specs/aubifs-refine/proofs/1490204495000
refine-gcorphans-cons(fs, ri, ro), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?
⊦ ⟪aubifs_gc#(fi, ro, fo; ri, fs, log, boolvar)⟫
⟨asynced := ?⟩ (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar))
<_SIDEGOALS>
725refine-gc-proofrefine-gc-proof-info
initializationpageno = LEB_SIZE, pageno0 = n
⊦ ⟪aubifs_format#(pageno0, boolvar0, pageno, md; ri, fi, ro, fo, fs, log, boolvar1; err)⟫
( ( err = ESUCCESS
→ ⟨afs_format#(n, boolvar0, pageno, md; dirs0; files0, asynced, err0)⟩
((dirs0 = abs-dirs(fs, ri) ∧ files0 = abs-files(fs, ri) ∧ orphans(dirs0, files0) = abs-keys(ro) ∧ (asynced → boolvar1)) ∧ err = err0))
∧ ( err ≠ ESUCCESS
→ (∀ dirs, files, boolvar.
⟨afs_format#(n, boolvar0, pageno, md; dirs0; files0, asynced, err0)⟩
(dirs = dirs0 ∧ files = files0 ∧ (boolvar ↔ asynced) ∧ err = err0))))
in-ri-dentry-inodemkdir-injat-ri
<_SIDEGOALS>
10154initialization-proofinitialization-proof-info
refine-lookuppre-lookup(p_ino, dent, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, dent = old_dent, err = err0
⊦ ⟪aubifs_lookup#(p_ino, ri, fi, ro, fo, fs, log, boolvar; dent, err)⟫
⟨afs_lookup#(p_ino, dirs, files, asynced; old_dent, err0)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ dent = old_dent
∧ err = err0)
valid-parent-ino-precond
<_SIDEGOALS>
581refine-lookup-proofrefine-lookup-proof-info
refine-createpre-create(p_inode, dent, md, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, p_inode = p_inode0, c_inode = p_inode1, dent = old_dent,
err = err0
⊦ ⟪aubifs_create#(md, fi, ro, fo; p_inode, c_inode, dent, err, ri, fs, log, boolvar)⟫
⟨afs_create#(md; p_inode0, p_inode1, old_dent, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ p_inode = p_inode0
∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rivalid-parent-ino-precond
<_SIDEGOALS>
8272refine-create-proofrefine-create-proof-info
refine-unlinkpre-unlink(p_inode, c_inode, dent, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, p_inode = p_inode0, c_inode = p_inode1, dent = old_dent,
err = err0
⊦ ⟪aubifs_unlink#(fi, fo; p_inode, c_inode, dent, err, ri, ro, fs, log, boolvar)⟫
⟨afs_unlink#(; p_inode0, p_inode1, old_dent, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ p_inode = p_inode0
∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0)
in-ri-dentry-inodemkdir-injat-riafs-cons-abs-dir-sizevalid-parent-ino-precond
<_SIDEGOALS>
27593refine-unlink-proofrefine-unlink-proof-info
refine-mkdirpre-mkdir(p_inode, dent, md, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, p_inode = p_inode0, c_inode = p_inode1, dent = old_dent,
err = err0
⊦ ⟪aubifs_mkdir#(md, fi, ro, fo; p_inode, c_inode, dent, err, ri, fs, log, boolvar)⟫
⟨afs_mkdir#(md; p_inode0, p_inode1, old_dent, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ p_inode = p_inode0
∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0)
in-insertin-ri-inode-dentryin-ri-dentry-inodemkdir-injat-rivalid-parent-ino-precond
<_SIDEGOALS>
11277refine-mkdir-proofrefine-mkdir-proof-info
refine-rmdirpre-rmdir(p_inode, c_inode, dent, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, p_inode = p_inode0, c_inode = p_inode1, dent = old_dent,
err = err0
⊦ ⟪aubifs_rmdir#(fi, fo; p_inode, c_inode, dent, err, ri, ro, fs, log, boolvar)⟫
⟨afs_rmdir#(; p_inode0, p_inode1, old_dent, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ p_inode = p_inode0
∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0)
in-ri-dentry-inodemkdir-injat-riafs-cons-abs-dir-sizeafs-cons-abs-dir-subdirsvalid-parent-ino-precond
<_SIDEGOALS>457891215161720212262
32475refine-rmdir-proofrefine-rmdir-proof-info
refine-linkpre-link(p_inode, c_inode, old_dent, new_dent, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, p_inode = p_inode0, c_inode = p_inode1,
new_dent = old_dent0, err = err0
⊦ ⟪aubifs_link#(old_dent, fi, ro, fo; p_inode, c_inode, new_dent, err, ri, fs, log, boolvar)⟫
⟨afs_link#(old_dent; p_inode0, p_inode1, old_dent0, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ p_inode = p_inode0
∧ c_inode = p_inode1 ∧ new_dent = old_dent0 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rivalid-parent-ino-precond
<_SIDEGOALS>
15375refine-link-proofrefine-link-proof-info
refine-renampre-rename(old_parent_inode, old_dent, old_child_inode, new_parent_inode, new_dent, new_child_inode, dirs, files), dirs = abs-dirs(fs, ri),
files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?,
fo.inodes?, old_parent_inode = p_inode, new_parent_inode = p_inode0, old_child_inode = p_inode1, new_child_inode = p_inode2, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename#(fi, fo; old_parent_inode, new_parent_inode, old_child_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar)⟫
⟨afs_rename#(; p_inode, p_inode0, p_inode1, p_inode2, old_dent0, old_dent1, err0, dirs, files; asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar))
∧ old_parent_inode = p_inode ∧ new_parent_inode = p_inode0 ∧ old_child_inode = p_inode1 ∧ new_child_inode = p_inode2 ∧ old_dent = old_dent0
∧ new_dent = old_dent1 ∧ err = err0)
rename-precond-absrefine-rename-new-keep-parentrefine-rename-overwrite-keep-parentrefine-rename-new-reparentrefine-rename-overwrite-reparent
<_SIDEGOALS>
2736refine-renam-proofrefine-renam-proof-info
refine-readpagepre-readpage(inode, pageno, buf, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, buf = buf0, err = err0
⊦ ⟪aubifs_readpage#(inode, pageno, ri, fi, ro, fo, fs, log, boolvar; buf, err)⟫
⟨afs_readpage#(inode, pageno, dirs, files, asynced; buf0, err0)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ buf = buf0 ∧ err = err0)
<_SIDEGOALS>
789refine-readpage-proofrefine-readpage-proof-info
refine-writepagepre-writepage(inode, pageno, buf, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, err = err0
⊦ ⟪aubifs_writepage#(inode, pageno, buf, fi, ro, fo; err, ri, fs, log, boolvar)⟫
⟨afs_writepage#(inode, pageno, buf, dirs; err0, files; asynced)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
mkdir-injat-ri
<_SIDEGOALS>
12162refine-writepage-proofrefine-writepage-proof-info
refine-readdirpre-readdir(inode.ino, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, strings = strings0, err = err0
⊦ ⟪aubifs_readdir#(inode, ri, fi, ro, fo, fs, log, boolvar; strings, err)⟫
⟨afs_readdir#(inode, dirs, files, asynced; strings0, err0)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ strings = strings0
∧ err = err0)
<_SIDEGOALS>
444refine-readdir-proofrefine-readdir-proof-info
refine-evictpre-evict(inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, err = err0
⊦ ⟪aubifs_evict#(inode, fi, fo, fs, log, boolvar; err, ri, ro)⟫
⟨afs_evict#(inode, asynced; err0, dirs, files)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
mkdir-inj
<_SIDEGOALS>2829303132333435363738394041
16121refine-evict-proofrefine-evict-proof-info
refine-truncatepre-truncate(inode, n, pageno, buf-opt, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro),
asynced → boolvar, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, buf-opt = buf-opt0, inode = p_inode, boolvar0 ↔ boolvar1,
err = err0
⊦ ⟪aubifs_truncate#(n, pageno, fi, ro, fo; buf-opt, inode, boolvar0, err, ri, fs, log, boolvar)⟫
⟨afs_truncate#(n, pageno; buf-opt0, p_inode, boolvar1, err0, dirs, files, asynced)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ buf-opt = buf-opt0
∧ inode = p_inode ∧ (boolvar0 ↔ boolvar1) ∧ err = err0)
log-cons-2mkdir-injat-ri
<_SIDEGOALS>
591481refine-truncate-proofrefine-truncate-proof-info
refine-igetpre-iget(ino, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, inode = p_inode, err = err0
⊦ ⟪aubifs_iget#(ino, ri, fi, ro, fo, fs, log, boolvar; inode, err)⟫
⟨afs_iget#(ino, dirs, files, asynced; p_inode, err0)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ inode = p_inode
∧ err = err0)
<_SIDEGOALS>
556refine-iget-proofrefine-iget-proof-info
refine-write-inodepre-write-inode(inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, err = err0
⊦ ⟪aubifs_write_inode#(inode, fi, ro, fo; err, ri, fs, log, boolvar)⟫
⟨afs_write_inode#(inode; err0, dirs, files; asynced)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
in-ri-dentry-inodemkdir-injat-ri
<_SIDEGOALS>41
8237refine-write-inode-proofrefine-write-inode-proof-info
refine-check-commitdirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar, afs-cons(dirs, files),
ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), orphans-cons(fs, ri, ro), ri-inj(ri),
ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?, err = err0
⊦ ⟪aubifs_check_commit#(ri, ro; err, fi, fo, fs, log, boolvar)⟫
⟨afs_check_commit#(dirs, files; err0; asynced)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
<_SIDEGOALS>
1159refine-check-commit-proofrefine-check-commit-proof-info
recoveryfi = fi0, fo = fo0, fs = fs0, log = log0, dirs0 = abs-dirs(fs0, ri), files0 = abs-files(fs0, ri), orphans(dirs0, files0) = abs-keys(ro),
boolvar0 → boolvar1, boolvar1, afs-cons(dirs0, files0), ubifs-cons(fs0, ri, ro, fi0, fo0, log0), replay-cons-strong(fs0, ri, ro, fi0, fo0, log0),
file-node-cons(fs0, ri), orphans-cons(fs0, ri, ro), ri-inj(ri), ri-inj(fi0), log-cons(log0, fs0), ro.inodes?, fo0.inodes?
⊦ ⟪aubifs_replay#(boolvar2; ri0, fi, ro0, fo, fs, log, boolvar3; err)⟫
( ( err = ESUCCESS
→ (∃ dirs, files, asynced.
(dirs = dirs0 \ orphans(dirs0, files0) ∧ files = files0 \ orphans(dirs0, files0))
∧ ⟨afs_recovery#(boolvar2; dirs, files; asynced, err0)⟩
((dirs = abs-dirs(fs, ri0) ∧ files = abs-files(fs, ri0) ∧ orphans(dirs, files) = abs-keys(ro0) ∧ (asynced → boolvar3)) ∧ err = err0)))
∧ ( err ≠ ESUCCESS
→ (∀ dirs, files, boolvar.
⟨afs_recovery#(boolvar2; dirs1, files1; asynced0, err0)⟩ (dirs = dirs1 ∧ files = files1 ∧ (boolvar ↔ asynced0) ∧ err = err0))))
mkdir-inj
<_SIDEGOALS>4
42171recovery-proofrecovery-proof-info
refine-syncdirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar, afs-cons(dirs, files),
ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), orphans-cons(fs, ri, ro), ri-inj(ri),
ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?
⊦ ⟪aubifs_sync#(ri, fi, ro, fo, fs, log; boolvar; err)⟫
⟨afs_sync#(dirs, files; ; asynced, err0)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
<_SIDEGOALS>
418refine-sync-proofrefine-sync-proof-info
refine-fsyncvalid-file-inode(inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar,
afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri),
orphans-cons(fs, ri, ro), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?
⊦ ⟪aubifs_fsync#(inode, boolvar0; ; err)⟫
⟨afs_fsync#(inode, boolvar0, dirs, files; ; asynced, err0)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
<_SIDEGOALS>
321refine-fsync-proofrefine-fsync-proof-info
refine-fsyncdirdirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar, afs-cons(dirs, files),
ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), orphans-cons(fs, ri, ro), ri-inj(ri),
ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?
⊦ ⟪aubifs_fsyncdir#(inode, boolvar0; ; err)⟫
⟨afs_fsyncdir#(inode, boolvar0, dirs, files, asynced; ; err0)⟩
((dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (asynced → boolvar)) ∧ err = err0)
<_SIDEGOALS>
212refine-fsyncdir-proofrefine-fsyncdir-proof-info
syncedasynced, dirs = abs-dirs(fs, ri), files = abs-files(fs, ri), orphans(dirs, files) = abs-keys(ro), asynced → boolvar, afs-cons(dirs, files),
ubifs-cons(fs, ri, ro, fi, fo, log), replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), orphans-cons(fs, ri, ro)
⊦ boolvar
<_SIDEGOALS>
02synced-proofsynced-proof-info
eq-preserved-gcdirs = dirs0, files = files0, asynced ↔ boolvar ⊦ ⟪asynced := ?⟫ (dirs0 = dirs ∧ files0 = files)
<_SIDEGOALS>
03eq-preserved-gc-proofeq-preserved-gc-proof-info
eq-io-write_inode⟨afs_write_inode#(inode; err, dirs, files; asynced)⟩ ((inode = p_inode ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_write_inode#(inode; err, dirs1, files1; boolvar0)⟩ ((inode = p_inode ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-write_inode-proofeq-io-write_inode-proof-info
eq-io-iget⟨afs_iget#(ino, dirs, files, asynced; inode, err)⟩
((ino = ino0 ∧ inode = p_inode ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_iget#(ino, dirs1, files1, boolvar0; inode, err)⟩ ((ino = ino0 ∧ inode = p_inode ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
029eq-io-iget-proofeq-io-iget-proof-info
eq-io-truncate⟨afs_truncate#(n, pageno; buf-opt, inode, boolvar, err, dirs, files, asynced)⟩
( (n = n0 ∧ pageno = pageno0 ∧ buf-opt = buf-opt0 ∧ inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0
∧ (asynced ↔ boolvar1)),
dirs = dirs1, files = files1
⊦ ⟨afs_truncate#(n, pageno; buf-opt, inode, boolvar, err, dirs1, files1, boolvar2)⟩
((n = n0 ∧ pageno = pageno0 ∧ buf-opt = buf-opt0 ∧ inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
7269eq-io-truncate-proofeq-io-truncate-proof-info
eq-io-evict⟨afs_evict#(inode, asynced; err, dirs, files)⟩ ((inode = p_inode ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_evict#(inode, boolvar0; err, dirs1, files1)⟩ ((inode = p_inode ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
0103eq-io-evict-proofeq-io-evict-proof-info
eq-io-readdir⟨afs_readdir#(inode, dirs, files, asynced; strings, err)⟩
((inode = p_inode ∧ strings = strings0 ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_readdir#(inode, dirs1, files1, boolvar0; strings, err)⟩
((inode = p_inode ∧ strings = strings0 ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
140eq-io-readdir-proofeq-io-readdir-proof-info
eq-io-writepage⟨afs_writepage#(inode, pageno, buf, dirs; err, files; asynced)⟩
((inode = p_inode ∧ pageno = pageno0 ∧ buf = buf0 ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_writepage#(inode, pageno, buf, dirs1; err, files1; boolvar0)⟩
((inode = p_inode ∧ pageno = pageno0 ∧ buf = buf0 ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-writepage-proofeq-io-writepage-proof-info
eq-io-readpage⟨afs_readpage#(inode, pageno, dirs, files, asynced; buf, err)⟩
((inode = p_inode ∧ pageno = pageno0 ∧ buf = buf0 ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_readpage#(inode, pageno, dirs1, files1, boolvar0; buf, err)⟩
((inode = p_inode ∧ pageno = pageno0 ∧ buf = buf0 ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
054eq-io-readpage-proofeq-io-readpage-proof-info
eq-io-renam⟨afs_rename#(; old_parent_inode, new_parent_inode, old_child_inode, new_child_inode, old_dent, new_dent, err, dirs, files; asynced)⟩
( ( old_parent_inode = p_inode ∧ new_parent_inode = p_inode0 ∧ old_child_inode = p_inode1 ∧ new_child_inode = p_inode2 ∧ old_dent = old_dent0
∧ new_dent = old_dent1 ∧ err = err0)
∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_rename#(; old_parent_inode, new_parent_inode, old_child_inode, new_child_inode, old_dent, new_dent, err, dirs1, files1; boolvar0)⟩
( ( old_parent_inode = p_inode ∧ new_parent_inode = p_inode0 ∧ old_child_inode = p_inode1 ∧ new_child_inode = p_inode2 ∧ old_dent = old_dent0
∧ new_dent = old_dent1 ∧ err = err0)
∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-renam-proofeq-io-renam-proof-info
eq-io-link⟨afs_link#(old_dent; p_inode, c_inode, new_dent, err, dirs, files; asynced)⟩
( (old_dent = old_dent0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ new_dent = old_dent1 ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0
∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_link#(old_dent; p_inode, c_inode, new_dent, err, dirs1, files1; boolvar0)⟩
((old_dent = old_dent0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ new_dent = old_dent1 ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-link-proofeq-io-link-proof-info
eq-io-rmdir⟨afs_rmdir#(; p_inode, c_inode, dent, err, dirs, files; asynced)⟩
((p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_rmdir#(; p_inode, c_inode, dent, err, dirs1, files1; boolvar0)⟩
((p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-rmdir-proofeq-io-rmdir-proof-info
eq-io-mkdir⟨afs_mkdir#(md; p_inode, c_inode, dent, err, dirs, files; asynced)⟩
((md = md0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_mkdir#(md; p_inode, c_inode, dent, err, dirs1, files1; boolvar0)⟩
((md = md0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-mkdir-proofeq-io-mkdir-proof-info
eq-io-unlink⟨afs_unlink#(; p_inode, c_inode, dent, err, dirs, files; asynced)⟩
((p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_unlink#(; p_inode, c_inode, dent, err, dirs1, files1; boolvar0)⟩
((p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-unlink-proofeq-io-unlink-proof-info
eq-io-create⟨afs_create#(md; p_inode, c_inode, dent, err, dirs, files; asynced)⟩
((md = md0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_create#(md; p_inode, c_inode, dent, err, dirs1, files1; boolvar0)⟩
((md = md0 ∧ p_inode = p_inode0 ∧ c_inode = p_inode1 ∧ dent = old_dent ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-create-proofeq-io-create-proof-info
eq-io-lookup⟨afs_lookup#(p_ino, dirs, files, asynced; dent, err)⟩
((p_ino = pageno ∧ dent = old_dent ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)),
dirs = dirs1, files = files1
⊦ ⟨afs_lookup#(p_ino, dirs1, files1, boolvar0; dent, err)⟩ ((p_ino = pageno ∧ dent = old_dent ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
037eq-io-lookup-proofeq-io-lookup-proof-info
eq-io-fsyncdir⟨afs_fsyncdir#(inode, boolvar, dirs, files, asynced; ; err)⟩
((inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar1)),
dirs = dirs1, files = files1
⊦ ⟨afs_fsyncdir#(inode, boolvar, dirs1, files1, boolvar2; ; err)⟩
((inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
14eq-io-fsyncdir-proofeq-io-fsyncdir-proof-info
eq-io-fsync⟨afs_fsync#(inode, boolvar, dirs, files; ; asynced, err)⟩
((inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar1)),
dirs = dirs1, files = files1
⊦ ⟨afs_fsync#(inode, boolvar, dirs1, files1; ; boolvar2, err)⟩
((inode = p_inode ∧ (boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-fsync-proofeq-io-fsync-proof-info
eq-io-sync⟨afs_sync#(dirs, files; ; asynced, err)⟩ (err = err0 ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)), dirs = dirs1, files = files1
⊦ ⟨afs_sync#(dirs1, files1; ; boolvar0, err)⟩ (err = err0 ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-sync-proofeq-io-sync-proof-info
eq-io-format⟨afs_format#(n, boolvar, pageno, md; dirs; files, asynced, err)⟩
((n = n0 ∧ (boolvar ↔ boolvar0) ∧ pageno = pageno0 ∧ md = md0 ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar1)),
dirs = dirs1, files = files1
⊦ ⟨afs_format#(n, boolvar, pageno, md; dirs1; files1, boolvar2, err)⟩
((n = n0 ∧ (boolvar ↔ boolvar0) ∧ pageno = pageno0 ∧ md = md0 ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-format-proofeq-io-format-proof-info
eq-io-check-commit⟨afs_check_commit#(dirs, files; err; asynced)⟩ (err = err0 ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar)), dirs = dirs1, files = files1
⊦ ⟨afs_check_commit#(dirs1, files1; err; boolvar0)⟩ (err = err0 ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-check-commit-proofeq-io-check-commit-proof-info
eq-io-recovery⟨afs_recovery#(boolvar; dirs, files; asynced, err)⟩ (((boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs = dirs0 ∧ files = files0 ∧ (asynced ↔ boolvar1)),
dirs = dirs1, files = files1
⊦ ⟨afs_recovery#(boolvar; dirs1, files1; boolvar2, err)⟩ (((boolvar ↔ boolvar0) ∧ err = err0) ∧ dirs1 = dirs0 ∧ files1 = files0)
<_SIDEGOALS>
11eq-io-recovery-proofeq-io-recovery-proof-info
eq-transdirs = dirs0, files = files0, dirs0 = dirs1, files0 = files1 ⊦ dirs = dirs1 ∧ files = files1
<_SIDEGOALS>
02eq-trans-proofeq-trans-proof-info
eq-symdirs = dirs0, files = files0 ⊦ dirs0 = dirs ∧ files0 = files
<_SIDEGOALS>
01eq-sym-proofeq-sym-proof-info
eq-refl ⊦ dirs = dirs ∧ files = files
<_SIDEGOALS>
01eq-refl-proofeq-refl-proof-info
afs-cons-abs-dir-size ⊦ afs-cons(abs-dirs(fs, ri), abs-files(fs, ri)) ∧ ino ∈ abs-dirs(fs, ri) ∧ abs-dirs(fs, ri)[ino].entries ≠ ∅ → fs[ri[inodekey(ino)]].size ≥ 1
<_SIDEGOALS>
39afs-cons-abs-dir-size-proofafs-cons-abs-dir-size-proof-infolss
afs-cons-abs-dir-subdirs ⊦ afs-cons(abs-dirs(fs, ri), abs-files(fs, ri)) ∧ ino ∈ abs-dirs(fs, ri) ∧ subdirs(ino, abs-dirs(fs, ri)) ≠ ∅ → fs[ri[inodekey(ino)]].nsubdirs ≥ 1
<_SIDEGOALS>
25afs-cons-abs-dir-subdirs-proofafs-cons-abs-dir-subdirs-proof-infolss
at-fs ⊦ fs[adr, nd][adr0] = (adr = adr0 ⊃ nd;fs[adr0])
<_SIDEGOALS>
01at-fs-proofat-fs-proof-infols
at-ri ⊦ ri[key, adr][key0] = (key = key0 ⊃ adr;ri[key0])
<_SIDEGOALS>
01at-ri-proofat-ri-proof-infols
in-del ⊦ key ∈ ri -- key0 ↔ key ∈ ri ∧ key ≠ key0
<_SIDEGOALS>
01in-del-proofin-del-proof-infols
in-diff ⊦ key ∈ ri \ ks ↔ key ∈ ri ∧ ¬ key ∈ ks
<_SIDEGOALS>
01in-diff-proofin-diff-proof-infols
in-insert ⊦ str ∈ entries[str0, n] ↔ str0 = str ∨ str ∈ entries
<_SIDEGOALS>
01in-insert-proofin-insert-proof-infols
in-insert-ri-cut ⊦ key ≠ key0 → (key ∈ ri[key0, adr] ↔ key ∈ ri)
<_SIDEGOALS>
02in-insert-ri-cut-proofin-insert-ri-cut-proof-infolocalcut
in-insert-ri-equiv ⊦ key ∈ ri[key0, adr] ↔ key = key0 ∨ key ∈ ri
<_SIDEGOALS>
01in-insert-ri-equiv-proofin-insert-ri-equiv-proof-infolas
in-ri-data-dentry ⊦ datakey(ino, n) ∈ ri[dentrykey(ino, str), adr] ↔ datakey(ino, n) ∈ ri
<_SIDEGOALS>
01in-ri-data-dentry-proofin-ri-data-dentry-proof-infolas
in-ri-data-inode ⊦ datakey(ino, n) ∈ ri[inodekey(ino), adr] ↔ datakey(ino, n) ∈ ri
<_SIDEGOALS>
01in-ri-data-inode-proofin-ri-data-inode-proof-info
in-ri-dentry-data ⊦ dentrykey(ino, str) ∈ ri[datakey(ino, n), adr] ↔ dentrykey(ino, str) ∈ ri
<_SIDEGOALS>
01in-ri-dentry-data-proofin-ri-dentry-data-proof-infolas
in-ri-dentry-inode ⊦ dentrykey(ino, str) ∈ ri[inodekey(ino), adr] ↔ dentrykey(ino, str) ∈ ri
<_SIDEGOALS>
01in-ri-dentry-inode-proofin-ri-dentry-inode-proof-infolas
in-ri-inode-data ⊦ inodekey(ino) ∈ ri[datakey(ino, n), adr] ↔ inodekey(ino) ∈ ri
<_SIDEGOALS>
01in-ri-inode-data-proofin-ri-inode-data-proof-infolas
in-ri-inode-dentry ⊦ inodekey(ino) ∈ ri[dentrykey(ino, str), adr] ↔ inodekey(ino) ∈ ri
<_SIDEGOALS>
01in-ri-inode-dentry-proofin-ri-inode-dentry-proof-infolas
log-cons-2 ⊦ log-cons(log, fs) ∧ ¬ adr0 ∈ fs ∧ ¬ adr1 ∈ fs ∧ adr0 ≠ adr1 → log-cons(log, fs[adr0, nd0][adr1, nd1])
<_SIDEGOALS>
02log-cons-2-prooflog-cons-2-proof-infols
mkdir-inj ⊦ mkdir(n, md, m, n0, entries0) = mkdir(n, md, m, n0, entries1) ↔ entries0 = entries1
<_SIDEGOALS>
01mkdir-inj-proofmkdir-inj-proof-infols
refine-rename-new-keep-parentold_parent_inode.ino = new_parent_inode.ino, valid-negdentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_new_keep_parent#
(old_child_inode.directory, old_child_inode, fi, ro, fo; old_parent_inode, old_dent, new_dent, err, ri, fs, log, boolvar0);
new_parent_inode := old_parent_inode⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rirename-precond-abs
<_SIDEGOALS>
8470refine-rename-new-keep-parent-proofrefine-rename-new-keep-parent-proof-info
refine-rename-new-reparentold_parent_inode.ino ≠ new_parent_inode.ino, valid-negdentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_new_reparent#
(old_child_inode.directory, old_child_inode, fi, ro, fo; old_parent_inode, new_parent_inode, old_dent, new_dent, err, ri, fs, log, boolvar0)⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rirename-precond-abs
<_SIDEGOALS>
7573refine-rename-new-reparent-proofrefine-rename-new-reparent-proof-info
refine-rename-overwrite-keep-parentold_parent_inode.ino = new_parent_inode.ino, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_keep_parent#
(old_child_inode.directory, old_child_inode, fi, fo; old_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0);
new_parent_inode := old_parent_inode⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
refine-rename-overwrite-keep-parent-differentrefine-rename-overwrite-keep-parent-identity
<_SIDEGOALS>
89refine-rename-overwrite-keep-parent-proofrefine-rename-overwrite-keep-parent-proof-info
refine-rename-overwrite-keep-parent-differentold_dent ≠ new_dent, old_parent_inode.ino = new_parent_inode.ino, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_keep_parent#
(old_child_inode.directory, old_child_inode, fi, fo; old_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0);
new_parent_inode := old_parent_inode⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-insertin-ri-dentry-inodemkdir-injat-rirename-precond-abs
<_SIDEGOALS>
81148refine-rename-overwrite-keep-parent-different-proofrefine-rename-overwrite-keep-parent-different-proof-info
refine-rename-overwrite-keep-parent-identityold_dent = new_dent, old_parent_inode.ino = new_parent_inode.ino, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_keep_parent#
(old_child_inode.directory, old_child_inode, fi, fo; old_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0);
new_parent_inode := old_parent_inode⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rirename-precond-abs
<_SIDEGOALS>
7521refine-rename-overwrite-keep-parent-identity-proofrefine-rename-overwrite-keep-parent-identity-proof-info
refine-rename-overwrite-reparentold_parent_inode.ino ≠ new_parent_inode.ino, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_reparent#
(old_child_inode.directory, old_child_inode, fi, fo
; old_parent_inode, new_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0)⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
refine-rename-overwrite-reparent-filerefine-rename-overwrite-reparent-dir
<_SIDEGOALS>
738refine-rename-overwrite-reparent-proofrefine-rename-overwrite-reparent-proof-info
refine-rename-overwrite-reparent-dirold_parent_inode.ino ≠ new_parent_inode.ino, new_dent_inode.directory, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_reparent#
(old_child_inode.directory, old_child_inode, fi, fo
; old_parent_inode, new_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0)⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rirename-precond-abs
<_SIDEGOALS>
291428refine-rename-overwrite-reparent-dir-proofrefine-rename-overwrite-reparent-dir-proof-info
refine-rename-overwrite-reparent-fileold_parent_inode.ino ≠ new_parent_inode.ino, ¬ new_dent_inode.directory, valid-dentry(new_parent_inode.ino, new_dent, dirs, files),
pre-rename(old_inode, old_dent, old_dent_inode, new_inode, new_dent, new_dent_inode, dirs, files), dirs = abs-dirs(fs, ri), files = abs-files(fs, ri),
orphans(dirs, files) = abs-keys(ro), boolvar → boolvar0, afs-cons(dirs, files), ubifs-cons(fs, ri, ro, fi, fo, log), orphans-cons(fs, ri, ro),
replay-cons-strong(fs, ri, ro, fi, fo, log), file-node-cons(fs, ri), ri-inj(ri), ri-inj(fi), log-cons(log, fs), ro.inodes?, fo.inodes?,
old_parent_inode = old_inode, new_parent_inode = new_inode, old_child_inode = old_dent_inode, new_child_inode = new_dent_inode, old_dent = old_dent0,
new_dent = old_dent1, err = err0
⊦ ⟪aubifs_rename_overwrite_reparent#
(old_child_inode.directory, old_child_inode, fi, fo
; old_parent_inode, new_parent_inode, new_child_inode, old_dent, new_dent, err, ri, ro, fs, log, boolvar0)⟫
⟨afs_rename#(; old_inode, new_inode, old_dent_inode, new_dent_inode, old_dent0, old_dent1, err0, dirs, files; boolvar)⟩
( (dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ (boolvar → boolvar0))
∧ old_parent_inode = old_inode ∧ new_parent_inode = new_inode ∧ old_child_inode = old_dent_inode ∧ new_child_inode = new_dent_inode
∧ old_dent = old_dent0 ∧ new_dent = old_dent1 ∧ err = err0)
in-ri-dentry-inodein-insertmkdir-injat-rirename-precond-abs
<_SIDEGOALS>
8777refine-rename-overwrite-reparent-file-proofrefine-rename-overwrite-reparent-file-proof-info
rename-precond-abs⊦ dirs = abs-dirs(fs, ri) ∧ files = abs-files(fs, ri) ∧ orphans(dirs, files) = abs-keys(ro) ∧ afs-cons(dirs, files) ∧ ro.inodes?
∧ file-node-cons(fs, ri) ∧ log-cons(log, fs) ∧ replay-cons-strong(fs, ri, ro, fi, fo, log) ∧ ri-inj(ri) ∧ ri-inj(fi)
∧ ubifs-cons(fs, ri, ro, fi, fo, log)
∧ pre-rename(old_parent_inode, old_dent, old_child_inode, new_parent_inode, new_dent, new_child_inode, dirs, files)
→ pre-rename(old_parent_inode, old_dent, old_child_inode, new_parent_inode, new_dent, new_child_inode, fs, ri, ro)
afs-cons-abs-dir-subdirsafs-cons-abs-dir-size
<_SIDEGOALS>
33110rename-precond-abs-proofrename-precond-abs-proof-info
ubifs-cons-pagesizekey.data? ⊦ key ∈ ri ∧ ubifs-cons(fs, ri, ro, fi, fo, log) → # fs[ri[key]].data = VFS_PAGE_SIZE
<_SIDEGOALS>
611ubifs-cons-pagesize-proofubifs-cons-pagesize-proof-infols
valid-parent-ino-precond⊦ afs-cons(abs-dirs(fs, ri), abs-files(fs, ri)) ∧ fs[ri[inodekey(m)]].directory ∧ inodekey(m) ∈ ri ∧ fo.inodes? ∧ ro.inodes? ∧ log-cons(log, fs)
∧ ri-inj(fi) ∧ ri-inj(ri) ∧ replay-cons-strong(fs, ri, ro, fi, fo, log) ∧ ubifs-cons(fs, ri, ro, fi, fo, log)
∧ abs-keys(ro) = abs-keys(orphans(fs, ri)) ∧ (links(m, abs-dirs(fs, ri)) ≠ ∅ ∨ m = ROOT_INO)
→ valid-parent-ino(m, fs, ri, ro)
<_SIDEGOALS>
819valid-parent-ino-precond-proofvalid-parent-ino-precond-proof-info
0