Skip to content

Commit

Permalink
potentially breaking updates so that ironsht syntax checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@yizhou7
yizhou7 committed Jan 22, 2024
1 parent 2fe4dcd commit aeb26aa
Show file tree
Hide file tree
Showing 14 changed files with 64 additions and 64 deletions.
39 changes: 20 additions & 19 deletions ironfleet/SConstruct
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ else:
dafny_invocation = ["dotnet", dafny_exe]

# Useful Dafny command lines
dafny_basic_args = ['/compile:0', '/timeLimit:' + str(GetOption('time_limit')), '/trace']
dafny_basic_args = ['/compile:0', '/timeLimit:' + str(GetOption('time_limit')), '/trace', '/functionSyntax:3', '/deprecation:0', '/noVerify']
dafny_default_args = dafny_basic_args + ['/arith:5', '/noCheating:1']
dafny_args_nlarith = dafny_basic_args + ['/arith:2', '/noCheating:1']
dafny_spec_args = dafny_basic_args
Expand Down Expand Up @@ -171,10 +171,10 @@ def check_dafny(lines):
for line in lines:
if re.search("[Oo]ut of resource", line):
sys.stderr.write("Dafny reported an out-of-resource error\n")
raise Exception()
# raise Exception()
if re.search("proof obligations\]\s+errors", line):
sys.stderr.write("Dafny reported errors not in summary\n")
raise Exception()
# raise Exception()

def check_and_print_tail(filename):
with open(filename, 'r') as fh:
Expand Down Expand Up @@ -210,6 +210,7 @@ def add_dafny_verifier_builder(env):
# Verify a set of Dafny files by creating verification targets for each,
# which in turn causes a dependency scan to verify all of their dependencies.
def verify_dafny_files(env, files):
print(files)
for f in files:
target = os.path.splitext(f)[0] + '.vdfy'
env.DafnyVerify(target, [f, dafny_exe])
Expand Down Expand Up @@ -350,24 +351,24 @@ atexit.register(display_build_status)
#
####################################################################

verify_dafny_file('src/Dafny/Distributed/Services/Lock/Main.i.dfy')
# verify_dafny_file('src/Dafny/Distributed/Services/Lock/Main.i.dfy')
verify_dafny_file('src/Dafny/Distributed/Services/SHT/Main.i.dfy')
verify_dafny_file('src/Dafny/Distributed/Services/RSL/Main.i.dfy')
verify_dafny_file('src/Dafny/Distributed/Protocol/RSL/LivenessProof/LivenessProof.i.dfy')
verify_dafny_file('src/Dafny/Distributed/Protocol/LiveSHT/LivenessProof/LivenessProof.i.dfy')
# verify_dafny_file('src/Dafny/Distributed/Services/RSL/Main.i.dfy')
# verify_dafny_file('src/Dafny/Distributed/Protocol/RSL/LivenessProof/LivenessProof.i.dfy')
# verify_dafny_file('src/Dafny/Distributed/Protocol/LiveSHT/LivenessProof/LivenessProof.i.dfy')

env.DafnyCompile('src/Dafny/Distributed/Services/RSL/Main.i.cs', 'src/Dafny/Distributed/Services/RSL/Main.i.dfy')
env.DotnetBuild('bin/IronRSLCounterServer.dll', 'src/IronRSLCounterServer/IronRSLCounterServer.csproj')
env.DotnetBuild('bin/IronRSLCounterClient.dll', 'src/IronRSLCounterClient/IronRSLCounterClient.csproj')
env.DotnetBuild('bin/IronRSLKVServer.dll', 'src/IronRSLKVServer/IronRSLKVServer.csproj')
env.DotnetBuild('bin/IronRSLKVClient.dll', 'src/IronRSLKVClient/IronRSLKVClient.csproj')
# env.DafnyCompile('src/Dafny/Distributed/Services/RSL/Main.i.cs', 'src/Dafny/Distributed/Services/RSL/Main.i.dfy')
# env.DotnetBuild('bin/IronRSLCounterServer.dll', 'src/IronRSLCounterServer/IronRSLCounterServer.csproj')
# env.DotnetBuild('bin/IronRSLCounterClient.dll', 'src/IronRSLCounterClient/IronRSLCounterClient.csproj')
# env.DotnetBuild('bin/IronRSLKVServer.dll', 'src/IronRSLKVServer/IronRSLKVServer.csproj')
# env.DotnetBuild('bin/IronRSLKVClient.dll', 'src/IronRSLKVClient/IronRSLKVClient.csproj')

env.DafnyCompile('src/Dafny/Distributed/Services/SHT/Main.i.cs', 'src/Dafny/Distributed/Services/SHT/Main.i.dfy')
env.DotnetBuild('bin/IronSHTServer.dll', 'src/IronSHTServer/IronSHTServer.csproj')
env.DotnetBuild('bin/IronSHTClient.dll', 'src/IronSHTClient/IronSHTClient.csproj')
# env.DafnyCompile('src/Dafny/Distributed/Services/SHT/Main.i.cs', 'src/Dafny/Distributed/Services/SHT/Main.i.dfy')
# env.DotnetBuild('bin/IronSHTServer.dll', 'src/IronSHTServer/IronSHTServer.csproj')
# env.DotnetBuild('bin/IronSHTClient.dll', 'src/IronSHTClient/IronSHTClient.csproj')

env.DafnyCompile('src/Dafny/Distributed/Services/Lock/Main.i.cs', 'src/Dafny/Distributed/Services/Lock/Main.i.dfy')
env.DotnetBuild('bin/IronLockServer.dll', 'src/IronLockServer/IronLockServer.csproj')
# env.DafnyCompile('src/Dafny/Distributed/Services/Lock/Main.i.cs', 'src/Dafny/Distributed/Services/Lock/Main.i.dfy')
# env.DotnetBuild('bin/IronLockServer.dll', 'src/IronLockServer/IronLockServer.csproj')

env.DotnetBuild('bin/CreateIronServiceCerts.dll', 'src/CreateIronServiceCerts/CreateIronServiceCerts.csproj')
env.DotnetBuild('bin/TestIoFramework.dll', 'src/TestIoFramework/TestIoFramework.csproj')
# env.DotnetBuild('bin/CreateIronServiceCerts.dll', 'src/CreateIronServiceCerts/CreateIronServiceCerts.csproj')
# env.DotnetBuild('bin/TestIoFramework.dll', 'src/TestIoFramework/TestIoFramework.csproj')
2 changes: 1 addition & 1 deletion ironfleet/src/Dafny/Distributed/Common/Collections/Maps2.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ predicate behaviorMonotonic<S>(b:imap<int, S>, f:imap<S, int>)
// TODO_MODULE: module Collections__Maps2_i {
// TODO_MODULE: import opened Collections__Maps2_s

lemma Lemma_EqualityConditionForMapsWithSameDomain<S, T>(m1:map<S, T>, m2:map<S, T>)
lemma Lemma_EqualityConditionForMapsWithSameDomain<S(!new), T>(m1:map<S, T>, m2:map<S, T>)
requires mapdomain(m1) == mapdomain(m2)
requires forall s :: s in m1 && s in m2 ==> m1[s] == m2[s]
ensures m1 == m2
Expand Down
4 changes: 2 additions & 2 deletions ironfleet/src/Dafny/Distributed/Common/Collections/Maps2.s.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

module Collections__Maps2_s {

function mapdomain<KT,VT>(m:map<KT,VT>) : set<KT>
function mapdomain<KT(!new),VT>(m:map<KT,VT>) : set<KT>
{
set k | k in m :: k
}

function mapremove<KT,VT>(m:map<KT,VT>, k:KT) : map<KT,VT>
function mapremove<KT(!new),VT>(m:map<KT,VT>, k:KT) : map<KT,VT>
{
map ki | ki in m && ki != k :: m[ki]
}
Expand Down
18 changes: 7 additions & 11 deletions ironfleet/src/Dafny/Distributed/Common/Collections/Sets.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,27 +44,24 @@ lemma ThingsIKnowAboutASingletonSet<T>(foo:set<T>, x:T, y:T)
}

predicate Injective<X(!new), Y>(f:X-->Y)
reads f.reads
requires forall x :: f.requires(x)
{
forall x1, x2 :: f(x1) == f(x2) ==> x1 == x2
}

predicate InjectiveOver<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
reads f.reads
predicate InjectiveOver<X(!new), Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
requires forall x :: x in xs ==> f.requires(x)
{
forall x1, x2 :: x1 in xs && x2 in xs && f(x1) in ys && f(x2) in ys && f(x1) == f(x2) ==> x1 == x2
}

predicate InjectiveOverSeq<X, Y>(xs:seq<X>, ys:set<Y>, f:X-->Y)
reads f.reads
predicate InjectiveOverSeq<X(!new), Y>(xs:seq<X>, ys:set<Y>, f:X-->Y)
requires forall x :: x in xs ==> f.requires(x)
{
forall x1, x2 :: x1 in xs && x2 in xs && f(x1) in ys && f(x2) in ys && f(x1) == f(x2) ==> x1 == x2
}

lemma lemma_MapSetCardinality<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
lemma lemma_MapSetCardinality<X(!new), Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
requires forall x :: f.requires(x)
requires Injective(f)
requires forall x :: x in xs <==> f(x) in ys
Expand All @@ -80,7 +77,7 @@ lemma lemma_MapSetCardinality<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
}
}

lemma lemma_MapSetCardinalityOver<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
lemma lemma_MapSetCardinalityOver<X(!new), Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
requires forall x :: x in xs ==> f.requires(x)
requires InjectiveOver(xs, ys, f)
requires forall x :: x in xs ==> f(x) in ys
Expand All @@ -96,7 +93,7 @@ lemma lemma_MapSetCardinalityOver<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
}
}

lemma lemma_MapSubsetCardinalityOver<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
lemma lemma_MapSubsetCardinalityOver<X(!new), Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
requires forall x :: x in xs ==> f.requires(x)
requires InjectiveOver(xs, ys, f)
requires forall x :: x in xs ==> f(x) in ys
Expand All @@ -111,7 +108,7 @@ lemma lemma_MapSubsetCardinalityOver<X, Y>(xs:set<X>, ys:set<Y>, f:X-->Y)
}
}

lemma lemma_MapSubseqCardinalityOver<X, Y>(xs:seq<X>, ys:set<Y>, f:X-->Y)
lemma lemma_MapSubseqCardinalityOver<X(!new), Y>(xs:seq<X>, ys:set<Y>, f:X-->Y)
requires forall x :: x in xs ==> f.requires(x)
requires forall i, j :: 0 <= i < |xs| && 0 <= j < |xs| && i != j ==> xs[i] != xs[j]
requires InjectiveOverSeq(xs, ys, f)
Expand Down Expand Up @@ -155,8 +152,7 @@ function/*TODO:{:opaque}*/ MapSetToSet<X(!new), Y>(xs:set<X>, f:X-->Y):set<Y>
ys
}

function/*TODO:{:opaque}*/ MapSetToSetOver<X, Y>(xs:set<X>, f:X-->Y):set<Y>
reads f.reads
function/*TODO:{:opaque}*/ MapSetToSetOver<X(!new), Y>(xs:set<X>, f:X-->Y):set<Y>
requires forall x :: x in xs ==> f.requires(x)
requires InjectiveOver(xs, set x | x in xs :: f(x), f)
ensures forall x :: x in xs ==> f(x) in MapSetToSetOver(xs, f)
Expand Down
6 changes: 3 additions & 3 deletions ironfleet/src/Dafny/Distributed/Common/Framework/DistributedSystem.s.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ datatype DS_State = DS_State(
)

predicate DS_Init(s:DS_State, config:H_s.ConcreteConfiguration)
reads *
// reads *
{
&& s.config == config
&& H_s.ConcreteConfigToServers(s.config) == mapdomain(s.servers)
Expand All @@ -40,15 +40,15 @@ predicate DS_Init(s:DS_State, config:H_s.ConcreteConfiguration)

predicate DS_NextOneServer(s:DS_State, s':DS_State, id:EndPoint, ios:seq<LIoOp<EndPoint,seq<byte>>>)
requires id in s.servers
reads *
// reads *
{
&& id in s'.servers
&& H_s.HostNext(s.servers[id], s'.servers[id], ios)
&& s'.servers == s.servers[id := s'.servers[id]]
}

predicate DS_Next(s:DS_State, s':DS_State)
reads *
// reads *
{
&& s'.config == s.config
&& LEnvironment_Next(s.environment, s'.environment)
Expand Down
6 changes: 3 additions & 3 deletions ironfleet/src/Dafny/Distributed/Common/Framework/Host.s.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@ type HostState
type ConcreteConfiguration

predicate HostInit(host_state:HostState, config:ConcreteConfiguration, id:EndPoint)
reads *
// reads *
predicate HostNext(host_state:HostState, host_state':HostState, ios:seq<LIoOp<EndPoint, seq<byte>>>)
reads *
// reads *

predicate ConcreteConfigInit(config:ConcreteConfiguration)
function ConcreteConfigToServers(config:ConcreteConfiguration) : set<EndPoint>

predicate HostStateInvariants(host_state:HostState, env:HostEnvironment)
reads *
// reads *

function ParseCommandLineConfiguration(args:seq<seq<byte>>) : ConcreteConfiguration

Expand Down
22 changes: 11 additions & 11 deletions ironfleet/src/Dafny/Distributed/Common/Framework/HostQueueLemmas.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ import opened Temporal__Rules_i
import opened Temporal__Induction_i
import opened Collections__Maps2_s

predicate LEnvironmentInvariant<IdType, MessageType>(
predicate LEnvironmentInvariant<IdType(!new), MessageType>(
e:LEnvironment<IdType, MessageType>
)
{
forall p, id :: id in e.hostInfo && p in e.hostInfo[id].queue ==> p in e.sentPackets
}

lemma Lemma_LEnvironmentInitEstablishesInvariant<IdType, MessageType>(
lemma Lemma_LEnvironmentInitEstablishesInvariant<IdType(!new), MessageType>(
e:LEnvironment<IdType, MessageType>
)
requires LEnvironment_Init(e)
Expand All @@ -28,7 +28,7 @@ lemma Lemma_LEnvironmentInitEstablishesInvariant<IdType, MessageType>(
{
}

lemma Lemma_HostQueuePerformIosProducesTail<IdType, MessageType>(
lemma Lemma_HostQueuePerformIosProducesTail<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
ios:seq<LIoOp<IdType, MessageType>>
Expand All @@ -47,7 +47,7 @@ lemma Lemma_HostQueuePerformIosProducesTail<IdType, MessageType>(
}
}

lemma Lemma_LEnvironmentNextPreservesInvariant<IdType, MessageType>(
lemma Lemma_LEnvironmentNextPreservesInvariant<IdType(!new), MessageType>(
e:LEnvironment<IdType, MessageType>,
e':LEnvironment<IdType, MessageType>
)
Expand Down Expand Up @@ -79,7 +79,7 @@ lemma Lemma_LEnvironmentNextPreservesInvariant<IdType, MessageType>(
}
}

lemma Lemma_IfOpSeqIsCompatibleWithReductionThenSoIsSuffix<IdType, MessageType>(
lemma Lemma_IfOpSeqIsCompatibleWithReductionThenSoIsSuffix<IdType(!new), MessageType>(
ios:seq<LIoOp<IdType, MessageType>>,
j:int
)
Expand All @@ -95,7 +95,7 @@ lemma Lemma_IfOpSeqIsCompatibleWithReductionThenSoIsSuffix<IdType, MessageType>(
}
}

lemma Lemma_IfOpSeqIsCompatibleWithReductionAndFirstIsntReceiveThenNoneAreReceives<IdType, MessageType>(
lemma Lemma_IfOpSeqIsCompatibleWithReductionAndFirstIsntReceiveThenNoneAreReceives<IdType(!new), MessageType>(
ios:seq<LIoOp<IdType, MessageType>>
)
requires LIoOpSeqCompatibleWithReduction(ios)
Expand All @@ -112,7 +112,7 @@ lemma Lemma_IfOpSeqIsCompatibleWithReductionAndFirstIsntReceiveThenNoneAreReceiv
}
}

predicate HostQueueDecomposition<IdType, MessageType>(
predicate HostQueueDecomposition<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
s1:seq<LPacket<IdType, MessageType>>,
Expand All @@ -123,7 +123,7 @@ predicate HostQueueDecomposition<IdType, MessageType>(
hostQueue == s1 + [p] + s2 + hostQueue'
}

lemma Lemma_ReceiveRemovesPacketFromHostQueue<IdType, MessageType>(
lemma Lemma_ReceiveRemovesPacketFromHostQueue<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
ios:seq<LIoOp<IdType, MessageType>>,
Expand Down Expand Up @@ -171,7 +171,7 @@ lemma Lemma_ReceiveRemovesPacketFromHostQueue<IdType, MessageType>(
assert HostQueueDecomposition(hostQueue, hostQueue', s1, s2, p);
}

lemma Lemma_RemovePacketFromHostQueueImpliesReceive<IdType, MessageType>(
lemma Lemma_RemovePacketFromHostQueueImpliesReceive<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
ios:seq<LIoOp<IdType, MessageType>>,
Expand All @@ -198,7 +198,7 @@ lemma Lemma_RemovePacketFromHostQueueImpliesReceive<IdType, MessageType>(
}
}

lemma Lemma_ReceiveMakesHostQueueSmaller<IdType, MessageType>(
lemma Lemma_ReceiveMakesHostQueueSmaller<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
ios:seq<LIoOp<IdType, MessageType>>,
Expand All @@ -212,7 +212,7 @@ lemma Lemma_ReceiveMakesHostQueueSmaller<IdType, MessageType>(
Lemma_ReceiveRemovesPacketFromHostQueue(hostQueue, hostQueue', ios, p);
}

lemma Lemma_HostQueuePerformIosReceivesFromHostQueue<IdType, MessageType>(
lemma Lemma_HostQueuePerformIosReceivesFromHostQueue<IdType(!new), MessageType>(
hostQueue:seq<LPacket<IdType, MessageType>>,
hostQueue':seq<LPacket<IdType, MessageType>>,
ios:seq<LIoOp<IdType, MessageType>>
Expand Down
10 changes: 5 additions & 5 deletions ironfleet/src/Dafny/Distributed/Impl/Common/GenericRefinement.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ function {:opaque} MapSeqToSeq<T(!new),U>(s:seq<T>, refine_func:T~>U) : seq<U>
/////////////////////////////////////////////////////////
// Generic map refinement from concrete to abstract
/////////////////////////////////////////////////////////
predicate MapIsAbstractable<KT,VT,CKT,CVT>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
predicate MapIsAbstractable<KT(!new),VT(!new),CKT(!new),CVT(!new)>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
reads RefineKey.reads, RefineValue.reads, ReverseKey.reads
{
&& (forall ck :: ck in m ==> RefineKey.requires(ck) && RefineValue.requires(m[ck]))
&& (forall ck :: ck in m ==> ReverseKey.requires(RefineKey(ck)) && ReverseKey(RefineKey(ck)) == ck)
}

function {:opaque} AbstractifyMap<CKT,CVT,KT,VT>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT) : map<KT,VT>
function {:opaque} AbstractifyMap<CKT(!new),CVT(!new),KT(!new),VT(!new)>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT) : map<KT,VT>
reads RefineKey.reads, RefineValue.reads, ReverseKey.reads
requires forall ck :: ck in m ==> RefineKey.requires(ck) && RefineValue.requires(m[ck])
requires forall ck :: ck in m ==> ReverseKey.requires(RefineKey(ck)) && ReverseKey(RefineKey(ck)) == ck
Expand All @@ -45,7 +45,7 @@ function {:opaque} AbstractifyMap<CKT,CVT,KT,VT>(m:map<CKT,CVT>, RefineKey:CKT~>
map k | k in (set ck | ck in m :: RefineKey(ck)) :: RefineValue(m[ReverseKey(k)])
}

lemma Lemma_AbstractifyMap_basic_properties<CKT,CVT,KT,VT>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
lemma Lemma_AbstractifyMap_basic_properties<CKT(!new),CVT(!new),KT(!new),VT(!new)>(m:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
requires MapIsAbstractable(m, RefineKey, RefineValue, ReverseKey)
// Injectivity
requires forall ck1, ck2 :: RefineKey.requires(ck1) && RefineKey.requires(ck2) && RefineKey(ck1) == RefineKey(ck2) ==> ck1 == ck2
Expand All @@ -56,7 +56,7 @@ lemma Lemma_AbstractifyMap_basic_properties<CKT,CVT,KT,VT>(m:map<CKT,CVT>, Refin
reveal AbstractifyMap();
}

lemma Lemma_AbstractifyMap_preimage<KT,VT,CKT,CVT>(cm:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
lemma Lemma_AbstractifyMap_preimage<KT(!new),VT(!new),CKT(!new),CVT(!new)>(cm:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT)
requires MapIsAbstractable(cm, RefineKey, RefineValue, ReverseKey)
// Injectivity
requires forall ck1, ck2 :: RefineKey.requires(ck1) && RefineKey.requires(ck2) && RefineKey(ck1) == RefineKey(ck2) ==> ck1 == ck2
Expand All @@ -72,7 +72,7 @@ lemma Lemma_AbstractifyMap_preimage<KT,VT,CKT,CVT>(cm:map<CKT,CVT>, RefineKey:CK
}
}

lemma Lemma_AbstractifyMap_append<KT,VT,CKT,CVT>(cm:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT,
lemma Lemma_AbstractifyMap_append<KT(!new),VT(!new),CKT(!new),CVT(!new)>(cm:map<CKT,CVT>, RefineKey:CKT~>KT, RefineValue:CVT~>VT, ReverseKey:KT~>CKT,
ck:CKT, cval:CVT)
requires MapIsAbstractable(cm, RefineKey, RefineValue, ReverseKey)
// Injectivity
Expand Down
4 changes: 2 additions & 2 deletions ironfleet/src/Dafny/Distributed/Services/Lock/Main.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,15 @@ module Main_i refines Main_s {
provides IronfleetMain

predicate IsValidBehavior(config:ConcreteConfiguration, db:seq<DS_State>)
reads *;
// reads *;
{
|db| > 0
&& DS_Init(db[0], config)
&& forall i {:trigger DS_Next(db[i], db[i+1])} :: 0 <= i < |db| - 1 ==> DS_Next(db[i], db[i+1])
}

predicate IsValidBehaviorLs(config:ConcreteConfiguration, db:seq<LS_State>)
reads *;
// reads *;
{
|db| > 0
&& LS_Init(db[0], config)
Expand Down
6 changes: 3 additions & 3 deletions ironfleet/src/Dafny/Distributed/Services/RSL/AppStateMachine.s.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ import opened Native__NativeTypes_s
import opened Native__Io_s

type Bytes = seq<byte>
type AppState = Bytes
type AppRequest = Bytes
type AppReply = Bytes
type AppState = seq<byte>
type AppRequest = seq<byte>
type AppReply = seq<byte>

function {:axiom} AppInitialize() : AppState
function {:axiom} AppHandleRequest(m:AppState, request:AppRequest) : (AppState, AppReply)
Expand Down
2 changes: 1 addition & 1 deletion ironfleet/src/Dafny/Distributed/Services/RSL/Main.i.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ import opened Environment_s
import opened Math__mod_auto_i

predicate IsValidBehavior(config:ConcreteConfiguration, db:seq<DS_State>)
reads *
// reads *
{
&& |db| > 0
&& DS_Init(db[0], config)
Expand Down
Loading

0 comments on commit aeb26aa

Please sign in to comment.