update transformations

2c08691d · Christian Müller · 5e41de33 · 2c08691d · 2c08691d · 2c08691d
Commit 2c08691d authored Mar 06, 2019 by Christian Müller
19 changed files
--- a/src/main/scala/de/tum/workflows/Encoding.scala
+++ b/src/main/scala/de/tum/workflows/Encoding.scala
@@ -209,7 +209,7 @@ object Encoding extends LazyLogging {
  
  val MAXINVLENGTH = 800

-  def toDot(g: WorkflowGraph, elaboration:Option[(InvProperties, Spec)] = None)(labels:Map[Int, String], edges:Set[g.EdgeT]) = {
+  def toDot(g: WorkflowGraph, elaboration:Option[(InvProperties, NISpec)] = None)(labels:Map[Int, String], edges:Set[g.EdgeT]) = {
    val root = DotRootGraph(
      directed = true,
      id = Some("Invariant Labelling"))

--- a/src/main/scala/de/tum/workflows/ExampleWorkflows.scala
+++ b/src/main/scala/de/tum/workflows/ExampleWorkflows.scala
@@ -25,7 +25,7 @@ object ExampleWorkflows extends LazyLogging {
     (sublists toMap) ++ here
  }
  
-  def parseExample(s:String):Option[Spec] = {
+  def parseExample(s:String):Option[NISpec] = {
    if (!examples.contains(s)) {
      logger.error(s"$s not contained in list of examples")
      None
@@ -47,7 +47,7 @@ object ExampleWorkflows extends LazyLogging {
    }
  }
  
-  def parsedExamples(prefix:String, folder:File):Map[String, Spec] = {
+  def parsedExamples(prefix:String, folder:File):Map[String, NISpec] = {
    val map = for ((name, f) <- examples) yield {
      val s = Source.fromFile(f).mkString
      val spec = WorkflowParser.parseSpec(s)

--- a/src/main/scala/de/tum/workflows/InvariantCLI.scala
+++ b/src/main/scala/de/tum/workflows/InvariantCLI.scala
@@ -5,7 +5,7 @@ import scala.io.Source
 import com.typesafe.scalalogging.LazyLogging

 import de.tum.workflows.Utils._
-import de.tum.workflows.blocks.Spec
+import de.tum.workflows.blocks.NISpec
 import de.tum.workflows.toz3.InvariantChecker
 import de.tum.workflows.toz3.InvariantGenerator
 import de.tum.workflows.toz3.InvProperties
@@ -55,7 +55,7 @@ object InvariantCLI extends App with LazyLogging {
    spec.map(generate(new File(file).getName.stripSuffix(".spec"), _, properties))
  }

-  def generate(name: String, spec: Spec, properties: InvProperties) {
+  def generate(name: String, spec: NISpec, properties: InvProperties) {
    logger.info(s"Encoding Spec:\n$spec")

    def invariant = InvariantGenerator.invariantNoninterSingleBS(spec)

--- a/src/main/scala/de/tum/workflows/InvariantInspector.scala
+++ b/src/main/scala/de/tum/workflows/InvariantInspector.scala
@@ -11,7 +11,7 @@ import de.tum.workflows.foltl.Properties
 import java.io.PrintWriter
 import java.io.File
 import de.tum.workflows.blocks.Workflow
-import de.tum.workflows.blocks.Spec
+import de.tum.workflows.blocks.NISpec
 import de.tum.workflows.foltl.FormulaFunctions
 import de.tum.workflows.toz3.InvariantChecker
 import de.tum.workflows.toz3.InvariantGenerator
@@ -38,7 +38,7 @@ object InvariantInspector extends App with LazyLogging {

    val (t, (res, dot)) = time {
      //        InvariantChecker.checkInvariantOnce(spec.w, inv(spec), true)
-      val props = InvProperties(stubborn = false, eliminateAux = true)
+      val props = InvProperties(stubborn = false, eliminateA = true)
      val (result, graph, afterlabels, proven, dot, time) = 
        InvariantChecker.checkInvariantFPLabelling(spec, invariant(spec), props)
        

--- a/src/main/scala/de/tum/workflows/MainInvariants.scala
+++ b/src/main/scala/de/tum/workflows/MainInvariants.scala
@@ -8,14 +8,14 @@ import de.tum.workflows.Utils._
 import java.io.PrintWriter
 import java.io.File
 import de.tum.workflows.blocks.Workflow
-import de.tum.workflows.blocks.Spec
+import de.tum.workflows.blocks.NISpec
 import de.tum.workflows.foltl.FormulaFunctions
 import de.tum.workflows.toz3.InvariantChecker
 import de.tum.workflows.toz3.InvariantGenerator

 object MainInvariants extends App with LazyLogging {

-  def generate(name: String, spec: Spec) {
+  def generate(name: String, spec: NISpec) {
    logger.info(s"Encoding Spec:\n$spec")

    def invariant =

--- a/src/main/scala/de/tum/workflows/MainInvariantsInference.scala
+++ b/src/main/scala/de/tum/workflows/MainInvariantsInference.scala
@@ -4,7 +4,7 @@ import com.typesafe.scalalogging.LazyLogging
 import com.microsoft.z3.Status
 import com.typesafe.scalalogging.LazyLogging
 import de.tum.workflows.Utils._
-import de.tum.workflows.blocks.{SimpleBlock, Spec}
+import de.tum.workflows.blocks.{SimpleBlock, NISpec}
 import de.tum.workflows.foltl.FOLTL._
 import de.tum.workflows.foltl.FOTransformers
 import de.tum.workflows.synth.Model
@@ -16,7 +16,7 @@ import Implicits._

 object MainInvariantsInference extends App with LazyLogging {

-  def generate(name: String, spec: Spec, tar:Int) {
+  def generate(name: String, spec: NISpec, tar:Int) {
    logger.info(s"Encoding Spec:\n$spec")

    def invariant =
@@ -30,7 +30,7 @@ object MainInvariantsInference extends App with LazyLogging {

    val props = InvProperties(
      stubborn = true,
-      eliminateAux = true,
+      eliminateA = true,
      eliminateB = true
    )


--- a/src/main/scala/de/tum/workflows/MainInvariantsInterpolation.scala
+++ b/src/main/scala/de/tum/workflows/MainInvariantsInterpolation.scala
@@ -3,7 +3,7 @@ package de.tum.workflows
 import com.microsoft.z3.Status
 import com.typesafe.scalalogging.LazyLogging
 import de.tum.workflows.Utils._
-import de.tum.workflows.blocks.{SimpleBlock, Spec}
+import de.tum.workflows.blocks.{SimpleBlock, NISpec}
 import de.tum.workflows.foltl.FOLTL._
 import de.tum.workflows.foltl.FOTransformers
 import de.tum.workflows.synth.Model
@@ -15,7 +15,7 @@ import Implicits._

 object MainInvariantsInterpolation extends App with LazyLogging {

-  def generate(name: String, spec: Spec, tar:Int) {
+  def generate(name: String, spec: NISpec, tar:Int) {
    logger.info(s"Encoding Spec:\n$spec")

    def invariant =
@@ -24,7 +24,7 @@ object MainInvariantsInterpolation extends App with LazyLogging {
    // InvariantChecker.invariantNoninterStubborn _
    // InvariantChecker.invariantAllEqual _

-    val props = InvProperties(stubborn = false, eliminateAux = true)
+    val props = InvProperties(stubborn = false, eliminateA = true)
    val inv = invariant(spec)
    val (res, graph, labels, t) = InvariantChecker.checkInvariantFPHeadLabel(spec, inv, props)


--- a/src/main/scala/de/tum/workflows/MainLTL.scala
+++ b/src/main/scala/de/tum/workflows/MainLTL.scala
@@ -5,7 +5,7 @@ import com.typesafe.scalalogging.LazyLogging
 import de.tum.workflows.foltl.FOTransformers
 import de.tum.workflows.Utils._
 import de.tum.workflows.foltl.Properties
-import de.tum.workflows.blocks.Spec
+import de.tum.workflows.blocks.NISpec
 import de.tum.workflows.foltl.FormulaFunctions
 import de.tum.workflows.foltl.FOTransformers
 import de.tum.workflows.owltransformer.OwlTransformer
@@ -15,7 +15,7 @@ import owl.ltl.rewriter.SimplifierFactory

 object MainLTL extends App with LazyLogging {

-  def writeExample(name: String, spec: Spec, prop: Formula) {
+  def writeExample(name: String, spec: NISpec, prop: Formula) {

    val MAX_AGENTS = 8

@@ -69,7 +69,7 @@ object MainLTL extends App with LazyLogging {
    write(name, s"$name.metrics", metrics.mkString("", "\n", "\n"))
  }

-  def generate(name: String, spec: Spec, onlystubborn:Boolean) {
+  def generate(name: String, spec: NISpec, onlystubborn:Boolean) {
    logger.info(s"Encoding Spec:\n$spec")
    val t1 = "pi1"
    val t2 = "pi2"

--- a/src/main/scala/de/tum/workflows/Preconditions.scala
+++ b/src/main/scala/de/tum/workflows/Preconditions.scala
@@ -9,11 +9,35 @@ import de.tum.workflows.toz3.{InvProperties, Z3BSFO}

 object Preconditions extends LazyLogging {

-  private def elaborateSteps(b: SimpleBlock, s: Spec): List[SimpleBlock] = {
+  private def elaborateSteps(b: SimpleBlock, spec: NISpec, properties: InvProperties): List[SimpleBlock] = {
+
+    val guardfix = if (!b.isoracly && b.pred.isDefined) {
+      // is "normal" may block
+      val choice = Fun(b.pred.get, b.agents)
+
+      for (s <- b.steps) yield {
+        val first = s.tuple.head
+        val inner = if (first.typ == spec.target.params.head.typ) {
+          val inf = Fun(INFNAME, List(b.agents.head))
+          if (properties.stubborn) {
+            choice.in(T1)
+          } else {
+            Or(And(Neg(inf.in(T1)), choice.in(T1)), And(inf.in(T1), choice))
+          }
+        } else {
+          choice
+        }
+        val newguard = And(s.guard, inner)
+        s.updateGuard(newguard)
+      }
+    } else {
+      b.steps
+    }
+
    val newsteps = for (
        stmt <- b.steps
-        if s.causals.map(_.typ).contains(stmt.tuple.head.typ) ||
-          stmt.tuple.head.typ == s.target.params.head.typ) yield {
+        if spec.causals.map(_.typ).contains(stmt.tuple.head.typ) ||
+          stmt.tuple.head.typ == spec.target.params.head.typ) yield {
      val fun = Fun(stmt.fun, stmt.tuple)
      // TODO
      val guard = Neg(Equiv(fun.in(T1), fun.in(T2)))
@@ -23,25 +47,40 @@ object Preconditions extends LazyLogging {
  }

  // For oracly blocks, remove O from guard and add to ForallMay choice predicate
-  private def elaborateOraclyBlock(b: SimpleBlock, s: Spec) = {
+  private def elaborateOraclyBlock(b: SimpleBlock, spec: NISpec) = {
    if (b.isoracly) {
+
      val stmt = b.steps.head // can only be one
-      def fixguard(f: Formula) = {
-        f.everywhere {
-          case f: Fun if f.isOracle() => True
-        }
-      }

      def findOracle(f: Formula) = {
        f.collect {
          case f: Fun if (f.isOracle()) => List(f.name)
        }
      }
-      val name = findOracle(stmt.guard).head
+      val oracles = findOracle(stmt.guard)
+      val name = oracles.head
+
+      if (oracles.size != 1) {
+        logger.error(s"Found oracly block $b with more than one oracle")
+      }
+
+      val choice = Fun(name, b.agents)
+
+      def fixguard(f: Formula, choice:Fun) = {
+        val nooracles = f.everywhere {
+          case f: Fun if f.isOracle() => True
+        }
+
+        val decl = spec.declass.getOrElse(b.pred.get, (List(), False))._2
+        // FIXME: substitutions?
+        // FIXME: decl in T2?
+        And(nooracles, Or(And(decl.in(T1), choice.in(T1)), And(Neg(decl.in(T1)), choice)))
+      }
+

      val newstmt = stmt match {
-        case Add(guard, fun, tuple)    => Add(fixguard(guard).simplify, fun, tuple)
-        case Remove(guard, fun, tuple) => Remove(fixguard(guard).simplify, fun, tuple)
+        case Add(guard, fun, tuple)    => Add(fixguard(guard, choice).simplify, fun, tuple)
+        case Remove(guard, fun, tuple) => Remove(fixguard(guard, choice).simplify, fun, tuple)
      }
      ForallMayBlock(b.agents, name, List(newstmt))
    } else b
@@ -66,58 +105,27 @@ object Preconditions extends LazyLogging {
    })
  }

-  // TODO: make this a transformation instead of a logics block
-  def getUpdate(s:Statement, b:SimpleBlock, choice:Option[Fun], spec:Spec, properties:InvProperties) = {
-
-      //        val list = List(s.guard) ++ choice.toList
-      //        val guard = And.make(list)
-      val first = s.tuple.head
-
-      // Trace related substitution for informedness
-      val con = if (b.isoracly) {
-        val decl = spec.declass.getOrElse(b.pred.get, (List(), False))._2
-        // FIXME: substitutions?
-        // FIXME: decl in T2?
-        Or(And(decl.in(T1), choice.get.in(T1)), And(Neg(decl.in(T1)), choice.get))
-      } else if (choice.isDefined) {
-        // is "normal" may block
-        val inner = if (first.typ == spec.target.params.head.typ) {
-          val inf = Fun(INFNAME, List(b.agents.head))
-          if (properties.stubborn) {
-            choice.get.in(T1)
-          } else {
-            Or(And(Neg(inf.in(T1)), choice.get.in(T1)), And(inf.in(T1), choice.get))
-          }
-        } else {
-          choice.get
-        }
-        inner
-      } else {
-        True
-      }
-
-      val guard = And(s.guard, con).simplify
-      //        val guard = True
+  def getUpdate(s:Statement, choice:Option[Fun], spec:NISpec, properties:InvProperties) = {

-      val frees = guard.freeVars -- s.tuple.toSet -- spec.constants
+      val frees = s.guard.freeVars -- s.tuple.toSet -- spec.constants

      val form = s match {
        case Add(_, _, _) => {
-          Or(Fun(s.fun, s.tuple), Exists(frees.toList, guard)).simplify
+          Or(Fun(s.fun, s.tuple), Exists(frees.toList, s.guard)).simplify
        }
        case Remove(_, _, _) => {
-          And(Fun(s.fun, s.tuple), Forall(frees.toList, Neg(guard))).simplify
+          And(Fun(s.fun, s.tuple), Forall(frees.toList, Neg(s.guard))).simplify
        }
      }
      form
  }

-  def elaborate(block: SimpleBlock, spec:Spec, properties:InvProperties) = {
-    val stepOne = if (!properties.stubborn) elaborateSteps(block, spec) else List(block)
+  def elaborate(block: SimpleBlock, spec:NISpec, properties:InvProperties) = {
+    val stepOne = if (!properties.stubborn) elaborateSteps(block, spec, properties) else List(block)
    stepOne map { b =>  elaborateOraclyBlock(b, spec) }
  }

-  def weakestPrecondition(post: Formula, outerb: SimpleBlock, spec: Spec, properties: InvProperties) = {
+  def weakestPrecondition(post: Formula, outerb: SimpleBlock, spec: NISpec, properties: InvProperties) = {

    // TODO: Make 2-trace elaboration optional

@@ -130,13 +138,11 @@ object Preconditions extends LazyLogging {
    precond
  }

-  private def weakestPreconditionSingle(f: Formula, b: SimpleBlock, spec: Spec, properties: InvProperties) = {
-
-    val choice = b.pred.map(n => Fun(n, b.agents))
+  private def weakestPreconditionSingle(f: Formula, b: SimpleBlock, spec: NISpec, properties: InvProperties) = {

    val updates = for (s <- b.steps) yield {
      s.fun -> (s.tuple, {
-        getUpdate(s, b, choice, spec, properties)
+        getUpdate(s, b, spec, properties)
      })
    }

@@ -154,7 +160,7 @@ object Preconditions extends LazyLogging {
    removed
  }

-  def abstractedPrecondition(f: Formula, b: SimpleBlock, spec: Spec, properties: InvProperties, untouched: Set[String]) = {
+  def abstractedPrecondition(f: Formula, b: SimpleBlock, spec: NISpec, properties: InvProperties, untouched: Set[String]) = {
    val precond = weakestPrecondition(f, b, spec, properties)

    // Assume untoucheds empty
@@ -171,7 +177,6 @@ object Preconditions extends LazyLogging {
      z3simpednewinv
    }

-
    // Abstract away inner existentials
    val universalinv = if (removedannotations.toNegNf.hasSubFormula {
      case e:Exists => true
@@ -182,15 +187,15 @@ object Preconditions extends LazyLogging {
    }

    // Eliminate Choices
-    val auxless = if (b.pred.isDefined && properties.eliminateAux) {
+    val auxless = if (b.pred.isDefined && properties.eliminateA) {
      FOTransformers.eliminateAuxiliaryPredicate(universalinv, b.pred.get)
    } else {
      universalinv
    }

    // Eliminate Oracles
-    val oless = if (properties.eliminateAux) {
-      val oracles = spec.w.sig.oracles.map(_.name)
+    val oless = if (properties.eliminateA) {
+      val oracles = spec.w.sig.as.map(_.name)
      oracles.foldRight(auxless)((b, inv) => FOTransformers.eliminateAuxiliaryPredicate(inv, b))
    } else {
      auxless

--- a/src/main/scala/de/tum/workflows/Utils.scala
+++ b/src/main/scala/de/tum/workflows/Utils.scala
@@ -68,7 +68,7 @@ object Utils extends LazyLogging {
    logger.info(s"Written $file")
  }
  
-  def check(name:String, desc:String, inv:Formula, spec:Spec, properties:InvProperties) = {
+  def check(name:String, desc:String, inv:Formula, spec:NISpec, properties:InvProperties) = {
    val model = if (properties.stubborn) "stubborn" else "causal"

    val basename = name.split("/").last

--- a/src/main/scala/de/tum/workflows/WorkflowParser.scala
+++ b/src/main/scala/de/tum/workflows/WorkflowParser.scala
@@ -186,7 +186,7 @@ object WorkflowParser extends RegexParsers with PackratParsers with LazyLogging
    (("Declassify" ~> DECLASS)?) ~ 
    ("Target" ~> FUN) ~ 
    (("Causality" ~> repsep(TYPEDVAR, ","))?) ^^ { 
-      case _ ~ w ~ decl ~ tar ~ causals => Spec(w, toMap(decl.toList), tar, causals.getOrElse(List())) 
+      case _ ~ w ~ decl ~ tar ~ causals => NISpec(w, toMap(decl.toList), tar, causals.getOrElse(List()))
    }
  
  def toMap(list:List[(Fun, Formula)]):Map[String, (List[Var], Formula)] = {

--- a/src/main/scala/de/tum/workflows/blocks/Workflow.scala
+++ b/src/main/scala/de/tum/workflows/blocks/Workflow.scala
@@ -5,14 +5,14 @@ import com.typesafe.scalalogging.LazyLogging
 import de.tum.workflows.Utils
 import de.tum.workflows.foltl.Properties

-case class Signature(oracles: Set[Fun], bs: Set[Fun], preds: Set[Fun])
+case class Signature(as: Set[Fun], constas: Set[Fun], bs: Set[Fun], preds: Set[Fun])
 object Signature {
-  val EMPTY = Signature(Set(), Set(), Set())
+  val EMPTY = Signature(Set(), Set(), Set(), Set())
 }

 case class Workflow(sig: Signature, steps: List[Block]) {
  override def toString() = steps.mkString("\n")
-  def isomitting = {
+  lazy val isomitting = {
    steps.exists(_.isomitting)
  }
 }
@@ -20,11 +20,24 @@ object Workflow {
  val EMPTY = Workflow(Signature.EMPTY, List())
 }

-case class Spec(w: Workflow, declass: Map[String, (List[Var], Formula)], target: Fun, causals:List[Var]) extends LazyLogging {
+trait Spec {
+  def w: Workflow
+}
+
+case class InvSpec(w: Workflow, always: Formula, invariant: Formula) extends Spec {
  override def toString = {
-    s"Spec\nWorkflow:\n$w\nDeclass:$declass\nTarget:$target"
+    s"Spec\nWorkflow:\n$w\nAlways:$always\nInvariant:$invariant"
  }

+  def toNISpec() = {
+    NISpec(w, Map(), Fun("NOTHING", List()), List())
+  }
+}
+
+case class NISpec(w: Workflow, declass: Map[String, (List[Var], Formula)], target: Fun, causals:List[Var]) extends Spec with LazyLogging {
+  override def toString = {
+    s"NISpec\nWorkflow:\n$w\nDeclass:$declass\nTarget:$target"
+  }

  lazy val constants:Set[Var] = {
    // Treat free variables in the declassification as constants
@@ -33,33 +46,39 @@ case class Spec(w: Workflow, declass: Map[String, (List[Var], Formula)], target:
    }.toSet
    // TODO: How to check for more constants?
  }
-  
+
  def checkSanity() = {
    var sane = true
-    
+
    // TODO: check all types
    // TODO: check target types
    // TODO: check declass arities and types (o should be an Oracle relation etc)
-    
+
    val ta = target.params.head
    // check declass bindings
    for ((o, (f, t)) <- declass if !t.freeVars.forall(v => f.contains(v) || (v == ta))) {
    	logger.error(s"Not all variables of the declassification condition for $o bound by the oracle")
    	sane = false
    }
-    
+
    def saneoraclestmt(stmt:Statement, frees:List[Var]) = {
      // Oracle only positive
      val f = stmt.guard.toNegNf
      val noneg = !f.hasSubFormula {
        case Neg(f:Fun) if f.isOracle() => true
      }
+      if (!noneg) {
+        logger.error(s"Found negated oracle in guard for statement $stmt")
+      }
      val allvars = !(f hasSubFormula {
        case f:Fun if f.isOracle && f.params != frees => true
      })
+      if (!allvars) {
+        logger.error(s"Found oracle with wrong parameters in statement $stmt")
+      }
      noneg && allvars
    }
-    
+
    // check same relation only updated once per block
    def isSane(steps:List[Block]):Boolean = {
      val sanes = steps map {
@@ -73,8 +92,8 @@ case class Spec(w: Workflow, declass: Map[String, (List[Var], Formula)], target:
          val saneoracly = if (b.isoracly) {
            b.pred.isEmpty && b.steps.size == 1 && saneoraclestmt(b.steps.head, b.agents)
          } else true
-          //            if (!saneoracly) { logger.warn(s"Oracles used wrongly in $b") }
-          pred.isEmpty // && saneoracly TODO: enable this later?
+          if (!saneoracly) { logger.warn(s"Oracles used wrongly in $b") }
+          pred.isEmpty && saneoracly
        }
        case Loop(steps) => isSane(steps)
        case NondetChoice(left, right) => isSane(left) && isSane(right)
@@ -85,8 +104,8 @@ case class Spec(w: Workflow, declass: Map[String, (List[Var], Formula)], target:
    sane
  }
 }
-object Spec {
-  val EMPTY = Spec(Workflow.EMPTY, Map(), Fun("NOTHING", List()), List())
+object NISpec {
+  val EMPTY = NISpec(Workflow.EMPTY, Map(), Fun("NOTHING", List()), List())
 }

 abstract sealed class Block {
@@ -98,6 +117,7 @@ abstract sealed class SimpleBlock extends Block {
  def steps: List[Statement]
  def may: Boolean
  def pred: Option[String]
+  def updateSteps(s:List[Statement])
  
  override def isomitting = {
    // a simple block is omitting, if there exists a statement where not all agents appear in the tuple
@@ -126,32 +146,38 @@ abstract sealed class SimpleBlock extends Block {
      steps.map(_.fun).toSet
    }
  }
+
 }

 abstract class Statement {
  def guard: Formula
  def fun: String
  def tuple: List[Var]
-  
+  def updateGuard(newguard: Formula)
+
  lazy val freeVars = guard.freeVars ++ tuple
 }

 case class Add(guard: Formula, fun: String, tuple: List[Var]) extends Statement {
  override def toString() = guard + " → " + fun + " += " + tuple.mkString("(", ",", ")") + ";"
+  override def updateGuard(newguard: Formula) = Add(newguard, fun, tuple)
 }
 case class Remove(guard: Formula, fun: String, tuple: List[Var]) extends Statement {
  override def toString() = guard + " → " + fun + " -= " + tuple.mkString("(", ",", ")") + ";"
+  override def updateGuard(newguard: Formula) = Remove(newguard, fun, tuple)
 }

 case class ForallBlock(agents: List[Var], steps: List[Statement]) extends SimpleBlock {
  val may = false
  override def toString() = "forall " + agents.map(_.withType).mkString(",") + steps.mkString("\n  ", "\n  ", "")
  override def pred() = None
+  override def updateSteps(newsteps: List[Statement]) = ForallBlock(agents, newsteps)
 }
 case class ForallMayBlock(agents: List[Var], choice: String, steps: List[Statement]) extends SimpleBlock {
  val may = true
  override def toString() = "forall " + agents.map(_.withType).mkString(",") + " may (" + pred + ")" + steps.mkString("\n  ", "\n  ", "")
-  override def pred() = Some(choice) 
+  override def pred() = Some(choice)
+  override def updateSteps(newsteps: List[Statement]) = ForallMayBlock(agents, choice, newsteps)
 }

 case class Loop(steps: List[Block]) extends Block {

--- a/src/main/scala/de/tum/workflows/foltl/Properties.scala
+++ b/src/main/scala/de/tum/workflows/foltl/Properties.scala
@@ -92,7 +92,7 @@ object Noninterference extends LazyLogging {
    Or.make(viol)
  }
  
-  def apply(choices: Set[Fun], spec:Spec) = {
+  def apply(choices: Set[Fun], spec:NISpec) = {
    
    val agent = spec.target.params.head
    val samechoices = Stubborn(agent, choices)
@@ -107,7 +107,7 @@ object Noninterference extends LazyLogging {
 }

 object Declassification extends {
-  def apply(spec: Spec) = {
+  def apply(spec: NISpec) = {
    val sameoracles = for ((o,(p,t)) <- spec.declass) yield {
      val fun = Fun(o, None, p)
      // Forall fv(o). (t_T1 and t_t2) -> G (o_T1 <-> o_T2) 
@@ -124,7 +124,7 @@ object Properties {
  val INFNAME = "informed"
  
  // include optimizations for choices
-  def noninterStubborn(spec: Spec) = {
+  def noninterStubborn(spec: NISpec) = {
    
    val graph = toGraph(spec.w)
    val cfg = sanecfg(graph)
@@ -145,7 +145,7 @@ object Properties {
    And.make(cfg, sem.in(T1, equals), sem.in(T2, equals), noninter)