Changes between Version 10 and Version 11 of ContractReduction


Ignore:
Timestamp:
07/21/14 09:22:36 (12 years ago)
Author:
siegel
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ContractReduction

    v10 v11  
    11== Contract Reduction Language  ==
    22
    3 == `$depend` clause ==
     3== `$depends` clause ==
    44
    55The following contractual clause may appear in a function contract in the same places that `$ensures` or `$requires` clauses can appear:
     
    1111The following boolean expressions may be used as constituents in the boolean expression `e`:
    1212
    13 * `$access(void * obj)`
     13* `$reaches(void * obj)`
    1414 * holds iff the memory unit pointed to by `obj` is reachable from `p`.  This means there is a path from the variables on the call stack of `p` to the memory unit, following array elements, struct members, and pointer dereferences, pointer arithmetic.
    15 * `$accessRegion(void * obj)`
     15* `$reachesRegion(void * obj)`
    1616 * holds iff any of the memory units reachable from `obj` (including the object pointed to by `obj` itself) is reachable from`p`
    17 * `$write(void * obj)`
     17* `$writes(void * obj)`
    1818 * holds iff the memory unit pointed to by `obj` is not only reachable from `p` but if it is possible that `p` (or a process spawned by `p`) could write to that memory unit at some point now or in the future.
    19 * `$writeRegion(void * obj)`
     19* `$writesRegion(void * obj)`
    2020 * like above but true if any of the memory units in the reachable region specified by `obj` may be written to
    2121
     22Default: if there is `$depends` clause present:
     23* if the body of the function is not provided, i.e., the function is a system function, the verifier will assume that execution of the function may read and/or modify any memory unit that it can reach, and decide on the partial order reduction appropriately
     24* if the body of the function is present, the statements comprising the body may be analyzed to further restrict the reduction.
    2225
    23 * Things to be decided:
    24    - what shall DEFAULT (when the `$depend` expression is absent) do?
    25    - how to specify the case when we need the library enabler to decide the ample set?
    26    - what keyword to use to specify functions to execute as one step, `$atomic`, `_Atomic`, etc.
     26== Function specifiers ==
     27
     28Both `$atomic` and `$atom` may be used as function specifiers.   They designate that any call to the function is to be treated atomically or atom-ly, respectively.
     29
     30== `$assigns` clause ==
     31
     32As in other contract specification language, this clause is used to specify a set of existing memory units.    The claim is that if an existing memory unit is not in the set, it will not be modified in the course of the function call.
     33
     34The argument following the `$assigns` token is a comma-separated list.  The elements of the list may be left-hand-side expressions, or an expression of the form
     35{{{
     36$region(ptr)
     37}}}
     38where `ptr` is expression which has a pointer type.  It denotes the set of all memory units reachable from that pointer, beginning with and including the memory unit pointer to by `ptr`.
     39Example:
     40{{{
     41$assigns x,a[i][j],$region(list->head);
     42}}}
     43
     44
    2745
    2846===  Examples ===