def main(t1: Place, lib: StandardLibrary) -> Place:
IOExists2(Place, Place)(lambda t2, t3: (
Requires(
token(t1) and stdlib(lib, t1, t1) and stdlib_putchar_io(
t1, 'h', t2) and stdlib_putchar_io(t2, 'i', t3) and
MustTerminate(4)),
Ensures(token(t3, 10) and stdlib(lib, t3, t3) and t3 == Result()),
))
t2, t_postponed = stdlib_putchar(lib, 'h', t1, t1)
t3, t_postponed = stdlib_putchar(lib, 'i', t2, t_postponed)
stdlib_flush_stdout(lib, t3, t_postponed)
return t_postponed
def ensure_dir_exists_io2(
t_pre: Place,
path: str,
exception: OSErrorWrapper = Result(),
t_post: Place = Result()
) -> bool:
"""Ensure that directory exists IO.
This IO allows the implementation to propagate exceptions. However,
it strictly specifies which exceptions can be propagated (in this
case only ``ex1``).
"""
Terminates(True)
TerminationMeasure(2)
return IOExists4(OSErrorWrapper, OSErrorWrapper, Place, bool)(
lambda ex1, ex2, t2, is_dir_res: (mkdir_io(t_pre, path, ex1, t2) and (
(no_op_io(t2, t_post) and exception is None) if ex1 is None else
(is_dir_io(t2, path, ex2, is_dir_res, t_post) and
((Implies(is_dir_res, exception is None) and Implies(
not is_dir_res, exception is ex1))
if ex2 is None else (exception == ex1))))))
def locks_creating_loop() -> ObjectLock:
Ensures(WaitLevel() < Level(Result()))
l = ObjectLock(object())
i = 0
while i < 5:
Invariant(l is not None)
Invariant(WaitLevel() < Level(l))
l.acquire()
l.release()
l = ObjectLock(object())
i += 1
return l
def test(t1: Place) -> int:
IOExists1(bool)(
lambda value: (
Requires(
#:: ExpectedOutput(invalid.program:invalid.io_existential_var.defining_expression_type_mismatch)
do_io(t1, value)
),
Ensures(
value == Result()
),
)
)
def write_int1(self, t1: Place, value: int) -> Place:
"""Defining getter is not heap dependent."""
IOExists1(Place)(lambda t2: (
Requires(
token(t1, 2) and Acc(self.int_field, 1 / 2) and write_int_io(
t1, value, t2) and write_int_io(t1, self.int_field, t2)),
Ensures(token(t2) and t2 == Result()),
))
t2 = write_int(t1, value)
return t2
def write_int2(self, t1: Place, value: int) -> Place:
IOExists1(Place)(lambda t2: (
Requires(
token(t1, 2) and Acc(self.int_field, 1 / 2) and write_int_io(
t1, self.int_field, t2)),
Ensures(
Acc(self.int_field, 1 / 2) and token(t2) and t2 == Result()),
))
t2 = write_int(t1, self.int_field)
return t2
def read_write_int1(t1: Place) -> Place:
IOExists3(Place, Place, int)(lambda t2, t3, value: (
Requires(
token(t1, 2) and read_int_io(t1, value, t2) and write_int_io(
t2, value, t3)),
Ensures(token(t3) and t3 == Result()),
))
t2, number = read_int(t1)
t3 = write_int(t2, number)
return t3
def write_two_ints_io(
t_pre: Place,
t_post: Place = Result(),
) -> bool:
Terminates(False)
return IOForall(int,
lambda value: IOExists(Place)(
lambda t2: (
write_int_io(t_pre, value, t2) and
write_int_io(t2, value * 2, t_post)
)
))
def ensure_dir_exists2(t1: Place, path: str) -> Place:
IOExists2(Place, OSErrorWrapper)(
lambda t2, ex: (
Requires(
path is not None and
token(t1, 2) and
ensure_dir_exists_io2(t1, path, ex, t2) and
MustTerminate(2)
),
Ensures(
token(t2) and t2 == Result() and ex is None
),
Exsures(OSErrorWrapper,
#:: UnexpectedOutput(postcondition.violated:assertion.false,55) | UnexpectedOutput(carbon)(postcondition.violated:assertion.false,168)
ex is RaisedException() and
Acc(ex.place) and ex.place == t2 and token(t2) and
Acc(ex.exception) and isinstance(ex.exception, Exception)
),
)
)
Open(ensure_dir_exists_io2(t1, path))
res = True
try:
t3 = mkdir(t1, path)
t2 = NoOp(t3)
return t2
except OSErrorWrapper as ex1:
try:
res, t2 = is_dir(ex1.place, path)
except OSErrorWrapper as ex2:
raise ex1
else:
if not res:
raise ex1
else:
return t2
def from_values(cls, isd_as, host) -> 'SCIONAddr': # pragma: no cover
Ensures(Result().State())
"""
Create an instance of the class SCIONAddr.
:param ISD_AS isd_as: ISD-AS identifier.
:param HostAddrBase host: host address
"""
assert isinstance(host, HostAddrBase)
addr = cls()
addr.isd_as = isd_as
addr.host = host
return addr
def read_int_twice1(t1: Place) -> Tuple[Place, int, int]:
IOExists3(Place, int, int)(
lambda t2, value1, value2: (
Requires(
token(t1, 2) and
read_int_twice_io(t1, value1, value2, t2)
),
Ensures(
token(t2) and
t2 == Result()[0] and
value1 == Result()[1] and
value2 == Result()[2]
),
)
)
Open(read_int_twice_io(t1))
t2, number1 = read_int(t1)
t3, number2 = read_int(t2)
return t3, number1, number2
def write_string(t1: Place, value: str) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 1) and
write_string_io(t1, value, t2)
),
Ensures(
token(t2) and
t2 == Result()
),
)
)
def is_dir(t1: Place, path: str) -> Tuple[bool, Place]:
IOExists3(Place, OSErrorWrapper, bool)(
lambda t2, ex, success: (
Requires(
path is not None and
token(t1, 1) and
is_dir_io(t1, path, ex, success, t2) and
MustTerminate(1)
),
Ensures(
token(t2) and
t2 == Result()[1] and
ex is None and
success == Result()[0]
),
Exsures(OSErrorWrapper,
ex is RaisedException() and
Acc(ex.place) and ex.place == t2 and token(t2) and
Acc(ex.exception) and isinstance(ex.exception, Exception)
),
)
)
def read_int_twice2(t1: Place) -> Tuple[Place, int, int]:
IOExists3(Place, int, int)(
lambda t2, value1, value2: (
Requires(
token(t1, 2) and
read_int_twice_io(t1, value1, value2, t2)
),
Ensures(
#:: ExpectedOutput(postcondition.violated:assertion.false)
token(t2) and
t2 == Result()[0] and
value1 == Result()[1] and
value2 == Result()[2]
),
)
)
Open(read_int_twice_io(t1))
t2, number1 = read_int(t1)
t3, number2 = read_int(t2)
return t3, number2, number1
def print_int(t1: Place, value: int) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 1) and
print_io(t1, value, t2) and
MustTerminate(1)
),
Ensures(
token(t2) and
t2 == Result()
)
)
)
def write_int_twice_io(
t_pre: Place,
number1: int,
number2: int,
t_post: Place = Result(),
) -> bool:
Terminates(True)
TerminationMeasure(2)
return IOExists1(Place)(
lambda t2: (
write_int_io(t_pre, number1, t2) and
write_int_io(t2, number2, t_post)
)
)
def SetVar(t_pre: Place, value: int) -> Tuple[int, Place]:
"""Perform ``set_var_io``.
.. note::
Mypy does not allow generics as function arguments. Therefore,
we have to use a concrete type for ``value``.
"""
IOExists2(Place, int)(
lambda t_post, result: (
Requires(
token(t_pre, 1) and
set_var_io(t_pre, value, result, t_post) and
MustTerminate(1)
),
Ensures(
token(t_post) and
t_post == Result()[1] and
result == Result()[0] and
value == result
),
)
)
def ensure_dir_exists(t1: Place, path: str) -> Tuple[bool, Place]:
IOExists2(Place, bool)(
lambda t2, success: (
Requires(
path is not None and
token(t1, 2) and
ensure_dir_exists_io(t1, path, success, t2) and
MustTerminate(2)
),
Ensures(
token(t2) and t2 == Result()[1] and
Result()[0] == success
),
)
)
Open(ensure_dir_exists_io(t1, path))
try:
t3 = mkdir(t1, path)
t2 = NoOp(t3)
return True, t2
except OSErrorWrapper as ex1:
try:
res, t2 = is_dir(ex1.place, path)
return res, t2
except OSErrorWrapper as ex2:
return False, ex2.place
def close(t1: Place, socket: Socket) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 1) and
close_io(t1, socket, t2) and
socket != None and
MustTerminate(1)
),
Ensures(
token(t2) and
t2 == Result()
),
)
)
def NoOp(t_pre: Place) -> Place:
"""Perform ``no_op_io``."""
IOExists1(Place)(
lambda t_post: (
Requires(
token(t_pre, 1) and
no_op_io(t_pre, t_post) and
MustTerminate(1)
),
Ensures(
token(t_post) and
t_post == Result()
),
)
)
def stdlib_putchar(lib: StandardLibrary, c: str, t1: Place,
t_postponed: Place) -> Tuple[Place, Place]:
IOExists2(Place, Place)(lambda t1_new, t2: (
Requires(
token(t1, 2) and stdlib(lib, t1, t_postponed) and
stdlib_putchar_io(t_postponed, c, t2) and MustTerminate(2)),
Ensures(t1_new == Result()[0] and t2 == Result()[1] and stdlib(
lib, t1_new, t2) and token(t1_new, 2)),
))
Unfold(stdlib(lib, t1, t_postponed))
Open(stdlib_putchar_io(t_postponed, c))
if lib.buffer_size == 1:
t2 = syscall_putchar(t1, lib.buffer)
t3 = syscall_putchar(t2, c)
lib.buffer_size = 0
Fold(stdlib(lib, t3, t3))
return t3, t3
else:
lib.buffer = c
lib.buffer_size = 1
t4 = GetGhostOutput(stdlib_putchar_io(t_postponed, c),
't_post') # type: Place
Fold(stdlib(lib, t1, t4))
return t1, t4
def read_write_int2(t1: Place) -> Place:
IOExists6(Place, Place, Place, Place, int,
int)(lambda t2, t3, t4, t5, value1, value2: (
Requires(
token(t1, 2) and read_int_io(t1, value1, t2) and
read_int_io(t2, value2, t3) and write_int_io(
t3, value1, t4) and write_int_io(t4, value2, t5)),
Ensures(token(t5) and t5 == Result()),
))
t2, number1 = read_int(t1)
t3, number2 = read_int(t2)
t4 = write_int(t3, number1)
t5 = write_int(t4, number2)
return t5
def send(t1: Place, socket: Socket, data: str) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 1) and
send_io(t1, socket, data, t2) and
data is not None and
socket != None and
MustTerminate(1)
),
Ensures(
token(t2) and
t2 == Result()
),
)
)
def hello3(t1: Place) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 1) and
write_string_io(t1, "Hello World!", t2)
),
Ensures(
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
token(t2) and
t2 == Result()
),
)
)
return t1
def Join(t_pre1: Place, t_pre2: Place) -> Place:
"""Perform ``join_io``."""
IOExists1(Place)(
lambda t_post: (
Requires(
token(t_pre1, 1) and
token(t_pre2, 1) and
join_io(t_pre1, t_pre2, t_post) and
MustTerminate(1)
),
Ensures(
token(t_post) and
t_post == Result()
),
)
)
def write_int1(self, t1: Place, value: int) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 2) and Acc(self.int_field, 1 / 2) and
write_int_io(t1, self.int_field, t2)),
Ensures(
# Getter is heap dependent, therefore need access to
# self.int_field.
Acc(self.int_field, 1 / 2) and token(t2) and t2 == Result(
)),
))
t2 = write_int(t1, self.int_field)
return t2
def hello(t1: Place) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
token(t1, 2) and
write_string_io(t1, "Hello World!", t2)
),
Ensures(
token(t2) and
t2 == Result()
)
)
)
t2 = write_string(t1, "Hello World!")
return t2
def write_non_negative(t1: Place) -> Place:
IOExists3(Place, Place, int)(lambda t2, t3, value: (
Requires(
token(t1, 2) and read_int_io(t1, value, t2) and
(write_int_io(t2, value, t3)
if value >= 0 else write_int_io(t2, -value, t3))),
Ensures(token(t3) and t3 == Result()),
))
t2, number = read_int(t1)
if number >= 0:
t3 = write_int(t2, number)
else:
t3 = write_int(t2, -number)
return t3
def test(t1: Place) -> Place:
IOExists1(Place)(lambda t_end: (
Requires(token(t1, 2) and test_io(t1, t_end)),
Ensures(token(t_end) and t_end == Result()),
))
Open(test_io(t1))
t2 = NoOp(t1)
t3, t4 = Split(t2)
res, t5 = SetVar(t4, 1)
t6 = Join(t3, t5)
t_end = NoOp(t6)
Assert(res == 1)
return t_end
def write_int(self, b: bool, t1: Place) -> Place:
IOExists1(Place)(
lambda t2: (
Requires(
#:: ExpectedOutput(not.wellformed:insufficient.permission)|ExpectedOutput(carbon)(not.wellformed:insufficient.permission)
token(t1, 2) and
((Acc(self.int_field1, 1 / 2) and write_int_io(
t1, self.int_field1, t2))
if b else (Acc(self.int_field2, 1 / 2) and write_int_io(
t1, self.int_field2, t2)))),
Ensures((Acc(self.int_field1, 1 / 2) if b else Acc(
self.int_field2, 1 / 2)) and token(t2) and t2 == Result()),
))
t2 = write_int(t1, self.int_field1)
return t2
