For function postcondition violations, point to the problematic expression branch

Source/DafnyCore/Options/DafnyProject.cs

@@ -17,8 +17,8 @@
 namespace Microsoft.Dafny;
 
 public class DafnyProject : IEquatable<DafnyProject> {
-  public static Option<FileInfo> FindProjectOption = new("--find-project",
-    "Given a filesystem path, search for a project file by traversing up the file tree.");
+  public static Option<bool> FindProjectOption = new("--find-project",
+    "Uses the first specified input file as a starting path, from which to search for a project file by traversing up the file tree.");
 
   static DafnyProject() {
     OptionRegistry.RegisterOption(FindProjectOption, OptionScope.Cli);

Source/DafnyCore/Resolver/NameResolutionAndTypeInference/NameResolutionAndTypeInference.cs

@@ -5951,7 +5951,7 @@ public MethodCallInformation ResolveApplySuffix(ApplySuffix e, ResolutionContext
           }
           if (callee != null) {
             // produce a FunctionCallExpr instead of an ApplyExpr(MemberSelectExpr)
-            var rr = new FunctionCallExpr(e.Lhs.tok, callee.Name, mse.Obj, e.tok, e.CloseParen, e.Bindings, atLabel) {
+            var rr = new FunctionCallExpr(e.Lhs.Tok, callee.Name, mse.Obj, e.tok, e.CloseParen, e.Bindings, atLabel) {
               Function = callee,
               TypeApplication_AtEnclosingClass = mse.TypeApplication_AtEnclosingClass,
               TypeApplication_JustFunction = mse.TypeApplication_JustMember

Source/DafnyCore/Verifier/BoogieGenerator.Functions.cs

@@ -13,296 +13,6 @@ namespace Microsoft.Dafny;
 
 public partial class BoogieGenerator {
 
-  void AddWellformednessCheck(Function f) {
-    Contract.Requires(f != null);
-    Contract.Requires(sink != null && predef != null);
-    Contract.Requires(f.EnclosingClass != null);
-    Contract.Requires(currentModule == null && codeContext == null && isAllocContext != null);
-    Contract.Ensures(currentModule == null && codeContext == null && isAllocContext != null);
-
-    Contract.Assert(InVerificationScope(f));
-
-    proofDependencies.SetCurrentDefinition(MethodVerboseName(f.FullDafnyName, MethodTranslationKind.SpecWellformedness));
-    currentModule = f.EnclosingClass.EnclosingModuleDefinition;
-    codeContext = f;
-
-    Bpl.Expr prevHeap = null;
-    Bpl.Expr currHeap = null;
-    var ordinaryEtran = new ExpressionTranslator(this, predef, f.tok, f);
-    ExpressionTranslator etran;
-    var inParams_Heap = new List<Bpl.Variable>();
-    if (f is TwoStateFunction) {
-      var prevHeapVar = new Bpl.Formal(f.tok, new Bpl.TypedIdent(f.tok, "previous$Heap", predef.HeapType), true);
-      var currHeapVar = new Bpl.Formal(f.tok, new Bpl.TypedIdent(f.tok, "current$Heap", predef.HeapType), true);
-      inParams_Heap.Add(prevHeapVar);
-      inParams_Heap.Add(currHeapVar);
-      prevHeap = new Bpl.IdentifierExpr(f.tok, prevHeapVar);
-      currHeap = new Bpl.IdentifierExpr(f.tok, currHeapVar);
-      etran = new ExpressionTranslator(this, predef, currHeap, prevHeap, f);
-    } else {
-      etran = ordinaryEtran;
-    }
-
-    // parameters of the procedure
-    var typeInParams = MkTyParamFormals(GetTypeParams(f), true);
-    var inParams = new List<Bpl.Variable>();
-    var outParams = new List<Bpl.Variable>();
-    if (!f.IsStatic) {
-      var th = new Bpl.IdentifierExpr(f.tok, "this", TrReceiverType(f));
-      Bpl.Expr wh = BplAnd(
-        ReceiverNotNull(th),
-        (f is TwoStateFunction ? etran.Old : etran).GoodRef(f.tok, th, ModuleResolver.GetReceiverType(f.tok, f)));
-      Bpl.Formal thVar = new Bpl.Formal(f.tok, new Bpl.TypedIdent(f.tok, "this", TrReceiverType(f), wh), true);
-      inParams.Add(thVar);
-    }
-    foreach (Formal p in f.Ins) {
-      Bpl.Type varType = TrType(p.Type);
-      Bpl.Expr wh = GetWhereClause(p.tok, new Bpl.IdentifierExpr(p.tok, p.AssignUniqueName(f.IdGenerator), varType), p.Type,
-        p.IsOld ? etran.Old : etran, f is TwoStateFunction ? ISALLOC : NOALLOC);
-      inParams.Add(new Bpl.Formal(p.tok, new Bpl.TypedIdent(p.tok, p.AssignUniqueName(f.IdGenerator), varType, wh), true));
-    }
-    if (f.Result != null) {
-      Formal p = f.Result;
-      Contract.Assert(!p.IsOld);
-      Bpl.Type varType = TrType(p.Type);
-      Bpl.Expr wh = GetWhereClause(p.tok, new Bpl.IdentifierExpr(p.tok, p.AssignUniqueName(f.IdGenerator), varType), p.Type, etran, NOALLOC);
-      outParams.Add(new Bpl.Formal(p.tok, new Bpl.TypedIdent(p.tok, p.AssignUniqueName(f.IdGenerator), varType, wh), true));
-    }
-    // the procedure itself
-    var req = new List<Bpl.Requires>();
-    // free requires mh == ModuleContextHeight && fh == FunctionContextHeight;
-    req.Add(Requires(f.tok, true, null, etran.HeightContext(f), null, null, null));
-    if (f is TwoStateFunction) {
-      // free requires prevHeap == Heap && HeapSucc(prevHeap, currHeap) && IsHeap(currHeap)
-      var a0 = Bpl.Expr.Eq(prevHeap, ordinaryEtran.HeapExpr);
-      var a1 = HeapSucc(prevHeap, currHeap);
-      var a2 = FunctionCall(f.tok, BuiltinFunction.IsGoodHeap, null, currHeap);
-      req.Add(Requires(f.tok, true, null, BplAnd(a0, BplAnd(a1, a2)), null, null, null));
-    }
-
-    foreach (var typeBoundAxiom in TypeBoundAxioms(f.tok, Concat(f.EnclosingClass.TypeArgs, f.TypeArgs))) {
-      req.Add(Requires(f.tok, true, null, typeBoundAxiom, null, null, null));
-    }
-
-    // modifies $Heap
-    var mod = new List<Bpl.IdentifierExpr> {
-      ordinaryEtran.HeapCastToIdentifierExpr,
-    };
-    // check that postconditions hold
-    var ens = new List<Bpl.Ensures>();
-    var context = new BodyTranslationContext(f.ContainsHide);
-    foreach (AttributedExpression ensures in f.Ens) {
-      var functionHeight = currentModule.CallGraph.GetSCCRepresentativePredecessorCount(f);
-      var splits = new List<SplitExprInfo>();
-      bool splitHappened /*we actually don't care*/ = TrSplitExpr(context, ensures.E, splits, true, functionHeight, true, true, etran);
-      var (errorMessage, successMessage) = CustomErrorMessage(ensures.Attributes);
-      foreach (var s in splits) {
-        if (s.IsChecked && !RefinementToken.IsInherited(s.Tok, currentModule)) {
-          AddEnsures(ens, EnsuresWithDependencies(s.Tok, false, ensures.E, s.E, errorMessage, successMessage, null));
-        }
-      }
-    }
-    var proc = new Bpl.Procedure(f.tok, "CheckWellformed" + NameSeparator + f.FullSanitizedName, new List<Bpl.TypeVariable>(),
-      Concat(Concat(typeInParams, inParams_Heap), inParams), outParams,
-      false, req, mod, ens, etran.TrAttributes(f.Attributes, null));
-    AddVerboseNameAttribute(proc, f.FullDafnyName, MethodTranslationKind.SpecWellformedness);
-    sink.AddTopLevelDeclaration(proc);
-
-    if (InsertChecksums) {
-      InsertChecksum(f, proc, true);
-    }
-
-    Contract.Assert(proc.InParams.Count == typeInParams.Count + inParams_Heap.Count + inParams.Count);
-    // Changed the next line to strip from inParams instead of proc.InParams
-    // They should be the same, but hence the added contract
-    var implInParams = Bpl.Formal.StripWhereClauses(inParams);
-    var implOutParams = Bpl.Formal.StripWhereClauses(outParams);
-    var locals = new List<Variable>();
-    var builder = new BoogieStmtListBuilder(this, options, context);
-    var builderInitializationArea = new BoogieStmtListBuilder(this, options, context);
-    builder.Add(new CommentCmd("AddWellformednessCheck for function " + f));
-    if (f is TwoStateFunction) {
-      // $Heap := current$Heap;
-      var heap = ordinaryEtran.HeapCastToIdentifierExpr;
-      builder.Add(Bpl.Cmd.SimpleAssign(f.tok, heap, etran.HeapExpr));
-      etran = ordinaryEtran;  // we no longer need the special heap names
-    }
-    builder.AddCaptureState(f.tok, false, "initial state");
-
-    DefineFrame(f.tok, etran.ReadsFrame(f.tok), f.Reads.Expressions, builder, locals, null);
-    InitializeFuelConstant(f.tok, builder, etran);
-
-    var delayer = new ReadsCheckDelayer(etran, null, locals, builderInitializationArea, builder);
-
-    // Check well-formedness of any default-value expressions (before assuming preconditions).
-    delayer.DoWithDelayedReadsChecks(true, wfo => {
-      foreach (var formal in f.Ins.Where(formal => formal.DefaultValue != null)) {
-        var e = formal.DefaultValue;
-        CheckWellformed(e, wfo, locals, builder, etran.WithReadsFrame(etran.readsFrame, null)); // No frame scope for default values
-        builder.Add(new Bpl.AssumeCmd(e.tok, etran.CanCallAssumption(e)));
-        CheckSubrange(e.tok, etran.TrExpr(e), e.Type, formal.Type, e, builder);
-
-        if (formal.IsOld) {
-          Bpl.Expr wh = GetWhereClause(e.tok, etran.TrExpr(e), e.Type, etran.Old, ISALLOC, true);
-          if (wh != null) {
-            var desc = new PODesc.IsAllocated("default value", "in the two-state function's previous state", e);
-            builder.Add(Assert(GetToken(e), wh, desc));
-          }
-        }
-      }
-    });
-
-    // Check well-formedness of the preconditions (including termination), and then
-    // assume each one of them.  After all that (in particular, after assuming all
-    // of them), do the postponed reads checks.
-    delayer.DoWithDelayedReadsChecks(false, wfo => {
-      foreach (AttributedExpression p in f.Req) {
-        if (p.Label != null) {
-          p.Label.E = (f is TwoStateFunction ? ordinaryEtran : etran.Old).TrExpr(p.E);
-          CheckWellformed(p.E, wfo, locals, builder, etran);
-        } else {
-          CheckWellformedAndAssume(p.E, wfo, locals, builder, etran, "requires clause");
-        }
-      }
-    });
-
-    // Check well-formedness of the reads clause.  Note that this is done after assuming
-    // the preconditions.  In other words, the well-formedness of the reads clause is
-    // allowed to assume the precondition (yet, the requires clause is checked to
-    // read only those things indicated in the reads clause).
-    delayer.DoWithDelayedReadsChecks(false, wfo => {
-      CheckFrameWellFormed(wfo, f.Reads.Expressions, locals, builder, etran);
-    });
-
-    // If the function is marked as {:concurrent}, check that the reads clause is empty.
-    if (Attributes.Contains(f.Attributes, Attributes.ConcurrentAttributeName)) {
-      var desc = new PODesc.ConcurrentFrameEmpty(f, "reads");
-      CheckFrameEmpty(f.tok, etran, etran.ReadsFrame(f.tok), builder, desc, null);
-    }
-
-    // check well-formedness of the decreases clauses (including termination, but no reads checks)
-    foreach (Expression p in f.Decreases.Expressions) {
-      CheckWellformed(p, new WFOptions(null, false),
-        locals, builder, etran);
-    }
-    // Generate:
-    //   if (*) {
-    //     check well-formedness of postcondition
-    //     assume false;  // don't go on to check the postconditions
-    //   } else {
-    //     check well-formedness of body
-    //     // fall through to check the postconditions themselves
-    //   }
-    // Here go the postconditions (termination checks included, but no reads checks)
-    BoogieStmtListBuilder postCheckBuilder = new BoogieStmtListBuilder(this, options, context);
-    // Assume the type returned by the call itself respects its type (this matters if the type is "nat", for example)
-    {
-      var args = new List<Bpl.Expr>();
-      foreach (var p in GetTypeParams(f)) {
-        args.Add(TrTypeParameter(p));
-      }
-      if (f.IsFuelAware()) {
-        args.Add(etran.layerInterCluster.GetFunctionFuel(f));
-      }
-
-      if (f.IsOpaque || f.IsMadeImplicitlyOpaque(options)) {
-        args.Add(GetRevealConstant(f));
-      }
-      if (f is TwoStateFunction) {
-        args.Add(etran.Old.HeapExpr);
-      }
-      if (f.ReadsHeap) {
-        args.Add(etran.HeapExpr);
-      }
-      if (!f.IsStatic) {
-        args.Add(new Bpl.IdentifierExpr(f.tok, etran.This));
-      }
-      foreach (var p in f.Ins) {
-        args.Add(new Bpl.IdentifierExpr(p.tok, p.AssignUniqueName(f.IdGenerator), TrType(p.Type)));
-      }
-      Bpl.IdentifierExpr funcID = new Bpl.IdentifierExpr(f.tok, f.FullSanitizedName, TrType(f.ResultType));
-      Bpl.Expr funcAppl = new Bpl.NAryExpr(f.tok, new Bpl.FunctionCall(funcID), args);
-
-      var wh = GetWhereClause(f.tok, funcAppl, f.ResultType, etran, NOALLOC);
-      if (wh != null) {
-        postCheckBuilder.Add(TrAssumeCmd(f.tok, wh));
-      }
-    }
-    // Now for the ensures clauses
-    foreach (AttributedExpression p in f.Ens) {
-      // assume the postcondition for the benefit of checking the remaining postconditions
-      CheckWellformedAndAssume(p.E, new WFOptions(f, false), locals, postCheckBuilder, etran, "ensures clause");
-    }
-    // Here goes the body (and include both termination checks and reads checks)
-    BoogieStmtListBuilder bodyCheckBuilder = new BoogieStmtListBuilder(this, options, context);
-    if (f.Body == null || !RevealedInScope(f)) {
-      // don't fall through to postcondition checks
-      bodyCheckBuilder.Add(TrAssumeCmd(f.tok, Bpl.Expr.False));
-    } else {
-      var funcID = new Bpl.FunctionCall(new Bpl.IdentifierExpr(f.tok, f.FullSanitizedName, TrType(f.ResultType)));
-      var args = new List<Bpl.Expr>();
-      foreach (var p in GetTypeParams(f)) {
-        args.Add(TrTypeParameter(p));
-      }
-      if (f.IsFuelAware()) {
-        args.Add(etran.layerInterCluster.GetFunctionFuel(f));
-      }
-
-      if (f.IsOpaque || f.IsMadeImplicitlyOpaque(options)) {
-        args.Add(GetRevealConstant(f));
-      }
-      if (f is TwoStateFunction) {
-        args.Add(etran.Old.HeapExpr);
-      }
-      if (f.ReadsHeap) {
-        args.Add(etran.HeapExpr);
-      }
-      foreach (Variable p in implInParams) {
-        args.Add(new Bpl.IdentifierExpr(f.tok, p));
-      }
-      Bpl.Expr funcAppl = new Bpl.NAryExpr(f.tok, funcID, args);
-
-      var bodyCheckDelayer = new ReadsCheckDelayer(etran, null, locals, builderInitializationArea, bodyCheckBuilder);
-      bodyCheckDelayer.DoWithDelayedReadsChecks(false, wfo => {
-        CheckWellformedWithResult(f.Body, wfo, funcAppl, f.ResultType, locals, bodyCheckBuilder, etran, "function call result");
-        if (f.Result != null) {
-          var cmd = TrAssumeCmd(f.tok, Bpl.Expr.Eq(funcAppl, TrVar(f.tok, f.Result)));
-          proofDependencies?.AddProofDependencyId(cmd, f.tok, new FunctionDefinitionDependency(f));
-          bodyCheckBuilder.Add(cmd);
-        }
-      });
-
-      // Enforce 'older' conditions
-      var (olderParameterCount, olderCondition) = OlderCondition(f, funcAppl, implInParams);
-      if (olderParameterCount != 0) {
-        bodyCheckBuilder.Add(Assert(f.tok, olderCondition, new PODesc.IsOlderProofObligation(olderParameterCount, f.Ins.Count + (f.IsStatic ? 0 : 1))));
-      }
-    }
-    // Combine the two, letting the postcondition be checked on after the "bodyCheckBuilder" branch
-    postCheckBuilder.Add(TrAssumeCmd(f.tok, Bpl.Expr.False));
-    builder.Add(new Bpl.IfCmd(f.tok, null, postCheckBuilder.Collect(f.tok), null, bodyCheckBuilder.Collect(f.tok)));
-
-    var s0 = builderInitializationArea.Collect(f.tok);
-    var s1 = builder.Collect(f.tok);
-    var implBody = new StmtList(new List<BigBlock>(s0.BigBlocks.Concat(s1.BigBlocks)), f.tok);
-
-    if (EmitImplementation(f.Attributes)) {
-      // emit the impl only when there are proof obligations.
-      QKeyValue kv = etran.TrAttributes(f.Attributes, null);
-      var impl = AddImplementationWithAttributes(GetToken(f), proc,
-        Concat(Concat(Bpl.Formal.StripWhereClauses(typeInParams), inParams_Heap), implInParams),
-        implOutParams,
-        locals, implBody, kv);
-      if (InsertChecksums) {
-        InsertChecksum(f, impl);
-      }
-    }
-
-    Contract.Assert(currentModule == f.EnclosingClass.EnclosingModuleDefinition);
-    Contract.Assert(codeContext == f);
-    Reset();
-  }
-
   void AddFunctionAxiom(Bpl.Function boogieFunction, Function f, Expression body) {
     Contract.Requires(f != null);
     Contract.Requires(body != null);

Source/DafnyCore/Verifier/BoogieGenerator.Methods.cs

@@ -148,7 +148,7 @@ void AddFunction_Top(Function f, bool includeAllMethods) {
       AddClassMember_Function(f);
 
       if (InVerificationScope(f)) {
-        AddWellformednessCheck(f);
+        new FunctionWellformednessChecker(this).Check(f);
         if (f.OverriddenFunction != null) { //it means that f is overriding its associated parent function
           AddFunctionOverrideCheckImpl(f);
         }