Changes between Version 1 and Version 2 of Function_Contracts


Ignore:
Timestamp:
01/11/16 16:53:24 (10 years ago)
Author:
zmanchun
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Function_Contracts

    v1 v2  
     1The contracts specification of CIVL-C is based on ACSL, with additional primitives and constructs for various purposes, such as function guard, function dependency, MPI function behavior, etc.
     2
     3== overview ==
     4The grammar for the contract specification of a function is as follows:
     5
     6{{{
     7contract: requires* terminates? decreases? simple* behavior* completeness* ;
     8requires: 'Requires' e ';' ;
     9...
     10simple: ensures | assumes | assigns | reads | guards | depends | ... ;
     11ensures: 'Ensures' e ';' ;
     12assumes: 'Assumes' e ';' ;
     13assigns: 'Assigns' e (',' e)* ';' ;
     14reads: 'Reads' e (',' e)* ';' ;
     15depends: 'Depends' e (',' e)* ';' ;
     16...
     17behavior: 'Behavior' id ':' behaviorBody ;
     18behaviorBody: behaviorClause+;
     19behaviorClause: assumes | requires | simple ;
     20completeness: 'Complete' (id (',' id)*)?
     21            | 'Disjoint' (id (',' id)*)?
     22            ;
     23}}}
     24
    125== contract clauses ==
    226
    3 * `requires e;`: precondition, `e` should hold at the entry of the function
    4 * `terminates e;`:
    5 * `decreases e ;` or `decreases e for r`;: decreases clause, where `e` is an expression of type `T` and `r` is an relation over `T`
     27* `Requires e;`: precondition, `e` has `Bool` type and should hold at the entry of the function
     28* `Terminates e;`: `e` has `Bool` type and if `e` holds then the function should terminate eventually
     29* `Decreases e ;` or `Decreases e for r`;: decreases clause, where `e` is an expression of type `T` and `r` is an relation over `T`
    630* simple clauses:
    7  * `ensures e;`
    8  * `assumes e;`
    9  * `assigns e0, e1, ...;`
    10  * `allocates e0, e1, ...;`
    11  * `frees e0, e1, ...;`
    12  * `guards e;`
    13  * `reads e0, e1, ...;`
    14  * `depends e0, e1, ...;`
     31 * `Ensures e;`: postcondition, `e` has `Bool` type and should hold when the function terminates
     32 * `Assumes e;`: assumption, `e` has `Bool` type
     33 * `Assigns e0, e1, ...;`: side-effects, `e0, e1, ...` have `Mem` type
     34  * absence of `Assigns` clause does NOT mean that the function has no side-effects
     35  * `Assigns \nothing`: means that the function has no side-effects
     36 * `Allocates e0, e1, ...;`: memory units allocated by the function, `e0, e1, ...` have `Mem` type
     37 * `Frees e0, e1, ...;`: memory units deallocated by the function, `e0, e1, ...` have `Mem` type
     38 * `Guards e;`: guard of the function, where `e` has `Bool` type
     39 * `Reads e0, e1, ...;`: memory access, where `e0, e1, ...` have `Mem` type
     40  * similar to `Assigns`
     41  * absence of `Reads` clause does NOT mean that the function does NOT read anything
     42  * `Reads \nothing`: means that the function does NOT read the memory
     43 * `Depends e0, e1, ...;`: dependency relation, where `e0, e1, ...` have `Mem` type
     44 * Note: `Guards`, `Depends` and `Reads` are CIVL extension for ACSL
    1545
    1646* action expressions: