def __init__(self, value: int) -> None:
Requires(MustTerminate(1))
Ensures(Acc(self.int_field1)) # type: ignore
Ensures(self.int_field1 == value) # type: ignore
Ensures(Acc(self.int_field2)) # type: ignore
Ensures(self.int_field2 == value) # type: ignore
self.int_field1 = value
self.int_field2 = value
def acquire(self) -> None:
"""Acquire the lock."""
Requires(MustTerminate(1))
Requires(WaitLevel() < Level(self))
Requires(Low(self))
Requires(LowEvent())
Ensures(self.invariant())
Ensures(MustRelease(self))
def m7(self) -> None:
Requires(Acc(self.b) and self.b > 17)
Requires(Acc(self.a) and MustRelease(self.a, self.b))
Ensures(Acc(self.a) and Acc(self.b))
Ensures(MustRelease(self.a, self.b))
while self.b > 2:
Invariant(Acc(self.b) and MustTerminate(self.b))
self.b -= 1
def brackets(self, t_read1: Place) -> Tuple[Place, bool]:
IOExists3(str, bool, Place)(lambda read5, valid, t_read5: (
Requires(
Acc(self.c) and brackets_io(t_read1, self.c, read5, valid,
t_read5) and token(t_read1, 3)),
Ensures(
Acc(self.c) and self.c is read5 and token(t_read5) and t_read5
== Result()[0] and valid == Result()[1]),
))
Open(brackets_io(t_read1, self.c))
if self.peek_read_ahead() is '(':
t_read2, _ = self.pop_read_ahead(t_read1)
t_read3, brackets1 = self.brackets(t_read2)
t_read4, c = self.pop_read_ahead(t_read3)
should_be_close = (c is ')')
t_read5, brackets2 = self.brackets(t_read4)
return t_read5, (brackets1 and should_be_close and brackets2)
else:
i = self.peek_read_ahead()
t_read2 = NoOp(t_read1)
if i is None:
return t_read2, True # Empty string because of read EOF.
elif self.peek_read_ahead() is ')':
return t_read2, True # Match empty string because read ')'.
else:
return t_read2, False # No match because read invalid
def run(t_pre1: Place, t_pre2: Place, file_name: str) -> Place:
IOExists1(Place)(lambda t_post: (
Requires(
token(t_pre1, 3) and resource_io(t_pre1, file_name, t_post) and
ctoken(t_pre2) and notify_io(t_pre2)),
Ensures(token(t_post) and t_post == Result()),
))
Open(resource_io(t_pre1, file_name))
fp, t2 = open(t_pre1, file_name)
t3 = Gap(t2)
potentialy_non_terminating()
notify(t_pre2)
t4 = write(t3, fp)
t5 = Gap(t4)
potentialy_non_terminating()
t_post = close(t5, fp)
return t_post
def read_write_int_twice4(t1: Place) -> Place:
IOExists4(Place, Place, int, int)(
lambda t2, t3, value1, value2: (
Requires(
token(t1, 2) and
read_int_twice_io(t1, value1, value2, t2) and
write_int_twice_io(t2, value1, value2, t3)
),
Ensures(
token(t3) and
t3 == Result()
),
)
)
Open(read_int_twice_io(t1))
t2, number1 = read_int(t1)
t3, number2 = read_int(t2)
Open(write_int_twice_io(t3, number1, number2))
#:: ExpectedOutput(call.precondition:insufficient.permission)
t4 = write_int(t3, number2)
#:: ExpectedOutput(carbon)(call.precondition:insufficient.permission)
t5 = write_int(t4, number1)
return t5
def reAcq3(a: ObjectLock) -> None:
Requires(a is not None)
Requires(WaitLevel() < Level(a))
Requires(MustRelease(a, 2))
Ensures(MustRelease(a))
a.release()
a.acquire()
def ensure_dir_exists(t1: Place, path: str) -> Tuple[bool, Place]:
IOExists2(Place, bool)(lambda t2, success: (
Requires(path is not None and token(t1, 2) and ensure_dir_exists_io(
t1, path, success, t2) and MustTerminate(2)),
Ensures(token(t2) and t2 == Result()[1] and Result()[0] == success),
))
Open(ensure_dir_exists_io(t1, path))
try:
t3 = mkdir(t1, path)
t2 = NoOp(t3)
return True, t2
except OSErrorWrapper as ex1:
try:
res, t2 = is_dir(ex1.place, path)
return res, t2
except OSErrorWrapper as ex2:
return False, ex2.place
def syscall_putchar(t1: Place, c: str) -> Place:
IOExists1(Place)(lambda t2: (
Requires(
token(t1, 1) and syscall_putchar_io(t1, c, t2) and MustTerminate(1)
),
Ensures(token(t2) and t2 == Result()),
))
def run(t1: Place) -> None:
Requires(token(t1, 2) and listener_io(t1))
Ensures(False)
Open(listener_io(t1))
server_socket, t_loop = create_server_socket(t1)
while True:
Invariant(
token(t_loop, 1) and
listener_loop_io(t_loop, server_socket) and
server_socket != None
)
Open(listener_loop_io(t_loop, server_socket))
client_socket, t3 = accept(t_loop, server_socket)
data, t4 = read_all(t3, client_socket, timeout=1)
Open(output_io(t4, client_socket, data))
if data is not None:
t5, t6 = Split(t4)
t7 = print_int(t6, get_address(client_socket))
t8 = send(t5, client_socket, data)
t9 = Join(t8, t7)
else:
t9 = NoOp(t4)
t_loop = close(t9, client_socket)
def write_four_ints_2(t1: Place) -> Place:
IOExists2(Place, Place)(
lambda t2, t3: (
Requires(
token(t1, 2) and
write_two_ints_io(t1, t2) and
write_two_ints_io(t2, t3)
),
Ensures(
token(t3) and
t3 == Result()
),
)
)
Open(write_two_ints_io(t1))
t2 = write_int(t1, 4)
#:: ExpectedOutput(call.precondition:insufficient.permission)
t3 = write_int(t2, 9)
#:: ExpectedOutput(carbon)(exhale.failed:insufficient.permission)
Open(write_two_ints_io(t3))
t4 = write_int(t3, 3)
t5 = write_int(t4, 6)
return t5
def write_four_ints_1(t1: Place) -> Place:
IOExists2(Place, Place)(
lambda t2, t3: (
Requires(
token(t1, 2) and
write_two_ints_io(t1, t2) and
write_two_ints_io(t2, t3)
),
Ensures(
token(t3) and
t3 == Result()
),
)
)
Open(write_two_ints_io(t1))
t2 = write_int(t1, 4)
t3 = write_int(t2, 8)
Open(write_two_ints_io(t3))
t4 = write_int(t3, 3)
t5 = write_int(t4, 6)
return t5
def print_sequence3(t1: Place, n: int) -> Place:
"""Prints n(n-1)...1."""
IOExists1(Place)(lambda t2: (
Requires(n > 0 and token(t1, 2) and print_sequence_io(t1, n, t2) and
MustTerminate(2)),
Ensures(token(t2) and t2 == Result()),
))
t = t1
Open(print_sequence_io(t, n))
t2 = GetGhostOutput(print_sequence_io(t, n), 't_post') # type: Place
while n > 1:
IOExists1(Place)(lambda t_next: (
Invariant(
token(t, 1) and Implies(
n > 1,
print_int_io(t, n, t_next) and print_sequence_io(
t_next, n - 1, t2)) and Implies(
not n > 1, print_int_io(t, n, t2))),
Invariant(MustTerminate(n)),
))
t = print_int(t, n)
n -= 1
Open(print_sequence_io(t, n))
t = print_int(t, n)
return t
def open(t1: Place, file_name: str) -> Tuple[File, Place]:
IOExists2(Place, File)(lambda t2, fp: (
Requires(
token(t1, 1) and open_io(t1, file_name, fp, t2) and MustTerminate(
1)),
Ensures(token(t2) and t2 == Result()[1] and fp is Result()[0]),
))
def read_write_int_twice1(t1: Place) -> Place:
IOExists4(Place, Place, int, int)(
lambda t2, t3, value1, value2: (
Requires(
token(t1, 2) and
read_int_twice_io(t1, value1, value2, t2) and
write_int_twice_io(t2, value1, value2, t3)
),
Ensures(
token(t3) and
t3 == Result()
),
)
)
Open(read_int_twice_io(t1))
t2, number1 = read_int(t1)
t3, number2 = read_int(t2)
Open(write_int_twice_io(t3, number1, number2))
t4 = write_int(t3, number1)
t5 = write_int(t4, number2)
return t5
def main(t1: Place) -> Place:
IOExists8(str, Place, str, bool, Place, Place, bool, bool)(
lambda read_ahead, t_read_ahead, read_last, valid, t_brackets_end, t_end,
success1, success2: (
Requires(
token(t1) and
read_char_io(t1, stdin, read_ahead, success1, t_read_ahead) and
brackets_io(t_read_ahead, read_ahead, read_last, valid, t_brackets_end) and
read_last is None and
write_char_io(t_brackets_end, stdout, ('1' if valid else '0'), success2, t_end)
),
Ensures(
token(t_end) and
t_end == Result()
),
)
)
m = Matcher()
m.c, success, t2 = getchar(t1)
t3, match = m.brackets(t2)
if match:
success, t4 = putchar('1', t3)
else:
success, t4 = putchar('0', t3)
return t4
def io_exists_2(
a1: C1) -> None:
IOExists(C1)(
lambda c1:
Ensures(
c1 == a1 and is_c1(c1, a1)
)
)
def test(t1: Place) -> C1:
IOExists1(C2)(
lambda value: (
Requires(
#:: ExpectedOutput(invalid.program:invalid.io_existential_var.defining_expression_type_mismatch)
do_io(t1, value)),
Ensures(value == Result()),
))
def main(h: int) -> int:
Ensures(Low(Result()))
h = inputPIN()
if h < 0:
l = 0
else:
l = 0
return l
def test(t1: Place) -> C2:
IOExists1(C1)(
lambda value: (
Requires(
#:: ExpectedOutput(type.error:Argument 2 to "do_io" has incompatible type "C1"; expected "C2")
do_io(t1, value)),
Ensures(value == Result()),
))
def caller(l: Lock[object]) -> None:
Requires(MustRelease(l, 3))
Ensures(False)
while True:
#:: ExpectedOutput(invariant.not.preserved:insufficient.permission)
Invariant(MustRelease(l, 1))
foo(l)
def client1(t1: Place, value: int) -> Place:
IOExists1(Place)(lambda t2: (
Requires(token(t1, 3) and write_int_io(t1, value, t2)),
Ensures(token(t2) and t2 == Result()),
))
writer = WriterSuper(value)
t2 = writer.write_int(False, t1)
return t2
def main(self, t1: Place) -> Place:
IOExists1(Place)(lambda t2: (
Requires(token(t1, 2) and example_io(t1, t2) and MustTerminate(2)),
Ensures(token(t2) and t2 == Result()),
))
Open(example_io(t1))
success, t2 = putchar('h', t1)
success, t3 = putchar('i', t2)
return t3
def my_gap(t1: Place) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(token(t1, 1) and my_gap_io(t1, t2)),
Ensures(
#:: ExpectedOutput(invalid.program:invalid.postcondition.ctoken_not_allowed)
ctoken(t2) and # ctoken in postcondition is unsound.
t2 == Result()),
))
def nested4_convert_accept(self) -> None:
Requires(Acc(self.x) and self.x is not None)
Requires(WaitLevel() < Level(self.x))
Ensures(Acc(self.x))
Ensures(MustRelease(self.x, 1))
x = 1
y = 2
self.x.acquire()
while x < 5:
Invariant(y <= 5)
Invariant(Acc(self.x))
Invariant(MustRelease(self.x, 10 - x))
x += 1
while y < 5:
Invariant(y <= 5)
Invariant(Acc(self.x))
Invariant(MustRelease(self.x, 10 - y))
y += 1
def read_int1(t1: Place) -> Tuple[int, Place]:
IOExists2(Place, int)(lambda t2, value: (
Requires(token(t1, 2) and read_int_io(t1, value, t2)),
Ensures(token(t2) and t2 == Result()[1] and value == Result()[0]),
))
t2, number = read_int(t1)
return number, t2
def write_int2(self, t1: Place, value: int) -> Place:
IOExists1(Place)(lambda t2: (
Requires(token(t1, 2) and write_int_io(t1, value, t2)),
Ensures(token(t2) and t2 == Result()),
))
t2 = write_int(t1, value)
return t2
def acquire_release_multiple(l: ObjectLock) -> None:
Requires(l is not None)
Requires(WaitLevel() < Level(l))
Ensures(MustRelease(l))
l.acquire()
l.release()
l.acquire()
l.release()
l.acquire()
def await_4(l: Lock[object]) -> None:
Requires(l is not None)
Requires(WaitLevel() < Level(l))
Ensures(MustRelease(l))
l.acquire()
i = 5
while i > 0:
#:: ExpectedOutput(invariant.not.preserved:insufficient.permission)
Invariant(MustRelease(l))
i -= 1
def mkdir(t1: Place, path: str) -> Place:
IOExists2(Place, OSErrorWrapper)(lambda t2, ex: (
Requires(path is not None and token(t1, 1) and mkdir_io(
t1, path, ex, t2) and MustTerminate(1)),
Ensures(token(t2) and t2 == Result() and ex is None),
Exsures(
OSErrorWrapper, ex is RaisedException() and Acc(ex.place) and ex.
place == t2 and token(t2) and Acc(ex.exception) and isinstance(
ex.exception, Exception)),
))