def __init__(self, value: int) -> None: Requires(MustTerminate(1)) Ensures(Acc(self.int_field1)) # type: ignore Ensures(self.int_field1 == value) # type: ignore Ensures(Acc(self.int_field2)) # type: ignore Ensures(self.int_field2 == value) # type: ignore self.int_field1 = value self.int_field2 = value
def acquire(self) -> None: """Acquire the lock.""" Requires(MustTerminate(1)) Requires(WaitLevel() < Level(self)) Requires(Low(self)) Requires(LowEvent()) Ensures(self.invariant()) Ensures(MustRelease(self))
def m7(self) -> None: Requires(Acc(self.b) and self.b > 17) Requires(Acc(self.a) and MustRelease(self.a, self.b)) Ensures(Acc(self.a) and Acc(self.b)) Ensures(MustRelease(self.a, self.b)) while self.b > 2: Invariant(Acc(self.b) and MustTerminate(self.b)) self.b -= 1
def brackets(self, t_read1: Place) -> Tuple[Place, bool]: IOExists3(str, bool, Place)(lambda read5, valid, t_read5: ( Requires( Acc(self.c) and brackets_io(t_read1, self.c, read5, valid, t_read5) and token(t_read1, 3)), Ensures( Acc(self.c) and self.c is read5 and token(t_read5) and t_read5 == Result()[0] and valid == Result()[1]), )) Open(brackets_io(t_read1, self.c)) if self.peek_read_ahead() is '(': t_read2, _ = self.pop_read_ahead(t_read1) t_read3, brackets1 = self.brackets(t_read2) t_read4, c = self.pop_read_ahead(t_read3) should_be_close = (c is ')') t_read5, brackets2 = self.brackets(t_read4) return t_read5, (brackets1 and should_be_close and brackets2) else: i = self.peek_read_ahead() t_read2 = NoOp(t_read1) if i is None: return t_read2, True # Empty string because of read EOF. elif self.peek_read_ahead() is ')': return t_read2, True # Match empty string because read ')'. else: return t_read2, False # No match because read invalid
def run(t_pre1: Place, t_pre2: Place, file_name: str) -> Place: IOExists1(Place)(lambda t_post: ( Requires( token(t_pre1, 3) and resource_io(t_pre1, file_name, t_post) and ctoken(t_pre2) and notify_io(t_pre2)), Ensures(token(t_post) and t_post == Result()), )) Open(resource_io(t_pre1, file_name)) fp, t2 = open(t_pre1, file_name) t3 = Gap(t2) potentialy_non_terminating() notify(t_pre2) t4 = write(t3, fp) t5 = Gap(t4) potentialy_non_terminating() t_post = close(t5, fp) return t_post
def read_write_int_twice4(t1: Place) -> Place: IOExists4(Place, Place, int, int)( lambda t2, t3, value1, value2: ( Requires( token(t1, 2) and read_int_twice_io(t1, value1, value2, t2) and write_int_twice_io(t2, value1, value2, t3) ), Ensures( token(t3) and t3 == Result() ), ) ) Open(read_int_twice_io(t1)) t2, number1 = read_int(t1) t3, number2 = read_int(t2) Open(write_int_twice_io(t3, number1, number2)) #:: ExpectedOutput(call.precondition:insufficient.permission) t4 = write_int(t3, number2) #:: ExpectedOutput(carbon)(call.precondition:insufficient.permission) t5 = write_int(t4, number1) return t5
def reAcq3(a: ObjectLock) -> None: Requires(a is not None) Requires(WaitLevel() < Level(a)) Requires(MustRelease(a, 2)) Ensures(MustRelease(a)) a.release() a.acquire()
def ensure_dir_exists(t1: Place, path: str) -> Tuple[bool, Place]: IOExists2(Place, bool)(lambda t2, success: ( Requires(path is not None and token(t1, 2) and ensure_dir_exists_io( t1, path, success, t2) and MustTerminate(2)), Ensures(token(t2) and t2 == Result()[1] and Result()[0] == success), )) Open(ensure_dir_exists_io(t1, path)) try: t3 = mkdir(t1, path) t2 = NoOp(t3) return True, t2 except OSErrorWrapper as ex1: try: res, t2 = is_dir(ex1.place, path) return res, t2 except OSErrorWrapper as ex2: return False, ex2.place
def syscall_putchar(t1: Place, c: str) -> Place: IOExists1(Place)(lambda t2: ( Requires( token(t1, 1) and syscall_putchar_io(t1, c, t2) and MustTerminate(1) ), Ensures(token(t2) and t2 == Result()), ))
def run(t1: Place) -> None: Requires(token(t1, 2) and listener_io(t1)) Ensures(False) Open(listener_io(t1)) server_socket, t_loop = create_server_socket(t1) while True: Invariant( token(t_loop, 1) and listener_loop_io(t_loop, server_socket) and server_socket != None ) Open(listener_loop_io(t_loop, server_socket)) client_socket, t3 = accept(t_loop, server_socket) data, t4 = read_all(t3, client_socket, timeout=1) Open(output_io(t4, client_socket, data)) if data is not None: t5, t6 = Split(t4) t7 = print_int(t6, get_address(client_socket)) t8 = send(t5, client_socket, data) t9 = Join(t8, t7) else: t9 = NoOp(t4) t_loop = close(t9, client_socket)
def write_four_ints_2(t1: Place) -> Place: IOExists2(Place, Place)( lambda t2, t3: ( Requires( token(t1, 2) and write_two_ints_io(t1, t2) and write_two_ints_io(t2, t3) ), Ensures( token(t3) and t3 == Result() ), ) ) Open(write_two_ints_io(t1)) t2 = write_int(t1, 4) #:: ExpectedOutput(call.precondition:insufficient.permission) t3 = write_int(t2, 9) #:: ExpectedOutput(carbon)(exhale.failed:insufficient.permission) Open(write_two_ints_io(t3)) t4 = write_int(t3, 3) t5 = write_int(t4, 6) return t5
def write_four_ints_1(t1: Place) -> Place: IOExists2(Place, Place)( lambda t2, t3: ( Requires( token(t1, 2) and write_two_ints_io(t1, t2) and write_two_ints_io(t2, t3) ), Ensures( token(t3) and t3 == Result() ), ) ) Open(write_two_ints_io(t1)) t2 = write_int(t1, 4) t3 = write_int(t2, 8) Open(write_two_ints_io(t3)) t4 = write_int(t3, 3) t5 = write_int(t4, 6) return t5
def print_sequence3(t1: Place, n: int) -> Place: """Prints n(n-1)...1.""" IOExists1(Place)(lambda t2: ( Requires(n > 0 and token(t1, 2) and print_sequence_io(t1, n, t2) and MustTerminate(2)), Ensures(token(t2) and t2 == Result()), )) t = t1 Open(print_sequence_io(t, n)) t2 = GetGhostOutput(print_sequence_io(t, n), 't_post') # type: Place while n > 1: IOExists1(Place)(lambda t_next: ( Invariant( token(t, 1) and Implies( n > 1, print_int_io(t, n, t_next) and print_sequence_io( t_next, n - 1, t2)) and Implies( not n > 1, print_int_io(t, n, t2))), Invariant(MustTerminate(n)), )) t = print_int(t, n) n -= 1 Open(print_sequence_io(t, n)) t = print_int(t, n) return t
def open(t1: Place, file_name: str) -> Tuple[File, Place]: IOExists2(Place, File)(lambda t2, fp: ( Requires( token(t1, 1) and open_io(t1, file_name, fp, t2) and MustTerminate( 1)), Ensures(token(t2) and t2 == Result()[1] and fp is Result()[0]), ))
def read_write_int_twice1(t1: Place) -> Place: IOExists4(Place, Place, int, int)( lambda t2, t3, value1, value2: ( Requires( token(t1, 2) and read_int_twice_io(t1, value1, value2, t2) and write_int_twice_io(t2, value1, value2, t3) ), Ensures( token(t3) and t3 == Result() ), ) ) Open(read_int_twice_io(t1)) t2, number1 = read_int(t1) t3, number2 = read_int(t2) Open(write_int_twice_io(t3, number1, number2)) t4 = write_int(t3, number1) t5 = write_int(t4, number2) return t5
def main(t1: Place) -> Place: IOExists8(str, Place, str, bool, Place, Place, bool, bool)( lambda read_ahead, t_read_ahead, read_last, valid, t_brackets_end, t_end, success1, success2: ( Requires( token(t1) and read_char_io(t1, stdin, read_ahead, success1, t_read_ahead) and brackets_io(t_read_ahead, read_ahead, read_last, valid, t_brackets_end) and read_last is None and write_char_io(t_brackets_end, stdout, ('1' if valid else '0'), success2, t_end) ), Ensures( token(t_end) and t_end == Result() ), ) ) m = Matcher() m.c, success, t2 = getchar(t1) t3, match = m.brackets(t2) if match: success, t4 = putchar('1', t3) else: success, t4 = putchar('0', t3) return t4
def io_exists_2( a1: C1) -> None: IOExists(C1)( lambda c1: Ensures( c1 == a1 and is_c1(c1, a1) ) )
def test(t1: Place) -> C1: IOExists1(C2)( lambda value: ( Requires( #:: ExpectedOutput(invalid.program:invalid.io_existential_var.defining_expression_type_mismatch) do_io(t1, value)), Ensures(value == Result()), ))
def main(h: int) -> int: Ensures(Low(Result())) h = inputPIN() if h < 0: l = 0 else: l = 0 return l
def test(t1: Place) -> C2: IOExists1(C1)( lambda value: ( Requires( #:: ExpectedOutput(type.error:Argument 2 to "do_io" has incompatible type "C1"; expected "C2") do_io(t1, value)), Ensures(value == Result()), ))
def caller(l: Lock[object]) -> None: Requires(MustRelease(l, 3)) Ensures(False) while True: #:: ExpectedOutput(invariant.not.preserved:insufficient.permission) Invariant(MustRelease(l, 1)) foo(l)
def client1(t1: Place, value: int) -> Place: IOExists1(Place)(lambda t2: ( Requires(token(t1, 3) and write_int_io(t1, value, t2)), Ensures(token(t2) and t2 == Result()), )) writer = WriterSuper(value) t2 = writer.write_int(False, t1) return t2
def main(self, t1: Place) -> Place: IOExists1(Place)(lambda t2: ( Requires(token(t1, 2) and example_io(t1, t2) and MustTerminate(2)), Ensures(token(t2) and t2 == Result()), )) Open(example_io(t1)) success, t2 = putchar('h', t1) success, t3 = putchar('i', t2) return t3
def my_gap(t1: Place) -> Place: IOExists1(Place)( lambda t2: ( Requires(token(t1, 1) and my_gap_io(t1, t2)), Ensures( #:: ExpectedOutput(invalid.program:invalid.postcondition.ctoken_not_allowed) ctoken(t2) and # ctoken in postcondition is unsound. t2 == Result()), ))
def nested4_convert_accept(self) -> None: Requires(Acc(self.x) and self.x is not None) Requires(WaitLevel() < Level(self.x)) Ensures(Acc(self.x)) Ensures(MustRelease(self.x, 1)) x = 1 y = 2 self.x.acquire() while x < 5: Invariant(y <= 5) Invariant(Acc(self.x)) Invariant(MustRelease(self.x, 10 - x)) x += 1 while y < 5: Invariant(y <= 5) Invariant(Acc(self.x)) Invariant(MustRelease(self.x, 10 - y)) y += 1
def read_int1(t1: Place) -> Tuple[int, Place]: IOExists2(Place, int)(lambda t2, value: ( Requires(token(t1, 2) and read_int_io(t1, value, t2)), Ensures(token(t2) and t2 == Result()[1] and value == Result()[0]), )) t2, number = read_int(t1) return number, t2
def write_int2(self, t1: Place, value: int) -> Place: IOExists1(Place)(lambda t2: ( Requires(token(t1, 2) and write_int_io(t1, value, t2)), Ensures(token(t2) and t2 == Result()), )) t2 = write_int(t1, value) return t2
def acquire_release_multiple(l: ObjectLock) -> None: Requires(l is not None) Requires(WaitLevel() < Level(l)) Ensures(MustRelease(l)) l.acquire() l.release() l.acquire() l.release() l.acquire()
def await_4(l: Lock[object]) -> None: Requires(l is not None) Requires(WaitLevel() < Level(l)) Ensures(MustRelease(l)) l.acquire() i = 5 while i > 0: #:: ExpectedOutput(invariant.not.preserved:insufficient.permission) Invariant(MustRelease(l)) i -= 1
def mkdir(t1: Place, path: str) -> Place: IOExists2(Place, OSErrorWrapper)(lambda t2, ex: ( Requires(path is not None and token(t1, 1) and mkdir_io( t1, path, ex, t2) and MustTerminate(1)), Ensures(token(t2) and t2 == Result() and ex is None), Exsures( OSErrorWrapper, ex is RaisedException() and Acc(ex.place) and ex. place == t2 and token(t2) and Acc(ex.exception) and isinstance( ex.exception, Exception)), ))