Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[fix] reporting error messages from uclid when base case failed verification #905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 15, 2025
Merged

[fix] reporting error messages from uclid when base case failed verification #905

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cd25a8d
[fix] process verification failure message at base case
AD1024 Aug 13, 2025
9acca8a
[fix] RLE proof
AD1024 Aug 13, 2025
355a888
save
AD1024 Aug 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions Src/PCompiler/CompilerCore/Backend/PVerifier/Uclid5CodeGenerator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,13 +256,12 @@ private void ProcessFailureMessages(List<Match> collection, string[] query, stri
foreach (var feedback in match.Groups[1].Captures.Zip(match.Groups[2].Captures))
{
var line = query[int.Parse(feedback.Second.ToString()) - 1];
var step = feedback.First.ToString().Contains("[Step #0]") ? "(base case)" : "";
var matchName = Regex.Match(line, @"// Failed to verify invariant (.*) at (.*)");
if (matchName.Success)
{
var invName = matchName.Groups[1].Value.Replace("_PGROUP_", ": ");
failedInv.Add(invName);
failMessages.Add($"{reason} {line.Split("// ").Last()} {step}");
failMessages.Add($"{reason} {line.Split("// ").Last()}");
}

var matchDefault = Regex.Match(line,
Expand Down Expand Up @@ -1212,7 +1211,7 @@ private void GenerateMain(Machine machine, State state, Event @event, ProofComma

foreach (var inv in cmd.Premises)
{
EmitLine($"invariant _{InvariantPrefix}{inv.Name}: {InvariantPrefix}{inv.Name}();");
EmitLine($"invariant _{InvariantPrefix}{inv.Name}: {InvariantPrefix}{inv.Name}(); // Failed to verify invariant {inv.Name.Replace("_PGROUP_", ": ")} at base case");
}

EmitLine("");
Expand Down
74 changes: 60 additions & 14 deletions Tutorial/Advanced/3_RingLeaderVerification/PSrc/System.p
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,52 @@ type tNominate = (voteFor: machine);
event eNominate : tNominate;

pure le(x: machine, y: machine): bool;
axiom forall (x: machine) :: le(x, x);
axiom forall (x: machine, y: machine) :: le(x, y) || le(y, x);
axiom forall (x: machine, y: machine, z: machine) :: (le(x, y) && le(y, z)) ==> le(x, z);
axiom forall (x: machine, y: machine) :: (le(x, y) && le(y, x)) ==> (x == y);
init-condition forall (x: machine) :: le(x, x);
init-condition forall (x: machine, y: machine) :: le(x, y) || le(y, x);
init-condition forall (x: machine, y: machine, z: machine) :: (le(x, y) && le(y, z)) ==> le(x, z);
init-condition forall (x: machine, y: machine) :: (le(x, y) && le(y, x)) ==> (x == y);

Lemma less_than {
invariant le_refl: forall (x: machine) :: le(x, x);
invariant le_symm: forall (x: machine, y: machine) :: le(x, y) || le(y, x);
invariant le_trans: forall (x: machine, y: machine, z: machine) :: (le(x, y) && le(y, z)) ==> le(x, z);
invariant le_antisymm: forall (x: machine, y: machine) :: (le(x, y) && le(y, x)) ==> (x == y);
}
Proof {
prove less_than;
}

pure btw(x: machine, y: machine, z: machine): bool;
axiom forall (w: machine, x: machine, y: machine, z: machine) :: (btw(w, x, y) && btw(w, y, z)) ==> btw(w, x, z);
axiom forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> !btw(x, z, y);
axiom forall (x: machine, y: machine, z: machine) :: btw(x, y, z) || btw(x, z, y) || (x == y) || (x == z) || (y == z);
axiom forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> btw(y, z, x);
init-condition forall (w: machine, x: machine, y: machine, z: machine) :: (btw(w, x, y) && btw(w, y, z)) ==> btw(w, x, z);
init-condition forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> !btw(x, z, y);
init-condition forall (x: machine, y: machine, z: machine) :: btw(x, y, z) || btw(x, z, y) || (x == y) || (x == z) || (y == z);
init-condition forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> btw(y, z, x);

Lemma between_rel {
invariant btw_1: forall (w: machine, x: machine, y: machine, z: machine) :: (btw(w, x, y) && btw(w, y, z)) ==> btw(w, x, z);
invariant btw_2: forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> !btw(x, z, y);
invariant btw_3: forall (x: machine, y: machine, z: machine) :: btw(x, y, z) || btw(x, z, y) || (x == y) || (x == z) || (y == z);
invariant btw_4: forall (x: machine, y: machine, z: machine) :: btw(x, y, z) ==> btw(y, z, x);
}
Proof {
prove between_rel;
}

pure right(x: machine): machine;
axiom forall (x: machine) :: x != right(x);
axiom forall (x: machine, y: machine) :: (x != y && y != right(x)) ==> btw(x, right(x), y);
init-condition forall (x: machine) :: x != right(x);
init-condition forall (x: machine, y: machine) :: (x != y && y != right(x)) ==> btw(x, right(x), y);
init-condition forall (x: machine, y: machine) :: !btw(x, y, right(x));
init-condition forall (x: machine, n: machine, m: machine) :: m == right(n) ==> (btw(n, m, x) || x == m || x == n);

Lemma right_rel {
invariant right_neq_self: forall (x: machine) :: x != right(x);
invariant btw_right: forall (x: machine, y: machine) :: (x != y && y != right(x)) ==> btw(x, right(x), y);
invariant Aux1: forall (x: machine, y: machine) :: !btw(x, y, right(x));
invariant right_btw: forall (x: machine, n: machine, m: machine) :: m == right(n) ==> (btw(n, m, x) || x == m || x == n);
}
Proof {
prove right_rel;
}

machine Server {
start state Proposing {
Expand All @@ -38,10 +70,24 @@ machine Server {
}
}



// voteFor is the running max
invariant NoBypass: forall (n: machine, m: machine, e: eNominate) :: (inflight e && e targets m && n is Server && btw(e.voteFor, n, m)) ==> le(n, e.voteFor);
invariant SelfPendingMax: forall (n: machine, m: machine, e: eNominate) :: (inflight e && e targets m && e.voteFor == m) ==> le(n, m);
Lemma lemmas {
invariant LeaderMax: forall (x: machine, y: machine) :: x is Won ==> le(y, x);
invariant Aux: forall (x: machine, y: machine) :: (le(x, y) && le(y, x)) ==> x == y;
invariant NoBypass: forall (n: machine, m: machine, e: eNominate) :: (inflight e && e targets m && btw(e.voteFor, n, m)) ==> le(n, e.voteFor);
invariant SelfPendingMax: forall (n: machine, m: machine, e: eNominate) :: (inflight e && e targets m && e.voteFor == m) ==> le(n, m);
}
Proof {
prove lemmas using less_than, between_rel, right_rel;
}

// Main theorems
invariant LeaderMax: forall (x: machine, y: machine) :: x is Won ==> le(y, x);
invariant UniqueLeader: forall (x: machine, y: machine) :: (x is Won && y is Won) ==> (le(x, y) && le(y, x));
Theorem Safety {
invariant UniqueLeader: forall (x: machine, y: machine) :: (x is Won && y is Won) ==> x == y;
}
Proof {
prove Safety using lemmas_LeaderMax, lemmas_Aux;
prove default;
}
Loading