def a10(self, a: int) -> None:
Requires(Rd(self.x))
Ensures(Implies(a == 3, Rd(self.x)))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
if 3 == a:
t1.join(self.void)
def a9(self, a: int) -> None:
Requires(Rd(self.x))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Rd(self.x))
t1 = Thread(None, self.dispose_rd, args=())
t1.start(self.dispose_rd)
t1.join(self.dispose_rd)
def thread_join_wrong_level(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
#:: ExpectedOutput(thread.join.failed:wait.level.invalid)
t.join(Cell.incr, decr)
def thread_join_not_joinable(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(WaitLevel() < Level(t))
#:: ExpectedOutput(thread.join.failed:thread.not.joinable)
t.join(Cell.incr, decr)
def start2(self) -> Thread:
Requires(Rd(self.x))
Ensures(Acc(self.x, ARP() - getARP(Result())))
t1 = Thread(None, self.readX, args=())
t2 = Thread(None, self.readX, args=())
t1.start(self.readX)
t2.start(self.readX)
t1.join(self.readX)
return t2
def startAndJoinRead(self) -> None:
Requires(Rd(self.x))
Ensures(Rd(self.x))
t1 = Thread(None, self.readX, args=())
t2 = Thread(None, self.readX, args=())
t1.start(self.readX)
t2.start(self.readX)
t1.join(self.readX)
t2.join(self.readX)
def join_low_dyn_bound(secret: bool) -> None:
if secret:
x = A()
else:
x = B()
t = Thread(target=x.foo, args=())
t.start(x.foo)
#:: ExpectedOutput(thread.join.failed:thread.not.joinable)
t.join(x.foo)
def join1(self, t: Thread) -> None:
Requires(getMethod(t) == Clazz.readX)
Requires(getArg(t, 0) is self)
Requires(Joinable(t))
Requires(Acc(ThreadPost(t), 1))
Requires(Acc(self.x, 1 - getARP(t)))
Requires(WaitLevel() < Level(t))
Ensures(Acc(self.x))
t.join(self.readX)
def a12(self, a: int) -> None:
Requires(Acc(self.x, 1 / 2))
Ensures(Acc(self.x, 1 / 2))
i = 0 # type: int
while i < a:
Invariant(Acc(self.x, 1 / 2))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
t1.join(self.void)
i += 1
def thread_join_no_post_perm(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Joinable(t))
Requires(WaitLevel() < Level(t))
t.join(Cell.incr, decr)
#:: ExpectedOutput(assert.failed:insufficient.permission)
assert cl.val == 116
def join_low(secret: bool) -> None:
c = Cell()
if secret:
t = Thread(target=zero, args=(c, ))
else:
t = Thread(target=one, args=(c, ))
t.start(zero, one)
t.join(zero, one)
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(Low(c.val))
def thread_join_wrong_method(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == Cell.incr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
Requires(WaitLevel() < Level(t))
t.join(decr)
#:: ExpectedOutput(assert.failed:insufficient.permission)
assert cl.val == 116
def thread_join_part_perm(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t), 1 / 2))
Requires(WaitLevel() < Level(t))
t.join(Cell.incr, decr)
assert cl.val == 116
#:: ExpectedOutput(assignment.failed:insufficient.permission)
cl.val = 11
def thread_join_pred_partial(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr_pred)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t), 1 / 2))
Requires(WaitLevel() < Level(t))
Ensures(Joinable(t))
t.join(decr, decr_pred)
Unfold(Acc(cell_pred(cl, 116), 1 / 2))
assert cl.val == 116
#:: ExpectedOutput(unfold.failed:insufficient.permission)
Unfold(Acc(cell_pred(cl, 116), 1 / 2))
def thread_join_pred(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr_pred)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
Requires(WaitLevel() < Level(t))
Ensures(Joinable(t))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(False)
t.join(decr, decr_pred)
Unfold(cell_pred(cl, 116))
assert cl.val == 116
def join2(self, t1: Thread, t2: Thread) -> None:
Requires(t1 is not t2)
Requires(getMethod(t1) == Clazz.readX)
Requires(getMethod(t2) == Clazz.readX)
Requires(getArg(t1, 0) is self)
Requires(getArg(t2, 0) is self)
Requires(Joinable(t1))
Requires(Joinable(t2))
Requires(Acc(ThreadPost(t1)))
Requires(Acc(ThreadPost(t2)))
Requires(WaitLevel() < Level(t1))
Requires(WaitLevel() < Level(t2))
Ensures(Acc(self.x, getARP(t1) + getARP(t2)))
t1.join(self.readX)
t2.join(self.readX)
def do_a_thing(self) -> None:
Requires(Rd(self.l) and Rd(self.c) and self.l.get_locked() is self.c)
Requires(WaitLevel() < Level(self.l))
Ensures(Rd(self.l) and Rd(self.c))
#:: ExpectedOutput(postcondition.violated:assertion.false)|MissingOutput(postcondition.violated:assertion.false, 320)
Ensures(False)
self.l.acquire()
self.c.n += 1
#:: UnexpectedOutput(silicon)(lock.invariant.not.established:assertion.false, 320)
self.l.release()
self.need_value()
t1 = Thread(None, self.need_value, args=())
t2 = Thread(None, self.need_value, args=())
t1.start(self.need_value)
t2.start(self.need_value)
t1.join(self.need_value)
t2.join(self.need_value)
#:: ExpectedOutput(carbon)(assert.failed:assertion.false)
Assert(False) # Carbon does not terminate for the next statement
self.need_value()
self.l.acquire()
self.c.n -= 1
self.l.release()
def a8(self, a: int) -> None:
Requires(Rd(self.x))
Ensures(Rd(self.x))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
t1.join(self.void)
def client_fork(t: Thread) -> None:
#:: ExpectedOutput(invalid.program:invalid.thread.join)
t.join(get)
def thread_join_minimal(t: Thread, cl: Cell) -> None:
Requires(Joinable(t))
Requires(WaitLevel() < Level(t))
t.join(Cell.incr, decr)
#:: ExpectedOutput(assert.failed:insufficient.permission)
assert cl.val == 116