-
Notifications
You must be signed in to change notification settings - Fork 82
/
Copy pathmodules.rs
211 lines (183 loc) · 5.11 KB
/
modules.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#![feature(rustc_private)]
#[macro_use]
mod common;
use common::*;
const M1: &str = verus_code_str! {
mod M1 {
#[derive(PartialEq, Eq)]
pub struct Car {
pub four_doors: bool,
}
pub open spec fn is_four_doors(c: Car) -> bool {
c.four_doors
}
}
};
test_verify_one_file! {
#[test] test_mod_adt_0 M1.to_string() + verus_code_str! {
mod M2 {
use crate::M1::Car;
use builtin::*;
fn mod_adt_0() {
assert(!Car { four_doors: false }.four_doors);
}
}
} => Ok(())
}
test_verify_one_file! {
#[test] test_mod_adt_1 M1.to_string() + verus_code_str! {
mod M2 {
use crate::M1::{is_four_doors, Car};
use builtin::*;
fn test() {
let c = Car { four_doors: true };
assert(is_four_doors(c));
}
}
} => Ok(())
}
const M1_OPAQUE: &str = verus_code_str! {
mod M1 {
#[derive(PartialEq, Eq)]
pub struct Car {
pub four_doors: bool,
}
#[verifier(opaque_outside_module)] /* vattr */
pub open spec fn is_four_doors(c: Car) -> bool {
c.four_doors
}
}
};
test_verify_one_file! {
#[test] test_mod_fn_publish_opaque_no_reveal M1_OPAQUE.to_string() + verus_code_str! {
mod M2 {
use crate::M1::{is_four_doors, Car};
use builtin::*;
fn test() {
let c = Car { four_doors: true };
assert(is_four_doors(c)); // FAILS
}
}
} => Err(e) => assert_one_fails(e)
}
test_verify_one_file! {
#[test] test_mod_fn_publish_opaque_reveal M1_OPAQUE.to_string() + verus_code_str! {
mod M2 {
use crate::M1::{is_four_doors, Car};
use builtin::*;
fn test() {
let c = Car { four_doors: true };
proof {
reveal(is_four_doors);
}
assert(is_four_doors(c));
}
}
} => Ok(())
}
test_verify_one_file! {
#[test] test_mod_adt_no_verify verus_code! {
#[verifier(external_body)] /* vattr */
#[derive(PartialEq, Eq)]
pub struct Car {
pub four_doors: bool,
}
fn mod_adt_no_verify() {
assert(!Car { four_doors: false }.four_doors);
}
} => Err(err) => assert_vir_error_msg(err, "field access of datatype with inaccessible fields")
}
test_verify_one_file! {
#[test] test_mod_child_ok verus_code! {
spec fn f() -> bool {
true
}
mod M1 {
fn test()
ensures crate::f()
{
}
}
} => Ok(())
}
test_verify_one_file! {
#[test] test_mod_sibling_fail verus_code! {
mod M0 {
pub closed spec fn f() -> bool {
true
}
}
mod M1 {
fn test()
ensures crate::M0::f() // FAILS
{
}
}
} => Err(e) => assert_one_fails(e)
}
test_verify_one_file! {
#[test] test_requires_private verus_code! {
mod M1 {
spec fn f() -> bool { true }
pub fn g()
requires f()
{
}
}
mod M2 {
fn h() {
crate::M1::g();
}
}
} => Err(err) => assert_vir_error_msg(err, "in 'requires' clause of public function, cannot refer to private function")
}
test_verify_one_file! {
#[test] test_publish_but_not_marked_pub verus_code! {
open spec fn bar() -> u64 {
7
}
} => Err(err) => assert_vir_error_msg(err, "function is marked `open` but not marked `pub`")
}
test_verify_one_file! {
#[test] publish_proof_fail verus_code! {
#[verifier(publish)]
pub proof fn bar() {
}
} => Err(err) => assert_vir_error_msg(err, "function is marked `open` but it is not a `spec` function")
}
test_verify_one_file! {
#[test] publish_exec_fail verus_code! {
#[verifier(publish)]
pub fn bar() {
}
} => Err(err) => assert_vir_error_msg(err, "function is marked `open` but it is not a `spec` function")
}
test_verify_one_file! {
#[test] main_proof_fail verus_code! {
pub proof fn main() {
}
} => Err(err) => assert_vir_error_msg(err, "`main` function should be #[verifier::exec]")
}
test_verify_one_file! {
#[test] main_spec_fail verus_code! {
pub closed spec fn main() {
()
}
} => Err(err) => assert_vir_error_msg(err, "`main` function should be #[verifier::exec]")
}
test_verify_one_file! {
#[test] open_fn_refers_to_private_const_fail verus_code! {
mod A {
spec const X: usize = 1;
pub open spec fn f() -> usize {
X
}
}
mod B {
use crate::A;
pub open spec fn g() -> bool {
A::f() == 1
}
}
} => Err(err) => assert_vir_error_msg(err, "in pub open spec function, cannot refer to private const")
}