print new values of havocked variables in error trace

Closes: #446

Author: jyao15

language/move-prover/boogie-backend/src/boogie_wrapper.rs

@@ -96,6 +96,7 @@ pub enum TraceEntry {
     Exp(NodeId, ModelValue),
     SubExp(NodeId, ModelValue),
     GlobalMem(NodeId, ModelValue),
+    InfoLine(String),
 }
 
 // Error message matching
@@ -384,6 +385,10 @@ impl<'env> BoogieWrapper<'env> {
                             }
                         }
                     }
+                    InfoLine(info_line) => {
+                        // information that should be displayed to the user
+                        display.push(format!("    {}", info_line));
+                    }
                     _ => {}
                 }
             }
@@ -648,6 +653,10 @@ impl<'env> BoogieWrapper<'env> {
                 let value = self.extract_value(value)?;
                 Ok(TraceEntry::GlobalMem(node_id, value))
             }
+            "info" => match value {
+                Some(info_line) => Ok(TraceEntry::InfoLine(info_line.trim().to_string())),
+                None => Ok(TraceEntry::InfoLine("".to_string())),
+            },
             _ => Err(ModelParseError::new(&format!(
                 "unrecognized augmented trace entry `{}`",
                 name

language/move-prover/boogie-backend/src/bytecode_translator.rs

@@ -727,7 +727,17 @@ impl<'env> FunctionTranslator<'env> {
 
         // Print debug comments.
         if let Some(comment) = fun_target.get_debug_comment(attr_id) {
-            emitln!(writer, "// {}", comment);
+            if comment.starts_with("info: ") {
+                // if the comment is annotated with "info: ", it should be displayed to the user
+                emitln!(
+                    writer,
+                    "assume {{:print \"${}(){}\"}} true;",
+                    &comment[..4],
+                    &comment[4..]
+                );
+            } else {
+                emitln!(writer, "// {}", comment);
+            }
         }
 
         // Track location for execution traces.

language/move-prover/bytecode/src/debug_instrumentation.rs

@@ -92,7 +92,7 @@ impl FunctionTargetProcessor for DebugInstrumenter {
                     for idx in affected_variables {
                         // Only emit this for user declared locals, not for ones introduced
                         // by stack elimination.
-                        if idx < fun_env.get_local_count() {
+                        if !fun_env.is_temporary(idx) {
                             builder.emit_with(|id| {
                                 Call(id, vec![], Operation::TraceLocal(idx), vec![idx], None)
                             });

language/move-prover/bytecode/src/loop_analysis.rs

@@ -171,6 +171,72 @@ impl LoopAnalysisProcessor {
                             });
                         }
 
+                        // trace implicitly reassigned variables after havocking
+                        let affected_variables: BTreeSet<_> = loop_info
+                            .val_targets
+                            .iter()
+                            .chain(loop_info.mut_targets.iter().map(|(idx, _)| idx))
+                            .collect();
+
+                        // Only emit this for user declared locals, not for ones introduced
+                        // by stack elimination.
+                        let affected_non_temporary_variables: BTreeSet<_> = affected_variables
+                            .into_iter()
+                            .filter(|&idx| !func_env.is_temporary(*idx))
+                            .collect();
+
+                        if affected_non_temporary_variables.is_empty() {
+                            // no user declared local is havocked
+                            builder.set_next_debug_comment(format!(
+                                "info: enter loop {}",
+                                match loop_info.invariants.is_empty() {
+                                    true => "",
+                                    false => ", loop invariant holds at current state",
+                                }
+                            ));
+                        } else {
+                            // show the havocked locals to user
+                            let affected_non_temporary_variable_names: Vec<_> =
+                                affected_non_temporary_variables
+                                    .iter()
+                                    .map(|&idx| {
+                                        func_env
+                                            .symbol_pool()
+                                            .string(func_env.get_local_name(*idx))
+                                            .to_string()
+                                    })
+                                    .collect();
+                            let joined_variables_names_str =
+                                affected_non_temporary_variable_names.join(", ");
+                            builder.set_next_debug_comment(format!(
+                                "info: enter loop, variable(s) {} havocked and reassigned",
+                                joined_variables_names_str
+                            ));
+                        }
+
+                        // track the new values of havocked user declared locals
+                        for idx_ in &affected_non_temporary_variables {
+                            let idx = *idx_;
+                            builder.emit_with(|id| {
+                                Bytecode::Call(
+                                    id,
+                                    vec![],
+                                    Operation::TraceLocal(*idx),
+                                    vec![*idx],
+                                    None,
+                                )
+                            });
+                        }
+
+                        // after showing the havocked locals and their new values, show the following message
+                        if !affected_non_temporary_variables.is_empty()
+                            && !loop_info.invariants.is_empty()
+                        {
+                            builder.set_next_debug_comment(
+                                "info: loop invariant holds at current state".to_string(),
+                            );
+                        }
+
                         // add an additional assumption that the loop did not abort
                         let exp =
                             builder.mk_not(builder.mk_bool_call(ast::Operation::AbortFlag, vec![]));

language/move-prover/tests/sources/functional/aborts_if.exp

@@ -63,7 +63,6 @@ error: function does not abort under this condition
     =     at tests/sources/functional/aborts_if.move:145: abort_at_2_or_3_spec_incorrect
     =         x = <redacted>
     =     at tests/sources/functional/aborts_if.move:146: abort_at_2_or_3_spec_incorrect
-    =         <redacted> = <redacted>
     =     at tests/sources/functional/aborts_if.move:147: abort_at_2_or_3_spec_incorrect
     =     at tests/sources/functional/aborts_if.move:151: abort_at_2_or_3_spec_incorrect (spec)
 
@@ -82,8 +81,6 @@ error: abort not covered by any of the `aborts_if` clauses
     =     at tests/sources/functional/aborts_if.move:154: abort_at_2_or_3_strict_incorrect
     =         x = <redacted>
     =     at tests/sources/functional/aborts_if.move:155: abort_at_2_or_3_strict_incorrect
-    =         <redacted> = <redacted>
-    =     at tests/sources/functional/aborts_if.move:155: abort_at_2_or_3_strict_incorrect
     =         ABORTED
 
 error: abort not covered by any of the `aborts_if` clauses
@@ -102,8 +99,6 @@ error: abort not covered by any of the `aborts_if` clauses
     =     at tests/sources/functional/aborts_if.move:136: abort_at_2_or_3_total_incorrect
     =         x = <redacted>
     =     at tests/sources/functional/aborts_if.move:137: abort_at_2_or_3_total_incorrect
-    =         <redacted> = <redacted>
-    =     at tests/sources/functional/aborts_if.move:137: abort_at_2_or_3_total_incorrect
     =         ABORTED
 
 error: function does not abort under this condition

language/move-prover/tests/sources/functional/choice.cvc5_exp

@@ -51,7 +51,6 @@ error: post-condition does not hold
    =     at tests/sources/functional/choice.move:16: simple_incorrect
    =         b = <redacted>
    =     at tests/sources/functional/choice.move:17: simple_incorrect
-   =         <redacted> = <redacted>
    =         result = <redacted>
    =     at tests/sources/functional/choice.move:18: simple_incorrect
    =     at tests/sources/functional/choice.move:22: simple_incorrect (spec)

language/move-prover/tests/sources/functional/choice.exp

@@ -51,7 +51,6 @@ error: post-condition does not hold
    =     at tests/sources/functional/choice.move:16: simple_incorrect
    =         b = <redacted>
    =     at tests/sources/functional/choice.move:17: simple_incorrect
-   =         <redacted> = <redacted>
    =         result = <redacted>
    =     at tests/sources/functional/choice.move:18: simple_incorrect
    =     at tests/sources/functional/choice.move:22: simple_incorrect (spec)

language/move-prover/tests/sources/functional/invariants.exp

@@ -49,7 +49,6 @@ error: data invariant does not hold
     =     at tests/sources/functional/invariants.move:143
     =     at tests/sources/functional/invariants.move:158: lifetime_invalid_S_branching
     =         a = <redacted>
-    =         <redacted> = <redacted>
     =         x_ref = <redacted>
     =     at tests/sources/functional/invariants.move:160: lifetime_invalid_S_branching
     =     at tests/sources/functional/invariants.move:143

language/move-prover/tests/sources/functional/loops.exp

@@ -14,6 +14,9 @@ error: abort not covered by any of the `aborts_if` clauses
    =     at tests/sources/functional/loops.move:77: iter10_abort_incorrect
    =         i = <redacted>
    =     at tests/sources/functional/loops.move:79: iter10_abort_incorrect
+   =     enter loop, variable(s) i havocked and reassigned
+   =         i = <redacted>
+   =     loop invariant holds at current state
    =     at tests/sources/functional/loops.move:80: iter10_abort_incorrect
    =     at tests/sources/functional/loops.move:78: iter10_abort_incorrect
    =     at tests/sources/functional/loops.move:82: iter10_abort_incorrect
@@ -28,6 +31,8 @@ error: unknown assertion failed
     =     at tests/sources/functional/loops.move:233: iter10_assert_instead_of_invariant
     =         i = <redacted>
     =     at tests/sources/functional/loops.move:235: iter10_assert_instead_of_invariant
+    =     enter loop, variable(s) i havocked and reassigned
+    =         i = <redacted>
 
 error: function does not abort under this condition
    ┌─ tests/sources/functional/loops.move:58:9
@@ -38,6 +43,9 @@ error: function does not abort under this condition
    =     at tests/sources/functional/loops.move:48: iter10_no_abort_incorrect
    =         i = <redacted>
    =     at tests/sources/functional/loops.move:50: iter10_no_abort_incorrect
+   =     enter loop, variable(s) i havocked and reassigned
+   =         i = <redacted>
+   =     loop invariant holds at current state
    =     at tests/sources/functional/loops.move:51: iter10_no_abort_incorrect
    =     at tests/sources/functional/loops.move:49: iter10_no_abort_incorrect
    =     at tests/sources/functional/loops.move:58: iter10_no_abort_incorrect (spec)
@@ -67,6 +75,9 @@ error: induction case of the loop invariant does not hold
     =         x = <redacted>
     =     at tests/sources/functional/loops.move:222: loop_invariant_induction_invalid
     =     at tests/sources/functional/loops.move:223: loop_invariant_induction_invalid
+    =     enter loop, variable(s) x havocked and reassigned
+    =         x = <redacted>
+    =     loop invariant holds at current state
     =     at tests/sources/functional/loops.move:225: loop_invariant_induction_invalid
     =     at tests/sources/functional/loops.move:221: loop_invariant_induction_invalid
     =         x = <redacted>
@@ -84,6 +95,10 @@ error: induction case of the loop invariant does not hold
     =     at tests/sources/functional/loops.move:185: loop_with_two_back_edges_incorrect
     =     at tests/sources/functional/loops.move:188: loop_with_two_back_edges_incorrect
     =     at tests/sources/functional/loops.move:189: loop_with_two_back_edges_incorrect
+    =     enter loop, variable(s) x, y havocked and reassigned
+    =         x = <redacted>
+    =         y = <redacted>
+    =     loop invariant holds at current state
     =     at tests/sources/functional/loops.move:191: loop_with_two_back_edges_incorrect
     =         y = <redacted>
     =     at tests/sources/functional/loops.move:193: loop_with_two_back_edges_incorrect
@@ -100,6 +115,9 @@ error: base case of the loop invariant does not hold
     =         y = <redacted>
     =     at tests/sources/functional/loops.move:140: nested_loop_inner_invariant_incorrect
     =     at tests/sources/functional/loops.move:143: nested_loop_inner_invariant_incorrect
+    =     enter loop, variable(s) x, y havocked and reassigned
+    =         x = <redacted>
+    =         y = <redacted>
     =     at tests/sources/functional/loops.move:144: nested_loop_inner_invariant_incorrect
     =     at tests/sources/functional/loops.move:145: nested_loop_inner_invariant_incorrect
 
@@ -114,8 +132,14 @@ error: induction case of the loop invariant does not hold
     =         y = <redacted>
     =     at tests/sources/functional/loops.move:140: nested_loop_inner_invariant_incorrect
     =     at tests/sources/functional/loops.move:143: nested_loop_inner_invariant_incorrect
+    =     enter loop, variable(s) x, y havocked and reassigned
+    =         x = <redacted>
+    =         y = <redacted>
     =     at tests/sources/functional/loops.move:144: nested_loop_inner_invariant_incorrect
     =     at tests/sources/functional/loops.move:145: nested_loop_inner_invariant_incorrect
+    =     enter loop, variable(s) y havocked and reassigned
+    =         y = <redacted>
+    =     loop invariant holds at current state
     =     at tests/sources/functional/loops.move:147: nested_loop_inner_invariant_incorrect
     =         y = <redacted>
     =     at tests/sources/functional/loops.move:145: nested_loop_inner_invariant_incorrect
@@ -132,6 +156,12 @@ error: induction case of the loop invariant does not hold
     =     at tests/sources/functional/loops.move:115: nested_loop_outer_invariant_incorrect
     =     at tests/sources/functional/loops.move:118: nested_loop_outer_invariant_incorrect
     =     at tests/sources/functional/loops.move:119: nested_loop_outer_invariant_incorrect
+    =     enter loop, variable(s) x, y havocked and reassigned
+    =         x = <redacted>
+    =         y = <redacted>
+    =     loop invariant holds at current state
     =     at tests/sources/functional/loops.move:122: nested_loop_outer_invariant_incorrect
+    =     enter loop, variable(s) y havocked and reassigned
+    =         y = <redacted>
     =         x = <redacted>
     =     at tests/sources/functional/loops.move:119: nested_loop_outer_invariant_incorrect

language/move-prover/tests/sources/functional/loops_with_memory_ops.exp

@@ -25,12 +25,24 @@ error: unknown assertion failed
    =     at tests/sources/functional/loops_with_memory_ops.move:68: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:69: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:70: nested_loop2
+   =     enter loop, variable(s) a, b, i, x, y havocked and reassigned
+   =         a = <redacted>
+   =         b = <redacted>
+   =         i = <redacted>
+   =         x = <redacted>
+   =         y = <redacted>
+   =     loop invariant holds at current state
    =     at tests/sources/functional/loops_with_memory_ops.move:67: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:68: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:69: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:70: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:73: nested_loop2
+   =     enter loop, variable(s) x, y havocked and reassigned
+   =         x = <redacted>
+   =         y = <redacted>
    =     at tests/sources/functional/loops_with_memory_ops.move:74: nested_loop2
+   =     enter loop, variable(s) y havocked and reassigned
+   =         y = <redacted>
    =         b = <redacted>
    =         a = <redacted>
    =     at tests/sources/functional/loops_with_memory_ops.move:85: nested_loop2
@@ -64,12 +76,24 @@ error: induction case of the loop invariant does not hold
    =     at tests/sources/functional/loops_with_memory_ops.move:68: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:69: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:70: nested_loop2
+   =     enter loop, variable(s) a, b, i, x, y havocked and reassigned
+   =         a = <redacted>
+   =         b = <redacted>
+   =         i = <redacted>
+   =         x = <redacted>
+   =         y = <redacted>
+   =     loop invariant holds at current state
    =     at tests/sources/functional/loops_with_memory_ops.move:67: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:68: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:69: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:70: nested_loop2
    =     at tests/sources/functional/loops_with_memory_ops.move:73: nested_loop2
+   =     enter loop, variable(s) x, y havocked and reassigned
+   =         x = <redacted>
+   =         y = <redacted>
    =     at tests/sources/functional/loops_with_memory_ops.move:74: nested_loop2
+   =     enter loop, variable(s) y havocked and reassigned
+   =         y = <redacted>
    =         b = <redacted>
    =         a = <redacted>
    =     at tests/sources/functional/loops_with_memory_ops.move:85: nested_loop2