Proof Scripts in JML

[mattulbrich]

Related Issue

For quite some time, we have a prototype for JML proof scripts which we finally want to bring to the mater branch.

Intended Change

Proof scripts can be written into JML comments and can be obeyed during automatic verification.
The major benefit is that the localisation of the proof node to which a proof script should be applied is natural.
The other benefit is that one can use JML expressions and thus does not have to leave the realm of JML to do script-guided proofs.

This relies on #3587 and needs #3654 merged.

Plan

• Refine the syntax
• Adapt lexer and parser
• Reimport the implementation that was available on an older branch
• Make it more convenient
• Add examples
• Code cleanup
• Document the changes

Type of pull request

• New feature (non-breaking change which adds functionality)
• There are changes to the (Java) code
• There are changes to the taclet rule base (possibly small adaptations)

Ensuring quality

WIP:

• I made sure that introduced/changed code is well documented (javadoc and inline comments). ✔️
• I made sure that new/changed end-user features are well documented (https://github.com/KeYProject/key-docs). ✔️
• I added new test case(s) for new functionality. ✔️
• I have tested the feature as follows: ... examples and test cases
• I have checked that runtime performance has not deteriorated. not for non-script proofs.

Additional information and contact(s)

Planned to be done Mid 09/25

The contributions within this pull request are licensed under GPLv2 (only) for inclusion in KeY.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 37.12%. Comparing base (28025d8) to head (16e79e7).
⚠️ Report is 160 commits behind head on main.

Files with missing lines	Patch %	Lines
...src/main/java/org/key_project/logic/PosInTerm.java	0.00%	13 Missing ⚠️
...rc/main/java/org/key_project/util/java/IOUtil.java	0.00%	11 Missing ⚠️
.../org/key_project/util/collection/ImmutableSet.java	0.00%	7 Missing ⚠️
...ain/java/org/key_project/util/java/StringUtil.java	0.00%	5 Missing ⚠️
...org/key_project/util/collection/ImmutableList.java	0.00%	3 Missing ⚠️
...in/java/org/key_project/util/java/IntegerUtil.java	0.00%	3 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (28025d8) and HEAD (16e79e7). Click for more details.

HEAD has 4 uploads less than BASE

Flag	BASE (28025d8)	HEAD (16e79e7)
	14	10

Additional details and impacted files

@@              Coverage Diff              @@
##               main    #3657       +/-   ##
=============================================
- Coverage     47.16%   37.12%   -10.04%     
+ Complexity    15801      760    -15041     
=============================================
  Files          1673      129     -1544     
  Lines         96171     5691    -90480     
  Branches      15397      897    -14500     
=============================================
- Hits          45359     2113    -43246     
+ Misses        45641     3389    -42252     
+ Partials       5171      189     -4982     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[wadoon]

I have written an integer split command.

An induction command is on the way with support for int, user-data types, bsum(?).

Commit: 4644331

[wadoon]

@WolframPfeifer Could you please revert the merge of main into this PR (and do a rebase instead, or just let to @mattulbrich for the sake of confusion avoidance)?

This was a merge-free PR, which results in an easier-to-read git history.

[WolframPfeifer]

@WolframPfeifer Could you please revert the merge of main into this PR (and do a rebase instead, or just let to @mattulbrich for the sake of confusion avoidance)?

This was a merge-free PR, which results in an easier-to-read git history.

Ok, I reverted the merge. I see the point about a clean history. However, I am not sure what a good workflow would be. Should we do a merge with main only at the end of the feature development, before the merge of the PR?

[wadoon]

35160      DEBUG Test worker     d.u.i.k.s.ProofScriptEngine Commands: macro  "autopilot-prep";
tryclose  ;
macro  "simp-upd";
rule  seqPermFromSwap;
rule  andRight;
auto  ;
instantiate with: (i_0) var: "iv" hide;
instantiate with: j_0 var: jv hide;
auto  ;
macro  "simp-upd";
rule  seqPermFromSwap;
rule  andRight;
auto  ;
instantiate with: (i_0) var: "iv" hide;
instantiate with: (to) var: "jv" hide;
auto  ; 

Error while executing script: Could not convert value 'j_0' from type 'ProofScriptExpressionContext' to type 'JTerm'

Command: instantiate with: j_0 var: jv hide;
Position: [file:/home/weigl/work/key/key.core/../key.ui/examples/heap/quicksort/split.key:30/2]

de.uka.ilkd.key.scripts.ScriptException: Error while executing script: Could not convert value 'j_0' from type 'ProofScriptExpressionContext' to type 'JTerm'

Command: instantiate with: j_0 var: jv hide;
Position: [file:/home/weigl/work/key/key.core/../key.ui/examples/heap/quicksort/split.key:30/2]

	at de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:162)
	at de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:80)
	at de.uka.ilkd.key.proof.runallproofs.ProveTest.autoMode(ProveTest.java:194)

5028      INFO  Test worker     d.u.i.k.p.r.ProveTest     (parallelGcd.proof|1412243253) Proof will be saved to: /home/weigl/work/key/key.core/../key.ui/examples/heap/verifyThis15_2_ParallelGcd/parallelGcd.proof.proof 
25028      INFO  Test worker     d.u.i.k.p.r.ProveTest     (parallelGcd.proof|1412243253) Start proving 
25028      INFO  Test worker     d.u.i.k.p.i.AbstractProblemLoader Loading environment from /home/weigl/work/key/key.core/../key.ui/examples/heap/verifyThis15_2_ParallelGcd/parallelGcd.proof 
25028      DEBUG Test worker     d.u.i.k.p.i.AbstractProblemLoader Environment load took 150.53ns 
25030      INFO  Test worker     d.u.i.k.p.i.AbstractProblemLoader Creating init config 
26664      DEBUG Test worker     d.u.i.k.p.i.AbstractProblemLoader Init config took 1.63s 
26895      DEBUG Test worker     d.u.i.k.p.i.IntermediateProofReplayer Proof replay took 194.78ms 
26895      INFO  Test worker     d.u.i.k.p.i.AbstractProblemLoader Replay result: Proof replayed successfully.Errors while reading the proof. Not all branches could be load successfully. 
26896      INFO  Test worker     d.u.i.k.p.r.ProveTest     (parallelGcd.proof|1412243253) Proving done 

Loading problem file failed
Expected :false
Actual   :true
<Click to see difference>

Macro 'script-auto' raised an exception: Error while executing script: Multiple or no formulas modified or added in last step, cannot identify sequent formula to skolemize.

Command: __obtain from_goal: true var: x ;
Position: [file:/home/weigl/work/key/key.core/../key.ui/examples/heap/BoyerMoore/src/BoyerMoore.java:74/18]

de.uka.ilkd.key.scripts.ScriptException: Macro 'script-auto' raised an exception: Error while executing script: Multiple or no formulas modified or added in last step, cannot identify sequent formula to skolemize.

Command: __obtain from_goal: true var: x ;
Position: [file:/home/weigl/work/key/key.core/../key.ui/examples/heap/BoyerMoore/src/BoyerMoore.java:74/18]

	at app//de.uka.ilkd.key.scripts.MacroCommand.execute(MacroCommand.java:117)
	at app//de.uka.ilkd.key.scripts.AbstractCommand.execute(AbstractCommand.java:79)
	at app//de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:129)
	at app//de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:80)
	at app//de.uka.ilkd.key.proof.runallproofs.ProveTest.autoMode(ProveTest.java:194)
	at app//de.uka.ilkd.key.proof.runallproofs.ProveTest.runKey(ProveTest.java:135)
	at app//de.uka.ilkd.key.proof.runallproofs.ProveTest.assertProvability(ProveTest.java:63)
	at app//de.uka.ilkd.key.proof.runallproofs.gen._example_algos.testBM_bm(_example_algos.java:36)
	at java.base@25.0.2/java.lang.reflect.Method.invoke(Method.java:565)
	at java.base@25.0.2/java.util.ArrayList.forEach(ArrayList.java:1604)
	at java.base@25.0.2/java.util.ArrayList.forEach(ArrayList.java:1604)
Caused by: de.uka.ilkd.key.scripts.ScriptException: Error while executing script: Multiple or no formulas modified or added in last step, cannot identify sequent formula to skolemize.

Command: __obtain from_goal: true var: x ;
Position: [file:/home/weigl/work/key/key.core/../key.ui/examples/heap/BoyerMoore/src/BoyerMoore.java:74/18]

	at app//de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:162)
	at app//de.uka.ilkd.key.macros.ApplyScriptsMacro.applyTo(ApplyScriptsMacro.java:210)
	at app//de.uka.ilkd.key.macros.AbstractProofMacro.applyTo(AbstractProofMacro.java:72)
	at app//de.uka.ilkd.key.macros.SequentialProofMacro.applyTo(SequentialProofMacro.java:99)
	at app//de.uka.ilkd.key.macros.AbstractProofMacro.applyTo(AbstractProofMacro.java:72)
	at app//de.uka.ilkd.key.scripts.MacroCommand.execute(MacroCommand.java:113)
	... 10 more
Caused by: java.lang.IllegalStateException: Multiple or no formulas modified or added in last step, cannot identify sequent formula to skolemize.
	at de.uka.ilkd.key.scripts.ObtainCommand.identifySequentFormula(ObtainCommand.java:139)
	at de.uka.ilkd.key.scripts.ObtainCommand.executeFromGoal(ObtainCommand.java:91)
	at de.uka.ilkd.key.scripts.ObtainCommand.execute(ObtainCommand.java:77)
	at de.uka.ilkd.key.scripts.AbstractCommand.execute(AbstractCommand.java:79)
	at de.uka.ilkd.key.scripts.ProofScriptEngine.execute(ProofScriptEngine.java:129)
	... 15 more