Skip to content

Class Invariants: Resolution and Wellformedness #6255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 25 commits into from
Closed

Class Invariants: Resolution and Wellformedness #6255

wants to merge 25 commits into from

Conversation

@ssomayyajula
Copy link
Contributor

@ssomayyajula ssomayyajula commented Jun 1, 2025
edited
Loading

What was changed?

  • Invariant is a MemberDecl that holds all of the invariant clauses of an enclosing class (could be any type, but the wellformedness checks currently only make sense for classes). There is not yet a corresponding MemberSelectExpr (in fact, it won't even parse).
  • Resolution of invariants is not surprising, except there is a visitor-based check at the end of pass 0 to exclude fields inherited from a trait from being mentioned in an invariant (see InvariantChecker)
  • BoogieGenerator modified to add well-formedness checks for classes, largely copied from function well-formedness checks. A collection of invariants for a class induces the usual expression well-formedness checks + a check that they only read this
  • Resolution and well-formedness checks only kick in when --check-invariants is enabled (used to be --verify-invariants).

I want explicit feedback on any comments marked TODO (usually text of error messages).

How has this been tested?

Tests under Source/IntegrationTests/TestFiles/LitTests/LitTest/invariants/.

By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.

ssomayyajula added 11 commits May 14, 2025 13:40
@ssomayyajula
Support for parsing invariants in trait and class declarations
a7d3290 
TODO: source under SyntaxDeserializer needs to be properly regenerated
TODO: tests for parsing and resolving need to be completed
@ssomayyajula
resolution partially working but the lexical scope for invariants is …
8e6da68 
…not correct
@ssomayyajula
Correctly setting lexical scope for resolution of invariants
8bd76d9
@ssomayyajula
Fixed resolution incompletenesses + well-formedness/reads checks for …
ce72b84 
…invariants
@ssomayyajula
Check that invariants do not mention fields of supertype trait
51af362
@ssomayyajula
Merge branch 'master' into feat-invariants
0257ad1
@ssomayyajula
Better error message for resolution excluding trait variables
7392ba2
@ssomayyajula
Merge branch 'feat-invariants' of https://github.com/dafny-lang/dafny
482c4fb 
…into feat-invariants
@ssomayyajula
Merge remote-tracking branch 'origin/master' into feat-invariants
8fc38ed
@ssomayyajula
Ran make-deserializer and make-integration
1741f7c
@ssomayyajula
Hiding verification behind VerifyInvariants option
27e4b51
@RustanLeino
Copy link
Collaborator

Resolution of invariants done piecemeal under PreType/. Nothing particularly surprising, except it currently excludes fields inherited from a trait

If the purpose of this is just to disallow certain fields from being mentioned, then I suggest doing this in a resolver pass after PreType/. The initial name resolution / type inference that done in PreType/ (also called "pass 0" somewhere in the resolver) is rather delicate, so the fewer things we need to do in that phase, the better.

@ssomayyajula
Copy link
Contributor Author

Oh I see, is it fragile because either the inherited fields of a class are not fully resolved or the field reference in question is not by the time the check is made inResolveNameSegment?

robin-aws
robin-aws requested changes Jun 5, 2025
View reviewed changes
Copy link
Member

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exciting! Mostly reviewed at a high level, will look closer at implementation in the next round.

ssomayyajula and others added 7 commits June 6, 2025 10:16
@ssomayyajula @robin-aws
Update Source/IntegrationTests/TestFiles/LitTests/LitTest/invariants/…
327082f 
…Expressivity.dfy

Co-authored-by: Robin Salkeld <[email protected]>
@ssomayyajula @robin-aws
Update Source/DafnyCore/Verifier/ReadFrameSubset.cs
60df788 
Co-authored-by: Robin Salkeld <[email protected]>
@ssomayyajula
- Invariants reimplemented to be MemberDecls, resolver modified accor…
119128a 
…dingly

- Wellformedness checks simplified, since they do not have to be scoped to an enclosing declaration
- VerifyInvariants renamed to CheckInvariants and is automatically checked when a MemberDecl is coerced to an Invariant
- Refinement is now implemented, solving issue in InheritedMemberError.dfy
- Printing now implemented
@ssomayyajula
Added Robin's suggestions for messages
4de68ff
@ssomayyajula
Forgot to actually add the Invariant AST node type
b33f062
@ssomayyajula
Merge remote-tracking branch 'origin/master' into feat-invariants
752792c
@ssomayyajula
Implemented Rustan's suggestion to have inherited member exclusion fr…
ec300ac 
…om invariants to be done as a visitor-based check
RustanLeino
RustanLeino reviewed Jun 18, 2025
View reviewed changes
Copy link
Collaborator

@RustanLeino RustanLeino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for moving the resolution checks out of "pass 0". Thanks also for taking refinement modules into considerations (that's easy to forget).

keyboardDrummer
keyboardDrummer reviewed Jun 18, 2025
View reviewed changes
@ssomayyajula
Copy link
Contributor Author

Closing in favor of #6313

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keyboardDrummer keyboardDrummer keyboardDrummer left review comments

@RustanLeino RustanLeino RustanLeino left review comments

@robin-aws robin-aws robin-aws requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ssomayyajula @RustanLeino @keyboardDrummer @robin-aws