def initialize_field_statements(self, message: Message, field: Field) -> Sequence[Statement]:
return [
CallStatement("Reset_Dependent_Fields", [Name("Ctx"), Name(field.affixed_name)],),
Assignment(
"Ctx",
Aggregate(
Selected("Ctx", "Buffer_First"),
Selected("Ctx", "Buffer_Last"),
Selected("Ctx", "First"),
Name("Last"),
Selected("Ctx", "Buffer"),
Selected("Ctx", "Cursors"),
),
),
# WORKAROUND:
# Limitation of GNAT Community 2019 / SPARK Pro 20.0
# Provability of predicate is increased by adding part of
# predicate as assert
PragmaStatement(
"Assert", [str(self.message_structure_invariant(message, prefix=True))],
),
Assignment(
Indexed(Selected("Ctx", "Cursors"), Name(field.affixed_name)),
NamedAggregate(
("State", Name("S_Structural_Valid")),
("First", Name("First")),
("Last", Name("Last")),
("Value", NamedAggregate(("Fld", Name(field.affixed_name))),),
(
"Predecessor",
Selected(
Indexed(Selected("Ctx", "Cursors"), Name(field.affixed_name),),
"Predecessor",
),
),
),
),
Assignment(
Indexed(
Selected("Ctx", "Cursors"),
Call("Successor", [Name("Ctx"), Name(field.affixed_name)]),
),
NamedAggregate(
("State", Name("S_Invalid")), ("Predecessor", Name(field.affixed_name)),
),
),
]
def bounded_composite_setter_preconditions(message: Message,
field: Field) -> Sequence[Expr]:
return [
Call(
"Field_Condition",
[
Variable("Ctx"),
NamedAggregate(("Fld", Variable(field.affixed_name)))
] + ([Variable("Length")]
if common.length_dependent_condition(message) else []),
),
GreaterEqual(
Call("Available_Space",
[Variable("Ctx"),
Variable(field.affixed_name)]),
Variable("Length"),
),
LessEqual(
Add(
Call("Field_First",
[Variable("Ctx"),
Variable(field.affixed_name)]),
Variable("Length"),
),
Div(Last(const.TYPES_BIT_INDEX), Number(2)),
),
Or(*[
And(
*[
Call("Valid",
[Variable("Ctx"),
Variable(field.affixed_name)])
for field in message.fields
if Variable(field.name) in l.condition.variables()
],
l.condition.substituted(
mapping={
Variable(field.name): Call(f"Get_{field.name}",
[Variable("Ctx")])
for field in message.fields
if Variable(field.name) in l.condition.variables()
}),
) for l in message.incoming(field)
if Last("Message") in l.length
]),
Equal(
Mod(
Call("Field_First",
[Variable("Ctx"),
Variable(field.affixed_name)]),
Size(const.TYPES_BYTE),
),
Number(1),
),
Equal(
Mod(Variable("Length"), Size(const.TYPES_BYTE)),
Number(0),
),
]
def test_named_aggregate_substituted() -> None:
assert_equal(
NamedAggregate(("First", First("X"))).substituted(
lambda x: Number(42) if x == NamedAggregate(("First", First("X"))) else x
),
Number(42),
)
assert_equal(
NamedAggregate(("First", First("X"))).substituted(
lambda x: Number(42) if x == First("X") else x
),
NamedAggregate(("First", Number(42))),
)
assert_equal(
NamedAggregate(("First", First("X"))).substituted(
lambda x: Variable(f"P_{x}")
if isinstance(x, Variable)
else (
NamedAggregate(*[*x.elements, (ID("Last"), Last("Y"))])
if isinstance(x, NamedAggregate)
else x
)
),
NamedAggregate(("First", First("P_X")), ("Last", Last("P_Y"))),
)
def unbounded_composite_setter_preconditions(
self, message: Message, field: Field
) -> Sequence[Expr]:
return [
Call(
"Field_Condition",
[Name("Ctx"), NamedAggregate(("Fld", Name(field.affixed_name)))]
+ (
[Call("Field_Length", [Name("Ctx"), Name(field.affixed_name)],)]
if length_dependent_condition(message)
else []
),
),
self.common.sufficient_space_for_field_condition(Name(field.affixed_name)),
]
def result(field: Field, message: Message) -> NamedAggregate:
aggregate: List[Tuple[str, Expr]] = [("Fld", Name(field.affixed_name))]
if field in message.fields and isinstance(message.types[field], Scalar):
aggregate.append(
(
f"{field.name}_Value",
Call(
"Extract",
[
Slice("Ctx.Buffer.all", Name("Buffer_First"), Name("Buffer_Last")),
Name("Offset"),
],
),
)
)
return NamedAggregate(*aggregate)
def bounded_composite_setter_preconditions(
self, message: Message, field: Field
) -> Sequence[Expr]:
return [
Call(
"Field_Condition",
[Name("Ctx"), NamedAggregate(("Fld", Name(field.affixed_name)))]
+ ([Name("Length")] if length_dependent_condition(message) else []),
),
GreaterEqual(
Call("Available_Space", [Name("Ctx"), Name(field.affixed_name)]), Name("Length"),
),
LessEqual(
Add(Call("Field_First", [Name("Ctx"), Name(field.affixed_name)]), Name("Length"),),
Div(Last(self.types.bit_index), Number(2)),
),
Or(
*[
And(
*[
Call("Valid", [Name("Ctx"), Name(field.affixed_name)])
for field in message.fields
if Variable(field.name) in l.condition.variables()
],
l.condition.simplified(
{
Variable(field.name): Call(f"Get_{field.name}", [Name("Ctx")])
for field in message.fields
if Variable(field.name) in l.condition.variables()
}
),
)
for l in message.incoming(field)
if Last("Message") in l.length
]
),
]
def unbounded_composite_setter_preconditions(
message: Message, field: Field) -> Sequence[Expr]:
return [
Call(
"Field_Condition",
[
Variable("Ctx"),
NamedAggregate(("Fld", Variable(field.affixed_name)))
] + ([
Call(
"Field_Length",
[Variable("Ctx"),
Variable(field.affixed_name)],
)
] if common.length_dependent_condition(message) else []),
),
common.sufficient_space_for_field_condition(
Variable(field.affixed_name)),
Equal(
Mod(
Call("Field_First",
[Variable("Ctx"),
Variable(field.affixed_name)]),
Size(const.TYPES_BYTE),
),
Number(1),
),
Equal(
Mod(
Call("Field_Length",
[Variable("Ctx"),
Variable(field.affixed_name)]),
Size(const.TYPES_BYTE),
),
Number(0),
),
]
def create_scalar_setter_procedures(
self, message: Message, scalar_fields: Mapping[Field, Scalar]
) -> UnitPart:
def specification(field: Field, field_type: Type) -> ProcedureSpecification:
type_name = (
field_type.enum_name
if isinstance(field_type, Enumeration) and field_type.always_valid
else field_type.name
)
return ProcedureSpecification(
f"Set_{field.name}",
[
InOutParameter(["Ctx"], "Context"),
Parameter(["Val"], f"{message.package}.{type_name}"),
],
)
return UnitPart(
[
SubprogramDeclaration(
specification(f, t),
[
Precondition(
AndThen(
*self.setter_preconditions(f),
Call(
"Field_Condition",
[
Name("Ctx"),
Aggregate(
Name(f.affixed_name),
Name("Val")
if not isinstance(t, Enumeration)
else Call("Convert", [Name("Val")]),
),
],
),
Call("Valid", [Name("Val")])
if not isinstance(t, Enumeration)
else TRUE,
self.common.sufficient_space_for_field_condition(
Name(f.affixed_name)
),
)
),
Postcondition(
And(
VALID_CONTEXT,
Call("Has_Buffer", [Name("Ctx")]),
Call("Valid", [Name("Ctx"), Name(f.affixed_name)]),
Equal(
Call(f"Get_{f.name}", [Name("Ctx")]),
Aggregate(TRUE, Name("Val"))
if isinstance(t, Enumeration) and t.always_valid
else Name("Val"),
),
*self.setter_postconditions(message, f, t),
*[
Equal(
Call("Cursor", [Name("Ctx"), Name(p.affixed_name)]),
Old(Call("Cursor", [Name("Ctx"), Name(p.affixed_name)])),
)
for p in message.predecessors(f)
],
)
),
],
)
for f, t in scalar_fields.items()
],
[
SubprogramBody(
specification(f, t),
[
ObjectDeclaration(
["Field_Value"],
"Field_Dependent_Value",
Aggregate(
Name(f.affixed_name),
Name("Val")
if not isinstance(t, Enumeration)
else Call("Convert", [Name("Val")]),
),
True,
),
ObjectDeclaration(["First", "Last"], self.types.bit_index),
],
[
CallStatement(
"Reset_Dependent_Fields", [Name("Ctx"), Name(f.affixed_name)],
),
CallStatement(
"Set_Field_Value",
[Name("Ctx"), Name("Field_Value"), Name("First"), Name("Last")],
),
Assignment(
"Ctx",
Aggregate(
Selected("Ctx", "Buffer_First"),
Selected("Ctx", "Buffer_Last"),
Selected("Ctx", "First"),
Name("Last"),
Selected("Ctx", "Buffer"),
Selected("Ctx", "Cursors"),
),
),
Assignment(
Indexed(Selected("Ctx", "Cursors"), Name(f.affixed_name)),
NamedAggregate(
("State", Name("S_Valid")),
("First", Name("First")),
("Last", Name("Last")),
("Value", Name("Field_Value")),
(
"Predecessor",
Selected(
Indexed(Selected("Ctx", "Cursors"), Name(f.affixed_name)),
"Predecessor",
),
),
),
),
Assignment(
Indexed(
Selected("Ctx", "Cursors"),
Call("Successor", [Name("Ctx"), Name(f.affixed_name)]),
),
NamedAggregate(
("State", Name("S_Invalid")), ("Predecessor", Name(f.affixed_name)),
),
),
],
)
for f, t in scalar_fields.items()
],
)
def create_verify_procedure(self, message: Message,
context_invariant: Sequence[Expr]) -> UnitPart:
specification = ProcedureSpecification(
"Verify",
[InOutParameter(["Ctx"], "Context"),
Parameter(["Fld"], "Field")])
valid_field_condition = And(
Call(
"Valid_Value",
[Variable("Value")],
),
Call(
"Field_Condition",
[
Variable("Ctx"),
Variable("Value"),
*([
Call(
"Field_Length",
[Variable("Ctx"), Variable("Fld")])
] if common.length_dependent_condition(message) else []),
],
),
)
set_cursors_statements = [
IfStatement(
[(
Call("Composite_Field", [Variable("Fld")]),
[
Assignment(
Indexed(Variable("Ctx.Cursors"), Variable("Fld")),
NamedAggregate(
("State", Variable("S_Structural_Valid")),
(
"First",
Call("Field_First",
[Variable("Ctx"),
Variable("Fld")]),
),
(
"Last",
Call("Field_Last",
[Variable("Ctx"),
Variable("Fld")]),
),
("Value", Variable("Value")),
(
"Predecessor",
Selected(
Indexed(Variable("Ctx.Cursors"),
Variable("Fld")),
"Predecessor",
),
),
),
)
],
)],
[
Assignment(
Indexed(Variable("Ctx.Cursors"), Variable("Fld")),
NamedAggregate(
("State", Variable("S_Valid")),
("First",
Call("Field_First",
[Variable("Ctx"),
Variable("Fld")])),
("Last",
Call("Field_Last",
[Variable("Ctx"),
Variable("Fld")])),
("Value", Variable("Value")),
(
"Predecessor",
Selected(
Indexed(Variable("Ctx.Cursors"),
Variable("Fld")), "Predecessor"),
),
),
)
],
),
# WORKAROUND:
# Limitation of GNAT Community 2019 / SPARK Pro 20.0
# Provability of predicate is increased by adding part of
# predicate as assert
PragmaStatement("Assert", [
str(common.message_structure_invariant(message, self.prefix))
]),
# WORKAROUND:
# Limitation of GNAT Community 2019 / SPARK Pro 20.0
# Provability of predicate is increased by splitting
# assignment in multiple statements
IfStatement([(
Equal(Variable("Fld"), Variable(f.affixed_name)),
[
Assignment(
Indexed(
Variable("Ctx.Cursors"),
Call("Successor",
[Variable("Ctx"),
Variable("Fld")]),
),
NamedAggregate(
("State", Variable("S_Invalid")),
("Predecessor", Variable("Fld")),
),
)
],
) for f in message.fields]),
]
return UnitPart(
[
SubprogramDeclaration(
specification,
[
Postcondition(
And(
Equal(
Call("Has_Buffer", [Variable("Ctx")]),
Old(Call("Has_Buffer", [Variable("Ctx")])),
),
*context_invariant,
)),
],
)
],
[
SubprogramBody(
specification,
[ObjectDeclaration(["Value"], "Field_Dependent_Value")],
[
IfStatement([(
AndThen(
Call("Has_Buffer", [Variable("Ctx")]),
Call(
"Invalid",
[
Indexed(Variable("Ctx.Cursors"),
Variable("Fld"))
],
),
Call("Valid_Predecessor",
[Variable("Ctx"),
Variable("Fld")]),
Call("Path_Condition",
[Variable("Ctx"),
Variable("Fld")]),
),
[
IfStatement(
[(
Call(
"Sufficient_Buffer_Length",
[Variable("Ctx"),
Variable("Fld")],
),
[
Assignment(
"Value",
Call(
"Get_Field_Value",
[
Variable("Ctx"),
Variable("Fld")
],
),
),
IfStatement(
[(
valid_field_condition,
set_cursors_statements,
)],
[
Assignment(
Indexed(
Variable(
"Ctx.Cursors"),
Variable("Fld"),
),
NamedAggregate(
(
"State",
Variable(
"S_Invalid"
),
),
(
"Predecessor",
Variable(
FINAL.
affixed_name
),
),
),
)
],
),
],
)],
[
Assignment(
Indexed(Variable("Ctx.Cursors"),
Variable("Fld")),
NamedAggregate(
("State",
Variable("S_Incomplete")),
(
"Predecessor",
Variable(
FINAL.affixed_name),
),
),
)
],
)
],
)], )
],
)
],
)
def test_named_aggregate_simplified(self) -> None:
self.assertEqual(
NamedAggregate(("Last", Last("X"))).simplified({Last("X"): Number(42)}),
NamedAggregate(("Last", Number(42))),
)
def create_composite_setter_empty_procedures(self,
message: Message) -> UnitPart:
def specification(field: Field) -> ProcedureSpecification:
return ProcedureSpecification(f"Set_{field.name}_Empty",
[InOutParameter(["Ctx"], "Context")])
return UnitPart(
[
*[
SubprogramDeclaration(
specification(f),
[
Precondition(
AndThen(
*self.setter_preconditions(f),
*self.
unbounded_composite_setter_preconditions(
message, f),
Equal(
Call(
"Field_Length",
[
Variable("Ctx"),
Variable(f.affixed_name)
],
),
Number(0),
),
)),
Postcondition(
And(*self.composite_setter_postconditions(
message, f))),
],
) for f, t in message.types.items()
if message.is_possibly_empty(f)
],
],
[
SubprogramBody(
specification(f),
[
ObjectDeclaration(
["First"],
const.TYPES_BIT_INDEX,
Call("Field_First",
[Variable("Ctx"),
Variable(f.affixed_name)]),
True,
),
ObjectDeclaration(
["Last"],
const.TYPES_BIT_INDEX,
Call("Field_Last",
[Variable("Ctx"),
Variable(f.affixed_name)]),
True,
),
],
[
CallStatement(
"Reset_Dependent_Fields",
[Variable("Ctx"),
Variable(f.affixed_name)],
),
Assignment(
"Ctx",
Aggregate(
Variable("Ctx.Buffer_First"),
Variable("Ctx.Buffer_Last"),
Variable("Ctx.First"),
Variable("Last"),
Variable("Ctx.Buffer"),
Variable("Ctx.Cursors"),
),
),
Assignment(
Indexed(Variable("Ctx.Cursors"),
Variable(f.affixed_name)),
NamedAggregate(
("State", Variable("S_Valid")),
("First", Variable("First")),
("Last", Variable("Last")),
("Value",
NamedAggregate(
("Fld", Variable(f.affixed_name)))),
(
"Predecessor",
Selected(
Indexed(Variable("Ctx.Cursors"),
Variable(f.affixed_name)),
"Predecessor",
),
),
),
),
Assignment(
Indexed(
Variable("Ctx.Cursors"),
Call("Successor", [
Variable("Ctx"),
Variable(f.affixed_name)
]),
),
NamedAggregate(
("State", Variable("S_Invalid")),
("Predecessor", Variable(f.affixed_name)),
),
),
],
) for f, t in message.types.items()
if message.is_possibly_empty(f)
],
)
def create_scalar_setter_procedures(
self, message: Message,
scalar_fields: Mapping[Field, Scalar]) -> UnitPart:
def specification(field: Field,
field_type: Type) -> ProcedureSpecification:
if field_type.package == BUILTINS_PACKAGE:
type_name = ID(field_type.name)
elif isinstance(field_type,
Enumeration) and field_type.always_valid:
type_name = common.prefixed_type_name(
common.full_enum_name(field_type), self.prefix)
else:
type_name = common.prefixed_type_name(field_type.identifier,
self.prefix)
return ProcedureSpecification(
f"Set_{field.name}",
[
InOutParameter(["Ctx"], "Context"),
Parameter(["Val"], type_name)
],
)
return UnitPart(
[
SubprogramDeclaration(
specification(f, t),
[
Precondition(
AndThen(
*self.setter_preconditions(f),
Call(
"Field_Condition",
[
Variable("Ctx"),
Aggregate(
Variable(f.affixed_name),
Call("To_Base", [Variable("Val")]),
),
],
),
Call("Valid",
[Call("To_Base", [Variable("Val")])])
if not isinstance(t, Enumeration) else TRUE,
common.sufficient_space_for_field_condition(
Variable(f.affixed_name)),
)),
Postcondition(
And(
Call("Has_Buffer", [Variable("Ctx")]),
Call("Valid", [
Variable("Ctx"),
Variable(f.affixed_name)
]),
Equal(
Call(f"Get_{f.name}", [Variable("Ctx")]),
Aggregate(TRUE, Variable("Val"))
if isinstance(t, Enumeration)
and t.always_valid else Variable("Val"),
),
*self.setter_postconditions(message, f),
*[
Equal(
Call(
"Context_Cursor",
[
Variable("Ctx"),
Variable(p.affixed_name)
],
),
Old(
Call(
"Context_Cursor",
[
Variable("Ctx"),
Variable(p.affixed_name)
],
)),
) for p in message.predecessors(f)
],
)),
],
) for f, t in scalar_fields.items()
],
[
SubprogramBody(
specification(f, t),
[
ObjectDeclaration(
["Field_Value"],
"Field_Dependent_Value",
Aggregate(
Variable(f.affixed_name),
Call("To_Base", [Variable("Val")]),
),
True,
),
ObjectDeclaration(["First", "Last"],
const.TYPES_BIT_INDEX),
],
[
CallStatement(
"Reset_Dependent_Fields",
[Variable("Ctx"),
Variable(f.affixed_name)],
),
CallStatement(
"Set_Field_Value",
[
Variable("Ctx"),
Variable("Field_Value"),
Variable("First"),
Variable("Last"),
],
),
Assignment(
"Ctx",
Aggregate(
Variable("Ctx.Buffer_First"),
Variable("Ctx.Buffer_Last"),
Variable("Ctx.First"),
Variable("Last"),
Variable("Ctx.Buffer"),
Variable("Ctx.Cursors"),
),
),
Assignment(
Indexed(Variable("Ctx.Cursors"),
Variable(f.affixed_name)),
NamedAggregate(
("State", Variable("S_Valid")),
("First", Variable("First")),
("Last", Variable("Last")),
("Value", Variable("Field_Value")),
(
"Predecessor",
Selected(
Indexed(Variable("Ctx.Cursors"),
Variable(f.affixed_name)),
"Predecessor",
),
),
),
),
Assignment(
Indexed(
Variable("Ctx.Cursors"),
Call("Successor", [
Variable("Ctx"),
Variable(f.affixed_name)
]),
),
NamedAggregate(
("State", Variable("S_Invalid")),
("Predecessor", Variable(f.affixed_name)),
),
),
],
) for f, t in scalar_fields.items()
],
)
def test_named_aggregate_simplified() -> None:
assert_equal(
NamedAggregate(("First", Add(Number(1), Number(1)))).simplified(),
NamedAggregate(("First", Number(2))),
)