Merge branch 'main' into vc-simplification-refactor

Author: rcosta358

liquidjava-example/src/main/java/testSuite/CorrectInterfaceStateSet.java

@@ -0,0 +1,7 @@
+package testSuite;
+
+import liquidjava.specification.StateSet;
+
+@StateSet({"idle", "running"})
+public interface CorrectInterfaceStateSet {
+}

liquidjava-example/src/main/java/testSuite/classes/resultset_forward_correct/ResultSetTests.java

@@ -62,4 +62,20 @@ float readAverage(Connection conn) throws SQLException {
             return 0.0f;
         }
     }
+
+    float readAverageStoredCondition(Connection conn) throws SQLException {
+        Statement parentstmt = conn.createStatement();
+        ResultSet parentMessage =
+                parentstmt.executeQuery("SELECT SUM(IMPORTANCE) AS IMPAVG FROM MAIL");
+        // Regression for issue #241: next()'s result is stored in a boolean before the `if`.
+        // The transition (_ ? onRow : endRows) must still flow through `b`, so the guarded
+        // getFloat() is on a row (onRow) and verifies — exactly as the inline readAverage above.
+        boolean b = parentMessage.next();
+        if( b ) {
+            float avgsum = parentMessage.getFloat("IMPAVG");
+            return avgsum;
+        } else {
+            return 0.0f;
+        }
+    }
 }

liquidjava-example/src/main/java/testSuite/classes/resultset_forward_error/ResultSetTests.java

@@ -67,4 +67,29 @@ float readAverage(Connection conn) throws SQLException {
         float avgsum = parentMessage.getFloat("IMPAVG"); // State Refinement Error
         return avgsum;
     }
+
+    // Issue #241 soundness: storing next()'s result in a boolean must NOT make getFloat()
+    // unconditionally legal. With no guard the state is `next ? onRow : endRows`, so onRow is
+    // not guaranteed and getFloat() must still be rejected.
+    float readAverageStoredNoGuard(Connection conn) throws SQLException {
+        Statement parentstmt = conn.createStatement();
+        ResultSet parentMessage = parentstmt.executeQuery("SELECT SUM(IMPORTANCE) AS IMPAVG FROM MAIL");
+        boolean b = parentMessage.next();
+        float avgsum = parentMessage.getFloat("IMPAVG"); // State Refinement Error
+        return avgsum;
+    }
+
+    // Issue #241 branch-sensitivity: legal in the then-branch (onRow), illegal in the else-branch (endRows).
+    float readAverageVarElse(Connection conn) throws SQLException {
+        Statement parentstmt = conn.createStatement();
+        ResultSet parentMessage = parentstmt.executeQuery("SELECT SUM(IMPORTANCE) AS IMPAVG FROM MAIL");
+        float avgsum = 0.0f;
+        boolean b = parentMessage.next();
+        if (b) {
+            avgsum = parentMessage.getFloat("IMPAVG");
+        } else {
+            avgsum = parentMessage.getFloat("IMPAVG"); // State Refinement Error
+        }
+        return avgsum;
+    }
 }

liquidjava-verifier/src/main/java/liquidjava/processor/refinement_checker/RefinementTypeChecker.java

@@ -321,6 +321,10 @@ private <T> boolean tryStaticFinalConstantRefinement(CtFieldRead<T> fieldRead) {
     public <T> void visitCtVariableRead(CtVariableRead<T> variableRead) {
         super.visitCtVariableRead(variableRead);
         CtVariable<T> varDecl = variableRead.getVariable().getDeclaration();
+        // Some CtVariableRead forms have no resolvable declaration (e.g. accesses to symbols outside the
+        // model); with no name there is no context entry to attach, so leave the metadata as-is.
+        if (varDecl == null)
+            return;
         getPutVariableMetadata(variableRead, varDecl.getSimpleName());
     }
 
@@ -538,8 +542,11 @@ private Predicate getAssignmentRefinement(String name, CtExpression<?> assignmen
     }
 
     private Predicate getExpressionRefinements(CtExpression<?> element) throws LJError {
-        if (element instanceof CtVariableRead<?>) {
-            // CtVariableRead<?> elemVar = (CtVariableRead<?>) element;
+        if (element instanceof CtFieldRead<?> fieldRead) {
+            visitCtFieldRead(fieldRead);
+            return getRefinement(element);
+        } else if (element instanceof CtVariableRead<?> varRead) {
+            visitCtVariableRead(varRead);
             return getRefinement(element);
         } else if (element instanceof CtBinaryOperator<?>) {
             CtBinaryOperator<?> binop = (CtBinaryOperator<?>) element;

liquidjava-verifier/src/main/java/liquidjava/processor/refinement_checker/TypeChecker.java

@@ -263,40 +263,32 @@ private void createStateGhost(String string, CtElement element, SourcePosition p
     }
 
     protected String getQualifiedClassName(CtElement element) {
-        if (element.getParent() instanceof CtClass<?>) {
-            return ((CtClass<?>) element.getParent()).getQualifiedName();
-        } else if (element instanceof CtClass<?>) {
-            return ((CtClass<?>) element).getQualifiedName();
-        }
-        return null;
+        return getEnclosingType(element).map(CtType::getQualifiedName).orElse(null);
     }
 
     protected String getSimpleClassName(CtElement element) {
-        if (element.getParent() instanceof CtClass<?>) {
-            return ((CtClass<?>) element.getParent()).getSimpleName();
-        } else if (element instanceof CtClass<?>) {
-            return ((CtClass<?>) element).getSimpleName();
-        }
-        return null;
+        return getEnclosingType(element).map(CtType::getSimpleName).orElse(null);
     }
 
     protected Optional<GhostFunction> createStateGhost(int order, CtElement element) {
-        CtClass<?> klass = null;
-        if (element.getParent() instanceof CtClass<?>) {
-            klass = (CtClass<?>) element.getParent();
-        } else if (element instanceof CtClass<?>) {
-            klass = (CtClass<?>) element;
-        }
-        if (klass != null) {
+        Optional<CtType<?>> enclosingType = getEnclosingType(element);
+        if (enclosingType.isPresent()) {
+            CtType<?> type = enclosingType.get();
             CtTypeReference<?> ret = factory.Type().INTEGER_PRIMITIVE;
-            List<String> params = Collections.singletonList(klass.getSimpleName());
+            List<String> params = Collections.singletonList(type.getSimpleName());
             String name = String.format("state%d", order);
-            GhostFunction gh = new GhostFunction(name, params, ret, factory, klass.getQualifiedName());
+            GhostFunction gh = new GhostFunction(name, params, ret, factory, type.getQualifiedName());
             return Optional.of(gh);
         }
         return Optional.empty();
     }
 
+    private Optional<CtType<?>> getEnclosingType(CtElement element) {
+        if (element instanceof CtType<?> type)
+            return Optional.of(type);
+        return Optional.ofNullable(element.getParent(CtType.class));
+    }
+
     protected void getGhostFunction(String value, CtElement element, SourcePosition position) throws LJError {
         GhostDTO f = getGhostDeclaration(value, position);
         CtType<?> type = element instanceof CtType<?> t ? t : element.getParent()instanceof CtType<?> t ? t : null;

liquidjava-verifier/src/main/java/liquidjava/rj_language/opt/VCFunctionSubstitution.java

@@ -0,0 +1,156 @@
+package liquidjava.rj_language.opt;
+
+import java.util.Optional;
+
+import liquidjava.processor.SimplifiedVCImplication;
+import liquidjava.processor.VCImplication;
+import liquidjava.rj_language.Predicate;
+import liquidjava.rj_language.ast.BinaryExpression;
+import liquidjava.rj_language.ast.Expression;
+import liquidjava.rj_language.ast.FunctionInvocation;
+import liquidjava.rj_language.ast.GroupExpression;
+
+/**
+ * Simplifies VCImplication chains by propagating exact function invocation equalities
+ */
+public class VCFunctionSubstitution implements VCSimplificationPass {
+
+    /**
+     * A substitution discovered from a function invocation equality
+     */
+    private record Substitution(VCImplication node, FunctionInvocation invocation, Expression replacement) {
+    }
+
+    /**
+     * Applies one function invocation substitution in a VC chain
+     */
+    @Override
+    public VCImplication apply(VCImplication implication) {
+        VCImplication result = implication.clone();
+        Optional<Substitution> substitutionOpt = findSubstitution(result);
+
+        if (substitutionOpt.isPresent()) {
+            Substitution substitution = substitutionOpt.get();
+            result = substitute(result, substitution.node(), substitution.invocation(), substitution.replacement());
+        }
+        return result;
+    }
+
+    /**
+     * Preserves nodes before the source equality and starts rewriting at the source suffix
+     */
+    private VCImplication substitute(VCImplication implication, VCImplication node, FunctionInvocation invocation,
+            Expression replacement) {
+        if (implication == null)
+            return null;
+
+        // skip the source node to remove it from the chain and start substitution from the next node
+        if (implication == node) {
+            VCImplication result = implication.copyWithRefinement(implication.getRefinement().clone());
+            result.setNext(substituteSuffix(implication.getNext(), node, invocation, replacement));
+            return result;
+        }
+
+        // preserve the current node and continue rewriting the suffix
+        VCImplication result = implication.copyWithRefinement(implication.getRefinement().clone());
+        result.setNext(substitute(implication.getNext(), node, invocation, replacement));
+        return result;
+    }
+
+    /**
+     * Rewrites every node after the source equality with one function substitution
+     */
+    private VCImplication substituteSuffix(VCImplication implication, VCImplication source,
+            FunctionInvocation invocation, Expression replacement) {
+        if (implication == null)
+            return null;
+
+        VCImplication result = substituteNode(implication, source, invocation, replacement);
+        result.setNext(substituteSuffix(implication.getNext(), source, invocation, replacement));
+        return result;
+    }
+
+    /**
+     * Substitutes one exact function invocation inside one VC node while preserving simplification metadata
+     */
+    private VCImplication substituteNode(VCImplication implication, VCImplication source, FunctionInvocation invocation,
+            Expression replacement) {
+        Expression expression = implication.getRefinement().getExpression().clone();
+        if (!containsExpression(expression, invocation))
+            return implication.copyWithRefinement(new Predicate(expression));
+
+        Expression substituted = expression.substitute(invocation, replacement.clone());
+        return new SimplifiedVCImplication(implication, new Predicate(substituted), source);
+    }
+
+    /**
+     * Finds the first function substitution candidate that is used in the remaining suffix
+     */
+    private Optional<Substitution> findSubstitution(VCImplication implication) {
+        if (implication == null)
+            return Optional.empty();
+
+        Optional<Substitution> current = getSubstitution(implication);
+        if (current.isPresent() && containsExpression(implication.getNext(), current.get().invocation()))
+            return current;
+
+        return findSubstitution(implication.getNext());
+    }
+
+    /**
+     * Extracts a substitution from one VC node refinement
+     */
+    private Optional<Substitution> getSubstitution(VCImplication implication) {
+        return getSubstitution(implication, implication.getRefinement().getExpression().clone());
+    }
+
+    /**
+     * Extracts a substitution from a top-level equality or conjunction
+     */
+    private Optional<Substitution> getSubstitution(VCImplication implication, Expression expression) {
+        if (expression instanceof GroupExpression group)
+            return getSubstitution(implication, group.getExpression());
+
+        if (expression instanceof BinaryExpression binary && "&&".equals(binary.getOperator())) {
+            Optional<Substitution> left = getSubstitution(implication, binary.getFirstOperand());
+            if (left.isPresent())
+                return left;
+            return getSubstitution(implication, binary.getSecondOperand());
+        }
+
+        if (!(expression instanceof BinaryExpression binary) || !"==".equals(binary.getOperator()))
+            return Optional.empty();
+
+        Expression left = binary.getFirstOperand();
+        Expression right = binary.getSecondOperand();
+        if (left instanceof FunctionInvocation invocation && !containsExpression(right, left))
+            return Optional.of(new Substitution(implication, (FunctionInvocation) invocation.clone(), right.clone()));
+        if (right instanceof FunctionInvocation invocation && !containsExpression(left, right))
+            return Optional.of(new Substitution(implication, (FunctionInvocation) invocation.clone(), left.clone()));
+
+        return Optional.empty();
+    }
+
+    /**
+     * Checks whether an expression contains another expression
+     */
+    private boolean containsExpression(Expression expression, Expression target) {
+        if (expression.equals(target))
+            return true;
+
+        for (Expression child : expression.getChildren())
+            if (containsExpression(child, target))
+                return true;
+        return false;
+    }
+
+    /**
+     * Checks whether a VC suffix contains an expression
+     */
+    private boolean containsExpression(VCImplication implication, Expression target) {
+        for (VCImplication current = implication; current != null; current = current.getNext())
+            if (containsExpression(current.getRefinement().getExpression(), target))
+                return true;
+        return false;
+    }
+}

liquidjava-verifier/src/main/java/liquidjava/rj_language/opt/VCSimplification.java

@@ -9,8 +9,9 @@
  */
 public class VCSimplification {
 
-    private static final List<VCSimplificationPass> PASSES = List.of(new VCSubstitution(), new VCBinderSimplification(),
-            new VCFolding(), new VCArithmeticSimplification(), new VCLogicalSimplification());
+    private static final List<VCSimplificationPass> PASSES = List.of(new VCSubstitution(), new VCFunctionSubstitution(),
+            new VCBinderSimplification(), new VCFolding(), new VCArithmeticSimplification(),
+            new VCLogicalSimplification());
 
     /**
      * Applies all available simplification steps to a VC chain until a fixed point is reached

liquidjava-verifier/src/main/java/liquidjava/smt/TranslatorToZ3.java

@@ -338,12 +338,14 @@ public Expr<?> makeDiv(Expr<?> eval, Expr<?> eval2) {
             return z3.mkFPDiv(z3.mkFPRoundNearestTiesToEven(), toFP(eval), toFP(eval2));
         if (eval instanceof RealExpr || eval2 instanceof RealExpr)
             return z3.mkDiv(toReal(eval), toReal(eval2));
+        // Z3 integer division does not model Java's truncation toward zero for negative operands
         return z3.mkDiv((ArithExpr) eval, (ArithExpr) eval2);
     }
 
     public Expr<?> makeMod(Expr<?> eval, Expr<?> eval2) {
         if (eval instanceof FPExpr || eval2 instanceof FPExpr)
             return z3.mkFPRem(toFP(eval), toFP(eval2));
+        // Z3 integer modulo does not model Java's dividend-signed remainder for negative operands
         if (eval instanceof RealExpr || eval2 instanceof RealExpr)
             return z3.mkMod(toInt(eval), toInt(eval2));
         return z3.mkMod((IntExpr) eval, (IntExpr) eval2);

liquidjava-verifier/src/test/java/liquidjava/rj_language/opt/VCFunctionSubstitutionTest.java

@@ -0,0 +1,75 @@
+package liquidjava.rj_language.opt;
+
+import static liquidjava.utils.VCTestUtils.*;
+
+import liquidjava.processor.VCImplication;
+import org.junit.jupiter.api.Test;
+
+class VCFunctionSubstitutionTest {
+
+    private final VCFunctionSubstitution substitution = new VCFunctionSubstitution();
+
+    @Test
+    void substitutesExactFunctionInvocationIntoSuffix() {
+        VCImplication implication = vc("f(x) == 0", "f(y) == f(x) + 1");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("f(x) == 0"), expect("f(y) == 0 + 1", "f(x) == 0")));
+    }
+
+    @Test
+    void substitutesReverseFunctionEquality() {
+        VCImplication implication = vc("0 == f(x)", "f(y) == f(x) + 1");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("0 == f(x)"), expect("f(y) == 0 + 1", "0 == f(x)")));
+    }
+
+    @Test
+    void preservesSourceNode() {
+        VCImplication implication = vc("f(x) == 0", "f(x) > -1");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("f(x) == 0"), expect("0 > -1", "f(x) == 0")));
+    }
+
+    @Test
+    void doesNotRewriteEarlierNodesFromLaterEquality() {
+        VCImplication implication = vc("f(x) > 0", "f(x) == 1");
+
+        assertSimplificationSteps(substitution::apply, implication, chain(expect("f(x) > 0"), expect("f(x) == 1")));
+    }
+
+    @Test
+    void skipsUsedUpEqualityAndUsesNextAvailableEquality() {
+        VCImplication implication = vc("f(x) == 0", "f(y) == f(x) + 1", "f(y) == 1");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("f(x) == 0"), expect("f(y) == 0 + 1", "f(x) == 0"), expect("f(y) == 1")),
+                chain(expect("f(x) == 0"), expect("f(y) == 0 + 1", "f(x) == 0"),
+                        expect("0 + 1 == 1", "f(y) == 0 + 1")));
+    }
+
+    @Test
+    void doesNotGeneralizeAcrossDifferentArguments() {
+        VCImplication implication = vc("f(x) == 0", "f(y) == 0");
+
+        assertSimplificationSteps(substitution::apply, implication, chain(expect("f(x) == 0"), expect("f(y) == 0")));
+    }
+
+    @Test
+    void ignoresRecursiveFunctionEquality() {
+        VCImplication implication = vc("f(x) == f(x) + 1", "f(x) > 0");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("f(x) == f(x) + 1"), expect("f(x) > 0")));
+    }
+
+    @Test
+    void extractsEqualityFromTopLevelConjunction() {
+        VCImplication implication = vc("ok && f(x) == 0", "f(y) == f(x) + 1");
+
+        assertSimplificationSteps(substitution::apply, implication,
+                chain(expect("ok && f(x) == 0"), expect("f(y) == 0 + 1", "ok && f(x) == 0")));
+    }
+}