@@ -148,13 +148,9 @@ private module SizeBarrier {
148148 // We know:
149149 // 1. result <= value + delta (by `bounded`)
150150 // 2. value < right + k + 1 (by `operandGuardChecks`).
151- // Condition 2 implies: value <= right + k, so if we know
152- // that `state >= k + delta` then we have:
151+ // Note that condition 2 implies: value <= right + k. So we have:
153152 // result <= value + delta (by 1.)
154153 // <= right + k + delta (by 2.)
155- // <= right + state (by the assumption).
156- // Callers of `getABarrierInstruction0` should ensure that `state >= k + delta`
157- // is satisfied.
158154 operandGuardChecks ( pragma [ only_bind_into ] ( g ) , pragma [ only_bind_into ] ( left ) , right ,
159155 pragma [ only_bind_into ] ( k + 1 ) , pragma [ only_bind_into ] ( edge ) ) and
160156 bounded ( result , value .getAnInstruction ( ) , delta ) and
@@ -171,9 +167,9 @@ private module SizeBarrier {
171167 pragma [ inline_late]
172168 Instruction getABarrierInstruction ( int state ) {
173169 exists ( int delta , int k |
174- // See the implementation comments in `getABarrierInstruction0` for why
175- // this conjunct is necessary.
176170 state >= k + delta and
171+ // result <= "size of allocation" + delta + k
172+ // <= "size of allocation" + state
177173 result = getABarrierInstruction0 ( delta , k )
178174 )
179175 }
@@ -199,9 +195,10 @@ private module SizeBarrier {
199195 ValidForStateFlow:: flow ( source , result ) and
200196 hasSize ( _, source , state ) and
201197 ValidForStateConfig:: isSink ( result , delta , k ) and
202- // See the implementation comments in `getABarrierInstruction0` for why
203- // this conjunct is necessary.
204198 state >= k + delta
199+ // so now we have:
200+ // result <= "size of allocation" + delta + k
201+ // <= "size of allocation" + state
205202 )
206203 }
207204}
0 commit comments