def thread_join_not_joinable(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(WaitLevel() < Level(t))
#:: ExpectedOutput(thread.join.failed:thread.not.joinable)
t.join(Cell.incr, decr)
def thread_join_wrong_level(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
#:: ExpectedOutput(thread.join.failed:wait.level.invalid)
t.join(Cell.incr, decr)
def thread_join_wrong_method(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == Cell.incr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
Requires(WaitLevel() < Level(t))
t.join(decr)
#:: ExpectedOutput(assert.failed:insufficient.permission)
assert cl.val == 116
def thread_join_no_post_perm(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Joinable(t))
Requires(WaitLevel() < Level(t))
t.join(Cell.incr, decr)
#:: ExpectedOutput(assert.failed:insufficient.permission)
assert cl.val == 116
def thread_join_part_perm(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t), 1 / 2))
Requires(WaitLevel() < Level(t))
t.join(Cell.incr, decr)
assert cl.val == 116
#:: ExpectedOutput(assignment.failed:insufficient.permission)
cl.val = 11
def thread_join_pred_partial(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr_pred)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t), 1 / 2))
Requires(WaitLevel() < Level(t))
Ensures(Joinable(t))
t.join(decr, decr_pred)
Unfold(Acc(cell_pred(cl, 116), 1 / 2))
assert cl.val == 116
#:: ExpectedOutput(unfold.failed:insufficient.permission)
Unfold(Acc(cell_pred(cl, 116), 1 / 2))
def thread_join_pred(t: Thread, cl: Cell) -> None:
Requires(getMethod(t) == decr_pred)
Requires(getArg(t, 0) is cl)
Requires(getArg(t, 1) is 7)
Requires(getOld(t, arg(0).val) is 123)
Requires(Acc(ThreadPost(t)))
Requires(WaitLevel() < Level(t))
Ensures(Joinable(t))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(False)
t.join(decr, decr_pred)
Unfold(cell_pred(cl, 116))
assert cl.val == 116
def client_create(b: bool) -> Thread:
Ensures(MayStart(Result()))
Ensures(Implies(b, getArg(Result(), 1) is 3))
Ensures(Implies(not b, getArg(Result(), 1) is 6))
Ensures(Implies(not b, getMethod(Result()) == decr))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(getArg(Result(), 2) is None)
cl = Cell()
if b:
t = Thread(None, target=cl.incr, args=(3, ))
else:
t = Thread(target=decr, group=None, args=(cl, 6))
return t
def join2(self, t1: Thread, t2: Thread) -> None:
Requires(t1 is not t2)
Requires(getMethod(t1) == Clazz.readX)
Requires(getMethod(t2) == Clazz.readX)
Requires(getArg(t1, 0) is self)
Requires(getArg(t2, 0) is self)
Requires(Joinable(t1))
Requires(Joinable(t2))
Requires(Acc(ThreadPost(t1)))
Requires(Acc(ThreadPost(t2)))
Requires(WaitLevel() < Level(t1))
Requires(WaitLevel() < Level(t2))
Ensures(Acc(self.x, getARP(t1) + getARP(t2)))
t1.join(self.readX)
t2.join(self.readX)
def client_fork(t: Thread, l: BaseLock) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == noop)
Requires(l is getArg(t, 0))
Ensures(WaitLevel() < Level(t))
#:: ExpectedOutput(invalid.program:invalid.thread.start)
t.start(noop)
def client_fork_wrong_mayjoin(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(Joinable(t))
t.start(decr, Cell.incr)
def client_fork_wrong_thread_post(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Acc(ThreadPost(t)))
t.start(decr, Cell.incr)
def join1(self, t: Thread) -> None:
Requires(getMethod(t) == Clazz.readX)
Requires(getArg(t, 0) is self)
Requires(Joinable(t))
Requires(Acc(ThreadPost(t), 1))
Requires(Acc(self.x, 1 - getARP(t)))
Requires(WaitLevel() < Level(t))
Ensures(Acc(self.x))
t.join(self.readX)
def client_fork_wrong_old_2(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(getOld(t, arg(0).val) == 14)
cell.val = 12
t.start(decr, Cell.incr)
def client_fork(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
Ensures(getOld(t, arg(0).val) == 12)
Ensures(WaitLevel() < Level(t))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Acc(MayStart(t)))
cell.val = 12
t.start(decr, Cell.incr)
def client_fork_precond_not_fulfilled(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:insufficient.permission)
t.start(decr, Cell.incr)
def client_fork_method_unknown(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:method.not.listed)
t.start(decr, Cell.incr)
def client_fork_missing_start_perm(t: Thread, b: bool, cell: Cell) -> None:
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:missing.start.permission)
t.start(decr, Cell.incr)
