def print_sequence3(t1: Place, n: int) -> Place: """Prints n(n-1)...1.""" IOExists1(Place)(lambda t2: ( Requires(n > 0 and token(t1, 2) and print_sequence_io(t1, n, t2) and MustTerminate(2)), Ensures(token(t2) and t2 == Result()), )) t = t1 Open(print_sequence_io(t, n)) t2 = GetGhostOutput(print_sequence_io(t, n), 't_post') # type: Place while n > 1: IOExists1(Place)(lambda t_next: ( Invariant( token(t, 1) and Implies( n > 1, print_int_io(t, n, t_next) and print_sequence_io( t_next, n - 1, t2)) and Implies( not n > 1, print_int_io(t, n, t2))), Invariant(MustTerminate(n)), )) t = print_int(t, n) n -= 1 Open(print_sequence_io(t, n)) t = print_int(t, n) return t
def m10(self) -> None: Requires(Acc(self.a) and MustRelease(self.a, 2)) Requires(WaitLevel() < Level(self.a)) while True: Invariant(Acc(self.a) and MustRelease(self.a, 1)) Invariant(WaitLevel() < Level(self.a)) self.a.release() self.a.acquire()
def m2_borrow_rel(self) -> None: Requires(Acc(self.x) and MustRelease(self.x, 2)) x = 1 while x < 5: Invariant(Acc(self.x)) Invariant(MustRelease(self.x, 10 - x)) x += 1 self.x.release()
def test2(l: ObjectLock) -> None: Requires(l is not None) Requires(MustRelease(l, 3)) Requires(WaitLevel() < Level(l)) while True: Invariant(MustRelease(l, 1)) Invariant(WaitLevel() < Level(l)) do_release(l) l.acquire()
def nested4(self) -> None: x = 1 y = 2 while x < 5: Invariant(MustTerminate(10 - x)) x += 1 while y < 5: Invariant(MustTerminate(10 - y)) y += 1
def hidden_obligation_ok() -> None: Requires(MustTerminate(2)) i = 0 n = 10 while i < n: Invariant(Implies(i > n, MustTerminate(n+i))) Invariant(Implies(False, MustTerminate(1))) Invariant(Implies(i <= n, MustTerminate(n-i+1))) i = i + 1
def m2_transfer_rel(self) -> None: Requires(Acc(self.x) and MustRelease(self.x, 2)) x = 1 while x < 5: Invariant(Acc(self.x)) Invariant(Implies(x < 5, MustRelease(self.x, 10 - x))) x += 1 if x >= 5: self.x.release()
def m2(self) -> None: Requires(MustTerminate(1)) x = 5 while x > 0: Invariant(MustTerminate(x)) y = 500 while y > 100: Invariant(MustTerminate(y)) y -= 2 x -= 1
def m11(self) -> None: Requires(Acc(self.a) and MustRelease(self.a, 2)) Requires(WaitLevel() < Level(self.a)) while True: Invariant(Acc(self.a) and MustRelease(self.a, 1)) Invariant(WaitLevel() < Level(self.a)) self.a.release() self.a.acquire() #:: ExpectedOutput(assert.failed:assertion.false) Assert(False)
def loop3_a() -> None: Requires(MustTerminate(2)) i = 1 n = 10 while i < n: Invariant(MustTerminate(n-i+1)) Invariant(i > 0) #:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations) i_time(i) i = i + 1
def test_terminate_keep_promise_3() -> None: i = 0 while i < 5: Invariant(MustTerminate(5 - i)) i += 1 j = 0 #:: ExpectedOutput(leak_check.failed:must_terminate.loop_promise_not_kept) while j < 5: Invariant(MustTerminate(5 - j)) j -= 1
def test_terminate_promise_4(a: List[int], b: List[int]) -> None: Requires(MustTerminate(2)) Requires(Acc(list_pred(a))) Requires(Acc(list_pred(b))) for i in a: Invariant(MustTerminate(len(a) - len(Previous(i)))) Invariant(Acc(list_pred(b))) #:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations) for j in b: pass
def nested3(self) -> None: x = 1 y = 2 while x < 5: Invariant(MustTerminate(10 - x)) x += 1 #:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations) while y < 5: Invariant(True) y += 1
def nested2(self) -> None: Requires(MustTerminate(1)) x = 1 y = 1 while x < 5: Invariant(MustTerminate(10 - x)) x += 1 while y < 5: Invariant(MustTerminate(20 - y)) y += 1
def f3_a(n: int) -> None: Requires(n > 1) Requires(MustTerminate(n)) i = 0 while i < n: Invariant(MustTerminate(n - i)) Invariant(i >= 0) over_in_one() if n - i - 1 > 0: i_time(n - i - 1) i += 1
def f6() -> None: Requires(MustTerminate(5)) i = 0 n = 10 while i < n: Invariant(MustTerminate(n - i + 1)) i += 1 j = 0 while j < n: Invariant(MustTerminate(n - j + 1)) j += 1
def m9(self) -> None: Requires(Acc(self.b) and self.b > 17) Requires(Acc(self.a) and MustRelease(self.a, self.b)) while self.b > 2: Invariant(Acc(self.a) and Acc(self.b)) Invariant(Implies(self.b > 4, MustRelease(self.a, self.b))) if self.b > 4: self.b -= 1 if self.b == 4: self.a.release()
def m4(self) -> None: Requires(MustTerminate(2)) x = 5 while x > 0: Invariant(MustTerminate(x)) y = 500 while y > 100: Invariant(MustTerminate(y)) #:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations) self.d2() y -= 2 x -= 1
def locks_creating_loop() -> ObjectLock: Ensures(WaitLevel() < Level(Result())) l = ObjectLock(object()) i = 0 while i < 5: Invariant(l is not None) Invariant(WaitLevel() < Level(l)) l.acquire() l.release() l = ObjectLock(object()) i += 1 return l
def continuous3(a: ObjectLock) -> None: Requires(a is not None) Requires(WaitLevel() < Level(a)) acq(a) while True: Invariant(MustRelease(a, 3)) Invariant(WaitLevel() < Level(a)) a.release() a.acquire() reAcq3(a)
def test_loop_condition_framing_2() -> None: a = A() l = ObjectLock(object()) l.acquire() i = 5 while a.steps < 5: Invariant(Acc(a.steps)) Invariant(MustRelease(l, i)) Invariant(i == 5 - a.steps) a.steps += 1 i -= 1 l.release()
def await_2(l: ObjectLock) -> None: Requires(l is not None) Requires(WaitLevel() < Level(l)) Ensures(MustRelease(l)) l.acquire() i = 5 while i > 0: Invariant(MustRelease(l)) Invariant(WaitLevel() < Level(l)) l.release() l.acquire() i -= 1
def test_call_non_terminating_5() -> None: Requires(MustTerminate(2)) i = 0 while i < 5: Invariant(MustTerminate(5 - i)) i += 1 j = 0 while j < 5: Invariant(MustTerminate(5 - j)) j += 1 #:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations) non_terminating()
def await_3(l: Lock[object]) -> None: Requires(MustRelease(l)) Requires(WaitLevel() < Level(l)) Ensures(MustRelease(l)) i = 5 while i > 0: #:: ExpectedOutput(invariant.not.established:insufficient.permission) Invariant(MustRelease(l)) Invariant(WaitLevel() < Level(l)) l.release() l.acquire() i -= 1
def nested2(self) -> None: Requires(Acc(self.x) and MustRelease(self.x, 2)) x = 1 y = 1 while x < 5: Invariant(Acc(self.x)) Invariant(MustRelease(self.x, 10 - x)) x += 1 while y < 5: Invariant(MustTerminate(20 - y)) y += 1 self.x.release()
def locks_creating_loop_error(n: int) -> ObjectLock: l = ObjectLock(object()) i = 0 while i < n: Invariant(l is not None) Invariant(WaitLevel() < Level(l)) l.acquire() #don't release if (i + 2 < n): l.release() l = ObjectLock(object()) i += 1 return l
def nested1_after_inner(self) -> None: Requires(Acc(self.x) and MustRelease(self.x, 2)) x = 1 y = 1 while x < 5: Invariant(Acc(self.x)) Invariant(Implies(x < 5, MustRelease(self.x, 10 - x))) x += 1 #:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations) while y < 5: y += 1 if x == 5: self.x.release()
def nested2_after_inner(self) -> None: Requires(Acc(self.x) and MustRelease(self.x, 2)) x = 1 y = 1 while x < 5: Invariant(Acc(self.x)) Invariant(Implies(x < 5, MustRelease(self.x, 10 - x))) x += 1 while y < 5: Invariant(MustTerminate(20 - y)) y += 1 if x == 5: self.x.release()
def continuous2(a: ObjectLock) -> None: Requires(a is not None) Requires(WaitLevel() < Level(a)) acq(a) while True: #:: ExpectedOutput(invariant.not.preserved:insufficient.permission) Invariant(MustRelease(a, 3)) Invariant(WaitLevel() < Level(a)) a.release() a.acquire() reAcq2(a)
def test_loop_condition_framing_1() -> None: a = A() l = ObjectLock(object()) l.acquire() i = 5 while a.steps < 5: #:: ExpectedOutput(not.wellformed:loop_condition.not_framed_for_obligation_use) Invariant(MustRelease(l, i)) Invariant(Acc(a.steps)) Invariant(i == 5 - a.steps) a.steps += 1 i -= 1 l.release()