-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Heapster implication prover for opaque named shapes #1394
Conversation
…es, including: modalizeShape for opaque named shapes is now a no-op; and proveVarLLVMBlock now eliminates a perm on the LHS when it cannot find a match to prove opaque named shapes on the right
@@ -5402,6 +5410,27 @@ proveVarLLVMBlocks' x ps psubst mb_bps_in mb_ps = case mbMatch mb_bps_in of | |||
implSwapInsertConjM x (Perm_LLVMBlock bp') ps_out' 0 | |||
|
|||
|
|||
-- If proving an opaque named shape, the only way to prove the memblock | |||
-- permission is to have it on the left, but we don't have a memblock | |||
-- permission on the left with this exactly offset, length, and shape, because |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Grammar nitpick: Should be "exact offset, length, ..." instead of "exactly offset, length, ..."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not really up-to-speed on how the implication prover works, but the code looks sensible / consistent with the documentation and PR description! Minor grammar nitpick on the comments for the non-unfoldable shape case, otherwise I think this is good (a second set of eyes belonging to someone who knows how the implication prover works would be good, though!)
Note: the CI did pass before I tweaked the comment per Chris's suggestion, so I did not think the CI had to be re-run with that change to a comment. |
Did some work to improve the implication prover for opaque named shapes, in support of some Rust verification. This included:
modalizeShape
for opaque named shapes is now a no-op, because we assume that opaque shapes do not contain any pointers (at least, none that we will ever access), and the point ofmodalizeShape
is to adjust the modalities on any pointers contained in a shape; andproveVarLLVMBlock
now eliminates a perm on the LHS when it cannot find a match to prove opaque named shapes on the right.