Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

viper: invariants #3488

Merged
merged 22 commits into from
Oct 15, 2022
Merged

viper: invariants #3488

merged 22 commits into from
Oct 15, 2022

Conversation

ggreif
Copy link
Contributor

@ggreif ggreif commented Oct 14, 2022
edited by aterga
Loading

This implements actor-global invariants. They get (currently) declared with a actor-level assert and translated to a Viper macro, that gets both required and ensured from each method by calls to those macros.

TODOs:

@ggreif ggreif changed the base branch from master to viper October 14, 2022 21:21
@ggreif ggreif requested a review from mraszyk October 14, 2022 21:22
@ggreif ggreif force-pushed the gabor/viper branch 3 times, most recently from c3c6ceb to 64e6211 Compare October 14, 2022 22:08
@mraszyk
Copy link

mraszyk commented Oct 15, 2022

Looks good to me so far, but

use invariant(s) for pre/postconditions on each actor method

this seems to be missing.

@ggreif
Copy link
Contributor Author

ggreif commented Oct 15, 2022

this seems to be missing.

Yes, that is the TODO list :-)
I am far from done

@ggreif
Copy link
Contributor Author

ggreif commented Oct 15, 2022

So regarding global invariants, we need a transformation pass that adorns the corresponding requires and ensures onto each method, right?

@ggreif ggreif force-pushed the gabor/viper branch 2 times, most recently from 2af2a9c to 2829990 Compare October 15, 2022 12:29
@ggreif ggreif requested review from aterga and crusso October 15, 2022 14:09
@ggreif ggreif force-pushed the gabor/viper branch 2 times, most recently from ed66529 to efdab63 Compare October 15, 2022 16:33
@ggreif
try top-level assert
144900a
@ggreif
start modelling invariants
c688704
@ggreif
actually emit the expression
b156f2c
@ggreif
srcloc mapping is TODO
9ca0467
@ggreif
tweak
edc99f5
@ggreif
handle equality comparisons
bdcb8c9
@ggreif
handle OrE and AndE
fea9bd5
@ggreif
rely on invariants being named from the get-go
20a18b8
@ggreif
happy game, but tying the knot is tricky
69b5b64
@ggreif
revert to a two-pass construction
78fc686
@ggreif
affix invariants
7dadbaa 
as pre/postconditions on every method
@ggreif
intro MacroCall and pretty it
b16eea6
@ggreif
fake the self reference for now
61b892a
@ggreif
pass in the $Self reference to the macro invocation
00e244d
@ggreif
arguably simpler
e462958 
But OCaml is weird
```
File "viper/trans.ml", line 32, characters 35-48:
32 |         { it = MacroCall(s, { it = LocalVar self
                                        ^^^^^^^^^^^^^
Error: The constructor LocalVar expects 2 argument(s),
       but is applied here to 1 argument(s)
```
@ggreif
anticipate that in actor invariant macros the self local should be …
e46f38c 
…present
@ggreif ggreif merged commit 228ba23 into viper Oct 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mraszyk mraszyk Awaiting requested review from mraszyk

@aterga aterga Awaiting requested review from aterga

@crusso crusso Awaiting requested review from crusso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ggreif @mraszyk