def client_fork(t: Thread, l: BaseLock) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == noop) Requires(l is getArg(t, 0)) Ensures(WaitLevel() < Level(t)) #:: ExpectedOutput(invalid.program:invalid.thread.start) t.start(noop)
def fork_lowevent(secret: bool) -> None: if secret: t = Thread(target=printZero, args=()) else: t = Thread(target=printOne, args=()) #:: ExpectedOutput(thread.start.failed:assertion.false) t.start(printZero, printOne)
def a10(self, a: int) -> None: Requires(Rd(self.x)) Ensures(Implies(a == 3, Rd(self.x))) t1 = Thread(None, self.void, args=()) t1.start(self.void) if 3 == a: t1.join(self.void)
def a9(self, a: int) -> None: Requires(Rd(self.x)) #:: ExpectedOutput(postcondition.violated:insufficient.permission) Ensures(Rd(self.x)) t1 = Thread(None, self.dispose_rd, args=()) t1.start(self.dispose_rd) t1.join(self.dispose_rd)
def client_fork_wrong_mayjoin(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == Cell.incr) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(postcondition.violated:assertion.false) Ensures(Joinable(t)) t.start(decr, Cell.incr)
def client_fork_wrong_thread_post(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == Cell.incr) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(postcondition.violated:insufficient.permission) Ensures(Acc(ThreadPost(t))) t.start(decr, Cell.incr)
def client_fork_wrong_old_2(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == Cell.incr) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(postcondition.violated:assertion.false) Ensures(getOld(t, arg(0).val) == 14) cell.val = 12 t.start(decr, Cell.incr)
def join_low_dyn_bound(secret: bool) -> None: if secret: x = A() else: x = B() t = Thread(target=x.foo, args=()) t.start(x.foo) #:: ExpectedOutput(thread.join.failed:thread.not.joinable) t.join(x.foo)
def start2(self) -> Thread: Requires(Rd(self.x)) Ensures(Acc(self.x, ARP() - getARP(Result()))) t1 = Thread(None, self.readX, args=()) t2 = Thread(None, self.readX, args=()) t1.start(self.readX) t2.start(self.readX) t1.join(self.readX) return t2
def thread0(secret: bool) -> None: Requires(LowEvent()) l1 = CellLock(object()) l2 = CellLock(object()) l = l1 if secret else l2 t1 = Thread(target=thread1, args=(l1,)) # x aliases l2 depending on secret t2 = Thread(target=thread2, args=(l,)) t1.start(thread1) t2.start(thread2)
def startAndJoinRead(self) -> None: Requires(Rd(self.x)) Ensures(Rd(self.x)) t1 = Thread(None, self.readX, args=()) t2 = Thread(None, self.readX, args=()) t1.start(self.readX) t2.start(self.readX) t1.join(self.readX) t2.join(self.readX)
def join_low(secret: bool) -> None: c = Cell() if secret: t = Thread(target=zero, args=(c, )) else: t = Thread(target=one, args=(c, )) t.start(zero, one) t.join(zero, one) #:: ExpectedOutput(assert.failed:assertion.false) Assert(Low(c.val))
def a3(self) -> None: Requires(Rd(self.x)) Ensures(True) t1 = Thread(None, self.dispose_rd, args=()) t1.start(self.dispose_rd) self.dispose_rd() t2 = Thread(None, self.dispose_rd, args=()) t2.start(self.dispose_rd) #:: UnexpectedOutput(silicon)(call.precondition:insufficient.permission,320) self.dispose_rd()
def a12(self, a: int) -> None: Requires(Acc(self.x, 1 / 2)) Ensures(Acc(self.x, 1 / 2)) i = 0 # type: int while i < a: Invariant(Acc(self.x, 1 / 2)) t1 = Thread(None, self.void, args=()) t1.start(self.void) t1.join(self.void) i += 1
def client_fork(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == Cell.incr) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) Ensures(getOld(t, arg(0).val) == 12) Ensures(WaitLevel() < Level(t)) #:: ExpectedOutput(postcondition.violated:insufficient.permission) Ensures(Acc(MayStart(t))) cell.val = 12 t.start(decr, Cell.incr)
def client(secret: bool) -> None: c1 = Cell() l1 = CellLock(c1) c2 = Cell() l2 = CellLock(c2) if secret: x = l1 else: x = l2 t1 = Thread(target=printTwice, args=(x, 1)) # x aliases l2 depending on secret t2 = Thread(target=printTwice, args=(l2, 2)) #:: ExpectedOutput(thread.start.failed:assertion.false) t1.start(printTwice) t2.start(printTwice)
def main() -> None: data = Data() w = WatchDog() wthread = Thread(None, w.watch, None, (data, )) # Spawn the watchdog thread wthread.start(w.watch) data.lock.acquire() data.d = 0 while True: Invariant(Acc(data.lock, 1 / 4)) Invariant(data.lock.get_locked() is data) Invariant( WaitLevel() < Level(data.lock)) # guarantees deadlock freedom Invariant(MustRelease(data.lock, 1)) Invariant(Acc(data.d) and data.d % 2 == 0) # Modify the locked data in a legal way data.d = data.d + 2 data.lock.release() # Others may acquire the lock data.lock.acquire()
def do_a_thing(self) -> None: Requires(Rd(self.l) and Rd(self.c) and self.l.get_locked() is self.c) Requires(WaitLevel() < Level(self.l)) Ensures(Rd(self.l) and Rd(self.c)) #:: ExpectedOutput(postcondition.violated:assertion.false)|MissingOutput(postcondition.violated:assertion.false, 320) Ensures(False) self.l.acquire() self.c.n += 1 #:: UnexpectedOutput(silicon)(lock.invariant.not.established:assertion.false, 320) self.l.release() self.need_value() t1 = Thread(None, self.need_value, args=()) t2 = Thread(None, self.need_value, args=()) t1.start(self.need_value) t2.start(self.need_value) t1.join(self.need_value) t2.join(self.need_value) #:: ExpectedOutput(carbon)(assert.failed:assertion.false) Assert(False) # Carbon does not terminate for the next statement self.need_value() self.l.acquire() self.c.n -= 1 self.l.release()
def client_fork_precond_not_fulfilled(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(getMethod(t) == Cell.incr) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(thread.start.failed:insufficient.permission) t.start(decr, Cell.incr)
def a8(self, a: int) -> None: Requires(Rd(self.x)) Ensures(Rd(self.x)) t1 = Thread(None, self.void, args=()) t1.start(self.void) t1.join(self.void)
def a7(self) -> None: Requires(Rd(self.x)) Ensures(True) t1 = Thread(None, self.dispose_rd, args=()) t1.start(self.dispose_rd) t2 = Thread(None, self.dispose_rd, args=()) # probably due to timeout in silicon, does not always occur #:: UnexpectedOutput(silicon)(thread.start.failed:insufficient.permission,320) t2.start(self.dispose_rd) t3 = Thread(None, self.dispose_rd, args=()) # probably due to timeout in silicon, does not always occur #:: UnexpectedOutput(silicon)(thread.start.failed:insufficient.permission,320) t3.start(self.dispose_rd) t4 = Thread(None, self.dispose_rd, args=()) t4.start(self.dispose_rd) t5 = Thread(None, self.dispose_rd, args=()) t5.start(self.dispose_rd) t6 = Thread(None, self.dispose_rd, args=()) t6.start(self.dispose_rd)
def start1(self) -> Thread: Requires(Rd(self.x)) Ensures(Acc(self.x, ARP() - getARP(Result()))) t = Thread(None, self.readX, args=()) t.start(self.readX) return t
def client_fork_method_unknown(t: Thread, b: bool, cell: Cell) -> None: Requires(Acc(MayStart(t))) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(thread.start.failed:method.not.listed) t.start(decr, Cell.incr)
def client_fork_missing_start_perm(t: Thread, b: bool, cell: Cell) -> None: Requires(getMethod(t) == Cell.incr) Requires(Acc(cell.val)) Requires(cell is getArg(t, 0)) #:: ExpectedOutput(thread.start.failed:missing.start.permission) t.start(decr, Cell.incr)
def client_fork(t: Thread) -> None: #:: ExpectedOutput(invalid.program:invalid.thread.start) t.start(get)