def print_sequence3(t1: Place, n: int) -> Place:
"""Prints n(n-1)...1."""
IOExists1(Place)(lambda t2: (
Requires(n > 0 and token(t1, 2) and print_sequence_io(t1, n, t2) and
MustTerminate(2)),
Ensures(token(t2) and t2 == Result()),
))
t = t1
Open(print_sequence_io(t, n))
t2 = GetGhostOutput(print_sequence_io(t, n), 't_post') # type: Place
while n > 1:
IOExists1(Place)(lambda t_next: (
Invariant(
token(t, 1) and Implies(
n > 1,
print_int_io(t, n, t_next) and print_sequence_io(
t_next, n - 1, t2)) and Implies(
not n > 1, print_int_io(t, n, t2))),
Invariant(MustTerminate(n)),
))
t = print_int(t, n)
n -= 1
Open(print_sequence_io(t, n))
t = print_int(t, n)
return t
def m10(self) -> None:
Requires(Acc(self.a) and MustRelease(self.a, 2))
Requires(WaitLevel() < Level(self.a))
while True:
Invariant(Acc(self.a) and MustRelease(self.a, 1))
Invariant(WaitLevel() < Level(self.a))
self.a.release()
self.a.acquire()
def m2_borrow_rel(self) -> None:
Requires(Acc(self.x) and MustRelease(self.x, 2))
x = 1
while x < 5:
Invariant(Acc(self.x))
Invariant(MustRelease(self.x, 10 - x))
x += 1
self.x.release()
def test2(l: ObjectLock) -> None:
Requires(l is not None)
Requires(MustRelease(l, 3))
Requires(WaitLevel() < Level(l))
while True:
Invariant(MustRelease(l, 1))
Invariant(WaitLevel() < Level(l))
do_release(l)
l.acquire()
def nested4(self) -> None:
x = 1
y = 2
while x < 5:
Invariant(MustTerminate(10 - x))
x += 1
while y < 5:
Invariant(MustTerminate(10 - y))
y += 1
def hidden_obligation_ok() -> None:
Requires(MustTerminate(2))
i = 0
n = 10
while i < n:
Invariant(Implies(i > n, MustTerminate(n+i)))
Invariant(Implies(False, MustTerminate(1)))
Invariant(Implies(i <= n, MustTerminate(n-i+1)))
i = i + 1
def m2_transfer_rel(self) -> None:
Requires(Acc(self.x) and MustRelease(self.x, 2))
x = 1
while x < 5:
Invariant(Acc(self.x))
Invariant(Implies(x < 5, MustRelease(self.x, 10 - x)))
x += 1
if x >= 5:
self.x.release()
def m2(self) -> None:
Requires(MustTerminate(1))
x = 5
while x > 0:
Invariant(MustTerminate(x))
y = 500
while y > 100:
Invariant(MustTerminate(y))
y -= 2
x -= 1
def m11(self) -> None:
Requires(Acc(self.a) and MustRelease(self.a, 2))
Requires(WaitLevel() < Level(self.a))
while True:
Invariant(Acc(self.a) and MustRelease(self.a, 1))
Invariant(WaitLevel() < Level(self.a))
self.a.release()
self.a.acquire()
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def loop3_a() -> None:
Requires(MustTerminate(2))
i = 1
n = 10
while i < n:
Invariant(MustTerminate(n-i+1))
Invariant(i > 0)
#:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations)
i_time(i)
i = i + 1
def test_terminate_keep_promise_3() -> None:
i = 0
while i < 5:
Invariant(MustTerminate(5 - i))
i += 1
j = 0
#:: ExpectedOutput(leak_check.failed:must_terminate.loop_promise_not_kept)
while j < 5:
Invariant(MustTerminate(5 - j))
j -= 1
def test_terminate_promise_4(a: List[int], b: List[int]) -> None:
Requires(MustTerminate(2))
Requires(Acc(list_pred(a)))
Requires(Acc(list_pred(b)))
for i in a:
Invariant(MustTerminate(len(a) - len(Previous(i))))
Invariant(Acc(list_pred(b)))
#:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations)
for j in b:
pass
def nested3(self) -> None:
x = 1
y = 2
while x < 5:
Invariant(MustTerminate(10 - x))
x += 1
#:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations)
while y < 5:
Invariant(True)
y += 1
def nested2(self) -> None:
Requires(MustTerminate(1))
x = 1
y = 1
while x < 5:
Invariant(MustTerminate(10 - x))
x += 1
while y < 5:
Invariant(MustTerminate(20 - y))
y += 1
def f3_a(n: int) -> None:
Requires(n > 1)
Requires(MustTerminate(n))
i = 0
while i < n:
Invariant(MustTerminate(n - i))
Invariant(i >= 0)
over_in_one()
if n - i - 1 > 0:
i_time(n - i - 1)
i += 1
def f6() -> None:
Requires(MustTerminate(5))
i = 0
n = 10
while i < n:
Invariant(MustTerminate(n - i + 1))
i += 1
j = 0
while j < n:
Invariant(MustTerminate(n - j + 1))
j += 1
def m9(self) -> None:
Requires(Acc(self.b) and self.b > 17)
Requires(Acc(self.a) and MustRelease(self.a, self.b))
while self.b > 2:
Invariant(Acc(self.a) and Acc(self.b))
Invariant(Implies(self.b > 4, MustRelease(self.a, self.b)))
if self.b > 4:
self.b -= 1
if self.b == 4:
self.a.release()
def m4(self) -> None:
Requires(MustTerminate(2))
x = 5
while x > 0:
Invariant(MustTerminate(x))
y = 500
while y > 100:
Invariant(MustTerminate(y))
#:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations)
self.d2()
y -= 2
x -= 1
def locks_creating_loop() -> ObjectLock:
Ensures(WaitLevel() < Level(Result()))
l = ObjectLock(object())
i = 0
while i < 5:
Invariant(l is not None)
Invariant(WaitLevel() < Level(l))
l.acquire()
l.release()
l = ObjectLock(object())
i += 1
return l
def continuous3(a: ObjectLock) -> None:
Requires(a is not None)
Requires(WaitLevel() < Level(a))
acq(a)
while True:
Invariant(MustRelease(a, 3))
Invariant(WaitLevel() < Level(a))
a.release()
a.acquire()
reAcq3(a)
def test_loop_condition_framing_2() -> None:
a = A()
l = ObjectLock(object())
l.acquire()
i = 5
while a.steps < 5:
Invariant(Acc(a.steps))
Invariant(MustRelease(l, i))
Invariant(i == 5 - a.steps)
a.steps += 1
i -= 1
l.release()
def await_2(l: ObjectLock) -> None:
Requires(l is not None)
Requires(WaitLevel() < Level(l))
Ensures(MustRelease(l))
l.acquire()
i = 5
while i > 0:
Invariant(MustRelease(l))
Invariant(WaitLevel() < Level(l))
l.release()
l.acquire()
i -= 1
def test_call_non_terminating_5() -> None:
Requires(MustTerminate(2))
i = 0
while i < 5:
Invariant(MustTerminate(5 - i))
i += 1
j = 0
while j < 5:
Invariant(MustTerminate(5 - j))
j += 1
#:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations)
non_terminating()
def await_3(l: Lock[object]) -> None:
Requires(MustRelease(l))
Requires(WaitLevel() < Level(l))
Ensures(MustRelease(l))
i = 5
while i > 0:
#:: ExpectedOutput(invariant.not.established:insufficient.permission)
Invariant(MustRelease(l))
Invariant(WaitLevel() < Level(l))
l.release()
l.acquire()
i -= 1
def nested2(self) -> None:
Requires(Acc(self.x) and MustRelease(self.x, 2))
x = 1
y = 1
while x < 5:
Invariant(Acc(self.x))
Invariant(MustRelease(self.x, 10 - x))
x += 1
while y < 5:
Invariant(MustTerminate(20 - y))
y += 1
self.x.release()
def locks_creating_loop_error(n: int) -> ObjectLock:
l = ObjectLock(object())
i = 0
while i < n:
Invariant(l is not None)
Invariant(WaitLevel() < Level(l))
l.acquire()
#don't release
if (i + 2 < n):
l.release()
l = ObjectLock(object())
i += 1
return l
def nested1_after_inner(self) -> None:
Requires(Acc(self.x) and MustRelease(self.x, 2))
x = 1
y = 1
while x < 5:
Invariant(Acc(self.x))
Invariant(Implies(x < 5, MustRelease(self.x, 10 - x)))
x += 1
#:: ExpectedOutput(leak_check.failed:loop_context.has_unsatisfied_obligations)
while y < 5:
y += 1
if x == 5:
self.x.release()
def nested2_after_inner(self) -> None:
Requires(Acc(self.x) and MustRelease(self.x, 2))
x = 1
y = 1
while x < 5:
Invariant(Acc(self.x))
Invariant(Implies(x < 5, MustRelease(self.x, 10 - x)))
x += 1
while y < 5:
Invariant(MustTerminate(20 - y))
y += 1
if x == 5:
self.x.release()
def continuous2(a: ObjectLock) -> None:
Requires(a is not None)
Requires(WaitLevel() < Level(a))
acq(a)
while True:
#:: ExpectedOutput(invariant.not.preserved:insufficient.permission)
Invariant(MustRelease(a, 3))
Invariant(WaitLevel() < Level(a))
a.release()
a.acquire()
reAcq2(a)
def test_loop_condition_framing_1() -> None:
a = A()
l = ObjectLock(object())
l.acquire()
i = 5
while a.steps < 5:
#:: ExpectedOutput(not.wellformed:loop_condition.not_framed_for_obligation_use)
Invariant(MustRelease(l, i))
Invariant(Acc(a.steps))
Invariant(i == 5 - a.steps)
a.steps += 1
i -= 1
l.release()
