Ejemplo n.º 1
0
def over_in_minus_one_conditional(l: ObjectLock, b: bool) -> None:
    Requires(Implies(b, MustRelease(l, 1)))
    #:: Label(over_in_minus_one_conditional__MustRelease__False)
    Requires(Implies(not b, MustRelease(l, -1)))
    # Negative measure is equivalent to False.
    Assert(Implies(not b, False))
    #:: ExpectedOutput(assert.failed:assertion.false)
    Assert(False)
Ejemplo n.º 2
0
def over_in_minus_one_conditional(b: bool) -> None:
    Requires(Implies(b, MustTerminate(1)))
    #:: Label(over_in_minus_one_conditional__MustTerminate__False)
    Requires(Implies(not b, MustTerminate(-1)))
    # Negative measure is equivalent to False.
    Assert(Implies(not b, False))
    #:: ExpectedOutput(assert.failed:assertion.false)
    Assert(False)
Ejemplo n.º 3
0
def common_use_of_ADTs() -> None:
    t_1 = Leaf(Banana())
    t_2 = Leaf(Grape())
    polymorphic_tree = Node(t_1, t_2)

    assert isinstance(t_1, Leaf)
    assert isinstance(t_1.fruit, Fruit)
    assert isinstance(t_1.fruit, Banana)

    assert type(t_2.fruit) is Grape

    Assert(type(cast(Node, polymorphic_tree).left) is Leaf)
    Assert(type(cast(Leaf, cast(Node, polymorphic_tree).left).fruit) is Banana)

    Assert(type(cast(Node, polymorphic_tree).right) is Leaf)
    Assert(type(cast(Leaf, cast(Node, polymorphic_tree).right).fruit) is Grape)
Ejemplo n.º 4
0
    def timed_release_bounded_subzero(self, x: 'A') -> None:
        Requires(Acc(x.a) and Acc(x.b))
        Requires(MustRelease(x.a, x.b))
        Requires(x.b == -1)

        # Contradiction in precondition: x.b == -1 and x.b > 0
        Assert(False)
Ejemplo n.º 5
0
def test() -> None:
    try:
        x = 5
    except Exc1 as ex1:
        x = 6
        try:
            x = 7
        except Exc2 as ex2:
            Assert(isinstance(ex1, Exc2))
Ejemplo n.º 6
0
def fprecond(a: ObjectLock, b: ObjectLock) -> None:
    Requires(a is not None)
    Requires(b is not None)
    Requires(a is b)
    Requires(MustRelease(a, 2))
    Requires(MustRelease(b, 2))

    # Precondition is False.
    Assert(False)
Ejemplo n.º 7
0
 def m11(self) -> None:
     Requires(Acc(self.a) and MustRelease(self.a, 2))
     Requires(WaitLevel() < Level(self.a))
     while True:
         Invariant(Acc(self.a) and MustRelease(self.a, 1))
         Invariant(WaitLevel() < Level(self.a))
         self.a.release()
         self.a.acquire()
         #:: ExpectedOutput(assert.failed:assertion.false)
         Assert(False)
Ejemplo n.º 8
0
def f_ok(a: ObjectLock, b: ObjectLock) -> None:
    Requires(a is not None)
    Requires(b is not None)
    Requires(MustRelease(a, 7))
    Requires(MustRelease(b, 8))

    if a is b:
        Assert(False)

    rel_later(a)
    rel_later(b)
Ejemplo n.º 9
0
def f_leak(a: ObjectLock, b: ObjectLock) -> None:
    Requires(a is not None)
    Requires(b is not None)
    Requires(MustRelease(a, 7))
    Requires(MustRelease(b, 3))

    # TODO: Find out why Silicon needs this additional assert. Is this
    # an instance of conjunctive aliasing problem?
    Assert(a is not b)

    rel_now(b)
    rel_later(a)
Ejemplo n.º 10
0
def test(t1: Place) -> Place:
    IOExists1(Place)(lambda t_end: (
        Requires(token(t1, 2) and test_io(t1, t_end)),
        Ensures(token(t_end) and t_end == Result()),
    ))

    Open(test_io(t1))

    t2 = NoOp(t1)
    t3, t4 = Split(t2)
    res, t5 = SetVar(t4, 1)
    t6 = Join(t3, t5)
    t_end = NoOp(t6)

    Assert(res == 1)

    return t_end
Ejemplo n.º 11
0
def over_in_minus_one() -> None:
    Requires(MustTerminate(-1))
    # Negative measure is equivalent to False.
    Assert(False)
Ejemplo n.º 12
0
def callee_3(b: Optional[B], c: Optional[C]) -> None:
    #:: ExpectedOutput(assert.failed:assertion.false)
    Assert(b is not c)
Ejemplo n.º 13
0
def test2() -> None:
    Assert(None is None)
    #:: ExpectedOutput(assert.failed:assertion.false)
    Assert(None is not None)
Ejemplo n.º 14
0
def create_lock() -> None:
    l = ObjectLock(object())
    l.acquire()
    l.release()
    #:: ExpectedOutput(assert.failed:assertion.false)
    Assert(False)
Ejemplo n.º 15
0
def callee(b: B, c: C) -> None:
    Assert(b is not c)
Ejemplo n.º 16
0
def test2() -> None:
    a = [1, 2, 3]
    for i in a:
        pass
    Assert(Acc(list_pred(a)))
Ejemplo n.º 17
0
def test() -> None:
    #:: ExpectedOutput(invalid.program:invalid.contract.position)
    Assert(Assert(True))
Ejemplo n.º 18
0
 def t2(self) -> None:
     Requires(Acc(self.y) and MustTerminate(self.y))
     Assert(self.y > 0)
     #:: ExpectedOutput(assert.failed:assertion.false)
     Assert(False)
Ejemplo n.º 19
0
 def test(self) -> None:
     Requires(Acc(self.b) and Acc(self.c))
     #:: ExpectedOutput(assert.failed:assertion.false)
     Assert(self.b is not self.c)
Ejemplo n.º 20
0
def test_false_postcondition_caller() -> None:
    Requires(MustTerminate(2))
    #:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations)
    test_false_postcondition()
    Assert(False)
Ejemplo n.º 21
0
 def test(self) -> None:
     Requires(Acc(self.b) and Acc(self.c))
     Assert(self.b is not self.c)
Ejemplo n.º 22
0
def over_in_minus_one(l: ObjectLock) -> None:
    #:: Label(over_in_minus_one__MustRelease)
    Requires(MustRelease(l, -1))
    # Negative measure is equivalent to False.
    Assert(False)