infer_clone/sledge/lib/solver_test.ml

(*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 *)

(* [@@@warning "-32"] *)

let%test_module _ =
  ( module struct
    let () =
      Trace.init ~margin:68
        ~config:(Result.ok_exn (Trace.parse "+Solver.infer_frame"))
        ()

    (* let () =
     *   Trace.init ~margin:160
     *     ~config:
     *       (Result.ok_exn (Trace.parse "+Solver.infer_frame+Solver.excise"))
     *     () *)

    let infer_frame p xs q =
      Solver.infer_frame p (Var.Set.of_list xs) q
      |> (ignore : Sh.t option -> _)

    let check_frame p xs q =
      Solver.infer_frame p (Var.Set.of_list xs) q
      |> fun r -> assert (Option.is_some r)

    let ( ! ) i = Term.integer (Z.of_int i)
    let ( + ) = Term.add
    let ( - ) = Term.sub
    let ( * ) = Term.mul
    let wrt = Var.Set.empty
    let a_, wrt = Var.fresh "a" ~wrt
    let a2_, wrt = Var.fresh "a" ~wrt
    let a3_, wrt = Var.fresh "a" ~wrt
    let b_, wrt = Var.fresh "b" ~wrt
    let k_, wrt = Var.fresh "k" ~wrt
    let l_, wrt = Var.fresh "l" ~wrt
    let l2_, wrt = Var.fresh "l" ~wrt
    let m_, wrt = Var.fresh "m" ~wrt
    let n_, _ = Var.fresh "n" ~wrt
    let a = Term.var a_
    let a2 = Term.var a2_
    let a3 = Term.var a3_
    let b = Term.var b_
    let k = Term.var k_
    let l = Term.var l_
    let l2 = Term.var l2_
    let m = Term.var m_
    let n = Term.var n_

    let%expect_test _ =
      check_frame Sh.emp [] Sh.emp ;
      [%expect
        {|
        ( infer_frame:   emp \-   emp
        ) infer_frame:   emp |}]

    let%expect_test _ =
      check_frame (Sh.false_ Var.Set.empty) [] Sh.emp ;
      [%expect
        {|
        ( infer_frame:   false \-   emp
        ) infer_frame:   false |}]

    let%expect_test _ =
      check_frame Sh.emp [n_; m_] (Sh.and_ (Term.eq m n) Sh.emp) ;
      [%expect
        {|
        ( infer_frame:   emp \- ∃ %m_8, %n_9 .   %m_8 = %n_9 ∧ emp
        ) infer_frame:   %m_8 = %n_9 ∧ emp |}]

    let%expect_test _ =
      check_frame
        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
        [] Sh.emp ;
      [%expect
        {|
        ( infer_frame:   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩ \-   emp
        ) infer_frame:   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩ |}]

    let%expect_test _ =
      check_frame
        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
        []
        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a}) ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
          \-   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
        ) infer_frame:   emp |}]

    let%expect_test _ =
      let common = Sh.seg {loc= l2; bas= b; len= !10; siz= !10; arr= a2} in
      let seg1 = Sh.seg {loc= l; bas= b; len= !10; siz= !10; arr= a} in
      let minued = Sh.star common seg1 in
      let subtrahend =
        Sh.and_ (Term.eq m n)
          (Sh.exists
             (Var.Set.of_list [m_])
             (Sh.extend_us (Var.Set.of_list [m_]) common))
      in
      infer_frame minued [n_; m_] subtrahend ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[ %b_4, 10 )-> ⟨10,%a_1⟩ * %l_7 -[ %b_4, 10 )-> ⟨10,%a_2⟩
          \- ∃ %m_8, %n_9 .
            ∃ %m_10 .   %m_8 = %n_9 ∧ %l_7 -[ %b_4, 10 )-> ⟨10,%a_2⟩
        ) infer_frame:
          ∃ %m_10 .   %m_8 = %n_9 ∧ %l_6 -[ %b_4, 10 )-> ⟨10,%a_1⟩ |}]

    let%expect_test _ =
      check_frame
        (Sh.star
           (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
           (Sh.seg {loc= l2; bas= b; len= m; siz= n; arr= a2}))
        []
        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a}) ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
          * %l_7 -[ %b_4, %m_8 )-> ⟨%n_9,%a_2⟩
          \-   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
        ) infer_frame:   %l_7 -[ %b_4, %m_8 )-> ⟨%n_9,%a_2⟩ |}]

    let%expect_test _ =
      check_frame
        (Sh.star
           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
        [a3_]
        (Sh.seg {loc= l; bas= l; len= !16; siz= !16; arr= a3}) ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩ \- ∃ %a_3 .   %l_6 -[)-> ⟨16,%a_3⟩
        ) infer_frame:   %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ emp |}]

    let%expect_test _ =
      check_frame
        (Sh.star
           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
        [a3_; m_]
        (Sh.seg {loc= l; bas= l; len= m; siz= !16; arr= a3}) ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩
          \- ∃ %a_3, %m_8 .
              %l_6 -[ %l_6, %m_8 )-> ⟨16,%a_3⟩
        ) infer_frame:
            %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ 16 = %m_8 ∧ emp |}]

    let%expect_test _ =
      check_frame
        (Sh.star
           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
        [a3_; m_]
        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a3}) ;
      [%expect
        {|
        ( infer_frame:
            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩
          \- ∃ %a_3, %m_8 .
              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_3⟩
        ) infer_frame:
            %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ 16 = %m_8 ∧ emp |}]

    let%expect_test _ =
      check_frame
        (Sh.star
           (Sh.seg {loc= k; bas= k; len= !16; siz= !32; arr= a})
           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= !16}))
        [a2_; m_; n_]
        (Sh.star
           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= n})
           (Sh.seg {loc= k; bas= k; len= m; siz= n; arr= a2})) ;
      [%expect
        {|
        ( infer_frame:
            %k_5 -[ %k_5, 16 )-> ⟨32,%a_1⟩ * %l_6 -[)-> ⟨8,16⟩
          \- ∃ %a_2, %m_8, %n_9 .
              %k_5 -[ %k_5, %m_8 )-> ⟨%n_9,%a_2⟩ * %l_6 -[)-> ⟨8,%n_9⟩
        ) infer_frame:
          ∃ %a0_10, %a1_11 .
            %a_2 = %a0_10
          ∧ (⟨16,%a_2⟩^⟨16,%a1_11⟩) = %a_1
          ∧ 16 = %m_8 = %n_9
          ∧ (%k_5 + 16) -[ %k_5, 16 )-> ⟨16,%a1_11⟩ |}]

    let%expect_test _ =
      infer_frame
        (Sh.star
           (Sh.seg {loc= k; bas= k; len= !16; siz= !32; arr= a})
           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= !16}))
        [a2_; m_; n_]
        (Sh.star
           (Sh.seg {loc= k; bas= k; len= m; siz= n; arr= a2})
           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= n})) ;
      [%expect
        {|
        ( infer_frame:
            %k_5 -[ %k_5, 16 )-> ⟨32,%a_1⟩ * %l_6 -[)-> ⟨8,16⟩
          \- ∃ %a_2, %m_8, %n_9 .
              %k_5 -[ %k_5, %m_8 )-> ⟨%n_9,%a_2⟩ * %l_6 -[)-> ⟨8,%n_9⟩
        ) infer_frame:
          ∃ %a0_10, %a1_11 .
            %a_2 = %a0_10
          ∧ (⟨16,%a_2⟩^⟨16,%a1_11⟩) = %a_1
          ∧ 16 = %m_8 = %n_9
          ∧ (%k_5 + 16) -[ %k_5, 16 )-> ⟨16,%a1_11⟩ |}]

    let seg_split_symbolically =
      Sh.star
        (Sh.seg {loc= l; bas= l; len= !16; siz= !8 * n; arr= a2})
        (Sh.seg
           { loc= l + (!8 * n)
           ; bas= l
           ; len= !16
           ; siz= !16 - (!8 * n)
           ; arr= a3 })

    let%expect_test _ =
      check_frame
        (Sh.and_
           Term.(or_ (or_ (eq n !0) (eq n !1)) (eq n !2))
           seg_split_symbolically)
        [m_; a_]
        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a}) ;
      [%expect
        {|
        ( infer_frame:
            (%l_6 + 8 × %n_9) -[ %l_6, 16 )-> ⟨(-8 × %n_9 + 16),%a_3⟩
          * %l_6 -[ %l_6, 16 )-> ⟨(8 × %n_9),%a_2⟩
          * ( (  2 = %n_9 ∧ emp)
            ∨ (  0 = %n_9 ∧ emp)
            ∨ (  1 = %n_9 ∧ emp)
            )
          \- ∃ %a_1, %m_8 .
              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_1⟩
        ) infer_frame:
            ( (  %a_1 = %a_2
               ∧ 2 = %n_9
               ∧ 16 = %m_8
               ∧ (%l_6 + 16) -[ %l_6, 16 )-> ⟨0,%a_3⟩)
            ∨ (  %a_3 = _
               ∧ (⟨8,%a_2⟩^⟨8,%a_3⟩) = %a_1
               ∧ 1 = %n_9
               ∧ 16 = %m_8
               ∧ emp)
            ∨ (  %a_3 = _
               ∧ (⟨0,%a_2⟩^⟨16,%a_3⟩) = %a_1
               ∧ 0 = %n_9
               ∧ 16 = %m_8
               ∧ emp)
            ) |}]

    (* Incompleteness: equivalent to above but using ≤ instead of ∨ *)
    let%expect_test _ =
      infer_frame
        (Sh.and_ (Term.le n !2) seg_split_symbolically)
        [m_; a_]
        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a}) ;
      [%expect
        {|
        ( infer_frame:
            (%n_9 ≤ 2)
          ∧ (%l_6 + 8 × %n_9) -[ %l_6, 16 )-> ⟨(-8 × %n_9 + 16),%a_3⟩
          * %l_6 -[ %l_6, 16 )-> ⟨(8 × %n_9),%a_2⟩
          \- ∃ %a_1, %m_8 .
              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_1⟩
        ) infer_frame: |}]

    (* Incompleteness: cannot witness existentials to satisfy non-equality
       pure constraints *)
    let%expect_test _ =
      let subtrahend = Sh.and_ (Term.eq m a) (Sh.pure (Term.dq m !0)) in
      let minuend = Sh.extend_us (Var.Set.of_ a_) Sh.emp in
      infer_frame minuend [m_] subtrahend ;
      [%expect
        {|
        ( infer_frame:   emp \- ∃ %m_8 .   %a_1 = %m_8 ∧ (%a_1 ≠ 0) ∧ emp
        ) infer_frame: |}]
  end )
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								(*
-												[copyright] Remove years

Reviewed By: jvillard

Differential Revision: D15771884

fbshipit-source-id: e2997e3a3

											
										
										
											6 years ago
+								 * Copyright (c) Facebook, Inc. and its affiliates.
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								 *
 								 * This source code is licensed under the MIT license found in the
 								 * LICENSE file in the root directory of this source tree.
 								 *)
-												[sledge] Improve tracing in unit tests

Summary:
It is more convenient, and harder to misunderstand, if the verbose
tracing setting comes commented-out after the default non-verbose
setting.

Reviewed By: jvillard

Differential Revision: D20583755

fbshipit-source-id: 06ecb0e9a

											
										
										
											5 years ago
+								(* [@@@warning "-32"] *)
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								let%test_module _ =
 								  ( module struct
 								    let () =
 								      Trace.init ~margin:68
 								        ~config:(Result.ok_exn (Trace.parse "+Solver.infer_frame"))
 								        ()
-												[sledge] Replace solution substitution trimming with partitioning

Summary:
Replace `Equality.Subst.trim` with `partition_valid` which has a
logical specification (and unsurprisingly fixes some corner case
bugs):

```
val partition_valid : Var.Set.t -> t -> t * Var.Set.t * t
(** Partition ∃xs. σ into equivalent ∃xs. τ ∧ ∃ks. ν where ks and ν
    are maximal where ∃ks. ν is universally valid, xs ⊇ ks and ks ∩
    fv(τ) = ∅. *)
```

Reviewed By: ngorogiannis

Differential Revision: D20004974

fbshipit-source-id: 5cb3b3835

											
										
										
											5 years ago
+								    (* let () =
 								     *   Trace.init ~margin:160
 								     *     ~config:
 								     *       (Result.ok_exn (Trace.parse "+Solver.infer_frame+Solver.excise"))
 								     *     () *)
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								    let infer_frame p xs q =
 								      Solver.infer_frame p (Var.Set.of_list xs) q
 								      |> (ignore : Sh.t option -> _)
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								    let check_frame p xs q =
 								      Solver.infer_frame p (Var.Set.of_list xs) q
 								      |> fun r -> assert (Option.is_some r)
-												[sledge] Simplify arithmetic terms due to not needing type

Summary:
Now that terms operate over unbounded, signed, integers rather than
bounded integers, and Boolean operations are treated uniformly with
bitwise operations, it is not necessary to propagate types throughout
arithmetic term manipulation.

Reviewed By: bennostein

Differential Revision: D17665257

fbshipit-source-id: 5236b101d

											
										
										
											5 years ago
+								    let ( ! ) i = Term.integer (Z.of_int i)
 								    let ( + ) = Term.add
 								    let ( - ) = Term.sub
 								    let ( * ) = Term.mul
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								    let wrt = Var.Set.empty
 								    let a_, wrt = Var.fresh "a" ~wrt
 								    let a2_, wrt = Var.fresh "a" ~wrt
 								    let a3_, wrt = Var.fresh "a" ~wrt
 								    let b_, wrt = Var.fresh "b" ~wrt
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								    let k_, wrt = Var.fresh "k" ~wrt
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								    let l_, wrt = Var.fresh "l" ~wrt
 								    let l2_, wrt = Var.fresh "l" ~wrt
 								    let m_, wrt = Var.fresh "m" ~wrt
 								    let n_, _ = Var.fresh "n" ~wrt
-												[sledge] Distinguish program expressions and formula terms

Summary:
There are a number if issues with using the same type for expressions
in code and in formulas. One is that the type systems of the two
should be different. Another is that conflating the two compromises
the ability of Llair to correctly express aspects such as integer
overflow, floating point rounding, etc. Also, it could be beneficial
to have more source locations for program expressions than makes sense
for terms.

This diff simply unshares Exp, leading to a copy named Term. Likewise,
Reg is now a copy of Var. Simplifications to come.

Reviewed By: bennostein

Differential Revision: D17665250

fbshipit-source-id: 4359a80d5

											
										
										
											5 years ago
+								    let a = Term.var a_
 								    let a2 = Term.var a2_
 								    let a3 = Term.var a3_
 								    let b = Term.var b_
 								    let k = Term.var k_
 								    let l = Term.var l_
 								    let l2 = Term.var l2_
 								    let m = Term.var m_
 								    let n = Term.var n_
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame Sh.emp [] Sh.emp ;
 								      [%expect
 								        {|
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								        ( infer_frame:   emp \-   emp
 								        ) infer_frame:   emp |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame (Sh.false_ Var.Set.empty) [] Sh.emp ;
 								      [%expect
 								        {|
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								        ( infer_frame:   false \-   emp
 								        ) infer_frame:   false |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
-												[sledge] [solver] add handling of trivial equality

Summary:
The solver couldn't deal with `∃ a,b . a = b` , so this diff adds
a special case to deal with it.

Reviewed By: ngorogiannis

Differential Revision: D15897953

fbshipit-source-id: d841d3557

											
										
										
											6 years ago
+								    let%expect_test _ =
-												[sledge] Distinguish program expressions and formula terms

Summary:
There are a number if issues with using the same type for expressions
in code and in formulas. One is that the type systems of the two
should be different. Another is that conflating the two compromises
the ability of Llair to correctly express aspects such as integer
overflow, floating point rounding, etc. Also, it could be beneficial
to have more source locations for program expressions than makes sense
for terms.

This diff simply unshares Exp, leading to a copy named Term. Likewise,
Reg is now a copy of Var. Simplifications to come.

Reviewed By: bennostein

Differential Revision: D17665250

fbshipit-source-id: 4359a80d5

											
										
										
											5 years ago
+								      check_frame Sh.emp [n_; m_] (Sh.and_ (Term.eq m n) Sh.emp) ;
-												[sledge] [solver] add handling of trivial equality

Summary:
The solver couldn't deal with `∃ a,b . a = b` , so this diff adds
a special case to deal with it.

Reviewed By: ngorogiannis

Differential Revision: D15897953

fbshipit-source-id: d841d3557

											
										
										
											6 years ago
+								      [%expect
 								        {|
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								        ( infer_frame:   emp \- ∃ %m_8, %n_9 .   %m_8 = %n_9 ∧ emp
-												[sledge] Strengthen quantifier witnessing

Summary:
Strengthen existential quantifier witnessing to enable witnessing an
existential with a term containing another existential if no universal
witness is available. Additionally, strengthen existential witnessing
to enable terms of interpreted theories to witness existential
variables.

Also strengthen and simplify the representation invariant checking for
existential witnessing code.

Reviewed By: jvillard

Differential Revision: D20120271

fbshipit-source-id: 4c44fe9ef

											
										
										
											5 years ago
+								        ) infer_frame:   %m_8 = %n_9 ∧ emp |}]
-												[sledge] [solver] add handling of trivial equality

Summary:
The solver couldn't deal with `∃ a,b . a = b` , so this diff adds
a special case to deal with it.

Reviewed By: ngorogiannis

Differential Revision: D15897953

fbshipit-source-id: d841d3557

											
										
										
											6 years ago
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								    let%expect_test _ =
 								      check_frame
 								        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
 								        [] Sh.emp ;
 								      [%expect
 								        {|
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								        ( infer_frame:   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩ \-   emp
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								        ) infer_frame:   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩ |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
 								        []
 								        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								            %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
 								          \-   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								        ) infer_frame:   emp |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
-												[sledge] Fix solver crash

Summary:
Fix a crash that occurs when subtrahend has an existential variable that
was renamed as in the test.

The crash is due to an assertion in `Sh.exists` that says only variables
in the vocabulary can be existentialy quantifed out.

The problem was `Sh.exists` call in Solver.ml:611. Where `ws`
(existentials of the subthrehend) are not present in the vocabulary of
the remainder. This is because remainder "inheirts" the vocabulary of
the minued.

This fix simply extends the vocabulary of minued with `ws`, which
means the remaainder has the correct vocabulary. This should have no
externally visible effect as `ws` are then existentialed out.

Another option would be to try to change all the `excise_seg` functions,
to keep the vocabulary, but that looked annoying to implement.

Reviewed By: jvillard

Differential Revision: D16201423

fbshipit-source-id: b88c3abc4

											
										
										
											5 years ago
+								    let%expect_test _ =
 								      let common = Sh.seg {loc= l2; bas= b; len= !10; siz= !10; arr= a2} in
 								      let seg1 = Sh.seg {loc= l; bas= b; len= !10; siz= !10; arr= a} in
 								      let minued = Sh.star common seg1 in
 								      let subtrahend =
-												[sledge] Distinguish program expressions and formula terms

Summary:
There are a number if issues with using the same type for expressions
in code and in formulas. One is that the type systems of the two
should be different. Another is that conflating the two compromises
the ability of Llair to correctly express aspects such as integer
overflow, floating point rounding, etc. Also, it could be beneficial
to have more source locations for program expressions than makes sense
for terms.

This diff simply unshares Exp, leading to a copy named Term. Likewise,
Reg is now a copy of Var. Simplifications to come.

Reviewed By: bennostein

Differential Revision: D17665250

fbshipit-source-id: 4359a80d5

											
										
										
											5 years ago
+								        Sh.and_ (Term.eq m n)
-												[sledge] Fix solver crash

Summary:
Fix a crash that occurs when subtrahend has an existential variable that
was renamed as in the test.

The crash is due to an assertion in `Sh.exists` that says only variables
in the vocabulary can be existentialy quantifed out.

The problem was `Sh.exists` call in Solver.ml:611. Where `ws`
(existentials of the subthrehend) are not present in the vocabulary of
the remainder. This is because remainder "inheirts" the vocabulary of
the minued.

This fix simply extends the vocabulary of minued with `ws`, which
means the remaainder has the correct vocabulary. This should have no
externally visible effect as `ws` are then existentialed out.

Another option would be to try to change all the `excise_seg` functions,
to keep the vocabulary, but that looked annoying to implement.

Reviewed By: jvillard

Differential Revision: D16201423

fbshipit-source-id: b88c3abc4

											
										
										
											5 years ago
+								          (Sh.exists
 								             (Var.Set.of_list [m_])
 								             (Sh.extend_us (Var.Set.of_list [m_]) common))
 								      in
 								      infer_frame minued [n_; m_] subtrahend ;
 								      [%expect
 								        {|
 								        ( infer_frame:
 								            %l_6 -[ %b_4, 10 )-> ⟨10,%a_1⟩ * %l_7 -[ %b_4, 10 )-> ⟨10,%a_2⟩
 								          \- ∃ %m_8, %n_9 .
 								            ∃ %m_10 .   %m_8 = %n_9 ∧ %l_7 -[ %b_4, 10 )-> ⟨10,%a_2⟩
-												[sledge] Strengthen quantifier witnessing

Summary:
Strengthen existential quantifier witnessing to enable witnessing an
existential with a term containing another existential if no universal
witness is available. Additionally, strengthen existential witnessing
to enable terms of interpreted theories to witness existential
variables.

Also strengthen and simplify the representation invariant checking for
existential witnessing code.

Reviewed By: jvillard

Differential Revision: D20120271

fbshipit-source-id: 4c44fe9ef

											
										
										
											5 years ago
+								        ) infer_frame:
 								          ∃ %m_10 .   %m_8 = %n_9 ∧ %l_6 -[ %b_4, 10 )-> ⟨10,%a_1⟩ |}]
-												[sledge] Fix solver crash

Summary:
Fix a crash that occurs when subtrahend has an existential variable that
was renamed as in the test.

The crash is due to an assertion in `Sh.exists` that says only variables
in the vocabulary can be existentialy quantifed out.

The problem was `Sh.exists` call in Solver.ml:611. Where `ws`
(existentials of the subthrehend) are not present in the vocabulary of
the remainder. This is because remainder "inheirts" the vocabulary of
the minued.

This fix simply extends the vocabulary of minued with `ws`, which
means the remaainder has the correct vocabulary. This should have no
externally visible effect as `ws` are then existentialed out.

Another option would be to try to change all the `excise_seg` functions,
to keep the vocabulary, but that looked annoying to implement.

Reviewed By: jvillard

Differential Revision: D16201423

fbshipit-source-id: b88c3abc4

											
										
										
											5 years ago
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								    let%expect_test _ =
 								      check_frame
 								        (Sh.star
 								           (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a})
 								           (Sh.seg {loc= l2; bas= b; len= m; siz= n; arr= a2}))
 								        []
 								        (Sh.seg {loc= l; bas= b; len= m; siz= n; arr= a}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								            %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
 								          * %l_7 -[ %b_4, %m_8 )-> ⟨%n_9,%a_2⟩
 								          \-   %l_6 -[ %b_4, %m_8 )-> ⟨%n_9,%a_1⟩
 								        ) infer_frame:   %l_7 -[ %b_4, %m_8 )-> ⟨%n_9,%a_2⟩ |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.star
 								           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
 								           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
 								        [a3_]
 								        (Sh.seg {loc= l; bas= l; len= !16; siz= !16; arr= a3}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
-												[sledge] Printing and tracing improvements

Reviewed By: ngorogiannis

Differential Revision: D19221882

fbshipit-source-id: a4ca741c8

											
										
										
											5 years ago
+								            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩ \- ∃ %a_3 .   %l_6 -[)-> ⟨16,%a_3⟩
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								        ) infer_frame:   %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ emp |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.star
 								           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
 								           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
 								        [a3_; m_]
 								        (Sh.seg {loc= l; bas= l; len= m; siz= !16; arr= a3}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
-												[sledge] Simplify printing of symbolic heaps

Summary:
Reduce redundancy by printing adjacent segments as if they had been
concatenated together.

Reviewed By: ngorogiannis

Differential Revision: D19221881

fbshipit-source-id: 613105864

											
										
										
											5 years ago
+								            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								          \- ∃ %a_3, %m_8 .
 								              %l_6 -[ %l_6, %m_8 )-> ⟨16,%a_3⟩
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								        ) infer_frame:
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								            %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ 16 = %m_8 ∧ emp |}]
-												[sledge] Revise solver existential instantiation

Summary:
In case the starting locations of two heap segments are
related (provably equal up to some offset), add equations between
their enclosing block to the goal. In these cases, the enclosing
blocks must be the same, so no completeness is lost. This has the
effect of instantiating existentials in the enclosing block prior to
others, which can avoid incomplete instantiation guesses.

Reviewed By: mbouaziz

Differential Revision: D14323550

fbshipit-source-id: 89a34a2c8

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.star
 								           (Sh.seg {loc= l; bas= l; len= !16; siz= !8; arr= a})
 								           (Sh.seg {loc= l + !8; bas= l; len= !16; siz= !8; arr= a2}))
 								        [a3_; m_]
 								        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a3}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
-												[sledge] Simplify printing of symbolic heaps

Summary:
Reduce redundancy by printing adjacent segments as if they had been
concatenated together.

Reviewed By: ngorogiannis

Differential Revision: D19221881

fbshipit-source-id: 613105864

											
										
										
											5 years ago
+								            %l_6 -[)-> ⟨8,%a_1⟩^⟨8,%a_2⟩
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								          \- ∃ %a_3, %m_8 .
-												[sledge] Simplify printing of symbolic heaps

Summary:
Reduce redundancy by printing adjacent segments as if they had been
concatenated together.

Reviewed By: ngorogiannis

Differential Revision: D19221881

fbshipit-source-id: 613105864

											
										
										
											5 years ago
+								              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_3⟩
-												[sledge] Revise solver existential instantiation

Summary:
In case the starting locations of two heap segments are
related (provably equal up to some offset), add equations between
their enclosing block to the goal. In these cases, the enclosing
blocks must be the same, so no completeness is lost. This has the
effect of instantiating existentials in the enclosing block prior to
others, which can avoid incomplete instantiation guesses.

Reviewed By: mbouaziz

Differential Revision: D14323550

fbshipit-source-id: 89a34a2c8

											
										
										
											6 years ago
+								        ) infer_frame:
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								            %a_2 = _ ∧ (⟨8,%a_1⟩^⟨8,%a_2⟩) = %a_3 ∧ 16 = %m_8 ∧ emp |}]
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.star
 								           (Sh.seg {loc= k; bas= k; len= !16; siz= !32; arr= a})
 								           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= !16}))
 								        [a2_; m_; n_]
 								        (Sh.star
 								           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= n})
 								           (Sh.seg {loc= k; bas= k; len= m; siz= n; arr= a2})) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
 								            %k_5 -[ %k_5, 16 )-> ⟨32,%a_1⟩ * %l_6 -[)-> ⟨8,16⟩
 								          \- ∃ %a_2, %m_8, %n_9 .
 								              %k_5 -[ %k_5, %m_8 )-> ⟨%n_9,%a_2⟩ * %l_6 -[)-> ⟨8,%n_9⟩
 								        ) infer_frame:
 								          ∃ %a0_10, %a1_11 .
-												[sledge] Change Concat term contructor to a generic n-ary application

Reviewed By: ngorogiannis

Differential Revision: D17665238

fbshipit-source-id: 713b333e8

											
										
										
											5 years ago
+								            %a_2 = %a0_10
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								          ∧ (⟨16,%a_2⟩^⟨16,%a1_11⟩) = %a_1
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								          ∧ 16 = %m_8 = %n_9
 								          ∧ (%k_5 + 16) -[ %k_5, 16 )-> ⟨16,%a1_11⟩ |}]
 								    let%expect_test _ =
 								      infer_frame
 								        (Sh.star
 								           (Sh.seg {loc= k; bas= k; len= !16; siz= !32; arr= a})
 								           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= !16}))
 								        [a2_; m_; n_]
 								        (Sh.star
 								           (Sh.seg {loc= k; bas= k; len= m; siz= n; arr= a2})
 								           (Sh.seg {loc= l; bas= l; len= !8; siz= !8; arr= n})) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
 								            %k_5 -[ %k_5, 16 )-> ⟨32,%a_1⟩ * %l_6 -[)-> ⟨8,16⟩
 								          \- ∃ %a_2, %m_8, %n_9 .
 								              %k_5 -[ %k_5, %m_8 )-> ⟨%n_9,%a_2⟩ * %l_6 -[)-> ⟨8,%n_9⟩
-												[sledge] Strengthen handling of existential segments

Summary:
Due to strengthened existential witnessing, the incomplete ad hoc
witness guessing is no longer needed.

Reviewed By: ngorogiannis

Differential Revision: D20120277

fbshipit-source-id: 8ee1656dd

											
										
										
											5 years ago
+								        ) infer_frame:
 								          ∃ %a0_10, %a1_11 .
 								            %a_2 = %a0_10
 								          ∧ (⟨16,%a_2⟩^⟨16,%a1_11⟩) = %a_1
 								          ∧ 16 = %m_8 = %n_9
 								          ∧ (%k_5 + 16) -[ %k_5, 16 )-> ⟨16,%a1_11⟩ |}]
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
 								    let seg_split_symbolically =
 								      Sh.star
 								        (Sh.seg {loc= l; bas= l; len= !16; siz= !8 * n; arr= a2})
 								        (Sh.seg
 								           { loc= l + (!8 * n)
 								           ; bas= l
 								           ; len= !16
 								           ; siz= !16 - (!8 * n)
 								           ; arr= a3 })
 								    let%expect_test _ =
 								      check_frame
 								        (Sh.and_
-												[sledge] Distinguish program expressions and formula terms

Summary:
There are a number if issues with using the same type for expressions
in code and in formulas. One is that the type systems of the two
should be different. Another is that conflating the two compromises
the ability of Llair to correctly express aspects such as integer
overflow, floating point rounding, etc. Also, it could be beneficial
to have more source locations for program expressions than makes sense
for terms.

This diff simply unshares Exp, leading to a copy named Term. Likewise,
Reg is now a copy of Var. Simplifications to come.

Reviewed By: bennostein

Differential Revision: D17665250

fbshipit-source-id: 4359a80d5

											
										
										
											5 years ago
+								           Term.(or_ (or_ (eq n !0) (eq n !1)) (eq n !2))
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								           seg_split_symbolically)
 								        [m_; a_]
 								        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
 								            (%l_6 + 8 × %n_9) -[ %l_6, 16 )-> ⟨(-8 × %n_9 + 16),%a_3⟩
 								          * %l_6 -[ %l_6, 16 )-> ⟨(8 × %n_9),%a_2⟩
 								          * ( (  2 = %n_9 ∧ emp)
 								            ∨ (  0 = %n_9 ∧ emp)
 								            ∨ (  1 = %n_9 ∧ emp)
 								            )
 								          \- ∃ %a_1, %m_8 .
-												[sledge] Simplify printing of symbolic heaps

Summary:
Reduce redundancy by printing adjacent segments as if they had been
concatenated together.

Reviewed By: ngorogiannis

Differential Revision: D19221881

fbshipit-source-id: 613105864

											
										
										
											5 years ago
+								              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_1⟩
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								        ) infer_frame:
-												[sledge] Revise Report printing

Summary:
The report output got disturbed by the change from predicate to
relational Domain, and the tricky control of printing simplified
states. After this diff by default states are printed in full, and in
simplified form with `-t State_domain.pp_simp`.

Also includes some minor output improvements.

Reviewed By: kren1

Differential Revision: D16059780

fbshipit-source-id: b33289887

											
										
										
											5 years ago
+								            ( (  %a_1 = %a_2
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								               ∧ 2 = %n_9
 								               ∧ 16 = %m_8
 								               ∧ (%l_6 + 16) -[ %l_6, 16 )-> ⟨0,%a_3⟩)
-												[sledge] Printing and tracing improvements

Reviewed By: ngorogiannis

Differential Revision: D19221882

fbshipit-source-id: a4ca741c8

											
										
										
											5 years ago
+								            ∨ (  %a_3 = _
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								               ∧ (⟨8,%a_2⟩^⟨8,%a_3⟩) = %a_1
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								               ∧ 1 = %n_9
 								               ∧ 16 = %m_8
 								               ∧ emp)
-												[sledge] Printing and tracing improvements

Reviewed By: ngorogiannis

Differential Revision: D19221882

fbshipit-source-id: a4ca741c8

											
										
										
											5 years ago
+								            ∨ (  %a_3 = _
-												[sledge] Add Shostak solver for aggregate theory

Reviewed By: ngorogiannis

Differential Revision: D19286626

fbshipit-source-id: 7cb0169fc

											
										
										
											5 years ago
+								               ∧ (⟨0,%a_2⟩^⟨16,%a_3⟩) = %a_1
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								               ∧ 0 = %n_9
 								               ∧ 16 = %m_8
 								               ∧ emp)
 								            ) |}]
 								    (* Incompleteness: equivalent to above but using ≤ instead of ∨ *)
 								    let%expect_test _ =
 								      infer_frame
-												[sledge] Distinguish program expressions and formula terms

Summary:
There are a number if issues with using the same type for expressions
in code and in formulas. One is that the type systems of the two
should be different. Another is that conflating the two compromises
the ability of Llair to correctly express aspects such as integer
overflow, floating point rounding, etc. Also, it could be beneficial
to have more source locations for program expressions than makes sense
for terms.

This diff simply unshares Exp, leading to a copy named Term. Likewise,
Reg is now a copy of Var. Simplifications to come.

Reviewed By: bennostein

Differential Revision: D17665250

fbshipit-source-id: 4359a80d5

											
										
										
											5 years ago
+								        (Sh.and_ (Term.le n !2) seg_split_symbolically)
-												[sledge] Add Solver tests demonstrating incompleteness

Summary:
The SL solver is currently not always able to append segments which
have been split symbolically, that is, at an internal point expressed
using a variable, rather than merely a constant.

Also, existential instantiation, that is, the choice of witnesses
during proof search, is currently sensitive to the order of
subformulas. This can lead to fragile incompleteness.

Reviewed By: mbouaziz

Differential Revision: D14481991

fbshipit-source-id: 80fe2f0a8

											
										
										
											6 years ago
+								        [m_; a_]
 								        (Sh.seg {loc= l; bas= l; len= m; siz= m; arr= a}) ;
 								      [%expect
 								        {|
 								        ( infer_frame:
 								            (%n_9 ≤ 2)
 								          ∧ (%l_6 + 8 × %n_9) -[ %l_6, 16 )-> ⟨(-8 × %n_9 + 16),%a_3⟩
 								          * %l_6 -[ %l_6, 16 )-> ⟨(8 × %n_9),%a_2⟩
 								          \- ∃ %a_1, %m_8 .
-												[sledge] Simplify printing of symbolic heaps

Summary:
Reduce redundancy by printing adjacent segments as if they had been
concatenated together.

Reviewed By: ngorogiannis

Differential Revision: D19221881

fbshipit-source-id: 613105864

											
										
										
											5 years ago
+								              %l_6 -[ %l_6, %m_8 )-> ⟨%m_8,%a_1⟩
-												[sledge] Replace solution substitution trimming with partitioning

Summary:
Replace `Equality.Subst.trim` with `partition_valid` which has a
logical specification (and unsurprisingly fixes some corner case
bugs):

```
val partition_valid : Var.Set.t -> t -> t * Var.Set.t * t
(** Partition ∃xs. σ into equivalent ∃xs. τ ∧ ∃ks. ν where ks and ν
    are maximal where ∃ks. ν is universally valid, xs ⊇ ks and ks ∩
    fv(τ) = ∅. *)
```

Reviewed By: ngorogiannis

Differential Revision: D20004974

fbshipit-source-id: 5cb3b3835

											
										
										
											5 years ago
+								        ) infer_frame: |}]
-												[sledge] Strengthen quantifier witnessing

Summary:
Strengthen existential quantifier witnessing to enable witnessing an
existential with a term containing another existential if no universal
witness is available. Additionally, strengthen existential witnessing
to enable terms of interpreted theories to witness existential
variables.

Also strengthen and simplify the representation invariant checking for
existential witnessing code.

Reviewed By: jvillard

Differential Revision: D20120271

fbshipit-source-id: 4c44fe9ef

											
										
										
											5 years ago
 								    (* Incompleteness: cannot witness existentials to satisfy non-equality
 								       pure constraints *)
 								    let%expect_test _ =
 								      let subtrahend = Sh.and_ (Term.eq m a) (Sh.pure (Term.dq m !0)) in
 								      let minuend = Sh.extend_us (Var.Set.of_ a_) Sh.emp in
 								      infer_frame minuend [m_] subtrahend ;
 								      [%expect
 								        {|
 								        ( infer_frame:   emp \- ∃ %m_8 .   %a_1 = %m_8 ∧ (%a_1 ≠ 0) ∧ emp
 								        ) infer_frame: |}]
-												[sledge] Add simple frame inference solver tests

Summary: An initial set of basic sanity checks for frame inference.

Reviewed By: mbouaziz

Differential Revision: D14323549

fbshipit-source-id: d7cd4235f

											
										
										
											6 years ago
+								  end )