diff --git a/cryptol-saw-core/src/Verifier/SAW/TypedTerm.hs b/cryptol-saw-core/src/Verifier/SAW/TypedTerm.hs index 02e9c1f413..568d92e3f9 100644 --- a/cryptol-saw-core/src/Verifier/SAW/TypedTerm.hs +++ b/cryptol-saw-core/src/Verifier/SAW/TypedTerm.hs @@ -49,7 +49,7 @@ data TypedTermType deriving Show --- | Convert the 'ttTerm' field of a 'TypedTerm' to a SAW core term +-- | Convert the 'ttType' field of a 'TypedTerm' to a SAW core term ttTypeAsTerm :: SharedContext -> Env -> TypedTerm -> IO Term ttTypeAsTerm sc env (TypedTerm (TypedTermSchema schema) _) = importSchema sc env schema diff --git a/examples/mr_solver/mr_solver_unit_tests.saw b/examples/mr_solver/mr_solver_unit_tests.saw index 71eaad2858..d04512704f 100644 --- a/examples/mr_solver/mr_solver_unit_tests.saw +++ b/examples/mr_solver/mr_solver_unit_tests.saw @@ -26,44 +26,55 @@ let const1_core = "\\ (_:Vec 64 Bool) -> retS VoidEv emptyFunStack (Vec 64 Bool) const1 <- parse_core const1_core; // const0 <= const0 -run_test "const0 |= const0" (mr_solver_query const0 const0) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] const0 const0); +// (testing that "refines [] const0 const0" is actually "const0 <= const0") let const0_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", const0_core, ") x) ", "((", const0_core, ") x)"]; -prove_extcore mrsolver (parse_core const0_refines); - -// The function test_fun0 = const0 +run_test "refines [] const0 const0" (is_convertible (parse_core const0_refines) + (refines [] const0 const0)) true; +// (testing that "refines [x] ..." gives the same expression as "refines [] ...") +x <- fresh_symbolic "x" {| [64] |}; +run_test "refines [x] (const0 x) (const0 x)" + (is_convertible (refines [] const0 const0) + (refines [x] (term_apply const0 [x]) + (term_apply const0 [x]))) true; + +// The function test_fun0 <= const0 test_fun0 <- parse_core_mod "test_funs" "test_fun0"; -run_test "const0 |= test_fun0" (mr_solver_query const0 test_fun0) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] const0 test_fun0); +// (testing that "refines [] const0 test_fun0" is actually "const0 <= test_fun0") let const0_test_fun0_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", const0_core, ") x) ", "(test_fun0 x)"]; -prove_extcore mrsolver (parse_core_mod "test_funs" const0_test_fun0_refines); +run_test "refines [] const0 test_fun0" (is_convertible (parse_core_mod "test_funs" const0_test_fun0_refines) + (refines [] const0 test_fun0)) true; // not const0 <= const1 -run_test "const0 |= const1" (mr_solver_query const0 const1) false; -// (using mrsolver tactic - fails as expected) -// let const0_const1_refines = -// str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", -// "((", const0_core, ") x) ", "((", const1_core, ") x)"]; -// prove_extcore mrsolver (parse_core const0_const1_refines); +fails (prove_extcore mrsolver (refines [] const0 const1)); +// (testing that "refines [] const0 const1" is actually "const0 <= const1") +let const0_const1_refines = + str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", + "((", const0_core, ") x) ", "((", const1_core, ") x)"]; +run_test "refines [] const0 const1" (is_convertible (parse_core const0_const1_refines) + (refines [] const0 const1)) true; // The function test_fun1 = const1 test_fun1 <- parse_core_mod "test_funs" "test_fun1"; -run_test "const1 |= test_fun1" (mr_solver_query const1 test_fun1) true; -run_test "const0 |= test_fun1" (mr_solver_query const0 test_fun1) false; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] const1 test_fun1); +fails (prove_extcore mrsolver (refines [] const0 test_fun1)); +// (testing that "refines [] const1 test_fun1" is actually "const1 <= test_fun1") let const1_test_fun1_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", const1_core, ") x) ", "(test_fun1 x)"]; -prove_extcore mrsolver (parse_core_mod "test_funs" const1_test_fun1_refines); -// (using mrsolver tactic - fails as expected) -// let const0_test_fun1_refines = -// str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", -// "((", const0_core, ") x) ", "(test_fun1 x)"]; -// prove_extcore mrsolver (parse_core_mod "test_funs" const0_test_fun1_refines); +run_test "refines [] const1 test_fun1" (is_convertible (parse_core_mod "test_funs" const1_test_fun1_refines) + (refines [] const1 test_fun1)) true; +// (testing that "refines [] const0 test_fun1" is actually "const0 <= test_fun1") +let const0_test_fun1_refines = + str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", + "((", const0_core, ") x) ", "(test_fun1 x)"]; +run_test "refines [] const0 test_fun1" (is_convertible (parse_core_mod "test_funs" const0_test_fun1_refines) + (refines [] const0 test_fun1)) true; // ifxEq0 x = If x == 0 then x else 0; should be equal to 0 let ifxEq0_core = "\\ (x:Vec 64 Bool) -> \ @@ -74,20 +85,23 @@ let ifxEq0_core = "\\ (x:Vec 64 Bool) -> \ ifxEq0 <- parse_core ifxEq0_core; // ifxEq0 <= const0 -run_test "ifxEq0 |= const0" (mr_solver_query ifxEq0 const0) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] ifxEq0 const0); +// (testing that "refines [] ifxEq0 const0" is actually "ifxEq0 <= const0") let ifxEq0_const0_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", ifxEq0_core, ") x) ", "((", const0_core, ") x)"]; -prove_extcore mrsolver (parse_core ifxEq0_const0_refines); +run_test "refines [] ifxEq0 const0" (is_convertible (parse_core ifxEq0_const0_refines) + (refines [] ifxEq0 const0)) true; + // not ifxEq0 <= const1 -run_test "ifxEq0 |= const1" (mr_solver_query ifxEq0 const1) false; -// (using mrsolver tactic - fails as expected) -// let ifxEq0_const1_refines = -// str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", -// "((", ifxEq0_core, ") x) ", "((", const1_core, ") x)"]; -// prove_extcore mrsolver (parse_core ifxEq0_const1_refines); +fails (prove_extcore mrsolver (refines [] ifxEq0 const1)); +// (testing that "refines [] ifxEq0 const1" is actually "ifxEq0 <= const1") +let ifxEq0_const1_refines = + str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", + "((", ifxEq0_core, ") x) ", "((", const1_core, ") x)"]; +run_test "refines [] ifxEq0 const1" (is_convertible (parse_core ifxEq0_const1_refines) + (refines [] ifxEq0 const1)) true; // noErrors1 x = existsS x. retS x let noErrors1_core = @@ -95,20 +109,22 @@ let noErrors1_core = noErrors1 <- parse_core noErrors1_core; // const0 <= noErrors -run_test "noErrors1 |= noErrors1" (mr_solver_query noErrors1 noErrors1) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] noErrors1 noErrors1); +// (testing that "refines [] noErrors1 noErrors1" is actually "noErrors1 <= noErrors1") let noErrors1_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", noErrors1_core, ") x) ", "((", noErrors1_core, ") x)"]; -prove_extcore mrsolver (parse_core noErrors1_refines); +run_test "refines [] noErrors1 noErrors1" (is_convertible (parse_core noErrors1_refines) + (refines [] noErrors1 noErrors1)) true; // const1 <= noErrors -run_test "const1 |= noErrors1" (mr_solver_query const1 noErrors1) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] const1 noErrors1); +// (testing that "refines [] const1 noErrors1" is actually "const1 <= noErrors1") let const1_noErrors1_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", const1_core, ") x) ", "((", noErrors1_core, ") x)"]; -prove_extcore mrsolver (parse_core const1_noErrors1_refines); +run_test "refines [] const1 noErrors1" (is_convertible (parse_core const1_noErrors1_refines) + (refines [] const1 noErrors1)) true; // noErrorsRec1 _ = orS (existsM x. returnM x) (noErrorsRec1 x) // Intuitively, this specifies functions that either return a value or loop @@ -135,9 +151,10 @@ let loop1_core = loop1 <- parse_core loop1_core; // loop1 <= noErrorsRec1 -run_test "loop1 |= noErrorsRec1" (mr_solver_query loop1 noErrorsRec1) true; -// (using mrsolver tactic) +prove_extcore mrsolver (refines [] loop1 noErrorsRec1); +// (testing that "refines [] loop1 noErrorsRec1" is actually "loop1 <= noErrorsRec1") let loop1_noErrorsRec1_refines = str_concats ["(x:Vec 64 Bool) -> refinesS_eq VoidEv emptyFunStack (Vec 64 Bool) ", "((", loop1_core, ") x) ", "((", noErrorsRec1_core, ") x)"]; -prove_extcore mrsolver (parse_core loop1_noErrorsRec1_refines); +run_test "refines [] loop1 noErrorsRec1" (is_convertible (parse_core loop1_noErrorsRec1_refines) + (refines [] loop1 noErrorsRec1)) true; diff --git a/heapster-saw/examples/Makefile b/heapster-saw/examples/Makefile index 25980f49fe..ae44946fef 100644 --- a/heapster-saw/examples/Makefile +++ b/heapster-saw/examples/Makefile @@ -41,7 +41,7 @@ endif $(SAW) $< # Lists all the Mr Solver tests, without their ".saw" suffix -MR_SOLVER_TESTS = # arrays_mr_solver linked_list_mr_solver sha512_mr_solver +MR_SOLVER_TESTS = exp_explosion_mr_solver # arrays_mr_solver linked_list_mr_solver sha512_mr_solver .PHONY: mr-solver-tests $(MR_SOLVER_TESTS) mr-solver-tests: $(MR_SOLVER_TESTS) diff --git a/heapster-saw/examples/arrays_mr_solver.saw b/heapster-saw/examples/arrays_mr_solver.saw index 3100b82983..2f24a7d9b0 100644 --- a/heapster-saw/examples/arrays_mr_solver.saw +++ b/heapster-saw/examples/arrays_mr_solver.saw @@ -2,14 +2,15 @@ include "arrays.saw"; // Test that contains0 |= contains0 contains0 <- parse_core_mod "arrays" "contains0"; -mr_solver_test contains0 contains0; +prove_extcore mrsolver (refines [] contains0 contains0); noErrorsContains0 <- parse_core_mod "arrays" "noErrorsContains0"; -mr_solver_prove contains0 noErrorsContains0; +prove_extcore mrsolver (refines [] contains0 noErrorsContains0); + include "specPrims.saw"; import "arrays.cry"; zero_array <- parse_core_mod "arrays" "zero_array"; -mr_solver_test zero_array {{ zero_array_loop_spec }}; -mr_solver_prove zero_array {{ zero_array_spec }}; +prove_extcore mrsolver (refines [] zero_array {{ zero_array_loop_spec }}); +prove_extcore mrsolver (refines [] zero_array {{ zero_array_spec }}); diff --git a/heapster-saw/examples/exp_explosion_mr_solver.saw b/heapster-saw/examples/exp_explosion_mr_solver.saw index 2bd71bb927..0cf92af63e 100644 --- a/heapster-saw/examples/exp_explosion_mr_solver.saw +++ b/heapster-saw/examples/exp_explosion_mr_solver.saw @@ -1,7 +1,6 @@ include "exp_explosion.saw"; import "exp_explosion.cry"; -monadify_term {{ op }}; exp_explosion <- parse_core_mod "exp_explosion" "exp_explosion"; -mr_solver_prove exp_explosion {{ exp_explosion_spec }}; +prove_extcore mrsolver (refines [] exp_explosion {{ exp_explosion_spec }}); diff --git a/heapster-saw/examples/linked_list_mr_solver.saw b/heapster-saw/examples/linked_list_mr_solver.saw index a80aab1a42..a64acdef73 100644 --- a/heapster-saw/examples/linked_list_mr_solver.saw +++ b/heapster-saw/examples/linked_list_mr_solver.saw @@ -27,11 +27,10 @@ heapster_typecheck_fun env "is_head" \ arg0:true, arg1:true, ret:int64<>"; is_head <- parse_core_mod "linked_list" "is_head"; -mr_solver_test is_head is_head; +prove_extcore mrsolver (refines [] is_head is_head); is_elem <- parse_core_mod "linked_list" "is_elem"; - -mr_solver_test is_elem is_elem; +prove_extcore mrsolver (refines [] is_elem is_elem); is_elem_noErrorsSpec <- parse_core "\\ (x:Vec 64 Bool) (y:List (Vec 64 Bool)) -> \ @@ -52,9 +51,9 @@ is_elem_noErrorsSpec <- parse_core \ Vec 64 Bool)) \ \ (Vec 64 Bool)) \ \ (f x)) (x, y)"; -mr_solver_test is_elem is_elem_noErrorsSpec; +prove_extcore mrsolver (refines [] is_elem is_elem_noErrorsSpec); -mr_solver_prove is_elem {{ is_elem_spec }}; +prove_extcore mrsolver (refines [] is_elem {{ is_elem_spec }}); monadify_term {{ Right }}; @@ -63,4 +62,4 @@ monadify_term {{ nil }}; monadify_term {{ cons }}; sorted_insert_no_malloc <- parse_core_mod "linked_list" "sorted_insert_no_malloc"; -mr_solver_prove sorted_insert_no_malloc {{ sorted_insert_spec }}; +prove_extcore mrsolver (refines [] sorted_insert_no_malloc {{ sorted_insert_spec }}); diff --git a/heapster-saw/examples/sha512_mr_solver.saw b/heapster-saw/examples/sha512_mr_solver.saw index 030af51294..27d38a002d 100644 --- a/heapster-saw/examples/sha512_mr_solver.saw +++ b/heapster-saw/examples/sha512_mr_solver.saw @@ -6,14 +6,28 @@ processBlock <- parse_core_mod "SHA512" "processBlock"; processBlocks <- parse_core_mod "SHA512" "processBlocks"; // Test that every function refines itself -// mr_solver_test processBlocks processBlocks; -// mr_solver_test processBlock processBlock; -// mr_solver_test round_16_80 round_16_80; -// mr_solver_test round_00_15 round_00_15; +// prove_extcore mrsolver (refines [] processBlocks processBlocks); +// prove_extcore mrsolver (refines [] processBlock processBlock); +// prove_extcore mrsolver (refines [] round_16_80 round_16_80); +// prove_extcore mrsolver (refines [] round_00_15 round_00_15); import "sha512.cry"; -mr_solver_prove round_00_15 {{ round_00_15_spec }}; -mr_solver_prove round_16_80 {{ round_16_80_spec }}; -mr_solver_prove processBlock {{ processBlock_spec }}; -// mr_solver_prove processBlocks {{ processBlocks_spec }}; +thm_round_00_15 <- + prove_extcore mrsolver (refines [] round_00_15 {{ round_00_15_spec }}); + +thm_round_16_80 <- + prove_extcore + (mrsolver_with (addrefns [thm_round_00_15] empty_rs)) + (refines [] round_16_80 {{ round_16_80_spec }}); + +thm_processBlock <- + prove_extcore + (mrsolver_with (addrefns [thm_round_00_15, thm_round_16_80] empty_rs)) + (refines [] processBlock {{ processBlock_spec }}); + +// thm_processBlocks <- +// prove_extcore +// (mrsolver_with (addrefns [thm_processBlock] empty_rs)) +// (refines [] processBlocks {{ processBlocks_spec }}); + diff --git a/saw-script.cabal b/saw-script.cabal index 56617e75f7..9045eb15ce 100644 --- a/saw-script.cabal +++ b/saw-script.cabal @@ -173,6 +173,7 @@ library SAWScript.Prover.MRSolver.Monad SAWScript.Prover.MRSolver.SMT SAWScript.Prover.MRSolver.Solver + SAWScript.Prover.MRSolver.Evidence SAWScript.Prover.MRSolver.Term SAWScript.Prover.RME SAWScript.Prover.ABC diff --git a/src/SAWScript/Builtins.hs b/src/SAWScript/Builtins.hs index f732a1e67b..3ca9813a26 100644 --- a/src/SAWScript/Builtins.hs +++ b/src/SAWScript/Builtins.hs @@ -973,19 +973,18 @@ proveUnintSBV conf unints = (Prover.proveUnintSBV conf timeout) unintSet -- | Given a continuation which calls a prover, call the continuation on the --- 'goalSequent' of the given 'ProofGoal' and return a 'SolveResult'. If there --- is a 'SolverCache', do not call the continuation if the goal has an already --- cached result, and otherwise save the result of the call to the cache. +-- given 'Sequent' and return a 'SolveResult'. If there is a 'SolverCache', +-- do not call the continuation if the goal has an already cached result, +-- and otherwise save the result of the call to the cache. applyProverToGoal :: [SolverBackend] -> [SolverBackendOption] -> (SATQuery -> TopLevel (Maybe CEX, String)) - -> Set VarIndex - -> ProofGoal + -> Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult) -applyProverToGoal backends opts f unintSet g = do +applyProverToGoal backends opts f unintSet sqt = do sc <- getSharedContext let opt_backends = concatMap optionBackends opts vs <- io $ getSolverBackendVersions (backends ++ opt_backends) - satq <- io $ sequentToSATQuery sc unintSet (goalSequent g) + satq <- io $ sequentToSATQuery sc unintSet sqt k <- io $ mkSolverCacheKey sc vs opts satq (mb, solver_name) <- SV.onSolverCache (lookupInSolverCache k) >>= \case -- Use a cached result if one exists (and it's valid w.r.t our query) @@ -995,9 +994,9 @@ applyProverToGoal backends opts f unintSet g = do Just v -> SV.onSolverCache (insertInSolverCache k v) >> return res Nothing -> return res - let stats = solverStats solver_name (sequentSharedSize (goalSequent g)) + let stats = solverStats solver_name (sequentSharedSize sqt) case mb of - Nothing -> return (stats, SolveSuccess (SolverEvidence stats (goalSequent g))) + Nothing -> return (stats, SolveSuccess (SolverEvidence stats sqt)) Just a -> return (stats, SolveCounterexample a) wrapProver :: @@ -1005,8 +1004,8 @@ wrapProver :: (SATQuery -> TopLevel (Maybe CEX, String)) -> Set VarIndex -> ProofScript () -wrapProver backends opts f = - execTactic . tacticSolve . applyProverToGoal backends opts f +wrapProver backends opts f unints = + execTactic $ tacticSolve $ applyProverToGoal backends opts f unints . goalSequent wrapW4Prover :: SolverBackend -> [SolverBackendOption] -> @@ -2205,16 +2204,16 @@ ensureMonadicTerm sc t False -> monadifyTypedTerm sc t ensureMonadicTerm sc t = monadifyTypedTerm sc t --- | A wrapper for either 'Prover.askMRSolver' or 'Prover.assumeMRSolver' from --- @MRSolver.hs@: if the first argument is @Just str@, prints out @str@ --- followed by an abridged version of the refinement being asked, then calls --- the given function, returning how long it took to execute -mrSolver :: (SharedContext -> Prover.MREnv -> Maybe Integer -> [(LocalName, Term)] -> Term -> Term -> IO a) -> - Maybe SawDoc -> SharedContext -> [(LocalName, Term)] -> TypedTerm -> TypedTerm -> - TopLevel (NominalDiffTime, a) -mrSolver f printStr sc top_args tt1 tt2 = - do env <- rwMRSolverEnv <$> get - m1 <- ttTerm <$> ensureMonadicTerm sc tt1 +-- | Normalizes the given 'TypedTerm's for calling 'Prover.askMRSolver' or +-- 'Prover.refinementTerm' and ensures they are of the expected form. +-- Additionally, if the second argument is @Just str@, prints out @str@ +-- followed by an abridged version of the refinement represented by the two +-- terms. +mrSolverNormalizeAndPrintArgs :: + SharedContext -> Maybe SawDoc -> + TypedTerm -> TypedTerm -> TopLevel (Term, Term) +mrSolverNormalizeAndPrintArgs sc printStr tt1 tt2 = + do m1 <- ttTerm <$> ensureMonadicTerm sc tt1 m2 <- ttTerm <$> ensureMonadicTerm sc tt2 m1' <- io $ collapseEta <$> betaNormalize sc m1 m2' <- io $ collapseEta <$> betaNormalize sc m2 @@ -2223,10 +2222,7 @@ mrSolver f printStr sc top_args tt1 tt2 = Just str -> printOutLnTop Info $ renderSawDoc defaultPPOpts $ "[MRSolver] " <> str <> ": " <> ppTmHead m1' <> " |= " <> ppTmHead m2' - time1 <- liftIO getCurrentTime - res <- io $ f sc env Nothing top_args m1' m2' - time2 <- liftIO getCurrentTime - return (diffUTCTime time2 time1, res) + return (m1', m2') where -- Turn a term of the form @\x1 ... xn -> f x1 ... xn@ into @f@ collapseEta :: Term -> Term collapseEta (asLambdaList -> (lamVars, @@ -2245,118 +2241,71 @@ mrSolver f printStr sc top_args tt1 tt2 = ppTerm defaultPPOpts t <> if length args > 0 then " ..." else "" ppTmHead _ = "..." +-- | The calback to be used by MRSolver for making SMT queries +mrSolverAskSMT :: Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult) +mrSolverAskSMT = applyProverToGoal [What4, Z3] [] (Prover.proveWhat4_z3 True) + +-- | Given the result of calling 'Prover.askMRSolver' or +-- 'Prover.refinementTerm', fails and prints out@`err@ followed by the second +-- argument if the given result is @Left err@ for some @err@, or otherwise +-- returns @a@ if the result is@`Right a@ for some @a@. Additionally, if the +-- third argument is @Just str@, prints out @str@ on success (i.e. 'Right'). +mrSolverGetResultOrFail :: + Prover.MREnv -> + String {- The string to print out on failure -} -> + Maybe String {- The string to print out on success, if any -} -> + Either Prover.MRFailure a {- The result, printed out on error -} -> + TopLevel a +mrSolverGetResultOrFail env errStr succStr res = case res of + Left err | Prover.mreDebugLevel env == 0 -> + fail (Prover.showMRFailure err ++ "\n[MRSolver] " ++ errStr) + Left err -> + -- we ignore the MRFailure context here since it will have already + -- been printed by the debug trace + fail (Prover.showMRFailureNoCtx err ++ "\n[MRSolver] " ++ errStr) + Right a | Just s <- succStr -> + printOutLnTop Info s >> return a + Right a -> return a + -- | Invokes MRSolver to attempt to solve a focused goal of the form --- @(a1:A1) -> ... -> (an:A1) -> refinesS_eq ...@, printing an error message --- and exiting if this cannot be done. This function will not modify the --- 'Prover.MREnv'. -mrSolverTactic :: SharedContext -> ProofScript () -mrSolverTactic sc = execTactic $ Tactic $ \goal -> lift $ do - dlvl <- Prover.mreDebugLevel <$> rwMRSolverEnv <$> get +-- @(a1:A1) -> ... -> (an:An) -> refinesS_eq ...@, assuming the refinements +-- in the given 'Refnset', and printing an error message and exiting if +-- this cannot be done +mrSolver :: SV.SAWRefnset -> ProofScript () +mrSolver rs = execTactic $ Tactic $ \goal -> lift $ + getSharedContext >>= \sc -> case sequentState (goalSequent goal) of Unfocused -> fail "mrsolver: focus required" HypFocus _ _ -> fail "mrsolver: cannot apply mrsolver in a hypothesis" - ConclFocus (asPiList . unProp -> (args, asApplyAll -> - (asGlobalDef -> Just "Prelude.refinesS_eq", - [ev, stack, rtp, t1, t2]))) _ -> - do tp <- liftIO $ scGlobalApply sc "Prelude.SpecM" [ev, stack, rtp] - let tt1 = TypedTerm (TypedTermOther tp) t1 - let tt2 = TypedTerm (TypedTermOther tp) t2 - (diff, res) <- mrSolver Prover.askMRSolver (Just "mrsolver") sc args tt1 tt2 - case res of - Left err | dlvl == 0 -> - io (putStrLn $ Prover.showMRFailure err) >> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Left err -> - -- we ignore the MRFailure context here since it will have already - -- been printed by the debug trace - io (putStrLn $ Prover.showMRFailureNoCtx err) >> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Right _ -> - printOutLnTop Info (printf "[MRSolver] Success in %s" (show diff)) >> - let stats = solverStats "MRSOLVER ADMITTED" (sequentSharedSize (goalSequent goal)) in - return ((), stats, [], leafEvidence MrSolverEvidence) - _ -> error "mrsolver tactic not applied to a refinesS_eq goal" - --- | Run Mr Solver to prove that the first term refines the second, adding --- any relevant 'Prover.FunAssump's to the 'Prover.MREnv' if the first argument --- is true and this can be done, or printing an error message and exiting if it --- cannot. -mrSolverProve :: Bool -> SharedContext -> TypedTerm -> TypedTerm -> TopLevel () -mrSolverProve addToEnv sc t1 t2 = - do dlvl <- Prover.mreDebugLevel <$> rwMRSolverEnv <$> get - let printStr = if addToEnv then "Proving" else "Testing" - (diff, res) <- mrSolver Prover.askMRSolver (Just printStr) sc [] t1 t2 - case res of - Left err | dlvl == 0 -> - io (putStrLn $ Prover.showMRFailure err) >> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Left err -> - -- we ignore the MRFailure context here since it will have already - -- been printed by the debug trace - io (putStrLn $ Prover.showMRFailureNoCtx err) >> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Right (Just (fnm, fassump)) | addToEnv -> - let assump_str = case Prover.fassumpRHS fassump of - Prover.OpaqueFunAssump _ _ -> "an opaque" - Prover.RewriteFunAssump _ -> "a rewrite" in - printOutLnTop Info ( - printf "[MRSolver] Success in %s, added as %s assumption" - (show diff) (assump_str :: String)) >> - modify (\rw -> rw { rwMRSolverEnv = - Prover.mrEnvAddFunAssump fnm fassump (rwMRSolverEnv rw) }) - _ -> - printOutLnTop Info $ printf "[MRSolver] Success in %s" (show diff) - --- | Run Mr Solver to prove that the first term refines the second, returning --- true iff this can be done. This function will not modify the 'Prover.MREnv'. -mrSolverQuery :: SharedContext -> TypedTerm -> TypedTerm -> TopLevel Bool -mrSolverQuery sc t1 t2 = - do dlvl <- Prover.mreDebugLevel <$> rwMRSolverEnv <$> get - (diff, res) <- mrSolver Prover.askMRSolver (Just "Querying") sc [] t1 t2 - case res of - Left _ | dlvl == 0 -> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - return False - Left err -> - -- we ignore the MRFailure context here since it will have already - -- been printed by the debug trace - io (putStrLn $ Prover.showMRFailureNoCtx err) >> - printOutLnTop Info (printf "[MRSolver] Failure in %s" (show diff)) >> - return False - Right _ -> - printOutLnTop Info (printf "[MRSolver] Success in %s" (show diff)) >> - return True - --- | Generate the 'Prover.FunAssump' which corresponds to the given refinement --- and add it to the 'Prover.MREnv' -mrSolverAssume :: SharedContext -> TypedTerm -> TypedTerm -> TopLevel () -mrSolverAssume sc t1 t2 = - do dlvl <- Prover.mreDebugLevel <$> rwMRSolverEnv <$> get - (_, res) <- mrSolver Prover.assumeMRSolver (Just "Assuming") sc [] t1 t2 - case res of - Left err | dlvl == 0 -> - io (putStrLn $ Prover.showMRFailure err) >> - printOutLnTop Info (printf "[MRSolver] Failure") >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Left err -> - -- we ignore the MRFailure context here since it will have already - -- been printed by the debug trace - io (putStrLn $ Prover.showMRFailureNoCtx err) >> - printOutLnTop Info (printf "[MRSolver] Failure") >> - io (Exit.exitWith $ Exit.ExitFailure 1) - Right (Just (fnm, fassump)) -> - printOutLnTop Info ( - printf "[MRSolver] Success, added as an opaque assumption") >> - modify (\rw -> rw { rwMRSolverEnv = - Prover.mrEnvAddFunAssump fnm fassump (rwMRSolverEnv rw) }) - _ -> - printOutLnTop Info $ printf $ - "[MRSolver] Failure, given refinement cannot be interpreted as" ++ - " an assumption" + ConclFocus (Prover.asRefinesS . unProp -> Just (Prover.RefinesS args ev1 ev2 + stack1 stack2 rtp1 rtp2 + t1 t2)) _ -> + do tp1 <- liftIO $ scGlobalApply sc "Prelude.SpecM" [ev1, stack1, rtp1] + tp2 <- liftIO $ scGlobalApply sc "Prelude.SpecM" [ev2, stack2, rtp2] + let tt1 = TypedTerm (TypedTermOther tp1) t1 + tt2 = TypedTerm (TypedTermOther tp2) t2 + (m1, m2) <- mrSolverNormalizeAndPrintArgs sc (Just $ "Tactic call") tt1 tt2 + env <- rwMRSolverEnv <$> get + time1 <- liftIO getCurrentTime + res <- Prover.askMRSolver sc env Nothing mrSolverAskSMT rs args m1 m2 + time2 <- liftIO getCurrentTime + let diff = show $ diffUTCTime time2 time1 + errStr = printf "Failure in %s" diff + succStr = printf "Success in %s" diff + (stats, mre) <- mrSolverGetResultOrFail env errStr (Just succStr) res + return ((), stats, [], leafEvidence $ MrSolverEvidence mre) + _ -> error "mrsolver: cannot apply mrsolver to a non-refinement goal" + +-- | Add a proved refinement theorem to a given refinement set +addrefn :: Theorem -> SV.SAWRefnset -> TopLevel SV.SAWRefnset +addrefn thm rs = + case Prover.asFunAssump (Just (thmNonce thm)) (unProp $ thmProp thm) of + Nothing -> fail "addrefn: theorem is not a refinement" + Just fassump -> pure (Prover.addFunAssump fassump rs) + +-- | Add proved refinement theorems to a given refinement set +addrefns :: [Theorem] -> SV.SAWRefnset -> TopLevel SV.SAWRefnset +addrefns thms ss = foldM (flip addrefn) ss thms -- | Set the debug level of the 'Prover.MREnv' mrSolverSetDebug :: Int -> TopLevel () @@ -2364,6 +2313,27 @@ mrSolverSetDebug dlvl = modify (\rw -> rw { rwMRSolverEnv = Prover.mrEnvSetDebugLevel dlvl (rwMRSolverEnv rw) }) +-- | Given a list of names and types representing variables over which to +-- quantify as as well as two terms containing those variables, which may be +-- terms or functions in the SpecM monad, construct the SAWCore term which is +-- the refinement (@Prelude.refinesS@) of the given terms, with the given +-- variables generalized with a Pi type. +refinesTerm :: [TypedTerm] -> TypedTerm -> TypedTerm -> TopLevel TypedTerm +refinesTerm vars tt1 tt2 = + do sc <- getSharedContext + tt1' <- lambdas vars tt1 + tt2' <- lambdas vars tt2 + (m1, m2) <- mrSolverNormalizeAndPrintArgs sc Nothing tt1' tt2' + env <- rwMRSolverEnv <$> get + time1 <- liftIO getCurrentTime + res <- Prover.refinementTerm sc env Nothing mrSolverAskSMT + Prover.emptyRefnset [] m1 m2 + time2 <- liftIO getCurrentTime + let diff = show $ diffUTCTime time2 time1 + errStr = printf "[MRSolver] Failed to build refinement term (%s)" diff + ttRes <- mrSolverGetResultOrFail env errStr Nothing res + io $ mkTypedTerm sc ttRes + setMonadification :: SharedContext -> String -> String -> Bool -> TopLevel () setMonadification sc cry_str saw_str poly_p = do rw <- get diff --git a/src/SAWScript/Interpreter.hs b/src/SAWScript/Interpreter.hs index 1e25925687..ee27ab7470 100644 --- a/src/SAWScript/Interpreter.hs +++ b/src/SAWScript/Interpreter.hs @@ -74,7 +74,7 @@ import SAWScript.SolverVersions import SAWScript.Proof (emptyTheoremDB) import SAWScript.Prover.Rewrite(basic_ss) import SAWScript.Prover.Exporter -import SAWScript.Prover.MRSolver (emptyMREnv) +import SAWScript.Prover.MRSolver (emptyMREnv, emptyRefnset) import SAWScript.Yosys import Verifier.SAW.Conversion --import Verifier.SAW.PrettySExp @@ -3908,52 +3908,49 @@ primitives = Map.fromList --------------------------------------------------------------------- - , prim "mr_solver_prove" "Term -> Term -> TopLevel ()" - (scVal (mrSolverProve True)) + , prim "mrsolver_set_debug_level" "Int -> TopLevel ()" + (pureVal mrSolverSetDebug) Experimental - [ "Call the monadic-recursive solver (that's MR. Solver to you)" - , " to prove that one monadic term refines another. If this can" - , " be done, this refinement will be used in future calls to" - , " Mr. Solver, and if it cannot, the script will exit. See also:" - , " mr_solver_test, mr_solver_query." ] + [ "Set the debug level for Mr. Solver; 0 = no debug output," + , " 1 = basic debug output, 2 = verbose debug output," + , " 3 = all debug output" ] - , prim "mr_solver_test" "Term -> Term -> TopLevel ()" - (scVal (mrSolverProve False)) + , prim "mrsolver" "ProofScript ()" + (pureVal (mrSolver emptyRefnset)) Experimental - [ "Call the monadic-recursive solver (that's MR. Solver to you)" - , " to prove that one monadic term refines another. If this cannot" - , " be done, the script will exit. See also: mr_solver_prove," - , " mr_solver_query - unlike the former, this refinement will not" - , " be used in future calls to Mr. Solver." ] + [ "Use MRSolver to prove a current refinement goal, i.e. a goal of" + , " the form `(a1:A1) -> ... -> (an:An) -> refinesS_eq ...`" ] - , prim "mr_solver_query" "Term -> Term -> TopLevel Bool" - (scVal mrSolverQuery) + , prim "empty_rs" "Refnset" + (pureVal (emptyRefnset :: SAWRefnset)) Experimental - [ "Call the monadic-recursive solver (that's MR. Solver to you)" - , " to prove that one monadic term refines another, returning" - , " true iff this can be done. See also: mr_solver_prove," - , " mr_solver_test - unlike the former, this refinement will not" - , " be considered in future calls to Mr. Solver, and unlike both," - , " this command will never fail." ] + [ "The empty refinement set, containing no refinements." ] - , prim "mr_solver_assume" "Term -> Term -> TopLevel Bool" - (scVal mrSolverAssume) + , prim "addrefn" "Theorem -> Refnset -> Refnset" + (funVal2 addrefn) Experimental - [ "Add the refinement of the two given expressions as an assumption" - , " which will be used in future calls to Mr. Solver." ] + [ "Add a proved refinement theorem to a given refinement set." ] - , prim "mr_solver_set_debug_level" "Int -> TopLevel ()" - (pureVal mrSolverSetDebug) + , prim "addrefns" "[Theorem] -> Refnset -> Refnset" + (funVal2 addrefns) Experimental - [ "Set the debug level for Mr. Solver; 0 = no debug output," - , " 1 = basic debug output, 2 = verbose debug output," - , " 3 = all debug output" ] + [ "Add proved refinement theorems to a given refinement set." ] - , prim "mrsolver" "ProofScript ()" - (scVal mrSolverTactic) + , prim "mrsolver_with" "Refnset -> ProofScript ()" + (pureVal mrSolver) Experimental - [ "Use MRSolver to prove a current goal of the form:" - , "(a1:A1) -> ... -> (an:A1) -> refinesS_eq ..." ] + [ "Use MRSolver to prove a current refinement goal, i.e. a goal of" + , " the form `(a1:A1) -> ... -> (an:An) -> refinesS_eq ...`, with" + , " the given set of refinements taken as assumptions" ] + + , prim "refines" "[Term] -> Term -> Term -> Term" + (funVal3 refinesTerm) + Experimental + [ "Given a list of 'fresh_symbolic' variables over which to quantify" + , " as as well as two terms containing those variables, which may be" + , " either terms or functions in the SpecM monad, construct the" + , " SAWCore term which is the refinement (`Prelude.refinesS`) of the" + , " given terms, with the given variables generalized with a Pi type." ] --------------------------------------------------------------------- @@ -4409,6 +4406,11 @@ primitives = Map.fromList funVal2 f _ _ = VLambda $ \a -> return $ VLambda $ \b -> fmap toValue (f (fromValue a) (fromValue b)) + funVal3 :: forall a b c t. (FromValue a, FromValue b, FromValue c, IsValue t) => (a -> b -> c -> TopLevel t) + -> Options -> BuiltinContext -> Value + funVal3 f _ _ = VLambda $ \a -> return $ VLambda $ \b -> return $ VLambda $ \c -> + fmap toValue (f (fromValue a) (fromValue b) (fromValue c)) + scVal :: forall t. IsValue t => (SharedContext -> t) -> Options -> BuiltinContext -> Value scVal f _ bic = toValue (f (biSharedContext bic)) diff --git a/src/SAWScript/Proof.hs b/src/SAWScript/Proof.hs index 2d2c6872a6..10f0abe460 100644 --- a/src/SAWScript/Proof.hs +++ b/src/SAWScript/Proof.hs @@ -166,6 +166,7 @@ import What4.ProgramLoc (ProgramLoc) import SAWScript.Position import SAWScript.Prover.SolverStats +import qualified SAWScript.Prover.MRSolver.Evidence as MRSolver import SAWScript.Crucible.Common as Common import qualified Verifier.SAW.Simulator.TermModel as TM import qualified Verifier.SAW.Simulator.What4 as W4Sim @@ -1071,10 +1072,10 @@ data Evidence -- sequent calculus axiom, which connects a hypothesis to a conclusion. | AxiomEvidence - -- | FIXME: This is a placeholder for evidence that will be generated by - -- MRSolver - currently this trivial evidence is given whenever MRSolver - -- completes without error (see 'proveRefinement' in @Builtins.hs@) - | MrSolverEvidence + -- | Evidence generated by running the @mrsolver@ tactic. + -- FIXME: Add a @[Evidence]@ here when MRSolver is updated to support + -- returning unsolved goals. + | MrSolverEvidence !(MRSolver.MREvidence TheoremNonce) -- | The the proposition proved by a given theorem. thmProp :: Theorem -> Prop @@ -1699,9 +1700,16 @@ checkEvidence sc = \e p -> do nenv <- scGetNamingEnv sc ] return (mempty, ProvedTheorem mempty) - MrSolverEvidence -> - -- TODO Fill this in when we have evidence for MrSolver - return (mempty, ProvedTheorem mempty) + MrSolverEvidence mre -> + case sequentState sqt of + ConclFocus _p _mkSqt -> + do (d, stats) <- MRSolver.checkMREvidence mre + -- FIXME: Check that p actually does match the MRSolverEvidence + return (d, ProvedTheorem stats) + _ -> fail $ unlines $ + [ "MRSolver evidence requires a conclusion-focused sequent" + , prettySequent defaultPPOpts nenv sqt + ] CutEvidence p ehyp egl -> do d1 <- check nenv ehyp (addHypothesis p sqt) diff --git a/src/SAWScript/Prover/MRSolver.hs b/src/SAWScript/Prover/MRSolver.hs index c31cb1deb5..4aa02c6eb0 100644 --- a/src/SAWScript/Prover/MRSolver.hs +++ b/src/SAWScript/Prover/MRSolver.hs @@ -9,12 +9,15 @@ Portability : non-portable (language extensions) -} module SAWScript.Prover.MRSolver - (askMRSolver, assumeMRSolver, MRSolverResult, + (askMRSolver, refinementTerm, MRFailure(..), showMRFailure, showMRFailureNoCtx, - FunAssump(..), FunAssumpRHS(..), - MREnv(..), emptyMREnv, mrEnvAddFunAssump, mrEnvSetDebugLevel, + RefinesS(..), asRefinesS, + FunAssump(..), FunAssumpRHS(..), asFunAssump, + Refnset, emptyRefnset, addFunAssump, + MREnv(..), emptyMREnv, mrEnvSetDebugLevel, asProjAll, isSpecFunType) where import SAWScript.Prover.MRSolver.Term +import SAWScript.Prover.MRSolver.Evidence import SAWScript.Prover.MRSolver.Monad import SAWScript.Prover.MRSolver.Solver diff --git a/src/SAWScript/Prover/MRSolver/Evidence.hs b/src/SAWScript/Prover/MRSolver/Evidence.hs new file mode 100644 index 0000000000..bc627954f5 --- /dev/null +++ b/src/SAWScript/Prover/MRSolver/Evidence.hs @@ -0,0 +1,219 @@ +{-# LANGUAGE OverloadedStrings #-} +{-# LANGUAGE ViewPatterns #-} + +{- | +Module : SAWScript.Prover.MRSolver.Evidence +Copyright : Galois, Inc. 2023 +License : BSD3 +Maintainer : westbrook@galois.com +Stability : experimental +Portability : non-portable (language extensions) + +This module defines multiple outward facing components of MRSolver, most +notably the 'MREvidence' type which provides evidence for the truth of a +refinement proposition proved by MRSolver, and used in @Proof.hs@. This module +also defines the 'MREnv' type, the global MRSolver state. + +Note: In order to avoid circular dependencies, the 'FunAssump' type and its +dependents in this file ('Refnset' and 'MREvidence') are given a type +parameter @t@ which in practice always be 'TheoremNonce' from @Value.hs@. +The reason we cannot just import @Value.hs@ here directly is because the +'Refnset' type is used in @Value.hs@ - specifically, in the 'VRefnset' +constructor of the 'Value' datatype. +-} + +module SAWScript.Prover.MRSolver.Evidence where + +import Data.Foldable (foldMap') + +import Data.Map (Map) +import qualified Data.Map as Map + +import Data.HashMap.Lazy (HashMap) +import qualified Data.HashMap.Lazy as HashMap + +import Data.Set (Set) +import qualified Data.Set as Set + +import Verifier.SAW.Term.Functor +import Verifier.SAW.Recognizer +import Verifier.SAW.Cryptol.Monadify +import SAWScript.Prover.SolverStats + +import SAWScript.Prover.MRSolver.Term + + +---------------------------------------------------------------------- +-- * Function Refinement Assumptions +---------------------------------------------------------------------- + +-- | A representation of a term of the form: +-- @(a1:A1) -> ... -> (an:An) -> refinesS ev1 ev2 stack1 stack2 rtp1 rtp2 t1 t2@ +data RefinesS = RefinesS { + -- | The context of the refinement, i.e. @[(a1,A1), ..., (an,An)]@ + -- from the term above + refnCtx :: [(LocalName, Term)], + -- | The LHS event type of the refinement, i.e. @ev1@ above + refnEv1 :: Term, + -- | The RHS event type of the refinement, i.e. @ev2@ above + refnEv2 :: Term, + -- | The LHS stack type of the refinement, i.e. @stack1@ above + refnStack1 :: Term, + -- | The RHS stack type of the refinement, i.e. @stack2@ above + refnStack2 :: Term, + -- | The LHS return type of the refinement, i.e. @rtp1@ above + refnRType1 :: Term, + -- | The RHS return type of the refinement, i.e. @rtp2@ above + refnRType2 :: Term, + -- | The LHS term of the refinement, i.e. @t1@ above + refnLHS :: Term, + -- | The RHS term of the refinement, i.e. @t2@ above + refnRHS :: Term +} + +-- | Recognizes a term of the form: +-- @(a1:A1) -> ... -> (an:An) -> refinesS ev1 ev2 stack1 stack2 rtp1 rtp2 t1 t2@ +-- and returns: +-- @RefinesS [(a1,A1), ..., (an,An)] ev1 ev2 stack1 stack2 rtp1 rtp2 t1 t2@ +asRefinesS :: Recognizer Term RefinesS +asRefinesS (asPiList -> (args, asApplyAll -> + (asGlobalDef -> Just "Prelude.refinesS", + [ev1, ev2, stack1, stack2, + asApplyAll -> (asGlobalDef -> Just "Prelude.eqPreRel", _), + asApplyAll -> (asGlobalDef -> Just "Prelude.eqPostRel", _), + rtp1, rtp2, + asApplyAll -> (asGlobalDef -> Just "Prelude.eqRR", _), + t1, t2]))) = + Just $ RefinesS args ev1 ev2 stack1 stack2 rtp1 rtp2 t1 t2 +asRefinesS (asPiList -> (args, asApplyAll -> + (asGlobalDef -> Just "Prelude.refinesS_eq", + [ev, stack, rtp, t1, t2]))) = + Just $ RefinesS args ev ev stack stack rtp rtp t1 t2 +asRefinesS (asPiList -> (_, asApplyAll -> (asGlobalDef -> Just "Prelude.refinesS", _))) = + error "FIXME: MRSolver does not yet accept refinesS goals with non-trivial RPre/RPost/RR" +asRefinesS _ = Nothing + +-- | The right-hand-side of a 'FunAssump': either a 'FunName' and arguments, if +-- it is an opaque 'FunAsump', or a 'NormComp', if it is a rewrite 'FunAssump' +data FunAssumpRHS = OpaqueFunAssump FunName [Term] + | RewriteFunAssump Term + +-- | An assumption that a named function refines some specification. This has +-- the form +-- +-- > forall x1, ..., xn. F e1 ... ek |= m +-- +-- for some universal context @x1:T1, .., xn:Tn@, some list of argument +-- expressions @ei@ over the universal @xj@ variables, and some right-hand side +-- computation expression @m@. +data FunAssump t = FunAssump { + -- | The uvars that were in scope when this assumption was created + fassumpCtx :: MRVarCtx, + -- | The function on the left-hand-side + fassumpFun :: FunName, + -- | The argument expressions @e1, ..., en@ over the 'fassumpCtx' uvars + fassumpArgs :: [Term], + -- | The right-hand side upper bound @m@ over the 'fassumpCtx' uvars + fassumpRHS :: FunAssumpRHS, + -- | An optional annotation, which in the case of SAWScript, is always a + -- 'TheoremNonce' indicating from which 'Theorem' this assumption comes + fassumpAnnotation :: Maybe t +} + +-- | Recognizes a term of the form: +-- @(a1:A1) -> ... -> (an:An) -> refinesS_eq ev stack rtp (f b1 ... bm) t2@, +-- and returns: @FunAssump f [a1,...,an] [b1,...,bm] rhs ann@, +-- where @ann@ is the given argument and @rhs@ is either +-- @OpaqueFunAssump g [c1,...,cl]@ if @t2@ is @g c1 ... cl@, +-- or @RewriteFunAssump t2@ otherwise +asFunAssump :: Maybe t -> Recognizer Term (FunAssump t) +asFunAssump ann (asRefinesS -> Just (RefinesS args + (asGlobalDef -> Just "Prelude.VoidEv") + (asGlobalDef -> Just "Prelude.VoidEv") + (asGlobalDef -> Just "Prelude.emptyFunStack") + (asGlobalDef -> Just "Prelude.emptyFunStack") + _ _ (asApplyAll -> (asGlobalFunName -> Just f1, args1)) + t2@(asApplyAll -> (asGlobalFunName -> mb_f2, args2)))) = + let rhs = maybe (RewriteFunAssump t2) (\f2 -> OpaqueFunAssump f2 args2) mb_f2 + in Just $ FunAssump { fassumpCtx = mrVarCtxFromOuterToInner args, + fassumpFun = f1, fassumpArgs = args1, + fassumpRHS = rhs, + fassumpAnnotation = ann } +asFunAssump _ _ = Nothing + + +---------------------------------------------------------------------- +-- * Refinement Sets +---------------------------------------------------------------------- + +-- | A set of refinements whose left-hand-sides are function applications, +-- represented as 'FunAssump's. Internally, a map from the 'VarIndex'es of the +-- LHS functions to 'FunAssump's describing the complete refinement. +type Refnset t = HashMap VarIndex (Map [TermProj] (FunAssump t)) + +-- | The 'Refnset' with no refinements +emptyRefnset :: Refnset t +emptyRefnset = HashMap.empty + +-- | Given a 'FunName' and a 'Refnset', return the 'FunAssump' which has +-- the given 'FunName' as its LHS function, if possible +lookupFunAssump :: FunName -> Refnset t -> Maybe (FunAssump t) +lookupFunAssump (GlobalName (GlobalDef _ ix _ _ _) projs) refSet = + HashMap.lookup ix refSet >>= Map.lookup projs +lookupFunAssump _ _ = Nothing + +-- | Add a 'FunAssump' to a 'Refnset' +addFunAssump :: FunAssump t -> Refnset t -> Refnset t +addFunAssump fa@(fassumpFun -> GlobalName (GlobalDef _ ix _ _ _) projs) = + HashMap.insertWith (\_ -> Map.insert projs fa) ix + (Map.singleton projs fa) +addFunAssump _ = error "Cannot insert a non-global name into a Refnset" + +-- | Return the list of 'FunAssump's in a given 'Refnset' +listFunAssumps :: Refnset t -> [FunAssump t] +listFunAssumps = concatMap Map.elems . HashMap.elems + + +---------------------------------------------------------------------- +-- * Mr Solver Environments +---------------------------------------------------------------------- + +-- | A global MR Solver environment +data MREnv = MREnv { + -- | The debug level, which controls debug printing + mreDebugLevel :: Int +} + +-- | The empty 'MREnv' +emptyMREnv :: MREnv +emptyMREnv = MREnv { mreDebugLevel = 0 } + +-- | Set the debug level of a Mr Solver environment +mrEnvSetDebugLevel :: Int -> MREnv -> MREnv +mrEnvSetDebugLevel dlvl env = env { mreDebugLevel = dlvl } + + +---------------------------------------------------------------------- +-- * Mr Solver Evidence +---------------------------------------------------------------------- + +-- | An entry in 'MREvidence' indicating a usage of an SMT solver or a +-- 'FunAssump' +data MREvidenceEntry t = MREUsedSolver !SolverStats !Term + | MREUsedFunAssump !t + +-- | Records evidence for the truth of a refinement proposition proved by +-- MRSolver. Currently, this is just a list of 'MREvidenceEntry's indicating +-- each instance where MRSolver needed to use an SMT solver or a 'FunAssump'. +-- FIXME: Have this data type actually provide evidence! i.e. have it keep +-- track of each refinement theorem used by MRSolver along the way. +type MREvidence t = [MREvidenceEntry t] + +-- | Verify that the given evidence in fact supports the given refinement +-- proposition. Returns the identifiers of all the theorems depended on while +-- checking evidence. +-- FIXME: Actually take in a refinement to check against! +checkMREvidence :: Ord t => MREvidence t -> IO (Set t, SolverStats) +checkMREvidence = return . foldMap' checkEntry + where checkEntry (MREUsedSolver stats _) = (mempty, stats) + checkEntry (MREUsedFunAssump t) = (Set.singleton t, mempty) diff --git a/src/SAWScript/Prover/MRSolver/Monad.hs b/src/SAWScript/Prover/MRSolver/Monad.hs index f025f2b724..aff5b94ed9 100644 --- a/src/SAWScript/Prover/MRSolver/Monad.hs +++ b/src/SAWScript/Prover/MRSolver/Monad.hs @@ -2,6 +2,7 @@ {-# LANGUAGE LambdaCase #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} +{-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE TupleSections #-} {-# LANGUAGE ViewPatterns #-} {-# LANGUAGE PatternSynonyms #-} @@ -29,6 +30,7 @@ import System.IO (hPutStrLn, stderr) import Control.Monad.Reader import Control.Monad.State import Control.Monad.Except +import Control.Monad.Catch (MonadThrow, MonadCatch) import Control.Monad.Trans.Maybe import GHC.Generics @@ -38,6 +40,9 @@ import qualified Data.Map as Map import Data.HashMap.Lazy (HashMap) import qualified Data.HashMap.Lazy as HashMap +import Data.Set (Set) +import qualified Data.Set as Set + import Prettyprinter import Verifier.SAW.Term.Functor @@ -47,8 +52,12 @@ import Verifier.SAW.SCTypeCheck import Verifier.SAW.SharedTerm import Verifier.SAW.Recognizer import Verifier.SAW.Cryptol.Monadify +import SAWScript.Prover.SolverStats +import SAWScript.Proof (Sequent, SolveResult) +import SAWScript.Value (TopLevel) import SAWScript.Prover.MRSolver.Term +import SAWScript.Prover.MRSolver.Evidence ---------------------------------------------------------------------- @@ -259,7 +268,7 @@ coIndHypSetArg hyp@(CoIndHyp {..}) (Right i) x = -- | Add a variable to the context of a coinductive hypothesis, returning the -- updated coinductive hypothesis and a 'Term' which is the new variable -coIndHypWithVar :: CoIndHyp -> LocalName -> Type -> MRM (CoIndHyp, Term) +coIndHypWithVar :: CoIndHyp -> LocalName -> Type -> MRM t (CoIndHyp, Term) coIndHypWithVar (CoIndHyp ctx f1 f2 args1 args2 invar1 invar2) nm tp = do var <- liftSC1 scLocalVar 0 let ctx' = mrVarCtxAppend (singletonMRVarCtx nm tp) ctx @@ -301,15 +310,20 @@ instance PrettyInCtx DataTypeAssump where type DataTypeAssumps = HashMap Term DataTypeAssump -- | Parameters and locals for MR. Solver -data MRInfo = MRInfo { +data MRInfo t = MRInfo { -- | Global shared context for building terms, etc. mriSC :: SharedContext, -- | SMT timeout for SMT calls made by Mr. Solver mriSMTTimeout :: Maybe Integer, - -- | The current context of universal variables - mriUVars :: MRVarCtx, -- | The top-level Mr Solver environment mriEnv :: MREnv, + -- | The function to be used as the SMT backend for Mr. Solver, taking a set + -- of uninterpreted variables and a proposition to prove + mriAskSMT :: Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult), + -- | The set of function refinements to assume + mriRefnset :: Refnset t, + -- | The current context of universal variables + mriUVars :: MRVarCtx, -- | The current set of co-inductive hypotheses mriCoIndHyps :: CoIndHyps, -- | The current assumptions, which are conjoined into a single Boolean term; @@ -320,7 +334,12 @@ data MRInfo = MRInfo { } -- | State maintained by MR. Solver -data MRState = MRState { +data MRState t = MRState { + -- | Cumulative stats on all solver runs made so far + mrsSolverStats :: SolverStats, + -- | The evidence object, which includes information about which + -- 'FunAssump's in 'mriRefnset' have been used so far + mrsEvidence :: MREvidence t, -- | The existential and letrec-bound variables mrsVars :: MRVarMap } @@ -334,89 +353,142 @@ data MRExn = MRExnFailure MRFailure -- | Mr. Monad, the monad used by MR. Solver, which has 'MRInfo' as as a -- shared environment, 'MRState' as state, and 'MRFailure' as an exception -- type, all over an 'IO' monad -newtype MRM a = MRM { unMRM :: ReaderT MRInfo (StateT MRState - (ExceptT MRExn IO)) a } - deriving newtype (Functor, Applicative, Monad, MonadIO, - MonadReader MRInfo, MonadState MRState, - MonadError MRExn) +newtype MRM t a = MRM { unMRM :: ReaderT (MRInfo t) (StateT (MRState t) + (ExceptT MRExn TopLevel)) a } + deriving newtype (Functor, Applicative, Monad, MonadIO, + MonadReader (MRInfo t), MonadState (MRState t), + MonadError MRExn, MonadThrow, MonadCatch) -instance MonadTerm MRM where +instance MonadTerm (MRM t) where mkTermF = liftSC1 scTermF liftTerm = liftSC3 incVars whnfTerm = liftSC1 scWhnf substTerm = liftSC3 instantiateVarList -- | Get the current value of 'mriSC' -mrSC :: MRM SharedContext +mrSC :: MRM t SharedContext mrSC = mriSC <$> ask -- | Get the current value of 'mriSMTTimeout' -mrSMTTimeout :: MRM (Maybe Integer) +mrSMTTimeout :: MRM t (Maybe Integer) mrSMTTimeout = mriSMTTimeout <$> ask -- | Get the current value of 'mriUVars' -mrUVars :: MRM MRVarCtx +mrUVars :: MRM t MRVarCtx mrUVars = mriUVars <$> ask -- | Get the current function assumptions -mrFunAssumps :: MRM FunAssumps -mrFunAssumps = mreFunAssumps <$> mriEnv <$> ask +mrRefnset :: MRM t (Refnset t) +mrRefnset = mriRefnset <$> ask -- | Get the current value of 'mriCoIndHyps' -mrCoIndHyps :: MRM CoIndHyps +mrCoIndHyps :: MRM t CoIndHyps mrCoIndHyps = mriCoIndHyps <$> ask -- | Get the current value of 'mriAssumptions' -mrAssumptions :: MRM Term +mrAssumptions :: MRM t Term mrAssumptions = mriAssumptions <$> ask -- | Get the current value of 'mriDataTypeAssumps' -mrDataTypeAssumps :: MRM DataTypeAssumps +mrDataTypeAssumps :: MRM t DataTypeAssumps mrDataTypeAssumps = mriDataTypeAssumps <$> ask +-- | Call the SMT backend given by 'mriAskSMT' on a set of uninterpreted +-- variables and a proposition to prove +mrAskSMT :: Set VarIndex -> Sequent -> MRM t (SolverStats, SolveResult) +mrAskSMT unints goal = do + askSMT <- mriAskSMT <$> ask + MRM $ lift $ lift $ lift $ askSMT unints goal + -- | Get the current debug level -mrDebugLevel :: MRM Int +mrDebugLevel :: MRM t Int mrDebugLevel = mreDebugLevel <$> mriEnv <$> ask -- | Get the current value of 'mriEnv' -mrEnv :: MRM MREnv +mrEnv :: MRM t MREnv mrEnv = mriEnv <$> ask +-- | Get the current value of 'mrsSolverStats' +mrSolverStats :: MRM t SolverStats +mrSolverStats = mrsSolverStats <$> get + +-- | Get the current value of 'mrsEvidence' +mrEvidence :: MRM t (MREvidence t) +mrEvidence = mrsEvidence <$> get + -- | Get the current value of 'mrsVars' -mrVars :: MRM MRVarMap +mrVars :: MRM t MRVarMap mrVars = mrsVars <$> get --- | Run an 'MRM' computation and return a result or an error -runMRM :: SharedContext -> Maybe Integer -> MREnv -> - MRM a -> IO (Either MRFailure a) -runMRM sc timeout env m = - do true_tm <- scBool sc True +-- | Run an 'MRM' computation and return a result or an error, including the +-- final state of 'mrsSolverStats' and 'mrsEvidence' +runMRM :: + SharedContext -> + MREnv {- ^ The Mr Solver environment -} -> + Maybe Integer {- ^ Timeout in milliseconds for each SMT call -} -> + (Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult)) + {- ^ The callback to use for making SMT queries -} -> + Refnset t {- ^ Any additional refinements to be assumed by Mr Solver -} -> + MRM t a {- ^ The monadic computation to run -} -> + TopLevel (Either MRFailure (a, (SolverStats, MREvidence t))) +runMRM sc env timeout askSMT rs m = + do true_tm <- liftIO $ scBool sc True let init_info = MRInfo { mriSC = sc, mriSMTTimeout = timeout, - mriEnv = env, + mriEnv = env, mriAskSMT = askSMT, + mriRefnset = rs, mriUVars = emptyMRVarCtx, mriCoIndHyps = Map.empty, mriAssumptions = true_tm, mriDataTypeAssumps = HashMap.empty } - let init_st = MRState { mrsVars = Map.empty } - res <- runExceptT $ flip evalStateT init_st $ + let init_st = MRState { mrsSolverStats = mempty, mrsEvidence = mempty, + mrsVars = Map.empty } + res <- runExceptT $ flip runStateT init_st $ flip runReaderT init_info $ unMRM m case res of - Right a -> return $ Right a + Right (a, st) -> return $ Right (a, (mrsSolverStats st, mrsEvidence st)) Left (MRExnFailure failure) -> return $ Left failure Left exn -> fail ("runMRM: unexpected internal exception: " ++ show exn) +-- | Run an 'MRM' computation and return a result or an error, discarding the +-- final state +evalMRM :: + SharedContext -> + MREnv {- ^ The Mr Solver environment -} -> + Maybe Integer {- ^ Timeout in milliseconds for each SMT call -} -> + (Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult)) + {- ^ The callback to use for making SMT queries -} -> + Refnset t {- ^ Any additional refinements to be assumed by Mr Solver -} -> + MRM t a {- ^ The monadic computation to eval -} -> + TopLevel (Either MRFailure a) +evalMRM sc env timeout askSMT rs = + fmap (fmap fst) . runMRM sc env timeout askSMT rs + +-- | Run an 'MRM' computation and return a final state or an error, discarding +-- the result +execMRM :: + SharedContext -> + MREnv {- ^ The Mr Solver environment -} -> + Maybe Integer {- ^ Timeout in milliseconds for each SMT call -} -> + (Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult)) + {- ^ The callback to use for making SMT queries -} -> + Refnset t {- ^ Any additional refinements to be assumed by Mr Solver -} -> + MRM t a {- ^ The monadic computation to exec -} -> + TopLevel (Either MRFailure (SolverStats, MREvidence t)) +execMRM sc env timeout askSMT rs = + fmap (fmap snd) . runMRM sc env timeout askSMT rs + -- | Throw an 'MRFailure' -throwMRFailure :: MRFailure -> MRM a +throwMRFailure :: MRFailure -> MRM t a throwMRFailure = throwError . MRExnFailure -- | Apply a function to any failure thrown by an 'MRM' computation -mapMRFailure :: (MRFailure -> MRFailure) -> MRM a -> MRM a +mapMRFailure :: (MRFailure -> MRFailure) -> MRM t a -> MRM t a mapMRFailure f m = catchError m $ \case MRExnFailure failure -> throwError $ MRExnFailure $ f failure e -> throwError e -- | Catch any 'MRFailure' raised by a computation -catchFailure :: MRM a -> (MRFailure -> MRM a) -> MRM a +catchFailure :: MRM t a -> (MRFailure -> MRM t a) -> MRM t a catchFailure m f = m `catchError` \case MRExnFailure failure -> f failure @@ -424,14 +496,14 @@ catchFailure m f = -- | Try two different 'MRM' computations, combining their failures if needed. -- Note that the 'MRState' will reset if the first computation fails. -mrOr :: MRM a -> MRM a -> MRM a +mrOr :: MRM t a -> MRM t a -> MRM t a mrOr m1 m2 = catchFailure m1 $ \err1 -> catchFailure m2 $ \err2 -> throwMRFailure $ MRFailureDisj err1 err2 -- | Run an 'MRM' computation in an extended failure context -withFailureCtx :: FailCtx -> MRM a -> MRM a +withFailureCtx :: FailCtx -> MRM t a -> MRM t a withFailureCtx ctx = mapMRFailure (MRFailureCtx ctx) {- @@ -444,29 +516,29 @@ catchErrorEither m = catchError (Right <$> m) (return . Left) -- typeclass like LiftTCM -- | Lift a nullary SharedTerm computation into 'MRM' -liftSC0 :: (SharedContext -> IO a) -> MRM a +liftSC0 :: (SharedContext -> IO a) -> MRM t a liftSC0 f = mrSC >>= \sc -> liftIO (f sc) -- | Lift a unary SharedTerm computation into 'MRM' -liftSC1 :: (SharedContext -> a -> IO b) -> a -> MRM b +liftSC1 :: (SharedContext -> a -> IO b) -> a -> MRM t b liftSC1 f a = mrSC >>= \sc -> liftIO (f sc a) -- | Lift a binary SharedTerm computation into 'MRM' -liftSC2 :: (SharedContext -> a -> b -> IO c) -> a -> b -> MRM c +liftSC2 :: (SharedContext -> a -> b -> IO c) -> a -> b -> MRM t c liftSC2 f a b = mrSC >>= \sc -> liftIO (f sc a b) -- | Lift a ternary SharedTerm computation into 'MRM' -liftSC3 :: (SharedContext -> a -> b -> c -> IO d) -> a -> b -> c -> MRM d +liftSC3 :: (SharedContext -> a -> b -> c -> IO d) -> a -> b -> c -> MRM t d liftSC3 f a b c = mrSC >>= \sc -> liftIO (f sc a b c) -- | Lift a quaternary SharedTerm computation into 'MRM' liftSC4 :: (SharedContext -> a -> b -> c -> d -> IO e) -> a -> b -> c -> d -> - MRM e + MRM t e liftSC4 f a b c d = mrSC >>= \sc -> liftIO (f sc a b c d) -- | Lift a quinary SharedTerm computation into 'MRM' liftSC5 :: (SharedContext -> a -> b -> c -> d -> e -> IO f) -> - a -> b -> c -> d -> e -> MRM f + a -> b -> c -> d -> e -> MRM t f liftSC5 f a b c d e = mrSC >>= \sc -> liftIO (f sc a b c d e) @@ -475,25 +547,25 @@ liftSC5 f a b c d e = mrSC >>= \sc -> liftIO (f sc a b c d e) ---------------------------------------------------------------------- -- | Create a term representing the type @IsFinite n@ -mrIsFinite :: Term -> MRM Term +mrIsFinite :: Term -> MRM t Term mrIsFinite n = liftSC2 scGlobalApply "CryptolM.isFinite" [n] -- | Create a term representing an application of @Prelude.error@ -mrErrorTerm :: Term -> T.Text -> MRM Term +mrErrorTerm :: Term -> T.Text -> MRM t Term mrErrorTerm a str = do err_str <- liftSC1 scString str liftSC2 scGlobalApply "Prelude.error" [a, err_str] -- | Create a term representing an application of @Prelude.genBVVecFromVec@, -- where the default value argument is @Prelude.error@ of the given 'T.Text' -mrGenBVVecFromVec :: Term -> Term -> Term -> T.Text -> Term -> Term -> MRM Term +mrGenBVVecFromVec :: Term -> Term -> Term -> T.Text -> Term -> Term -> MRM t Term mrGenBVVecFromVec m a v def_err_str n len = do err_tm <- mrErrorTerm a def_err_str liftSC2 scGlobalApply "Prelude.genBVVecFromVec" [m, a, v, err_tm, n, len] -- | Create a term representing an application of @Prelude.genFromBVVec@, -- where the default value argument is @Prelude.error@ of the given 'T.Text' -mrGenFromBVVec :: Term -> Term -> Term -> Term -> T.Text -> Term -> MRM Term +mrGenFromBVVec :: Term -> Term -> Term -> Term -> T.Text -> Term -> MRM t Term mrGenFromBVVec n len a v def_err_str m = do err_tm <- mrErrorTerm a def_err_str liftSC2 scGlobalApply "Prelude.genFromBVVec" [n, len, a, v, err_tm, m] @@ -504,7 +576,7 @@ mrGenFromBVVec n len a v def_err_str m = ---------------------------------------------------------------------- -- | Apply a 'TermProj' to perform a projection on a 'Term' -doTermProj :: Term -> TermProj -> MRM Term +doTermProj :: Term -> TermProj -> MRM t Term doTermProj (asPairValue -> Just (t, _)) TermProjLeft = return t doTermProj (asPairValue -> Just (_, t)) TermProjRight = return t doTermProj (asRecordValue -> Just t_map) (TermProjRecord fld) @@ -515,7 +587,7 @@ doTermProj t (TermProjRecord fld) = liftSC2 scRecordSelect t fld -- | Apply a 'TermProj' to a type to get the output type of the projection, -- assuming that the type is already normalized -doTypeProj :: Term -> TermProj -> MRM Term +doTypeProj :: Term -> TermProj -> MRM t Term doTypeProj (asPairType -> Just (tp1, _)) TermProjLeft = return tp1 doTypeProj (asPairType -> Just (_, tp2)) TermProjRight = return tp2 doTypeProj (asRecordType -> Just tp_map) (TermProjRecord fld) @@ -527,7 +599,7 @@ doTypeProj _ _ = error "doTypeProj" -- | Get and normalize the type of a 'FunName' -funNameType :: FunName -> MRM Term +funNameType :: FunName -> MRM t Term funNameType (CallSName var) = liftSC1 scWhnf $ mrVarType var funNameType (EVarFunName var) = liftSC1 scWhnf $ mrVarType var funNameType (GlobalName gd projs) = @@ -535,28 +607,28 @@ funNameType (GlobalName gd projs) = foldM doTypeProj gd_tp projs -- | Apply a 'Term' to a list of arguments and beta-reduce in Mr. Monad -mrApplyAll :: Term -> [Term] -> MRM Term +mrApplyAll :: Term -> [Term] -> MRM t Term mrApplyAll f args = liftSC2 scApplyAllBeta f args -- | Apply a 'Term' to a single argument and beta-reduce in Mr. Monad -mrApply :: Term -> Term -> MRM Term +mrApply :: Term -> Term -> MRM t Term mrApply f arg = mrApplyAll f [arg] -- | Return the unit type as a 'Type' -mrUnitType :: MRM Type +mrUnitType :: MRM t Type mrUnitType = Type <$> liftSC0 scUnitType -- | Build a constructor application in Mr. Monad -mrCtorApp :: Ident -> [Term] -> MRM Term +mrCtorApp :: Ident -> [Term] -> MRM t Term mrCtorApp = liftSC2 scCtorApp -- | Build a 'Term' for a global in Mr. Monad -mrGlobalTerm :: Ident -> MRM Term +mrGlobalTerm :: Ident -> MRM t Term mrGlobalTerm = liftSC1 scGlobalDef -- | Like 'scBvConst', but if given a bitvector literal it is converted to a -- natural number literal -mrBvToNat :: Term -> Term -> MRM Term +mrBvToNat :: Term -> Term -> MRM t Term mrBvToNat _ (asArrayValue -> Just (asBoolType -> Just _, mapM asBool -> Just bits)) = liftSC1 scNat $ foldl' (\n bit -> if bit then 2*n+1 else 2*n) 0 bits @@ -565,30 +637,30 @@ mrBvToNat n len = liftSC2 scGlobalApply "Prelude.bvToNat" [n, len] -- | Get the current context of uvars as a list of variable names and their -- types as SAW core 'Term's, with the least recently bound uvar first, i.e., in -- the order as seen "from the outside" -mrUVarsOuterToInner :: MRM [(LocalName,Term)] +mrUVarsOuterToInner :: MRM t [(LocalName,Term)] mrUVarsOuterToInner = mrVarCtxOuterToInner <$> mrUVars -- | Get the current context of uvars as a list of variable names and their -- types as SAW core 'Term's, with the most recently bound uvar first, i.e., in -- the order as seen "from the inside" -mrUVarsInnerToOuter :: MRM [(LocalName,Term)] +mrUVarsInnerToOuter :: MRM t [(LocalName,Term)] mrUVarsInnerToOuter = mrVarCtxInnerToOuter <$> mrUVars -- | Get the type of a 'Term' in the current uvar context -mrTypeOf :: Term -> MRM Term +mrTypeOf :: Term -> MRM t Term mrTypeOf t = -- NOTE: scTypeOf' wants the type context in the most recently bound var first -- mrDebugPPPrefix 3 "mrTypeOf:" t >> mrUVarsInnerToOuter >>= \ctx -> liftSC2 scTypeOf' (map snd ctx) t -- | Check if two 'Term's are convertible in the 'MRM' monad -mrConvertible :: Term -> Term -> MRM Bool +mrConvertible :: Term -> Term -> MRM t Bool mrConvertible = liftSC4 scConvertibleEval scTypeCheckWHNF True -- | Take a 'FunName' @f@ for a monadic function of type @vars -> SpecM a@ and -- compute the type @SpecM [args/vars]a@ of @f@ applied to @args@. Return the -- type @[args/vars]a@ that @SpecM@ is applied to, along with its parameters. -mrFunOutType :: FunName -> [Term] -> MRM (SpecMParams Term, Term) +mrFunOutType :: FunName -> [Term] -> MRM t (SpecMParams Term, Term) mrFunOutType fname args = mrApplyAll (funNameTerm fname) args >>= mrTypeOf >>= \case (asSpecM -> Just (params, tp)) -> (params,) <$> liftSC1 scWhnf tp @@ -618,7 +690,7 @@ uniquifyNames (nm:nms) nms_other = -- | Build a lambda term with the lifting (in the sense of 'incVars') of an -- MR Solver term mrLambdaLift :: TermLike tm => [(LocalName,Term)] -> tm -> - ([Term] -> tm -> MRM Term) -> MRM Term + ([Term] -> tm -> MRM t Term) -> MRM t Term mrLambdaLift [] t f = f [] t mrLambdaLift ctx t f = do -- uniquifyNames doesn't care about the order of the names in its second, @@ -636,7 +708,7 @@ mrLambdaLift ctx t f = -- | Call 'mrLambdaLift' with exactly one 'Term' argument. mrLambdaLift1 :: TermLike tm => (LocalName,Term) -> tm -> - (Term -> tm -> MRM Term) -> MRM Term + (Term -> tm -> MRM t Term) -> MRM t Term mrLambdaLift1 ctx t f = mrLambdaLift [ctx] t $ \vars t' -> case vars of @@ -645,7 +717,7 @@ mrLambdaLift1 ctx t f = -- | Call 'mrLambdaLift' with exactly two 'Term' arguments. mrLambdaLift2 :: TermLike tm => (LocalName,Term) -> (LocalName,Term) -> tm -> - (Term -> Term -> tm -> MRM Term) -> MRM Term + (Term -> Term -> tm -> MRM t Term) -> MRM t Term mrLambdaLift2 ctx1 ctx2 t f = mrLambdaLift [ctx1, ctx2] t $ \vars t' -> case vars of @@ -655,7 +727,7 @@ mrLambdaLift2 ctx1 ctx2 t f = -- | Run a MR Solver computation in a context extended with a universal -- variable, which is passed as a 'Term' to the sub-computation. Note that any -- assumptions made in the sub-computation will be lost when it completes. -withUVar :: LocalName -> Type -> (Term -> MRM a) -> MRM a +withUVar :: LocalName -> Type -> (Term -> MRM t a) -> MRM t a withUVar nm tp m = withUVars (singletonMRVarCtx nm tp) $ \case [v] -> m v _ -> error "withUVar: impossible" @@ -663,13 +735,13 @@ withUVar nm tp m = withUVars (singletonMRVarCtx nm tp) $ \case -- | Run a MR Solver computation in a context extended with a universal variable -- and pass it the lifting (in the sense of 'incVars') of an MR Solver term withUVarLift :: TermLike tm => LocalName -> Type -> tm -> - (Term -> tm -> MRM a) -> MRM a + (Term -> tm -> MRM t a) -> MRM t a withUVarLift nm tp t m = withUVar nm tp (\x -> liftTermLike 0 1 t >>= m x) -- | Run a MR Solver computation in a context extended with a list of universal -- variables, passing 'Term's for those variables to the supplied computation. -withUVars :: MRVarCtx -> ([Term] -> MRM a) -> MRM a +withUVars :: MRVarCtx -> ([Term] -> MRM t a) -> MRM t a withUVars (mrVarCtxLength -> 0) f = f [] withUVars ctx f = do -- for uniquifyNames, we want to consider the oldest names first, thus we @@ -694,7 +766,7 @@ withUVars ctx f = foldr (\nm m -> mapMRFailure (MRFailureLocalVar nm) m) (f vars) nms -- | Run a MR Solver in a top-level context, i.e., with no uvars or assumptions -withNoUVars :: MRM a -> MRM a +withNoUVars :: MRM t a -> MRM t a withNoUVars m = do true_tm <- liftSC1 scBool True local (\info -> info { mriUVars = emptyMRVarCtx, mriAssumptions = true_tm, @@ -702,35 +774,35 @@ withNoUVars m = -- | Run a MR Solver in a context of only the specified UVars, no others - -- note that this also clears all assumptions -withOnlyUVars :: MRVarCtx -> MRM a -> MRM a +withOnlyUVars :: MRVarCtx -> MRM t a -> MRM t a withOnlyUVars vars m = withNoUVars $ withUVars vars $ const m -- | Build 'Term's for all the uvars currently in scope, ordered from least to -- most recently bound -getAllUVarTerms :: MRM [Term] +getAllUVarTerms :: MRM t [Term] getAllUVarTerms = (mrVarCtxLength <$> mrUVars) >>= \len -> mapM (liftSC1 scLocalVar) [len-1, len-2 .. 0] -- | Lambda-abstract all the current uvars out of a 'Term', with the least -- recently bound variable being abstracted first -lambdaUVarsM :: Term -> MRM Term +lambdaUVarsM :: Term -> MRM t Term lambdaUVarsM t = mrUVarsOuterToInner >>= \ctx -> liftSC2 scLambdaList ctx t -- | Pi-abstract all the current uvars out of a 'Term', with the least recently -- bound variable being abstracted first -piUVarsM :: Term -> MRM Term +piUVarsM :: Term -> MRM t Term piUVarsM t = mrUVarsOuterToInner >>= \ctx -> liftSC2 scPiList ctx t -- | Instantiate all uvars in a term using the supplied function -instantiateUVarsM :: TermLike a => (LocalName -> Term -> MRM Term) -> a -> MRM a +instantiateUVarsM :: forall a t. TermLike a => (LocalName -> Term -> MRM t Term) -> a -> MRM t a instantiateUVarsM f a = do ctx <- mrUVarsOuterToInner -- Remember: the uvar context is outermost to innermost, so we bind -- variables from left to right, substituting earlier ones into the types -- of later ones, but all substitutions are in reverse order, since -- substTerm and friends like innermost bindings first - let helper :: [Term] -> [(LocalName,Term)] -> MRM [Term] + let helper :: [Term] -> [(LocalName,Term)] -> MRM t [Term] helper tms [] = return tms helper tms ((nm,tp):vars) = do tp' <- substTerm 0 tms tp @@ -740,7 +812,7 @@ instantiateUVarsM f a = substTermLike 0 ecs a -- | Convert an 'MRVar' to a 'Term', applying it to all the uvars in scope -mrVarTerm :: MRVar -> MRM Term +mrVarTerm :: MRVar -> MRM t Term mrVarTerm (MRVar ec) = do var_tm <- liftSC1 scExtCns ec vars <- getAllUVarTerms @@ -750,15 +822,15 @@ mrVarTerm (MRVar ec) = -- should be of @Prop@ sort, by creating an 'ExtCns' axiom. This is sound as -- long as we only use the resulting term in computation branches where we know -- the proposition holds. -mrDummyProof :: Term -> MRM Term +mrDummyProof :: Term -> MRM t Term mrDummyProof tp = mrFreshVar "pf" tp >>= mrVarTerm -- | Get the 'VarInfo' associated with a 'MRVar' -mrVarInfo :: MRVar -> MRM (Maybe MRVarInfo) +mrVarInfo :: MRVar -> MRM t (Maybe MRVarInfo) mrVarInfo var = Map.lookup var <$> mrVars -- | Convert an 'ExtCns' to a 'FunName' -extCnsToFunName :: ExtCns Term -> MRM FunName +extCnsToFunName :: ExtCns Term -> MRM t FunName extCnsToFunName ec = let var = MRVar ec in mrVarInfo var >>= \case Just (EVarInfo _) -> return $ EVarFunName var Just (CallVarInfo _) -> return $ CallSName var @@ -768,19 +840,19 @@ extCnsToFunName ec = let var = MRVar ec in mrVarInfo var >>= \case _ -> error "extCnsToFunName: unreachable" -- | Get the 'FunName' of a global definition -mrGlobalDef :: Ident -> MRM FunName +mrGlobalDef :: Ident -> MRM t FunName mrGlobalDef ident = asTypedGlobalDef <$> liftSC1 scGlobalDef ident >>= \case Just glob -> return $ GlobalName glob [] _ -> error $ "mrGlobalDef: could not get GlobalDef of: " ++ show ident -- | Get the body of a global definition, raising an 'error' if none is found -mrGlobalDefBody :: Ident -> MRM Term +mrGlobalDefBody :: Ident -> MRM t Term mrGlobalDefBody ident = asConstant <$> liftSC1 scGlobalDef ident >>= \case Just (_, Just body) -> return body _ -> error $ "mrGlobalDefBody: global has no definition: " ++ show ident -- | Get the body of a function @f@ if it has one -mrFunNameBody :: FunName -> MRM (Maybe Term) +mrFunNameBody :: FunName -> MRM t (Maybe Term) mrFunNameBody (CallSName var) = mrVarInfo var >>= \case Just (CallVarInfo body) -> return $ Just body @@ -792,7 +864,7 @@ mrFunNameBody (GlobalName _ _) = return Nothing mrFunNameBody (EVarFunName _) = return Nothing -- | Get the body of a function @f@ applied to some arguments, if possible -mrFunBody :: FunName -> [Term] -> MRM (Maybe Term) +mrFunBody :: FunName -> [Term] -> MRM t (Maybe Term) mrFunBody f args = mrFunNameBody f >>= \case Just body -> Just <$> mrApplyAll body args Nothing -> return Nothing @@ -800,7 +872,7 @@ mrFunBody f args = mrFunNameBody f >>= \case -- | Get the body of a function @f@ applied to some arguments, as per -- 'mrFunBody', and also return whether its body recursively calls itself, as -- per 'mrCallsFun' -mrFunBodyRecInfo :: FunName -> [Term] -> MRM (Maybe (Term, Bool)) +mrFunBodyRecInfo :: FunName -> [Term] -> MRM t (Maybe (Term, Bool)) mrFunBodyRecInfo f args = mrFunBody f args >>= \case Just f_body -> Just <$> (f_body,) <$> mrCallsFun f f_body @@ -808,22 +880,17 @@ mrFunBodyRecInfo f args = -- | Test if a 'Term' contains, after possibly unfolding some functions, a call -- to a given function @f@ again -mrCallsFun :: FunName -> Term -> MRM Bool -mrCallsFun f = memoFixTermFun $ \recurse t -> case t of - (asExtCns -> Just ec) -> - do g <- extCnsToFunName ec - maybe_body <- mrFunNameBody g - case maybe_body of - _ | f == g -> return True - Just body -> recurse body - Nothing -> return False - (asTypedGlobalProj -> Just (gdef, projs)) -> - case globalDefBody gdef of - _ | f == GlobalName gdef projs -> return True - Just body -> recurse body - Nothing -> return False +mrCallsFun :: FunName -> Term -> MRM t Bool +mrCallsFun f = flip memoFixTermFunAccum Set.empty $ \recurse seen t -> + let onFunName g = mrFunNameBody g >>= \case + _ | f == g -> return True + Just body | Set.notMember g seen -> recurse (Set.insert g seen) body + _ -> return False + in case t of + (asExtCns -> Just ec) -> extCnsToFunName ec >>= onFunName + (asGlobalFunName -> Just g) -> onFunName g (unwrapTermF -> tf) -> - foldM (\b t' -> if b then return b else recurse t') False tf + foldM (\b t' -> if b then return b else recurse seen t') False tf ---------------------------------------------------------------------- @@ -832,16 +899,16 @@ mrCallsFun f = memoFixTermFun $ \recurse t -> case t of -- | Make a fresh 'MRVar' of a given type, which must be closed, i.e., have no -- free uvars -mrFreshVarCl :: LocalName -> Term -> MRM MRVar +mrFreshVarCl :: LocalName -> Term -> MRM t MRVar mrFreshVarCl nm tp = MRVar <$> liftSC2 scFreshEC nm tp -- | Make a fresh 'MRVar' of type @(u1:tp1) -> ... (un:tpn) -> tp@, where the -- @ui@ are all the current uvars -mrFreshVar :: LocalName -> Term -> MRM MRVar +mrFreshVar :: LocalName -> Term -> MRM t MRVar mrFreshVar nm tp = piUVarsM tp >>= mrFreshVarCl nm -- | Set the info associated with an 'MRVar', assuming it has not been set -mrSetVarInfo :: MRVar -> MRVarInfo -> MRM () +mrSetVarInfo :: MRVar -> MRVarInfo -> MRM t () mrSetVarInfo var info = debugPretty 3 ("mrSetVarInfo" <+> ppInEmptyCtx var <+> "=" <+> ppInEmptyCtx info) >> (modify $ \st -> @@ -853,7 +920,7 @@ mrSetVarInfo var info = -- | Make a fresh existential variable of the given type, abstracting out all -- the current uvars and returning the new evar applied to all current uvars -mrFreshEVar :: LocalName -> Type -> MRM Term +mrFreshEVar :: LocalName -> Type -> MRM t Term mrFreshEVar nm (Type tp) = do var <- mrFreshVar nm tp mrSetVarInfo var (EVarInfo Nothing) @@ -861,21 +928,21 @@ mrFreshEVar nm (Type tp) = -- | Return a fresh sequence of existential variables from a 'MRVarCtx'. -- Return the new evars all applied to the current uvars. -mrFreshEVars :: MRVarCtx -> MRM [Term] +mrFreshEVars :: MRVarCtx -> MRM t [Term] mrFreshEVars = helper [] . mrVarCtxOuterToInner where -- Return fresh evars for the suffix of a context of variable names and types, -- where the supplied Terms are evars that have already been generated for the -- earlier part of the context, and so must be substituted into the remaining -- types in the context. Since we want to make fresh evars for the oldest -- variables first, the second argument must be in outer-to-inner order. - helper :: [Term] -> [(LocalName,Term)] -> MRM [Term] + helper :: [Term] -> [(LocalName,Term)] -> MRM t [Term] helper evars [] = return evars helper evars ((nm,tp):ctx) = do evar <- substTerm 0 evars tp >>= mrFreshEVar nm . Type helper (evar:evars) ctx -- | Set the value of an evar to a closed term -mrSetEVarClosed :: MRVar -> Term -> MRM () +mrSetEVarClosed :: MRVar -> Term -> MRM t () mrSetEVarClosed var val = do val_tp <- mrTypeOf val -- NOTE: need to instantiate any evars in the type of var, to ensure the @@ -906,7 +973,7 @@ mrSetEVarClosed var val = -- expression @e@ by trying to set @X@ to @\ x1 ... xn -> e@. This only works if -- each free uvar @xi@ in @e@ is one of the arguments @ej@ to @X@ (though it -- need not be the case that @i=j@). Return whether this succeeded. -mrTrySetAppliedEVar :: MRVar -> [Term] -> Term -> MRM Bool +mrTrySetAppliedEVar :: MRVar -> [Term] -> Term -> MRM t Bool mrTrySetAppliedEVar evar args t = -- Get the complete list of argument variables of the type of evar let (evar_vars, _) = asPiList (mrVarType evar) in @@ -947,7 +1014,7 @@ mrTrySetAppliedEVar evar args t = -- | Replace all evars in a 'Term' with their instantiations when they have one -mrSubstEVars :: Term -> MRM Term +mrSubstEVars :: Term -> MRM t Term mrSubstEVars = memoFixTermFun $ \recurse t -> do var_map <- mrVars case t of @@ -959,7 +1026,7 @@ mrSubstEVars = memoFixTermFun $ \recurse t -> -- | Replace all evars in a 'Term' with their instantiations, returning -- 'Nothing' if we hit an uninstantiated evar -mrSubstEVarsStrict :: Term -> MRM (Maybe Term) +mrSubstEVarsStrict :: Term -> MRM t (Maybe Term) mrSubstEVarsStrict top_t = runMaybeT $ flip memoFixTermFun top_t $ \recurse t -> do var_map <- lift mrVars @@ -974,15 +1041,15 @@ mrSubstEVarsStrict top_t = _ -> traverseSubterms recurse t -- | Makes 'mrSubstEVarsStrict' be marked as used -_mrSubstEVarsStrict :: Term -> MRM (Maybe Term) +_mrSubstEVarsStrict :: Term -> MRM t (Maybe Term) _mrSubstEVarsStrict = mrSubstEVarsStrict -- | Get the 'CoIndHyp' for a pair of 'FunName's, if there is one -mrGetCoIndHyp :: FunName -> FunName -> MRM (Maybe CoIndHyp) +mrGetCoIndHyp :: FunName -> FunName -> MRM t (Maybe CoIndHyp) mrGetCoIndHyp nm1 nm2 = Map.lookup (nm1, nm2) <$> mrCoIndHyps -- | Run a compuation under an additional co-inductive assumption -withCoIndHyp :: CoIndHyp -> MRM a -> MRM a +withCoIndHyp :: CoIndHyp -> MRM t a -> MRM t a withCoIndHyp hyp m = do debugPretty 2 ("withCoIndHyp" <+> ppInEmptyCtx hyp) hyps' <- Map.insert (coIndHypLHSFun hyp, @@ -991,7 +1058,7 @@ withCoIndHyp hyp m = -- | Generate fresh evars for the context of a 'CoIndHyp' and -- substitute them into its arguments and right-hand side -instantiateCoIndHyp :: CoIndHyp -> MRM ([Term], [Term]) +instantiateCoIndHyp :: CoIndHyp -> MRM t ([Term], [Term]) instantiateCoIndHyp (CoIndHyp {..}) = do evars <- mrFreshEVars coIndHypCtx lhs <- substTermLike 0 evars coIndHypLHS @@ -1001,9 +1068,9 @@ instantiateCoIndHyp (CoIndHyp {..}) = -- | Apply the invariants of a 'CoIndHyp' to their respective arguments, -- yielding @Bool@ conditions, using the constant @True@ value when an -- invariant is absent -applyCoIndHypInvariants :: CoIndHyp -> MRM (Term, Term) +applyCoIndHypInvariants :: CoIndHyp -> MRM t (Term, Term) applyCoIndHypInvariants hyp = - let apply_invariant :: Maybe Term -> [Term] -> MRM Term + let apply_invariant :: Maybe Term -> [Term] -> MRM t Term apply_invariant (Just (asLambdaList -> (vars, phi))) args | length vars == length args -- NOTE: applying to a list of arguments == substituting the reverse @@ -1018,23 +1085,21 @@ applyCoIndHypInvariants hyp = return (invar1, invar2) -- | Look up the 'FunAssump' for a 'FunName', if there is one -mrGetFunAssump :: FunName -> MRM (Maybe FunAssump) -mrGetFunAssump nm = Map.lookup nm <$> mrFunAssumps +mrGetFunAssump :: FunName -> MRM t (Maybe (FunAssump t)) +mrGetFunAssump nm = lookupFunAssump nm <$> mrRefnset -- | Run a computation under the additional assumption that a named function -- applied to a list of arguments refines a given right-hand side, all of which -- are 'Term's that can have the current uvars free -withFunAssump :: FunName -> [Term] -> NormComp -> MRM a -> MRM a +withFunAssump :: FunName -> [Term] -> Term -> MRM t a -> MRM t a withFunAssump fname args rhs m = do k <- mkCompFunReturn <$> mrFunOutType fname args mrDebugPPPrefixSep 1 "withFunAssump" (FunBind fname args k) "|=" rhs ctx <- mrUVars - assumps <- mrFunAssumps - let assump = FunAssump ctx args (RewriteFunAssump rhs) - let assumps' = Map.insert fname assump assumps - local (\info -> - let env' = (mriEnv info) { mreFunAssumps = assumps' } in - info { mriEnv = env' }) m + rs <- mrRefnset + let assump = FunAssump ctx fname args (RewriteFunAssump rhs) Nothing + let rs' = addFunAssump assump rs + local (\info -> info { mriRefnset = rs' }) m -- | Get the invariant hint associated with a function name, by unfolding the -- name and checking if its body has the form @@ -1044,14 +1109,14 @@ withFunAssump fname args rhs m = -- If so, return @\ x1 ... xn -> phi@ as a term with the @xi@ variables free. -- Otherwise, return 'Nothing'. Note that this function will also look past -- any initial @bindM ... (assertFiniteM ...)@ applications. -mrGetInvariant :: FunName -> MRM (Maybe Term) +mrGetInvariant :: FunName -> MRM t (Maybe Term) mrGetInvariant nm = mrFunNameBody nm >>= \case Just body -> mrGetInvariantBody body _ -> return Nothing -- | The main loop of 'mrGetInvariant', which operates on a function body -mrGetInvariantBody :: Term -> MRM (Maybe Term) +mrGetInvariantBody :: Term -> MRM t (Maybe Term) mrGetInvariantBody tm = case asApplyAll tm of -- go inside any top-level lambdas (asLambda -> Just (nm, tp, body), []) -> @@ -1078,7 +1143,7 @@ mrGetInvariantBody tm = case asApplyAll tm of -- | Add an assumption of type @Bool@ to the current path condition while -- executing a sub-computation -withAssumption :: Term -> MRM a -> MRM a +withAssumption :: Term -> MRM t a -> MRM t a withAssumption phi m = do mrDebugPPPrefix 1 "withAssumption" phi assumps <- mrAssumptions @@ -1086,28 +1151,34 @@ withAssumption phi m = local (\info -> info { mriAssumptions = assumps' }) m -- | Remove any existing assumptions and replace them with a Boolean term -withOnlyAssumption :: Term -> MRM a -> MRM a +withOnlyAssumption :: Term -> MRM t a -> MRM t a withOnlyAssumption phi m = do mrDebugPPPrefix 1 "withOnlyAssumption" phi local (\info -> info { mriAssumptions = phi }) m -- | Add a 'DataTypeAssump' to the current context while executing a -- sub-computations -withDataTypeAssump :: Term -> DataTypeAssump -> MRM a -> MRM a +withDataTypeAssump :: Term -> DataTypeAssump -> MRM t a -> MRM t a withDataTypeAssump x assump m = do mrDebugPPPrefixSep 1 "withDataTypeAssump" x "==" assump dataTypeAssumps' <- HashMap.insert x assump <$> mrDataTypeAssumps local (\info -> info { mriDataTypeAssumps = dataTypeAssumps' }) m -- | Get the 'DataTypeAssump' associated to the given term, if one exists -mrGetDataTypeAssump :: Term -> MRM (Maybe DataTypeAssump) +mrGetDataTypeAssump :: Term -> MRM t (Maybe DataTypeAssump) mrGetDataTypeAssump x = HashMap.lookup x <$> mrDataTypeAssumps --- | Convert a 'FunAssumpRHS' to a 'NormComp' -mrFunAssumpRHSAsNormComp :: FunAssumpRHS -> MRM NormComp -mrFunAssumpRHSAsNormComp (OpaqueFunAssump f args) = - FunBind f args <$> mkCompFunReturn <$> mrFunOutType f args -mrFunAssumpRHSAsNormComp (RewriteFunAssump rhs) = return rhs +-- | Record a use of an SMT solver (for tracking 'SolverStats' and 'MRSolverEvidence') +recordUsedSolver :: SolverStats -> Term -> MRM t () +recordUsedSolver stats prop = + modify $ \st -> st { mrsSolverStats = stats <> mrsSolverStats st, + mrsEvidence = MREUsedSolver stats prop : mrsEvidence st } + +-- | Record a use of a 'FunAssump' (for 'MRSolverEvidence') +recordUsedFunAssump :: FunAssump t -> MRM t () +recordUsedFunAssump (fassumpAnnotation -> Just t) = + modify $ \st -> st { mrsEvidence = MREUsedFunAssump t : mrsEvidence st } +recordUsedFunAssump _ = return () ---------------------------------------------------------------------- @@ -1115,27 +1186,27 @@ mrFunAssumpRHSAsNormComp (RewriteFunAssump rhs) = return rhs ---------------------------------------------------------------------- -- | Print a 'String' if the debug level is at least the supplied 'Int' -debugPrint :: Int -> String -> MRM () +debugPrint :: Int -> String -> MRM t () debugPrint i str = mrDebugLevel >>= \lvl -> if lvl >= i then liftIO (hPutStrLn stderr str) else return () -- | Print a document if the debug level is at least the supplied 'Int' -debugPretty :: Int -> SawDoc -> MRM () +debugPretty :: Int -> SawDoc -> MRM t () debugPretty i pp = debugPrint i $ renderSawDoc defaultPPOpts pp -- | Pretty-print an object in the current context if the current debug level is -- at least the supplied 'Int' -debugPrettyInCtx :: PrettyInCtx a => Int -> a -> MRM () +debugPrettyInCtx :: PrettyInCtx a => Int -> a -> MRM t () debugPrettyInCtx i a = mrUVars >>= \ctx -> debugPrint i (showInCtx ctx a) -- | Pretty-print an object relative to the current context -mrPPInCtx :: PrettyInCtx a => a -> MRM SawDoc +mrPPInCtx :: PrettyInCtx a => a -> MRM t SawDoc mrPPInCtx a = runPPInCtxM (prettyInCtx a) <$> mrUVars -- | Pretty-print the result of 'ppWithPrefix' relative to the current uvar -- context to 'stderr' if the debug level is at least the 'Int' provided -mrDebugPPPrefix :: PrettyInCtx a => Int -> String -> a -> MRM () +mrDebugPPPrefix :: PrettyInCtx a => Int -> String -> a -> MRM t () mrDebugPPPrefix i pre a = mrUVars >>= \ctx -> debugPretty i $ @@ -1144,7 +1215,7 @@ mrDebugPPPrefix i pre a = -- | Pretty-print the result of 'ppWithPrefixSep' relative to the current uvar -- context to 'stderr' if the debug level is at least the 'Int' provided mrDebugPPPrefixSep :: (PrettyInCtx a, PrettyInCtx b) => - Int -> String -> a -> String -> b -> MRM () + Int -> String -> a -> String -> b -> MRM t () mrDebugPPPrefixSep i pre a1 sp a2 = mrUVars >>= \ctx -> debugPretty i $ diff --git a/src/SAWScript/Prover/MRSolver/SMT.hs b/src/SAWScript/Prover/MRSolver/SMT.hs index 369f4a26b2..5856d252d3 100644 --- a/src/SAWScript/Prover/MRSolver/SMT.hs +++ b/src/SAWScript/Prover/MRSolver/SMT.hs @@ -25,7 +25,7 @@ module SAWScript.Prover.MRSolver.SMT where import qualified Data.Vector as V import Numeric.Natural (Natural) import Control.Monad.Except -import qualified Control.Exception as X +import Control.Monad.Catch (throwM, catch) import Control.Monad.Trans.Maybe import Data.Foldable (foldrM, foldlM) import GHC.Generics @@ -48,10 +48,7 @@ import Verifier.SAW.Simulator.Prims import Verifier.SAW.Module import Verifier.SAW.Prelude.Constants import Verifier.SAW.FiniteValue - -import SAWScript.Proof (termToProp, propToTerm, prettyProp, propToSequent, sequentToSATQuery) -import What4.Solver -import SAWScript.Prover.What4 +import SAWScript.Proof (termToProp, propToTerm, prettyProp, propToSequent, SolveResult(..)) import SAWScript.Prover.MRSolver.Term import SAWScript.Prover.MRSolver.Monad @@ -350,7 +347,7 @@ smtNorm sc t = normalizeSharedTerm sc modmap (smtNormPrims sc) Map.empty Set.empty t -- | Normalize a 'Term' using some Mr Solver specific primitives -mrNormTerm :: Term -> MRM Term +mrNormTerm :: Term -> MRM t Term mrNormTerm t = debugPrint 2 "Normalizing term:" >> debugPrettyInCtx 2 t >> @@ -358,7 +355,7 @@ mrNormTerm t = -- | Normalize an open term by wrapping it in lambdas, normalizing, and then -- removing those lambdas -mrNormOpenTerm :: Term -> MRM Term +mrNormOpenTerm :: Term -> MRM t Term mrNormOpenTerm body = do length_ctx <- mrVarCtxLength <$> mrUVars fun_term <- lambdaUVarsM body @@ -380,7 +377,7 @@ mrNormOpenTerm body = -- uvars or 'MRVar's. -- -- FIXME: use the timeout! -mrProvableRaw :: Term -> MRM Bool +mrProvableRaw :: Term -> MRM t Bool mrProvableRaw prop_term = do sc <- mrSC prop <- liftSC1 termToProp prop_term @@ -388,32 +385,34 @@ mrProvableRaw prop_term = nenv <- liftIO (scGetNamingEnv sc) debugPrint 2 ("Calling SMT solver with proposition: " ++ prettyProp defaultPPOpts nenv prop) - satq <- liftIO $ sequentToSATQuery sc unints (propToSequent prop) - sym <- liftIO $ setupWhat4_sym True -- If there are any saw-core `error`s in the term, this will throw a -- Haskell error - in this case we want to just return False, not stop -- execution - smt_res <- liftIO $ - (Right <$> proveWhat4_solver z3Adapter sym sc satq (return ())) - `X.catch` \case + smt_res <- + (Right <$> mrAskSMT unints (propToSequent prop)) + `catch` \case UserError msg -> return $ Left msg - e -> X.throw e + e -> throwM e case smt_res of Left msg -> debugPrint 2 ("SMT solver encountered a saw-core error term: " ++ msg) >> return False - Right (Just cex, _) -> + Right (stats, SolveUnknown) -> + debugPrint 2 "SMT solver response: unknown" >> + recordUsedSolver stats prop_term >> return False + Right (stats, SolveCounterexample cex) -> debugPrint 2 "SMT solver response: not provable" >> debugPrint 3 ("Counterexample:" ++ concatMap (\(x,v) -> "\n - " ++ renderSawDoc defaultPPOpts (ppTerm defaultPPOpts (Unshared (FTermF (ExtCns x)))) ++ " = " ++ renderSawDoc defaultPPOpts (ppFirstOrderValue defaultPPOpts v)) cex) >> - return False - Right (Nothing, _) -> - debugPrint 2 "SMT solver response: provable" >> return True + recordUsedSolver stats prop_term >> return False + Right (stats, SolveSuccess _) -> + debugPrint 2 "SMT solver response: provable" >> + recordUsedSolver stats prop_term >> return True -- | Test if a Boolean term over the current uvars is provable given the current -- assumptions -mrProvable :: Term -> MRM Bool +mrProvable :: Term -> MRM t Bool mrProvable (asBool -> Just b) = return b mrProvable bool_tm = do mrUVars >>= mrDebugPPPrefix 3 "mrProvable uvars:" @@ -423,7 +422,7 @@ mrProvable bool_tm = mrNormTerm prop_inst >>= mrProvableRaw where -- | Given a UVar name and type, generate a 'Term' to be passed to -- SMT, with special cases for BVVec and pair types - instUVar :: LocalName -> Term -> MRM Term + instUVar :: LocalName -> Term -> MRM t Term instUVar nm tp = mrDebugPPPrefix 3 "instUVar" (nm, tp) >> liftSC1 scWhnf tp >>= \case (asNonBVVecVectorType -> Just (m, a)) -> @@ -533,13 +532,13 @@ nonTrivialConv (ConvComp cs) = not (null cs) -- | Return 'True' iff the given 'InjConversion's are convertible, i.e. if -- the two injective conversions are the compositions of the same constructors, -- and the arguments to those constructors are convertible via 'mrConvertible' -mrConvsConvertible :: InjConversion -> InjConversion -> MRM Bool +mrConvsConvertible :: InjConversion -> InjConversion -> MRM t Bool mrConvsConvertible (ConvComp cs1) (ConvComp cs2) = if length cs1 /= length cs2 then return False else and <$> zipWithM mrSingleConvsConvertible cs1 cs2 -- | Used in the definition of 'mrConvsConvertible' -mrSingleConvsConvertible :: SingleInjConversion -> SingleInjConversion -> MRM Bool +mrSingleConvsConvertible :: SingleInjConversion -> SingleInjConversion -> MRM t Bool mrSingleConvsConvertible SingleNatToNum SingleNatToNum = return True mrSingleConvsConvertible (SingleBVToNat n1) (SingleBVToNat n2) = return $ n1 == n2 mrSingleConvsConvertible (SingleBVVecToVec n1 len1 a1 m1) @@ -560,9 +559,9 @@ mrSingleConvsConvertible _ _ = return False -- @c1 <> c2 <> ... <> cn@ are applied from right to left as in function -- composition (i.e. @mrApplyConv (c1 <> c2 <> ... <> cn) t@ is equivalent to -- @mrApplyConv c1 (mrApplyConv c2 (... mrApplyConv cn t ...))@) -mrApplyConv :: InjConversion -> Term -> MRM Term +mrApplyConv :: InjConversion -> Term -> MRM t Term mrApplyConv (ConvComp cs) = flip (foldrM go) cs - where go :: SingleInjConversion -> Term -> MRM Term + where go :: SingleInjConversion -> Term -> MRM t Term go SingleNatToNum t = liftSC2 scCtorApp "Cryptol.TCNum" [t] go (SingleBVToNat n) t = liftSC2 scBvToNat n t go (SingleBVVecToVec n len a m) t = mrGenFromBVVec n len a t "mrApplyConv" m @@ -573,9 +572,9 @@ mrApplyConv (ConvComp cs) = flip (foldrM go) cs -- | Try to apply the inverse of the given the conversion to the given term, -- raising an error if this is not possible - see also 'mrApplyConv' -mrApplyInvConv :: InjConversion -> Term -> MRM Term +mrApplyInvConv :: InjConversion -> Term -> MRM t Term mrApplyInvConv (ConvComp cs) = flip (foldlM go) cs - where go :: Term -> SingleInjConversion -> MRM Term + where go :: Term -> SingleInjConversion -> MRM t Term go t SingleNatToNum = case asNum t of Just (Left t') -> return t' _ -> error "mrApplyInvConv: Num term does not normalize to TCNum constructor" @@ -629,7 +628,7 @@ mrConvOfTerm _ = NoConv -- types @tp1@ and @tp2@ are convertible, but the latter indicates that no -- 'InjConversion' could be found. findInjConvs :: Term -> Maybe Term -> Term -> Maybe Term -> - MRM (Maybe (Term, InjConversion, InjConversion)) + MRM t (Maybe (Term, InjConversion, InjConversion)) -- always add 'NatToNum' conversions findInjConvs (asDataType -> Just (primName -> "Cryptol.Num", _)) t1 tp2 t2 = do tp1' <- liftSC0 scNatType @@ -723,13 +722,13 @@ findInjConvs tp1 _ tp2 _ = -- | Build a Boolean 'Term' stating that two 'Term's are equal. This is like -- 'scEq' except that it works on open terms. -mrEq :: Term -> Term -> MRM Term +mrEq :: Term -> Term -> MRM t Term mrEq t1 t2 = mrTypeOf t1 >>= \tp -> mrEq' tp t1 t2 -- | Build a Boolean 'Term' stating that the second and third 'Term' arguments -- are equal, where the first 'Term' gives their type (which we assume is the -- same for both). This is like 'scEq' except that it works on open terms. -mrEq' :: Term -> Term -> Term -> MRM Term +mrEq' :: Term -> Term -> Term -> MRM t Term -- FIXME: For this Nat case, the definition of 'equalNat' in @Prims.hs@ means -- that if both sides do not have immediately clear bit-widths (e.g. either -- side is is an application of @mulNat@) this will 'error'... @@ -751,7 +750,7 @@ data TermInCtx = TermInCtx [(LocalName,Term)] Term -- | Lift a binary operation on 'Term's to one on 'TermInCtx's liftTermInCtx2 :: (SharedContext -> Term -> Term -> IO Term) -> - TermInCtx -> TermInCtx -> MRM TermInCtx + TermInCtx -> TermInCtx -> MRM t TermInCtx liftTermInCtx2 op (TermInCtx ctx1 t1) (TermInCtx ctx2 t2) = do -- Insert the variables in ctx2 into the context of t1 starting at index 0, @@ -768,9 +767,9 @@ liftTermInCtx2 op (TermInCtx ctx1 t1) (TermInCtx ctx2 t2) = extTermInCtx :: [(LocalName,Term)] -> TermInCtx -> TermInCtx extTermInCtx ctx (TermInCtx ctx' t) = TermInCtx (ctx++ctx') t --- | Run an 'MRM' computation in the context of a 'TermInCtx', passing in the +-- | Run an 'MRM t' computation in the context of a 'TermInCtx', passing in the -- 'Term' -withTermInCtx :: TermInCtx -> (Term -> MRM a) -> MRM a +withTermInCtx :: TermInCtx -> (Term -> MRM t a) -> MRM t a withTermInCtx (TermInCtx [] tm) f = f tm withTermInCtx (TermInCtx ((nm,tp):ctx) tm) f = withUVar nm (Type tp) $ const $ withTermInCtx (TermInCtx ctx tm) f @@ -778,8 +777,8 @@ withTermInCtx (TermInCtx ((nm,tp):ctx) tm) f = -- | A "simple" strategy for proving equality between two terms, which we assume -- are of the same type, which builds an equality proposition by applying the -- supplied function to both sides and passes this proposition to an SMT solver. -mrProveEqSimple :: (Term -> Term -> MRM Term) -> Term -> Term -> - MRM TermInCtx +mrProveEqSimple :: (Term -> Term -> MRM t Term) -> Term -> Term -> + MRM t TermInCtx -- NOTE: The use of mrSubstEVars instead of mrSubstEVarsStrict means that we -- allow evars in the terms we send to the SMT solver, but we treat them as -- uvars. @@ -790,18 +789,18 @@ mrProveEqSimple eqf t1 t2 = -- | Prove that two terms are equal, instantiating evars if necessary, -- returning true on success - the same as @mrProveRel False@ -mrProveEq :: Term -> Term -> MRM Bool +mrProveEq :: Term -> Term -> MRM t Bool mrProveEq = mrProveRel False -- | Prove that two terms are equal, instantiating evars if necessary, or -- throwing an error if this is not possible - the same as -- @mrAssertProveRel False@ -mrAssertProveEq :: Term -> Term -> MRM () +mrAssertProveEq :: Term -> Term -> MRM t () mrAssertProveEq = mrAssertProveRel False -- | Prove that two terms are related, heterogeneously iff the first argument -- is true, instantiating evars if necessary, returning true on success -mrProveRel :: Bool -> Term -> Term -> MRM Bool +mrProveRel :: Bool -> Term -> Term -> MRM t Bool mrProveRel het t1 t2 = do let nm = if het then "mrProveRel" else "mrProveEq" mrDebugPPPrefixSep 2 nm t1 (if het then "~=" else "==") t2 @@ -820,7 +819,7 @@ mrProveRel het t1 t2 = -- | Prove that two terms are related, heterogeneously iff the first argument, -- is true, instantiating evars if necessary, or throwing an error if this is -- not possible -mrAssertProveRel :: Bool -> Term -> Term -> MRM () +mrAssertProveRel :: Bool -> Term -> Term -> MRM t () mrAssertProveRel het t1 t2 = do success <- mrProveRel het t1 t2 if success then return () else @@ -830,7 +829,7 @@ mrAssertProveRel het t1 t2 = -- expressing that the fourth and fifth arguments are related, heterogeneously -- iff the first argument is true, whose types are given by the second and -- third arguments, respectively -mrProveRelH :: Bool -> Term -> Term -> Term -> Term -> MRM TermInCtx +mrProveRelH :: Bool -> Term -> Term -> Term -> Term -> MRM t TermInCtx mrProveRelH het tp1 tp2 t1 t2 = do varmap <- mrVars tp1' <- liftSC1 scWhnf tp1 @@ -840,7 +839,7 @@ mrProveRelH het tp1 tp2 t1 t2 = -- | The body of 'mrProveRelH' -- NOTE: Don't call this function recursively, call 'mrProveRelH' mrProveRelH' :: Map MRVar MRVarInfo -> Bool -> - Term -> Term -> Term -> Term -> MRM TermInCtx + Term -> Term -> Term -> Term -> MRM t TermInCtx -- If t1 is an instantiated evar, substitute and recurse mrProveRelH' var_map het tp1 tp2 (asEVarApp var_map -> Just (_, args, Just f)) t2 = diff --git a/src/SAWScript/Prover/MRSolver/Solver.hs b/src/SAWScript/Prover/MRSolver/Solver.hs index 2aa274586d..65a233abee 100644 --- a/src/SAWScript/Prover/MRSolver/Solver.hs +++ b/src/SAWScript/Prover/MRSolver/Solver.hs @@ -133,6 +133,7 @@ import Control.Monad.Reader import Control.Monad.Except import qualified Data.Map as Map import qualified Data.Text as Text +import Data.Set (Set) import Prettyprinter @@ -140,8 +141,12 @@ import Verifier.SAW.Term.Functor import Verifier.SAW.SharedTerm import Verifier.SAW.Recognizer import Verifier.SAW.Cryptol.Monadify +import SAWScript.Prover.SolverStats +import SAWScript.Proof (Sequent, SolveResult) +import SAWScript.Value (TopLevel) import SAWScript.Prover.MRSolver.Term +import SAWScript.Prover.MRSolver.Evidence import SAWScript.Prover.MRSolver.Monad import SAWScript.Prover.MRSolver.SMT @@ -193,7 +198,7 @@ asCallS _ = Nothing -- of our variable monadic operations (including, e.g., if-then-else and the -- either and maybe eliminators). But the implementation here should give the -- correct result for any code we are actually going to see... -mrReplaceCallsWithTerms :: [Term] -> Term -> MRM Term +mrReplaceCallsWithTerms :: [Term] -> Term -> MRM t Term mrReplaceCallsWithTerms top_tms top_t = flip runReaderT top_tms $ flip memoFixTermFun top_t $ \recurse t -> case t of @@ -219,7 +224,7 @@ mrReplaceCallsWithTerms top_tms top_t = -- | Bind fresh function variables for a @multiFixS@ with the given list of -- @LetRecType@s and tuple of definitions for the function bodies -mrFreshCallVars :: Term -> Term -> Term -> Term -> MRM [MRVar] +mrFreshCallVars :: Term -> Term -> Term -> Term -> MRM t [MRVar] mrFreshCallVars ev stack frame defs_tm = do -- First, make fresh function constants for all the recursive functions, @@ -251,13 +256,13 @@ mrFreshCallVars ev stack frame defs_tm = -- | Normalize a 'Term' of monadic type to monadic normal form -normCompTerm :: Term -> MRM NormComp +normCompTerm :: Term -> MRM t NormComp normCompTerm = normComp . CompTerm -- | Normalize a computation to monadic normal form, assuming any 'Term's it -- contains have already been normalized with respect to beta and projections -- (but constants need not be unfolded) -normComp :: Comp -> MRM NormComp +normComp :: Comp -> MRM t NormComp normComp (CompReturn t) = return $ RetS t normComp (CompBind m f) = do norm <- normComp m @@ -449,7 +454,7 @@ normComp (CompTerm t) = -- | Bind a computation in whnf with a function, and normalize -normBind :: NormComp -> CompFun -> MRM NormComp +normBind :: NormComp -> CompFun -> MRM t NormComp normBind (RetS t) k = applyNormCompFun k t normBind (ErrorS msg) _ = return (ErrorS msg) normBind (Ite cond comp1 comp2) k = @@ -486,19 +491,19 @@ normBind (FunBind f args k1) k2 | otherwise -} = return $ FunBind f args (compFunComp k1 k2) -- | Bind a 'Term' for a computation with a function and normalize -normBindTerm :: Term -> CompFun -> MRM NormComp +normBindTerm :: Term -> CompFun -> MRM t NormComp normBindTerm t f = normCompTerm t >>= \m -> normBind m f {- -- | Get the return type of a 'CompFun' -compFunReturnType :: CompFun -> MRM Term +compFunReturnType :: CompFun -> MRM t Term compFunReturnType (CompFunTerm _ t) = mrTypeOf t compFunReturnType (CompFunComp _ g) = compFunReturnType g compFunReturnType (CompFunReturn (Type t)) = return t -} -- | Apply a computation function to a term argument to get a computation -applyCompFun :: CompFun -> Term -> MRM Comp +applyCompFun :: CompFun -> Term -> MRM t Comp applyCompFun (CompFunComp f g) t = -- (f >=> g) t == f t >>= g do comp <- applyCompFun f t @@ -508,7 +513,7 @@ applyCompFun (CompFunReturn _ _) t = applyCompFun (CompFunTerm _ f) t = CompTerm <$> mrApplyAll f [t] -- | Convert a 'CompFun' into a 'Term' -compFunToTerm :: CompFun -> MRM Term +compFunToTerm :: CompFun -> MRM t Term compFunToTerm (CompFunTerm _ t) = return t compFunToTerm (CompFunComp f g) = do f' <- compFunToTerm f @@ -532,7 +537,7 @@ compFunToTerm (CompFunReturn params (Type a)) = {- -- | Convert a 'Comp' into a 'Term' -compToTerm :: Comp -> MRM Term +compToTerm :: Comp -> MRM t Term compToTerm (CompTerm t) = return t compToTerm (CompReturn t) = do tp <- mrTypeOf t @@ -548,9 +553,17 @@ compToTerm (CompBind m f) = -} -- | Apply a 'CompFun' to a term and normalize the resulting computation -applyNormCompFun :: CompFun -> Term -> MRM NormComp +applyNormCompFun :: CompFun -> Term -> MRM t NormComp applyNormCompFun f arg = applyCompFun f arg >>= normComp + +-- | Convert a 'FunAssumpRHS' to a 'NormComp' +mrFunAssumpRHSAsNormComp :: FunAssumpRHS -> MRM t NormComp +mrFunAssumpRHSAsNormComp (OpaqueFunAssump f args) = + FunBind f args <$> mkCompFunReturn <$> mrFunOutType f args +mrFunAssumpRHSAsNormComp (RewriteFunAssump rhs) = normCompTerm rhs + + -- | Match a term as a static list of eliminators for an Eithers type matchEitherElims :: Term -> Maybe [EitherElim] matchEitherElims (asCtor -> @@ -562,7 +575,7 @@ matchEitherElims (asCtor -> Just (primName -> "Prelude.FunsTo_Cons", matchEitherElims _ = Nothing -- | Construct the type @Eithers tps@ eliminated by a list of 'EitherElim's -elimsEithersType :: [EitherElim] -> MRM Type +elimsEithersType :: [EitherElim] -> MRM t Type elimsEithersType elims = Type <$> (do f <- mrGlobalTerm "Prelude.Eithers" @@ -579,7 +592,7 @@ elimsEithersType elims = -- | Lookup the definition of a function or throw a 'CannotLookupFunDef' if this is -- not allowed, either because it is a global function we are treating as opaque -- or because it is a locally-bound function variable -mrLookupFunDef :: FunName -> MRM Term +mrLookupFunDef :: FunName -> MRM t Term mrLookupFunDef f@(GlobalName _) = throwMRFailure (CannotLookupFunDef f) mrLookupFunDef f@(LocalName var) = mrVarInfo var >>= \case @@ -588,7 +601,7 @@ mrLookupFunDef f@(LocalName var) = Nothing -> error "mrLookupFunDef: unknown variable!" -- | Unfold a call to function @f@ in term @f args >>= g@ -mrUnfoldFunBind :: FunName -> [Term] -> Mark -> CompFun -> MRM Comp +mrUnfoldFunBind :: FunName -> [Term] -> Mark -> CompFun -> MRM t Comp mrUnfoldFunBind f _ mark _ | inMark f mark = throwMRFailure (RecursiveUnfold f) mrUnfoldFunBind f args mark g = do f_def <- mrLookupFunDef f @@ -610,7 +623,7 @@ handling the recursive ones ---------------------------------------------------------------------- -- | Prove the invariant of a coinductive hypothesis -proveCoIndHypInvariant :: CoIndHyp -> MRM () +proveCoIndHypInvariant :: CoIndHyp -> MRM t () proveCoIndHypInvariant hyp = do (invar1, invar2) <- applyCoIndHypInvariants hyp invar <- liftSC2 scAnd invar1 invar2 @@ -634,7 +647,7 @@ proveCoIndHypInvariant hyp = -- assumptions are thrown away. If while running the refinement computation a -- 'CoIndHypMismatchWidened' error is reached with the given names, the state is -- restored and the computation is re-run with the widened hypothesis. -mrRefinesCoInd :: FunName -> [Term] -> FunName -> [Term] -> MRM () +mrRefinesCoInd :: FunName -> [Term] -> FunName -> [Term] -> MRM t () mrRefinesCoInd f1 args1 f2 args2 = do ctx <- mrUVars preF1 <- mrGetInvariant f1 @@ -645,7 +658,7 @@ mrRefinesCoInd f1 args1 f2 args2 = -- | Prove the refinement represented by a 'CoIndHyp' coinductively. This is the -- main loop implementing 'mrRefinesCoInd'. See that function for documentation. -proveCoIndHyp :: CoIndHyp -> MRM () +proveCoIndHyp :: CoIndHyp -> MRM t () proveCoIndHyp hyp = withFailureCtx (FailCtxCoIndHyp hyp) $ do let f1 = coIndHypLHSFun hyp f2 = coIndHypRHSFun hyp @@ -661,7 +674,7 @@ proveCoIndHyp hyp = withFailureCtx (FailCtxCoIndHyp hyp) $ MRExnWiden nm1' nm2' new_vars | f1 == nm1' && f2 == nm2' -> -- NOTE: the state automatically gets reset here because we defined - -- MRM with ExceptT at a lower level than StateT + -- MRM t with ExceptT at a lower level than StateT do mrDebugPPPrefixSep 1 "Widening recursive assumption for" nm1' "|=" nm2' hyp' <- generalizeCoIndHyp hyp new_vars proveCoIndHyp hyp' @@ -669,7 +682,7 @@ proveCoIndHyp hyp = withFailureCtx (FailCtxCoIndHyp hyp) $ -- | Test that a coinductive hypothesis for the given function names matches the -- given arguments, otherwise throw an exception saying that widening is needed -matchCoIndHyp :: CoIndHyp -> [Term] -> [Term] -> MRM () +matchCoIndHyp :: CoIndHyp -> [Term] -> [Term] -> MRM t () matchCoIndHyp hyp args1 args2 = do mrDebugPPPrefix 1 "matchCoIndHyp" hyp (args1', args2') <- instantiateCoIndHyp hyp @@ -683,7 +696,7 @@ matchCoIndHyp hyp args1 args2 = proveCoIndHypInvariant hyp -- | Generalize some of the arguments of a coinductive hypothesis -generalizeCoIndHyp :: CoIndHyp -> [Either Int Int] -> MRM CoIndHyp +generalizeCoIndHyp :: CoIndHyp -> [Either Int Int] -> MRM t CoIndHyp generalizeCoIndHyp hyp [] = return hyp generalizeCoIndHyp hyp all_specs@(arg_spec_0:arg_specs) = withOnlyUVars (coIndHypCtx hyp) $ do @@ -743,7 +756,7 @@ generalizeCoIndHyp hyp all_specs@(arg_spec_0:arg_specs) = -- and @c_0 <> c1@. let cbnConvs :: (Term, InjConversion, [(a, InjConversion)]) -> (a, (Term, InjConversion, InjConversion)) -> - MRM (Term, InjConversion, [(a, InjConversion)]) + MRM t (Term, InjConversion, [(a, InjConversion)]) cbnConvs (tp, c_0, cs) (arg_spec_i, (tp_i, _, c2_i)) = findInjConvs tp Nothing tp_i Nothing >>= \case Just (tp', c1, c2) -> @@ -768,7 +781,7 @@ generalizeCoIndHyp hyp all_specs@(arg_spec_0:arg_specs) = -- | An object that can be converted to a normalized computation class ToNormComp a where - toNormComp :: a -> MRM NormComp + toNormComp :: a -> MRM t NormComp instance ToNormComp NormComp where toNormComp = return @@ -779,7 +792,7 @@ instance ToNormComp Term where -- | Prove that the left-hand computation refines the right-hand one. See the -- rules described at the beginning of this module. -mrRefines :: (ToNormComp a, ToNormComp b) => a -> b -> MRM () +mrRefines :: (ToNormComp a, ToNormComp b) => a -> b -> MRM t () mrRefines t1 t2 = do m1 <- toNormComp t1 m2 <- toNormComp t2 @@ -789,7 +802,7 @@ mrRefines t1 t2 = withFailureCtx (FailCtxRefines m1 m2) $ mrRefines' m1 m2 -- | The main implementation of 'mrRefines' -mrRefines' :: NormComp -> NormComp -> MRM () +mrRefines' :: NormComp -> NormComp -> MRM t () mrRefines' (RetS e1) (RetS e2) = mrAssertProveRel True e1 e2 mrRefines' (ErrorS _) (ErrorS _) = return () @@ -984,7 +997,7 @@ mrRefines' m1@(FunBind f1 args1 k1) m2@(FunBind f2 args2 k2) = -- If we have an opaque FunAssump that f1 args1' refines f2 args2', then -- prove that args1 = args1', args2 = args2', and then that k1 refines k2 - (_, Just (FunAssump ctx args1' (OpaqueFunAssump f2' args2'))) | f2 == f2' -> + (_, Just fa@(FunAssump ctx _ args1' (OpaqueFunAssump f2' args2') _)) | f2 == f2' -> do debugPretty 2 $ flip runPPInCtxM ctx $ prettyAppList [return "mrRefines using opaque FunAssump:", prettyInCtx ctx, return ".", @@ -995,19 +1008,20 @@ mrRefines' m1@(FunBind f1 args1 k1) m2@(FunBind f2 args2 k2) = (args1'', args2'') <- substTermLike 0 evars (args1', args2') zipWithM_ mrAssertProveEq args1'' args1 zipWithM_ mrAssertProveEq args2'' args2 - mrRefinesFun tp1 k1 tp2 k2 + recordUsedFunAssump fa >> mrRefinesFun tp1 k1 tp2 k2 -- If we have an opaque FunAssump that f1 refines some f /= f2, and f2 -- unfolds and is not recursive in itself, unfold f2 and recurse - (_, Just (FunAssump _ _ (OpaqueFunAssump _ _))) + (_, Just fa@(FunAssump _ _ _ (OpaqueFunAssump _ _) _)) | Just (f2_body, False) <- maybe_f2_body -> - normBindTerm f2_body k2 >>= \m2' -> mrRefines m1 m2' + normBindTerm f2_body k2 >>= \m2' -> + recordUsedFunAssump fa >> mrRefines m1 m2' -- If we have a rewrite FunAssump, or we have an opaque FunAssump that -- f1 args1' refines some f args where f /= f2 and f2 does not match the -- case above, treat either case like we have a rewrite FunAssump and prove -- that args1 = args1' and then that f args refines m2 - (_, Just (FunAssump ctx args1' rhs)) -> + (_, Just fa@(FunAssump ctx _ args1' rhs _)) -> do debugPretty 2 $ flip runPPInCtxM ctx $ prettyAppList [return "mrRefines rewriting by FunAssump:", prettyInCtx ctx, return ".", @@ -1023,7 +1037,7 @@ mrRefines' m1@(FunBind f1 args1 k1) m2@(FunBind f2 args2 k2) = (args1'', rhs'') <- substTermLike 0 evars (args1', rhs') zipWithM_ mrAssertProveEq args1'' args1 m1' <- normBind rhs'' k1 - mrRefines m1' m2 + recordUsedFunAssump fa >> mrRefines m1' m2 -- If f1 unfolds and is not recursive in itself, unfold it and recurse _ | Just (f1_body, False) <- maybe_f1_body -> @@ -1057,13 +1071,13 @@ mrRefines' m1@(FunBind f1 args1 k1) m2 = -- If we have an assumption that f1 args' refines some rhs, then prove that -- args1 = args' and then that rhs refines m2 - Just (FunAssump ctx args1' rhs) -> + Just fa@(FunAssump ctx _ args1' rhs _) -> do rhs' <- mrFunAssumpRHSAsNormComp rhs evars <- mrFreshEVars ctx (args1'', rhs'') <- substTermLike 0 evars (args1', rhs') zipWithM_ mrAssertProveEq args1'' args1 m1' <- normBind rhs'' k1 - mrRefines m1' m2 + recordUsedFunAssump fa >> mrRefines m1' m2 -- Otherwise, see if we can unfold f1 Nothing -> @@ -1104,7 +1118,7 @@ mrRefines' m1 m2 = mrRefines'' m1 m2 -- | The cases of 'mrRefines' which must occur after the ones in 'mrRefines''. -- For example, the rules that introduce existential variables need to go last, -- so that they can quantify over as many universals as possible -mrRefines'' :: NormComp -> NormComp -> MRM () +mrRefines'' :: NormComp -> NormComp -> MRM t () mrRefines'' m1 (AssertBoolBind cond2 k2) = do m2 <- liftSC0 scUnitValue >>= applyCompFun k2 @@ -1132,7 +1146,7 @@ mrRefines'' (ForallBind tp f1) m2 = mrRefines'' m1 m2 = throwMRFailure (CompsDoNotRefine m1 m2) -- | Prove that one function refines another for all inputs -mrRefinesFun :: Term -> CompFun -> Term -> CompFun -> MRM () +mrRefinesFun :: Term -> CompFun -> Term -> CompFun -> MRM t () mrRefinesFun tp1 f1 tp2 f2 = do mrDebugPPPrefixSep 1 "mrRefinesFun on types:" tp1 "," tp2 f1' <- compFunToTerm f1 >>= liftSC1 scWhnf @@ -1154,8 +1168,8 @@ mrRefinesFun tp1 f1 tp2 f2 = -- wrapper functions determined by how the types are heterogeneously related), -- and call the continuation on the resulting terms. The second argument is -- an accumulator of variables to introduce, innermost first. -mrRefinesFunH :: (Term -> Term -> MRM a) -> [Term] -> - Term -> Term -> Term -> Term -> MRM a +mrRefinesFunH :: (Term -> Term -> MRM t a) -> [Term] -> + Term -> Term -> Term -> Term -> MRM t a -- Introduce equalities on either side as assumptions mrRefinesFunH k vars (asPi -> Just (nm1, tp1@(asEq -> Just (asBoolType -> Just (), b1, b2)), _)) t1 piTp2 t2 = @@ -1235,67 +1249,70 @@ mrRefinesFunH k _ _ t1 _ t2 = k t1 t2 -- * External Entrypoints ---------------------------------------------------------------------- --- | The result of a successful call to Mr. Solver: either a 'FunAssump' to --- (optionally) add to the 'MREnv', or 'Nothing' if the left-hand-side was not --- a function name -type MRSolverResult = Maybe (FunName, FunAssump) - --- | The continuation passed to 'mrRefinesFunH' in 'askMRSolver' and --- 'assumeMRSolver': normalizes both resulting terms using 'normCompTerm', --- calls the given monadic function, then returns a 'FunAssump', if possible -askMRSolverH :: (NormComp -> NormComp -> MRM ()) -> - Term -> Term -> MRM MRSolverResult +-- | The continuation passed to 'mrRefinesFunH' in 'askMRSolver' - normalizes +-- both resulting terms using 'normCompTerm' then calls the given monadic +-- function +askMRSolverH :: (NormComp -> NormComp -> MRM t a) -> Term -> Term -> MRM t a askMRSolverH f t1 t2 = do mrUVars >>= mrDebugPPPrefix 1 "askMRSolverH uvars:" m1 <- normCompTerm t1 m2 <- normCompTerm t2 f m1 m2 - case (m1, m2) of - -- If t1 and t2 are both named functions, our result is the opaque - -- FunAssump that forall xs. f1 xs |= f2 xs' - (FunBind f1 args1 (CompFunReturn _ _), - FunBind f2 args2 (CompFunReturn _ _)) -> - mrUVars >>= \uvar_ctx -> - return $ Just (f1, FunAssump { fassumpCtx = uvar_ctx, - fassumpArgs = args1, - fassumpRHS = OpaqueFunAssump f2 args2 }) - -- If just t1 is a named function, our result is the rewrite FunAssump - -- that forall xs. f1 xs |= m2 - (FunBind f1 args1 (CompFunReturn _ _), _) -> - mrUVars >>= \uvar_ctx -> - return $ Just (f1, FunAssump { fassumpCtx = uvar_ctx, - fassumpArgs = args1, - fassumpRHS = RewriteFunAssump m2 }) - _ -> return Nothing - --- | Test two monadic, recursive terms for refinement. On success, if the --- left-hand term is a named function, returning a 'FunAssump' to add to the --- 'MREnv'. + +-- | Test two monadic, recursive terms for refinement askMRSolver :: SharedContext -> MREnv {- ^ The Mr Solver environment -} -> Maybe Integer {- ^ Timeout in milliseconds for each SMT call -} -> + (Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult)) + {- ^ The callback to use for making SMT queries -} -> + Refnset t {- ^ Any additional refinements to be assumed by Mr Solver -} -> [(LocalName, Term)] {- ^ Any universally quantified variables in scope -} -> - Term -> Term -> IO (Either MRFailure MRSolverResult) -askMRSolver sc env timeout args t1 t2 = - runMRM sc timeout env $ + Term -> Term -> TopLevel (Either MRFailure (SolverStats, MREvidence t)) +askMRSolver sc env timeout askSMT rs args t1 t2 = + execMRM sc env timeout askSMT rs $ withUVars (mrVarCtxFromOuterToInner args) $ \_ -> do tp1 <- liftIO $ scTypeOf sc t1 >>= scWhnf sc tp2 <- liftIO $ scTypeOf sc t2 >>= scWhnf sc mrDebugPPPrefixSep 1 "mr_solver" t1 "|=" t2 mrRefinesFunH (askMRSolverH mrRefines) [] tp1 t1 tp2 t2 --- | Return the 'FunAssump' to add to the 'MREnv' that would be generated if --- 'askMRSolver' succeeded on the given terms. -assumeMRSolver :: +-- | The continuation passed to 'mrRefinesFunH' in 'refinementTerm' - returns +-- the 'Term' which is the refinement (@Prelude.refinesS@) of the given +-- 'Term's, after quantifying over all current 'mrUVars' with Pi types. Note +-- that this assumes both terms have the same event and stack types - if they +-- do not a saw-core typechecking error will be raised. +refinementTermH :: Term -> Term -> MRM t Term +refinementTermH t1 t2 = + do (SpecMParams _ev1 _stack1, tp1) <- fromJust . asSpecM <$> mrTypeOf t1 + (SpecMParams ev2 stack2, tp2) <- fromJust . asSpecM <$> mrTypeOf t2 + rpre <- liftSC2 scGlobalApply "Prelude.eqPreRel" [ev2, stack2] + rpost <- liftSC2 scGlobalApply "Prelude.eqPostRel" [ev2, stack2] + rr <- liftSC2 scGlobalApply "Prelude.eqRR" [tp2] + -- NB: This will throw a type error if _ev1 /= ev2 or _stack1 /= stack2 + ref_tm <- liftSC2 scGlobalApply "Prelude.refinesS" + [ev2, ev2, stack2, stack2, rpre, rpost, + tp1, tp2, rr, t1, t2] + uvars <- mrUVarsOuterToInner + liftSC2 scPiList uvars ref_tm + +-- | Return the 'Term' which is the refinement (@Prelude.refinesS@) of fully +-- applied versions of the given 'Term's, after quantifying over all the given +-- arguments as well as any additional arguments needed to fully apply the given +-- terms, and adding any calls to @assertS@ on the right hand side needed for +-- unifying the arguments generated when fully applying the given terms +refinementTerm :: SharedContext -> MREnv {- ^ The Mr Solver environment -} -> Maybe Integer {- ^ Timeout in milliseconds for each SMT call -} -> + (Set VarIndex -> Sequent -> TopLevel (SolverStats, SolveResult)) + {- ^ The callback to use for making SMT queries -} -> + Refnset t {- ^ Any additional refinements to be assumed by Mr Solver -} -> [(LocalName, Term)] {- ^ Any universally quantified variables in scope -} -> - Term -> Term -> IO (Either MRFailure MRSolverResult) -assumeMRSolver sc env timeout args t1 t2 = - runMRM sc timeout env $ + Term -> Term -> TopLevel (Either MRFailure Term) +refinementTerm sc env timeout askSMT rs args t1 t2 = + evalMRM sc env timeout askSMT rs $ withUVars (mrVarCtxFromOuterToInner args) $ \_ -> do tp1 <- liftIO $ scTypeOf sc t1 >>= scWhnf sc tp2 <- liftIO $ scTypeOf sc t2 >>= scWhnf sc - mrRefinesFunH (askMRSolverH (\_ _ -> return ())) [] tp1 t1 tp2 t2 + mrRefinesFunH refinementTermH [] tp1 t1 tp2 t2 diff --git a/src/SAWScript/Prover/MRSolver/Term.hs b/src/SAWScript/Prover/MRSolver/Term.hs index 72974a5b36..f6d533d4f1 100644 --- a/src/SAWScript/Prover/MRSolver/Term.hs +++ b/src/SAWScript/Prover/MRSolver/Term.hs @@ -41,9 +41,6 @@ import GHC.Generics import Prettyprinter import Data.Text (Text, unpack) -import Data.Map (Map) -import qualified Data.Map as Map - import Verifier.SAW.Term.Functor import Verifier.SAW.Term.CtxTerm (MonadTerm(..)) import Verifier.SAW.Term.Pretty @@ -308,61 +305,6 @@ asLambdaName (asLambda -> Just (nm, _, _)) = Just nm asLambdaName _ = Nothing ----------------------------------------------------------------------- --- * Mr Solver Environments ----------------------------------------------------------------------- - --- | The right-hand-side of a 'FunAssump': either a 'FunName' and arguments, if --- it is an opaque 'FunAsump', or a 'NormComp', if it is a rewrite 'FunAssump' -data FunAssumpRHS = OpaqueFunAssump FunName [Term] - | RewriteFunAssump NormComp - --- | An assumption that a named function refines some specification. This has --- the form --- --- > forall x1, ..., xn. F e1 ... ek |= m --- --- for some universal context @x1:T1, .., xn:Tn@, some list of argument --- expressions @ei@ over the universal @xj@ variables, and some right-hand side --- computation expression @m@. -data FunAssump = FunAssump { - -- | The uvars that were in scope when this assumption was created - fassumpCtx :: MRVarCtx, - -- | The argument expressions @e1, ..., en@ over the 'fassumpCtx' uvars - fassumpArgs :: [Term], - -- | The right-hand side upper bound @m@ over the 'fassumpCtx' uvars - fassumpRHS :: FunAssumpRHS -} - --- | A map from function names to function refinement assumptions over that --- name --- --- FIXME: this should probably be an 'IntMap' on the 'VarIndex' of globals -type FunAssumps = Map FunName FunAssump - --- | A global MR Solver environment -data MREnv = MREnv { - -- | The set of function refinements to be assumed by to Mr. Solver (which - -- have hopefully been proved previously...) - mreFunAssumps :: FunAssumps, - -- | The debug level, which controls debug printing - mreDebugLevel :: Int -} - --- | The empty 'MREnv' -emptyMREnv :: MREnv -emptyMREnv = MREnv { mreFunAssumps = Map.empty, mreDebugLevel = 0 } - --- | Add a 'FunAssump' to a Mr Solver environment -mrEnvAddFunAssump :: FunName -> FunAssump -> MREnv -> MREnv -mrEnvAddFunAssump f fassump env = - env { mreFunAssumps = Map.insert f fassump (mreFunAssumps env) } - --- | Set the debug level of a Mr Solver environment -mrEnvSetDebugLevel :: Int -> MREnv -> MREnv -mrEnvSetDebugLevel dlvl env = env { mreDebugLevel = dlvl } - - ---------------------------------------------------------------------- -- * Utility Functions for Transforming 'Term's ---------------------------------------------------------------------- @@ -371,23 +313,29 @@ mrEnvSetDebugLevel dlvl env = env { mreDebugLevel = dlvl } traverseSubterms :: MonadTerm m => (Term -> m Term) -> Term -> m Term traverseSubterms f (unwrapTermF -> tf) = traverse f tf >>= mkTermF --- | Build a recursive memoized function for tranforming 'Term's. Take in a --- function @f@ that intuitively performs one step of the transformation and --- allow it to recursively call the memoized function being defined by passing --- it as the first argument to @f@. -memoFixTermFun :: MonadIO m => ((Term -> m a) -> Term -> m a) -> Term -> m a -memoFixTermFun f term_top = +-- | Like 'memoFixTermFun', but threads through an accumulating argument +memoFixTermFunAccum :: MonadIO m => + ((b -> Term -> m a) -> b -> Term -> m a) -> + b -> Term -> m a +memoFixTermFunAccum f acc_top term_top = do table_ref <- liftIO $ newIORef IntMap.empty - let go t@(STApp { stAppIndex = ix }) = + let go acc t@(STApp { stAppIndex = ix }) = liftIO (readIORef table_ref) >>= \table -> case IntMap.lookup ix table of Just ret -> return ret Nothing -> - do ret <- f go t + do ret <- f go acc t liftIO $ modifyIORef' table_ref (IntMap.insert ix ret) return ret - go t = f go t - go term_top + go acc t = f go acc t + go acc_top term_top + +-- | Build a recursive memoized function for tranforming 'Term's. Take in a +-- function @f@ that intuitively performs one step of the transformation and +-- allow it to recursively call the memoized function being defined by passing +-- it as the first argument to @f@. +memoFixTermFun :: MonadIO m => ((Term -> m a) -> Term -> m a) -> Term -> m a +memoFixTermFun f = memoFixTermFunAccum (f .) () ---------------------------------------------------------------------- @@ -490,13 +438,17 @@ newtype PPInCtxM a = PPInCtxM (Reader [LocalName] a) runPPInCtxM :: PPInCtxM a -> MRVarCtx -> a runPPInCtxM (PPInCtxM m) = runReader m . map fst . mrVarCtxInnerToOuter +-- | Pretty-print an object in a SAW core context +ppInCtx :: PrettyInCtx a => MRVarCtx -> a -> SawDoc +ppInCtx ctx a = runPPInCtxM (prettyInCtx a) ctx + -- | Pretty-print an object in a SAW core context and render to a 'String' showInCtx :: PrettyInCtx a => MRVarCtx -> a -> String -showInCtx ctx a = renderSawDoc defaultPPOpts $ runPPInCtxM (prettyInCtx a) ctx +showInCtx ctx a = renderSawDoc defaultPPOpts $ ppInCtx ctx a -- | Pretty-print an object in the empty SAW core context ppInEmptyCtx :: PrettyInCtx a => a -> SawDoc -ppInEmptyCtx a = runPPInCtxM (prettyInCtx a) emptyMRVarCtx +ppInEmptyCtx = ppInCtx emptyMRVarCtx -- | A generic function for pretty-printing an object in a SAW core context of -- locally-bound names @@ -515,6 +467,10 @@ prettyTermApp :: Term -> [Term] -> PPInCtxM SawDoc prettyTermApp f_top args = prettyInCtx $ foldl (\f arg -> Unshared $ App f arg) f_top args +-- | Pretty-print the application of a 'Term' in a SAW core context +ppTermAppInCtx :: MRVarCtx -> Term -> [Term] -> SawDoc +ppTermAppInCtx ctx f_top args = runPPInCtxM (prettyTermApp f_top args) ctx + instance PrettyInCtx MRVarCtx where prettyInCtx = return . align . sep . helper [] . mrVarCtxOuterToInner where helper :: [LocalName] -> [(LocalName,Term)] -> [SawDoc] diff --git a/src/SAWScript/Value.hs b/src/SAWScript/Value.hs index ee00c5e46a..b1a53afa46 100644 --- a/src/SAWScript/Value.hs +++ b/src/SAWScript/Value.hs @@ -78,7 +78,8 @@ import SAWScript.JavaPretty (prettyClass) import SAWScript.Options (Options(printOutFn),printOutLn,Verbosity(..)) import SAWScript.Proof import SAWScript.Prover.SolverStats -import SAWScript.Prover.MRSolver.Term as MRSolver +import SAWScript.Prover.MRSolver.Term (funNameTerm, mrVarCtxInnerToOuter, ppTermAppInCtx) +import SAWScript.Prover.MRSolver.Evidence as MRSolver import SAWScript.SolverCache import SAWScript.Crucible.LLVM.Skeleton import SAWScript.X86 (X86Unsupported(..), X86Error(..)) @@ -142,6 +143,7 @@ data Value | VTopLevel (TopLevel Value) | VProofScript (ProofScript Value) | VSimpset SAWSimpset + | VRefnset SAWRefnset | VTheorem Theorem ----- | VLLVMCrucibleSetup !(LLVMCrucibleSetupM Value) @@ -176,6 +178,7 @@ data Value | VYosysTheorem YosysTheorem type SAWSimpset = Simpset TheoremNonce +type SAWRefnset = MRSolver.Refnset TheoremNonce data AIGNetwork where AIGNetwork :: (Typeable l, Typeable g, AIG.IsAIG l g) => AIG.Network l g -> AIGNetwork @@ -304,6 +307,23 @@ showSimpset opts ss = ppTerm t = SAWCorePP.ppTerm opts' t opts' = sawPPOpts opts +-- | Pretty-print a 'Refnset' to a 'String' +showRefnset :: PPOpts -> MRSolver.Refnset a -> String +showRefnset opts ss = + unlines ("Refinements" : "=============" : map (show . ppFunAssump) + (MRSolver.listFunAssumps ss)) + where + ppFunAssump (MRSolver.FunAssump ctx f args rhs _) = + PP.pretty '*' PP.<+> + (PP.nest 2 $ PP.fillSep + [ ppTermAppInCtx ctx (funNameTerm f) args + , PP.pretty ("|=" :: String) PP.<+> ppFunAssumpRHS ctx rhs ]) + ppFunAssumpRHS ctx (OpaqueFunAssump f args) = + ppTermAppInCtx ctx (funNameTerm f) args + ppFunAssumpRHS ctx (RewriteFunAssump rhs) = + SAWCorePP.ppTermInCtx opts' (map fst $ mrVarCtxInnerToOuter ctx) rhs + opts' = sawPPOpts opts + showsPrecValue :: PPOpts -> SAWNamingEnv -> Int -> Value -> ShowS showsPrecValue opts nenv p v = case v of @@ -327,6 +347,7 @@ showsPrecValue opts nenv p v = VBind {} -> showString "<>" VTopLevel {} -> showString "<>" VSimpset ss -> showString (showSimpset opts ss) + VRefnset ss -> showString (showRefnset opts ss) VProofScript {} -> showString "<>" VTheorem thm -> showString "Theorem " . @@ -1175,6 +1196,13 @@ instance FromValue SAWSimpset where fromValue (VSimpset ss) = ss fromValue _ = error "fromValue Simpset" +instance IsValue SAWRefnset where + toValue rs = VRefnset rs + +instance FromValue SAWRefnset where + fromValue (VRefnset rs) = rs + fromValue _ = error "fromValue Refnset" + instance IsValue Theorem where toValue t = VTheorem t