line 2245) | public void SetTypeArg(Type arg) {
method SetTypeArgs (line 2252) | public virtual void SetTypeArgs(Type arg, Type other) {
method ObjectInvariant (line 2261) | [ContractInvariantMethod]
method CollectionType (line 2270) | protected CollectionType(Type arg) {
method CollectionType (line 2277) | protected CollectionType(Type arg, Type other) {
class SetType (line 2289) | public class SetType : CollectionType {
method SetType (line 2297) | public SetType(bool finite, Type arg) : base(arg) {
method Equals (line 2301) | [Pure]
class MultiSetType (line 2314) | public class MultiSetType : CollectionType
method MultiSetType (line 2316) | public MultiSetType(Type arg) : base(arg) {
method Equals (line 2319) | public override bool Equals(Type that) {
class SeqType (line 2331) | public class SeqType : CollectionType {
method SeqType (line 2332) | public SeqType(Type arg) : base(arg) {
method Equals (line 2335) | public override bool Equals(Type that) {
class MapType (line 2346) | public class MapType : CollectionType
method SetTypeArgs (line 2357) | public override void SetTypeArgs(Type domain, Type range) {
method MapType (line 2362) | public MapType(bool finite, Type domain, Type range) : base(domain, ra...
method TypeName (line 2371) | [Pure]
method Equals (line 2377) | public override bool Equals(Type that) {
class SizedArrayType (line 2395) | public class SizedArrayType : CollectionType {
method SizedArrayType (line 2406) | public SizedArrayType(Type i_range, Expression i_sz) : base(i_range) {
method TypeName (line 2418) | [Pure]
method SizeEquals (line 2429) | private bool SizeEquals(SizedArrayType that) {
method Equals (line 2441) | public override bool Equals(Type that) {
class PointerType (line 2458) | public class PointerType : CollectionType
method PointerType (line 2460) | public PointerType(Type arg) : base(arg) {
method TypeName (line 2462) | public override string TypeName(ModuleDefinition context, bool parseAb...
method Equals (line 2466) | public override bool Equals(Type that) {
class UserDefinedType (line 2477) | public class UserDefinedType : NonProxyType
method ObjectInvariant (line 2479) | [ContractInvariantMethod]
method UserDefinedType (line 2535) | public UserDefinedType(IToken tok, string name, List<Type> optTypeArgs)
method UserDefinedType (line 2543) | public UserDefinedType(IToken tok, Expression namePath) {
method FromTopLevelDecl (line 2570) | public static UserDefinedType FromTopLevelDecl(IToken tok, TopLevelDec...
method UserDefinedType (line 2587) | public UserDefinedType(IToken tok, string name, TopLevelDecl cd, [Capt...
method CreateNonNullType (line 2609) | public static UserDefinedType CreateNonNullType(UserDefinedType udtNul...
method UserDefinedType (line 2619) | public UserDefinedType(TypeParameter tp)
method UserDefinedType (line 2629) | public UserDefinedType(IToken tok, TypeParameter tp) {
method UserDefinedType (line 2647) | public UserDefinedType(OpaqueType_AsParameter tp, OpaqueTypeDecl decl,...
method Equals (line 2663) | public override bool Equals(Type that) {
method DenotesClass (line 2687) | public static UserDefinedType DenotesClass(Type type) {
method ArrayElementType (line 2699) | public static Type ArrayElementType(Type type) {
method TypeName (line 2711) | [Pure]
class TypeProxy (line 2809) | public abstract class TypeProxy : Type {
method AddSupertype (line 2831) | public void AddSupertype(Resolver.TypeConstraint c) {
method SubtypesKeepConstraints_WithAssignable (line 2856) | public IEnumerable<Type> SubtypesKeepConstraints_WithAssignable(List<R...
method AddSubtype (line 2870) | public void AddSubtype(Resolver.TypeConstraint c) {
type Family (line 2876) | public enum Family { Unknown, Bool, Char, IntLike, RealLike, Ordinal, ...
method GetFamily (line 2878) | public static Family GetFamily(Type t) {
method TypeProxy (line 2905) | internal TypeProxy() {
method TypeName (line 2912) | [Pure]
method Equals (line 2940) | public override bool Equals(Type that) {
method IsSupertypeOfLiteral (line 2950) | [Pure]
method InClusterOfArtificial (line 2955) | internal Type InClusterOfArtificial(List<Resolver.XConstraint> allXCon...
method InClusterOfArtificial_aux (line 2959) | private Type InClusterOfArtificial_aux(ISet<TypeProxy> visitedProxies,...
class InferredTypeProxy (line 2995) | public class InferredTypeProxy : TypeProxy {
method InferredTypeProxy (line 2997) | public InferredTypeProxy() : base() {
class ParamTypeProxy (line 3005) | public class ParamTypeProxy : TypeProxy {
method ObjectInvariant (line 3007) | [ContractInvariantMethod]
method ParamTypeProxy (line 3012) | public ParamTypeProxy(TypeParameter orig) {
type INamedRegion (line 3023) | public interface INamedRegion
class Declaration (line 3030) | public abstract class Declaration : INamedRegion, IAttributeBearingDecla...
method ObjectInvariant (line 3032) | [ContractInvariantMethod]
method IdProtect (line 3038) | public static string IdProtect(string name) {
method CanBeExported (line 3062) | public virtual bool CanBeExported() {
method CanBeRevealed (line 3066) | public virtual bool CanBeRevealed() {
method AddVisibilityScope (line 3072) | public void AddVisibilityScope(VisibilityScope scope, bool IsOpaque) {
method InheritVisibility (line 3083) | public void InheritVisibility(Declaration d, bool onlyRevealed = true) {
method IsRevealedInScope (line 3097) | public bool IsRevealedInScope(VisibilityScope scope) {
method IsVisibleInScope (line 3101) | public bool IsVisibleInScope(VisibilityScope scope) {
method IsExtern (line 3118) | public bool IsExtern(out string/*?*/ qualification, out string/*?*/ na...
method Declaration (line 3145) | public Declaration(IToken tok, string name, Attributes attributes) {
method ToString (line 3153) | [Pure]
class OpaqueType_AsParameter (line 3162) | public class OpaqueType_AsParameter : TypeParameter {
method OpaqueType_AsParameter (line 3164) | public OpaqueType_AsParameter(IToken tok, string name, TypeParameterCh...
class TypeParameter (line 3173) | public class TypeParameter : Declaration {
type ParentType (line 3174) | public interface ParentType {
type TPVarianceSyntax (line 3200) | public enum TPVarianceSyntax { NonVariant_Strict, NonVariant_Permissiv...
type TPVariance (line 3201) | public enum TPVariance { Co, Non, Contra }
method Negate (line 3202) | public static TPVariance Negate(TPVariance v) {
type EqualitySupportValue (line 3247) | public enum EqualitySupportValue { Required, InferredRequired, Unspeci...
type TypeParameterCharacteristics (line 3248) | public struct TypeParameterCharacteristics
method TypeParameterCharacteristics (line 3253) | public TypeParameterCharacteristics(bool dummy) {
method TypeParameterCharacteristics (line 3258) | public TypeParameterCharacteristics(EqualitySupportValue eqSupport, ...
method TypeParameter (line 3279) | public TypeParameter(IToken tok, string name, TPVarianceSyntax varianc...
method TypeParameter (line 3287) | public TypeParameter(IToken tok, string name, TPVarianceSyntax varianceS)
method TypeParameter (line 3293) | public TypeParameter(IToken tok, string name, int positionalIndex, Par...
method FullName (line 3300) | public string FullName() {
method GetExplicitCharacteristics (line 3305) | public static TypeParameterCharacteristics GetExplicitCharacteristics(...
class ModuleDecl (line 3324) | abstract public class ModuleDecl : TopLevelDecl
method AccessibleSignature (line 3328) | public virtual ModuleSignature AccessibleSignature(bool ignoreExports) {
method AccessibleSignature (line 3332) | public virtual ModuleSignature AccessibleSignature() {
method ModuleDecl (line 3340) | public ModuleDecl(IToken tok, string name, ModuleDefinition parent, bo...
method Dereference (line 3346) | public abstract object Dereference();
class LiteralModuleDecl (line 3351) | public class LiteralModuleDecl : ModuleDecl
method AccessibleSignature (line 3357) | public override ModuleSignature AccessibleSignature(bool ignoreExports) {
method AccessibleSignature (line 3363) | public override ModuleSignature AccessibleSignature() {
method LiteralModuleDecl (line 3373) | public LiteralModuleDecl(ModuleDefinition module, ModuleDefinition par...
method Dereference (line 3377) | public override object Dereference() { return ModuleDef; }
class AliasModuleDecl (line 3380) | public class AliasModuleDecl : ModuleDecl
method AliasModuleDecl (line 3386) | public AliasModuleDecl(List<IToken> path, IToken name, ModuleDefinitio...
method Dereference (line 3394) | public override object Dereference() { return Signature.ModuleDef; }
class ModuleFacadeDecl (line 3398) | public class ModuleFacadeDecl : ModuleDecl
method ModuleFacadeDecl (line 3406) | public ModuleFacadeDecl(List<IToken> path, IToken name, ModuleDefiniti...
method Dereference (line 3416) | public override object Dereference() { return this; }
class ModuleExportDecl (line 3420) | public class ModuleExportDecl : ModuleDecl
method ModuleExportDecl (line 3431) | public ModuleExportDecl(IToken tok, ModuleDefinition parent,
method SetupDefaultSignature (line 3443) | public void SetupDefaultSignature() {
method Dereference (line 3453) | public override object Dereference() { return this; }
method CanBeExported (line 3454) | public override bool CanBeExported() {
class ExportSignature (line 3460) | public class ExportSignature
method ObjectInvariant (line 3470) | [ContractInvariantMethod]
method ExportSignature (line 3477) | public ExportSignature(IToken prefixTok, string prefix, IToken idTok, ...
method ExportSignature (line 3489) | public ExportSignature(IToken idTok, string id, bool opaque) {
method ToString (line 3497) | public override string ToString() {
type ArmadaModuleType (line 3505) | public enum ArmadaModuleType { NotArmada, ArmadaStructs, ArmadaLevel, Ar...
class ModuleSignature (line 3507) | public class ModuleSignature {
method ModuleSignature (line 3519) | public ModuleSignature() {}
method FindImport (line 3523) | public bool FindImport(string name, out ModuleSignature pp) {
class ModuleDefinition (line 3535) | public class ModuleDefinition : INamedRegion, IAttributeBearingDeclaration
method ObjectInvariant (line 3615) | [ContractInvariantMethod]
method ModuleDefinition (line 3621) | public ModuleDefinition(IToken tok, string name, List<IToken> prefixId...
method InSameSCC (line 3690) | public static bool InSameSCC(ICallable a, ICallable b) {
method AllFunctionSCCs (line 3703) | public static IEnumerable<ICallable> AllFunctionSCCs(List<TopLevelDecl...
method AllFunctions (line 3721) | public static IEnumerable<Function> AllFunctions(List<TopLevelDecl> de...
method AllFields (line 3735) | public static IEnumerable<Field> AllFields(List<TopLevelDecl> declarat...
method AllClasses (line 3749) | public static IEnumerable<ClassDecl> AllClasses(List<TopLevelDecl> dec...
method AllCallables (line 3766) | public static IEnumerable<ICallable> AllCallables(List<TopLevelDecl> d...
method AllItersAndCallables (line 3784) | public static IEnumerable<ICallable> AllItersAndCallables(List<TopLeve...
method AllIteratorDecls (line 3801) | public static IEnumerable<IteratorDecl> AllIteratorDecls(List<TopLevel...
method AllDeclarationsAndNonNullTypeDecls (line 3814) | public static IEnumerable<TopLevelDecl> AllDeclarationsAndNonNullTypeD...
method AllFixpointLemmas (line 3824) | public static IEnumerable<FixpointLemma> AllFixpointLemmas(List<TopLev...
method IsEssentiallyEmptyModuleBody (line 3838) | public bool IsEssentiallyEmptyModuleBody() {
class DefaultModuleDecl (line 3856) | public class DefaultModuleDecl : ModuleDefinition {
method DefaultModuleDecl (line 3857) | public DefaultModuleDecl()
class TopLevelDecl (line 3867) | public abstract class TopLevelDecl : Declaration, TypeParameter.ParentTy...
method ObjectInvariant (line 3871) | [ContractInvariantMethod]
method TopLevelDecl (line 3876) | public TopLevelDecl(IToken tok, string name, ModuleDefinition module, ...
method FullNameInContext (line 3902) | public string FullNameInContext(ModuleDefinition context) {
class TopLevelDeclWithMembers (line 3932) | public abstract class TopLevelDeclWithMembers : TopLevelDecl {
method TopLevelDeclWithMembers (line 3934) | public TopLevelDeclWithMembers(IToken tok, string name, ModuleDefiniti...
class TraitDecl (line 3944) | public class TraitDecl : ClassDecl {
method TraitDecl (line 3947) | public TraitDecl(IToken tok, string name, ModuleDefinition module,
class ClassDecl (line 3952) | public class ClassDecl : TopLevelDeclWithMembers {
method CanBeRevealed (line 3954) | public override bool CanBeRevealed() { return true; }
method ObjectInvariant (line 3960) | [ContractInvariantMethod]
method ClassDecl (line 3967) | public ClassDecl(IToken tok, string name, ModuleDefinition module,
method DerivesFrom (line 3986) | internal bool DerivesFrom(TopLevelDecl b) {
class DefaultClassDecl (line 3992) | public class DefaultClassDecl : ClassDecl {
method DefaultClassDecl (line 3993) | public DefaultClassDecl(ModuleDefinition module, [Captured] List<Membe...
class ArrayClassDecl (line 4005) | public class ArrayClassDecl : ClassDecl {
method ArrayClassDecl (line 4008) | public ArrayClassDecl(int dims, ModuleDefinition module, Attributes at...
class ArrowTypeDecl (line 4020) | public class ArrowTypeDecl : ClassDecl
method ArrowTypeDecl (line 4027) | public ArrowTypeDecl(List<TypeParameter> tps, Function req, Function r...
class DatatypeDecl (line 4042) | public abstract class DatatypeDecl : TopLevelDeclWithMembers, Revealable...
method CanBeRevealed (line 4044) | public override bool CanBeRevealed() { return true; }
method ObjectInvariant (line 4046) | [ContractInvariantMethod]
method DatatypeDecl (line 4052) | public DatatypeDecl(IToken tok, string name, ModuleDefinition module, ...
class IndDatatypeDecl (line 4098) | public class IndDatatypeDecl : DatatypeDecl, RevealableTypeDecl
type ES (line 4104) | public enum ES { NotYetComputed, Never, ConsultTypeArguments }
method IndDatatypeDecl (line 4107) | public IndDatatypeDecl(IToken tok, string name, ModuleDefinition modul...
class TupleTypeDecl (line 4120) | public class TupleTypeDecl : IndDatatypeDecl
method TupleTypeDecl (line 4126) | public TupleTypeDecl(int dims, ModuleDefinition systemModule, Attribut...
method TupleTypeDecl (line 4132) | private TupleTypeDecl(ModuleDefinition systemModule, List<TypeParamete...
method CreateCovariantTypeParameters (line 4147) | private static List<TypeParameter> CreateCovariantTypeParameters(int d...
method CreateConstructors (line 4157) | private static List<DatatypeCtor> CreateConstructors(List<TypeParamete...
class CoDatatypeDecl (line 4176) | public class CoDatatypeDecl : DatatypeDecl
method CoDatatypeDecl (line 4181) | public CoDatatypeDecl(IToken tok, string name, ModuleDefinition module...
class ValuetypeDecl (line 4198) | public class ValuetypeDecl : TopLevelDecl
method ValuetypeDecl (line 4205) | public ValuetypeDecl(string name, ModuleDefinition module, int typePar...
method IsThisType (line 4219) | public bool IsThisType(Type t) {
method CreateType (line 4224) | public Type CreateType(List<Type> typeArgs) {
class DatatypeCtor (line 4232) | public class DatatypeCtor : Declaration, TypeParameter.ParentType
method ObjectInvariant (line 4235) | [ContractInvariantMethod]
method DatatypeCtor (line 4249) | public DatatypeCtor(IToken tok, string name, [Captured] List<Formal> f...
type ICodeContext (line 4270) | public interface ICodeContext
type ICallable (line 4283) | public interface ICallable : ICodeContext
class DontUseICallable (line 4297) | public class DontUseICallable : ICallable
type IMethodCodeContext (line 4318) | public interface IMethodCodeContext : ICallable
class NoContext (line 4327) | public class NoContext : ICodeContext
method NoContext (line 4330) | public NoContext(ModuleDefinition module)
class IteratorDecl (line 4344) | public class IteratorDecl : ClassDecl, IMethodCodeContext
method IteratorDecl (line 4370) | public IteratorDecl(IToken tok, string name, ModuleDefinition module, ...
method MutateIntoRequiringZeroInitBit (line 4413) | private static List<TypeParameter> MutateIntoRequiringZeroInitBit(List...
class EverIncreasingType (line 4472) | public class EverIncreasingType : BasicType
method TypeName (line 4474) | [Pure]
method Equals (line 4480) | public override bool Equals(Type that) {
class MemberDecl (line 4508) | public abstract class MemberDecl : Declaration {
method MemberDecl (line 4527) | public MemberDecl(IToken tok, string name, bool hasStaticKeyword, bool...
method FullNameInContext (line 4573) | public virtual string FullNameInContext(ModuleDefinition context) {
class Field (line 4603) | public class Field : MemberDecl, ICodeContext {
method ObjectInvariant (line 4610) | [ContractInvariantMethod]
method Field (line 4616) | public Field(IToken tok, string name, bool isGhost, Type type, Attribu...
method Field (line 4624) | public Field(IToken tok, string name, bool hasStaticKeyword, bool isGh...
class SpecialFunction (line 4662) | public class SpecialFunction : Function, ICodeContext, ICallable
method SpecialFunction (line 4665) | public SpecialFunction(IToken tok, string name, ModuleDefinition modul...
class SpecialField (line 4677) | public class SpecialField : Field
type ID (line 4679) | public enum ID {
method SpecialField (line 4697) | public SpecialField(IToken tok, string name, ID specialId, object idPa...
method SpecialField (line 4705) | public SpecialField(IToken tok, string name, ID specialId, object idPa...
method FullNameInContext (line 4737) | public override string FullNameInContext(ModuleDefinition context) {
class DatatypeDestructor (line 4758) | public class DatatypeDestructor : SpecialField
method ObjectInvariant (line 4762) | [ContractInvariantMethod]
method DatatypeDestructor (line 4770) | public DatatypeDestructor(IToken tok, DatatypeCtor enclosingCtor, Form...
method AddAnotherEnclosingCtor (line 4786) | internal void AddAnotherEnclosingCtor(DatatypeCtor ctor, Formal formal) {
method EnclosingCtorNames (line 4793) | internal string EnclosingCtorNames(string grammaticalConjunction) {
method PrintableCtorNameList (line 4798) | static internal string PrintableCtorNameList(List<DatatypeCtor> ctors,...
class ConstantField (line 4816) | public class ConstantField : SpecialField, ICallable
method ConstantField (line 4820) | public ConstantField(IToken tok, string name, Expression/*?*/ rhs, boo...
method CanBeRevealed (line 4829) | public override bool CanBeRevealed() {
class OpaqueTypeDecl (line 4837) | public class OpaqueTypeDecl : TopLevelDecl, TypeParameter.ParentType, Re...
method CanBeRevealed (line 4840) | public override bool CanBeRevealed() { return true; }
method ObjectInvariant (line 4848) | [ContractInvariantMethod]
method OpaqueTypeDecl (line 4853) | public OpaqueTypeDecl(IToken tok, string name, ModuleDefinition module...
type RedirectingTypeDecl (line 4872) | public interface RedirectingTypeDecl : ICallable
class NativeType (line 4886) | public class NativeType
type Selection (line 4892) | public enum Selection { Byte, SByte, UShort, Short, UInt, Int, Number,...
method NativeType (line 4895) | public NativeType(string Name, BigInteger LowerBound, BigInteger Upper...
class RevealableTypeDeclHelper (line 4907) | public static class RevealableTypeDeclHelper {
method NewSelfSynonym (line 4910) | public static void NewSelfSynonym(this RevealableTypeDecl rtd) {
method SelfSynonym (line 4925) | public static UserDefinedType SelfSynonym(this RevealableTypeDecl rtd,...
method SelfSynonymDecl (line 4934) | public static InternalTypeSynonymDecl SelfSynonymDecl(this RevealableT...
method AccessibleDecl (line 4940) | public static TopLevelDecl AccessibleDecl(this RevealableTypeDecl rtd,...
method IsRevealedInScope (line 4950) | public static bool IsRevealedInScope(this RevealableTypeDecl rtd, Visi...
type RevealableTypeDecl (line 4956) | public interface RevealableTypeDecl {
class NewtypeDecl (line 4960) | public class NewtypeDecl : TopLevelDeclWithMembers, RevealableTypeDecl, ...
method CanBeRevealed (line 4963) | public override bool CanBeRevealed() { return true; }
method NewtypeDecl (line 4970) | public NewtypeDecl(IToken tok, string name, ModuleDefinition module, T...
method NewtypeDecl (line 4979) | public NewtypeDecl(IToken tok, string name, ModuleDefinition module, B...
class TypeSynonymDeclBase (line 5038) | public abstract class TypeSynonymDeclBase : TopLevelDecl, RedirectingTyp...
method TypeSynonymDeclBase (line 5046) | public TypeSynonymDeclBase(IToken tok, string name, TypeParameter.Type...
method RhsWithArgument (line 5059) | public Type RhsWithArgument(List<Type> typeArgs) {
method RhsWithArgumentIgnoringScope (line 5076) | public Type RhsWithArgumentIgnoringScope(List<Type> typeArgs) {
method CanBeRevealed (line 5118) | public override bool CanBeRevealed() {
class TypeSynonymDecl (line 5123) | public class TypeSynonymDecl : TypeSynonymDeclBase, RedirectingTypeDecl,...
method TypeSynonymDecl (line 5124) | public TypeSynonymDecl(IToken tok, string name, TypeParameter.TypePara...
class InternalTypeSynonymDecl (line 5131) | public class InternalTypeSynonymDecl : TypeSynonymDeclBase, RedirectingT...
method InternalTypeSynonymDecl (line 5132) | public InternalTypeSynonymDecl(IToken tok, string name, TypeParameter....
class SubsetTypeDecl (line 5139) | public class SubsetTypeDecl : TypeSynonymDecl, RedirectingTypeDecl
type WKind (line 5144) | public enum WKind { None, Compiled, Ghost, Special }
method SubsetTypeDecl (line 5147) | public SubsetTypeDecl(IToken tok, string name, TypeParameter.TypeParam...
class NonNullTypeDecl (line 5169) | public class NonNullTypeDecl : SubsetTypeDecl
method NonNullTypeDecl (line 5176) | public NonNullTypeDecl(ClassDecl cl)
method NonNullTypeDecl (line 5182) | private NonNullTypeDecl(ClassDecl cl, List<TypeParameter> tps)
method NonNullTypeDecl (line 5190) | private NonNullTypeDecl(ClassDecl cl, List<TypeParameter> tps, BoundVa...
type IVariable (line 5202) | [ContractClass(typeof(IVariableContracts))]
method AssignUniqueName (line 5216) | string AssignUniqueName(FreshIdGenerator generator);
class IVariableContracts (line 5236) | [ContractClassFor(typeof(IVariable))]
method AssignUniqueName (line 5295) | public string AssignUniqueName(FreshIdGenerator generator)
class NonglobalVariable (line 5302) | public abstract class NonglobalVariable : IVariable {
method ObjectInvariant (line 5306) | [ContractInvariantMethod]
method AssignUniqueName (line 5333) | public string AssignUniqueName(FreshIdGenerator generator)
method CompilerizeName (line 5343) | public static string CompilerizeName(string nm) {
method NonglobalVariable (line 5417) | public NonglobalVariable(IToken tok, string name, Type type, bool isGh...
class Formal (line 5428) | public class Formal : NonglobalVariable {
method Formal (line 5437) | public Formal(IToken tok, string name, Type type, bool inParam, bool i...
class ImplicitFormal (line 5465) | public class ImplicitFormal : Formal
method ImplicitFormal (line 5467) | public ImplicitFormal(IToken tok, string name, Type type, bool inParam...
class BoundVar (line 5475) | [DebuggerDisplay("Bound<{name}>")]
method BoundVar (line 5483) | public BoundVar(IToken tok, string name, Type type)
class Function (line 5491) | public class Function : MemberDecl, TypeParameter.ParentType, ICallable {
method CanBeRevealed (line 5493) | public override bool CanBeRevealed() { return true; }
type CoCallClusterInvolvement (line 5556) | public enum CoCallClusterInvolvement {
method ObjectInvariant (line 5563) | [ContractInvariantMethod]
method Function (line 5577) | public Function(IToken tok, string name, bool hasStaticKeyword, bool i...
method IsFuelAware (line 5648) | [Pure]
class Predicate (line 5653) | public class Predicate : Function
type BodyOriginKind (line 5656) | public enum BodyOriginKind
method Predicate (line 5663) | public Predicate(IToken tok, string name, bool hasStaticKeyword, bool ...
class ActionPredicate (line 5673) | public class ActionPredicate : Predicate
method ActionPredicate (line 5677) | public ActionPredicate(IToken tok, string name,
class GlobalInvariantDecl (line 5688) | public class GlobalInvariantDecl : MemberDecl
method CanBeRevealed (line 5691) | public override bool CanBeRevealed() { return false; }
method GlobalInvariantDecl (line 5694) | public GlobalInvariantDecl(IToken tok, string name, Attributes attribu...
class YieldPredicateDecl (line 5702) | public class YieldPredicateDecl : MemberDecl
method CanBeRevealed (line 5705) | public override bool CanBeRevealed() { return false; }
method YieldPredicateDecl (line 5708) | public YieldPredicateDecl(IToken tok, string name, Attributes attribut...
class UniversalStepConstraintDecl (line 5716) | public class UniversalStepConstraintDecl : MemberDecl
method CanBeRevealed (line 5719) | public override bool CanBeRevealed() { return false; }
method UniversalStepConstraintDecl (line 5723) | public UniversalStepConstraintDecl(IToken tok, string name, Attributes...
method UniversalStepConstraintDecl (line 5731) | public UniversalStepConstraintDecl(IToken tok, string name, Attributes...
class RefinementConstraintDecl (line 5740) | public class RefinementConstraintDecl : TopLevelDecl
method CanBeRevealed (line 5743) | public override bool CanBeRevealed() { return false; }
method RefinementConstraintDecl (line 5744) | public RefinementConstraintDecl(IToken tok, ModuleDefinition module, s...
class ArmadaProofDecl (line 5753) | public abstract class ArmadaProofDecl : TopLevelDecl
method CanBeRevealed (line 5756) | public override bool CanBeRevealed() { return Attributes.Contains(Attr...
method ArmadaProofDecl (line 5757) | public ArmadaProofDecl(IToken tok, ModuleDefinition module, Attributes...
class RefinementParametersDecl (line 5763) | public class RefinementParametersDecl : ArmadaProofDecl
method RefinementParametersDecl (line 5767) | public RefinementParametersDecl(IToken tok, ModuleDefinition module, I...
class ImportFileArmadaProofDecl (line 5778) | public class ImportFileArmadaProofDecl : ArmadaProofDecl
method ImportFileArmadaProofDecl (line 5782) | public ImportFileArmadaProofDecl(IToken tok, ModuleDefinition module, ...
class ImportModuleArmadaProofDecl (line 5793) | public class ImportModuleArmadaProofDecl : ArmadaProofDecl
method ImportModuleArmadaProofDecl (line 5797) | public ImportModuleArmadaProofDecl(IToken tok, ModuleDefinition module...
class ExtraMaterialArmadaProofDecl (line 5808) | public class ExtraMaterialArmadaProofDecl : ArmadaProofDecl
method ExtraMaterialArmadaProofDecl (line 5812) | public ExtraMaterialArmadaProofDecl(IToken tok, ModuleDefinition modul...
class InductiveInvariantArmadaProofDecl (line 5823) | public class InductiveInvariantArmadaProofDecl : ArmadaProofDecl
method InductiveInvariantArmadaProofDecl (line 5827) | public InductiveInvariantArmadaProofDecl(IToken tok, ModuleDefinition ...
class UseRegionsArmadaProofDecl (line 5841) | public class UseRegionsArmadaProofDecl : ArmadaProofDecl
method UseRegionsArmadaProofDecl (line 5845) | public UseRegionsArmadaProofDecl(IToken tok, ModuleDefinition module)
class UseAddressInvariantArmadaProofDecl (line 5851) | public class UseAddressInvariantArmadaProofDecl : ArmadaProofDecl
method UseAddressInvariantArmadaProofDecl (line 5855) | public UseAddressInvariantArmadaProofDecl(IToken tok, ModuleDefinition...
class CHLInvariantArmadaProofDecl (line 5861) | public class CHLInvariantArmadaProofDecl : ArmadaProofDecl
method CHLInvariantArmadaProofDecl (line 5865) | public CHLInvariantArmadaProofDecl(IToken tok, ModuleDefinition module...
class CHLLocalInvariantArmadaProofDecl (line 5876) | public class CHLLocalInvariantArmadaProofDecl : ArmadaProofDecl
method CHLLocalInvariantArmadaProofDecl (line 5880) | public CHLLocalInvariantArmadaProofDecl(IToken tok, ModuleDefinition m...
class CHLYieldPredicateArmadaProofDecl (line 5894) | public class CHLYieldPredicateArmadaProofDecl : ArmadaProofDecl
method CHLYieldPredicateArmadaProofDecl (line 5899) | public CHLYieldPredicateArmadaProofDecl(IToken tok, ModuleDefinition m...
class CHLPreconditionArmadaProofDecl (line 5910) | public class CHLPreconditionArmadaProofDecl : ArmadaProofDecl
method CHLPreconditionArmadaProofDecl (line 5914) | public CHLPreconditionArmadaProofDecl(IToken tok, ModuleDefinition mod...
class CHLPostconditionArmadaProofDecl (line 5928) | public class CHLPostconditionArmadaProofDecl : ArmadaProofDecl
method CHLPostconditionArmadaProofDecl (line 5932) | public CHLPostconditionArmadaProofDecl(IToken tok, ModuleDefinition mo...
class CHLLoopModifiesClauseArmadaProofDecl (line 5946) | public class CHLLoopModifiesClauseArmadaProofDecl : ArmadaProofDecl
method CHLLoopModifiesClauseArmadaProofDecl (line 5950) | public CHLLoopModifiesClauseArmadaProofDecl(IToken tok, ModuleDefiniti...
class AuxiliaryArmadaProofDecl (line 5964) | public class AuxiliaryArmadaProofDecl : ArmadaProofDecl
method AuxiliaryArmadaProofDecl (line 5968) | public AuxiliaryArmadaProofDecl(IToken tok, ModuleDefinition module, s...
class StrategyDecl (line 5986) | public abstract class StrategyDecl : ArmadaProofDecl
method CanBeRevealed (line 5989) | public override bool CanBeRevealed() { return false; }
method StrategyDecl (line 5990) | public StrategyDecl(IToken tok, ModuleDefinition module) : base(tok, m...
class WeakeningStrategyDecl (line 5995) | public class WeakeningStrategyDecl : StrategyDecl
method WeakeningStrategyDecl (line 5999) | public WeakeningStrategyDecl(IToken tok, ModuleDefinition module, List...
class StarWeakeningStrategyDecl (line 6008) | public class StarWeakeningStrategyDecl : StrategyDecl
method StarWeakeningStrategyDecl (line 6012) | public StarWeakeningStrategyDecl(IToken tok, ModuleDefinition module, ...
class GlobalVariableHidingStrategyDecl (line 6023) | public class GlobalVariableHidingStrategyDecl : StrategyDecl
method GlobalVariableHidingStrategyDecl (line 6027) | public GlobalVariableHidingStrategyDecl(IToken tok, ModuleDefinition m...
class StackVariableHidingStrategyDecl (line 6036) | public class StackVariableHidingStrategyDecl : StrategyDecl
method StackVariableHidingStrategyDecl (line 6040) | public StackVariableHidingStrategyDecl(IToken tok, ModuleDefinition mo...
class GlobalVariableIntroStrategyDecl (line 6051) | public class GlobalVariableIntroStrategyDecl : StrategyDecl
method GlobalVariableIntroStrategyDecl (line 6055) | public GlobalVariableIntroStrategyDecl(IToken tok, ModuleDefinition mo...
class StackVariableIntroStrategyDecl (line 6064) | public class StackVariableIntroStrategyDecl : StrategyDecl
method StackVariableIntroStrategyDecl (line 6068) | public StackVariableIntroStrategyDecl(IToken tok, ModuleDefinition mod...
class ReductionStrategyDecl (line 6087) | public class ReductionStrategyDecl : StrategyDecl
method ReductionStrategyDecl (line 6091) | public ReductionStrategyDecl(IToken tok, ModuleDefinition module, List...
class CombiningStrategyDecl (line 6103) | public class CombiningStrategyDecl : StrategyDecl
method CombiningStrategyDecl (line 6107) | public CombiningStrategyDecl(IToken tok, ModuleDefinition module, ITok...
class FieldHidingStrategyDecl (line 6120) | public class FieldHidingStrategyDecl : StrategyDecl
method FieldHidingStrategyDecl (line 6124) | public FieldHidingStrategyDecl(IToken tok, ModuleDefinition module, IT...
class FieldIntroStrategyDecl (line 6135) | public class FieldIntroStrategyDecl : StrategyDecl
method FieldIntroStrategyDecl (line 6139) | public FieldIntroStrategyDecl(IToken tok, ModuleDefinition module, ITo...
class AssumeIntroStrategyDecl (line 6150) | public class AssumeIntroStrategyDecl : StrategyDecl
method AssumeIntroStrategyDecl (line 6154) | public AssumeIntroStrategyDecl(IToken tok, ModuleDefinition module, Li...
class ConcurrentHoareLogicStrategyDecl (line 6163) | public class ConcurrentHoareLogicStrategyDecl : StrategyDecl
method ConcurrentHoareLogicStrategyDecl (line 6167) | public ConcurrentHoareLogicStrategyDecl(IToken tok, ModuleDefinition m...
class CriticalSectionStrategyDecl (line 6173) | public class CriticalSectionStrategyDecl : StrategyDecl
method CriticalSectionStrategyDecl (line 6177) | public CriticalSectionStrategyDecl(IToken tok, ModuleDefinition module...
class TSOEliminationStrategyDecl (line 6186) | public class TSOEliminationStrategyDecl : StrategyDecl
method TSOEliminationStrategyDecl (line 6190) | public TSOEliminationStrategyDecl(IToken tok, ModuleDefinition module,...
class PrefixPredicate (line 6204) | public class PrefixPredicate : Function
method PrefixPredicate (line 6209) | public PrefixPredicate(IToken tok, string name, bool hasStaticKeyword,...
class FixpointPredicate (line 6222) | public abstract class FixpointPredicate : Function
type KType (line 6224) | public enum KType { Unspecified, Nat, ORDINAL }
method FixpointPredicate (line 6234) | public FixpointPredicate(IToken tok, string name, bool hasStaticKeywor...
method CreatePrefixPredicateCall (line 6247) | public FunctionCallExpr CreatePrefixPredicateCall(FunctionCallExpr fex...
class InductivePredicate (line 6280) | public class InductivePredicate : FixpointPredicate
method InductivePredicate (line 6283) | public InductivePredicate(IToken tok, string name, bool hasStaticKeywo...
class CoPredicate (line 6292) | public class CoPredicate : FixpointPredicate
method CoPredicate (line 6295) | public CoPredicate(IToken tok, string name, bool hasStaticKeyword, boo...
class TwoStateFunction (line 6304) | public class TwoStateFunction : Function
method TwoStateFunction (line 6307) | public TwoStateFunction(IToken tok, string name, bool hasStaticKeyword,
class TwoStatePredicate (line 6325) | public class TwoStatePredicate : TwoStateFunction
method TwoStatePredicate (line 6328) | public TwoStatePredicate(IToken tok, string name, bool hasStaticKeyword,
class Method (line 6344) | public class Method : MemberDecl, TypeParameter.ParentType, IMethodCodeC...
method ObjectInvariant (line 6392) | [ContractInvariantMethod]
method Method (line 6403) | public Method(IToken tok, string name,
class Lemma (line 6512) | public class Lemma : Method
method Lemma (line 6515) | public Lemma(IToken tok, string name,
class TwoStateLemma (line 6528) | public class TwoStateLemma : Method
method TwoStateLemma (line 6531) | public TwoStateLemma(IToken tok, string name,
class Constructor (line 6554) | public class Constructor : Method
method ObjectInvariant (line 6557) | [ContractInvariantMethod]
method Constructor (line 6579) | public Constructor(IToken tok, string name,
class Destructor (line 6605) | public class Destructor : Method
method Destructor (line 6609) | public Destructor(IToken tok, string name,
class PrefixLemma (line 6638) | public class PrefixLemma : Method
method PrefixLemma (line 6643) | public PrefixLemma(IToken tok, string name, bool hasStaticKeyword,
class FixpointLemma (line 6656) | public abstract class FixpointLemma : Method
method FixpointLemma (line 6666) | public FixpointLemma(IToken tok, string name,
class InductiveLemma (line 6689) | public class InductiveLemma : FixpointLemma
method InductiveLemma (line 6693) | public InductiveLemma(IToken tok, string name,
class CoLemma (line 6715) | public class CoLemma : FixpointLemma
method CoLemma (line 6719) | public CoLemma(IToken tok, string name,
class Statement (line 6743) | public abstract class Statement : IAttributeBearingDeclaration
method ObjectInvariant (line 6759) | [ContractInvariantMethod]
method Statement (line 6768) | public Statement(IToken tok, IToken endTok, Attributes attrs) {
method Statement (line 6777) | public Statement(IToken tok, IToken endTok)
class LList (line 6802) | public class LList<T>
method LList (line 6808) | public LList(T d, LList<T> next) {
method Append (line 6813) | public static LList<T> Append(LList<T> a, LList<T> b) {
method Count (line 6818) | public static int Count(LList<T> n) {
class Label (line 6828) | public class Label
method AssignUniqueId (line 6833) | public string AssignUniqueId(FreshIdGenerator idGen)
method Label (line 6841) | public Label(IToken tok, string/*?*/ label) {
class AssertLabel (line 6848) | public class AssertLabel : Label
method AssertLabel (line 6851) | public AssertLabel(IToken tok, string label)
class PredicateStmt (line 6858) | public abstract class PredicateStmt : Statement
method ObjectInvariant (line 6861) | [ContractInvariantMethod]
method PredicateStmt (line 6866) | public PredicateStmt(IToken tok, IToken endTok, Expression expr, Attri...
method PredicateStmt (line 6874) | public PredicateStmt(IToken tok, IToken endTok, Expression expr)
class AssertStmt (line 6889) | public class AssertStmt : PredicateStmt {
method AssertStmt (line 6892) | public AssertStmt(IToken tok, IToken endTok, Expression expr, BlockStm...
method AddCustomizedErrorMessage (line 6907) | public void AddCustomizedErrorMessage(IToken tok, string s) {
class AssumeStmt (line 6915) | public class AssumeStmt : PredicateStmt {
method AssumeStmt (line 6916) | public AssumeStmt(IToken tok, IToken endTok, Expression expr, Attribut...
class PrintStmt (line 6924) | public class PrintStmt : Statement {
method ObjectInvariant (line 6926) | [ContractInvariantMethod]
method PrintStmt (line 6931) | public PrintStmt(IToken tok, IToken endTok, List<Expression> args)
class RevealStmt (line 6949) | public class RevealStmt : Statement
method ObjectInvariant (line 6959) | [ContractInvariantMethod]
method RevealStmt (line 6965) | public RevealStmt(IToken tok, IToken endTok, List<Expression> exprs)
method SingleName (line 6973) | public static string SingleName(Expression e) {
class SomehowStmt (line 6983) | public class SomehowStmt : Statement
method SomehowStmt (line 6989) | public SomehowStmt(IToken tok, IToken endTok, List<Expression> undefin...
class FenceStmt (line 7004) | public class FenceStmt : Statement
method FenceStmt (line 7006) | public FenceStmt(IToken tok, IToken endTok) : base(tok, endTok)
class GotoStmt (line 7013) | public class GotoStmt : Statement
method GotoStmt (line 7018) | public GotoStmt(IToken tok, IToken endTok, string target) : base(tok, ...
class DeallocStmt (line 7027) | public class DeallocStmt : Statement
method DeallocStmt (line 7031) | public DeallocStmt(IToken tok, IToken endTok, Expression addr) : base(...
class BreakStmt (line 7041) | public class BreakStmt : Statement {
method ObjectInvariant (line 7045) | [ContractInvariantMethod]
method BreakStmt (line 7050) | public BreakStmt(IToken tok, IToken endTok, string targetLabel)
method BreakStmt (line 7057) | public BreakStmt(IToken tok, IToken endTok, int breakCount)
class ContinueStmt (line 7066) | public class ContinueStmt : Statement {
method ContinueStmt (line 7067) | public ContinueStmt(IToken tok, IToken endTok)
class ProduceStmt (line 7074) | public abstract class ProduceStmt : Statement
method ProduceStmt (line 7078) | public ProduceStmt(IToken tok, IToken endTok, List<AssignmentRhs> rhss)
class ReturnStmt (line 7110) | public class ReturnStmt : ProduceStmt
method ReturnStmt (line 7113) | public ReturnStmt(IToken tok, IToken endTok, List<AssignmentRhs> rhss)
class YieldStmt (line 7120) | public class YieldStmt : ProduceStmt
method YieldStmt (line 7122) | public YieldStmt(IToken tok, IToken endTok, List<AssignmentRhs> rhss)
class AssignmentRhs (line 7129) | public abstract class AssignmentRhs
method HasAttributes (line 7146) | public bool HasAttributes()
method AssignmentRhs (line 7151) | internal AssignmentRhs(IToken tok, Attributes attrs = null) {
class ExprRhs (line 7174) | public class ExprRhs : AssignmentRhs
method ObjectInvariant (line 7177) | [ContractInvariantMethod]
method ExprRhs (line 7182) | public ExprRhs(Expression expr, Attributes attrs = null) // TODO: the...
class TypeRhs (line 7223) | public class TypeRhs : AssignmentRhs
method ObjectInvariant (line 7246) | [ContractInvariantMethod]
method TypeRhs (line 7256) | public TypeRhs(IToken tok, Type type, List<Expression> arrayDimensions...
method TypeRhs (line 7265) | public TypeRhs(IToken tok, Type type, Expression dim, List<Expression>...
method TypeRhs (line 7275) | public TypeRhs(IToken tok, Type type)
method TypeRhs (line 7282) | public TypeRhs(IToken tok, Type path, List<Expression> arguments, bool...
class HavocRhs (line 7330) | public class HavocRhs : AssignmentRhs {
method HavocRhs (line 7331) | public HavocRhs(IToken tok)
class CreateThreadRhs (line 7338) | public class CreateThreadRhs : AssignmentRhs {
method CreateThreadRhs (line 7339) | public CreateThreadRhs(IToken tok, IToken methodName, List<Expression>...
class MallocRhs (line 7360) | public class MallocRhs : AssignmentRhs {
method MallocRhs (line 7361) | public MallocRhs(IToken tok, Type allocatedType)
class CallocRhs (line 7372) | public class CallocRhs : AssignmentRhs {
method CallocRhs (line 7373) | public CallocRhs(IToken tok, Type allocatedType, Expression count)
class CompareAndSwapRhs (line 7386) | public class CompareAndSwapRhs : AssignmentRhs {
method CompareAndSwapRhs (line 7387) | public CompareAndSwapRhs(IToken tok, Expression target, Expression old...
class AtomicExchangeRhs (line 7410) | public class AtomicExchangeRhs : AssignmentRhs {
method AtomicExchangeRhs (line 7411) | public AtomicExchangeRhs(IToken tok, Expression target, Expression new...
class VarDeclStmt (line 7431) | public class VarDeclStmt : Statement
method ObjectInvariant (line 7436) | [ContractInvariantMethod]
method VarDeclStmt (line 7442) | public VarDeclStmt(IToken tok, IToken endTok, List<LocalVariable> loca...
class LetStmt (line 7471) | public class LetStmt : Statement
method LetStmt (line 7476) | public LetStmt(IToken tok, IToken endTok, CasePattern<LocalVariable> l...
class ConcreteUpdateStatement (line 7503) | public abstract class ConcreteUpdateStatement : Statement
method ConcreteUpdateStatement (line 7506) | public ConcreteUpdateStatement(IToken tok, IToken endTok, List<Express...
class AssignSuchThatStmt (line 7515) | public class AssignSuchThatStmt : ConcreteUpdateStatement
class WiggleWaggleBound (line 7524) | public class WiggleWaggleBound : ComprehensionExpr.BoundedPool
method Preference (line 7527) | public override int Preference() => 1;
method AssignSuchThatStmt (line 7534) | public AssignSuchThatStmt(IToken tok, IToken endTok, List<Expression> ...
class UpdateStmt (line 7557) | public class UpdateStmt : ConcreteUpdateStatement
method ObjectInvariant (line 7568) | [ContractInvariantMethod]
method UpdateStmt (line 7574) | public UpdateStmt(IToken tok, IToken endTok, List<Expression> lhss, Li...
class AssignOrReturnStmt (line 7588) | public class AssignOrReturnStmt : ConcreteUpdateStatement
method ObjectInvariant (line 7596) | [ContractInvariantMethod]
method AssignOrReturnStmt (line 7606) | public AssignOrReturnStmt(IToken tok, IToken endTok, List<Expression> ...
class AssignStmt (line 7618) | public class AssignStmt : Statement {
method ObjectInvariant (line 7621) | [ContractInvariantMethod]
method AssignStmt (line 7627) | public AssignStmt(IToken tok, IToken endTok, Expression lhs, Assignmen...
method LhsIsToGhost (line 7658) | public static bool LhsIsToGhost(Expression lhs) {
type NonGhostKind (line 7662) | public enum NonGhostKind { IsGhost, Variable, Field, ArrayElement }
method NonGhostKind_To_String (line 7663) | public static string NonGhostKind_To_String(NonGhostKind gk) {
method LhsIsToGhost_Which (line 7677) | public static NonGhostKind LhsIsToGhost_Which(Expression lhs) {
class LocalVariable (line 7698) | public class LocalVariable : IVariable, IAttributeBearingDeclaration {
method ObjectInvariant (line 7705) | [ContractInvariantMethod]
method LocalVariable (line 7711) | public LocalVariable(IToken tok, IToken endTok, string name, Type type...
method HasWildcardName (line 7734) | public static bool HasWildcardName(IVariable v) {
method DisplayNameHelper (line 7738) | public static string DisplayNameHelper(IVariable v) {
method AssignUniqueName (line 7756) | public string AssignUniqueName(FreshIdGenerator generator)
method MakeGhost (line 7799) | public void MakeGhost() {
class CallStmt (line 7812) | public class CallStmt : Statement {
method ObjectInvariant (line 7813) | [ContractInvariantMethod]
method CallStmt (line 7827) | public CallStmt(IToken tok, IToken endTok, List<Expression> lhs, Membe...
class CommitStmt (line 7855) | public class CommitStmt : Statement {
method CommitStmt (line 7857) | public CommitStmt(IToken tok, IToken endTok, [Captured] Statement body)
class JoinStmt (line 7868) | public class JoinStmt : Statement {
method JoinStmt (line 7870) | public JoinStmt(IToken tok, IToken endTok, Expression whichThread)
class BlockStmt (line 7885) | public class BlockStmt : Statement {
method BlockStmt (line 7887) | public BlockStmt(IToken tok, IToken endTok, [Captured] List<Statement>...
method AppendStmt (line 7899) | public virtual void AppendStmt(Statement s) {
class DividedBlockStmt (line 7905) | public class DividedBlockStmt : BlockStmt
method DividedBlockStmt (line 7910) | public DividedBlockStmt(IToken tok, IToken endTok, List<Statement> bod...
method AppendStmt (line 7920) | public override void AppendStmt(Statement s) {
class ExplicitYieldBlockStmt (line 7926) | public class ExplicitYieldBlockStmt : BlockStmt {
method ExplicitYieldBlockStmt (line 7927) | public ExplicitYieldBlockStmt(IToken tok, IToken endTok, [Captured] Li...
class IfStmt (line 7932) | public class IfStmt : Statement {
method ObjectInvariant (line 7938) | [ContractInvariantMethod]
method IfStmt (line 7944) | public IfStmt(IToken tok, IToken endTok, bool isBindingGuard, Expressi...
class GuardedAlternative (line 7974) | public class GuardedAlternative
method ObjectInvariant (line 7980) | [ContractInvariantMethod]
method GuardedAlternative (line 7987) | public GuardedAlternative(IToken tok, bool isBindingGuard, Expression ...
class AlternativeStmt (line 8000) | public class AlternativeStmt : Statement
method ObjectInvariant (line 8004) | [ContractInvariantMethod]
method AlternativeStmt (line 8008) | public AlternativeStmt(IToken tok, IToken endTok, List<GuardedAlternat...
class LoopStmt (line 8035) | public abstract class LoopStmt : Statement
method ObjectInvariant (line 8041) | [ContractInvariantMethod]
method LoopStmt (line 8047) | public LoopStmt(IToken tok, IToken endTok, List<MaybeFreeExpression> i...
class WhileStmt (line 8087) | public class WhileStmt : LoopStmt
method WhileStmt (line 8093) | public WhileStmt(IToken tok, IToken endTok, Expression guard, List<May...
class RefinedWhileStmt (line 8126) | public class RefinedWhileStmt : WhileStmt
method RefinedWhileStmt (line 8128) | public RefinedWhileStmt(IToken tok, IToken endTok, Expression guard,
class AlternativeLoopStmt (line 8138) | public class AlternativeLoopStmt : LoopStmt
method ObjectInvariant (line 8142) | [ContractInvariantMethod]
method AlternativeLoopStmt (line 8146) | public AlternativeLoopStmt(IToken tok, IToken endTok,
class ForallStmt (line 8175) | public class ForallStmt : Statement
type BodyKind (line 8204) | public enum BodyKind { Assign, Call, Proof }
method ObjectInvariant (line 8207) | [ContractInvariantMethod]
method ForallStmt (line 8215) | public ForallStmt(IToken tok, IToken endTok, List<BoundVar> boundVars,...
method UncompilableBoundVars (line 8272) | public List<BoundVar> UncompilableBoundVars() {
class ModifyStmt (line 8279) | public class ModifyStmt : Statement
method ModifyStmt (line 8284) | public ModifyStmt(IToken tok, IToken endTok, List<FrameExpression> mod...
class CalcStmt (line 8312) | public class CalcStmt : Statement
class CalcOp (line 8314) | public abstract class CalcOp {
method ResultOp (line 8319) | [Pure]
method StepExpr (line 8325) | [Pure]
class BinaryCalcOp (line 8329) | public class BinaryCalcOp : CalcOp {
method ObjectInvariant (line 8332) | [ContractInvariantMethod]
method ValidOp (line 8341) | [Pure]
method LogicOp (line 8353) | [Pure]
method BinaryCalcOp (line 8358) | public BinaryCalcOp(BinaryExpr.Opcode op) {
method Subsumes (line 8366) | private bool Subsumes(BinaryCalcOp other) {
method ResultOp (line 8384) | public override CalcOp ResultOp(CalcOp other) {
method StepExpr (line 8401) | public override Expression StepExpr(Expression line0, Expression line1)
method ToString (line 8411) | public override string ToString()
class TernaryCalcOp (line 8418) | public class TernaryCalcOp : CalcOp {
method ObjectInvariant (line 8421) | [ContractInvariantMethod]
method TernaryCalcOp (line 8427) | public TernaryCalcOp(Expression idx) {
method ResultOp (line 8432) | public override CalcOp ResultOp(CalcOp other) {
method StepExpr (line 8449) | public override Expression StepExpr(Expression line0, Expression line1)
method ToString (line 8454) | public override string ToString()
method ObjectInvariant (line 8471) | [ContractInvariantMethod]
method CalcStmt (line 8485) | public CalcStmt(IToken tok, IToken endTok, CalcOp userSuppliedOp, List...
method Lhs (line 8549) | public static Expression Lhs(Expression step)
method Rhs (line 8563) | public static Expression Rhs(Expression step)
class MatchStmt (line 8574) | public class MatchStmt : Statement
method ObjectInvariant (line 8576) | [ContractInvariantMethod]
method MatchStmt (line 8589) | public MatchStmt(IToken tok, IToken endTok, Expression source, [Captur...
method UpdateSource (line 8609) | public void UpdateSource(Expression source) {
method UpdateCases (line 8613) | public void UpdateCases(List<MatchCaseStmt> cases) {
class MatchCaseStmt (line 8634) | public class MatchCaseStmt : MatchCase
method ObjectInvariant (line 8638) | [ContractInvariantMethod]
method MatchCaseStmt (line 8643) | public MatchCaseStmt(IToken tok, string id, [Captured] List<BoundVar> ...
method MatchCaseStmt (line 8653) | public MatchCaseStmt(IToken tok, string id, [Captured] List<CasePatter...
method UpdateBody (line 8667) | public void UpdateBody(List<Statement> body) {
class SkeletonStatement (line 8692) | public class SkeletonStatement : Statement
method SkeletonStatement (line 8701) | public SkeletonStatement(IToken tok, IToken endTok)
method SkeletonStatement (line 8708) | public SkeletonStatement(Statement s, IToken conditionEllipsis, IToken...
method SkeletonStatement (line 8716) | public SkeletonStatement(IToken tok, IToken endTok, List<IToken> nameR...
class TokenWrapper (line 8741) | public abstract class TokenWrapper : IToken
method TokenWrapper (line 8744) | protected TokenWrapper(IToken wrappedToken) {
class NestedToken (line 8778) | public class NestedToken : TokenWrapper
method NestedToken (line 8780) | public NestedToken(IToken outer, IToken inner)
class IncludeToken (line 8796) | public class IncludeToken : TokenWrapper
method IncludeToken (line 8799) | public IncludeToken(Include include, IToken wrappedToken)
class Expression (line 8812) | [DebuggerDisplay("{Printer.ExprToString(this)}")]
method ObjectInvariant (line 8816) | [ContractInvariantMethod]
method WasResolved (line 8821) | [Pure]
method ResetTypeAssignment (line 8867) | public void ResetTypeAssignment() {
method DebugTest_ChangeType (line 8872) | public void DebugTest_ChangeType(Type ty) {
method Expression (line 8879) | public Expression(IToken tok) {
method Conjuncts (line 8899) | public static IEnumerable<Expression> Conjuncts(Expression expr) {
method CreateAdd (line 8922) | public static Expression CreateAdd(Expression e0, Expression e1) {
method CreateMul (line 8938) | public static Expression CreateMul(Expression e0, Expression e1) {
method CreateSubtract_TypeConvert (line 8955) | public static Expression CreateSubtract_TypeConvert(Expression e0, Exp...
method CastIfNeeded (line 8969) | private static Expression CastIfNeeded(Expression expr, Type toType) {
method CreateSubtract (line 8982) | public static Expression CreateSubtract(Expression e0, Expression e1) {
method CreateIncrement (line 9001) | public static Expression CreateIncrement(Expression e, int n) {
method CreateDecrement (line 9017) | public static Expression CreateDecrement(Expression e, int n) {
method CreateIntLiteral (line 9032) | public static Expression CreateIntLiteral(IToken tok, int n) {
method CreateRealLiteral (line 9047) | public static Expression CreateRealLiteral(IToken tok, BaseTypes.BigDe...
method CreateNatLiteral (line 9057) | public static Expression CreateNatLiteral(IToken tok, int n, Type ty) {
method CreateBoolLiteral (line 9069) | public static Expression CreateBoolLiteral(IToken tok, bool b) {
method StripParens (line 9080) | public static Expression StripParens(Expression expr) {
method AsThis (line 9090) | public static ThisExpr AsThis(Expression expr) {
method IsBoolLiteral (line 9100) | public static bool IsBoolLiteral(Expression expr, out bool value) {
method IsEmptySetOrMultiset (line 9116) | public static bool IsEmptySetOrMultiset(Expression expr) {
method CreateNot (line 9123) | public static Expression CreateNot(IToken tok, Expression e) {
method CreateLess (line 9134) | public static Expression CreateLess(Expression e0, Expression e1) {
method CreateAtMost (line 9150) | public static Expression CreateAtMost(Expression e0, Expression e1) {
method CreateEq (line 9163) | public static Expression CreateEq(Expression e0, Expression e1, Type t...
method CreateAnd (line 9186) | public static Expression CreateAnd(Expression a, Expression b) {
method CreateImplies (line 9206) | public static Expression CreateImplies(Expression a, Expression b) {
method CreateITE (line 9224) | public static Expression CreateITE(Expression test, Expression e0, Exp...
method CreateMatchCase (line 9238) | public static MatchCaseExpr CreateMatchCase(MatchCaseExpr old_case, Ex...
method CreateMatch (line 9256) | public static Expression CreateMatch(IToken tok, Expression src, List<...
method CreateLet (line 9266) | public static Expression CreateLet(IToken tok, List<CasePattern<BoundV...
method CreateQuantifier (line 9290) | public static Expression CreateQuantifier(QuantifierExpr expr, bool fo...
method CreateIdentExpr (line 9317) | public static Expression CreateIdentExpr(IVariable v) {
method VarSubstituter (line 9325) | public static Expression VarSubstituter(List<NonglobalVariable> oldVar...
method AsStringLiteral (line 9349) | public string AsStringLiteral() {
class StaticReceiverExpr (line 9359) | public class StaticReceiverExpr : LiteralExpr
method StaticReceiverExpr (line 9364) | public StaticReceiverExpr(IToken tok, Type t, bool isImplicit)
method StaticReceiverExpr (line 9376) | public StaticReceiverExpr(IToken tok, TopLevelDeclWithMembers cl, bool...
method StaticReceiverExpr (line 9401) | public StaticReceiverExpr(IToken tok, UserDefinedType t, TopLevelDeclW...
class LiteralExpr (line 9425) | public class LiteralExpr : Expression {
method IsTrue (line 9448) | [Pure]
method LiteralExpr (line 9459) | public LiteralExpr(IToken tok)
method LiteralExpr (line 9465) | public LiteralExpr(IToken tok, BigInteger n)
method LiteralExpr (line 9472) | public LiteralExpr(IToken tok, BaseTypes.BigDec n)
method LiteralExpr (line 9479) | public LiteralExpr(IToken tok, int n)
method LiteralExpr (line 9486) | public LiteralExpr(IToken tok, bool b)
method LiteralExpr (line 9497) | protected LiteralExpr(IToken tok, string s)
class CharLiteralExpr (line 9505) | public class CharLiteralExpr : LiteralExpr
method CharLiteralExpr (line 9507) | public CharLiteralExpr(IToken tok, string s)
class StringLiteralExpr (line 9513) | public class StringLiteralExpr : LiteralExpr
method StringLiteralExpr (line 9516) | public StringLiteralExpr(IToken tok, string s, bool isVerbatim)
class DatatypeValue (line 9523) | public class DatatypeValue : Expression {
method ObjectInvariant (line 9530) | [ContractInvariantMethod]
method DatatypeValue (line 9539) | public DatatypeValue(IToken tok, string datatypeName, string memberNam...
class ThisExpr (line 9555) | public class ThisExpr : Expression {
method ThisExpr (line 9556) | public ThisExpr(IToken tok)
class MeExpr (line 9562) | public class MeExpr : Expression {
method MeExpr (line 9563) | public MeExpr(IToken tok) : base(tok) {
class StoreBufferEmptyExpr (line 9568) | public class StoreBufferEmptyExpr : Expression {
method StoreBufferEmptyExpr (line 9569) | public StoreBufferEmptyExpr(IToken tok) : base(tok) {
class TotalStateExpr (line 9574) | public class TotalStateExpr : Expression {
method TotalStateExpr (line 9575) | public TotalStateExpr(IToken tok) : base(tok) {
class IfUndefinedExpr (line 9580) | public class IfUndefinedExpr : Expression {
method IfUndefinedExpr (line 9583) | public IfUndefinedExpr(IToken tok, Expression potentiallyUnsafe, Expre...
class ExpressionPair (line 9590) | public class ExpressionPair {
method ExpressionPair (line 9592) | public ExpressionPair(Expression a, Expression b) {
class ImplicitThisExpr (line 9600) | public class ImplicitThisExpr : ThisExpr {
method ImplicitThisExpr (line 9601) | public ImplicitThisExpr(IToken tok)
class ImplicitThisExpr_ConstructorCall (line 9617) | public class ImplicitThisExpr_ConstructorCall : ImplicitThisExpr
method ImplicitThisExpr_ConstructorCall (line 9619) | public ImplicitThisExpr_ConstructorCall(IToken tok)
class IdentifierExpr (line 9625) | public class IdentifierExpr : Expression
method ObjectInvariant (line 9627) | [ContractInvariantMethod]
method IdentifierExpr (line 9635) | public IdentifierExpr(IToken tok, string name)
method IdentifierExpr (line 9644) | public IdentifierExpr(IToken tok, IVariable v)
class AutoGhostIdentifierExpr (line 9660) | public class AutoGhostIdentifierExpr : IdentifierExpr
method AutoGhostIdentifierExpr (line 9662) | public AutoGhostIdentifierExpr(IToken tok, string name)
class Resolver_IdentifierExpr (line 9669) | class Resolver_IdentifierExpr : Expression
method ObjectInvariant (line 9676) | [ContractInvariantMethod]
class ResolverType (line 9684) | public abstract class ResolverType : Type
class ResolverType_Module (line 9687) | public class ResolverType_Module : ResolverType
method TypeName (line 9689) | [Pure]
method Equals (line 9694) | public override bool Equals(Type that) {
class ResolverType_Type (line 9698) | public class ResolverType_Type : ResolverType {
method TypeName (line 9699) | [Pure]
method Equals (line 9704) | public override bool Equals(Type that) {
method Resolver_IdentifierExpr (line 9709) | public Resolver_IdentifierExpr(IToken tok, TopLevelDecl decl, List<Typ...
method Resolver_IdentifierExpr (line 9718) | public Resolver_IdentifierExpr(IToken tok, TypeParameter tp)
class DisplayExpression (line 9727) | public abstract class DisplayExpression : Expression {
method ObjectInvariant (line 9729) | [ContractInvariantMethod]
method DisplayExpression (line 9734) | public DisplayExpression(IToken tok, List<Expression> elements)
class SetDisplayExpr (line 9745) | public class SetDisplayExpr : DisplayExpression {
method SetDisplayExpr (line 9747) | public SetDisplayExpr(IToken tok, bool finite, List<Expression> elements)
class MultiSetDisplayExpr (line 9755) | public class MultiSetDisplayExpr : DisplayExpression {
method MultiSetDisplayExpr (line 9756) | public MultiSetDisplayExpr(IToken tok, List<Expression> elements) : ba...
class MapDisplayExpr (line 9762) | public class MapDisplayExpr : Expression {
method MapDisplayExpr (line 9765) | public MapDisplayExpr(IToken tok, bool finite, List<ExpressionPair> el...
class SeqDisplayExpr (line 9781) | public class SeqDisplayExpr : DisplayExpression {
method SeqDisplayExpr (line 9782) | public SeqDisplayExpr(IToken tok, List<Expression> elements)
class MemberSelectExpr (line 9789) | public class MemberSelectExpr : Expression {
method TypeArgumentSubstitutions (line 9795) | public Dictionary<TypeParameter, Type> TypeArgumentSubstitutions() {
method ObjectInvariant (line 9817) | [ContractInvariantMethod]
method MemberSelectExpr (line 9824) | public MemberSelectExpr(IToken tok, Expression obj, string memberName)
method MemberSelectExpr (line 9836) | public MemberSelectExpr(IToken tok, Expression obj, Field field)
method MemberSelectCase (line 9863) | public void MemberSelectCase(Action<Field> fieldK, Action<Function> fu...
method MemberSelectCase (line 9875) | public A MemberSelectCase<A>(Func<Field,A> fieldK, Func<Function,A> fu...
class SeqSelectExpr (line 9891) | public class SeqSelectExpr : Expression {
method ObjectInvariant (line 9896) | [ContractInvariantMethod]
method SeqSelectExpr (line 9902) | public SeqSelectExpr(IToken tok, bool selectOne, Expression seq, Expre...
class MultiSelectExpr (line 9923) | public class MultiSelectExpr : Expression {
method ObjectInvariant (line 9926) | [ContractInvariantMethod]
method MultiSelectExpr (line 9933) | public MultiSelectExpr(IToken tok, Expression array, List<Expression> ...
class SeqUpdateExpr (line 9962) | public class SeqUpdateExpr : Expression {
method ObjectInvariant (line 9967) | [ContractInvariantMethod]
method SeqUpdateExpr (line 9974) | public SeqUpdateExpr(IToken tok, Expression seq, Expression index, Exp...
class ApplyExpr (line 10004) | public class ApplyExpr : Expression {
method ApplyExpr (line 10020) | public ApplyExpr(IToken tok, Expression fn, List<Expression> args)
class RevealExpr (line 10028) | public class RevealExpr : Expression
method RevealExpr (line 10041) | public RevealExpr(IToken tok, Expression expr)
class FunctionCallExpr (line 10048) | public class FunctionCallExpr : Expression {
type CoCallResolution (line 10054) | public enum CoCallResolution {
method ObjectInvariant (line 10066) | [ContractInvariantMethod]
method FunctionCallExpr (line 10083) | [Captured]
class SeqConstructionExpr (line 10111) | public class SeqConstructionExpr : Expression
method SeqConstructionExpr (line 10115) | public SeqConstructionExpr(IToken tok, Expression length, Expression i...
class MultiSetFormingExpr (line 10131) | public class MultiSetFormingExpr : Expression
method ObjectInvariant (line 10135) | [ContractInvariantMethod]
method MultiSetFormingExpr (line 10140) | [Captured]
class OldExpr (line 10154) | public class OldExpr : Expression
method ObjectInvariant (line 10160) | [ContractInvariantMethod]
method OldExpr (line 10165) | [Captured]
class UnchangedExpr (line 10180) | public class UnchangedExpr : Expression
method ObjectInvariant (line 10185) | [ContractInvariantMethod]
method UnchangedExpr (line 10190) | public UnchangedExpr(IToken tok, List<FrameExpression> frame, string/*...
class UnaryExpr (line 10207) | public abstract class UnaryExpr : Expression
method ObjectInvariant (line 10210) | [ContractInvariantMethod]
method UnaryExpr (line 10215) | public UnaryExpr(IToken tok, Expression e)
class UnaryOpExpr (line 10227) | public class UnaryOpExpr : UnaryExpr
type Opcode (line 10229) | public enum Opcode {
method UnaryOpExpr (line 10242) | public UnaryOpExpr(IToken tok, Opcode op, Expression e)
class ConversionExpr (line 10250) | public class ConversionExpr : UnaryExpr
method ConversionExpr (line 10253) | public ConversionExpr(IToken tok, Expression expr, Type toType)
class BinaryExpr (line 10262) | public class BinaryExpr : Expression
type Opcode (line 10264) | public enum Opcode {
type ResolvedOpcode (line 10291) | public enum ResolvedOpcode {
method IsEqualityOp (line 10383) | public static bool IsEqualityOp(ResolvedOpcode op) {
method ResolvedOp2SyntacticOp (line 10396) | public static Opcode ResolvedOp2SyntacticOp(ResolvedOpcode rop) {
method OpcodeString (line 10499) | public static string OpcodeString(Opcode op) {
method ObjectInvariant (line 10558) | [ContractInvariantMethod]
method BinaryExpr (line 10565) | public BinaryExpr(IToken tok, Opcode op, Expression e0, Expression e1)
method BinaryExpr (line 10578) | public BinaryExpr(Boogie.IToken tok, BinaryExpr.ResolvedOpcode rop, Ex...
class TernaryExpr (line 10592) | public class TernaryExpr : Expression
type Opcode (line 10598) | public enum Opcode { /*SOON: IfOp,*/ PrefixEqOp, PrefixNeqOp }
method TernaryExpr (line 10600) | public TernaryExpr(IToken tok, Opcode op, Expression e0, Expression e1...
class LetExpr (line 10621) | public class LetExpr : Expression, IAttributeBearingDeclaration
method setTranslationDesugaring (line 10633) | public void setTranslationDesugaring(Translator trans, Expression expr){
method getTranslationDesugaring (line 10638) | public Expression getTranslationDesugaring(Translator trans) {
method LetExpr (line 10646) | public LetExpr(IToken tok, List<CasePattern<BoundVar>> lhss, List<Expr...
class LetOrFailExpr (line 10676) | public class LetOrFailExpr : ConcreteSyntaxExpression
method LetOrFailExpr (line 10682) | public LetOrFailExpr(IToken tok, CasePattern<BoundVar>/*?*/ lhs, Expre...
class NamedExpr (line 10691) | public class NamedExpr : Expression
method NamedExpr (line 10698) | public NamedExpr(IToken tok, string p, Expression body)
method NamedExpr (line 10703) | public NamedExpr(IToken tok, string p, Expression body, Expression con...
class ComprehensionExpr (line 10726) | public abstract class ComprehensionExpr : Expression, IAttributeBearingD...
method UpdateTerm (line 10733) | public void UpdateTerm(Expression newTerm) {
method ObjectInvariant (line 10737) | [ContractInvariantMethod]
class BoundedPool (line 10745) | public abstract class BoundedPool {
type PoolVirtues (line 10746) | [Flags]
method Preference (line 10782) | public abstract int Preference();
method GetBest (line 10784) | public static BoundedPool GetBest(List<BoundedPool> bounds, PoolVirt...
method MissingBounds (line 10797) | public static List<VT> MissingBounds<VT>(List<VT> vars, List<Bounded...
method HasBounds (line 10810) | public static List<bool> HasBounds(List<BoundedPool> bounds, PoolVir...
method CombineIntegerBounds (line 10816) | static List<BoundedPool> CombineIntegerBounds(List<BoundedPool> boun...
class ExactBoundedPool (line 10844) | public class ExactBoundedPool : BoundedPool
method ExactBoundedPool (line 10847) | public ExactBoundedPool(Expression e) {
method Preference (line 10852) | public override int Preference() => 15;
class BoolBoundedPool (line 10854) | public class BoolBoundedPool : BoundedPool
method Preference (line 10857) | public override int Preference() => 14;
class CharBoundedPool (line 10859) | public class CharBoundedPool : BoundedPool
method Preference (line 10862) | public override int Preference() => 5;
class AllocFreeBoundedPool (line 10864) | public class AllocFreeBoundedPool : BoundedPool
method AllocFreeBoundedPool (line 10867) | public AllocFreeBoundedPool(Type t) {
method Preference (line 10879) | public override int Preference() => 0;
class ExplicitAllocatedBoundedPool (line 10881) | public class ExplicitAllocatedBoundedPool : BoundedPool
method ExplicitAllocatedBoundedPool (line 10883) | public ExplicitAllocatedBoundedPool() {
method Preference (line 10886) | public override int Preference() => 0;
class SpecialAllocIndependenceAllocatedBoundedPool (line 10888) | public class SpecialAllocIndependenceAllocatedBoundedPool : BoundedPool
method SpecialAllocIndependenceAllocatedBoundedPool (line 10890) | public SpecialAllocIndependenceAllocatedBoundedPool() {
method Preference (line 10893) | public override int Preference() => 0;
class IntBoundedPool (line 10895) | public class IntBoundedPool : BoundedPool
method IntBoundedPool (line 10899) | public IntBoundedPool(Expression lowerBound, Expression upperBound) {
method Preference (line 10913) | public override int Preference() => LowerBound != null && UpperBound...
class CollectionBoundedPool (line 10915) | public abstract class CollectionBoundedPool : BoundedPool
method CollectionBoundedPool (line 10919) | public CollectionBoundedPool(bool exactTypes, bool isFiniteCollectio...
method Preference (line 10935) | public override int Preference() => 10;
class SetBoundedPool (line 10937) | public class SetBoundedPool : CollectionBoundedPool
method SetBoundedPool (line 10940) | public SetBoundedPool(Expression set, bool exactTypes, bool isFinite...
class SubSetBoundedPool (line 10942) | public class SubSetBoundedPool : BoundedPool
method SubSetBoundedPool (line 10946) | public SubSetBoundedPool(Expression set, bool isFiniteCollection) {
method Preference (line 10960) | public override int Preference() => 3;
class SuperSetBoundedPool (line 10962) | public class SuperSetBoundedPool : BoundedPool
method SuperSetBoundedPool (line 10965) | public SuperSetBoundedPool(Expression set) { LowerBound = set; }
method Preference (line 10966) | public override int Preference() => 2;
class MultiSetBoundedPool (line 10977) | public class MultiSetBoundedPool : CollectionBoundedPool
method MultiSetBoundedPool (line 10980) | public MultiSetBoundedPool(Expression multiset, bool exactTypes) : b...
class MapBoundedPool (line 10982) | public class MapBoundedPool : CollectionBoundedPool
method MapBoundedPool (line 10985) | public MapBoundedPool(Expression map, bool exactTypes, bool isFinite...
class SeqBoundedPool (line 10987) | public class SeqBoundedPool : CollectionBoundedPool
method SeqBoundedPool (line 10990) | public SeqBoundedPool(Expression seq, bool exactTypes) : base(exactT...
class DatatypeBoundedPool (line 10992) | public class DatatypeBoundedPool : BoundedPool
method DatatypeBoundedPool (line 10995) | public DatatypeBoundedPool(DatatypeDecl d) { Decl = d; }
method Preference (line 10997) | public override int Preference() => 8;
class DatatypeInclusionBoundedPool (line 10999) | public class DatatypeInclusionBoundedPool : BoundedPool
method DatatypeInclusionBoundedPool (line 11002) | public DatatypeInclusionBoundedPool(bool isIndDatatype) : base() { I...
method Preference (line 11004) | public override int Preference() => 2;
method UncompilableBoundVars (line 11010) | public List<BoundVar> UncompilableBoundVars() {
method ComprehensionExpr (line 11016) | public ComprehensionExpr(IToken tok, List<BoundVar> bvars, Expression ...
class QuantifierExpr (line 11039) | public abstract class QuantifierExpr : ComprehensionExpr, TypeParameter....
method SplitQuantifierToExpression (line 11046) | private Expression SplitQuantifierToExpression() {
method FreshQuantId (line 11069) | static int FreshQuantId() {
method Refresh (line 11079) | public String Refresh(string prefix, FreshIdGenerator idGen) {
method Refresh (line 11083) | public TypeParameter Refresh(TypeParameter p, FreshIdGenerator idGen) {
method ObjectInvariant (line 11088) | [ContractInvariantMethod]
method QuantifierExpr (line 11093) | public QuantifierExpr(IToken tok, List<TypeParameter> tvars, List<Boun...
method LogicalBody (line 11102) | public virtual Expression LogicalBody(bool bypassSplitQuantifier = fal...
class ForallExpr (line 11126) | public class ForallExpr : QuantifierExpr {
method ForallExpr (line 11129) | public ForallExpr(IToken tok, List<BoundVar> bvars, Expression range, ...
method ForallExpr (line 11135) | public ForallExpr(IToken tok, List<TypeParameter> tvars, List<BoundVar...
method LogicalBody (line 11141) | public override Expression LogicalBody(bool bypassSplitQuantifier = fa...
class ExistsExpr (line 11152) | public class ExistsExpr : QuantifierExpr {
method ExistsExpr (line 11155) | public ExistsExpr(IToken tok, List<BoundVar> bvars, Expression range, ...
method ExistsExpr (line 11161) | public ExistsExpr(IToken tok, List<TypeParameter> tvars, List<BoundVar...
method LogicalBody (line 11167) | public override Expression LogicalBody(bool bypassSplitQuantifier = fa...
class SetComprehension (line 11178) | public class SetComprehension : ComprehensionExpr
method SetComprehension (line 11192) | public SetComprehension(IToken tok, bool finite, List<BoundVar> bvars,...
class MapComprehension (line 11204) | public class MapComprehension : ComprehensionExpr
method MapComprehension (line 11211) | public MapComprehension(IToken tok, bool finite, List<BoundVar> bvars,...
class LambdaExpr (line 11261) | public class LambdaExpr : ComprehensionExpr
method LambdaExpr (line 11265) | public LambdaExpr(IToken tok, List<BoundVar> bvars, Expression require...
class WildcardExpr (line 11294) | public class WildcardExpr : Expression
method WildcardExpr (line 11296) | public WildcardExpr(IToken tok)
class StmtExpr (line 11307) | public class StmtExpr : Expression
method ObjectInvariant (line 11311) | [ContractInvariantMethod]
method StmtExpr (line 11317) | public StmtExpr(IToken tok, Statement stmt, Expression expr)
method GetSConclusion (line 11339) | public Expression GetSConclusion() {
class ITEExpr (line 11355) | public class ITEExpr : Expression
method ObjectInvariant (line 11361) | [ContractInvariantMethod]
method ITEExpr (line 11368) | public ITEExpr(IToken tok, bool isBindingGuard, Expression test, Expre...
class MatchExpr (line 11389) | public class MatchExpr : Expression { // a MatchExpr is an "extended ex...
method ObjectInvariant (line 11396) | [ContractInvariantMethod]
method MatchExpr (line 11403) | public MatchExpr(IToken tok, Expression source, [Captured] List<MatchC...
method UpdateSource (line 11422) | public void UpdateSource(Expression source) {
method UpdateCases (line 11426) | public void UpdateCases(List<MatchCaseExpr> cases) {
class CasePattern (line 11449) | public class CasePattern<VT> where VT : IVariable
method CasePattern (line 11460) | public CasePattern(IToken tok, string id, [Captured] List<CasePattern<...
method CasePattern (line 11468) | public CasePattern(IToken tok, VT bv) {
method AssembleExpr (line 11480) | public void AssembleExpr(List<Type> dtvTypeArgs) {
class MatchCase (line 11511) | public abstract class MatchCase
method ObjectInvariant (line 11518) | [ContractInvariantMethod]
method MatchCase (line 11525) | public MatchCase(IToken tok, string id, [Captured] List<BoundVar> argu...
method MatchCase (line 11534) | public MatchCase(IToken tok, string id, [Captured] List<CasePattern<Bo...
class MatchCaseExpr (line 11544) | public class MatchCaseExpr : MatchCase
method ObjectInvariant (line 11547) | [ContractInvariantMethod]
method MatchCaseExpr (line 11552) | public MatchCaseExpr(IToken tok, string id, [Captured] List<BoundVar> ...
method MatchCaseExpr (line 11561) | public MatchCaseExpr(IToken tok, string id, [Captured] List<CasePatter...
method UpdateBody (line 11576) | public void UpdateBody(Expression body) {
class BoxingCastExpr (line 11581) | public class BoxingCastExpr : Expression { // a BoxingCastExpr is used ...
method ObjectInvariant (line 11585) | [ContractInvariantMethod]
method BoxingCastExpr (line 11592) | public BoxingCastExpr(Expression e, Type fromType, Type toType)
class UnboxingCastExpr (line 11608) | public class UnboxingCastExpr : Expression { // an UnboxingCastExpr is ...
method ObjectInvariant (line 11612) | [ContractInvariantMethod]
method UnboxingCastExpr (line 11619) | public UnboxingCastExpr(Expression e, Type fromType, Type toType)
class MaybeFreeExpression (line 11636) | public class MaybeFreeExpression {
method ObjectInvariant (line 11641) | [ContractInvariantMethod]
method HasAttributes (line 11656) | public bool HasAttributes() {
method MaybeFreeExpression (line 11660) | public MaybeFreeExpression(Expression e)
method MaybeFreeExpression (line 11666) | public MaybeFreeExpression(Expression e, bool isFree)
method MaybeFreeExpression (line 11672) | public MaybeFreeExpression(Expression e, bool isFree, Attributes attrs) {
method MaybeFreeExpression (line 11679) | public MaybeFreeExpression(Expression e, bool isFree, AssertLabel/*?*/...
method AddCustomizedErrorMessage (line 11687) | public void AddCustomizedErrorMessage(IToken tok, string s) {
class FrameExpression (line 11696) | public class FrameExpression {
method ObjectInvariant (line 11699) | [ContractInvariantMethod]
method FrameExpression (line 11712) | public FrameExpression(IToken tok, Expression e, string fieldName) {
class ConcreteSyntaxExpression (line 11726) | public abstract class ConcreteSyntaxExpression : Expression
method ConcreteSyntaxExpression (line 11729) | public ConcreteSyntaxExpression(IToken tok)
class ParensExpression (line 11741) | public class ParensExpression : ConcreteSyntaxExpression
method ParensExpression (line 11744) | public ParensExpression(IToken tok, Expression e)
class TypeExpr (line 11750) | public class TypeExpr : ParensExpression
method TypeExpr (line 11753) | public TypeExpr(IToken tok, Expression e, Type t)
method MaybeTypeExpr (line 11760) | public static Expression MaybeTypeExpr(Expression e, Type t) {
class DatatypeUpdateExpr (line 11769) | public class DatatypeUpdateExpr : ConcreteSyntaxExpression
method DatatypeUpdateExpr (line 11774) | public DatatypeUpdateExpr(IToken tok, Expression root, List<Tuple<ITok...
class AutoGeneratedExpression (line 11808) | public class AutoGeneratedExpression : ParensExpression
method AutoGeneratedExpression (line 11810) | public AutoGeneratedExpression(IToken tok, Expression e)
method Create (line 11820) | public static AutoGeneratedExpression Create(Expression e) {
class NegationExpression (line 11833) | public class NegationExpression : ConcreteSyntaxExpression
method NegationExpression (line 11836) | public NegationExpression(IToken tok, Expression e)
class ChainingExpression (line 11856) | public class ChainingExpression : ConcreteSyntaxExpression
method ChainingExpression (line 11863) | public ChainingExpression(IToken tok, List<Expression> operands, List<...
class SuffixExpr (line 11947) | abstract public class SuffixExpr : ConcreteSyntaxExpression {
method SuffixExpr (line 11949) | public SuffixExpr(IToken tok, Expression lhs)
class NameSegment (line 11957) | public class NameSegment : ConcreteSyntaxExpression
method NameSegment (line 11961) | public NameSegment(IToken tok, string name, List<Type> optTypeArguments)
class ExprDotName (line 11974) | public class ExprDotName : SuffixExpr
method ObjectInvariant (line 11979) | [ContractInvariantMethod]
method ExprDotName (line 11984) | public ExprDotName(IToken tok, Expression obj, string suffixName, List...
class ApplySuffix (line 11997) | public class ApplySuffix : SuffixExpr
method ObjectInvariant (line 12001) | [ContractInvariantMethod]
method ApplySuffix (line 12006) | public ApplySuffix(IToken tok, Expression lhs, List<Expression> args)
class Specification (line 12015) | public class Specification<T> where T : class
method ObjectInvariant (line 12019) | [ContractInvariantMethod]
method Specification (line 12026) | public Specification(List<T> exprs, Attributes attrs)
method HasAttributes (line 12046) | public bool HasAttributes()
class BottomUpVisitor (line 12052) | public class BottomUpVisitor
method Visit (line 12054) | public void Visit(IEnumerable<Expression> exprs) {
method Visit (line 12057) | public void Visit(IEnumerable<Statement> stmts) {
method Visit (line 12060) | public void Visit(MaybeFreeExpression expr) {
method Visit (line 12063) | public void Visit(FrameExpression expr) {
method Visit (line 12066) | public void Visit(IEnumerable<MaybeFreeExpression> exprs) {
method Visit (line 12069) | public void Visit(IEnumerable<FrameExpression> exprs) {
method Visit (line 12072) | public void Visit(ICallable decl) {
method Visit (line 12080) | public void Visit(Method method) {
method Visit (line 12088) | public void Visit(Function function) {
method Visit (line 12096) | public void Visit(Expression expr) {
method Visit (line 12107) | public void Visit(Statement stmt) {
method VisitOneExpr (line 12114) | protected virtual void VisitOneExpr(Expression expr) {
method VisitOneStmt (line 12118) | protected virtual void VisitOneStmt(Statement stmt) {
class TopDownVisitor (line 12123) | public class TopDownVisitor<State>
method Visit (line 12125) | public void Visit(Expression expr, State st) {
method Visit (line 12137) | public void Visit(Statement stmt, State st) {
method Visit (line 12145) | public void Visit(IEnumerable<Expression> exprs, State st) {
method Visit (line 12148) | public void Visit(IEnumerable<Statement> stmts, State st) {
method Visit (line 12151) | public void Visit(MaybeFreeExpression expr, State st) {
method Visit (line 12154) | public void Visit(FrameExpression expr, State st) {
method Visit (line 12157) | public void Visit(IEnumerable<MaybeFreeExpression> exprs, State st) {
method Visit (line 12160) | public void Visit(IEnumerable<FrameExpression> exprs, State st) {
method Visit (line 12163) | public void Visit(ICallable decl, State st) {
method Visit (line 12171) | public void Visit(Method method, State st) {
method Visit (line 12179) | public void Visit(Function function, State st) {
method VisitOneExpr (line 12193) | protected virtual bool VisitOneExpr(Expression expr, ref State st) {
method VisitOneStmt (line 12201) | protected virtual bool VisitOneStmt(Statement stmt, ref State st) {
FILE: Source/Armada/ArmadaExpr.cs
class ArmadaLValue (line 14) | public abstract class ArmadaLValue
method ArmadaLValue (line 19) | public ArmadaLValue(IToken i_tok, Type i_type)
method IsHeap (line 27) | public virtual bool IsHeap() { return false; }
method NoTSO (line 28) | public virtual bool NoTSO() { return false; }
method GetUndefinedBehaviorAvoidanceConstraint (line 30) | public abstract UndefinedBehaviorAvoidanceConstraint GetUndefinedBehav...
method GetAddress (line 31) | public abstract string GetAddress();
method GetValueInLValueState (line 33) | public virtual string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocation (line 39) | public abstract string GetStoreBufferLocation();
method GetStoreBufferEntry (line 41) | public string GetStoreBufferEntry(string val_new, ArmadaPC pc)
method UpdateTotalStateLocationDirectly (line 50) | public abstract string UpdateTotalStateLocationDirectly(ResolutionCont...
method UpdateTotalStateBypassingStoreBuffer (line 53) | public string UpdateTotalStateBypassingStoreBuffer(ResolutionContext c...
method UpdateTotalStateWithStoreBufferEntry (line 60) | public string UpdateTotalStateWithStoreBufferEntry(ResolutionContext c...
method ApplyExprDotName (line 81) | public abstract ArmadaLValue ApplyExprDotName(IToken i_tok, Resolution...
method ApplySeqSelect (line 82) | public abstract ArmadaLValue ApplySeqSelect(IToken i_tok, ResolutionCo...
class AddressableArmadaLValue (line 85) | public class AddressableArmadaLValue : ArmadaLValue
method AddressableArmadaLValue (line 89) | public AddressableArmadaLValue(IToken i_tok, Type i_type, ArmadaRValue...
method IsHeap (line 95) | public override bool IsHeap() { return true; }
method NoTSO (line 96) | public override bool NoTSO() { return false; }
method GetUndefinedBehaviorAvoidanceConstraint (line 98) | public override UndefinedBehaviorAvoidanceConstraint GetUndefinedBehav...
method GetAddress (line 99) | public override string GetAddress() { return address.Val; }
method GetStoreBufferLocation (line 101) | public override string GetStoreBufferLocation()
method UpdateTotalStateLocationDirectly (line 110) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
method ApplyExprDotName (line 131) | public override ArmadaLValue ApplyExprDotName(IToken i_tok, Resolution...
method ApplySeqSelect (line 164) | public override ArmadaLValue ApplySeqSelect(IToken i_tok, ResolutionCo...
class UnaddressableArmadaLValue (line 189) | public abstract class UnaddressableArmadaLValue : ArmadaLValue
method UnaddressableArmadaLValue (line 193) | public UnaddressableArmadaLValue(IToken i_tok, Type i_type, UndefinedB...
method GetUndefinedBehaviorAvoidanceConstraint (line 198) | public override UndefinedBehaviorAvoidanceConstraint GetUndefinedBehav...
method GetAddress (line 203) | public override string GetAddress() { return null; }
method GetStoreBufferLocationInfo (line 205) | public abstract string GetStoreBufferLocationInfo(ref List<string> fie...
method GetStoreBufferLocation (line 207) | public override string GetStoreBufferLocation()
method ApplyExprDotName (line 223) | public override ArmadaLValue ApplyExprDotName(IToken i_tok, Resolution...
method ApplySeqSelect (line 248) | public override ArmadaLValue ApplySeqSelect(IToken i_tok, ResolutionCo...
class TopStackVarsArmadaLValue (line 285) | public class TopStackVarsArmadaLValue : UnaddressableArmadaLValue
method TopStackVarsArmadaLValue (line 289) | public TopStackVarsArmadaLValue(UndefinedBehaviorAvoidanceConstraint i...
method NoTSO (line 295) | public override bool NoTSO() { return true; }
method GetValueInLValueState (line 297) | public override string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocationInfo (line 302) | public override string GetStoreBufferLocationInfo(ref List<string> fie...
method UpdateTotalStateLocationDirectly (line 307) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
class GlobalsArmadaLValue (line 314) | public class GlobalsArmadaLValue : UnaddressableArmadaLValue
method GlobalsArmadaLValue (line 316) | public GlobalsArmadaLValue() : base(Token.NoToken, AH.ReferToType("Arm...
method NoTSO (line 318) | public override bool NoTSO() { return false; }
method GetValueInLValueState (line 320) | public override string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocationInfo (line 325) | public override string GetStoreBufferLocationInfo(ref List<string> fie...
method UpdateTotalStateLocationDirectly (line 330) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
class GhostsArmadaLValue (line 338) | public class GhostsArmadaLValue : UnaddressableArmadaLValue
method GhostsArmadaLValue (line 340) | public GhostsArmadaLValue() : base(Token.NoToken, AH.ReferToType("Arma...
method NoTSO (line 342) | public override bool NoTSO() { return true; }
method GetValueInLValueState (line 344) | public override string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocationInfo (line 349) | public override string GetStoreBufferLocationInfo(ref List<string> fie...
method UpdateTotalStateLocationDirectly (line 354) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
class UnaddressableFieldArmadaLValue (line 361) | public class UnaddressableFieldArmadaLValue : UnaddressableArmadaLValue
method UnaddressableFieldArmadaLValue (line 368) | public UnaddressableFieldArmadaLValue(IToken i_tok, Type i_type, Unadd...
method GetParent (line 379) | public UnaddressableArmadaLValue GetParent() { return parent; }
method GetFieldName (line 380) | public string GetFieldName() { return fieldName; }
method GetFieldPos (line 381) | public int GetFieldPos() { return fieldPos; }
method NoTSO (line 383) | public override bool NoTSO() { return noTSO || parent.NoTSO(); }
method GetValueInLValueState (line 385) | public override string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocationInfo (line 390) | public override string GetStoreBufferLocationInfo(ref List<string> fie...
method UpdateTotalStateLocationDirectly (line 411) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
class UnaddressableIndexArmadaLValue (line 420) | public class UnaddressableIndexArmadaLValue : UnaddressableArmadaLValue
method UnaddressableIndexArmadaLValue (line 425) | public UnaddressableIndexArmadaLValue(IToken i_tok, Type i_type, Unadd...
method GetParent (line 433) | public UnaddressableArmadaLValue GetParent() { return parent; }
method GetIndex (line 434) | public string GetIndex() { return index; }
method NoTSO (line 436) | public override bool NoTSO() { return parent.NoTSO(); }
method GetValueInLValueState (line 438) | public override string GetValueInLValueState(ResolutionContext context)
method GetStoreBufferLocationInfo (line 443) | public override string GetStoreBufferLocationInfo(ref List<string> fie...
method UpdateTotalStateLocationDirectly (line 457) | public override string UpdateTotalStateLocationDirectly(ResolutionCont...
FILE: Source/Armada/ArmadaHelper.cs
class AH (line 15) | class AH {
method PrintError (line 17) | public static void PrintError(Program prog, IToken tok, string s) {
method PrintError (line 22) | public static void PrintError(Program prog, string s) {
method PrintWarning (line 26) | public static void PrintWarning(Program prog, IToken tok, string s) {
method PrintWarning (line 30) | public static void PrintWarning(Program prog, string s) {
method ParseTopLevelDecl (line 34) | public static Declaration ParseTopLevelDecl(Program prog, string filen...
method ParseExpression (line 39) | public static Expression ParseExpression(Program prog, string filename...
method AddModuleToIdentifier (line 44) | public static string AddModuleToIdentifier(string moduleName, string t...
method MakeToken (line 49) | public static IToken MakeToken(string s) {
method SetExprType (line 55) | public static Expression SetExprType(Expression e, Type t) {
method MakeNameSegment (line 62) | public static Expression MakeNameSegment(string name, Type type) {
method MakeAliasModuleDecl (line 66) | public static AliasModuleDecl MakeAliasModuleDecl(string s, ModuleDefi...
method MakeAliasModuleDecl (line 71) | public static AliasModuleDecl MakeAliasModuleDecl(string alias, string...
method ReferToType (line 77) | public static Type ReferToType(string name, string moduleName = null) {
method GetConcreteThreadHandleTypeName (line 81) | public static string GetConcreteThreadHandleTypeName() {
method GetConcretePointerTypeName (line 85) | public static string GetConcretePointerTypeName() {
method ConcretizeType (line 89) | public static Type ConcretizeType(Type t) {
method TypesMatch (line 106) | public static bool TypesMatch(Type t1, Type t2)
method GetObjectType (line 151) | public static string GetObjectType(Type t)
method GetInvocationOfValidPointer (line 172) | public static string GetInvocationOfValidPointer(string h, string p, T...
method GetInvocationOfValidPointerToDynamicArray (line 177) | public static string GetInvocationOfValidPointerToDynamicArray(string ...
method GetInvocationOfDescendants (line 182) | public static string GetInvocationOfDescendants(string h, string p, Ty...
method GetInvocationOfDescendantsOfDynamicArray (line 187) | public static string GetInvocationOfDescendantsOfDynamicArray(string h...
method GetInvocationOfDereferencePointer (line 192) | public static string GetInvocationOfDereferencePointer(string h, strin...
method GetInvocationOfUpdateValuesViaPointer (line 212) | public static string GetInvocationOfUpdateValuesViaPointer(string h, s...
method GetInvocationOfUpdatePointer (line 235) | public static string GetInvocationOfUpdatePointer(string h, string p, ...
method GetPrimitiveTypeNames (line 247) | public static List<string> GetPrimitiveTypeNames()
method IsLimitedSizeIntType (line 252) | public static bool IsLimitedSizeIntType(Type type)
method IsPrimitiveType (line 262) | public static bool IsPrimitiveType(Type type)
method IsValidHeapType (line 272) | public static bool IsValidHeapType(Type type, ArmadaStructs structs)
method IsValidType (line 291) | public static bool IsValidType(Type type, ArmadaStructs structs)
method GetPrimitiveValueField (line 328) | public static string GetPrimitiveValueField(Type type)
method GetPrimitiveValueConstructorName (line 346) | public static string GetPrimitiveValueConstructorName(Type type)
method GetPrimitiveTypeName (line 364) | public static string GetPrimitiveTypeName(Type type)
method GetNumArrayDimensions (line 382) | public static int GetNumArrayDimensions(Type outerType, out Type inner...
method CombineStringsWithOr (line 391) | public static string CombineStringsWithOr(IEnumerable<string> es)
method CombineStringsWithAnd (line 397) | public static string CombineStringsWithAnd(IEnumerable<string> es)
method CombineStringsWithCommas (line 403) | public static string CombineStringsWithCommas(IEnumerable<string> strs)
method CombineStringsWithSetAddition (line 408) | public static string CombineStringsWithSetAddition(IEnumerable<string>...
method ExpandUnderscores (line 414) | public static string ExpandUnderscores(string s)
method IsJustNames (line 419) | public static bool IsJustNames(Expression e)
method GetDereferenceType (line 432) | public static bool GetDereferenceType(Type t, out Type subtype, out st...
method EnsureIntegerFit (line 444) | public static string EnsureIntegerFit(string e, Type sourceType, Type ...
method ConvertToIntIfNotInt (line 467) | public static string ConvertToIntIfNotInt(string e, Type ty)
method ConvertToIntIfLimitedSizeInt (line 475) | public static string ConvertToIntIfLimitedSizeInt(string e, Type ty)
method GetBitWidth (line 485) | public static string GetBitWidth(UserDefinedType uty) {
method GetLValueRootVariable (line 493) | public static string GetLValueRootVariable(Expression expr)
method TokenToString (line 522) | public static string TokenToString(IToken tok)
FILE: Source/Armada/ArmadaMain.cs
class IllegalDafnyFile (line 15) | public class IllegalDafnyFile : Exception { }
class DafnyFile (line 17) | public class DafnyFile {
method fileNames (line 23) | public static List<string> fileNames(IList<DafnyFile> dafnyFiles) {
method DafnyFile (line 31) | public DafnyFile(string filePath) {
class Main (line 68) | public class Main {
method MaybePrintProgram (line 70) | public static void MaybePrintProgram(Program program, string filename,...
method PrintLevels (line 84) | public static void PrintLevels(Program program) {
method ParseCheck (line 119) | public static string ParseCheck(IList<DafnyFile/*!*/>/*!*/ files, stri...
method Parse (line 130) | public static string Parse(IList<DafnyFile> files, string programName,...
method Resolve (line 173) | public static string Resolve(Program program, ErrorReporter reporter)
class IncludeComparer (line 190) | private class IncludeComparer : IComparer<Include> {
method Compare (line 191) | public int Compare(Include x, Include y) {
method ParseIncludes (line 196) | public static string ParseIncludes(ModuleDecl module, BuiltIns builtIn...
method ParseFile (line 238) | private static string ParseFile(DafnyFile dafnyFile, Include include, ...
FILE: Source/Armada/ArmadaOptions.cs
class ArmadaOptions (line 10) | public class ArmadaOptions : Bpl.CommandLineOptions
method ArmadaOptions (line 14) | public ArmadaOptions(ErrorReporter errorReporter = null)
method Install (line 44) | public static void Install(ArmadaOptions options) {
type PrintModes (line 58) | public enum PrintModes { Everything, DllEmbed, NoIncludes, NoGhost, Ar...
type CompilationTarget (line 64) | [Flags]
type IncludesModes (line 94) | public enum IncludesModes { None, Immediate, Transitive }
method ParseOption (line 110) | protected override bool ParseOption(string name, Bpl.CommandLineOption...
method ApplyDefaultOptions (line 414) | public override void ApplyDefaultOptions() {
FILE: Source/Armada/ArmadaParser.cs
class ParseInfo (line 14) | public class ParseInfo
method ParseInfo (line 21) | public ParseInfo(Program i_prog, ArmadaSymbolTable i_symbols, MethodIn...
method Clone (line 29) | public ParseInfo Clone()
class ArmadaStatement (line 37) | public abstract class ArmadaStatement
method ArmadaStatement (line 47) | public ArmadaStatement(ParseInfo i_parse)
method ParseStatementInternal (line 54) | public static ArmadaStatement ParseStatementInternal(ParseInfo parse, ...
method ParseStatement (line 192) | public static ArmadaStatement ParseStatement(ParseInfo parse, Statemen...
method GetEnumerator (line 201) | public virtual IEnumerator<ArmadaStatement> GetEnumerator()
method AssignPCs (line 206) | public virtual ArmadaPC AssignPCs(ArmadaPC i_startPC)
method UpdatePC (line 213) | public string UpdatePC(string s, string tid, ArmadaPC newPC)
method AssociateLabelsWithPCs (line 218) | public virtual void AssociateLabelsWithPCs()
method GenerateEnablingConstraints (line 230) | public virtual void GenerateEnablingConstraints()
method GenerateNextRoutines (line 234) | public virtual void GenerateNextRoutines()
method ComputeNonyieldAndYieldPCs (line 238) | public virtual void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBlo...
method ComputeNonyieldingPCs (line 246) | public static void ComputeNonyieldingPCs(ArmadaStatement stmt, HashSet...
method GetStackFrameForCallOrCreateThread (line 260) | protected void GetStackFrameForCallOrCreateThread(NextRoutineConstruct...
method PerformStackFrameInitializations (line 381) | protected void PerformStackFrameInitializations(NextRoutineConstructor...
method RoughlyMatches (line 404) | public virtual bool RoughlyMatches(ArmadaStatement other)
method GetStatementsInBody (line 409) | public virtual IEnumerable<ArmadaStatement> GetStatementsInBody()
class ArmadaBlockStatement (line 415) | public class ArmadaBlockStatement : ArmadaStatement
method ArmadaBlockStatement (line 420) | public ArmadaBlockStatement(ParseInfo i_parse, BlockStmt i_stmt) : bas...
method GetStatementsInBody (line 428) | public override IEnumerable<ArmadaStatement> GetStatementsInBody()
method GetEnumerator (line 437) | public override IEnumerator<ArmadaStatement> GetEnumerator()
method AssignPCs (line 447) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 459) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method GenerateNextRoutines (line 473) | public override void GenerateNextRoutines()
method RoughlyMatches (line 480) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaIfStatement (line 486) | public class ArmadaIfStatement : ArmadaStatement
method ArmadaIfStatement (line 492) | public ArmadaIfStatement(ParseInfo i_parse, IfStmt i_stmt) : base(i_pa...
method GetEnumerator (line 504) | public override IEnumerator<ArmadaStatement> GetEnumerator()
method AssignPCs (line 517) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 534) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method AssociateLabelsWithPCs (line 555) | public override void AssociateLabelsWithPCs()
method GenerateNextRoutines (line 563) | public override void GenerateNextRoutines()
method RoughlyMatches (line 630) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaWhileStatement (line 636) | public class ArmadaWhileStatement : ArmadaStatement
method ArmadaWhileStatement (line 641) | public ArmadaWhileStatement(ParseInfo i_parse, WhileStmt i_stmt) : bas...
method GetEnumerator (line 653) | public override IEnumerator<ArmadaStatement> GetEnumerator()
method AssignPCs (line 661) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 670) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method AssociateLabelsWithPCs (line 682) | public override void AssociateLabelsWithPCs()
method GenerateEnablingConstraints (line 688) | public override void GenerateEnablingConstraints()
method GenerateNextRoutines (line 696) | public override void GenerateNextRoutines()
method RoughlyMatches (line 742) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaCallStatement (line 748) | public class ArmadaCallStatement : ArmadaStatement
method ArmadaCallStatement (line 753) | public ArmadaCallStatement(ParseInfo i_parse, UpdateStmt i_stmt, strin...
method GenerateCallNextRoutine (line 763) | private void GenerateCallNextRoutine()
method GenerateReturnNextRoutines (line 806) | private void GenerateReturnNextRoutines()
method GenerateNextRoutines (line 885) | public override void GenerateNextRoutines()
method RoughlyMatches (line 891) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaCreateThreadStatement (line 902) | public class ArmadaCreateThreadStatement : ArmadaStatement
method ArmadaCreateThreadStatement (line 906) | public ArmadaCreateThreadStatement(ParseInfo i_parse, UpdateStmt i_stm...
method GenerateNextRoutines (line 913) | public override void GenerateNextRoutines()
method RoughlyMatches (line 997) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaMallocStatement (line 1008) | public class ArmadaMallocStatement : ArmadaStatement
method ArmadaMallocStatement (line 1012) | public ArmadaMallocStatement(ParseInfo i_parse, UpdateStmt i_stmt) : b...
method GenerateNextRoutines (line 1019) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1139) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaCallocStatement (line 1150) | public class ArmadaCallocStatement : ArmadaStatement
method ArmadaCallocStatement (line 1154) | public ArmadaCallocStatement(ParseInfo i_parse, UpdateStmt i_stmt) : b...
method GenerateNextRoutines (line 1161) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1295) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaCompareAndSwapStatement (line 1306) | public class ArmadaCompareAndSwapStatement : ArmadaStatement
method ArmadaCompareAndSwapStatement (line 1310) | public ArmadaCompareAndSwapStatement(ParseInfo i_parse, UpdateStmt i_s...
method GenerateNextRoutines (line 1317) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1400) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaAtomicExchangeStatement (line 1406) | public class ArmadaAtomicExchangeStatement : ArmadaStatement
method ArmadaAtomicExchangeStatement (line 1410) | public ArmadaAtomicExchangeStatement(ParseInfo i_parse, UpdateStmt i_s...
method GenerateNextRoutines (line 1417) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1492) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaUpdateStatement (line 1498) | public class ArmadaUpdateStatement : ArmadaStatement
method ArmadaUpdateStatement (line 1503) | public ArmadaUpdateStatement(ParseInfo i_parse, UpdateStmt i_stmt) : b...
method GenerateNextRoutines (line 1513) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1583) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaVarDeclStatement (line 1632) | public class ArmadaVarDeclStatement : ArmadaStatement
method ArmadaVarDeclStatement (line 1636) | public ArmadaVarDeclStatement(ParseInfo i_parse, VarDeclStmt i_stmt) :...
method AssignPCs (line 1643) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 1656) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method RoughlyMatches (line 1664) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaReturnStatement (line 1670) | public class ArmadaReturnStatement : ArmadaStatement
method ArmadaReturnStatement (line 1674) | public ArmadaReturnStatement(ParseInfo i_parse, ReturnStmt i_stmt) : b...
method GenerateNextRoutines (line 1681) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1701) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaAssertStatement (line 1707) | public class ArmadaAssertStatement : ArmadaStatement
method ArmadaAssertStatement (line 1711) | public ArmadaAssertStatement(ParseInfo i_parse, AssertStmt i_stmt) : b...
method GenerateNextRoutines (line 1718) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1753) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaAssumeStatement (line 1759) | public class ArmadaAssumeStatement : ArmadaStatement
method ArmadaAssumeStatement (line 1763) | public ArmadaAssumeStatement(ParseInfo i_parse, AssumeStmt i_stmt) : b...
method AssignPCs (line 1770) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 1775) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method GenerateEnablingConstraints (line 1780) | public override void GenerateEnablingConstraints()
method RoughlyMatches (line 1785) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaSomehowStatement (line 1791) | public class ArmadaSomehowStatement : ArmadaStatement
method ArmadaSomehowStatement (line 1795) | public ArmadaSomehowStatement(ParseInfo i_parse, SomehowStmt i_stmt) :...
method GenerateNextRoutines (line 1802) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1882) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaFenceStatement (line 1888) | public class ArmadaFenceStatement : ArmadaStatement
method ArmadaFenceStatement (line 1892) | public ArmadaFenceStatement(ParseInfo i_parse, FenceStmt i_stmt) : bas...
method GenerateNextRoutines (line 1899) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1915) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaGotoStatement (line 1921) | public class ArmadaGotoStatement : ArmadaStatement
method ArmadaGotoStatement (line 1925) | public ArmadaGotoStatement(ParseInfo i_parse, GotoStmt i_stmt) : base(...
method GenerateNextRoutines (line 1932) | public override void GenerateNextRoutines()
method RoughlyMatches (line 1948) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaDeallocStatement (line 1954) | public class ArmadaDeallocStatement : ArmadaStatement
method ArmadaDeallocStatement (line 1958) | public ArmadaDeallocStatement(ParseInfo i_parse, DeallocStmt i_stmt) :...
method GenerateNextRoutines (line 1965) | public override void GenerateNextRoutines()
method RoughlyMatches (line 2045) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaJoinStatement (line 2051) | public class ArmadaJoinStatement : ArmadaStatement
method ArmadaJoinStatement (line 2055) | public ArmadaJoinStatement(ParseInfo i_parse, JoinStmt i_stmt) : base(...
method GenerateNextRoutines (line 2062) | public override void GenerateNextRoutines()
method RoughlyMatches (line 2096) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaBreakStatement (line 2102) | public class ArmadaBreakStatement : ArmadaStatement
method ArmadaBreakStatement (line 2107) | public ArmadaBreakStatement(ParseInfo i_parse, BreakStmt i_stmt) : bas...
method GenerateNextRoutines (line 2115) | public override void GenerateNextRoutines()
method RoughlyMatches (line 2124) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaContinueStatement (line 2130) | public class ArmadaContinueStatement : ArmadaStatement
method ArmadaContinueStatement (line 2135) | public ArmadaContinueStatement(ParseInfo i_parse, ContinueStmt i_stmt)...
method GenerateNextRoutines (line 2143) | public override void GenerateNextRoutines()
method RoughlyMatches (line 2152) | public override bool RoughlyMatches(ArmadaStatement other)
class ArmadaYieldStatement (line 2158) | public class ArmadaYieldStatement : ArmadaStatement
method ArmadaYieldStatement (line 2162) | public ArmadaYieldStatement(ParseInfo i_parse, YieldStmt i_stmt) : bas...
method AssignPCs (line 2169) | public override ArmadaPC AssignPCs(ArmadaPC i_startPC)
method ComputeNonyieldAndYieldPCs (line 2175) | public override void ComputeNonyieldAndYieldPCs(bool inExplicitYieldBl...
method RoughlyMatches (line 2181) | public override bool RoughlyMatches(ArmadaStatement other)
FILE: Source/Armada/ArmadaRValue.cs
class UndefinedBehaviorAvoidanceConstraint (line 14) | public class UndefinedBehaviorAvoidanceConstraint
method UndefinedBehaviorAvoidanceConstraint (line 18) | public UndefinedBehaviorAvoidanceConstraint()
method UndefinedBehaviorAvoidanceConstraint (line 23) | public UndefinedBehaviorAvoidanceConstraint(string e)
method UndefinedBehaviorAvoidanceConstraint (line 32) | public UndefinedBehaviorAvoidanceConstraint(List<string> es)
method UndefinedBehaviorAvoidanceConstraint (line 37) | public UndefinedBehaviorAvoidanceConstraint(UndefinedBehaviorAvoidance...
method Add (line 58) | public void Add(string other)
method Add (line 65) | public void Add(List<string> other)
method Add (line 72) | public void Add(UndefinedBehaviorAvoidanceConstraint other)
class ArmadaRValue (line 94) | public class ArmadaRValue
method ArmadaRValue (line 99) | public ArmadaRValue(UndefinedBehaviorAvoidanceConstraint i_crashAvoida...
method ArmadaRValue (line 106) | public ArmadaRValue(string i_val)
class ArmadaRValueList (line 117) | public class ArmadaRValueList
method ArmadaRValueList (line 122) | public ArmadaRValueList()
method Add (line 128) | public void Add(ArmadaRValue rvalue)
FILE: Source/Armada/ArmadaStructs.cs
class ArmadaStruct (line 14) | public class ArmadaStruct
method ArmadaStruct (line 20) | public ArmadaStruct(Program prog, ClassDecl c)
method ArmadaStruct (line 43) | public ArmadaStruct(string struct_name, Dictionary<string, Type> fields)
method GetFieldType (line 52) | public Type GetFieldType(string fieldName) { return fieldTypes[fieldNa...
method LookupFieldType (line 53) | public Type LookupFieldType(string fieldName) { return (fieldTypes.Con...
method GetFieldPos (line 54) | public int GetFieldPos(string fieldName) { return fieldNames.IndexOf(f...
class ArmadaStructs (line 57) | public class ArmadaStructs
method ArmadaStructs (line 64) | public ArmadaStructs(string i_structsModuleName)
method AddClass (line 72) | public void AddClass(Program prog, ClassDecl c)
method SetDefaultClass (line 79) | public void SetDefaultClass(ClassDecl c)
method DoesStructExist (line 87) | public bool DoesStructExist(string structName) { return structs.Contai...
method GetStruct (line 88) | public ArmadaStruct GetStruct(string structName) { return structs[stru...
method LookupStruct (line 89) | public ArmadaStruct LookupStruct(string structName) { return structs.C...
method GetStructFieldType (line 91) | public Type GetStructFieldType(string structName, string fieldName)
method GetStructFieldPos (line 96) | public int GetStructFieldPos(string structName, string fieldName)
method FlattenType (line 101) | public Type FlattenType(Type t, string moduleName = null)
method AddRefinementConstraint (line 122) | public void AddRefinementConstraint(string constraint)
FILE: Source/Armada/AssumeIntro.cs
class CHLPathEffect (line 16) | abstract class CHLPathEffect
method CHLPathEffect (line 35) | public CHLPathEffect(ArmadaPC i_startPC, ArmadaPC i_endPC, ArmadaPC i_...
method CanFollow (line 57) | public virtual bool CanFollow(StraightlineState state) { return false; }
class CHLPathEffectNormal (line 60) | class CHLPathEffectNormal : CHLPathEffect
method CHLPathEffectNormal (line 62) | public CHLPathEffectNormal(ArmadaPC i_startPC, ArmadaPC i_endPC) : bas...
method CanFollow (line 69) | public override bool CanFollow(StraightlineState state) { return state...
class CHLPathEffectReturn (line 72) | class CHLPathEffectReturn : CHLPathEffect
method CHLPathEffectReturn (line 74) | public CHLPathEffectReturn(ArmadaPC i_startPC, ArmadaPC i_endPC, Armad...
method CanFollow (line 83) | public override bool CanFollow(StraightlineState state) { return state...
class CHLPathEffectCall (line 86) | class CHLPathEffectCall : CHLPathEffect
method CHLPathEffectCall (line 88) | public CHLPathEffectCall(ArmadaPC i_startPC, ArmadaPC i_endPC, ArmadaP...
method CanFollow (line 97) | public override bool CanFollow(StraightlineState state) { return state...
class CHLPathEffectReturnThenCall (line 100) | class CHLPathEffectReturnThenCall : CHLPathEffect
method CHLPathEffectReturnThenCall (line 102) | public CHLPathEffectReturnThenCall(ArmadaPC i_startPC, ArmadaPC i_endP...
method CanFollow (line 112) | public override bool CanFollow(StraightlineState state) { return state...
class CHLPathEffectActorless (line 115) | class CHLPathEffectActorless : CHLPathEffect
method CHLPathEffectActorless (line 117) | public CHLPathEffectActorless() : base(null, null, null, null)
class CHLPathEffectExit (line 125) | class CHLPathEffectExit : CHLPathEffect
method CHLPathEffectExit (line 127) | public CHLPathEffectExit(ArmadaPC i_startPC) : base(i_startPC, null, i...
method CanFollow (line 134) | public override bool CanFollow(StraightlineState state) { return state...
class CHLPathEffectStop (line 137) | class CHLPathEffectStop : CHLPathEffect
method CHLPathEffectStop (line 139) | public CHLPathEffectStop(ArmadaPC i_startPC) : base(i_startPC, null, n...
method CanFollow (line 146) | public override bool CanFollow(StraightlineState state) { return false; }
class CHLPredicateInfo (line 153) | class CHLPredicateInfo
method CHLPredicateInfo (line 159) | public CHLPredicateInfo(string i_key, string i_value, bool i_opaque)
class AssumeIntroProofGenerator (line 171) | public class AssumeIntroProofGenerator : AbstractProofGenerator
method AssumeIntroProofGenerator (line 197) | public AssumeIntroProofGenerator(ProofGenerationParams i_pgp, AssumeIn...
method GenerateProof (line 224) | public override void GenerateProof()
method GenerateProofGivenMap (line 246) | private void GenerateProofGivenMap()
method CreateExtraRecurrentPCs (line 271) | private void CreateExtraRecurrentPCs()
method AddIncludesAndImports (line 292) | protected override void AddIncludesAndImports()
method CreateReturnPCForMethod (line 326) | private void CreateReturnPCForMethod()
method GetCHLPathEffect (line 334) | private CHLPathEffect GetCHLPathEffect(AtomicPath atomicPath)
method CreatePathEffectMap (line 377) | private void CreatePathEffectMap()
method CreateStoppingPathsStartingAtPC (line 386) | private void CreateStoppingPathsStartingAtPC()
method CheckForBackwardGotos (line 402) | private bool CheckForBackwardGotos()
method GenerateConcurrentHoareLogicRequest (line 429) | private void GenerateConcurrentHoareLogicRequest()
method ParseProgram (line 627) | private void ParseProgram()
method CreateStackCorrectAtStartPredicate (line 657) | private string CreateStackCorrectAtStartPredicate(Method method)
method TurnRequirementsIntoLocalPredicates (line 698) | private void TurnRequirementsIntoLocalPredicates(ArmadaSymbolTable sym...
method CreatePostconditionsPredicate (line 749) | private void CreatePostconditionsPredicate(Method method)
method ProcessWhileStatementInvariants (line 821) | private void ProcessWhileStatementInvariants(ArmadaPC pc, List<MaybeFr...
method DeterminePCsWithEnablingConditions (line 894) | private void DeterminePCsWithEnablingConditions()
method GenerateLocalInv (line 908) | private void GenerateLocalInv()
method GenerateGlobalInvariant (line 956) | private void GenerateGlobalInvariant()
method GenerateCustomCHLClauses (line 1024) | private void GenerateCustomCHLClauses()
method GenerateYieldPredicate (line 1163) | private void GenerateYieldPredicate()
method GenerateRequiresClauses (line 1243) | private void GenerateRequiresClauses()
method GenerateEnsuresClauses (line 1258) | private void GenerateEnsuresClauses()
method GeneratePathPCStackEffectLemmas (line 1273) | private void GeneratePathPCStackEffectLemmas()
method GenerateProofThatCHLRequestIsValid (line 1521) | private void GenerateProofThatCHLRequestIsValid()
method GenerateStepsDontAffectOtherActorsLemmas (line 1531) | private void GenerateStepsDontAffectOtherActorsLemmas()
method GenerateForkedActorsStartAtEntryPointsWithEmptyStacks (line 1582) | private void GenerateForkedActorsStartAtEntryPointsWithEmptyStacks()
method GenerateGlobalInvLemmas (line 1639) | private void GenerateGlobalInvLemmas()
method GenerateYieldPredicateLemmas (line 1694) | private void GenerateYieldPredicateLemmas()
method GenerateInitialInvariantLemmas (line 1842) | private void GenerateInitialInvariantLemmas()
method GenerateIsValidConcurrentHoareLogicRequest (line 1915) | private void GenerateIsValidConcurrentHoareLogicRequest()
method AddAllSuffixesOfStraightlineBehavior (line 2008) | private void AddAllSuffixesOfStraightlineBehavior(StraightlineBehavior...
method CreateStraightlineBehaviors (line 2027) | private void CreateStraightlineBehaviors()
method GenerateStraightlineBehaviorDescriptors (line 2038) | private void GenerateStraightlineBehaviorDescriptors()
method GenerateStraightlineBehaviorDescriptorExhaustiveLemmas (line 2092) | private void GenerateStraightlineBehaviorDescriptorExhaustiveLemmas()
method GenerateStraightlineBehaviorDescriptorEndLemma (line 2202) | private void GenerateStraightlineBehaviorDescriptorEndLemma(string pha...
method GenerateStraightlineBehaviorDescriptorContinuationLemmas (line 2238) | private void GenerateStraightlineBehaviorDescriptorContinuationLemmas()
method GenerateStraightlineBehaviorDescriptorEnumerationLemmas (line 2319) | private void GenerateStraightlineBehaviorDescriptorEnumerationLemmas()
method GenerateStraightlineBehaviorsSatisfyGlobalInvariantProof (line 2396) | private void GenerateStraightlineBehaviorsSatisfyGlobalInvariantProof()
method GenerateStraightlineBehaviorsSatisfyLocalInvariantProof (line 2646) | private void GenerateStraightlineBehaviorsSatisfyLocalInvariantProof()
method GenerateStraightlineBehaviorsSatisfyPreconditionsForCallsProof (line 2854) | private void GenerateStraightlineBehaviorsSatisfyPreconditionsForCalls...
method AtomicPathForks (line 3122) | private bool AtomicPathForks(AtomicPath path)
method GenerateStraightlineBehaviorsSatisfyPreconditionsForForksProof (line 3127) | private void GenerateStraightlineBehaviorsSatisfyPreconditionsForForks...
method EndsAtReturnPC (line 3420) | private bool EndsAtReturnPC(StraightlineBehavior sbd)
method GenerateStraightlineBehaviorsSatisfyPostconditionsProof (line 3425) | private void GenerateStraightlineBehaviorsSatisfyPostconditionsProof()
method EndsAtVisitedLoopHead (line 3576) | private bool EndsAtVisitedLoopHead(StraightlineBehavior sbd)
method EndsAtUnvisitedLoopHead (line 3582) | private bool EndsAtUnvisitedLoopHead(StraightlineBehavior sbd)
method GenerateStraightlineBehaviorsSatisfyLoopModifiesClausesOnEntryProof (line 3588) | private void GenerateStraightlineBehaviorsSatisfyLoopModifiesClausesOn...
method RevisitsLoopHead (line 3779) | private bool RevisitsLoopHead(Tuple<AtomicPath, CHLPathEffect> tup, St...
method GenerateStraightlineBehaviorsSatisfyLoopModifiesClausesOnJumpBackProof (line 3789) | private void GenerateStraightlineBehaviorsSatisfyLoopModifiesClausesOn...
method GenerateStraightlineBehaviorsSatisfyYieldPredicatesProof (line 3992) | private void GenerateStraightlineBehaviorsSatisfyYieldPredicatesProof()
method GenerateStraightlineBehaviorProofs (line 4265) | private void GenerateStraightlineBehaviorProofs()
method GenerateLInitImpliesHInitLemma (line 4277) | private void GenerateLInitImpliesHInitLemma()
method GenerateLNextPlusLocalInvariantImpliesHNextLemmaForNormalPath (line 4300) | private void GenerateLNextPlusLocalInvariantImpliesHNextLemmaForNormal...
method GenerateLNextPlusLocalInvariantImpliesHNextLemmaForTauPath (line 4372) | private void GenerateLNextPlusLocalInvariantImpliesHNextLemmaForTauPat...
method GenerateLNextPlusLocalInvariantImpliesHNextLemma (line 4424) | private void GenerateLNextPlusLocalInvariantImpliesHNextLemma()
method GenerateIsValidAtomicConcurrentHoareLogicRequestLemmas (line 4462) | private void GenerateIsValidAtomicConcurrentHoareLogicRequestLemmas()
method GenerateLemmasForAssumeIntroProof (line 4590) | private void GenerateLemmasForAssumeIntroProof()
FILE: Source/Armada/AtomicSpec.cs
type PCAtomicType (line 17) | public enum PCAtomicType { Yielding, Recurrent, Nonyielding, Stopping };
class PCAtomicTypePair (line 19) | public class PCAtomicTypePair : Tuple<PCAtomicType, PCAtomicType>
method PCAtomicTypePair (line 21) | public PCAtomicTypePair(PCAtomicType i_Item1, PCAtomicType i_Item2) : ...
method ToString (line 25) | public override string ToString()
class AtomicPathPrefix (line 35) | public class AtomicPathPrefix
method AtomicPathPrefix (line 48) | public AtomicPathPrefix(AtomicSpec i_atomicSpec, List<NextRoutine> i_n...
method AtomicPathPrefix (line 149) | public AtomicPathPrefix(AtomicSpec i_atomicSpec, ArmadaPC pc)
method AddExtension (line 171) | public void AddExtension(AtomicPathPrefix other) { extensions.Add(othe...
method GetPCs (line 178) | public List<ArmadaPC> GetPCs()
method MapNextRoutines (line 185) | public List<NextRoutine> MapNextRoutines(Dictionary<NextRoutine, NextR...
method GetMappedPCs (line 190) | public List<ArmadaPC> GetMappedPCs(Dictionary<ArmadaPC, ArmadaPC> pcMap)
class AtomicPath (line 200) | public class AtomicPath
method AtomicPath (line 206) | public AtomicPath(AtomicPathPrefix i_pathPrefix)
method GetPCs (line 262) | public List<ArmadaPC> GetPCs() { return pathPrefix.GetPCs(); }
method Mappable (line 264) | public bool Mappable(Dictionary<NextRoutine, NextRoutine> nextRoutineM...
method MapNextRoutines (line 281) | public List<NextRoutine> MapNextRoutines(Dictionary<NextRoutine, NextR...
method GetMappedPCs (line 286) | public List<ArmadaPC> GetMappedPCs(Dictionary<ArmadaPC, ArmadaPC> pcMap)
class AtomicSpec (line 311) | public class AtomicSpec
method AtomicSpec (line 332) | public AtomicSpec(ProofGenerationParams i_pgp, ArmadaSymbolTable i_sym...
method RootPathPrefixesByPC (line 355) | public IEnumerable<AtomicPathPrefix> RootPathPrefixesByPC(ArmadaPC pc)...
method MakeSpec (line 359) | public void MakeSpec(HashSet<ArmadaPC> extraRecurrentPCs = null)
method AddIncludesAndImports (line 369) | private void AddIncludesAndImports()
method GetConstructorString (line 382) | public string GetConstructorString(AtomicPath atomicPath)
method DetermineNonyieldingPCs (line 399) | private void DetermineNonyieldingPCs()
method DeterminePCToNextRoutinesMap (line 406) | private void DeterminePCToNextRoutinesMap()
method CheckForFiniteNonyieldingPathBetween (line 433) | private bool CheckForFiniteNonyieldingPathBetween(ArmadaPC start, Arma...
method DoesNonyieldingPathBetweenPCsExist (line 462) | private bool DoesNonyieldingPathBetweenPCsExist(ArmadaPC start, Armada...
method DetermineRecurrentPCs (line 468) | private void DetermineRecurrentPCs(HashSet<ArmadaPC> extraRecurrentPCs)
method GetPCAtomicType (line 489) | public PCAtomicType GetPCAtomicType(ArmadaPC pc)
method DetermineAtomicPaths (line 509) | private void DetermineAtomicPaths()
method PopulateAtomicPathPrefix (line 536) | private void PopulateAtomicPathPrefix(AtomicPathPrefix pathPrefix)
method CreateAtomicSpec (line 561) | private void CreateAtomicSpec()
method CreateIsRecurrentPC (line 579) | private void CreateIsRecurrentPC()
method CreatePathDatatype (line 592) | private void CreatePathDatatype()
method CreatePathTypeFunction (line 611) | private void CreatePathTypeFunction()
method CreatePathStatesDatatype (line 626) | private void CreatePathStatesDatatype()
method CreateFunctionsForAtomicPath (line 639) | private void CreateFunctionsForAtomicPath(AtomicPath atomicPath)
method CreateFunctionsForAllAtomicPaths (line 677) | private void CreateFunctionsForAllAtomicPaths()
method CreateAtomicSpecFunctions (line 743) | private void CreateAtomicSpecFunctions()
method GeneratePCEffectLemmas (line 760) | public void GeneratePCEffectLemmas()
method FindAtomicPathPrefixByNextRoutines (line 828) | public AtomicPathPrefix FindAtomicPathPrefixByNextRoutines(List<NextRo...
method FindAtomicPathByNextRoutines (line 852) | public AtomicPath FindAtomicPathByNextRoutines(List<NextRoutine> nextR...
method FindAtomicPathByPCs (line 867) | public AtomicPath FindAtomicPathByPCs(List<ArmadaPC> pcs, bool stopping)
method CreatePathMap (line 898) | public Dictionary<AtomicPath, AtomicPath> CreatePathMap(AtomicSpec hAt...
method CreatePathMap (line 905) | public Dictionary<AtomicPath, AtomicPath> CreatePathMap(AtomicSpec hAt...
method GeneratePerAtomicPathLemma (line 922) | public void GeneratePerAtomicPathLemma(string fileName, string lemmaNa...
method GenerateOverallAtomicPathLemma (line 959) | public void GenerateOverallAtomicPathLemma(string fileName, string per...
method GenerateAtomicPathRequiresOKLemma (line 988) | public void GenerateAtomicPathRequiresOKLemma()
method GenerateAtomicSteppingThreadHasPCLemma (line 1005) | public void GenerateAtomicSteppingThreadHasPCLemma()
method GenerateAtomicTauLeavesPCUnchangedLemma (line 1022) | public void GenerateAtomicTauLeavesPCUnchangedLemma()
method GenerateAtomicPathCantAffectOtherThreadPCsExceptViaForkLemma (line 1041) | public void GenerateAtomicPathCantAffectOtherThreadPCsExceptViaForkLem...
method GenerateAtomicPathTypeAlwaysMatchesPCTypesLemma (line 1077) | public void GenerateAtomicPathTypeAlwaysMatchesPCTypesLemma()
FILE: Source/Armada/BigIntegerParser.cs
class BigIntegerParser (line 6) | internal static class BigIntegerParser {
method Parse (line 13) | internal static BigInteger Parse(string str, NumberStyles style) {
method Parse (line 23) | internal static BigInteger Parse(string str) {
FILE: Source/Armada/Cloner.cs
class Cloner (line 9) | class Cloner
method CloneModuleDefinition (line 13) | public virtual ModuleDefinition CloneModuleDefinition(ModuleDefinition...
method GetRefinementBase (line 35) | public virtual ModuleDefinition GetRefinementBase(ModuleDefinition m) {
method CloneDeclaration (line 40) | public virtual TopLevelDecl CloneDeclaration(TopLevelDecl d, ModuleDef...
method CloneTPChar (line 133) | public TypeParameter.TypeParameterCharacteristics CloneTPChar(TypePara...
method CloneCtor (line 143) | public DatatypeCtor CloneCtor(DatatypeCtor ct) {
method CloneTypeParam (line 147) | public TypeParameter CloneTypeParam(TypeParameter tp) {
method CloneMember (line 151) | public virtual MemberDecl CloneMember(MemberDecl member) {
method CloneType (line 164) | public virtual Type CloneType(Type t) {
method CloneFormal (line 202) | public Formal CloneFormal(Formal formal) {
method CloneBoundVar (line 209) | public virtual BoundVar CloneBoundVar(BoundVar bv) {
method CloneIVariable (line 215) | public VT CloneIVariable<VT>(VT v) where VT: IVariable {
method CloneSpecExpr (line 231) | public Specification<Expression> CloneSpecExpr(Specification<Expressio...
method CloneSpecFrameExpr (line 236) | public Specification<FrameExpression> CloneSpecFrameExpr(Specification...
method CloneFrameExpr (line 241) | public FrameExpression CloneFrameExpr(FrameExpression frame) {
method CloneAttributes (line 244) | public Attributes CloneAttributes(Attributes attrs) {
method CloneMayBeFreeExpr (line 258) | public MaybeFreeExpression CloneMayBeFreeExpr(MaybeFreeExpression expr) {
method CloneExpr (line 264) | public virtual Expression CloneExpr(Expression expr) {
method CloneMatchCaseExpr (line 470) | public MatchCaseExpr CloneMatchCaseExpr(MatchCaseExpr c) {
method CloneApplySuffix (line 482) | public virtual Expression CloneApplySuffix(ApplySuffix e) {
method CloneCasePattern (line 486) | public virtual CasePattern<VT> CloneCasePattern<VT>(CasePattern<VT> pa...
method CloneNameSegment (line 497) | public virtual NameSegment CloneNameSegment(Expression expr) {
method CloneRHS (line 502) | public virtual AssignmentRhs CloneRHS(AssignmentRhs rhs) {
method CloneBlockStmt (line 528) | public virtual BlockStmt CloneBlockStmt(BlockStmt stmt) {
method CloneDividedBlockStmt (line 537) | public virtual DividedBlockStmt CloneDividedBlockStmt(DividedBlockStmt...
method CloneStmt (line 545) | public virtual Statement CloneStmt(Statement stmt) {
method CloneMatchCaseStmt (line 690) | public MatchCaseStmt CloneMatchCaseStmt(MatchCaseStmt c) {
method CloneCalcOp (line 702) | public CalcStmt.CalcOp CloneCalcOp(CalcStmt.CalcOp op) {
method AddStmtLabels (line 715) | public void AddStmtLabels(Statement s, LList<Label> node) {
method CloneGuardedAlternative (line 726) | public GuardedAlternative CloneGuardedAlternative(GuardedAlternative a...
method CloneField (line 730) | public virtual Field CloneField(Field f) {
method CloneFunction (line 745) | public virtual Function CloneFunction(Function f, string newName = nul...
method CloneMethod (line 780) | public virtual Method CloneMethod(Method m) {
method CloneMethodBody (line 818) | public virtual BlockStmt CloneMethodBody(Method m) {
method Tok (line 826) | public virtual IToken Tok(IToken tok) {
class DeepModuleSignatureCloner (line 835) | class DeepModuleSignatureCloner : Cloner {
method CloneDeclaration (line 836) | public override TopLevelDecl CloneDeclaration(TopLevelDecl d, ModuleDe...
class ScopeCloner (line 860) | class ScopeCloner : DeepModuleSignatureCloner {
method isInvisibleClone (line 867) | private bool isInvisibleClone(Declaration d) {
method ScopeCloner (line 872) | public ScopeCloner(VisibilityScope scope) {
method RevealedInScope (line 876) | private bool RevealedInScope(Declaration d) {
method VisibleInScope (line 880) | private bool VisibleInScope(Declaration d) {
method CloneModuleDefinition (line 884) | public override ModuleDefinition CloneModuleDefinition(ModuleDefinitio...
method CloneDeclaration (line 933) | public override TopLevelDecl CloneDeclaration(TopLevelDecl d, ModuleDe...
method CloneField (line 950) | public override Field CloneField(Field f) {
method CloneFunction (line 960) | public override Function CloneFunction(Function f, string newName = nu...
method CloneMethod (line 968) | public override Method CloneMethod(Method m) {
method CloneMember (line 974) | public override MemberDecl CloneMember(MemberDecl member) {
class ClonerButDropMethodBodies (line 986) | class ClonerButDropMethodBodies : DeepModuleSignatureCloner
method ClonerButDropMethodBodies (line 988) | public ClonerButDropMethodBodies()
method CloneBlockStmt (line 992) | public override BlockStmt CloneBlockStmt(BlockStmt stmt) {
class AbstractSignatureCloner (line 997) | class AbstractSignatureCloner : ScopeCloner {
method AbstractSignatureCloner (line 999) | public AbstractSignatureCloner(VisibilityScope scope)
method CloneModuleDefinition (line 1003) | public override ModuleDefinition CloneModuleDefinition(ModuleDefinitio...
method CloneBlockStmt (line 1009) | public override BlockStmt CloneBlockStmt(BlockStmt stmt) {
class CompilationCloner (line 1025) | class CompilationCloner : DeepModuleSignatureCloner
method CompilationCloner (line 1028) | public CompilationCloner(Dictionary<ModuleDefinition, ModuleDefinition...
method CloneExpr (line 1035) | public override Expression CloneExpr(Expression expr) {
method CloneStmt (line 1043) | public override Statement CloneStmt(Statement stmt) {
method GetRefinementBase (line 1051) | public override ModuleDefinition GetRefinementBase(ModuleDefinition m) {
method CloneModuleSignature (line 1061) | public ModuleSignature CloneModuleSignature(ModuleSignature org, Modul...
class FixpointCloner (line 1103) | abstract class FixpointCloner : Cloner
method FixpointCloner (line 1108) | protected FixpointCloner(Expression k, ErrorReporter reporter)
method CloneCallAndAddK (line 1116) | protected Expression CloneCallAndAddK(ApplySuffix e) {
method CloneCallAndAddK (line 1140) | protected Expression CloneCallAndAddK(FunctionCallExpr e) {
class FixpointLemmaSpecificationSubstituter (line 1164) | class FixpointLemmaSpecificationSubstituter : FixpointCloner
method FixpointLemmaSpecificationSubstituter (line 1168) | public FixpointLemmaSpecificationSubstituter(ISet<Expression> friendly...
method CloneExpr (line 1177) | public override Expression CloneExpr(Expression expr) {
method CloneType (line 1215) | public override Type CloneType(Type t) {
method CloneNamePathExpression (line 1225) | Expression CloneNamePathExpression(Expression expr) {
class FixpointLemmaBodyCloner (line 1242) | class FixpointLemmaBodyCloner : FixpointCloner
method FixpointLemmaBodyCloner (line 1246) | public FixpointLemmaBodyCloner(FixpointLemma context, Expression k, IS...
method CloneExpr (line 1255) | public override Expression CloneExpr(Expression expr) {
method CloneRHS (line 1310) | public override AssignmentRhs CloneRHS(AssignmentRhs rhs) {
class ResolvedCloner (line 1341) | class ResolvedCloner : Cloner {
method CloneType (line 1343) | public override Type CloneType(Type t) {
method CloneCasePattern (line 1357) | public override CasePattern<VT> CloneCasePattern<VT>(CasePattern<VT> p...
method CloneBoundVar (line 1372) | public override BoundVar CloneBoundVar(BoundVar bv) {
FILE: Source/Armada/Combining.cs
class CombiningProofGenerator (line 12) | public class CombiningProofGenerator : AbstractProofGenerator
method CombiningProofGenerator (line 19) | public CombiningProofGenerator(ProofGenerationParams i_pgp, CombiningS...
method GenerateProof (line 25) | public override void GenerateProof()
method MakePCMap (line 44) | bool MakePCMap()
method AddIncludesAndImports (line 116) | protected override void AddIncludesAndImports()
method GenerateProofGivenMap (line 141) | private void GenerateProofGivenMap()
FILE: Source/Armada/Compiler-clight.cs
class ClightTsoCompiler (line 20) | public class ClightTsoCompiler : Compiler {
method ClightTsoCompiler (line 21) | public ClightTsoCompiler(ErrorReporter reporter, ReadOnlyCollection<st...
method EmitHeader (line 41) | protected override void EmitHeader(Program program, TargetWriter wr) {
method EmitFooter (line 51) | protected override void EmitFooter(Program program, TargetWriter wr) {
method EmitCallToMain (line 62) | public override void EmitCallToMain(Method mainMethod, TargetWriter wr) {
method CreateStaticMain (line 67) | protected override BlockTargetWriter CreateStaticMain(IClassWriter cw) {
method CreateModule (line 72) | protected override TargetWriter CreateModule(string moduleName, bool i...
method TypeParameters (line 82) | private string TypeParameters(List<TypeParameter> targs) {
method DeclareTemplate (line 89) | private string DeclareTemplate(List<TypeParameter> typeArgs) {
method DeclareTemplate (line 97) | private string DeclareTemplate(List<Type> typeArgs) {
method TemplateMethod (line 105) | private string TemplateMethod(List<TypeParameter> typeArgs) {
method TemplateMethod (line 113) | private string TemplateMethod(List<Type> typeArgs) {
method GetHelperModuleName (line 121) | protected override string GetHelperModuleName() => "_dafny";
method NotSupported (line 123) | protected Exception NotSupported(String msg) {
method NotSupported (line 127) | protected Exception NotSupported(String msg, Bpl.IToken tok) {
method CreateClass (line 132) | protected override IClassWriter CreateClass(string name, bool isExtern...
method CreateTrait (line 158) | protected override IClassWriter CreateTrait(string name, bool isExtern...
method CreateIterator (line 168) | protected override BlockTargetWriter CreateIterator(IteratorDecl iter,...
method DeclareDatatype (line 238) | protected override IClassWriter DeclareDatatype(DatatypeDecl dt, Targe...
method DeclareNewtype (line 452) | protected override IClassWriter DeclareNewtype(NewtypeDecl nt, TargetW...
method DeclareSubsetType (line 498) | protected override void DeclareSubsetType(SubsetTypeDecl sst, TargetWr...
method GetNativeInfo (line 530) | protected override void GetNativeInfo(NativeType.Selection sel, out st...
class ClassWriter (line 565) | protected class ClassWriter : IClassWriter {
method ClassWriter (line 572) | public ClassWriter(string className, ClightTsoCompiler compiler, Blo...
method CreateMethod (line 583) | public BlockTargetWriter/*?*/ CreateMethod(Method m, bool createBody) {
method CreateFunction (line 586) | public BlockTargetWriter/*?*/ CreateFunction(string name, List<TypeP...
method CreateGetter (line 589) | public BlockTargetWriter/*?*/ CreateGetter(string name, Type resultT...
method CreateGetterSetter (line 592) | public BlockTargetWriter/*?*/ CreateGetterSetter(string name, Type r...
method DeclareField (line 595) | public void DeclareField(string name, List<TypeParameter> targs, boo...
method ErrorWriter (line 598) | public TextWriter/*?*/ ErrorWriter() => MethodWriter;
method Finish (line 599) | public void Finish() { }
method CreateMethod (line 602) | protected BlockTargetWriter/*?*/ CreateMethod(Method m, bool createBod...
method CreateFunction (line 645) | protected BlockTargetWriter/*?*/ CreateFunction(string name, List<Type...
method UsedTypeParameters (line 667) | new List<TypeParameter> UsedTypeParameters(DatatypeDecl dt) {
method UsedTypeParameters (line 685) | List<Type> UsedTypeParameters(DatatypeDecl dt, List<Type> typeArgs) {
method WriteRuntimeTypeDescriptorsFormals (line 705) | int WriteRuntimeTypeDescriptorsFormals(List<TypeParameter> typeParams,...
method EmitRuntimeTypeDescriptorsActuals (line 726) | protected override int EmitRuntimeTypeDescriptorsActuals(List<Type> ty...
method RuntimeTypeDescriptor (line 741) | string RuntimeTypeDescriptor(Type type, Bpl.IToken tok, TextWriter wr) {
method CreateGetter (line 814) | protected BlockTargetWriter/*?*/ CreateGetter(string name, Type result...
method CreateGetterSetter (line 819) | protected BlockTargetWriter/*?*/ CreateGetterSetter(string name, Type ...
method EmitJumpToTailCallStart (line 831) | protected override void EmitJumpToTailCallStart(TargetWriter wr) {
method Warn (line 835) | protected void Warn(string msg, Bpl.IToken tok) {
method TypeName (line 840) | protected string TypeName(Type type, TextWriter wr, Bpl.IToken tok, Me...
method TypeName (line 966) | protected override string TypeName(Type type, TextWriter wr, Bpl.IToke...
method ClassName (line 972) | protected string ClassName(Type type, TextWriter wr, Bpl.IToken tok, M...
method TypeInitializationValue (line 978) | public override string TypeInitializationValue(Type type, TextWriter/*...
method ActualTypeArgs (line 1094) | private string ActualTypeArgs(List<Type> typeArgs) {
method TypeName_UDT (line 1099) | protected override string TypeName_UDT(string fullCompileName, List<Ty...
method TypeName_Companion (line 1106) | protected override string TypeName_Companion(Type type, TextWriter wr,...
method DeclareExternType (line 1113) | protected override void DeclareExternType(OpaqueTypeDecl d, Expression...
method DeclareField (line 1121) | protected void DeclareField(string className, List<TypeParameter> targ...
method CompileArmadaStruct (line 1141) | private void CompileArmadaStruct(ArmadaStruct s,TargetWriter wr) {
method CompileArmadaStructs (line 1166) | public override void CompileArmadaStructs(ArmadaStructs structs, Targe...
method CreateArmadaMethod (line 1175) | protected BlockTargetWriter/*?*/ CreateArmadaMethod(Method m, bool cre...
method CreateParamStruct (line 1223) | protected void CreateParamStruct(Method m, TargetWriter wr)
method CreateThreadWrpper (line 1240) | protected void CreateThreadWrpper (Method m, bool createBody, TargetWr...
method CompileArmadaMethod (line 1266) | protected void CompileArmadaMethod(Method m, TargetWriter wr)
method DeclareArmadaGlobalVar (line 1335) | protected void DeclareArmadaGlobalVar(string name, Type/*?*/ type, Bpl...
method CompileArmadaGlobalVariables (line 1354) | public void CompileArmadaGlobalVariables(ArmadaGlobalVariableSymbolTab...
method UpdateArmadaMethodParams (line 1380) | public void UpdateArmadaMethodParams(AllMethodsInfo methods)
method CreateParamStructs (line 1395) | void CreateParamStructs(AllMethodsInfo methods, TargetWriter wr)
method DeclareArmadaMethods (line 1406) | void DeclareArmadaMethods(AllMethodsInfo methods, TargetWriter wr)
method CompileArmadaMethods (line 1421) | void CompileArmadaMethods(AllMethodsInfo methods, TargetWriter wr)
method CompileArmadaLayer (line 1435) | public override void CompileArmadaLayer(ModuleDefinition layer, Target...
method CompileArmadaCreateThread (line 1463) | public override void CompileArmadaCreateThread(ArmadaCreateThreadState...
method CompileArmadaCompareAndSwap (line 1509) | public override void CompileArmadaCompareAndSwap(ArmadaCompareAndSwapS...
method CompileArmadaAtomicExchange (line 1526) | public override void CompileArmadaAtomicExchange(ArmadaAtomicExchangeS...
method DeclareFormalString (line 1541) | private string DeclareFormalString(string prefix, string name, Type ty...
method DeclareFormal (line 1549) | protected override bool DeclareFormal(string prefix, string name, Type...
method DeclareFormals (line 1559) | private string DeclareFormals(List<Formal> formals) {
method DeclareSizedArray (line 1577) | private string DeclareSizedArray(string name, SizedArrayType type, Tar...
method DeclareLocalVar (line 1582) | protected override void DeclareLocalVar(string name, Type/*?*/ type, B...
method DeclareLocalVar (line 1601) | protected override TargetWriter DeclareLocalVar(string name, Type/*?*/...
method UseReturnStyleOuts (line 1613) | protected override bool UseReturnStyleOuts(Method m, int nonGhostOutCo...
method DeclareOutCollector (line 1615) | protected override void DeclareOutCollector(string collectorVarName, T...
method DeclareSpecificOutCollector (line 1618) | protected override void DeclareSpecificOutCollector(string collectorVa...
method DeclareLocalOutVar (line 1628) | protected override void DeclareLocalOutVar(string name, Type type, Bpl...
method EmitOutParameterSplits (line 1632) | protected override void EmitOutParameterSplits(string outCollector, Li...
method EmitActualTypeArgs (line 1642) | protected override void EmitActualTypeArgs(List<Type> typeArgs, Bpl.IT...
method GenerateLhsDecl (line 1646) | protected override string GenerateLhsDecl(string target, Type/*?*/ typ...
method EmitNull (line 1650) | protected override void EmitNull(Type type, TargetWriter wr) {
method EmitJoinStmt (line 1656) | protected override void EmitJoinStmt(TargetWriter wr, Expression threa...
method EmitFenceStmt (line 1664) | protected override void EmitFenceStmt(TargetWriter wr)
method EmitGotoStmt (line 1669) | protected override void EmitGotoStmt(TargetWriter wr, string target)
method EmitDeallocStmt (line 1674) | protected override void EmitDeallocStmt(TargetWriter wr, Expression addr)
method EmitPrintStmt (line 1682) | protected override void EmitPrintStmt(TargetWriter wr, Expression arg) {
method EmitReturn (line 1691) | protected override void EmitReturn(List<Formal> outParams, TargetWrite...
method CreateLabeledCode (line 1700) | protected override TargetWriter CreateLabeledCode(string label, Target...
method EmitBreak (line 1707) | protected override void EmitBreak(string/*?*/ label, TargetWriter wr) {
method EmitContinue (line 1715) | protected override void EmitContinue( TargetWriter wr)
method EmitYield (line 1720) | protected override void EmitYield(TargetWriter wr) {
method EmitAbsurd (line 1725) | protected override void EmitAbsurd(string/*?*/ message, TargetWriter w...
method CreateForLoop (line 1732) | protected override BlockTargetWriter CreateForLoop(string indexVar, st...
method CreateDoublingForLoop (line 1736) | protected override BlockTargetWriter CreateDoublingForLoop(string inde...
method EmitIncrementVar (line 1740) | protected override void EmitIncrementVar(string varName, TargetWriter ...
method EmitDecrementVar (line 1744) | protected override void EmitDecrementVar(string varName, TargetWriter ...
method GetQuantifierName (line 1748) | protected override string GetQuantifierName(string bvType) {
method CreateForeachLoop (line 1752) | protected override BlockTargetWriter CreateForeachLoop(string boundVar...
method EmitNew (line 1766) | protected override void EmitNew(Type type, Bpl.IToken tok, CallStmt/*?...
method EmitNewArray (line 1780) | protected override void EmitNewArray(Type elmtType, Bpl.IToken tok, Li...
method EmitLiteralExpr (line 1801) | protected override void EmitLiteralExpr(TextWriter wr, LiteralExpr e) {
method EmitIntegerLiteral (line 1842) | void EmitIntegerLiteral(BigInteger i, TextWriter wr) {
method EmitStringLiteral (line 1856) | protected override void EmitStringLiteral(string str, bool isVerbatim,...
method EmitBitvectorTruncation (line 1882) | protected override TargetWriter EmitBitvectorTruncation(BitvectorType ...
method EmitRotate (line 1907) | protected override void EmitRotate(Expression e0, Expression e1, bool ...
method EmitEmptyTupleList (line 1931) | protected override void EmitEmptyTupleList(string tupleTypeArgs, Targe...
method EmitAddTupleToList (line 1936) | protected override TargetWriter EmitAddTupleToList(string ingredients,...
method EmitTupleSelect (line 1944) | protected override void EmitTupleSelect(string prefix, int i, TargetWr...
method IdProtect (line 1949) | protected override string IdProtect(string name) {
method PublicIdProtect (line 1952) | public static string PublicIdProtect(string name) {
method FullTypeName (line 2039) | protected override string FullTypeName(UserDefinedType udt, MemberDecl...
method EmitThis (line 2063) | protected override void EmitThis(TargetWriter wr) {
method EmitDatatypeValue (line 2067) | protected override void EmitDatatypeValue(DatatypeValue dtv, string ar...
method EmitDatatypeValue (line 2071) | void EmitDatatypeValue(DatatypeValue dtv, DatatypeCtor ctor, bool isCo...
method GetSpecialFieldInfo (line 2107) | protected override void GetSpecialFieldInfo(SpecialField.ID id, object...
method EmitMemberSelect (line 2154) | protected override TargetWriter EmitMemberSelect(MemberDecl member, bo...
method EmitArraySelect (line 2196) | protected override TargetWriter EmitArraySelect(List<string> indices, ...
method EmitArraySelect (line 2204) | protected override TargetWriter EmitArraySelect(List<Expression> indic...
method ArrayIndexToInt (line 2215) | protected override string ArrayIndexToInt(string arrayIndex) {
method EmitExprAsInt (line 2220) | protected override void EmitExprAsInt(Expression expr, bool inLetExprB...
method EmitIndexCollectionSelect (line 2227) | protected override void EmitIndexCollectionSelect(Expression source, E...
method EmitIndexCollectionUpdate (line 2242) | protected override void EmitIndexCollectionUpdate(Expression source, E...
method EmitSeqSelectRange (line 2251) | protected override void EmitSeqSelectRange(Expression source, Expressi...
method EmitSeqConstructionExpr (line 2277) | protected override void EmitSeqConstructionExpr(SeqConstructionExpr ex...
method EmitMultiSetFormingExpr (line 2285) | protected override void EmitMultiSetFormingExpr(MultiSetFormingExpr ex...
method EmitApplyExpr (line 2289) | protected override void EmitApplyExpr(Type functionType, Bpl.IToken to...
method EmitBetaRedex (line 2294) | protected override TargetWriter EmitBetaRedex(List<string> boundVars, ...
method EmitConstructorCheck (line 2302) | protected override void EmitConstructorCheck(string source, DatatypeCt...
method EmitDestructor (line 2306) | protected override void EmitDestructor(string source, Formal dtor, int...
method CreateLambda (line 2315) | protected override BlockTargetWriter CreateLambda(List<Type> inTypes, ...
method CreateIIFE_ExprBody (line 2325) | protected override TargetWriter CreateIIFE_ExprBody(Expression source,...
method CreateIIFE_ExprBody (line 2334) | protected override TargetWriter CreateIIFE_ExprBody(string source, Typ...
method CreateIIFE0 (line 2343) | protected override BlockTargetWriter CreateIIFE0(Type resultType, Bpl....
method CreateIIFE1 (line 2349) | protected override BlockTargetWriter CreateIIFE1(int source, Type resu...
method EmitUnaryExpr (line 2356) | protected override void EmitUnaryExpr(ResolvedUnaryOp op, Expression e...
method IsDirectlyComparable (line 2385) | bool IsDirectlyComparable(Type t) {
method CompileBinOp (line 2390) | protected override void CompileBinOp(BinaryExpr.ResolvedOpcode op,
method EmitIsZero (line 2639) | protected override void EmitIsZero(string varName, TargetWriter wr) {
method EmitConversionExpr (line 2643) | protected override void EmitConversionExpr(ConversionExpr e, bool inLe...
method EmitCollectionDisplay (line 2742) | protected override void EmitCollectionDisplay(CollectionType ct, Bpl.I...
method EmitMapDisplay (line 2791) | protected override void EmitMapDisplay(MapType mt, Bpl.IToken tok, Lis...
method EmitCollectionBuilder_New (line 2808) | protected override void EmitCollectionBuilder_New(CollectionType ct, B...
method EmitCollectionBuilder_Add (line 2827) | protected override void EmitCollectionBuilder_Add(CollectionType ct, s...
method EmitMapBuilder_Add (line 2837) | protected override TargetWriter EmitMapBuilder_Add(MapType mt, Bpl.ITo...
method GetCollectionBuilder_Build (line 2847) | protected override string GetCollectionBuilder_Build(CollectionType ct...
method EmitSingleValueGenerator (line 2852) | protected override void EmitSingleValueGenerator(Expression e, bool in...
method CompileTargetProgram (line 2858) | public override bool CompileTargetProgram(string dafnyProgramName, str...
method RunTargetProgram (line 2864) | public override bool RunTargetProgram(string dafnyProgramName, string ...
FILE: Source/Armada/Compiler.cs
class Compiler (line 21) | public abstract class Compiler {
method Compiler (line 22) | public Compiler(ErrorReporter reporter) {
method FreshId (line 35) | public static string FreshId() {
method FreshId (line 38) | public static string FreshId(string prefix) {
method GetUniqueAstNumber (line 43) | int GetUniqueAstNumber(Expression expr) {
method Error (line 55) | protected void Error(Bpl.IToken tok, string msg, TextWriter/*?*/ wr, p...
method EmitHeader (line 70) | protected virtual void EmitHeader(Program program, TargetWriter wr) { }
method EmitFooter (line 71) | protected virtual void EmitFooter(Program program, TargetWriter wr) { }
method EmitBuiltInDecls (line 72) | protected virtual void EmitBuiltInDecls(BuiltIns builtIns, TargetWrite...
method EmitCallToMain (line 77) | public virtual void EmitCallToMain(Method mainMethod, TargetWriter wr)...
method CreateStaticMain (line 82) | protected abstract BlockTargetWriter CreateStaticMain(IClassWriter wr);
method CreateModule (line 83) | protected abstract TargetWriter CreateModule(string moduleName, bool i...
method GetHelperModuleName (line 84) | protected abstract string GetHelperModuleName();
type IClassWriter (line 85) | protected interface IClassWriter {
method CreateMethod (line 86) | BlockTargetWriter/*?*/ CreateMethod(Method m, bool createBody);
method CreateFunction (line 87) | BlockTargetWriter/*?*/ CreateFunction(string name, List<TypeParamete...
method CreateGetter (line 88) | BlockTargetWriter/*?*/ CreateGetter(string name, Type resultType, Bp...
method CreateGetterSetter (line 89) | BlockTargetWriter/*?*/ CreateGetterSetter(string name, Type resultTy...
method DeclareField (line 91) | void DeclareField(string name, List<TypeParameter> targs, bool isSta...
method ErrorWriter (line 93) | TextWriter/*?*/ ErrorWriter();
method Finish (line 94) | void Finish();
method CreateClass (line 96) | protected IClassWriter CreateClass(string name, List<TypeParameter>/*?...
method CreateClass (line 102) | protected abstract IClassWriter CreateClass(string name, bool isExtern...
method CreateTrait (line 106) | protected abstract IClassWriter CreateTrait(string name, bool isExtern...
method CreateIterator (line 110) | protected abstract BlockTargetWriter CreateIterator(IteratorDecl iter,...
method DeclareDatatype (line 115) | protected abstract IClassWriter/*?*/ DeclareDatatype(DatatypeDecl dt, ...
method DeclareNewtype (line 119) | protected abstract IClassWriter DeclareNewtype(NewtypeDecl nt, TargetW...
method DeclareSubsetType (line 120) | protected abstract void DeclareSubsetType(SubsetTypeDecl sst, TargetWr...
method GetNativeTypeName (line 121) | protected string GetNativeTypeName(NativeType nt) {
method GetNativeInfo (line 128) | protected virtual void GetNativeInfo(NativeType.Selection sel, out str...
method UsedTypeParameters (line 163) | protected List<TypeParameter> UsedTypeParameters(DatatypeDecl dt) {
method UsedTypeParameters (line 181) | protected void UsedTypeParameters(DatatypeDecl dt, List<Type> typeArgs...
method EmitRuntimeTypeDescriptorsActuals (line 206) | protected virtual int EmitRuntimeTypeDescriptorsActuals(List<Type> typ...
method EmitJumpToTailCallStart (line 214) | protected abstract void EmitJumpToTailCallStart(TargetWriter wr);
method TypeName (line 215) | protected abstract string TypeName(Type type, TextWriter wr, Bpl.IToke...
method TypeInitializationValue (line 216) | public abstract string TypeInitializationValue(Type type, TextWriter/*...
method TypeName_UDT (line 217) | protected abstract string TypeName_UDT(string fullCompileName, List<Ty...
method TypeName_Companion (line 218) | protected abstract string/*?*/ TypeName_Companion(Type type, TextWrite...
method TypeName_Companion (line 219) | protected string TypeName_Companion(TopLevelDecl cls, TextWriter wr, B...
method NativeForm (line 226) | protected virtual Type NativeForm(Type type) {
method DeclareFormal (line 230) | protected abstract bool DeclareFormal(string prefix, string name, Type...
method DeclareLocalVar (line 242) | protected abstract void DeclareLocalVar(string name, Type/*?*/ type, B...
method DeclareLocalVar (line 244) | protected virtual void DeclareLocalVar(string name, Type /*?*/ type, B...
method DeclareLocalVar (line 253) | protected virtual void DeclareLocalVar(string name, Type /*?*/ type, B...
method DeclareLocalVar (line 258) | protected virtual void DeclareLocalVar(string name, Type /*?*/ type, B...
method DeclareLocalVar (line 269) | protected abstract TargetWriter DeclareLocalVar(string name, Type/*?*/...
method DeclareOutCollector (line 270) | protected virtual void DeclareOutCollector(string collectorVarName, Ta...
method DeclareSpecificOutCollector (line 271) | protected virtual void DeclareSpecificOutCollector(string collectorVar...
method UseReturnStyleOuts (line 272) | protected virtual bool UseReturnStyleOuts(Method m, int nonGhostOutCou...
method EmitMethodReturns (line 273) | protected virtual BlockTargetWriter EmitMethodReturns(Method m, BlockT...
method AddTupleToSet (line 278) | protected virtual void AddTupleToSet(int i) { }
method EndStmt (line 283) | protected void EndStmt(TargetWriter wr) { wr.WriteLine(StmtTerminator); }
method DeclareLocalOutVar (line 284) | protected abstract void DeclareLocalOutVar(string name, Type type, Bpl...
method EmitActualOutArg (line 285) | protected virtual void EmitActualOutArg(string actualOutParamName, Tex...
method EmitOutParameterSplits (line 286) | protected virtual void EmitOutParameterSplits(string outCollector, Lis...
method EmitCastOutParameterSplits (line 287) | protected virtual void EmitCastOutParameterSplits(string outCollector,...
method EmitActualTypeArgs (line 290) | protected abstract void EmitActualTypeArgs(List<Type> typeArgs, Bpl.IT...
method GenerateLhsDecl (line 291) | protected abstract string GenerateLhsDecl(string target, Type/*?*/ typ...
method DeclareLocalVar (line 293) | protected virtual TargetWriter DeclareLocalVar(string name, Type /*?*/...
method EmitAssignment (line 297) | protected virtual void EmitAssignment(out TargetWriter wLhs, Type /*?*...
method EmitAssignment (line 301) | protected virtual void EmitAssignment(out TargetWriter wLhs, Type/*?*/...
method EmitAssignment (line 313) | protected void EmitAssignment(string lhs, Type/*?*/ lhsType, string rh...
method EmitAssignmentRhs (line 318) | protected void EmitAssignmentRhs(string rhs, TargetWriter wr) {
method EmitAssignmentRhs (line 322) | protected void EmitAssignmentRhs(Expression rhs, bool inLetExprBody, T...
method EmitAssignmentRhs (line 326) | protected virtual TargetWriter EmitAssignmentRhs(TargetWriter wr) {
method EmitMultiAssignment (line 333) | protected virtual void EmitMultiAssignment(out List<TargetWriter> wLhs...
method EmitSetterParameter (line 356) | protected virtual void EmitSetterParameter(TargetWriter wr) {
method EmitGotoStmt (line 359) | protected virtual void EmitGotoStmt(TargetWriter wr, string target) {}
method EmitJoinStmt (line 361) | protected virtual void EmitJoinStmt(TargetWriter wr, Expression thread...
method EmitFenceStmt (line 362) | protected virtual void EmitFenceStmt(TargetWriter wr) {}
method EmitDeallocStmt (line 363) | protected virtual void EmitDeallocStmt(TargetWriter wr, Expression add...
method EmitPrintStmt (line 364) | protected abstract void EmitPrintStmt(TargetWriter wr, Expression arg);
method EmitReturn (line 365) | protected abstract void EmitReturn(List<Formal> outParams, TargetWrite...
method EmitReturnExpr (line 366) | protected virtual void EmitReturnExpr(Expression expr, bool inLetExprB...
method EmitReturnExpr (line 370) | protected virtual void EmitReturnExpr(string returnExpr, TargetWriter ...
method EmitReturnExpr (line 374) | protected virtual TargetWriter EmitReturnExpr(TargetWriter wr) {
method CreateLabeledCode (line 385) | protected abstract TargetWriter CreateLabeledCode(string label, Target...
method EmitContinue (line 387) | protected virtual void EmitContinue(TargetWriter wr)
method EmitBreak (line 389) | protected abstract void EmitBreak(string/*?*/ label, TargetWriter wr);
method EmitYield (line 390) | protected abstract void EmitYield(TargetWriter wr);
method EmitAbsurd (line 391) | protected abstract void EmitAbsurd(string/*?*/ message, TargetWriter wr);
method EmitAbsurd (line 392) | protected virtual void EmitAbsurd(string message, TargetWriter wr, boo...
method EmitIf (line 396) | protected TargetWriter EmitIf(string guard, bool hasElse, TargetWriter...
method EmitIf (line 402) | protected virtual TargetWriter EmitIf(out TargetWriter guardWriter, bo...
method EmitWhile (line 413) | protected virtual TargetWriter EmitWhile(List<Statement> body, TargetW...
method CreateWhileLoop (line 420) | protected virtual BlockTargetWriter CreateWhileLoop(out TargetWriter g...
method CreateForLoop (line 426) | protected abstract BlockTargetWriter CreateForLoop(string indexVar, st...
method CreateDoublingForLoop (line 427) | protected abstract BlockTargetWriter CreateDoublingForLoop(string inde...
method EmitIncrementVar (line 428) | protected abstract void EmitIncrementVar(string varName, TargetWriter ...
method EmitDecrementVar (line 429) | protected abstract void EmitDecrementVar(string varName, TargetWriter ...
method GetQuantifierName (line 431) | protected abstract string GetQuantifierName(string bvType);
method CreateForeachLoop (line 436) | protected abstract BlockTargetWriter CreateForeachLoop(string boundVar...
method EmitNew (line 440) | protected abstract void EmitNew(Type type, Bpl.IToken tok, CallStmt/*?...
method EmitNewArray (line 441) | protected abstract void EmitNewArray(Type elmtType, Bpl.IToken tok, Li...
method EmitLiteralExpr (line 443) | protected abstract void EmitLiteralExpr(TextWriter wr, LiteralExpr e);
method EmitStringLiteral (line 444) | protected abstract void EmitStringLiteral(string str, bool isVerbatim,...
method EmitBitvectorTruncation (line 445) | protected abstract TargetWriter EmitBitvectorTruncation(BitvectorType ...
method EmitRotate (line 448) | protected abstract void EmitRotate(Expression e0, Expression e1, bool ...
method EmitEmptyTupleList (line 449) | protected abstract void EmitEmptyTupleList(string tupleTypeArgs, Targe...
method EmitAddTupleToList (line 450) | protected abstract TargetWriter EmitAddTupleToList(string ingredients,...
method EmitTupleSelect (line 451) | protected abstract void EmitTupleSelect(string prefix, int i, TargetWr...
method EmitCoercionIfNecessary (line 455) | protected virtual TargetWriter EmitCoercionIfNecessary(Type/*?*/ from,...
method EmitCoercionToNativeForm (line 458) | protected virtual TargetWriter EmitCoercionToNativeForm(Type/*?*/ from...
method EmitCoercionFromNativeForm (line 461) | protected virtual TargetWriter EmitCoercionFromNativeForm(Type/*?*/ to...
method EmitCoercionToNativeInt (line 464) | protected virtual TargetWriter EmitCoercionToNativeInt(TargetWriter wr) {
method EmitCoercionToArbitraryTuple (line 470) | protected virtual TargetWriter EmitCoercionToArbitraryTuple(TargetWrit...
method IdName (line 473) | protected virtual string IdName(TopLevelDecl d) {
method IdName (line 477) | protected virtual string IdName(MemberDecl member) {
method IdName (line 481) | protected virtual string IdName(TypeParameter tp) {
method IdName (line 485) | protected virtual string IdName(IVariable v) {
method IdMemberName (line 489) | protected virtual string IdMemberName(MemberSelectExpr mse) {
method IdProtect (line 493) | protected virtual string IdProtect(string name) {
method FullTypeName (line 497) | protected abstract string FullTypeName(UserDefinedType udt, MemberDecl...
method EmitThis (line 498) | protected abstract void EmitThis(TargetWriter wr);
method EmitNull (line 499) | protected virtual void EmitNull(Type type, TargetWriter wr) {
method EmitITE (line 502) | protected virtual void EmitITE(Expression guard, Expression thn, Expre...
method EmitDatatypeValue (line 517) | protected abstract void EmitDatatypeValue(DatatypeValue dtv, string ar...
method GetSpecialFieldInfo (line 518) | protected abstract void GetSpecialFieldInfo(SpecialField.ID id, object...
method EmitMemberSelect (line 519) | protected abstract TargetWriter EmitMemberSelect(MemberDecl member, bo...
method EmitMemberSelect (line 520) | protected virtual TargetWriter EmitMemberSelect(MemberDecl member, boo...
method EmitArraySelect (line 523) | protected void EmitArraySelect(string index, Type elmtType, TargetWrit...
method EmitArraySelect (line 526) | protected abstract TargetWriter EmitArraySelect(List<string> indices, ...
method EmitArraySelect (line 527) | protected abstract TargetWriter EmitArraySelect(List<Expression> indic...
method EmitArraySelectAsLvalue (line 528) | protected virtual void EmitArraySelectAsLvalue(string array, List<stri...
method EmitArrayUpdate (line 532) | protected virtual TargetWriter EmitArrayUpdate(List<string> indices, s...
method EmitArrayUpdate (line 537) | protected TargetWriter EmitArrayUpdate(List<string> indices, Expressio...
method ArrayIndexToInt (line 542) | protected virtual string ArrayIndexToInt(string arrayIndex) {
method EmitExprAsInt (line 545) | protected abstract void EmitExprAsInt(Expression expr, bool inLetExprB...
method EmitIndexCollectionSelect (line 546) | protected abstract void EmitIndexCollectionSelect(Expression source, E...
method EmitIndexCollectionUpdate (line 547) | protected abstract void EmitIndexCollectionUpdate(Expression source, E...
method EmitIndexCollectionUpdate (line 548) | protected virtual void EmitIndexCollectionUpdate(out TargetWriter wSou...
method EmitSeqSelectRange (line 559) | protected abstract void EmitSeqSelectRange(Expression source, Expressi...
method EmitSeqConstructionExpr (line 560) | protected abstract void EmitSeqConstructionExpr(SeqConstructionExpr ex...
method EmitMultiSetFormingExpr (line 561) | protected abstract void EmitMultiSetFormingExpr(MultiSetFormingExpr ex...
method EmitApplyExpr (line 562) | protected abstract void EmitApplyExpr(Type functionType, Bpl.IToken to...
method EmitBetaRedex (line 563) | protected abstract TargetWriter EmitBetaRedex(List<string> boundVars, ...
method EmitConstructorCheck (line 564) | protected virtual void EmitConstructorCheck(string source, DatatypeCto...
method EmitDestructor (line 572) | protected abstract void EmitDestructor(string source, Formal dtor, int...
method CreateLambda (line 573) | protected abstract BlockTargetWriter CreateLambda(List<Type> inTypes, ...
method CreateIIFE_ExprBody (line 574) | protected abstract TargetWriter CreateIIFE_ExprBody(Expression source,...
method CreateIIFE_ExprBody (line 575) | protected abstract TargetWriter CreateIIFE_ExprBody(string source, Typ...
method CreateIIFE0 (line 576) | protected abstract BlockTargetWriter CreateIIFE0(Type resultType, Bpl....
method CreateIIFE1 (line 577) | protected abstract BlockTargetWriter CreateIIFE1(int source, Type resu...
type ResolvedUnaryOp (line 578) | public enum ResolvedUnaryOp { BoolNot, BitwiseNot, Cardinality, Derefe...
method EmitUnaryExpr (line 579) | protected abstract void EmitUnaryExpr(ResolvedUnaryOp op, Expression e...
method CompileBinOp (line 580) | protected abstract void CompileBinOp(BinaryExpr.ResolvedOpcode op,
method EmitIsZero (line 591) | protected abstract void EmitIsZero(string varName, TargetWriter wr);
method EmitConversionExpr (line 592) | protected abstract void EmitConversionExpr(ConversionExpr e, bool inLe...
method EmitCollectionDisplay (line 593) | protected abstract void EmitCollectionDisplay(CollectionType ct, Bpl.I...
method EmitMapDisplay (line 594) | protected abstract void EmitMapDisplay(MapType mt, Bpl.IToken tok, Lis...
method EmitCollectionBuilder_New (line 595) | protected abstract void EmitCollectionBuilder_New(CollectionType ct, B...
method EmitCollectionBuilder_Add (line 596) | protected abstract void EmitCollectionBuilder_Add(CollectionType ct, s...
method EmitMapBuilder_Add (line 597) | protected abstract TargetWriter EmitMapBuilder_Add(MapType mt, Bpl.ITo...
method GetCollectionBuilder_Build (line 598) | protected abstract string GetCollectionBuilder_Build(CollectionType ct...
method EmitIntegerRange (line 599) | protected virtual void EmitIntegerRange(Type type, out TargetWriter wL...
method EmitSingleValueGenerator (line 610) | protected abstract void EmitSingleValueGenerator(Expression e, bool in...
method FinishModule (line 611) | protected virtual void FinishModule() { }
method OrganizeModules (line 613) | protected virtual void OrganizeModules(Program program, out List<Modul...
method DeclareExternType (line 617) | protected virtual void DeclareExternType(OpaqueTypeDecl d, Expression ...
method CompileArmadaStructs (line 619) | public virtual void CompileArmadaStructs(ArmadaStructs structs, Target...
method CompileArmadaLayer (line 621) | public virtual void CompileArmadaLayer(ModuleDefinition layer, TargetW...
method CompileArmadaCreateThread (line 623) | public virtual void CompileArmadaCreateThread(ArmadaCreateThreadStatem...
method CompileArmadaCompareAndSwap (line 624) | public virtual void CompileArmadaCompareAndSwap(ArmadaCompareAndSwapSt...
method CompileArmadaAtomicExchange (line 625) | public virtual void CompileArmadaAtomicExchange(ArmadaAtomicExchangeSt...
method Compile (line 626) | public void Compile(Program program, TargetWriter wrx) {
class NullClassWriter (line 777) | protected class NullClassWriter : IClassWriter {
method NullClassWriter (line 781) | public NullClassWriter() {
method CreateMeth
Condensed preview — 921 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (9,904K chars).
[
{
"path": ".gitattributes",
"chars": 482,
"preview": "* text=auto\n\n#Explicitly set here just for sanity.\n*.cs text\n*.dfy text\n*.expect text\n*.bpl text\n*.atg text\n*.mdk text\n*"
},
{
"path": ".gitignore",
"chars": 1143,
"preview": "*.config\n*.manifest\n*.pkgdef\n*.suo\n*.userprefs\n*.vsix\n*.vsixmanifest\n*~\n*.vdfy\n\n.idea/\n\nBinaries/*\n\nPackage/\n\nSource/*/b"
},
{
"path": "Armada/.gitignore",
"chars": 42,
"preview": "*.tmp\n*.vdfy\nbin/\ncache/\n.sconsign.dblite\n"
},
{
"path": "Armada/ArmadaCommonDefinitions.dfy",
"chars": 26694,
"preview": "include \"util/collections/seqs.i.dfy\"\ninclude \"util/option.s.dfy\"\ninclude \"spec/refinement.s.dfy\"\n\nmodule ArmadaCommonDe"
},
{
"path": "Armada/spec/refinement.s.dfy",
"chars": 2520,
"preview": "include \"../util/collections/seqs.s.dfy\"\n\nmodule GeneralRefinementModule {\n\n import opened util_collections_seqs_s\n\n "
},
{
"path": "Armada/strategies/chl/AtomicConcurrentHoareLogic.i.dfy",
"chars": 1874,
"preview": "include \"../../util/option.s.dfy\"\ninclude \"../../util/collections/seqs.s.dfy\"\ninclude \"../../util/collections/seqs.i.dfy"
},
{
"path": "Armada/strategies/chl/AtomicConcurrentHoareLogicLemmas.i.dfy",
"chars": 4755,
"preview": "include \"../../util/option.s.dfy\"\ninclude \"../../util/collections/seqs.s.dfy\"\ninclude \"../../util/collections/seqs.i.dfy"
},
{
"path": "Armada/strategies/chl/AtomicConcurrentHoareLogicSpec.i.dfy",
"chars": 5276,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../generic/GenericArmadaAtomic.i."
},
{
"path": "Armada/strategies/chl/ConcurrentHoareLogic.i.dfy",
"chars": 2317,
"preview": "include \"ConcurrentHoareLogicLemmas.i.dfy\"\n\nmodule ConcurrentHoareLogicModule {\n\n import opened AnnotatedBehaviorModule"
},
{
"path": "Armada/strategies/chl/ConcurrentHoareLogicLemmas.i.dfy",
"chars": 47003,
"preview": "include \"ConcurrentHoareLogicSpec.i.dfy\"\n\nmodule ConcurrentHoareLogicLemmasModule {\n\n import opened util_collections_ma"
},
{
"path": "Armada/strategies/chl/ConcurrentHoareLogicSpec.i.dfy",
"chars": 40935,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../../util/collections/maps.s.dfy"
},
{
"path": "Armada/strategies/combining/ArmadaCombining.i.dfy",
"chars": 3026,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/combining/ArmadaCombiningLemmas.i.dfy",
"chars": 11518,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/combining/ArmadaCombiningSpec.i.dfy",
"chars": 10241,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file is"
},
{
"path": "Armada/strategies/generic/GenericArmadaAtomic.i.dfy",
"chars": 16547,
"preview": "include \"GenericArmadaSpec.i.dfy\"\ninclude \"GenericArmadaLemmas.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../../util/"
},
{
"path": "Armada/strategies/generic/GenericArmadaLemmas.i.dfy",
"chars": 6869,
"preview": "include \"GenericArmadaSpec.i.dfy\"\ninclude \"../refinement/GeneralRefinementLemmas.i.dfy\"\n\nmodule GenericArmadaLemmasModul"
},
{
"path": "Armada/strategies/generic/GenericArmadaPlus.i.dfy",
"chars": 8237,
"preview": "include \"GenericArmadaSpec.i.dfy\"\ninclude \"GenericArmadaLemmas.i.dfy\"\ninclude \"../refinement/GeneralRefinementLemmas.i.d"
},
{
"path": "Armada/strategies/generic/GenericArmadaSpec.i.dfy",
"chars": 4067,
"preview": "include \"../../util/option.s.dfy\"\ninclude \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../../ArmadaCommonDefinitions"
},
{
"path": "Armada/strategies/generic/LiftAtomicToAtomic.i.dfy",
"chars": 26311,
"preview": "include \"GenericArmadaAtomic.i.dfy\"\n\nmodule LiftAtomicToAtomicModule\n{\n import opened util_collections_seqs_s\n import "
},
{
"path": "Armada/strategies/generic/LiftFromAtomic.i.dfy",
"chars": 9848,
"preview": "include \"GenericArmadaAtomic.i.dfy\"\n\nmodule LiftFromAtomicModule\n{\n import opened util_collections_seqs_s\n import open"
},
{
"path": "Armada/strategies/generic/LiftToAtomic.i.dfy",
"chars": 20612,
"preview": "include \"GenericArmadaAtomic.i.dfy\"\n\nmodule LiftToAtomicModule\n{\n import opened util_collections_seqs_s\n import opened"
},
{
"path": "Armada/strategies/invariants.i.dfy",
"chars": 33377,
"preview": "include \"refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../spec/refinement.s.dfy\"\n\nmodule InvariantsModule\n{\n import op"
},
{
"path": "Armada/strategies/reduction/AtomicReduction.i.dfy",
"chars": 4551,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/AtomicReductionLemmas.i.dfy",
"chars": 217937,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/AtomicReductionSpec.i.dfy",
"chars": 21851,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file is"
},
{
"path": "Armada/strategies/reduction/CohenLamportReduction.i.dfy",
"chars": 2308,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/CohenLamportReductionLemmas.i.dfy",
"chars": 110842,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/CohenLamportReductionSpec.i.dfy",
"chars": 15233,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file is"
},
{
"path": "Armada/strategies/reduction/RefinementViaReduction.i.dfy",
"chars": 2666,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/RefinementViaReductionLemmas.i.dfy",
"chars": 114740,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file co"
},
{
"path": "Armada/strategies/reduction/RefinementViaReductionSpec.i.dfy",
"chars": 15370,
"preview": "/////////////////////////////////////////////////////////////////////////////////////////////////////\n//\n// This file is"
},
{
"path": "Armada/strategies/refinement/AnnotatedBehavior.i.dfy",
"chars": 9572,
"preview": "include \"../../spec/refinement.s.dfy\"\ninclude \"../../util/collections/seqs.i.dfy\"\n\nmodule AnnotatedBehaviorModule {\n\n "
},
{
"path": "Armada/strategies/refinement/GeneralRefinementLemmas.i.dfy",
"chars": 10723,
"preview": "include \"../../spec/refinement.s.dfy\"\ninclude \"../../util/collections/seqs.i.dfy\"\n\nmodule GeneralRefinementLemmasModule "
},
{
"path": "Armada/strategies/refinement/RefinementConvolution.i.dfy",
"chars": 11492,
"preview": "include \"GeneralRefinementLemmas.i.dfy\"\n\nmodule RefinementConvolutionModule {\n\n import opened GeneralRefinementLemmasMo"
},
{
"path": "Armada/strategies/starweakening/StarWeakening.i.dfy",
"chars": 3621,
"preview": "include \"StarWeakeningSpec.i.dfy\"\ninclude \"../../util/collections/seqs.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\n\nmod"
},
{
"path": "Armada/strategies/starweakening/StarWeakeningSpec.i.dfy",
"chars": 1938,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\ninclude \"../invariants.i.dfy\"\n\nmod"
},
{
"path": "Armada/strategies/tsoelimination/TSOElimination.i.dfy",
"chars": 1953,
"preview": "include \"TSOEliminationLemmas.i.dfy\"\n\nmodule TSOEliminationModule {\n\n import opened AnnotatedBehaviorModule\n impor"
},
{
"path": "Armada/strategies/tsoelimination/TSOEliminationLemmas.i.dfy",
"chars": 4668,
"preview": "include \"TSOEliminationSpec.i.dfy\"\ninclude \"../refinement/RefinementConvolution.i.dfy\"\ninclude \"../../util/collections/s"
},
{
"path": "Armada/strategies/tsoelimination/TSOEliminationSpec.i.dfy",
"chars": 2684,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../../util/option.s.dfy\"\ninclude "
},
{
"path": "Armada/strategies/varhiding/VarHiding.i.dfy",
"chars": 2899,
"preview": "include \"VarHidingSpec.i.dfy\"\ninclude \"../refinement/RefinementConvolution.i.dfy\"\ninclude \"../../util/collections/seqs.i"
},
{
"path": "Armada/strategies/varhiding/VarHidingSpec.i.dfy",
"chars": 1914,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\nincl"
},
{
"path": "Armada/strategies/varintro/VarIntro.i.dfy",
"chars": 7844,
"preview": "include \"VarIntroSpec.i.dfy\"\ninclude \"../refinement/RefinementConvolution.i.dfy\"\ninclude \"../../util/collections/seqs.s."
},
{
"path": "Armada/strategies/varintro/VarIntroSpec.i.dfy",
"chars": 3528,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../invariants.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\nincl"
},
{
"path": "Armada/strategies/weakening/Weakening.i.dfy",
"chars": 3585,
"preview": "include \"WeakeningSpec.i.dfy\"\ninclude \"../../util/collections/seqs.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\n\nmodule "
},
{
"path": "Armada/strategies/weakening/WeakeningSpec.i.dfy",
"chars": 1832,
"preview": "include \"../refinement/AnnotatedBehavior.i.dfy\"\ninclude \"../../spec/refinement.s.dfy\"\ninclude \"../invariants.i.dfy\"\n\nmod"
},
{
"path": "Armada/util/collections/MapSum.i.dfy",
"chars": 2315,
"preview": "include \"maps.s.dfy\"\ninclude \"sets.i.dfy\"\n\nmodule util_collections_MapSum_i {\n\n import opened util_collections_maps_s\n "
},
{
"path": "Armada/util/collections/SeqSum.i.dfy",
"chars": 887,
"preview": "module util_collections_SeqSum_i {\n\n function SeqSum(s:seq<int>) : int\n {\n if |s| == 0 then\n 0\n "
},
{
"path": "Armada/util/collections/maps.i.dfy",
"chars": 3760,
"preview": "include \"sets.i.dfy\"\n\nmodule util_collections_maps_i\n{\n import opened util_collections_sets_i\n\n function AddSetToM"
},
{
"path": "Armada/util/collections/maps.s.dfy",
"chars": 507,
"preview": "module util_collections_maps_s\n{\n function mapdomain<KT,VT>(m:map<KT,VT>) : set<KT>\n {\n set k | k in m :: k"
},
{
"path": "Armada/util/collections/seqs.i.dfy",
"chars": 4844,
"preview": "include \"../option.s.dfy\"\ninclude \"seqs.s.dfy\"\n\nmodule util_collections_seqs_i\n{\n import opened util_option_s\n import "
},
{
"path": "Armada/util/collections/seqs.s.dfy",
"chars": 236,
"preview": "module util_collections_seqs_s\n{\n function last<T>(s:seq<T>) : T\n requires |s| > 0;\n {\n s[|s|-1]\n "
},
{
"path": "Armada/util/collections/sets.i.dfy",
"chars": 7189,
"preview": "module util_collections_sets_i {\n\nlemma ThingsIKnowAboutSubset<T>(x:set<T>, y:set<T>)\n requires x<y;\n ensures |x|<"
},
{
"path": "Armada/util/functions.i.dfy",
"chars": 1082,
"preview": "module util_functions_i {\n\n predicate RelationSatisfiableAt<T, U(!new)>(relation:(T,U)->bool, x:T)\n {\n exists y:U :"
},
{
"path": "Armada/util/math/.gitignore",
"chars": 12,
"preview": "*.bpl\n*.log\n"
},
{
"path": "Armada/util/math/div.i.dfy",
"chars": 30344,
"preview": "include \"power.i.dfy\"\ninclude \"mul.i.dfy\"\ninclude \"div_def.i.dfy\"\ninclude \"div_boogie.i.dfy\"\ninclude \"div_nonlinear.i.df"
},
{
"path": "Armada/util/math/div_auto.i.dfy",
"chars": 5641,
"preview": "include \"mod_auto.i.dfy\"\ninclude \"div_auto_proofs.i.dfy\"\ninclude \"mod_auto_proofs.i.dfy\"\n\nmodule Math__div_auto_i {\nimpo"
},
{
"path": "Armada/util/math/div_auto_proofs.i.dfy",
"chars": 704,
"preview": "include \"mod_auto.i.dfy\"\ninclude \"mod_auto_proofs.i.dfy\"\n \nmodule Math__div_auto_proofs_i {\nimport opened Math__mod_aut"
},
{
"path": "Armada/util/math/div_boogie.i.dfy",
"chars": 2340,
"preview": "include \"div_def.i.dfy\"\ninclude \"mul.i.dfy\"\n\nmodule Math__div_boogie_i {\nimport opened Math__div_def_i\nimport opened Mat"
},
{
"path": "Armada/util/math/div_def.i.dfy",
"chars": 2145,
"preview": "//- Specs/implements mathematical div and mod, not the C version.\n//- This may produce \"surprising\" results for negative"
},
{
"path": "Armada/util/math/div_nonlinear.i.dfy",
"chars": 1568,
"preview": "//- <NuBuild AddDafnyFlag /z3opt:smt.arith.nl=true/>\n//- WARNING: In general, you shouldn't need to call these directly."
},
{
"path": "Armada/util/math/mod_auto.i.dfy",
"chars": 6081,
"preview": "include \"mod_auto_proofs.i.dfy\"\n\nmodule Math__mod_auto_i {\nimport opened Math__mod_auto_proofs_i\n\n\npredicate eq_mod(x:in"
},
{
"path": "Armada/util/math/mod_auto_proofs.i.dfy",
"chars": 3713,
"preview": "include \"mul_auto.i.dfy\"\ninclude \"mul.i.dfy\"\ninclude \"div_nonlinear.i.dfy\"\n\nmodule Math__mod_auto_proofs_i {\nimport open"
},
{
"path": "Armada/util/math/mul.i.dfy",
"chars": 14186,
"preview": "include \"mul_nonlinear.i.dfy\"\ninclude \"mul_auto.i.dfy\"\n\nmodule Math__mul_i {\nimport opened Math__mul_nonlinear_i\nimport "
},
{
"path": "Armada/util/math/mul_auto.i.dfy",
"chars": 1852,
"preview": "include \"mul_auto_proofs.i.dfy\"\n\nmodule Math__mul_auto_i {\nimport opened Math__mul_auto_proofs_i\n\npredicate MulAuto()\n{\n"
},
{
"path": "Armada/util/math/mul_auto_proofs.i.dfy",
"chars": 2789,
"preview": "include \"mul_nonlinear.i.dfy\"\n\nmodule Math__mul_auto_proofs_i {\nimport opened Math__mul_nonlinear_i\n\nlemma lemma_mul_ind"
},
{
"path": "Armada/util/math/mul_nonlinear.i.dfy",
"chars": 1371,
"preview": "//- <NuBuild AddDafnyFlag /z3opt:smt.arith.nl=true/>\n//- WARNING: In general, you shouldn't need to call these directly."
},
{
"path": "Armada/util/math/power.i.dfy",
"chars": 5739,
"preview": "include \"powers.i.dfy\"\ninclude \"mul.i.dfy\"\ninclude \"mul_auto.i.dfy\"\n\nmodule Math__power_i {\nimport opened Math__power_s\n"
},
{
"path": "Armada/util/math/powers.i.dfy",
"chars": 259,
"preview": "\nmodule Math__power_s {\n\n// TODO_MODULE: module Math__power_s {\nfunction {:opaque} power(b:int, e:nat) : int\n decreas"
},
{
"path": "Armada/util/option.s.dfy",
"chars": 72,
"preview": "module util_option_s {\n\n datatype Option<T> = Some(v:T) | None()\n\n}\n\n"
},
{
"path": "Armada/util/types.s.dfy",
"chars": 118,
"preview": "module util_types_s {\n\n newtype byte = x:int | 0 <= x < 0x100\n newtype uint = x:int | 0 <= x < 0x1_0000_0000\n\n}\n"
},
{
"path": "BUILD.md",
"chars": 1214,
"preview": "Building on Linux\n===\nThese instructions are adapted from the [Dafny Wiki](https://github.com/dafny-lang/dafny/wiki/INST"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 444,
"preview": "# Microsoft Open Source Code of Conduct\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](https://op"
},
{
"path": "LICENSE",
"chars": 1875,
"preview": " Armada\r\n\r\n Copyright (c) Microsoft Corporation;\r\n Jacob R. Lorch, Microsoft Corporation;\r\n "
},
{
"path": "NOTICE.txt",
"chars": 3193,
"preview": "This project uses third party material from the projects listed\nbelow. The original copyright notice and the license und"
},
{
"path": "README.md",
"chars": 3783,
"preview": "# Overview\n\nSafely writing high-performance concurrent programs is notoriously difficult. To aid developers, we\nintroduc"
},
{
"path": "SConstruct1",
"chars": 6813,
"preview": "# -*- python -*-\nimport re\nimport sys\nimport os, os.path\nimport subprocess\nimport traceback\nimport pdb\nimport SCons.Util"
},
{
"path": "SConstruct2",
"chars": 11785,
"preview": "# -*- python -*-\nimport re\nimport sys\nimport os, os.path\nimport subprocess\nimport traceback\nimport pdb\nimport random\nimp"
},
{
"path": "SECURITY.md",
"chars": 2824,
"preview": "<!-- BEGIN MICROSOFT SECURITY.MD V0.0.3 BLOCK -->\n\n## Security\n\nMicrosoft takes the security of our software products an"
},
{
"path": "Source/Armada/AbstractProofGenerator.cs",
"chars": 173971,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Armada.atg",
"chars": 207423,
"preview": "/*-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/Armada/ArmadaAst.cs",
"chars": 450329,
"preview": "#define TI_DEBUG_PRINT\n//-----------------------------------------------------------------------------\n//\n// Copyright ("
},
{
"path": "Source/Armada/ArmadaExpr.cs",
"chars": 17232,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ArmadaHelper.cs",
"chars": 15881,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ArmadaMain.cs",
"chars": 9504,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/Armada/ArmadaOptions.cs",
"chars": 27071,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text;\nusing System.Diagnostics.Contracts"
},
{
"path": "Source/Armada/ArmadaParser.cs",
"chars": 84478,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ArmadaPipeline.csproj",
"chars": 853,
"preview": "<Project Sdk=\"Microsoft.NET.Sdk\">\r\n\r\n <Target Name=\"RunCoco\" BeforeTargets=\"PreBuildEvent\" Outputs=\"$(ProjectDir)Parser"
},
{
"path": "Source/Armada/ArmadaRValue.cs",
"chars": 3622,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ArmadaStructs.cs",
"chars": 4106,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/AssumeIntro.cs",
"chars": 198874,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/AtomicSpec.cs",
"chars": 39456,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/BigIntegerParser.cs",
"chars": 998,
"preview": "using System;\nusing System.Numerics;\nusing System.Globalization;\n\nnamespace Microsoft.Armada {\n internal static class"
},
{
"path": "Source/Armada/Cloner.cs",
"chars": 60317,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Numerics;\nusing System.Diagnostics.Contracts;\nusing IToken "
},
{
"path": "Source/Armada/Combining.cs",
"chars": 7592,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Compiler-clight.cs",
"chars": 110919,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Amazon. All Rights "
},
{
"path": "Source/Armada/Compiler.cs",
"chars": 187908,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/Armada/ConstraintCollector.cs",
"chars": 3572,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/DeclCollector.cs",
"chars": 4606,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ExpressionBuilder.cs",
"chars": 2974,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/GlobalVarHiding.cs",
"chars": 24114,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/GlobalVarIntro.cs",
"chars": 10500,
"preview": "using System.Collections.Generic;\nusing System.Linq;\nusing System;\n\nnamespace Microsoft.Armada\n{\n public class GlobalVa"
},
{
"path": "Source/Armada/NextRoutine.cs",
"chars": 12474,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/PathPrinter.cs",
"chars": 6219,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/PredicateBuilder.cs",
"chars": 9182,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Printer.cs",
"chars": 103452,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/Armada/Prioritization.cs",
"chars": 1494,
"preview": "using System.Linq;\n\nnamespace Microsoft.Armada\n{\n public class PrioritizationAttributes\n {\n public int likelihoodOf"
},
{
"path": "Source/Armada/ProofFiles.cs",
"chars": 7827,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Text;\nusing System.Text.RegularExpressions"
},
{
"path": "Source/Armada/ProofGenerationParams.cs",
"chars": 5995,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/ProofGenerator.cs",
"chars": 4399,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Reduction.cs",
"chars": 81677,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/RefinementTransformer.cs",
"chars": 87644,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/Armada/Reporting.cs",
"chars": 7733,
"preview": "using Microsoft.Boogie;\nusing System;\nusing System.Collections.Generic;\nusing System.Diagnostics.Contracts;\nusing System"
},
{
"path": "Source/Armada/ResolutionContext.cs",
"chars": 51610,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Resolver.cs",
"chars": 782111,
"preview": "#define TI_DEBUG_PRINT\n//-----------------------------------------------------------------------------\n//\n// Copyright ("
},
{
"path": "Source/Armada/Rewriter.cs",
"chars": 86778,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Diagnostics.Contracts;\nusing System.Text;\nusing static Micr"
},
{
"path": "Source/Armada/SccGraph.cs",
"chars": 16238,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Diagnostics.Contracts;\n\nnamespace Microsoft.Armada {\n\n pub"
},
{
"path": "Source/Armada/StackVarHiding.cs",
"chars": 6161,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/StackVarIntro.cs",
"chars": 5762,
"preview": "using System.Collections.Generic;\nusing System.Linq;\nusing System;\n\nnamespace Microsoft.Armada\n{\n public class StackVar"
},
{
"path": "Source/Armada/StarWeakening.cs",
"chars": 18645,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/StateMachineTranslator.cs",
"chars": 81103,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnosti"
},
{
"path": "Source/Armada/StepPrinter.cs",
"chars": 4377,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/StraightlineBehavior.cs",
"chars": 42434,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/SymbolTable.cs",
"chars": 39396,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/TSOElimination.cs",
"chars": 84259,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/Translator.cs",
"chars": 919280,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporati"
},
{
"path": "Source/Armada/Triggers/QuantifierSplitter.cs",
"chars": 8073,
"preview": "using Microsoft.Boogie;\nusing System;\nusing System.Collections.Generic;\nusing System.Diagnostics.Contracts;\nusing System"
},
{
"path": "Source/Armada/Triggers/QuantifiersCollection.cs",
"chars": 16007,
"preview": "#define QUANTIFIER_WARNINGS\n\nusing System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text;\nusing"
},
{
"path": "Source/Armada/Triggers/QuantifiersCollector.cs",
"chars": 2950,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text;\nusing Microsoft.Boogie;\nusing Syst"
},
{
"path": "Source/Armada/Triggers/TriggerExtensions.cs",
"chars": 22492,
"preview": "#define THROW_UNSUPPORTED_COMPARISONS\n\nusing Microsoft.Armada;\nusing System;\nusing System.Collections.Generic;\nusing Sys"
},
{
"path": "Source/Armada/Triggers/TriggerUtils.cs",
"chars": 11339,
"preview": "#define DEBUG_AUTO_TRIGGERS\n\nusing System;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diag"
},
{
"path": "Source/Armada/Triggers/TriggersCollector.cs",
"chars": 17285,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text;\nusing Microsoft.Boogie;\nusing Syst"
},
{
"path": "Source/Armada/Util.cs",
"chars": 14660,
"preview": "using System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text;\nusing System.Diagnostics.Contracts"
},
{
"path": "Source/Armada/VarHiding.cs",
"chars": 16403,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada/VarIntro.cs",
"chars": 63548,
"preview": "using System.Collections.Generic;\nusing System.Linq;\nusing System;\n\nnamespace Microsoft.Armada\n{\n public abstract class"
},
{
"path": "Source/Armada/Weakening.cs",
"chars": 2897,
"preview": "using System;\nusing System.Numerics;\nusing System.Collections.Generic;\nusing System.Diagnostics;\nusing System.Diagnostic"
},
{
"path": "Source/Armada.sln",
"chars": 2861,
"preview": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio 15\r\nVisualStudioVersion = 15.0.26124.0\r\n"
},
{
"path": "Source/ArmadaDriver/ArmadaDriver.cs",
"chars": 23497,
"preview": "//-----------------------------------------------------------------------------\n//\n// Copyright (C) Microsoft Corporatio"
},
{
"path": "Source/ArmadaDriver/ArmadaDriver.csproj",
"chars": 653,
"preview": "<Project Sdk=\"Microsoft.NET.Sdk\">\r\n\r\n <ItemGroup>\r\n <ProjectReference Include=\"..\\Armada\\ArmadaPipeline.csproj\" />\r\n"
},
{
"path": "Source/Directory.Build.props",
"chars": 268,
"preview": "<Project>\n\n <!-- Target framework -->\n <PropertyGroup>\n <TargetFramework>net5.0</TargetFramework>\n </PropertyGroup"
},
{
"path": "Source/dotnet-tools.json",
"chars": 150,
"preview": "{\n \"version\": 1,\n \"isRoot\": true,\n \"tools\": {\n \"cocor\": {\n \"version\": \"2014.12.23\",\n \"commands\": [\n "
},
{
"path": "Test/armada-parser/.gitignore",
"chars": 6,
"preview": "*.dfy\n"
},
{
"path": "Test/armada-parser/OGcounter.arm",
"chars": 2047,
"preview": "// mono --debug $CDFY /compile:0 /dafnyVerify:0 src/armada-parser/Counter_No_CLass.arm\ninclude \"../../Armada/ArmadaCommo"
},
{
"path": "Test/armada-parser/scheduler_atomic.arm",
"chars": 4821,
"preview": "// mono --debug $CDFY /compile:0 /dafnyVerify:0 src/armada-parser/scheduler_atomic.arm\ninclude \"../../Armada/ArmadaCommo"
},
{
"path": "Test/armada-parser/scheduler_impl.arm",
"chars": 5958,
"preview": "// mono --debug $CDFY /compile:0 /dafnyVerify:0 src/armada-parser/scheduler_impl.arm\ninclude \"../../Armada/ArmadaCommonD"
},
{
"path": "Test/armada-parser/scheduler_simplify.arm",
"chars": 3557,
"preview": "// mono --debug $CDFY /compile:0 /dafnyVerify:0 src/armada-parser/scheduler_simplify.arm\ninclude \"../../Armada/ArmadaCom"
},
{
"path": "Test/armada-parser/scheduler_spec.arm",
"chars": 3095,
"preview": "// mono --debug $CDFY /compile:0 /dafnyVerify:0 src/armada-parser/scheduler_spec.arm\ninclude \"../../Armada/ArmadaCommonD"
},
{
"path": "Test/armada-parser/test-var-hiding-fail.arm",
"chars": 365,
"preview": "level A {\n var x:int32;\n var y:int32;\n var z:int32;\n\n method main()\n {\n x ::= 3;\n z ::= 5;\n"
},
{
"path": "Test/armada-parser/test.arm",
"chars": 4066,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs\n{\n struct C1 {\n var x:int32[4];\n "
},
{
"path": "Test/armada-parser/test2.arm",
"chars": 1744,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs2\n{\n struct S1 {\n var a:int32;\n "
},
{
"path": "Test/armada-parser/test3.arm",
"chars": 3473,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs3\n{\n struct C1 {\n var x:int32[4];\n "
},
{
"path": "Test/armada-parser/test4.arm",
"chars": 2428,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\ninclude \"test4defs.dfy\"\n\nstructs SharedStructs4\n{\n struct S1 {\n "
},
{
"path": "Test/armada-parser/test5.arm",
"chars": 347,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs5\n{\n struct S1 {\n var a:int32;\n "
},
{
"path": "Test/armada-parser/test6.arm",
"chars": 418,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs6\n{\n struct S1 {\n var x:int32[10];\n "
},
{
"path": "Test/armada-parser/test7.arm",
"chars": 379,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs7 {}\n\nlevel {:concrete} G using SharedStructs7 "
},
{
"path": "Test/assume-intro/.gitignore",
"chars": 126,
"preview": "A.dfy\nB.dfy\nAB.dfy\nSharedStructs.dfy\nC.dfy\nD.dfy\nCD.dfy\nSharedStructs2.dfy\nE.dfy\nF.dfy\nEF.dfy\nSharedStructs3.dfy\nAB/\nCD/"
},
{
"path": "Test/assume-intro/ABHelpers.dfy",
"chars": 610,
"preview": "include \"A.dfy\"\ninclude \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nmodule ABHelpers\n{\n import opened ArmadaCommonDefin"
},
{
"path": "Test/assume-intro/test.arm",
"chars": 2354,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs {\n\n}\n\nlevel A using SharedStructs {\n noaddr"
},
{
"path": "Test/assume-intro/test2.arm",
"chars": 1011,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs2 {\n\n}\n\nlevel C using SharedStructs2 {\n ghost "
},
{
"path": "Test/assume-intro/test3.arm",
"chars": 914,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs3 {\n\n}\n\nlevel E using SharedStructs3 {\n noad"
},
{
"path": "Test/barrier/.gitignore",
"chars": 103,
"preview": "Impl.dfy\nSharedStructs.dfy\nL1.dfy\nL2.dfy\nL1RefinesL2.dfy\nImplRefinesL1.dfy\nImplRefinesL1/\nL1RefinesL2/\n"
},
{
"path": "Test/barrier/barrier.arm",
"chars": 11107,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs\n{\n ghost var log:seq<uint32> := [];\n\n refine"
},
{
"path": "Test/barrier/extra.dfy",
"chars": 4680,
"preview": "include \"L1.dfy\"\n\nmodule L1RefinesL2Helpers {\n\n import opened L = L1\n\n lemma lemma_FindStoreBuffer1WhenLocalViewSeesIt"
},
{
"path": "Test/bitvector/.gitignore",
"chars": 41,
"preview": "A.dfy\nAB.dfy\nAB/\nB.dfy\nSharedStructs.dfy\n"
},
{
"path": "Test/bitvector/bv.dfy",
"chars": 1572,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nmodule BitVectorTest1 {\n\nimport opened ArmadaCommonDefinitions\n\n\nlem"
},
{
"path": "Test/bitvector/test.arm",
"chars": 939,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs {\n}\n\nlevel A using SharedStructs {\n method "
},
{
"path": "Test/clight/.gitignore",
"chars": 37,
"preview": "Impl.dfy\nSharedStructs.dfy\nbarrier.c\n"
},
{
"path": "Test/clight/Makefile",
"chars": 1199,
"preview": "\nDAFNYS=$(wildcard *.arm)\nCPPS=$(subst .arm,.c,$(DAFNYS))\nEXECS=$(subst .arm,,$(DAFNYS))\nDAFNY_DIR=../..\nDAFNY=$(DAFNY_D"
},
{
"path": "Test/clight/barrier.arm",
"chars": 1350,
"preview": "// Compile with: ../../Binaries/Armada.exe /compile:0 /spillTargetCode:3 /compileTarget:clight extern.h barrier.arm\n\nin"
},
{
"path": "Test/clight/bench/bench_armada.c",
"chars": 8527,
"preview": "// This file contains the benchmark for armada implementation of bounded_singleproducer_singleconsumer queue.\n\n\n// 1. Ar"
},
{
"path": "Test/clight/bench/bench_armada_gcc.c",
"chars": 3791,
"preview": "// This file contains the benchmark for aramda implementation of bounded_singleproducer_singleconsumer queue.\n\n// To com"
},
{
"path": "Test/clight/bench/bench_lfds.c",
"chars": 5469,
"preview": "// This file contains the benchmark for liblfds implementation of bounded_singleproducer_singleconsumer queue.\n\n// You n"
},
{
"path": "Test/clight/bench/bench_sound_queue.c",
"chars": 8743,
"preview": "// Dafny program queue.arm compiled into ClightTSO\n#include \"DafnyRuntime.h\"\n#include \"extern.h\"\n// namespace _8_SharedS"
},
{
"path": "Test/clight/extern.h",
"chars": 840,
"preview": "#pragma once\n#include \"DafnyRuntime.h\"\n\n// Extern for sqrt\nuint32 rnd()\n{\n uint32 x = (uint32) rand() % 0xFFFF;\n retur"
},
{
"path": "Test/clight/failed/failed_0.c",
"chars": 496,
"preview": "struct lock;\ntypedef struct lock lock;\nstruct lock {\n int wait;\n lock* next;\n};\n\n// There might be some bug in CompCer"
},
{
"path": "Test/clight/failed/failed_1.c",
"chars": 160,
"preview": "#include <stdio.h>\nint main()\n{\n\t// Fatal error: glibc detected an invalid stdio handle\n // Aborted (core dumped)\n\tpu"
},
{
"path": "Test/clight/lock.arm",
"chars": 1856,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs MCSLock {\n struct lock {\n var wait: uint32;\n var next"
},
{
"path": "Test/clight/queue.arm",
"chars": 4537,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs {\n\n //type uint64 /*Key*/ = uint64\n //ty"
},
{
"path": "Test/clight/sqrt.arm",
"chars": 1345,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs { }\n\nlayer {:concrete} A using SharedStructs {"
},
{
"path": "Test/clight/upload.sh",
"chars": 64,
"preview": "echo rsync -avz $2 fedora@$1:~/\n rsync -avz $2 fedora@$1:~/\n"
},
{
"path": "Test/combining/.gitignore",
"chars": 41,
"preview": "SharedStructs.dfy\nA.dfy\nB.dfy\nAB.dfy\nAB/\n"
},
{
"path": "Test/combining/test.arm",
"chars": 830,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs {\n\n}\n\nlevel A using SharedStructs {\n noaddr"
},
{
"path": "Test/counter/.gitignore",
"chars": 160,
"preview": "A.dfy\nAB.dfy\nAB/\nB.dfy\nBC.dfy\nBC/\nC.dfy\nCD.dfy\nCD/\nD.dfy\nDE.dfy\nDE/\nE.dfy\nEF.dfy\nEF/\nF.dfy\nFG.dfy\nFG/\nG.dfy\nGI.dfy\nGI/\nI"
},
{
"path": "Test/counter/A.arm",
"chars": 1568,
"preview": "include \"SharedStructs.arm\"\n\nlevel A using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var acquire_map: map<"
},
{
"path": "Test/counter/AB.arm",
"chars": 117,
"preview": "include \"A.arm\"\ninclude \"B.arm\"\n\nproof AB {\n refinement A B\n var_intro mutex, inc1, inc2, done, main_reading\n}\n"
},
{
"path": "Test/counter/B.arm",
"chars": 2891,
"preview": "include \"SharedStructs.arm\"\n\nlevel B using SharedStructs{\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0;"
},
{
"path": "Test/counter/BC.arm",
"chars": 2562,
"preview": "include \"B.arm\"\ninclude \"C.arm\"\n\nproof BC {\n refinement B C\n assume_intro\n\n inductive_invariant no_joinable \"fo"
},
{
"path": "Test/counter/C.arm",
"chars": 2857,
"preview": "include \"SharedStructs.arm\"\n\nlevel C using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/CD.arm",
"chars": 931,
"preview": "include \"C.arm\"\ninclude \"D.arm\"\n\nproof CD {\n refinement C D\n tso_elim x @\"\n && ghosts.mutex in ghosts.acqui"
},
{
"path": "Test/counter/D.arm",
"chars": 2800,
"preview": "include \"SharedStructs.arm\"\n\nlevel D using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/DE.arm",
"chars": 315,
"preview": "include \"D.arm\"\ninclude \"E.arm\"\n\nproof DE {\n refinement D E\n reduction phase1 inc_lb1\n use_address_invariant\n\n "
},
{
"path": "Test/counter/E.arm",
"chars": 2109,
"preview": "include \"SharedStructs.arm\"\n\nlevel E using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/EF.arm",
"chars": 92,
"preview": "include \"E.arm\"\ninclude \"F.arm\"\n\nproof EF {\n refinement E F\n stack_var_hiding inc y\n}\n"
},
{
"path": "Test/counter/F.arm",
"chars": 2451,
"preview": "include \"SharedStructs.arm\"\n\nlevel F using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/FG.arm",
"chars": 2345,
"preview": "include \"F.arm\"\ninclude \"G.arm\"\n\nproof FG {\n refinement F G\n assume_intro\n \n include_file \"extra.dfy\"\n im"
},
{
"path": "Test/counter/G.arm",
"chars": 1911,
"preview": "include \"SharedStructs.arm\"\n\nlevel G using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/GI.arm",
"chars": 79,
"preview": "include \"G.arm\"\ninclude \"I.arm\"\n\nproof GI {\n refinement G I\n weakening\n}\n"
},
{
"path": "Test/counter/I.arm",
"chars": 1739,
"preview": "include \"SharedStructs.arm\"\n\nlevel I using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/IJ.arm",
"chars": 111,
"preview": "include \"I.arm\"\ninclude \"J.arm\"\n\nproof IJ {\n refinement I J\n var_hiding done, inc1, inc2, main_reading\n}\n"
},
{
"path": "Test/counter/J.arm",
"chars": 1481,
"preview": "include \"SharedStructs.arm\"\n\nlevel J using SharedStructs {\n noaddr var x:uint32 := 0;\n ghost var mutex:uint64 := 0"
},
{
"path": "Test/counter/SharedStructs.arm",
"chars": 150,
"preview": "include \"../../Armada/ArmadaCommonDefinitions.dfy\"\n\nstructs SharedStructs\n{\n datatype OptionalThread = OptionalSome(t"
}
]
// ... and 721 more files (download for full content)
About this extraction
This page contains the full source code of the microsoft/Armada GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 921 files (9.1 MB), approximately 2.4M tokens, and a symbol index with 6754 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.