def over_in_minus_one_conditional(l: ObjectLock, b: bool) -> None:
Requires(Implies(b, MustRelease(l, 1)))
#:: Label(over_in_minus_one_conditional__MustRelease__False)
Requires(Implies(not b, MustRelease(l, -1)))
# Negative measure is equivalent to False.
Assert(Implies(not b, False))
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def over_in_minus_one_conditional(b: bool) -> None:
Requires(Implies(b, MustTerminate(1)))
#:: Label(over_in_minus_one_conditional__MustTerminate__False)
Requires(Implies(not b, MustTerminate(-1)))
# Negative measure is equivalent to False.
Assert(Implies(not b, False))
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def common_use_of_ADTs() -> None:
t_1 = Leaf(Banana())
t_2 = Leaf(Grape())
polymorphic_tree = Node(t_1, t_2)
assert isinstance(t_1, Leaf)
assert isinstance(t_1.fruit, Fruit)
assert isinstance(t_1.fruit, Banana)
assert type(t_2.fruit) is Grape
Assert(type(cast(Node, polymorphic_tree).left) is Leaf)
Assert(type(cast(Leaf, cast(Node, polymorphic_tree).left).fruit) is Banana)
Assert(type(cast(Node, polymorphic_tree).right) is Leaf)
Assert(type(cast(Leaf, cast(Node, polymorphic_tree).right).fruit) is Grape)
def timed_release_bounded_subzero(self, x: 'A') -> None:
Requires(Acc(x.a) and Acc(x.b))
Requires(MustRelease(x.a, x.b))
Requires(x.b == -1)
# Contradiction in precondition: x.b == -1 and x.b > 0
Assert(False)
def test() -> None:
try:
x = 5
except Exc1 as ex1:
x = 6
try:
x = 7
except Exc2 as ex2:
Assert(isinstance(ex1, Exc2))
def fprecond(a: ObjectLock, b: ObjectLock) -> None:
Requires(a is not None)
Requires(b is not None)
Requires(a is b)
Requires(MustRelease(a, 2))
Requires(MustRelease(b, 2))
# Precondition is False.
Assert(False)
def m11(self) -> None:
Requires(Acc(self.a) and MustRelease(self.a, 2))
Requires(WaitLevel() < Level(self.a))
while True:
Invariant(Acc(self.a) and MustRelease(self.a, 1))
Invariant(WaitLevel() < Level(self.a))
self.a.release()
self.a.acquire()
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def f_ok(a: ObjectLock, b: ObjectLock) -> None:
Requires(a is not None)
Requires(b is not None)
Requires(MustRelease(a, 7))
Requires(MustRelease(b, 8))
if a is b:
Assert(False)
rel_later(a)
rel_later(b)
def f_leak(a: ObjectLock, b: ObjectLock) -> None:
Requires(a is not None)
Requires(b is not None)
Requires(MustRelease(a, 7))
Requires(MustRelease(b, 3))
# TODO: Find out why Silicon needs this additional assert. Is this
# an instance of conjunctive aliasing problem?
Assert(a is not b)
rel_now(b)
rel_later(a)
def test(t1: Place) -> Place:
IOExists1(Place)(lambda t_end: (
Requires(token(t1, 2) and test_io(t1, t_end)),
Ensures(token(t_end) and t_end == Result()),
))
Open(test_io(t1))
t2 = NoOp(t1)
t3, t4 = Split(t2)
res, t5 = SetVar(t4, 1)
t6 = Join(t3, t5)
t_end = NoOp(t6)
Assert(res == 1)
return t_end
def over_in_minus_one() -> None:
Requires(MustTerminate(-1))
# Negative measure is equivalent to False.
Assert(False)
def callee_3(b: Optional[B], c: Optional[C]) -> None:
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(b is not c)
def test2() -> None:
Assert(None is None)
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(None is not None)
def create_lock() -> None:
l = ObjectLock(object())
l.acquire()
l.release()
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def callee(b: B, c: C) -> None:
Assert(b is not c)
def test2() -> None:
a = [1, 2, 3]
for i in a:
pass
Assert(Acc(list_pred(a)))
def test() -> None:
#:: ExpectedOutput(invalid.program:invalid.contract.position)
Assert(Assert(True))
def t2(self) -> None:
Requires(Acc(self.y) and MustTerminate(self.y))
Assert(self.y > 0)
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(False)
def test(self) -> None:
Requires(Acc(self.b) and Acc(self.c))
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(self.b is not self.c)
def test_false_postcondition_caller() -> None:
Requires(MustTerminate(2))
#:: ExpectedOutput(leak_check.failed:caller.has_unsatisfied_obligations)
test_false_postcondition()
Assert(False)
def test(self) -> None:
Requires(Acc(self.b) and Acc(self.c))
Assert(self.b is not self.c)
def over_in_minus_one(l: ObjectLock) -> None:
#:: Label(over_in_minus_one__MustRelease)
Requires(MustRelease(l, -1))
# Negative measure is equivalent to False.
Assert(False)