[CN] specs on declarations have a different syntax from specs on definitions #371

peterohanley · 2024-07-09T20:39:01Z

In particular accesses does not work but trusted also does not.

int x;

void f(void)
/*@ accesses x; @*/
{

}

void g(void);
/*@ spec g();
    accesses x;
@*/

% cn accesses_spec.c
accesses_spec.c:10:5: error: unexpected token after ';' and before 'accesses'
parsing "cn_fun_spec": seen "CN_SPEC LNAME VARIABLE LPAREN cn_args RPAREN SEMICOLON", expecting "CN_REQUIRES nonempty_list(condition) CN_ENSURES nonempty_list(condition)"
    accesses x;
    ^~~~~~~~

Looking at the grammar in the documentation, it looks like a declaration spec should refer to function_spec rather than hardcode only requires and ensures.

The text was updated successfully, but these errors were encountered:

septract · 2024-08-06T23:06:20Z

I think the ideal way to resolve this would be to eliminate the distinction between spec and trusted - see #467

cp526 · 2024-08-07T07:29:51Z

Agreed, we should fix the CN frontend so the syntax for spec includes all the features that specifications on defined functions support.

As commented on #467, trusted and spec have a different purpose, so we should keep both.

peterohanley · 2024-09-25T22:02:23Z

The accesses part of this is now impeding TA2 work, I would appreciate a fix even for just this part.

septract · 2025-01-16T23:24:01Z

Bumping this issue as it's now also blocking work on the TA2 Mission Key Management example.

Here's a distilled example of the problem (derived from policy_add in mission_key_management/policy.c, here). Suppose we have three files: libfile.c, libfile.h, clientfile.c.

libfile.c:

#include "libfile.h"

int foo(int i) 
/*@
accesses myval; 
requires myval == 1i32; 
         i == 1i32; 
ensures  return == 0i32; 
@*/
{
  if (i == myval) return 0; 
  else return 1; 
}

clientfile.c:

#include "libfile.h" 

int bar() 
/*@ 
accesses myval; 
@*/
{ 
  myval = 0; 
  int i = foo(0); 
}

libfile.h

int myval = 0; 

int foo(int i); 
// Should be able to write spec here

We can't verify clientfile.c because foo() doesn't have a specification in scope. But if we try to add a specification to libfile.h, we can't because it would require an accesses annotation.

@cp526 @dc-mak and others in the CN team - this is a blocker on TA2 work for both @peterohanley and myself. Could you look at this and make an assessment about how difficult it would be to fix?

dc-mak · 2025-02-26T11:08:03Z

On it. Apologies for the inconvenience. It's not just a grammar change - code needs to be moved from the frontend to the backend. Nothing conceptually difficult, best guess is that it will probably take a few (2-3) days.

septract · 2025-02-26T23:45:13Z

Thanks @dc-mak - once you have this in prototype, I have an example in the OpenSUT we can use to test it.

septract · 2025-02-26T23:46:01Z

@dc-mak also note there was some talk of removing the accesses notation altogether.

This is in preparation for unifying function definition and declaration specification parsing, as needed by #371.

DO NOT MERGE: temporary commit to share and test. This commit unifies the handling of definition and declaration specifications. Previously, decl specs did not support accesses, cn_function, or trusted. The requires and ensures clauses they did support was desugared in the frontend Lem code. This commit moves the desugaring of the decl specs to backend/cn, specifically Core_to_mucore.normalise_fun_map_decl, alongside the definition specs parsing and desugaring. It also moves the logic for combining multiple function specs into the same module, outside of Parse. Extra special care needs to be taken in figuring out which desugaring state to use. I'm not exactly sure about this bit, but it seems to be working (I think thanks to the add_spec_arg_renames).

dc-mak · 2025-02-28T00:02:59Z

Can you check out #892 and test it locally? The code's ready to go but I still need to add a few tests for the new behaviour.

dc-mak added the cn label Jul 11, 2024

yav assigned yav and unassigned yav Aug 2, 2024

septract mentioned this issue Aug 6, 2024

[CN] Consolidate trusted and spec keywords #467

Closed

dc-mak added language Related to design of the CN language blocking labels Nov 4, 2024

dc-mak self-assigned this Feb 26, 2025

dc-mak mentioned this issue Feb 26, 2025

CN: Tidy up function specification parsing #889

Merged

dc-mak added a commit that referenced this issue Feb 27, 2025

CN: Tidy up function specification parsing (#889)

20f55e1

This is in preparation for unifying function definition and declaration specification parsing, as needed by #371.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CN] specs on declarations have a different syntax from specs on definitions #371

[CN] specs on declarations have a different syntax from specs on definitions #371

peterohanley commented Jul 9, 2024

septract commented Aug 6, 2024

cp526 commented Aug 7, 2024

peterohanley commented Sep 25, 2024

septract commented Jan 16, 2025

dc-mak commented Feb 26, 2025

septract commented Feb 26, 2025

septract commented Feb 26, 2025

dc-mak commented Feb 28, 2025

[CN] specs on declarations have a different syntax from specs on definitions #371

[CN] specs on declarations have a different syntax from specs on definitions #371

Comments

peterohanley commented Jul 9, 2024

septract commented Aug 6, 2024

cp526 commented Aug 7, 2024

peterohanley commented Sep 25, 2024

septract commented Jan 16, 2025

dc-mak commented Feb 26, 2025

septract commented Feb 26, 2025

septract commented Feb 26, 2025

dc-mak commented Feb 28, 2025