public void NullableSbyteToBeLessThanOrEqualToFailed()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeLessThanOrEqualTo(value, (sbyte)1))
.ThenThrow <ArgumentException>();
}
public void NullableSbyteToBeLessThanFailedWithCustomException()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeLessThan(value, (sbyte)1, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeLessThanFailedWithParameterizedException()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeLessThan(value, (sbyte)1, (v, max) => new ArgumentOutOfRangeException($"Invalid value: {v} >= {max}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeGreaterThanSuccessful()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeGreaterThan(value, (sbyte)1))
.Then(value => value.Should().Be(42));
}
public void NullableSbyteToBeGreaterThanOrEqualToFailedWithCustomException()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeGreaterThanOrEqualTo(value, (sbyte)100, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
internal void CheckPostcondition(Ensures ens)
{
if (ens == null) return;
this.Current = ens;
this.Visit(ens);
}
public void ByteToBeGreaterThanSuccessful()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeGreaterThan(value, (byte)1))
.Then(value => value.Should().Be((byte)42));
}
public void ByteToBeLessThanOrEqualToFailedWithCustomException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeLessThanOrEqualTo(value, (byte)1, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void ByteToBeLessThanOrEqualToFailedWithParameterizedException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeLessThanOrEqualTo(value, (byte)1, (v, max) => new ArgumentOutOfRangeException($"Invalid value: {v} > {max}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void ByteToBeSuccessful()
{
Given(() => (byte)42)
.When(value => Ensures.ToBe(value, v => v == (byte)42))
.Then(value => value.Should().Be((byte)42));
}
public void ByteToBeLessThanOrEqualToSuccessful()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeLessThanOrEqualTo(value, (byte)100))
.Then(value => value.Should().Be((byte)42));
}
public void ByteToBeGreaterThanFailedWithParameterizedException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeGreaterThan(value, (byte)100, (v, min) => new ArgumentOutOfRangeException($"Invalid value: {v} <= {min}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
private void CreateFailurePreservationChecker(AtomicAction first, AtomicAction second)
{
if (!first.gateUsedGlobalVars.Intersect(second.modifiedGlobalVars).Any())
{
return;
}
if (!failurePreservationCheckerCache.Add(Tuple.Create(first, second)))
{
return;
}
HashSet <Variable> frame = new HashSet <Variable>();
frame.UnionWith(first.gateUsedGlobalVars);
frame.UnionWith(second.gateUsedGlobalVars);
frame.UnionWith(second.actionUsedGlobalVars);
List <Requires> requires = new List <Requires>
{
DisjointnessRequires(first.firstImpl.InParams.Union(second.secondImpl.InParams).Where(v => linearTypeChecker.FindLinearKind(v) != LinearKind.LINEAR_OUT), frame)
};
Expr firstNegatedGate = Expr.Not(Expr.And(first.firstGate.Select(a => a.Expr)));
firstNegatedGate.Type = Type.Bool; // necessary?
requires.Add(new Requires(false, firstNegatedGate));
foreach (AssertCmd assertCmd in second.secondGate)
{
requires.Add(new Requires(false, assertCmd.Expr));
}
IEnumerable <Expr> linearityAssumes = DisjointnessExpr(first.firstImpl.InParams.Union(second.secondImpl.OutParams), frame);
Ensures ensureCheck = new Ensures(first.proc.tok, false, Expr.Imp(Expr.And(linearityAssumes), firstNegatedGate), null)
{
ErrorData = $"Gate failure of {first.proc.Name} not preserved by {second.proc.Name}"
};
List <Ensures> ensures = new List <Ensures> {
ensureCheck
};
string checkerName = $"FailurePreservationChecker_{first.proc.Name}_{second.proc.Name}";
List <Variable> inputs = Enumerable.Union(first.firstImpl.InParams, second.secondImpl.InParams).ToList();
List <Variable> outputs = Enumerable.Union(first.firstImpl.OutParams, second.secondImpl.OutParams).ToList();
var block = new Block(Token.NoToken, "init",
new List <Cmd>
{
new CallCmd(Token.NoToken,
second.proc.Name,
second.secondImpl.InParams.Select(Expr.Ident).ToList <Expr>(),
second.secondImpl.OutParams.Select(Expr.Ident).ToList()
)
{
Proc = second.proc
}
},
new ReturnCmd(Token.NoToken));
AddChecker(checkerName, inputs, outputs, new List <Variable>(), requires, ensures, new List <Block> {
block
});
}
private void CreateCommutativityChecker(AtomicAction first, AtomicAction second)
{
if (first == second && first.firstImpl.InParams.Count == 0 && first.firstImpl.OutParams.Count == 0)
{
return;
}
if (first.TriviallyCommutesWith(second))
{
return;
}
if (!commutativityCheckerCache.Add(Tuple.Create(first, second)))
{
return;
}
string checkerName = $"CommutativityChecker_{first.proc.Name}_{second.proc.Name}";
HashSet <Variable> frame = new HashSet <Variable>();
frame.UnionWith(first.gateUsedGlobalVars);
frame.UnionWith(first.actionUsedGlobalVars);
frame.UnionWith(second.gateUsedGlobalVars);
frame.UnionWith(second.actionUsedGlobalVars);
List <Requires> requires = new List <Requires> {
DisjointnessRequires(
first.firstImpl.InParams.
Union(second.secondImpl.InParams).
Where(v => linearTypeChecker.FindLinearKind(v) != LinearKind.LINEAR_OUT),
frame)
};
foreach (AssertCmd assertCmd in Enumerable.Union(first.firstGate, second.secondGate))
{
requires.Add(new Requires(false, assertCmd.Expr));
}
var witnesses = civlTypeChecker.commutativityHints.GetWitnesses(first, second);
var transitionRelation = TransitionRelationComputation.
Commutativity(second, first, frame, witnesses);
List <Cmd> cmds = new List <Cmd>
{
new CallCmd(Token.NoToken,
first.proc.Name,
first.firstImpl.InParams.Select(Expr.Ident).ToList <Expr>(),
first.firstImpl.OutParams.Select(Expr.Ident).ToList()
)
{
Proc = first.proc
},
new CallCmd(Token.NoToken,
second.proc.Name,
second.secondImpl.InParams.Select(Expr.Ident).ToList <Expr>(),
second.secondImpl.OutParams.Select(Expr.Ident).ToList()
)
{
Proc = second.proc
}
};
foreach (var lemma in civlTypeChecker.commutativityHints.GetLemmas(first, second))
{
cmds.Add(CmdHelper.AssumeCmd(ExprHelper.FunctionCall(lemma.function, lemma.args.ToArray())));
}
var block = new Block(Token.NoToken, "init", cmds, new ReturnCmd(Token.NoToken));
var secondInParamsFiltered = second.secondImpl.InParams.Where(v => linearTypeChecker.FindLinearKind(v) != LinearKind.LINEAR_IN);
IEnumerable <Expr> linearityAssumes = Enumerable.Union(
DisjointnessExpr(first.firstImpl.OutParams.Union(secondInParamsFiltered), frame),
DisjointnessExpr(first.firstImpl.OutParams.Union(second.secondImpl.OutParams), frame));
// TODO: add further disjointness expressions?
Ensures ensureCheck = new Ensures(first.proc.tok, false, Expr.Imp(Expr.And(linearityAssumes), transitionRelation), null)
{
ErrorData = $"Commutativity check between {first.proc.Name} and {second.proc.Name} failed"
};
List <Ensures> ensures = new List <Ensures> {
ensureCheck
};
List <Variable> inputs = Enumerable.Union(first.firstImpl.InParams, second.secondImpl.InParams).ToList();
List <Variable> outputs = Enumerable.Union(first.firstImpl.OutParams, second.secondImpl.OutParams).ToList();
AddChecker(checkerName, inputs, outputs, new List <Variable>(), requires, ensures, new List <Block> {
block
});
}
private bool EmitEnsures(Ensures postcondition, TypeNode referencingType, bool skipQuantifiers) {
if (CodeInspector.IsRuntimeIgnored(postcondition, this.runtimeContracts.ContractNodes, referencingType, skipQuantifiers)) return false;
return this.Emit(RuntimeContractEmitFlags.Ensures);
}
public void ByteToBeFailed()
{
Given(() => (byte)42)
.When(value => Ensures.ToBe(value, v => v != (byte)42))
.ThenThrow <ArgumentException>();
}
public virtual Ensures VisitEnsures (Ensures node)
{
if (node == null)
return null;
node.Assertion = VisitExpression (node.Assertion);
node.UserMessage = VisitExpression (node.UserMessage);
return node;
}
public void ByteToBeOneOfSuccessful()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeOneOf(value, new[] { (byte)1, (byte)2, (byte)42 }))
.Then(value => value.Should().Be((byte)42));
}
public static IValidateValue <T> EnsuresReturnValue <T>(T value, [CallerMemberName] string methodName = null)
{
return(Ensures.ReturnValue(value, methodName));
}
public void ByteToBeOneOfFailed()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeOneOf(value, new[] { (byte)1, (byte)2 }))
.ThenThrow <ArgumentException>();
}
public void ByteToBeGreaterThanFailed()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeGreaterThan(value, (byte)100))
.ThenThrow <ArgumentException>();
}
public void ByteToBeOneOfFailedWithCustomException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeOneOf(value, new[] { (byte)1, (byte)2 }, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeGreaterThanOrEqualToNullFailed()
{
Given(() => (sbyte?)null)
.When(value => Ensures.ToBeGreaterThanOrEqualTo(value, (sbyte)100))
.ThenThrow <ArgumentException>();
}
public void ByteToBeOneOfFailedWithParameterizedException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeOneOf(value, new[] { (byte)1, (byte)2 }, (v, others) => new ArgumentOutOfRangeException($"Invalid value: {v}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeGreaterThanOrEqualToFailedWithParameterizedException()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeGreaterThanOrEqualTo(value, (sbyte)100, (v, min) => new ArgumentOutOfRangeException($"Invalid value: {v} < {min}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void ByteToBeFailedWithCustomException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBe(value, v => v != (byte)42, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeNullSuccessful()
{
Given(() => (sbyte?)null)
.When(value => Ensures.ToBe(value, v => v == null))
.Then(value => value.Should().Be(null));
}
public void ByteToBeFailedWithParameterizedException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBe(value, v => v != (byte)42, v => new ArgumentOutOfRangeException($"Invalid value: {v}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
public void NullableSbyteToBeLessThanOrEqualToSuccessful()
{
Given(() => (sbyte?)42)
.When(value => Ensures.ToBeLessThanOrEqualTo(value, (sbyte)100))
.Then(value => value.Should().Be(42));
}
public void ByteToBeBetweenSuccessful()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeBetween(value, (byte)1, (byte)100))
.Then(value => value.Should().Be((byte)42));
}
private ReplaceResult ReplaceResult(Method method, Local result, Ensures e)
{
ReplaceResult repResult = new ReplaceResult(method, result, this.assemblyBeingRewritten);
repResult.Visit(e);
if (repResult.ContractResultWasCapturedInStaticContext)
{
this.HandleError(CreateContractResultWasCapturedInStaticContextWarning(e.Assertion.SourceContext));
}
return repResult;
}
public void ByteToBeBetweenFailed()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeBetween(value, (byte)100, (byte)1))
.ThenThrow <ArgumentException>();
}
public virtual void VisitEnsures (Ensures node)
{
if (node == null)
return;
VisitExpression (node.Assertion);
VisitExpression (node.UserMessage);
}
public void ByteToBeBetweenFailedWithCustomException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeBetween(value, (byte)100, (byte)1, () => new ArgumentOutOfRangeException()))
.ThenThrow <ArgumentOutOfRangeException>();
}
public static void Transform(ExtractorVisitor parent, Property autoProp, Invariant invariant,
out Requires req, out Ensures ens)
{
var makeReq = new ChangePropertyInvariantIntoRequiresEnsures(parent, autoProp);
req = makeReq.MakeRequires(invariant.Condition);
var makeEns = new ChangePropertyInvariantIntoRequiresEnsures(parent, autoProp);
ens = makeEns.MakeEnsures(invariant.Condition);
ens.SourceContext = invariant.SourceContext;
ens.PostCondition.SourceContext = ens.SourceContext;
ens.ILOffset = invariant.ILOffset;
if (ens.SourceConditionText == null)
{
ens.SourceConditionText = invariant.SourceConditionText;
}
req.SourceContext = invariant.SourceContext;
req.Condition.SourceContext = req.SourceContext;
req.ILOffset = invariant.ILOffset;
if (req.SourceConditionText == null)
{
req.SourceConditionText = invariant.SourceConditionText;
}
}
public void ByteToBeBetweenFailedWithParameterizedException()
{
Given(() => (byte)42)
.When(value => Ensures.ToBeBetween(value, (byte)100, (byte)1, (v, min, max) => new ArgumentOutOfRangeException($"Invalid value: {v} not between {min} and {max}")))
.ThenThrow <ArgumentOutOfRangeException>();
}
private void CheckEnsures(Method method, Ensures ensures)
{
// F:
Contract.Requires(method != null);
Contract.Requires(ensures != null);
CheckEnsuresExceptional(method, ensures as EnsuresExceptional);
var nonVisible = this.visibilityHelper.AsVisibleAs(ensures.PostCondition, method);
if (nonVisible != null)
{
string message = "Member '" + nonVisible.FullName +
"' has less visibility than the enclosing method '"
+ method.FullName + "'.";
this.HandleError(method, 1038, message, ensures);
}
}
/// <summary>
/// Processes operation contract statement node.
/// </summary>
/// <param name="node">The node.</param>
private void Process_OperationContractStatement(dynamic node)
{
if (node.GetBrand() == "Ensures")
{
Ensures ensures = new Ensures();
// Map source location and node to object
ensures.AddMetaInfo(new SourceLocationInfo(node, context));
context.AddObject(node, ensures);
// OperationContract
ensures.OperationContract = (OperationContract)NameContext.Current.Scope;
// Text
ensures.Text = node.Text;
// Rule
ensures.Rule = this.Process(node.Rule);
ensures.Rule.ExpectedType = BuiltInType.Bool;
}
if (node.GetBrand() == "Requires")
{
Requires requires = new Requires();
// Map source location and node to object
requires.AddMetaInfo(new SourceLocationInfo(node, context));
context.AddObject(node, requires);
// OperationContract
requires.OperationContract = (OperationContract)NameContext.Current.Scope;
// Text
requires.Text = node.Text;
// Rule
requires.Rule = this.Process(node.Rule);
requires.Rule.ExpectedType = BuiltInType.Bool;
// Otherwise
requires.Otherwise = this.Process(node.Otherwise);
requires.Otherwise.ExpectedType = PseudoType.Object;
}
}
