Skip to content

Commit

Permalink
Prove last remaining assume
Browse files Browse the repository at this point in the history
  • Loading branch information
@tchajed
tchajed committed Jan 11, 2024
1 parent 75ad622 commit 8574117
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 4 deletions.
1 change: 1 addition & 0 deletions src/fs/block_fs.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ module BlockFs
returns (ok: bool)
modifies fs.Repr, i.Repr, c.Repr(), blk
requires fs.ValidIno(ino, i) ensures fs.ValidIno(ino, i)
requires i.Repr !! c.Repr() ensures i.Repr !! c.Repr()
requires fs.ValidCache(ino, c)
requires fs.has_jrnl(txn)
requires is_lba(n)
Expand Down
15 changes: 11 additions & 4 deletions src/fs/indirect_fs.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -627,6 +627,7 @@ module IndFs
decreases pos.ilevel
modifies Repr, i.Repr, c.Repr()
requires has_jrnl(txn)
requires i.Repr !! c.Repr() ensures i.Repr !! c.Repr()
requires ValidIno(pos.ino, i) ensures ValidIno(pos.ino, i)
requires ValidCache(pos.ino, c) ensures ValidCache(pos.ino, c)
ensures bn == to_blkno[pos]
Expand Down Expand Up @@ -687,18 +688,23 @@ module IndFs
return;
}

assert {:split_here} true;

ok, bn := allocateIndirectMetadata(txn, pos, ibn, pblock);
c.ok := false;
c.bs := NewBytes(0);
assert ValidIno(pos.ino, i) by {
assume false; // otherwise times out
assert i.Valid() && fs.is_cur_inode(pos.ino, i.val());
}
assert Valid();
if !ok {
IndBlocks.to_blknos_zero();
reveal ValidIndirect();
assert i.Valid() by { reveal i.Valid(); }
assert fs.is_cur_inode(pos.ino, i.val());
return;
}
assert ValidIno(pos.ino, i) by {
assert i.Valid() by { reveal i.Valid(); }
assert fs.is_cur_inode(pos.ino, i.val());
}
}

// public
Expand Down Expand Up @@ -738,6 +744,7 @@ module IndFs
requires has_jrnl(txn)
requires ValidIno(pos.ino, i) ensures ValidIno(pos.ino, i)
requires ValidCache(pos.ino, c) ensures ValidCache(pos.ino, c)
requires i.Repr !! c.Repr() ensures i.Repr !! c.Repr()
requires pos.data?
requires is_block(blk.data)
requires blk != i.bs
Expand Down

0 comments on commit 8574117

Please sign in to comment.