def client_fork(t: Thread, l: BaseLock) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == noop)
Requires(l is getArg(t, 0))
Ensures(WaitLevel() < Level(t))
#:: ExpectedOutput(invalid.program:invalid.thread.start)
t.start(noop)
def fork_lowevent(secret: bool) -> None:
if secret:
t = Thread(target=printZero, args=())
else:
t = Thread(target=printOne, args=())
#:: ExpectedOutput(thread.start.failed:assertion.false)
t.start(printZero, printOne)
def a10(self, a: int) -> None:
Requires(Rd(self.x))
Ensures(Implies(a == 3, Rd(self.x)))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
if 3 == a:
t1.join(self.void)
def a9(self, a: int) -> None:
Requires(Rd(self.x))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Rd(self.x))
t1 = Thread(None, self.dispose_rd, args=())
t1.start(self.dispose_rd)
t1.join(self.dispose_rd)
def client_fork_wrong_mayjoin(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(Joinable(t))
t.start(decr, Cell.incr)
def client_fork_wrong_thread_post(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Acc(ThreadPost(t)))
t.start(decr, Cell.incr)
def client_fork_wrong_old_2(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(postcondition.violated:assertion.false)
Ensures(getOld(t, arg(0).val) == 14)
cell.val = 12
t.start(decr, Cell.incr)
def join_low_dyn_bound(secret: bool) -> None:
if secret:
x = A()
else:
x = B()
t = Thread(target=x.foo, args=())
t.start(x.foo)
#:: ExpectedOutput(thread.join.failed:thread.not.joinable)
t.join(x.foo)
def start2(self) -> Thread:
Requires(Rd(self.x))
Ensures(Acc(self.x, ARP() - getARP(Result())))
t1 = Thread(None, self.readX, args=())
t2 = Thread(None, self.readX, args=())
t1.start(self.readX)
t2.start(self.readX)
t1.join(self.readX)
return t2
def thread0(secret: bool) -> None:
Requires(LowEvent())
l1 = CellLock(object())
l2 = CellLock(object())
l = l1 if secret else l2
t1 = Thread(target=thread1, args=(l1,)) # x aliases l2 depending on secret
t2 = Thread(target=thread2, args=(l,))
t1.start(thread1)
t2.start(thread2)
def startAndJoinRead(self) -> None:
Requires(Rd(self.x))
Ensures(Rd(self.x))
t1 = Thread(None, self.readX, args=())
t2 = Thread(None, self.readX, args=())
t1.start(self.readX)
t2.start(self.readX)
t1.join(self.readX)
t2.join(self.readX)
def join_low(secret: bool) -> None:
c = Cell()
if secret:
t = Thread(target=zero, args=(c, ))
else:
t = Thread(target=one, args=(c, ))
t.start(zero, one)
t.join(zero, one)
#:: ExpectedOutput(assert.failed:assertion.false)
Assert(Low(c.val))
def a3(self) -> None:
Requires(Rd(self.x))
Ensures(True)
t1 = Thread(None, self.dispose_rd, args=())
t1.start(self.dispose_rd)
self.dispose_rd()
t2 = Thread(None, self.dispose_rd, args=())
t2.start(self.dispose_rd)
#:: UnexpectedOutput(silicon)(call.precondition:insufficient.permission,320)
self.dispose_rd()
def a12(self, a: int) -> None:
Requires(Acc(self.x, 1 / 2))
Ensures(Acc(self.x, 1 / 2))
i = 0 # type: int
while i < a:
Invariant(Acc(self.x, 1 / 2))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
t1.join(self.void)
i += 1
def client_fork(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
Ensures(getOld(t, arg(0).val) == 12)
Ensures(WaitLevel() < Level(t))
#:: ExpectedOutput(postcondition.violated:insufficient.permission)
Ensures(Acc(MayStart(t)))
cell.val = 12
t.start(decr, Cell.incr)
def client(secret: bool) -> None:
c1 = Cell()
l1 = CellLock(c1)
c2 = Cell()
l2 = CellLock(c2)
if secret:
x = l1
else:
x = l2
t1 = Thread(target=printTwice,
args=(x, 1)) # x aliases l2 depending on secret
t2 = Thread(target=printTwice, args=(l2, 2))
#:: ExpectedOutput(thread.start.failed:assertion.false)
t1.start(printTwice)
t2.start(printTwice)
def main() -> None:
data = Data()
w = WatchDog()
wthread = Thread(None, w.watch, None, (data, ))
# Spawn the watchdog thread
wthread.start(w.watch)
data.lock.acquire()
data.d = 0
while True:
Invariant(Acc(data.lock, 1 / 4))
Invariant(data.lock.get_locked() is data)
Invariant(
WaitLevel() < Level(data.lock)) # guarantees deadlock freedom
Invariant(MustRelease(data.lock, 1))
Invariant(Acc(data.d) and data.d % 2 == 0)
# Modify the locked data in a legal way
data.d = data.d + 2
data.lock.release()
# Others may acquire the lock
data.lock.acquire()
def do_a_thing(self) -> None:
Requires(Rd(self.l) and Rd(self.c) and self.l.get_locked() is self.c)
Requires(WaitLevel() < Level(self.l))
Ensures(Rd(self.l) and Rd(self.c))
#:: ExpectedOutput(postcondition.violated:assertion.false)|MissingOutput(postcondition.violated:assertion.false, 320)
Ensures(False)
self.l.acquire()
self.c.n += 1
#:: UnexpectedOutput(silicon)(lock.invariant.not.established:assertion.false, 320)
self.l.release()
self.need_value()
t1 = Thread(None, self.need_value, args=())
t2 = Thread(None, self.need_value, args=())
t1.start(self.need_value)
t2.start(self.need_value)
t1.join(self.need_value)
t2.join(self.need_value)
#:: ExpectedOutput(carbon)(assert.failed:assertion.false)
Assert(False) # Carbon does not terminate for the next statement
self.need_value()
self.l.acquire()
self.c.n -= 1
self.l.release()
def client_fork_precond_not_fulfilled(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(getMethod(t) == Cell.incr)
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:insufficient.permission)
t.start(decr, Cell.incr)
def a8(self, a: int) -> None:
Requires(Rd(self.x))
Ensures(Rd(self.x))
t1 = Thread(None, self.void, args=())
t1.start(self.void)
t1.join(self.void)
def a7(self) -> None:
Requires(Rd(self.x))
Ensures(True)
t1 = Thread(None, self.dispose_rd, args=())
t1.start(self.dispose_rd)
t2 = Thread(None, self.dispose_rd, args=())
# probably due to timeout in silicon, does not always occur
#:: UnexpectedOutput(silicon)(thread.start.failed:insufficient.permission,320)
t2.start(self.dispose_rd)
t3 = Thread(None, self.dispose_rd, args=())
# probably due to timeout in silicon, does not always occur
#:: UnexpectedOutput(silicon)(thread.start.failed:insufficient.permission,320)
t3.start(self.dispose_rd)
t4 = Thread(None, self.dispose_rd, args=())
t4.start(self.dispose_rd)
t5 = Thread(None, self.dispose_rd, args=())
t5.start(self.dispose_rd)
t6 = Thread(None, self.dispose_rd, args=())
t6.start(self.dispose_rd)
def start1(self) -> Thread:
Requires(Rd(self.x))
Ensures(Acc(self.x, ARP() - getARP(Result())))
t = Thread(None, self.readX, args=())
t.start(self.readX)
return t
def client_fork_method_unknown(t: Thread, b: bool, cell: Cell) -> None:
Requires(Acc(MayStart(t)))
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:method.not.listed)
t.start(decr, Cell.incr)
def client_fork_missing_start_perm(t: Thread, b: bool, cell: Cell) -> None:
Requires(getMethod(t) == Cell.incr)
Requires(Acc(cell.val))
Requires(cell is getArg(t, 0))
#:: ExpectedOutput(thread.start.failed:missing.start.permission)
t.start(decr, Cell.incr)
def client_fork(t: Thread) -> None:
#:: ExpectedOutput(invalid.program:invalid.thread.start)
t.start(get)
