def main(t1: Place, lib: StandardLibrary) -> Place: IOExists2(Place, Place)(lambda t2, t3: ( Requires( token(t1) and stdlib(lib, t1, t1) and stdlib_putchar_io( t1, 'h', t2) and stdlib_putchar_io(t2, 'i', t3) and MustTerminate(4)), Ensures(token(t3, 10) and stdlib(lib, t3, t3) and t3 == Result()), )) t2, t_postponed = stdlib_putchar(lib, 'h', t1, t1) t3, t_postponed = stdlib_putchar(lib, 'i', t2, t_postponed) stdlib_flush_stdout(lib, t3, t_postponed) return t_postponed
def ensure_dir_exists_io2( t_pre: Place, path: str, exception: OSErrorWrapper = Result(), t_post: Place = Result() ) -> bool: """Ensure that directory exists IO. This IO allows the implementation to propagate exceptions. However, it strictly specifies which exceptions can be propagated (in this case only ``ex1``). """ Terminates(True) TerminationMeasure(2) return IOExists4(OSErrorWrapper, OSErrorWrapper, Place, bool)( lambda ex1, ex2, t2, is_dir_res: (mkdir_io(t_pre, path, ex1, t2) and ( (no_op_io(t2, t_post) and exception is None) if ex1 is None else (is_dir_io(t2, path, ex2, is_dir_res, t_post) and ((Implies(is_dir_res, exception is None) and Implies( not is_dir_res, exception is ex1)) if ex2 is None else (exception == ex1))))))
def locks_creating_loop() -> ObjectLock: Ensures(WaitLevel() < Level(Result())) l = ObjectLock(object()) i = 0 while i < 5: Invariant(l is not None) Invariant(WaitLevel() < Level(l)) l.acquire() l.release() l = ObjectLock(object()) i += 1 return l
def test(t1: Place) -> int: IOExists1(bool)( lambda value: ( Requires( #:: ExpectedOutput(invalid.program:invalid.io_existential_var.defining_expression_type_mismatch) do_io(t1, value) ), Ensures( value == Result() ), ) )
def write_int1(self, t1: Place, value: int) -> Place: """Defining getter is not heap dependent.""" IOExists1(Place)(lambda t2: ( Requires( token(t1, 2) and Acc(self.int_field, 1 / 2) and write_int_io( t1, value, t2) and write_int_io(t1, self.int_field, t2)), Ensures(token(t2) and t2 == Result()), )) t2 = write_int(t1, value) return t2
def write_int2(self, t1: Place, value: int) -> Place: IOExists1(Place)(lambda t2: ( Requires( token(t1, 2) and Acc(self.int_field, 1 / 2) and write_int_io( t1, self.int_field, t2)), Ensures( Acc(self.int_field, 1 / 2) and token(t2) and t2 == Result()), )) t2 = write_int(t1, self.int_field) return t2
def read_write_int1(t1: Place) -> Place: IOExists3(Place, Place, int)(lambda t2, t3, value: ( Requires( token(t1, 2) and read_int_io(t1, value, t2) and write_int_io( t2, value, t3)), Ensures(token(t3) and t3 == Result()), )) t2, number = read_int(t1) t3 = write_int(t2, number) return t3
def write_two_ints_io( t_pre: Place, t_post: Place = Result(), ) -> bool: Terminates(False) return IOForall(int, lambda value: IOExists(Place)( lambda t2: ( write_int_io(t_pre, value, t2) and write_int_io(t2, value * 2, t_post) ) ))
def ensure_dir_exists2(t1: Place, path: str) -> Place: IOExists2(Place, OSErrorWrapper)( lambda t2, ex: ( Requires( path is not None and token(t1, 2) and ensure_dir_exists_io2(t1, path, ex, t2) and MustTerminate(2) ), Ensures( token(t2) and t2 == Result() and ex is None ), Exsures(OSErrorWrapper, #:: UnexpectedOutput(postcondition.violated:assertion.false,55) | UnexpectedOutput(carbon)(postcondition.violated:assertion.false,168) ex is RaisedException() and Acc(ex.place) and ex.place == t2 and token(t2) and Acc(ex.exception) and isinstance(ex.exception, Exception) ), ) ) Open(ensure_dir_exists_io2(t1, path)) res = True try: t3 = mkdir(t1, path) t2 = NoOp(t3) return t2 except OSErrorWrapper as ex1: try: res, t2 = is_dir(ex1.place, path) except OSErrorWrapper as ex2: raise ex1 else: if not res: raise ex1 else: return t2
def from_values(cls, isd_as, host) -> 'SCIONAddr': # pragma: no cover Ensures(Result().State()) """ Create an instance of the class SCIONAddr. :param ISD_AS isd_as: ISD-AS identifier. :param HostAddrBase host: host address """ assert isinstance(host, HostAddrBase) addr = cls() addr.isd_as = isd_as addr.host = host return addr
def read_int_twice1(t1: Place) -> Tuple[Place, int, int]: IOExists3(Place, int, int)( lambda t2, value1, value2: ( Requires( token(t1, 2) and read_int_twice_io(t1, value1, value2, t2) ), Ensures( token(t2) and t2 == Result()[0] and value1 == Result()[1] and value2 == Result()[2] ), ) ) Open(read_int_twice_io(t1)) t2, number1 = read_int(t1) t3, number2 = read_int(t2) return t3, number1, number2
def write_string(t1: Place, value: str) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 1) and write_string_io(t1, value, t2) ), Ensures( token(t2) and t2 == Result() ), ) )
def is_dir(t1: Place, path: str) -> Tuple[bool, Place]: IOExists3(Place, OSErrorWrapper, bool)( lambda t2, ex, success: ( Requires( path is not None and token(t1, 1) and is_dir_io(t1, path, ex, success, t2) and MustTerminate(1) ), Ensures( token(t2) and t2 == Result()[1] and ex is None and success == Result()[0] ), Exsures(OSErrorWrapper, ex is RaisedException() and Acc(ex.place) and ex.place == t2 and token(t2) and Acc(ex.exception) and isinstance(ex.exception, Exception) ), ) )
def read_int_twice2(t1: Place) -> Tuple[Place, int, int]: IOExists3(Place, int, int)( lambda t2, value1, value2: ( Requires( token(t1, 2) and read_int_twice_io(t1, value1, value2, t2) ), Ensures( #:: ExpectedOutput(postcondition.violated:assertion.false) token(t2) and t2 == Result()[0] and value1 == Result()[1] and value2 == Result()[2] ), ) ) Open(read_int_twice_io(t1)) t2, number1 = read_int(t1) t3, number2 = read_int(t2) return t3, number2, number1
def print_int(t1: Place, value: int) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 1) and print_io(t1, value, t2) and MustTerminate(1) ), Ensures( token(t2) and t2 == Result() ) ) )
def write_int_twice_io( t_pre: Place, number1: int, number2: int, t_post: Place = Result(), ) -> bool: Terminates(True) TerminationMeasure(2) return IOExists1(Place)( lambda t2: ( write_int_io(t_pre, number1, t2) and write_int_io(t2, number2, t_post) ) )
def SetVar(t_pre: Place, value: int) -> Tuple[int, Place]: """Perform ``set_var_io``. .. note:: Mypy does not allow generics as function arguments. Therefore, we have to use a concrete type for ``value``. """ IOExists2(Place, int)( lambda t_post, result: ( Requires( token(t_pre, 1) and set_var_io(t_pre, value, result, t_post) and MustTerminate(1) ), Ensures( token(t_post) and t_post == Result()[1] and result == Result()[0] and value == result ), ) )
def ensure_dir_exists(t1: Place, path: str) -> Tuple[bool, Place]: IOExists2(Place, bool)( lambda t2, success: ( Requires( path is not None and token(t1, 2) and ensure_dir_exists_io(t1, path, success, t2) and MustTerminate(2) ), Ensures( token(t2) and t2 == Result()[1] and Result()[0] == success ), ) ) Open(ensure_dir_exists_io(t1, path)) try: t3 = mkdir(t1, path) t2 = NoOp(t3) return True, t2 except OSErrorWrapper as ex1: try: res, t2 = is_dir(ex1.place, path) return res, t2 except OSErrorWrapper as ex2: return False, ex2.place
def close(t1: Place, socket: Socket) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 1) and close_io(t1, socket, t2) and socket != None and MustTerminate(1) ), Ensures( token(t2) and t2 == Result() ), ) )
def NoOp(t_pre: Place) -> Place: """Perform ``no_op_io``.""" IOExists1(Place)( lambda t_post: ( Requires( token(t_pre, 1) and no_op_io(t_pre, t_post) and MustTerminate(1) ), Ensures( token(t_post) and t_post == Result() ), ) )
def stdlib_putchar(lib: StandardLibrary, c: str, t1: Place, t_postponed: Place) -> Tuple[Place, Place]: IOExists2(Place, Place)(lambda t1_new, t2: ( Requires( token(t1, 2) and stdlib(lib, t1, t_postponed) and stdlib_putchar_io(t_postponed, c, t2) and MustTerminate(2)), Ensures(t1_new == Result()[0] and t2 == Result()[1] and stdlib( lib, t1_new, t2) and token(t1_new, 2)), )) Unfold(stdlib(lib, t1, t_postponed)) Open(stdlib_putchar_io(t_postponed, c)) if lib.buffer_size == 1: t2 = syscall_putchar(t1, lib.buffer) t3 = syscall_putchar(t2, c) lib.buffer_size = 0 Fold(stdlib(lib, t3, t3)) return t3, t3 else: lib.buffer = c lib.buffer_size = 1 t4 = GetGhostOutput(stdlib_putchar_io(t_postponed, c), 't_post') # type: Place Fold(stdlib(lib, t1, t4)) return t1, t4
def read_write_int2(t1: Place) -> Place: IOExists6(Place, Place, Place, Place, int, int)(lambda t2, t3, t4, t5, value1, value2: ( Requires( token(t1, 2) and read_int_io(t1, value1, t2) and read_int_io(t2, value2, t3) and write_int_io( t3, value1, t4) and write_int_io(t4, value2, t5)), Ensures(token(t5) and t5 == Result()), )) t2, number1 = read_int(t1) t3, number2 = read_int(t2) t4 = write_int(t3, number1) t5 = write_int(t4, number2) return t5
def send(t1: Place, socket: Socket, data: str) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 1) and send_io(t1, socket, data, t2) and data is not None and socket != None and MustTerminate(1) ), Ensures( token(t2) and t2 == Result() ), ) )
def hello3(t1: Place) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 1) and write_string_io(t1, "Hello World!", t2) ), Ensures( #:: ExpectedOutput(postcondition.violated:insufficient.permission) token(t2) and t2 == Result() ), ) ) return t1
def Join(t_pre1: Place, t_pre2: Place) -> Place: """Perform ``join_io``.""" IOExists1(Place)( lambda t_post: ( Requires( token(t_pre1, 1) and token(t_pre2, 1) and join_io(t_pre1, t_pre2, t_post) and MustTerminate(1) ), Ensures( token(t_post) and t_post == Result() ), ) )
def write_int1(self, t1: Place, value: int) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 2) and Acc(self.int_field, 1 / 2) and write_int_io(t1, self.int_field, t2)), Ensures( # Getter is heap dependent, therefore need access to # self.int_field. Acc(self.int_field, 1 / 2) and token(t2) and t2 == Result( )), )) t2 = write_int(t1, self.int_field) return t2
def hello(t1: Place) -> Place: IOExists1(Place)( lambda t2: ( Requires( token(t1, 2) and write_string_io(t1, "Hello World!", t2) ), Ensures( token(t2) and t2 == Result() ) ) ) t2 = write_string(t1, "Hello World!") return t2
def write_non_negative(t1: Place) -> Place: IOExists3(Place, Place, int)(lambda t2, t3, value: ( Requires( token(t1, 2) and read_int_io(t1, value, t2) and (write_int_io(t2, value, t3) if value >= 0 else write_int_io(t2, -value, t3))), Ensures(token(t3) and t3 == Result()), )) t2, number = read_int(t1) if number >= 0: t3 = write_int(t2, number) else: t3 = write_int(t2, -number) return t3
def test(t1: Place) -> Place: IOExists1(Place)(lambda t_end: ( Requires(token(t1, 2) and test_io(t1, t_end)), Ensures(token(t_end) and t_end == Result()), )) Open(test_io(t1)) t2 = NoOp(t1) t3, t4 = Split(t2) res, t5 = SetVar(t4, 1) t6 = Join(t3, t5) t_end = NoOp(t6) Assert(res == 1) return t_end
def write_int(self, b: bool, t1: Place) -> Place: IOExists1(Place)( lambda t2: ( Requires( #:: ExpectedOutput(not.wellformed:insufficient.permission)|ExpectedOutput(carbon)(not.wellformed:insufficient.permission) token(t1, 2) and ((Acc(self.int_field1, 1 / 2) and write_int_io( t1, self.int_field1, t2)) if b else (Acc(self.int_field2, 1 / 2) and write_int_io( t1, self.int_field2, t2)))), Ensures((Acc(self.int_field1, 1 / 2) if b else Acc( self.int_field2, 1 / 2)) and token(t2) and t2 == Result()), )) t2 = write_int(t1, self.int_field1) return t2