-
Notifications
You must be signed in to change notification settings - Fork 1
/
validate_dsa.py
312 lines (241 loc) · 12.4 KB
/
validate_dsa.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
from typing import Collection, Sequence, Set
from typing_extensions import assert_never
import abc_cfg
import source
import nip
import ghost_code
import dsa
def compute_all_path(cfg: abc_cfg.CFG) -> Sequence[Sequence[source.NodeName]]:
# binary number, 1 means go left 0 means go right
# start exploring tree all the way from the left
all_paths: list[list[source.NodeName]] = []
def dfs(n: source.NodeName) -> None:
all_paths[-1].append(n)
succs = cfg.all_succs[n]
if len(succs) == 0:
return
if len(succs) == 1 and (n, succs[0]) not in cfg.back_edges:
dfs(succs[0])
return
path_so_far = list(all_paths[-1])
for i, succ in enumerate(succs):
if (n, succ) not in cfg.back_edges:
if i > 0:
all_paths.append(path_so_far)
dfs(succ)
for n, preds in cfg.all_preds.items():
if len(preds) == 0:
all_paths.append([])
dfs(n)
return all_paths
def ensure_assigned_at_most_once(func: dsa.Function, path: Collection[source.NodeName]) -> None:
""" Ensure that each variable (name, typ) is assigned at most once
"""
assigned_variables: list[dsa.Var[source.ProgVarName |
nip.GuardVarName]] = []
for n in path:
# note that we don't use source.assigned_variables_in_node because it
# returns a set. That is, if there are duplicates, it will hide them
# from us.
if n in (source.NodeNameRet, source.NodeNameErr):
continue
node = func.nodes[n]
if isinstance(node, source.NodeBasic):
assigned_variables.extend(upd.var for upd in node.upds)
elif isinstance(node, source.NodeCall):
assigned_variables.extend(ret for ret in node.rets)
elif not isinstance(node, source.NodeEmpty | source.NodeCond | source.NodeAssume | source.NodeAssert):
assert_never(node)
if loop_header := func.is_loop_header(n):
assigned_variables.extend(func.loops[loop_header].targets)
assert len(assigned_variables) == len(set(assigned_variables))
def ensure_using_latest_incarnation(func: dsa.Function, path: Collection[source.NodeName]) -> None:
latest_incarnations: dict[source.ExprVarT[source.ProgVarName |
nip.GuardVarName], dsa.IncarnationNum] = {}
# TODO: globals
for arg in func.signature.parameters:
prog_var, inc = dsa.unpack_dsa_var(arg)
assert prog_var not in latest_incarnations
latest_incarnations[prog_var] = inc
for n in path:
if n in (source.NodeNameErr, source.NodeNameRet):
continue
for dsa_var in source.used_variables_in_node(func.nodes[n]):
# loop targets are havoc'd at the top of the loop header
# that is, it is legal to use them in the loop header itself
if loop_header := func.is_loop_header(n):
for target in func.loops[loop_header].targets:
prog_var, inc = dsa.unpack_dsa_var(target)
latest_incarnations[prog_var] = inc
prog_var, inc = dsa.unpack_dsa_var(dsa_var)
if prog_var in latest_incarnations:
assert inc == latest_incarnations[prog_var], f"{prog_var=} {n=} {path=}"
# we don't assert that inc == 1 otherwise, because prog_var:1
# might be used on some other path that joins with our own(and so
# inc would be 2 for example)
for dsa_var in source.assigned_variables_in_node(func, n, with_loop_targets=True):
prog_var, inc = dsa.unpack_dsa_var(dsa_var)
latest_incarnations[prog_var] = inc
def ensure_valid_dsa(dsa_func: dsa.Function) -> None:
all_paths = compute_all_path(dsa_func.cfg)
for i, path in enumerate(all_paths):
ensure_assigned_at_most_once(dsa_func, path)
ensure_using_latest_incarnation(dsa_func, path)
def assert_expr_equals_mod_dsa(lhs: source.ExprT[source.ProgVarName | nip.GuardVarName], rhs: source.ExprT[dsa.Incarnation[source.ProgVarName | nip.GuardVarName]]) -> None:
assert lhs.typ == rhs.typ
if isinstance(lhs, source.ExprNum | source.ExprSymbol | source.ExprType):
assert lhs == rhs
elif isinstance(lhs, source.ExprVar):
assert isinstance(rhs, source.ExprVar)
assert lhs.name == dsa.unpack_dsa_var_name(rhs.name)[0]
elif isinstance(lhs, source.ExprOp):
assert isinstance(rhs, source.ExprOp)
assert lhs.operator == rhs.operator
assert len(lhs.operands) == len(rhs.operands)
for i in range(len(lhs.operands)):
assert_expr_equals_mod_dsa(lhs.operands[i], rhs.operands[i])
elif isinstance(lhs, source.ExprFunction):
assert isinstance(rhs, source.ExprFunction)
assert lhs.function_name == rhs.function_name
assert len(lhs.arguments) == len(rhs.arguments)
for i in range(len(lhs.arguments)):
assert_expr_equals_mod_dsa(lhs.arguments[i], rhs.arguments[i])
else:
assert_never(lhs)
def assert_var_equals_mod_dsa(prog: source.ExprVarT[source.ProgVarName | nip.GuardVarName], var: dsa.Var[source.ProgVarName | nip.GuardVarName]) -> None:
assert prog == dsa.unpack_dsa_var(var)[0]
def assert_node_equals_mod_dsa(prog: source.Node[source.ProgVarName | nip.GuardVarName], node: source.Node[dsa.Incarnation[source.ProgVarName | nip.GuardVarName]]) -> None:
if isinstance(prog, source.NodeBasic):
assert isinstance(node, source.NodeBasic)
assert len(prog.upds) == len(node.upds)
for i in range(len(prog.upds)):
assert_var_equals_mod_dsa(
prog.upds[i].var, node.upds[i].var)
assert_expr_equals_mod_dsa(
prog.upds[i].expr, node.upds[i].expr)
elif isinstance(prog, source.NodeCall):
assert isinstance(node, source.NodeCall)
assert len(prog.args) == len(node.args)
for i in range(len(prog.args)):
assert_expr_equals_mod_dsa(prog.args[i], node.args[i])
assert len(prog.rets) == len(node.rets)
for i in range(len(prog.rets)):
assert_var_equals_mod_dsa(prog.rets[i], node.rets[i])
elif isinstance(prog, source.NodeCond):
assert isinstance(node, source.NodeCond)
assert_expr_equals_mod_dsa(prog.expr, node.expr)
elif isinstance(prog, source.NodeAssume | source.NodeAssert):
assert isinstance(node, source.NodeAssume | source.NodeAssert)
assert_expr_equals_mod_dsa(prog.expr, node.expr)
elif isinstance(prog, source.NodeEmpty):
assert isinstance(node, source.NodeEmpty)
else:
assert_never(prog)
def assert_is_join_node(node: source.Node[dsa.Incarnation[source.ProgVarName | nip.GuardVarName]]) -> None:
assert isinstance(node, dsa.NodeJoiner)
for upd in node.upds:
# ensure every update is of the form A.X = A.Y
lhs_name, _ = dsa.unpack_dsa_var_name(upd.var.name)
assert isinstance(upd.expr, source.ExprVar)
rhs_name, _ = dsa.unpack_dsa_var_name(upd.expr.name)
assert upd.var.typ == upd.expr.typ
assert lhs_name == rhs_name
def ensure_correspondence(prog_func: ghost_code.Function, dsa_func: dsa.Function) -> None:
assert set(prog_func.nodes.keys()).issubset(dsa_func.nodes.keys())
join_node_names: list[source.NodeName] = []
for node_name in dsa_func.nodes:
if node_name in (source.NodeNameErr, source.NodeNameRet):
continue
dsa_node = dsa_func.nodes[node_name]
if node_name not in prog_func.nodes:
assert_is_join_node(dsa_node)
assert node_name.startswith('j') # not required semantically
join_node_names.append(node_name)
else:
prog_node = prog_func.nodes[node_name]
assert_node_equals_mod_dsa(prog_node, dsa_node)
for node_name in prog_func.traverse_topologically():
prog_succs = prog_func.cfg.all_succs[node_name]
dsa_succs = dsa_func.cfg.all_succs[node_name]
if prog_succs == dsa_succs:
continue
# the only reason the successors wouldn't been the same is if a dsa.dsa
# successor was a join node.
assert len(prog_succs) == len(dsa_succs)
for i in range(len(prog_succs)):
if prog_succs[i] == dsa_succs[i]:
continue
# we must have
# prog: a -----------> b
# dsa.dsa : a --> join --> b
assert dsa_succs[i] in join_node_names
join_node_succs = dsa_func.cfg.all_succs[dsa_succs[i]]
assert len(join_node_succs) == 1
assert join_node_succs[0] == prog_succs[i]
def ensure_valid_contexts(func: dsa.Function) -> None:
new_contexts: dict[source.NodeName, dict[source.ExprVarT[source.ProgVarName |
nip.GuardVarName], dsa.IncarnationNum]] = {}
new_contexts[func.cfg.entry] = {dsa.get_base_var(
var): dsa.IncarnationBase for var in func.signature.parameters}
assert new_contexts[func.cfg.entry] == func.contexts[func.cfg.entry]
for n in func.traverse_topologically(skip_err_and_ret=True):
if n == func.cfg.entry:
continue
assert n not in new_contexts, f'{n=}'
conflicting_vars: set[source.ExprVarT[source.ProgVarName |
nip.GuardVarName]] = set()
new_contexts[n] = {}
for p in func.acyclic_preds_of(n):
assert p in new_contexts, f'{n=} {p=}'
for var, inc in new_contexts[p].items():
if var in new_contexts[n] and new_contexts[n][var] != inc:
conflicting_vars.add(var)
new_contexts[n][var] = inc
assert len(conflicting_vars) == 0
for v in source.assigned_variables_in_node(func, n, with_loop_targets=True):
new_contexts[n][dsa.get_base_var(v)] = v.name.inc
if new_contexts[n] != func.contexts[n]:
diff = set(new_contexts[n].items()) ^ set(func.contexts[n].items())
print('reference:', [(v.name, inc)
for v, inc in new_contexts[n].items()])
print('actual: ', [(v.name, inc)
for v, inc in func.contexts[n].items()])
print('diff: ', [(v.name, inc) for v, inc in diff])
assert False, f"context aren't the same for node {n=}"
assert new_contexts == func.contexts
def ensure_valid_variables(func: dsa.Function) -> None:
""" Ensure that each variable only ever has one type """
var_types: dict[dsa.Incarnation[source.ProgVarName |
nip.GuardVarName], source.Type] = {}
def add_or_ensure_same_typ(var_name: dsa.Incarnation[source.ProgVarName | nip.GuardVarName], typ: source.Type) -> None:
if var_name in var_types:
assert var_types[var_name] == typ, f"{var_name=} {var_types[var_name]=} {typ=}"
var_types[var_name] = typ
def check_expr_visitor(expr: source.ExprT[dsa.Incarnation[source.ProgVarName | nip.GuardVarName]]) -> None:
if isinstance(expr, source.ExprVar):
add_or_ensure_same_typ(expr.name, expr.typ)
for argument in func.signature.parameters:
add_or_ensure_same_typ(argument.name, argument.typ)
for n, node in func.nodes.items():
if isinstance(node, source.NodeBasic):
for upd in node.upds:
add_or_ensure_same_typ(upd.var.name, upd.var.typ)
source.visit_expr(upd.expr, check_expr_visitor)
elif isinstance(node, source.NodeCall):
for arg in node.args:
source.visit_expr(arg, check_expr_visitor)
for ret in node.rets:
add_or_ensure_same_typ(ret.name, ret.typ)
elif isinstance(node, source.NodeAssume | source.NodeCond | source.NodeAssert):
source.visit_expr(node.expr, check_expr_visitor)
elif not isinstance(node, source.NodeEmpty):
assert_never(node)
if lh := func.is_loop_header(n):
for target in func.loops[lh].targets:
add_or_ensure_same_typ(target.name, target.typ)
assert len(var_types) == len(func.all_variables())
def validate(func: ghost_code.Function, dsa_func: dsa.Function) -> None:
ensure_valid_variables(dsa_func)
ensure_correspondence(func, dsa_func)
ensure_valid_dsa(dsa_func)
ensure_valid_contexts(dsa_func)