├── .gitattributes ├── .github └── workflows │ ├── build-publish.yml │ └── macos-build-publish.yml ├── .gitignore ├── .gitmodules ├── .vscode └── settings.json ├── INSTALL ├── PACKAGING.md ├── README.md ├── Vagrantfile ├── bin └── ivy_test ├── build_submodules.py ├── build_v2_compiler.py ├── doc ├── .gitignore ├── README ├── _config.yml ├── _data │ └── contents.yml ├── _includes │ ├── contents.html │ ├── contents_ul.html │ ├── footer.html │ ├── head.html │ ├── header.html │ ├── icon-github.html │ ├── icon-github.svg │ ├── icon-twitter.html │ └── icon-twitter.svg ├── _layouts │ ├── default.html │ ├── page.html │ └── post.html ├── _sass │ ├── _base.scss │ ├── _gridism.scss │ ├── _layout.scss │ └── _syntax-highlighting.scss ├── commands.md ├── credits.md ├── css │ └── main.scss ├── decidability.md ├── deploy ├── examples │ ├── .gitignore │ ├── MSV │ │ ├── hello1.ivy │ │ ├── hello1.sln │ │ ├── hello1.vcxproj │ │ ├── hello2.ivy │ │ ├── hello2.vcxproj │ │ ├── hello3.ivy │ │ ├── hello3.vcxproj │ │ ├── hello4.ivy │ │ ├── hello4.vcxproj │ │ ├── libz3.dll │ │ ├── pingpong.ivy │ │ ├── pingpong.sln │ │ ├── pingpong.vcxproj │ │ ├── pingpong_bad.ivy │ │ ├── pingpong_bad.vcxproj │ │ ├── pingpong_ex.ivy │ │ ├── pingpong_ex.sln │ │ ├── pingpong_ex_left.vcxproj │ │ ├── pingpong_ex_right.vcxproj │ │ ├── pingpong_left.vcxproj │ │ ├── pingpong_right.vcxproj │ │ ├── pingpong_soln.ivy │ │ ├── queue.ivy │ │ ├── repstore1.ivy │ │ ├── repstore1.sln │ │ ├── repstore1_srvr.vcxproj │ │ ├── repstore2.ivy │ │ ├── repstore2.sln │ │ ├── repstore2_prim.vcxproj │ │ ├── repstore2_sec.vcxproj │ │ ├── repstore2bug.ivy │ │ ├── repstore2bug.sln │ │ ├── repstore2bug_prim.vcxproj │ │ ├── repstore2bug_sec.vcxproj │ │ ├── repstore2ex.ivy │ │ ├── repstore2ex.sln │ │ ├── repstore2ex_prim.vcxproj │ │ ├── repstore2ex_sec.vcxproj │ │ ├── repstore2ex_soln.ivy │ │ ├── repstore2ex_soln.sln │ │ ├── repstore2ex_soln_prim.vcxproj │ │ ├── repstore2ex_soln_sec.vcxproj │ │ ├── repstore3.ivy │ │ ├── repstore3_soln.ivy │ │ ├── repstore_variant.ivy │ │ ├── seqnum.ivy │ │ ├── token_ring.ivy │ │ ├── token_ring.sln │ │ ├── token_ring_buggy.ivy │ │ ├── token_ring_buggy.sln │ │ ├── token_ring_buggy_proto.vcxproj │ │ ├── token_ring_buggy_trans.vcxproj │ │ ├── token_ring_proto.vcxproj │ │ ├── token_ring_trans.vcxproj │ │ └── trans.ivy │ ├── Makefile │ ├── account.ivy │ ├── account2.ivy │ ├── account2_expect.py │ ├── account3.ivy │ ├── account3_expect.py │ ├── account_expect.py │ ├── apple │ │ └── ord_live.ivy │ ├── arith_nat.ivy │ ├── array1.ivy │ ├── arrayset.ivy │ ├── arrayset2.ivy │ ├── arrayset3.ivy │ ├── arrayset3alt.ivy │ ├── arraysetbad.ivy │ ├── bcast.ivy │ ├── client_server_example.ivy │ ├── client_server_example.md │ ├── client_server_example_mc2.ivy │ ├── client_server_example_mv.ivy │ ├── client_server_example_new.ivy │ ├── counter_example.ivy │ ├── coveragefail.ivy │ ├── creport.ivy │ ├── datatypes.md │ ├── echo.ivy │ ├── helloworld.ivy │ ├── helloworld.md │ ├── helloworld_expect.py │ ├── images │ │ ├── client_server1.png │ │ ├── client_server10.png │ │ ├── client_server11.png │ │ ├── client_server12.png │ │ ├── client_server13.png │ │ ├── client_server14.png │ │ ├── client_server15.png │ │ ├── client_server16.png │ │ ├── client_server17.png │ │ ├── client_server18.png │ │ ├── client_server19.png │ │ ├── client_server2.png │ │ ├── client_server20.png │ │ ├── client_server21.png │ │ ├── client_server22.png │ │ ├── client_server23.png │ │ ├── client_server24.png │ │ ├── client_server25.png │ │ ├── client_server26.png │ │ ├── client_server27.png │ │ ├── client_server3.png │ │ ├── client_server4.png │ │ ├── client_server5.png │ │ ├── client_server6.png │ │ ├── client_server7.png │ │ ├── client_server8.png │ │ ├── client_server9.png │ │ ├── client_server_new1.png │ │ ├── client_server_new10.png │ │ ├── client_server_new11.png │ │ ├── client_server_new12.png │ │ ├── client_server_new2.png │ │ ├── client_server_new3.png │ │ ├── client_server_new4.png │ │ ├── client_server_new5.png │ │ ├── client_server_new6.png │ │ ├── client_server_new7.png │ │ ├── client_server_new8.png │ │ ├── client_server_new9.png │ │ ├── clinet_server21.png │ │ ├── leader1.png │ │ ├── leader10.png │ │ ├── leader11.png │ │ ├── leader12.png │ │ ├── leader13.png │ │ ├── leader14.png │ │ ├── leader15.png │ │ ├── leader16.png │ │ ├── leader17.png │ │ ├── leader18.png │ │ ├── leader2.png │ │ ├── leader3.png │ │ ├── leader4.png │ │ ├── leader5.png │ │ ├── leader6.png │ │ ├── leader7.png │ │ ├── leader8.png │ │ └── leader9.png │ ├── indexset.ivy │ ├── indexset.md │ ├── indexset2.ivy │ ├── interference.ivy │ ├── interference2.ivy │ ├── interference3.ivy │ ├── interference4.ivy │ ├── lamport_mutex.ivy │ ├── leader.md │ ├── leader_election_ring.ivy │ ├── leader_election_ring2.ivy │ ├── leader_election_ring_btw.ivy │ ├── leader_election_ring_repl.ivy │ ├── leader_election_ring_repl_err.ivy │ ├── leader_election_ring_repl_err2.ivy │ ├── leader_election_ring_repl_expect.py │ ├── leader_election_ring_repl_iso_impl_expect.py │ ├── leader_election_ring_udp.ivy │ ├── leader_election_ring_udp2.ivy │ ├── leader_election_ring_udp2_expect.py │ ├── leader_election_ring_udp2_warn.ivy │ ├── leader_election_ring_udp_expect.py │ ├── leader_tutorial.ivy │ ├── leader_tutorial.md │ ├── leader_tutorial_liveness.ivy │ ├── lesstrivnet.ivy │ ├── list_reverse.ivy │ ├── list_reverse.md │ ├── list_reverse_bad.ivy │ ├── liveness │ │ ├── 1queue_bounded.ivy │ │ ├── 1queuelive.ivy │ │ ├── 1queuelive_mc1.ivy │ │ ├── 1queuelive_mc2.ivy │ │ ├── 1queuelive_prophecy3.ivy │ │ ├── 2queuelive.ivy │ │ ├── 2queuelive_bounded.ivy │ │ ├── 2queuelive_noncomp.ivy │ │ ├── liveness_refinement.ivy │ │ ├── llqueue1.ivy │ │ ├── llqueue2_bounded.ivy │ │ ├── progress1.ivy │ │ ├── progress2.ivy │ │ └── ticket_mc.ivy │ ├── model_checking.md │ ├── modparam_example.ivy │ ├── networking.md │ ├── networking │ │ ├── ip_spec.ivy │ │ └── ip_spec1.ivy │ ├── number_theory.ivy │ ├── number_theory.md │ ├── object_example.ivy │ ├── orloop.ivy │ ├── paraminit.ivy │ ├── paraminit2.ivy │ ├── paraminit3.ivy │ ├── paraminit3_expect.py │ ├── paraminit_expect.py │ ├── pingpong.ivy │ ├── pingpongclock.ivy │ ├── po_example.ivy │ ├── quic │ │ ├── .quic_packet.ivy.swp │ │ ├── .quic_server_test.ivy.swo │ │ ├── .quic_server_test.ivy.swp │ │ ├── README.md │ │ ├── anomalies │ │ ├── anomaly1.pcap │ │ ├── anomaly10.iev │ │ ├── anomaly10.out │ │ ├── anomaly10a.iev │ │ ├── anomaly10a.out │ │ ├── anomaly10b.iev │ │ ├── anomaly10b.out │ │ ├── anomaly11.iev │ │ ├── anomaly11.log │ │ ├── anomaly12.log │ │ ├── anomaly13.iev │ │ ├── anomaly13.log │ │ ├── anomaly14.iev │ │ ├── anomaly14.log │ │ ├── anomaly15.iev │ │ ├── anomaly15.log │ │ ├── anomaly16.iev │ │ ├── anomaly16.log │ │ ├── anomaly17.iev │ │ ├── anomaly17.log │ │ ├── anomaly18.iev │ │ ├── anomaly18.log │ │ ├── anomaly19.iev │ │ ├── anomaly19.log │ │ ├── anomaly20.log │ │ ├── anomaly21.iev │ │ ├── anomaly24.iev │ │ ├── anomaly24.log │ │ ├── anomaly6.iev │ │ ├── anomaly6.log │ │ ├── anomaly7.iev │ │ ├── anomaly7.log │ │ ├── anomaly8.iev │ │ ├── anomaly8.log │ │ ├── anomaly9.iev │ │ ├── byte_stream.ivy │ │ ├── file.ivy │ │ ├── http_request_file.txt │ │ ├── http_response_file.txt │ │ ├── index.html │ │ ├── leaf_cert.key │ │ ├── leaf_cert.pem │ │ ├── leaf_cert.pkcs8 │ │ ├── leaf_cert.req │ │ ├── quic_application.ivy │ │ ├── quic_client_test.ivy │ │ ├── quic_client_test_max.ivy │ │ ├── quic_connection.ivy │ │ ├── quic_connection.md │ │ ├── quic_deser.ivy │ │ ├── quic_frame.ivy │ │ ├── quic_frame.md │ │ ├── quic_gen.ivy │ │ ├── quic_infer.ivy │ │ ├── quic_interp.ivy │ │ ├── quic_locale.ivy │ │ ├── quic_monitor.ivy │ │ ├── quic_packet.ivy │ │ ├── quic_packet.md │ │ ├── quic_protection.ivy │ │ ├── quic_security.ivy │ │ ├── quic_ser.ivy │ │ ├── quic_serdes_test.ivy │ │ ├── quic_server_test.ivy │ │ ├── quic_server_test_connection_close.ivy │ │ ├── quic_server_test_max.ivy │ │ ├── quic_server_test_reset_stream.ivy │ │ ├── quic_server_test_stream.ivy │ │ ├── quic_shim.ivy │ │ ├── quic_stream.ivy │ │ ├── quic_tls.ivy │ │ ├── quic_tls_deser.ivy │ │ ├── quic_transport_parameters.ivy │ │ ├── quic_types.ivy │ │ ├── quic_types.md │ │ ├── test │ │ │ ├── outliers.py │ │ │ ├── plot.py │ │ │ ├── show.py │ │ │ ├── stats.py │ │ │ └── test.py │ │ ├── tls_deser.ivy │ │ ├── tls_protocol.ivy │ │ ├── tls_record.ivy │ │ ├── tls_record.md │ │ ├── tls_test.ivy │ │ ├── traces │ │ │ ├── .gitattributes │ │ │ ├── conn_close.iev │ │ │ ├── conn_close.pcap │ │ │ ├── emptySt6.pcap │ │ │ ├── mycap4.pcap │ │ │ ├── quicfstar1.iev │ │ │ ├── quicfstar1.pcap │ │ │ ├── stream_reset.iev │ │ │ ├── stream_reset.pcap │ │ │ ├── temp.iev │ │ │ ├── test3.iev │ │ │ ├── test3.pcap │ │ │ ├── test4.iev │ │ │ ├── test4.pcap │ │ │ ├── test5.iev │ │ │ ├── test5.pcap │ │ │ ├── two_inits.iev │ │ │ └── two_inits.pcap │ │ └── vnet_setup.sh │ ├── relarray.ivy │ ├── rest │ │ ├── extract.py │ │ ├── extract_aws.py │ │ ├── linmap.ivy │ │ ├── mymap.ivy │ │ ├── test_linmap.ivy │ │ └── trans.py │ ├── sht │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── delmap.ivy │ │ ├── delmap.md │ │ ├── delmap_test.ivy │ │ ├── key.ivy │ │ ├── key.md │ │ ├── proto.ivy │ │ ├── proto.md │ │ ├── queue.ivy │ │ ├── queue.md │ │ ├── queue_alt.ivy │ │ ├── reference.ivy │ │ ├── reference.md │ │ ├── seqnum.ivy │ │ ├── seqnum.md │ │ ├── shard.ivy │ │ ├── shard.md │ │ ├── shard_test.ivy │ │ ├── sharded_hash_table.md │ │ ├── sht.ivy │ │ ├── sht.md │ │ ├── table.ivy │ │ ├── table.md │ │ ├── table_test.ivy │ │ ├── trans.ivy │ │ ├── trans.md │ │ └── trans_test.ivy │ ├── specification.md │ ├── testing │ │ ├── Makefile │ │ ├── chain.ivy │ │ ├── chain2.ivy │ │ ├── chain3.ivy │ │ ├── coveragefail.ivy │ │ ├── hello1.ivy │ │ ├── hello1.sln │ │ ├── hello1.vcxproj │ │ ├── hello2.ivy │ │ ├── hello2.vcxproj │ │ ├── hello3.ivy │ │ ├── hello3.vcxproj │ │ ├── hello4.ivy │ │ ├── hello4.vcxproj │ │ ├── interference.ivy │ │ ├── intro.md │ │ ├── leader.md │ │ ├── leader_election_ring.ivy │ │ ├── leader_fig1-crop-1.png │ │ ├── leader_fig1-crop.pdf │ │ ├── leader_fig1.pdf │ │ ├── leader_fig1.pptx │ │ ├── leader_fig2-crop-1.png │ │ ├── leader_fig2-crop.pdf │ │ ├── leader_fig2.pdf │ │ ├── leader_fig2.pptx │ │ ├── notes.txt │ │ ├── pingpong.ivy │ │ ├── pingpong.sln │ │ ├── pingpong.vcxproj │ │ ├── pingpong_bad.ivy │ │ ├── pingpong_bad.vcxproj │ │ ├── pingpong_ex.ivy │ │ ├── pingpong_ex.sln │ │ ├── pingpong_ex_left.vcxproj │ │ ├── pingpong_ex_right.vcxproj │ │ ├── pingpong_fig1-crop-1.png │ │ ├── pingpong_fig1-crop.pdf │ │ ├── pingpong_fig1.pdf │ │ ├── pingpong_fig1.pptx │ │ ├── pingpong_fig2-crop-1.png │ │ ├── pingpong_fig2-crop.pdf │ │ ├── pingpong_fig2.pdf │ │ ├── pingpong_fig2.pptx │ │ ├── pingpong_left.vcxproj │ │ ├── pingpong_right.vcxproj │ │ ├── pingpong_soln.ivy │ │ ├── queue.ivy │ │ ├── repstore1.ivy │ │ ├── repstore1.sln │ │ ├── repstore1_srvr.vcxproj │ │ ├── repstore2.ivy │ │ ├── repstore2.sln │ │ ├── repstore2_orig.ivy │ │ ├── repstore2_prim.vcxproj │ │ ├── repstore2_sec.vcxproj │ │ ├── repstore2bug.ivy │ │ ├── repstore2bug.sln │ │ ├── repstore2bug_prim.vcxproj │ │ ├── repstore2bug_sec.vcxproj │ │ ├── repstore2ex.ivy │ │ ├── repstore2ex.sln │ │ ├── repstore2ex_prim.vcxproj │ │ ├── repstore2ex_sec.vcxproj │ │ ├── repstore2ex_soln.sln │ │ ├── repstore2ex_soln_prim.vcxproj │ │ ├── repstore2ex_soln_sec.vcxproj │ │ ├── repstore3.ivy │ │ ├── repstore3_soln.ivy │ │ ├── repstore_variant.ivy │ │ ├── seqnum.ivy │ │ ├── specification.md │ │ ├── test2.iev │ │ ├── token_ring.ivy │ │ ├── token_ring.sln │ │ ├── token_ring_buggy.ivy │ │ ├── token_ring_buggy.sln │ │ ├── token_ring_buggy_proto.vcxproj │ │ ├── token_ring_buggy_trans.vcxproj │ │ ├── token_ring_proto.vcxproj │ │ ├── token_ring_trans.vcxproj │ │ ├── trans.ivy │ │ ├── trans_buggy.ivy │ │ ├── trivnet.ivy │ │ ├── trivnet2.ivy │ │ └── trivnet3.ivy │ ├── timeout_test.ivy │ ├── timeout_test_expect.py │ ├── toy_consensus.ivy │ ├── trivnet.ivy │ ├── trivnet2.ivy │ ├── udp_class_test.cpp │ ├── udp_test.ivy │ ├── udp_test2.ivy │ ├── udp_test2_expect.py │ ├── udp_test_expect.py │ ├── values.md │ ├── window.ivy │ ├── window.md │ └── window_adt.ivy ├── images │ ├── network_stack1.png │ └── network_stack1.pptx ├── index.md ├── install.md ├── language.md ├── proving.ivy └── proving.md ├── examples ├── examples.txt ├── ivy │ ├── .gitignore │ ├── abp.ivy │ ├── abp2 │ │ ├── abp2.ivy │ │ ├── abp2_proof.ivy │ │ └── counter.ivy │ ├── array.ivy │ ├── arrrel.ivy │ ├── bakery.ivy │ ├── bigger.ivy │ ├── card1.ivy │ ├── card2.ivy │ ├── card3.ivy │ ├── chord2s.ivy │ ├── chord2s_demo.ivy │ ├── chord2sbd.ivy │ ├── client_server.ivy │ ├── client_server_fp.ivy │ ├── client_server_sorted.ivy │ ├── examp1.ivy │ ├── examp1_test.cpp │ ├── examp1_test.ivy │ ├── flash.ivy │ ├── flash2.ivy │ ├── flash3.ivy │ ├── gc_abs.ivy │ ├── gc_abs2.ivy │ ├── gc_copy.ivy │ ├── gc_copy.save.ivy │ ├── gc_copy_oded.ivy │ ├── gc_temp_abs.ivy │ ├── gc_test.ivy │ ├── hash.cpp │ ├── hash.h │ ├── indexset.ivy │ ├── indexset2.ivy │ ├── indexset3.ivy │ ├── indexset_test.ivy │ ├── ironfleet_toy_lock │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── test_toy_lock.cpp │ │ └── toy_lock.ivy │ ├── ironfleet_toy_lock_refined.ivy │ ├── learning.ivy │ ├── learning_sorted_e.ivy │ ├── learning_sorted_non_epr.ivy │ ├── learning_switch.ivy │ ├── learning_un.ivy │ ├── learning_un_e.ivy │ ├── learning_un_ins.ivy │ ├── learning_with_count.ivy │ ├── learning_withcount.ivy │ ├── spanning_tree.ivy │ ├── total_order.ivy │ ├── toy_consensus.ivy │ ├── toy_consensus2.ivy │ └── toy_lock_udp │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── test_toy_lock.cpp │ │ └── toy_lock.ivy ├── liveness │ ├── Makefile │ ├── README.md │ ├── alternating_bit_protocol.ivy │ ├── hybrid_reliable_broadcast_cisa.ivy │ ├── ticket.ivy │ ├── ticket_nested.ivy │ ├── tlb.ivy │ └── tlb.py ├── pldi16 │ ├── chord.ivy │ ├── database_chain_replication.ivy │ ├── leader_election_ring.ivy │ ├── leader_election_ring_btw.ivy │ ├── leader_election_ring_bug.ivy │ └── learning_switch.ivy ├── raft │ ├── raft_logs.ivy │ └── theory.ivy ├── sht │ ├── .gitignore │ ├── Makefile │ ├── delmap.ivy │ ├── key.ivy │ ├── proto.ivy │ ├── queue.ivy │ ├── reference.ivy │ ├── seq_num.ivy │ ├── shard.ivy │ ├── sht.ivy │ ├── sht_abs.ivy │ ├── sht_abs_v1.ivy │ ├── sht_abs_v2.ivy │ ├── sht_abs_v3.ivy │ ├── sht_abs_v4.ivy │ ├── std.ivy │ ├── table.ivy │ ├── test_delmap.ivy │ ├── test_queue.ivy │ ├── test_shard.ivy │ ├── test_table.ivy │ ├── test_trans.ivy │ └── trans.ivy └── tilelink │ ├── tilelink1.ivy │ ├── tilelink2.ivy │ ├── tilelink_abstract_spec.ivy │ ├── tilelink_bugs_fixed │ ├── tilelink_concrete_directory.ivy │ ├── tilelink_concrete_snoopy.ivy │ ├── tilelink_concrete_spec.ivy │ ├── tilelink_concrete_two_client_testbench.ivy │ ├── tilelink_concrete_two_port_testbench.ivy │ ├── tilelink_concrete_unordered_channel.ivy │ ├── tilelink_concrete_unordered_channel_tests.ivy │ ├── tilelink_notes.txt │ ├── tilelink_rcsc_snoopy.ivy │ ├── tilelink_rcsc_store_buffer.ivy │ ├── tilelink_rcsc_store_buffer2.ivy │ ├── tilelink_rcsc_store_buffer2_save.ivy │ ├── tilelink_rcsc_store_buffer2_temp.ivy │ ├── tilelink_snoopy.ivy │ ├── tilelink_store_buffer.ivy │ ├── tilelink_two_port_test_bench.ivy │ └── unit_test │ ├── .gitignore │ ├── Makefile │ ├── README │ ├── hash.cpp │ ├── hash.h │ ├── main.cpp │ ├── single_client │ ├── .gitignore │ ├── Makefile │ ├── hash.cpp │ ├── hash.h │ ├── main.cpp │ ├── tilelink_abstract_spec.ivy │ ├── tilelink_coherence_manager.cpp │ ├── tilelink_coherence_manager_tester.ivy │ ├── tilelink_concrete_spec.ivy │ ├── tilelink_queue_model.cpp │ ├── tilelink_two_port_dut.h │ └── tilelink_two_port_tester.ivy │ ├── tilelink_abstract_spec.ivy │ ├── tilelink_broadcast_hub.cpp │ ├── tilelink_coherence_manager.cpp │ ├── tilelink_coherence_manager_tester.ivy │ ├── tilelink_concrete_spec.ivy │ ├── tilelink_hella_cache.cpp │ ├── tilelink_l2_broadcast.cpp │ ├── tilelink_l2_cache.cpp │ └── tilelink_two_port_dut.h ├── ivy ├── README.md ├── __init__.py ├── client_server_example.py ├── concept.py ├── concept_alpha.py ├── concept_interactive_session.py ├── cy_elements.py ├── cy_render.py ├── cy_styles.py ├── dot_layout.py ├── general.py ├── include │ ├── 1.5 │ │ └── README │ ├── 1.6 │ │ ├── collections.ivy │ │ ├── order.ivy │ │ ├── tcp.ivy │ │ ├── timeout.ivy │ │ └── udp.ivy │ ├── 1.7 │ │ ├── arith.ivy │ │ ├── collections.ivy │ │ ├── collections_impl.ivy │ │ ├── deduction.ivy │ │ ├── deserializer.ivy │ │ ├── hash.ivy │ │ ├── io.ivy │ │ ├── ip.ivy │ │ ├── ip_packet.ivy │ │ ├── ip_raw.ivy │ │ ├── ip_wrapper.ivy │ │ ├── mc_schemata.ivy │ │ ├── network.ivy │ │ ├── order.ivy │ │ ├── packet_wrapper.ivy │ │ ├── pcap.ivy │ │ ├── serdes.ivy │ │ ├── string.ivy │ │ ├── sys.ivy │ │ ├── tcp.ivy │ │ ├── tcp_host.ivy │ │ ├── tcp_impl.ivy │ │ ├── tcp_serdes.ivy │ │ ├── timeout.ivy │ │ ├── tls.ivy │ │ ├── tls_gnutls.ivy │ │ ├── tls_impl.ivy │ │ ├── tls_msg.ivy │ │ ├── tls_picotls.ivy │ │ ├── udp.ivy │ │ └── udp_impl.ivy │ └── 1.8 │ │ ├── arith.ivy │ │ ├── collections.ivy │ │ ├── collections_impl.ivy │ │ ├── deduction.ivy │ │ ├── deserializer.ivy │ │ ├── hash.ivy │ │ ├── io.ivy │ │ ├── ip.ivy │ │ ├── ip_packet.ivy │ │ ├── ip_raw.ivy │ │ ├── ip_wrapper.ivy │ │ ├── mc_schemata.ivy │ │ ├── network.ivy │ │ ├── numbers.ivy │ │ ├── order.ivy │ │ ├── packet_wrapper.ivy │ │ ├── pcap.ivy │ │ ├── serdes.ivy │ │ ├── string.ivy │ │ ├── sys.ivy │ │ ├── tcp.ivy │ │ ├── tcp_host.ivy │ │ ├── tcp_impl.ivy │ │ ├── tcp_serdes.ivy │ │ ├── timeout.ivy │ │ ├── tls.ivy │ │ ├── tls_gnutls.ivy │ │ ├── tls_impl.ivy │ │ ├── tls_msg.ivy │ │ ├── tls_picotls.ivy │ │ ├── udp.ivy │ │ └── udp_impl.ivy ├── interrupt_context.py ├── iupdr.py ├── ivy.py ├── ivy2.py ├── ivy2 │ ├── analysis.ivy │ ├── ast.ivy │ ├── ast2.ivy │ ├── cpplang.ivy │ ├── error.ivy │ ├── include │ │ ├── arith.ivy │ │ ├── collections.ivy │ │ ├── hash.ivy │ │ ├── io.ivy │ │ ├── ivy.ivy │ │ ├── order.ivy │ │ ├── string.ivy │ │ └── sys.ivy │ ├── ivy.h │ ├── ivy_to_cpp.ivy │ ├── ivy_to_cpp_test.ivy │ ├── ivyc_s1.ivy │ ├── ivyc_s2.ivy │ ├── ivyc_s3.ivy │ ├── ivylang.ivy │ ├── lang.ivy │ ├── logic.ivy │ ├── pass_flat.ivy │ ├── pass_typeinfer.ivy │ ├── reader.ivy │ ├── s1 │ │ ├── README.md │ │ ├── analysis.ivy │ │ ├── cpplang.ivy │ │ ├── error.ivy │ │ ├── include │ │ │ ├── arith.ivy │ │ │ ├── collections.ivy │ │ │ ├── hash.ivy │ │ │ ├── io.ivy │ │ │ ├── ivy.h │ │ │ ├── ivy.ivy │ │ │ ├── order.ivy │ │ │ ├── string.ivy │ │ │ └── sys.ivy │ │ ├── ivy_to_cpp.ivy │ │ ├── ivyc_s1.cpp │ │ ├── ivyc_s1.h │ │ ├── ivyc_s1.ivy │ │ ├── ivylang.ivy │ │ ├── lang.ivy │ │ ├── logic.ivy │ │ ├── pass_flat.ivy │ │ ├── pass_typeinfer.ivy │ │ ├── reader.ivy │ │ ├── syntax.ivy │ │ └── typeinf.ivy │ ├── s2 │ │ ├── README.md │ │ ├── analysis.ivy │ │ ├── cpplang.ivy │ │ ├── error.ivy │ │ ├── include │ │ │ ├── arith.ivy │ │ │ ├── collections.ivy │ │ │ ├── hash.ivy │ │ │ ├── io.ivy │ │ │ ├── ivy.h │ │ │ ├── ivy.ivy │ │ │ ├── order.ivy │ │ │ ├── string.ivy │ │ │ └── sys.ivy │ │ ├── ivy_to_cpp.ivy │ │ ├── ivyc_s2.cpp │ │ ├── ivyc_s2.ivy │ │ ├── ivylang.ivy │ │ ├── lang.ivy │ │ ├── logic.ivy │ │ ├── pass_flat.ivy │ │ ├── pass_typeinfer.ivy │ │ ├── reader.ivy │ │ ├── syntax.ivy │ │ └── typeinf.ivy │ ├── s3 │ │ ├── README.md │ │ ├── analysis.ivy │ │ ├── cpplang.ivy │ │ ├── error.ivy │ │ ├── include │ │ │ ├── arith.ivy │ │ │ ├── collections.ivy │ │ │ ├── hash.ivy │ │ │ ├── io.ivy │ │ │ ├── ivy.h │ │ │ ├── ivy.ivy │ │ │ ├── order.ivy │ │ │ ├── std.ivy │ │ │ ├── string.ivy │ │ │ └── sys.ivy │ │ ├── ivy_to_cpp.ivy │ │ ├── ivyc_s3.cpp │ │ ├── ivyc_s3.ivy │ │ ├── ivylang.ivy │ │ ├── lang.ivy │ │ ├── logic.ivy │ │ ├── pass_flat.ivy │ │ ├── pass_typeinfer.ivy │ │ ├── reader.ivy │ │ ├── syntax.ivy │ │ └── typeinf.ivy │ ├── stage2.py │ ├── stage3.py │ ├── stage4.py │ ├── stage4save.src │ ├── stage5.py │ ├── stage5.src │ ├── stage6.py │ ├── stage6.src │ ├── stage7.py │ ├── stage7.src │ ├── syntax.ivy │ ├── test1.py │ ├── test1.src │ ├── test_ivylang.ivy │ ├── test_lang.ivy │ ├── test_pass_flat.ivy │ ├── test_pass_typeinfer.ivy │ ├── test_reader.ivy │ ├── test_syntax.ivy │ └── typeinf.ivy ├── ivy_actions.py ├── ivy_alpha.py ├── ivy_art.py ├── ivy_ast.py ├── ivy_auto_inst.py ├── ivy_bmc.py ├── ivy_check.py ├── ivy_compiler.py ├── ivy_concept_space.py ├── ivy_congclos.py ├── ivy_core.py ├── ivy_cpp.py ├── ivy_cpp_types.py ├── ivy_dafny_ast.py ├── ivy_dafny_compiler.py ├── ivy_dafny_grammar.py ├── ivy_dafny_lexer.py ├── ivy_dafny_parser.py ├── ivy_dump.py ├── ivy_ev_parser.py ├── ivy_ev_viewer.py ├── ivy_fragment.py ├── ivy_graph.py ├── ivy_graph_ui.py ├── ivy_graphviz.py ├── ivy_init.py ├── ivy_interp.py ├── ivy_isolate.py ├── ivy_l2s.py ├── ivy_launch.py ├── ivy_lexer.py ├── ivy_libs.py ├── ivy_logic.py ├── ivy_logic_parser.py ├── ivy_logic_parser_gen.py ├── ivy_logic_utils.py ├── ivy_mc.py ├── ivy_module.py ├── ivy_parser.py ├── ivy_printer.py ├── ivy_proof.py ├── ivy_resolution.py ├── ivy_shell.py ├── ivy_show.py ├── ivy_smtlib.py ├── ivy_solver.py ├── ivy_tactics.py ├── ivy_temporal.py ├── ivy_theory.py ├── ivy_to_cpp.py ├── ivy_to_lean.py ├── ivy_to_md.py ├── ivy_trace.py ├── ivy_transrel.py ├── ivy_ui.py ├── ivy_ui_cti.py ├── ivy_ui_none.py ├── ivy_ui_util.py ├── ivy_union_find.py ├── ivy_unitres.py ├── ivy_updr.py ├── ivy_utils.py ├── ivy_vmt.py ├── js │ ├── widget_cy_graph.js │ ├── widget_cy_graph_iframe.html │ ├── widget_cy_graph_iframe.js │ ├── widget_dialog.js │ ├── widget_modal.js │ └── widget_modal_messages.js ├── logic.py ├── logic_util.py ├── proof.py ├── tactics.py ├── tactics_api.py ├── tk_cy.py ├── tk_graph_ui.py ├── tk_ui.py ├── token_counter.py ├── type_inference.py ├── ui_extensions_api.py ├── utils │ ├── __init__.py │ ├── immutables.py │ ├── recstruct_object.py │ ├── rectagtuple.py │ ├── try1.py │ ├── try11.py │ ├── try2.py │ └── try3.py ├── widget_analysis_session.py ├── widget_cy_graph.py ├── widget_dialog.py ├── widget_modal.py ├── widget_modal_messages.py └── z3_utils.py ├── lib └── emacs │ └── ivy-mode.el ├── license.txt ├── notebooks ├── Test.ipynb ├── bspline.ipynb ├── clear_outputs ├── client_server_demo.ipynb ├── client_server_demo_menus.ipynb ├── concept_graph.ipynb ├── flexboxes_bug.ipynb ├── hotel_with_ins.ivy.ipynb ├── iframes.ipynb ├── ivy12.ipynb ├── start_notebook_server ├── updr.ipynb ├── updr_leader.ipynb └── updr_leader_dialogs.ipynb ├── scripts └── setup │ ├── debian.sh │ ├── git.sh │ ├── python.sh │ ├── submodules.sh │ ├── userland.sh │ ├── vagrant.sh │ └── z3.sh ├── setup.py ├── test ├── .gitignore ├── Makefile ├── SCP_problem_simplified.ivy ├── SCP_problem_simplified_2.ivy ├── SC_2.ivy ├── action1.ivy ├── afterinit1.py ├── afterinit2.py ├── annot1.ivy ├── append3.ivy ├── arith_nat.ivy ├── arm_rules3.ivy ├── around1.ivy ├── array.ivy ├── array1.ivy ├── array2.ivy ├── array_inplace.ivy ├── arraygen.ivy ├── asgeir1.ivy ├── asgeir2.ivy ├── asgeir3.ivy ├── asgn_call1.ivy ├── assertpf1.ivy ├── assertpf2.ivy ├── assertpf3.ivy ├── assumetactic1.ivy ├── auto1.ivy ├── badmethodcall.ivy ├── badrecursion1.ivy ├── badwith1.ivy ├── before1.py ├── big.ivy ├── callback.ivy ├── capture1.ivy ├── capture2.ivy ├── capture3.ivy ├── capture4.ivy ├── capture5.ivy ├── check1.ivy ├── check1.py ├── circdef1.ivy ├── client_server1.py ├── client_server2.py ├── client_server3.py ├── client_server4.py ├── client_server5.py ├── client_server6.py ├── client_server_mc.ivy ├── client_server_mc2.ivy ├── client_server_mc3.ivy ├── client_server_mc_finite1.ivy ├── comp_liveness1.ivy ├── conjpf1.ivy ├── constructor.ivy ├── cont1.ivy ├── cont2.ivy ├── cont2a.ivy ├── cont2b.ivy ├── cosmos_path.ivy ├── crash1.ivy ├── crashpong1.ivy ├── crashpong2.ivy ├── creport.ivy ├── creport2.ivy ├── creport3.ivy ├── cut1.ivy ├── cut2.ivy ├── cut3.ivy ├── decreases1.ivy ├── decreases2.ivy ├── ded1.ivy ├── ded2.ivy ├── ded3.ivy ├── ded4.ivy ├── ded5.ivy ├── ded6.ivy ├── ded7.ivy ├── ded8.ivy ├── defcond1.ivy ├── derived1.ivy ├── derived2.ivy ├── derived3.ivy ├── derpar1.ivy ├── destructor1.py ├── detect_transitive.py ├── disk_token_ring.ivy ├── enum1.ivy ├── enum1.py ├── errflag1.ivy ├── ext1.ivy ├── ext_precond.ivy ├── failpass.ivy ├── fba.ivy ├── field1.ivy ├── finite_mc1.ivy ├── flash.ivy ├── flash.save.ivy ├── flash2.ivy ├── flash2_finite_mc.ivy ├── flash2_mc.ivy ├── flash_cubicle.ivy ├── flash_mc.ivy ├── frag1.ivy ├── frag10.ivy ├── frag11.ivy ├── frag12.ivy ├── frag13.ivy ├── frag14.ivy ├── frag15.ivy ├── frag16.ivy ├── frag17.ivy ├── frag18.ivy ├── frag19.ivy ├── frag2.ivy ├── frag3.ivy ├── frag4.ivy ├── frag5.ivy ├── frag6.ivy ├── frag7.ivy ├── frag8.ivy ├── frag9.ivy ├── fundef1.ivy ├── fundef2.ivy ├── gcd2.ivy ├── generating.ivy ├── genstruct.ivy ├── gnutlstest.cpp ├── havocmc.ivy ├── ibm-cache-N.ivy ├── ibm-cache-N_mc.ivy ├── ibm-cache-N_mc_error.ivy ├── ibm-cache-finite_mc.ivy ├── idem1.ivy ├── ifsome1.ivy ├── ifstar1.ivy ├── iftactic1.ivy ├── immutable1.ivy ├── implement1.py ├── implies1.ivy ├── impltype1.ivy ├── include.ivy ├── inconsistent.ivy ├── ind1.ivy ├── ind2.ivy ├── ineqmacros.py ├── intbv1.ivy ├── interference1.py ├── interference2.py ├── interpdef1.ivy ├── introA.ivy ├── invar1.ivy ├── issue1.py ├── ite1.ivy ├── iterable1.ivy ├── iterable2.ivy ├── latebind1.ivy ├── leader_election_ring_repl.ivy ├── lean1.ivy ├── learning_switch1.ivy ├── lettac1.ivy ├── liveness1.ivy ├── liveness2.ivy ├── liveness_mc1.ivy ├── map1.ivy ├── marcelo2.ivy ├── marcelo3.ivy ├── marcelo3a.ivy ├── marcelo4.ivy ├── marcelo6.ivy ├── marcelocrash1.ivy ├── marcelocrash2.ivy ├── marcelocrash3.ivy ├── match1.ivy ├── matching.ivy ├── mc1.ivy ├── mc2.ivy ├── mc3.ivy ├── mc4.ivy ├── mc5.ivy ├── mc6.ivy ├── mcassert1.ivy ├── mcite.ivy ├── mcleq1.ivy ├── multiBftAbstract.ivy ├── naming1.ivy ├── nat1.ivy ├── nat2.ivy ├── native.py ├── native │ ├── .gitignore │ ├── Makefile │ └── test.ivy ├── nesteddestr1.py ├── numeral1.ivy ├── oddeven.ivy ├── oddeven2.ivy ├── oddeven3.ivy ├── oddeven4.ivy ├── odedbug1.ivy ├── old1.ivy ├── old2.ivy ├── old3.ivy ├── ordered_set.ivy ├── outparam1.ivy ├── parameter1.ivy ├── parameter2.ivy ├── parameter3.ivy ├── paramiso.ivy ├── passtype.ivy ├── pathname.ivy ├── paxos-fol.ivy ├── pcap1.ivy ├── polycycle1.ivy ├── pretty.py ├── private1.py ├── projections.py ├── property1.py ├── proving1.ivy ├── proving2.ivy ├── proving3.ivy ├── proving4.ivy ├── proving5.ivy ├── proving6.ivy ├── proving7.ivy ├── proving7a.ivy ├── proving8.ivy ├── proving9.ivy ├── proving9a.ivy ├── proving9b.ivy ├── proving9c.ivy ├── queue.ivy ├── quic_deser.ivy ├── recursion1.ivy ├── rel1.ivy ├── relarray.ivy ├── run_expects.py ├── runall ├── scen1.ivy ├── scen2.ivy ├── scen3.ivy ├── schema1.ivy ├── seg1.ivy ├── seg2.ivy ├── seg3.ivy ├── segment1.ivy ├── separate1.ivy ├── seqnum.ivy ├── skolem1.ivy ├── skolem2.ivy ├── skolem3.ivy ├── some.ivy ├── some1.py ├── somemax.ivy ├── somemin.ivy ├── spec1.ivy ├── sqrt2b.ivy ├── strat1.ivy ├── strat2.ivy ├── strat3.ivy ├── strat4.ivy ├── strbv1.ivy ├── string1.py ├── strip1.py ├── stripinit1.ivy ├── strlit1.ivy ├── strlit1.py ├── struct1.ivy ├── tc1.ivy ├── tcp_test.ivy ├── temp.ivy ├── temporal1.ivy ├── temporal2.ivy ├── temporal3.ivy ├── temporal4.ivy ├── temporal5.ivy ├── temporal6.ivy ├── test1.iev ├── test_a.ivy ├── test_array.ivy ├── test_lexer.ivy ├── test_liveness.ivy ├── test_liveness2.ivy ├── test_map.ivy ├── testout.ivy ├── theorem1.ivy ├── theorem2.ivy ├── theorem3.ivy ├── theorem4.ivy ├── theorem5.ivy ├── theorem6.ivy ├── theory1.ivy ├── thing.ivy ├── this1.ivy ├── this2.ivy ├── thunk1.ivy ├── thunk2.ivy ├── thunk3.ivy ├── tilelink_unit_test.sh ├── tls1.ivy ├── tls2.ivy ├── toma1_mc.ivy ├── toma8.ivy ├── toma8_mc.ivy ├── toy_consensus_mc.ivy ├── trace1.ivy ├── trace2.ivy ├── trace3.ivy ├── trace4.ivy ├── trace5.ivy ├── trans.ivy ├── transitive.py ├── trim.ivy ├── typedot.py ├── typethis1.ivy ├── udp6_test_array.ivy ├── udp_test_array.ivy ├── udp_test_struct.ivy ├── unprovable1.ivy ├── unroll1.ivy ├── var1.ivy ├── vardot.ivy ├── variant1.ivy ├── variant2.ivy ├── vcgen1.ivy ├── vcgen2.ivy ├── vsync_paxos.ivy ├── vsync_paxos_save.ivy ├── vsync_paxos_temp.ivy ├── vsync_paxos_test.ivy ├── while1.ivy ├── whileexists1.ivy ├── whilesome1.ivy ├── whilesome2.ivy └── yacc1.ivy └── vs └── ext ├── BraceMatching.cs ├── BufferIdleEventUtil.cs ├── ClassificationTagger.cs ├── ContentType.cs ├── DafnyDriver.cs ├── ErrorModelTagger.cs ├── ErrorTagger.cs ├── GlobalSuppressions.cs ├── HoverText.cs ├── IdentifierTagger.cs ├── IvyExtension.csproj ├── IvyExtension.sln ├── KeyBindingFilter.cs ├── MenuProxy.cs ├── OutliningTagger.cs ├── ProgressMargin.cs ├── Properties └── AssemblyInfo.cs ├── ResolverTagger.cs ├── TokenTagger.cs ├── WordHighlighter.cs ├── packages.config └── source.extension.vsixmanifest /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set default behaviour, in case users don't have core.autocrlf set. 2 | * text=auto 3 | 4 | *.sh eol=lf 5 | 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *~ 3 | .ipynb_checkpoints 4 | 5 | ######################## 6 | # Python Lex Yacc files 7 | ######################## 8 | *_parsetab.py 9 | ivy_formulatab.py 10 | ivy_parsetab.py 11 | ivy_termtab.py 12 | 13 | ######################## 14 | # LATEX temp files 15 | ######################## 16 | *.aux 17 | *.log 18 | *.nav 19 | *.out 20 | *.snm 21 | *.toc 22 | 23 | # Python setup creates this 24 | ms_ivy.egg-info 25 | build 26 | dist 27 | 28 | # vagrant 29 | /.vagrant 30 | 31 | # Temporary files are put in directories called temp 32 | temp 33 | 34 | # The file 'specs' is generated by ivy_libs 35 | specs 36 | 37 | # These are library directories 38 | gnutls 39 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "submodules/z3"] 2 | path = submodules/z3 3 | url = https://github.com/kenmcmil/z3.git 4 | [submodule "submodules/picotls"] 5 | path = submodules/picotls 6 | url = https://github.com/h2o/picotls.git 7 | [submodule "submodules/aiger"] 8 | path = submodules/aiger 9 | url = http://github.com/arminbiere/aiger 10 | [submodule "submodules/abc"] 11 | path = submodules/abc 12 | url = https://github.com/kenmcmil/abc 13 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | // Place your settings in this file to overwrite default and user settings. 2 | { 3 | "files.exclude": { 4 | "**/.vagrant": true, 5 | "**/.vs": true, 6 | "**/*.egg-info": true, 7 | "**/*.pyc": true, 8 | "**/dist": true, 9 | "**/tags": true 10 | }, 11 | "[python]": { 12 | "editor.defaultFormatter": "ms-python.autopep8" 13 | }, 14 | "python.formatting.provider": "none" 15 | } 16 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | Ivy needs: 2 | 3 | python 2.7 4 | IPython 3.2 5 | ply (python lex yacc) 6 | Z3 python interface (import z3 should work) 7 | pygraphviz 1.3.1 (which requires graphviz) 8 | 9 | symbolic link (linux) or directory junction (windows) from ~/.ipython/nbextensions/ivy to ivy2/ivy 10 | 11 | On windows, the best way to get IPython and ply is to install Anaconda: http://continuum.io/downloads 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ivy 2 | 3 | IVy is a research tool intended to allow interactive development of 4 | protocols and their proofs of correctness and to provide a platform 5 | for developing and experimenting with automated proof techniques. In 6 | particular, IVy provides interactive visualization of automated 7 | proofs, and supports a use model in which the human protocol designer 8 | and the automated tool interact to expose errors and prove 9 | correctness. 10 | 11 | ## Further Reading 12 | 13 | For further information on IVy, see [the IVy web site](http://kenmcmil.github.io/ivy/). 14 | -------------------------------------------------------------------------------- /bin/ivy_test: -------------------------------------------------------------------------------- 1 | #/bin/sh 2 | 3 | export PYTHONPATH=$Z3DIR/bin:$Z3DIR/lib/python2.7/dist-packages:$IVYDIR/ivy/core:$IVYDIR/ivy/tkui:$IVYDIR/ivy 4 | 5 | python $@ 6 | -------------------------------------------------------------------------------- /doc/.gitignore: -------------------------------------------------------------------------------- 1 | # these are the files generated by Jekyll 2 | _site 3 | .sass-cache 4 | *~ 5 | -------------------------------------------------------------------------------- /doc/_includes/contents.html: -------------------------------------------------------------------------------- 1 |
2 | 8 |
9 | -------------------------------------------------------------------------------- /doc/_includes/contents_ul.html: -------------------------------------------------------------------------------- 1 | 8 | -------------------------------------------------------------------------------- /doc/_includes/icon-github.html: -------------------------------------------------------------------------------- 1 | {% include icon-github.svg %}{{ include.username }} 2 | -------------------------------------------------------------------------------- /doc/_includes/icon-twitter.html: -------------------------------------------------------------------------------- 1 | {% include icon-twitter.svg %}{{ include.username }} 2 | -------------------------------------------------------------------------------- /doc/_includes/icon-twitter.svg: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /doc/_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {% include head.html %} 5 | 6 | 7 | 8 | {% include header.html %} 9 | 10 |
11 |
12 | {{ content }} 13 |
14 |
15 | 16 | {% include footer.html %} 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /doc/_layouts/page.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 | 5 |
6 | 7 |
8 | 9 | 10 |
11 | 12 |
13 |

{{ page.title }}

14 |
15 | 16 |
17 | {{ content }} 18 |
19 | 20 |
21 | 22 |
23 | 24 | {% include contents.html %} 25 | 26 |
27 | 28 |
29 | 30 | -------------------------------------------------------------------------------- /doc/_layouts/post.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 |
5 | 6 |
7 |

{{ page.title }}

8 |

{% if page.author %} • {% endif %}

9 |
10 | 11 |
12 | {{ content }} 13 |
14 | 15 |
16 | -------------------------------------------------------------------------------- /doc/credits.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: page 3 | title: Credits 4 | tags: "top-nav" 5 | --- 6 | 7 | The following people have contributed ideas, code or examples to IVy. 8 | 9 | * [Ken McMillan](http://kenmcmil.com), Microsoft Research 10 | * Oded Padon, Tel Aviv University 11 | * [Aurojit Panda](https://www.eecs.berkeley.edu/~apanda/), UC Berkeley 12 | * [Mooly Sagiv](https://www.cs.tau.ac.il/~msagiv/), Tel Aviv University 13 | * [Sharon Shoham](http://www2.mta.ac.il/~sharon.shoham/), Academic College of Tel Aviv Yaffo 14 | 15 | -------------------------------------------------------------------------------- /doc/deploy: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | TMPDIR=`mktemp -d /tmp/tmp.XXXXXX` 4 | echo Checking out sources in $TMPDIR 5 | 6 | pushd $TMPDIR 7 | git clone https://github.com/kenmcmil/ivy.git 8 | cd ivy 9 | git checkout gh-pages 10 | git rm -r * 11 | WEBSITE=`pwd` 12 | 13 | pushd 14 | cp -a * $WEBSITE 15 | 16 | pushd 17 | rm *~ 18 | rm -rf _site 19 | git add * 20 | git status 21 | git commit -m 'copied from master' 22 | git push origin gh-pages 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /doc/examples/.gitignore: -------------------------------------------------------------------------------- 1 | *.cpp 2 | *.h 3 | helloworld 4 | account 5 | account2 6 | account3 7 | leader_election_ring 8 | leader_election_ring_repl 9 | udp 10 | leader_election_ring_udp 11 | leader_election_ring_udp2 12 | paraminit 13 | paraminit3 14 | timeout_test 15 | udp_test 16 | udp_test2 17 | udp_test_struct 18 | udp_test_array 19 | interference 20 | token_ring 21 | delmap_test 22 | -------------------------------------------------------------------------------- /doc/examples/MSV/libz3.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/MSV/libz3.dll -------------------------------------------------------------------------------- /doc/examples/MSV/seqnum.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | 5 | module sequence_numbers = { 6 | 7 | type t 8 | 9 | instance iter : order_iterator_impl(this) 10 | 11 | action next(seq:t) returns (res:t) 12 | 13 | interpret t->bv[8] 14 | implement next { 15 | res := seq + 1 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /doc/examples/Makefile: -------------------------------------------------------------------------------- 1 | %.cpp: %.ivy 2 | ivy_to_cpp target=repl isolate=iso_impl $< 3 | 4 | %: %.cpp 5 | g++ -g -o $@ $< 6 | grep -xq "$@" .gitignore || echo $@ >> .gitignore 7 | 8 | .PRECIOUS: %.cpp 9 | -------------------------------------------------------------------------------- /doc/examples/account.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type money 4 | 5 | function (X:money + Y:money) : money 6 | 7 | object account = { 8 | 9 | individual balance : money 10 | init balance = 0 11 | 12 | action deposit(x:money) = { 13 | balance := balance + x 14 | } 15 | 16 | action withdraw(x:money) = { 17 | balance := balance - x 18 | } 19 | 20 | action get_balance returns(x:money) = { 21 | x := balance 22 | } 23 | } 24 | 25 | export account.deposit 26 | export account.withdraw 27 | export account.get_balance 28 | 29 | interpret money -> bv[16] 30 | -------------------------------------------------------------------------------- /doc/examples/account2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type money 4 | 5 | function (X:money + Y:money) : money 6 | 7 | object account = { 8 | 9 | individual balance : money 10 | init balance = 0 11 | 12 | action deposit(x:money) = { 13 | balance := balance + x 14 | } 15 | 16 | action withdraw(x:money) = { 17 | balance := balance - x 18 | } 19 | 20 | action get_balance returns(x:money) = { 21 | x := balance 22 | } 23 | 24 | object spec = { 25 | before deposit { 26 | assert balance + x >= balance 27 | } 28 | before withdraw { 29 | assert x <= balance 30 | } 31 | } 32 | 33 | } 34 | 35 | export account.deposit 36 | export account.withdraw 37 | export account.get_balance 38 | 39 | interpret money -> bv[16] 40 | -------------------------------------------------------------------------------- /doc/examples/account2_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('account.withdraw(4)') 10 | child.expect('assumption failed') 11 | return True 12 | except pexpect.EOF: 13 | print(child.before) 14 | return False 15 | -------------------------------------------------------------------------------- /doc/examples/account3_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('account.deposit(5)') 10 | child.expect('>') 11 | child.sendline('ask_and_check_balance') 12 | child.expect('ask') 13 | child.expect(r'\?') 14 | child.sendline('4') 15 | child.expect('1') 16 | child.expect('>') 17 | child.sendline('ask_and_check_balance') 18 | child.expect('ask') 19 | child.expect(r'\?') 20 | child.sendline('6') 21 | child.expect('0') 22 | return True 23 | except pexpect.EOF: 24 | print(child.before) 25 | return False 26 | -------------------------------------------------------------------------------- /doc/examples/array1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | type t 6 | 7 | instance arr : array(t,t) 8 | 9 | action tabulate(max : t) returns (res:arr.t) = { 10 | local i:t { 11 | i := 0; 12 | res := arr.create(max,0); 13 | while i < max { 14 | res := arr.set(res,i,i*i); 15 | i := i + 1 16 | } 17 | } 18 | } 19 | 20 | interpret t -> int 21 | export tabulate 22 | extract iso_impl = tabulate, arr 23 | 24 | -------------------------------------------------------------------------------- /doc/examples/client_server_example.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type client 4 | type server 5 | 6 | relation link(X:client, Y:server) 7 | relation semaphore(X:server) 8 | 9 | after init { 10 | semaphore(W) := true; 11 | link(X,Y) := false 12 | } 13 | 14 | action connect(x:client,y:server) = { 15 | require semaphore(y); 16 | link(x,y) := true; 17 | semaphore(y) := false 18 | } 19 | 20 | action disconnect(x:client,y:server) = { 21 | require link(x,y); 22 | link(x,y) := false; 23 | semaphore(y) := true 24 | } 25 | 26 | invariant ~(X ~= Z & link(X,Y) & link(Z,Y)) 27 | 28 | export connect 29 | export disconnect 30 | 31 | # Add this to prove the invariant 32 | 33 | private { 34 | invariant ~(link(X,Y) & semaphore(Y)) 35 | } 36 | -------------------------------------------------------------------------------- /doc/examples/client_server_example_mc2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type client 4 | type server 5 | 6 | relation link(X:client, Y:server) 7 | relation semaphore(X:server) 8 | 9 | after init { 10 | semaphore(W) := true; 11 | link(X,Y) := false 12 | } 13 | 14 | action connect(x:client,y:server) = { 15 | require semaphore(y); 16 | link(x,y) := true; 17 | semaphore(y) := false 18 | } 19 | 20 | action disconnect(x:client,y:server) = { 21 | require link(x,y); 22 | link(x,y) := false; 23 | semaphore(y) := true 24 | } 25 | 26 | invariant link(X,Y) & link(Z,Y) -> X = Z 27 | 28 | export connect 29 | export disconnect 30 | 31 | include mc_schemata 32 | attribute method = mc 33 | -------------------------------------------------------------------------------- /doc/examples/client_server_example_mv.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type client 4 | type server 5 | 6 | relation link(X:client, Y:server) 7 | relation semaphore(X:server) 8 | 9 | after init { 10 | semaphore(W) := true; 11 | link(X,Y) := false 12 | } 13 | 14 | action connect(x:client,y:server) = { 15 | # require semaphore(y); 16 | 17 | link(x,y) := true; 18 | semaphore(y) := false 19 | } 20 | 21 | action disconnect(x:client,y:server) = { 22 | require link(x,y); 23 | link(x,y) := false; 24 | semaphore(y) := true 25 | } 26 | 27 | invariant link(X,Y) & link(Z,Y) -> X = Z 28 | 29 | export connect 30 | export disconnect 31 | 32 | interpret client -> {0..2} 33 | interpret server -> {0..1} 34 | 35 | attribute method = mc 36 | -------------------------------------------------------------------------------- /doc/examples/client_server_example_new.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type client 4 | type server 5 | 6 | relation link(X:client, Y:server) 7 | relation semaphore(X:server) 8 | 9 | after init { 10 | semaphore(W) := true; 11 | link(X,Y) := false 12 | } 13 | 14 | action connect(x:client,y:server) = { 15 | require semaphore(y); 16 | link(x,y) := true; 17 | semaphore(y) := false 18 | } 19 | 20 | action disconnect(x:client,y:server) = { 21 | require link(x,y); 22 | link(x,y) := false; 23 | semaphore(y) := true 24 | } 25 | 26 | invariant ~(X ~= Z & link(X,Y) & link(Z,Y)) 27 | 28 | export connect 29 | export disconnect 30 | 31 | # Add this to prove the invariant 32 | 33 | #private { 34 | # invariant ~(link(X,Y) & semaphore(Y)) 35 | #} 36 | -------------------------------------------------------------------------------- /doc/examples/helloworld.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | action world 4 | 5 | action hello = { 6 | call world 7 | } 8 | 9 | export hello 10 | import world 11 | -------------------------------------------------------------------------------- /doc/examples/helloworld_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('hello') 10 | child.expect('< world') 11 | return True 12 | except pexpect.EOF: 13 | print(child.before) 14 | return False 15 | -------------------------------------------------------------------------------- /doc/examples/images/client_server1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server1.png -------------------------------------------------------------------------------- /doc/examples/images/client_server10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server10.png -------------------------------------------------------------------------------- /doc/examples/images/client_server11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server11.png -------------------------------------------------------------------------------- /doc/examples/images/client_server12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server12.png -------------------------------------------------------------------------------- /doc/examples/images/client_server13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server13.png -------------------------------------------------------------------------------- /doc/examples/images/client_server14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server14.png -------------------------------------------------------------------------------- /doc/examples/images/client_server15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server15.png -------------------------------------------------------------------------------- /doc/examples/images/client_server16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server16.png -------------------------------------------------------------------------------- /doc/examples/images/client_server17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server17.png -------------------------------------------------------------------------------- /doc/examples/images/client_server18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server18.png -------------------------------------------------------------------------------- /doc/examples/images/client_server19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server19.png -------------------------------------------------------------------------------- /doc/examples/images/client_server2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server2.png -------------------------------------------------------------------------------- /doc/examples/images/client_server20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server20.png -------------------------------------------------------------------------------- /doc/examples/images/client_server21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server21.png -------------------------------------------------------------------------------- /doc/examples/images/client_server22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server22.png -------------------------------------------------------------------------------- /doc/examples/images/client_server23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server23.png -------------------------------------------------------------------------------- /doc/examples/images/client_server24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server24.png -------------------------------------------------------------------------------- /doc/examples/images/client_server25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server25.png -------------------------------------------------------------------------------- /doc/examples/images/client_server26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server26.png -------------------------------------------------------------------------------- /doc/examples/images/client_server27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server27.png -------------------------------------------------------------------------------- /doc/examples/images/client_server3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server3.png -------------------------------------------------------------------------------- /doc/examples/images/client_server4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server4.png -------------------------------------------------------------------------------- /doc/examples/images/client_server5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server5.png -------------------------------------------------------------------------------- /doc/examples/images/client_server6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server6.png -------------------------------------------------------------------------------- /doc/examples/images/client_server7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server7.png -------------------------------------------------------------------------------- /doc/examples/images/client_server8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server8.png -------------------------------------------------------------------------------- /doc/examples/images/client_server9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server9.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new1.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new10.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new11.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new12.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new2.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new3.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new4.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new5.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new6.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new7.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new8.png -------------------------------------------------------------------------------- /doc/examples/images/client_server_new9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/client_server_new9.png -------------------------------------------------------------------------------- /doc/examples/images/clinet_server21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/clinet_server21.png -------------------------------------------------------------------------------- /doc/examples/images/leader1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader1.png -------------------------------------------------------------------------------- /doc/examples/images/leader10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader10.png -------------------------------------------------------------------------------- /doc/examples/images/leader11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader11.png -------------------------------------------------------------------------------- /doc/examples/images/leader12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader12.png -------------------------------------------------------------------------------- /doc/examples/images/leader13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader13.png -------------------------------------------------------------------------------- /doc/examples/images/leader14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader14.png -------------------------------------------------------------------------------- /doc/examples/images/leader15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader15.png -------------------------------------------------------------------------------- /doc/examples/images/leader16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader16.png -------------------------------------------------------------------------------- /doc/examples/images/leader17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader17.png -------------------------------------------------------------------------------- /doc/examples/images/leader18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader18.png -------------------------------------------------------------------------------- /doc/examples/images/leader2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader2.png -------------------------------------------------------------------------------- /doc/examples/images/leader3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader3.png -------------------------------------------------------------------------------- /doc/examples/images/leader4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader4.png -------------------------------------------------------------------------------- /doc/examples/images/leader5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader5.png -------------------------------------------------------------------------------- /doc/examples/images/leader6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader6.png -------------------------------------------------------------------------------- /doc/examples/images/leader7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader7.png -------------------------------------------------------------------------------- /doc/examples/images/leader8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader8.png -------------------------------------------------------------------------------- /doc/examples/images/leader9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/images/leader9.png -------------------------------------------------------------------------------- /doc/examples/interference2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | individual bit : bool 6 | 7 | object foo(me:t) = { 8 | action flip = { 9 | bit := ~bit 10 | } 11 | } 12 | 13 | export foo.flip 14 | 15 | extract iso_foo(me:t) = foo(me) 16 | -------------------------------------------------------------------------------- /doc/examples/interference3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | individual bit(X:t) : bool 6 | 7 | object foo(me:t) = { 8 | action flip = { 9 | bit(me) := ~bit(me) 10 | } 11 | } 12 | 13 | export foo.flip 14 | 15 | extract iso_foo(me:t) = foo(me),bit(me) 16 | -------------------------------------------------------------------------------- /doc/examples/interference4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | individual bit(X:t) : bool 6 | 7 | object foo(me:t) = { 8 | action flip(x:t) = { 9 | bit(me) := ~bit(x) 10 | } 11 | } 12 | 13 | export foo.flip 14 | 15 | extract iso_foo(me:t) = foo(me),bit(me) 16 | -------------------------------------------------------------------------------- /doc/examples/leader_election_ring_repl_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('app.async(0)') 10 | child.expect(r'< trans.send\(1,1\)') 11 | child.expect('>') 12 | child.sendline('trans.recv(1,1)') 13 | child.expect(r'trans.send\(0,1\)') 14 | child.expect('>') 15 | child.sendline('trans.recv(0,1)') 16 | child.expect(r'serv.elect\(0\)') 17 | child.expect('>') 18 | child.sendline('trans.recv(0,0)') 19 | child.expect(r'assumption failed') 20 | return True 21 | except pexpect.EOF: 22 | print(child.before) 23 | return False 24 | -------------------------------------------------------------------------------- /doc/examples/leader_election_ring_repl_iso_impl_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('app.async(0)') 10 | child.expect(r'< trans.send\(1,1\)') 11 | child.expect('>') 12 | child.sendline('trans.recv(1,1)') 13 | child.expect(r'trans.send\(0,1\)') 14 | child.expect('>') 15 | child.sendline('trans.recv(0,1)') 16 | child.expect(r'serv.elect\(0\)') 17 | child.expect('>') 18 | child.sendline('trans.recv(1,0)') 19 | child.expect(r'serv.elect\(1\)') 20 | return True 21 | except pexpect.EOF: 22 | print(child.before) 23 | return False 24 | -------------------------------------------------------------------------------- /doc/examples/leader_election_ring_udp2_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = [pexpect.spawnu('./{} {}'.format(name,idx)) for idx in range(2)] 6 | for idx in range(2): 7 | child[idx].logfile = sys.stdout 8 | try: 9 | # child[0].expect('>') 10 | child[0].expect(r'< serv.elect') 11 | return True 12 | except pexpect.EOF: 13 | print(child.before) 14 | return False 15 | finally: 16 | for idx in range(2): 17 | try: 18 | child[idx].close() 19 | except: 20 | pass 21 | -------------------------------------------------------------------------------- /doc/examples/leader_election_ring_udp_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = [pexpect.spawnu('./{} {}'.format(name,idx)) for idx in range(2)] 6 | for idx in range(2): 7 | child[idx].logfile = sys.stdout 8 | try: 9 | child[0].expect('>') 10 | child[0].sendline('app.async') 11 | child[0].expect(r'< serv.elect') 12 | return True 13 | except pexpect.EOF: 14 | print(child.before) 15 | return False 16 | finally: 17 | for idx in range(2): 18 | try: 19 | child[idx].close() 20 | except: 21 | pass 22 | -------------------------------------------------------------------------------- /doc/examples/modparam_example.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | 3 | type id_t 4 | 5 | module thing(id) = { 6 | action my_id returns (x:id_t) = { 7 | x := id 8 | } 9 | } 10 | 11 | instance c(X:id_t) : thing(X) 12 | 13 | 14 | action a(id:id_t) = { 15 | assert c(id).my_id = id 16 | } 17 | -------------------------------------------------------------------------------- /doc/examples/object_example.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | 3 | object foo = { 4 | relation bit 5 | init ~bit 6 | action flip = { 7 | bit := ~bit 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /doc/examples/paraminit.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | object foo(me:t) = { 6 | individual bit:bool 7 | init ~bit 8 | 9 | action get_bit returns (x:bool) = { 10 | x := bit 11 | } 12 | } 13 | 14 | export foo.get_bit 15 | 16 | extract iso_foo(me:t) = foo(me) 17 | 18 | -------------------------------------------------------------------------------- /doc/examples/paraminit2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | object foo(me:t) = { 6 | individual bit:bool 7 | init bit <-> me = 0 8 | 9 | action get_bit returns (x:bool) = { 10 | x := bit 11 | } 12 | } 13 | 14 | export foo.get_bit 15 | 16 | extract iso_foo(me:t) = foo(me) 17 | 18 | -------------------------------------------------------------------------------- /doc/examples/paraminit3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | object foo(me:t) = { 6 | function bit:bool 7 | 8 | after init { 9 | bit := (me = 0) 10 | } 11 | 12 | action get_bit returns (x:bool) = { 13 | x := bit 14 | } 15 | } 16 | 17 | export foo.get_bit 18 | 19 | extract iso_foo(me:t) = foo(me) 20 | 21 | -------------------------------------------------------------------------------- /doc/examples/paraminit3_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{} 0'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('foo.get_bit') 10 | child.expect(r'= 1') 11 | except pexpect.EOF: 12 | print(child.before) 13 | return False 14 | finally: 15 | child.close() 16 | child = pexpect.spawnu('./{} 1'.format(name)) 17 | child.logfile = sys.stdout 18 | try: 19 | child.expect('>') 20 | child.sendline('foo.get_bit') 21 | child.expect(r'= 0') 22 | return True 23 | except pexpect.EOF: 24 | print(child.before) 25 | return False 26 | finally: 27 | child.close() 28 | 29 | -------------------------------------------------------------------------------- /doc/examples/paraminit_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{} 0'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('foo.get_bit') 10 | child.expect(r'= 0') 11 | return True 12 | except pexpect.EOF: 13 | print(child.before) 14 | return False 15 | finally: 16 | child.close() 17 | 18 | -------------------------------------------------------------------------------- /doc/examples/po_example.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | 3 | module po(t,lt) = { 4 | axiom lt(X:t,Y) & lt(Y,Z) -> lt(X,Z) 5 | axiom ~(lt(X:t,Y) & lt(Y,X)) 6 | } 7 | 8 | 9 | type foo 10 | relation (X:foo < Y:foo) 11 | 12 | instantiate po(foo,<) 13 | -------------------------------------------------------------------------------- /doc/examples/quic/.quic_packet.ivy.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/.quic_packet.ivy.swp -------------------------------------------------------------------------------- /doc/examples/quic/.quic_server_test.ivy.swo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/.quic_server_test.ivy.swo -------------------------------------------------------------------------------- /doc/examples/quic/.quic_server_test.ivy.swp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/.quic_server_test.ivy.swp -------------------------------------------------------------------------------- /doc/examples/quic/anomaly1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly1.pcap -------------------------------------------------------------------------------- /doc/examples/quic/anomaly10.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly10.out -------------------------------------------------------------------------------- /doc/examples/quic/anomaly10a.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly10a.out -------------------------------------------------------------------------------- /doc/examples/quic/anomaly10b.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly10b.out -------------------------------------------------------------------------------- /doc/examples/quic/anomaly16.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly16.log -------------------------------------------------------------------------------- /doc/examples/quic/anomaly6.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly6.log -------------------------------------------------------------------------------- /doc/examples/quic/anomaly7.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/anomaly7.log -------------------------------------------------------------------------------- /doc/examples/quic/anomaly8.log: -------------------------------------------------------------------------------- 1 | Starting PicoQUIC server on port 4443, server name = ::, just_once = 0, hrr= 0 2 | Server exit, ret = -1 3 | Server exit with code = -1 4 | -------------------------------------------------------------------------------- /doc/examples/quic/byte_stream.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # Byte streams 4 | # ============ 5 | # 6 | 7 | include collections 8 | 9 | # A byte is a vector of eight bits. 10 | 11 | type byte 12 | interpret byte -> bv[8] 13 | 14 | # A byte stream is an unbounded sequence of bytes of type `stream_data`, 15 | # indexed by type `stream_pos`. 16 | 17 | instance stream_pos : unbounded_sequence # stream position values 18 | instance stream_data : array(stream_pos,byte) # stream data 19 | 20 | -------------------------------------------------------------------------------- /doc/examples/quic/http_request_file.txt: -------------------------------------------------------------------------------- 1 | GET /index.html 2 | 3 | -------------------------------------------------------------------------------- /doc/examples/quic/http_response_file.txt: -------------------------------------------------------------------------------- 1 | foo 2 | -------------------------------------------------------------------------------- /doc/examples/quic/index.html: -------------------------------------------------------------------------------- 1 | foo 2 | -------------------------------------------------------------------------------- /doc/examples/quic/leaf_cert.pkcs8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/leaf_cert.pkcs8 -------------------------------------------------------------------------------- /doc/examples/quic/quic_interp.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | interpret cid -> bv[62] 4 | interpret version -> bv[32] 5 | interpret pkt_num -> bv[62] 6 | interpret error_code -> bv[16] 7 | interpret stream_id -> bv[32] 8 | -------------------------------------------------------------------------------- /doc/examples/quic/quic_locale.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include udp_impl 4 | include tls_msg 5 | 6 | # This file provides the interface to the test locale. This includes 7 | # two services: TLS 1.3 and UDP. 8 | 9 | object tls_api = { 10 | instance id : unbounded_sequence 11 | instance lower : tls_lower_intf(id,stream_data) 12 | instance upper : tls_intf(id,stream_pos,stream_data,lower,tls_extensions,tls_ser,pkt_num) 13 | } 14 | 15 | instance net : udp_impl(endpoint_id,prot.arr,quic_prot_ser,quic_prot_deser) 16 | 17 | -------------------------------------------------------------------------------- /doc/examples/quic/quic_server_test_connection_close.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include quic_server_test 4 | 5 | export frame.connection_close.handle 6 | 7 | attribute frame.connection_close.handle.weight = "0.2" 8 | 9 | -------------------------------------------------------------------------------- /doc/examples/quic/quic_server_test_reset_stream.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include quic_server_test 4 | 5 | export frame.rst_stream.handle 6 | 7 | -------------------------------------------------------------------------------- /doc/examples/quic/quic_server_test_stream.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include quic_server_test 4 | 5 | attribute frame.crypto.handle.weight = "5" 6 | attribute frame.path_response.handle.weight = "5" 7 | -------------------------------------------------------------------------------- /doc/examples/quic/quic_stream.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include byte_stream 4 | include quic_types 5 | 6 | # QUIC Streams 7 | # ------------ 8 | 9 | # A connection is associated with a collection of streams, each of 10 | # which has a associated stream identifier, or `stream_id` that is 11 | # unique within the connection. A stream id is a 32-bit unsigned 12 | # number. 13 | 14 | type stream_id # stream identifier 15 | 16 | function get_stream_kind(S:stream_id) = 17 | unidir if bfe[1][1](S) = bit.one else bidir 18 | 19 | function get_stream_role(S:stream_id) = 20 | role.server if bfe[0][0](S) = bit.one else role.client 21 | -------------------------------------------------------------------------------- /doc/examples/quic/tls_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | 4 | include order 5 | include collections 6 | include tls 7 | 8 | 9 | instance idx : unbounded_sequence 10 | type byte 11 | instance bytes : array(idx,byte) 12 | interpret byte -> bv[8] 13 | type cid 14 | 15 | type extens 16 | type exten_ser 17 | 18 | instance lower : tls_lower_intf(cid,bytes) 19 | instance upper : tls_intf(cid,idx,bytes,lower,extens,exten_ser) 20 | 21 | import lower.send 22 | export lower.recv 23 | export upper.send 24 | import upper.recv 25 | import upper.alert 26 | import upper.session_established 27 | export upper.key_material_export 28 | export upper.create 29 | export upper.destroy 30 | 31 | 32 | -------------------------------------------------------------------------------- /doc/examples/quic/traces/.gitattributes: -------------------------------------------------------------------------------- 1 | *.pcap binary 2 | -------------------------------------------------------------------------------- /doc/examples/quic/traces/conn_close.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/conn_close.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/emptySt6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/emptySt6.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/mycap4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/mycap4.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/quicfstar1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/quicfstar1.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/stream_reset.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/stream_reset.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/test3.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/test3.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/test4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/test4.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/test5.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/test5.pcap -------------------------------------------------------------------------------- /doc/examples/quic/traces/two_inits.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/quic/traces/two_inits.pcap -------------------------------------------------------------------------------- /doc/examples/rest/test_linmap.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include linmap 4 | 5 | type data_t 6 | type txid_t 7 | 8 | instantiate linmap(txid_t, data_t) 9 | 10 | export put 11 | export end_put 12 | export get 13 | export end_get 14 | 15 | interpret data_t -> int 16 | interpret txid_t -> bv[2] 17 | 18 | -------------------------------------------------------------------------------- /doc/examples/sht/.gitignore: -------------------------------------------------------------------------------- 1 | table_test 2 | trans_test 3 | sht 4 | -------------------------------------------------------------------------------- /doc/examples/sht/Makefile: -------------------------------------------------------------------------------- 1 | %.cpp: %.ivy 2 | ivy_to_cpp target=repl isolate=iso_impl $< 3 | 4 | %: %.cpp 5 | g++ -g -o $@ $< 6 | grep -xq "$@" .gitignore || echo $@ >> .gitignore 7 | 8 | .PRECIOUS: %.cpp -------------------------------------------------------------------------------- /doc/examples/sht/delmap_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include key 4 | include delmap 5 | 6 | type id 7 | 8 | instance dmap : delegation_map(key,id) 9 | 10 | export dmap.set 11 | export dmap.get 12 | 13 | object impl = { 14 | interpret id -> bv[1] 15 | interpret key.t -> bv[4] 16 | } 17 | 18 | isolate iso_dmap = dmap with key 19 | extract iso_impl = dmap, key, impl 20 | trusted isolate iso_test = dmap with key,impl 21 | -------------------------------------------------------------------------------- /doc/examples/sht/key.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | 5 | object key = { 6 | 7 | type t 8 | instance iter : order_iterator(this) 9 | 10 | object spec = { 11 | instantiate totally_ordered_with_zero(t) 12 | } 13 | 14 | object impl = { 15 | } 16 | 17 | } 18 | 19 | -------------------------------------------------------------------------------- /doc/examples/sht/seqnum.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | 5 | module sequence_numbers = { 6 | 7 | type t 8 | instance props : totally_ordered_with_zero(t) 9 | instance iter : order_iterator(this) 10 | 11 | action next(seq:t) returns (res:t) 12 | 13 | object spec = { 14 | 15 | after next { 16 | assume exists X. seq < X; 17 | assert seq < res & (X < res -> X <= seq) 18 | } 19 | } 20 | 21 | object impl = { 22 | interpret t->bv[16] 23 | implement next { 24 | res := seq + 1 25 | } 26 | } 27 | 28 | isolate iso_props = iter,props,spec,impl 29 | } 30 | -------------------------------------------------------------------------------- /doc/examples/sht/shard_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include key 4 | include shard 5 | 6 | 7 | type data 8 | 9 | instance shrd : table_shard(key,data) 10 | 11 | isolate iso_key = key with impl 12 | isolate iso_key_iter = key.iter with impl 13 | 14 | object impl = { 15 | interpret key.t -> bv[16] 16 | } 17 | 18 | 19 | export shrd.kvt.empty 20 | export shrd.kvt.get_key 21 | export shrd.kvt.get_value 22 | export shrd.kvt.append_pair 23 | 24 | -------------------------------------------------------------------------------- /doc/examples/sht/table_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include shard 4 | include table 5 | include key 6 | 7 | type value 8 | 9 | instance shard : table_shard(key,value) 10 | instance tab : hash_table(key,value,shard) 11 | 12 | object impl = { 13 | interpret value -> bv[4] 14 | interpret key.t -> bv[4] 15 | } 16 | 17 | export tab.set 18 | export tab.get 19 | export tab.extract_ 20 | export tab.incorporate 21 | 22 | isolate iso_tab = tab with tab,shard,key 23 | isolate iso_key = key 24 | 25 | 26 | extract iso_impl = tab,shard,key,impl 27 | 28 | trusted isolate iso_test = tab with shard,key,impl 29 | -------------------------------------------------------------------------------- /doc/examples/sht/trans_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include trans 4 | include seqnum 5 | include udp 6 | 7 | type id 8 | type req 9 | type shard 10 | type data 11 | 12 | instance seq_num : sequence_numbers 13 | 14 | instance t : sht_transport(u,req,shard,seq_num,id) 15 | 16 | instance u : udp_simple(id,t.net_msg.t) 17 | 18 | 19 | export t.send_request 20 | export t.send_delegate 21 | import t.recv_request 22 | import t.recv_delegate 23 | 24 | object impl = { 25 | interpret id -> bv[1] 26 | } 27 | 28 | extract iso_impl = t,u,seq_num,impl 29 | -------------------------------------------------------------------------------- /doc/examples/testing/Makefile: -------------------------------------------------------------------------------- 1 | %.cpp: %.ivy 2 | ivy_to_cpp target=repl isolate=iso_impl $< 3 | 4 | %: %.cpp 5 | g++ -g -o $@ $< 6 | 7 | %.test.cpp: %.ivy 8 | ivy_to_cpp target=test classname=$*.test $< 9 | 10 | %.test: %.test.cpp 11 | g++ -I $(Z3DIR)/include -L $(Z3DIR)/lib -g -o $@ $< hash.cpp -lz3 12 | 13 | 14 | .PRECIOUS: %.cpp %.test.cpp 15 | -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig1-crop-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig1-crop-1.png -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig1-crop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig1-crop.pdf -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig1.pdf -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig1.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig1.pptx -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig2-crop-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig2-crop-1.png -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig2-crop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig2-crop.pdf -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig2.pdf -------------------------------------------------------------------------------- /doc/examples/testing/leader_fig2.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/leader_fig2.pptx -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig1-crop-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig1-crop-1.png -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig1-crop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig1-crop.pdf -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig1.pdf -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig1.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig1.pptx -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig2-crop-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig2-crop-1.png -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig2-crop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig2-crop.pdf -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig2.pdf -------------------------------------------------------------------------------- /doc/examples/testing/pingpong_fig2.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/examples/testing/pingpong_fig2.pptx -------------------------------------------------------------------------------- /doc/examples/testing/seqnum.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | 5 | module sequence_numbers = { 6 | 7 | type t 8 | 9 | instance iter : order_iterator_impl(this) 10 | 11 | action next(seq:t) returns (res:t) 12 | 13 | interpret t->bv[8] 14 | implement next { 15 | res := seq + 1 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /doc/examples/testing/trivnet.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | type packet 3 | 4 | object intf = { 5 | action send(x:packet) 6 | action recv(x:packet) 7 | } 8 | 9 | 10 | object spec = { 11 | relation sent(X:packet) 12 | 13 | after init { 14 | sent(X) := false 15 | } 16 | 17 | before intf.send { 18 | sent(x) := true 19 | } 20 | 21 | before intf.recv { 22 | assert sent(x) 23 | } 24 | } 25 | 26 | 27 | object protocol = { 28 | implement intf.send { 29 | call intf.recv(x) 30 | } 31 | } 32 | 33 | import intf.recv 34 | export intf.send 35 | 36 | interpret packet -> bv[16] 37 | 38 | -------------------------------------------------------------------------------- /doc/examples/timeout_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include timeout 4 | 5 | instance foo : timeout_sec 6 | 7 | import foo.timeout 8 | 9 | -------------------------------------------------------------------------------- /doc/examples/timeout_test_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('foo.timeout') 9 | return True 10 | except pexpect.EOF: 11 | print(child.before) 12 | return False 13 | -------------------------------------------------------------------------------- /doc/examples/trivnet.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | type packet 3 | 4 | object intf = { 5 | action send(x:packet) 6 | action recv(x:packet) 7 | } 8 | 9 | 10 | specification { 11 | relation sent(X:packet) 12 | after init { 13 | sent(X) := false 14 | } 15 | 16 | before intf.send { 17 | sent(x) := true 18 | } 19 | 20 | before intf.recv { 21 | require sent(x) 22 | } 23 | } 24 | 25 | 26 | implementation { 27 | implement intf.send { 28 | call intf.recv(x) 29 | } 30 | } 31 | 32 | import intf.recv 33 | export intf.send 34 | 35 | -------------------------------------------------------------------------------- /doc/examples/udp_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type a # network addresses 4 | type p # packets 5 | 6 | include udp 7 | instance foo : udp_simple(a,p) 8 | 9 | import foo.recv 10 | export foo.send 11 | 12 | interpret a->bv[1] 13 | interpret p->bv[16] 14 | 15 | extract iso_impl = foo.impl 16 | -------------------------------------------------------------------------------- /doc/examples/udp_test2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type a # network addresses 4 | type p # packets 5 | 6 | include udp 7 | instance foo : udp_simple(a,p) 8 | 9 | import foo.recv 10 | export foo.send 11 | 12 | interpret a->bv[1] 13 | interpret p->bv[16] 14 | 15 | extract iso_impl(me:a) = foo.impl(me) 16 | -------------------------------------------------------------------------------- /doc/examples/udp_test_expect.py: -------------------------------------------------------------------------------- 1 | import pexpect 2 | import sys 3 | 4 | def run(name,opts,res): 5 | child = pexpect.spawnu('./{}'.format(name)) 6 | child.logfile = sys.stdout 7 | try: 8 | child.expect('>') 9 | child.sendline('foo.send(0,1,2)') 10 | child.expect(r'< foo.recv\(1,2\)') 11 | child.sendline('foo.send(1,0,3)') 12 | child.expect(r'foo.recv\(0,3\)') 13 | return True 14 | except pexpect.EOF: 15 | print(child.before) 16 | return False 17 | -------------------------------------------------------------------------------- /doc/images/network_stack1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/images/network_stack1.png -------------------------------------------------------------------------------- /doc/images/network_stack1.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/doc/images/network_stack1.pptx -------------------------------------------------------------------------------- /examples/examples.txt: -------------------------------------------------------------------------------- 1 | learning - proved, using updr 2 | learning with count 3 | spanning tree 4 | leader - proved, using iupdr 5 | client server 6 | chord 7 | flash 8 | hotel 9 | chain panda 10 | gc copy - proved, mainly using cti 11 | bakery 12 | -------------------------------------------------------------------------------- /examples/ivy/.gitignore: -------------------------------------------------------------------------------- 1 | # Z3 debugging file 2 | .z3-trace 3 | ironfleet_toy_lock_refined_formatter.cpp 4 | ironfleet_toy_lock_refined_formatter.h 5 | -------------------------------------------------------------------------------- /examples/ivy/array.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.3 2 | 3 | type t 4 | 5 | module array = { 6 | 7 | individual a(X:t) : t 8 | 9 | action put(addr:t,val:t) = { 10 | a(addr) := val 11 | } 12 | 13 | action get(addr:t) returns (val:t) = { 14 | val := a(addr) 15 | } 16 | 17 | } 18 | 19 | module array_spec(arr) = { 20 | 21 | relation rel(X:t,Y:t) 22 | 23 | init rel(X,Y) 24 | 25 | action put(addr:t,val:t) = { 26 | rel(addr,V) := V = val 27 | } 28 | mixin put after arr.put 29 | 30 | action get(addr:t) returns (val:t) = { 31 | assert rel(addr,val) 32 | } 33 | mixin get after arr.get 34 | 35 | conjecture rel(X,arr.a(X)) 36 | 37 | } 38 | 39 | instantiate a : array 40 | instantiate s : array_spec(a) 41 | 42 | export a.put 43 | export a.get 44 | 45 | 46 | -------------------------------------------------------------------------------- /examples/ivy/client_server.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1 2 | 3 | relation conn(X,Y) 4 | relation s(X) 5 | 6 | init (s(X) & ~conn(X,Y)) 7 | individual x,y,z 8 | 9 | action connect = { 10 | x := *; 11 | y := *; 12 | assume s(y) & ~conn(x,Z); 13 | conn(x,y) := true; 14 | s(y) := false 15 | } 16 | 17 | action disconnect = { 18 | x := *; 19 | y := *; 20 | assume conn(x,y); 21 | conn(x,y) := false; 22 | s(y) := true 23 | } 24 | 25 | action error = { 26 | x := *; 27 | y := *; 28 | z := *; 29 | assume x ~= y & conn(x,z) & conn(y,z) 30 | } 31 | 32 | concept c1(X,Y,Z) = (conn(X,Z) * ~X = Y * conn(Y,Z)) 33 | 34 | -------------------------------------------------------------------------------- /examples/ivy/client_server_fp.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.1 2 | 3 | type client 4 | type server 5 | 6 | relation c(X : client,Y : server) 7 | relation s(X : server) 8 | 9 | individual x : client,y : server,z : client 10 | 11 | action initialize = { 12 | assume s(W) & ~c(X,Y) 13 | } 14 | 15 | action connect = { 16 | x := *; 17 | y := *; 18 | assume s(y) & ~c(x,Z); 19 | c(x,y) := true; 20 | s(y) := false 21 | } 22 | 23 | action disconnect = { 24 | x := *; 25 | y := *; 26 | assume c(x,y); 27 | c(x,y) := false; 28 | s(y) := true 29 | } 30 | 31 | state reached = initialize(true) | connect(reached) | disconnect(reached) 32 | 33 | assert reached -> ~(c(X,Y) & c(Z,Y) & X ~= Z) 34 | 35 | concept c1(X,Y,Z) = (c(X,Z) * ~X = Y * c(Y,Z)) 36 | 37 | conjecture (X = Z | ~c(X,Y) | ~c(Z,Y)) 38 | -------------------------------------------------------------------------------- /examples/ivy/client_server_sorted.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1 2 | 3 | type client 4 | type server 5 | 6 | relation c(X : client,Y : server) 7 | relation s(X : server) 8 | 9 | init (s(W) & ~c(X,Y)) 10 | individual x : client,y : server,z : client 11 | 12 | derived foo(X:client,Y:server) = c(X,Y) & ~s(Y) 13 | 14 | action connect = { 15 | x := *; 16 | y := *; 17 | assume s(y) & ~c(x,Z); 18 | c(x,y) := true; 19 | s(y) := false 20 | } 21 | 22 | action disconnect = { 23 | x := *; 24 | y := *; 25 | assume c(x,y); 26 | c(x,y) := false; 27 | s(y) := true 28 | } 29 | 30 | action error = { 31 | x := *; 32 | y := *; 33 | z := *; 34 | assume x ~= z & c(x,y) & c(z,y) 35 | } 36 | 37 | # concept c1(X,Y,Z) = (c(X,Z) * ~X = Y * c(Y,Z)) 38 | 39 | conjecture (X = Z | ~c(X,Y) | ~c(Z,Y)) 40 | -------------------------------------------------------------------------------- /examples/ivy/examp1_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.3 2 | 3 | include examp1 4 | 5 | axiom ~(X:req < X) 6 | axiom X:req < Y | X = Y | Y < X 7 | axiom X:req = zero | zero < X 8 | 9 | interpret req -> bv[3] 10 | interpret resp -> {0..2} 11 | 12 | export a0.serve 13 | export a1.serve 14 | -------------------------------------------------------------------------------- /examples/ivy/indexset_test.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include indexset 4 | 5 | instance bss : unbounded_sequence 6 | instance idx : unbounded_sequence 7 | instance s : indexset(bss,idx) 8 | 9 | isolate iso = s with idx,bss 10 | -------------------------------------------------------------------------------- /examples/ivy/ironfleet_toy_lock/.gitignore: -------------------------------------------------------------------------------- 1 | test_toy_lock 2 | toy_lock.cpp 3 | toy_lock.h 4 | -------------------------------------------------------------------------------- /examples/ivy/ironfleet_toy_lock/Makefile: -------------------------------------------------------------------------------- 1 | all: test_toy_lock 2 | 3 | toy_lock.cpp: toy_lock.ivy 4 | ivy_to_cpp target=impl isolate=iso_code toy_lock.ivy 5 | 6 | test_toy_lock: toy_lock.cpp test_toy_lock.cpp 7 | g++ -g -o test_toy_lock test_toy_lock.cpp toy_lock.cpp 8 | -------------------------------------------------------------------------------- /examples/ivy/toy_lock_udp/.gitignore: -------------------------------------------------------------------------------- 1 | test_toy_lock 2 | toy_lock.cpp 3 | toy_lock.h 4 | -------------------------------------------------------------------------------- /examples/ivy/toy_lock_udp/Makefile: -------------------------------------------------------------------------------- 1 | all: test_toy_lock 2 | 3 | toy_lock.cpp: toy_lock.ivy 4 | ivy_to_cpp target=impl isolate=iso_code toy_lock.ivy 5 | 6 | test_toy_lock: toy_lock.cpp test_toy_lock.cpp 7 | g++ -g -o test_toy_lock test_toy_lock.cpp toy_lock.cpp 8 | -------------------------------------------------------------------------------- /examples/liveness/Makefile: -------------------------------------------------------------------------------- 1 | all: ticket.out ticket_nested.out alternating_bit_protocol.out hybrid_reliable_broadcast_cisa.out tlb.out 2 | 3 | %.out: %.ivy 4 | ivy_check $< > $@ 5 | 6 | clean: 7 | rm -vf *.out 8 | -------------------------------------------------------------------------------- /examples/raft/theory.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | 3 | # in a prefix order, the prefixes of any element are totally ordered 4 | 5 | module prefix_strict_order(t,r) = { 6 | axiom ~(r(X:t,Y) & r(Y,X)) 7 | axiom r(X:t,Y) & r(Y,Z) -> r(X,Z) 8 | axiom r(X:t,Z) & r(Y,Z) -> (r(X,Y) | X = Y | r(Y,X)) 9 | } 10 | 11 | module total_strict_order(t,r) = { 12 | axiom ~(r(X:t,Y) & r(Y,X)) 13 | axiom r(X:t,Y) & r(Y,Z) -> r(X,Z) 14 | axiom X:t = Y | X < Y | Y < X 15 | } 16 | 17 | module total_strict_order_with_zero(t,r,z) = { 18 | axiom ~(r(X:t,Y) & r(Y,X)) 19 | axiom r(X:t,Y) & r(Y,Z) -> r(X,Z) 20 | axiom X:t = Y | X < Y | Y < X 21 | axiom X:t = 0 | z < X 22 | } 23 | 24 | -------------------------------------------------------------------------------- /examples/sht/.gitignore: -------------------------------------------------------------------------------- 1 | *.cpp 2 | *.h 3 | test_table 4 | sht -------------------------------------------------------------------------------- /examples/sht/Makefile: -------------------------------------------------------------------------------- 1 | %.cpp: %.ivy 2 | ivy_to_cpp target=repl isolate=iso_impl $< 3 | 4 | %: %.cpp 5 | g++ -g -o $@ $< 6 | 7 | .PRECIOUS: %.cpp -------------------------------------------------------------------------------- /examples/sht/seq_num.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | 5 | module sequence_numbers = { 6 | 7 | type t 8 | instance props : totally_ordered(t) 9 | 10 | action next(seq:t) returns (res:t) 11 | 12 | object spec = { 13 | after next { 14 | assume exists X. seq < X; 15 | assert seq < res & (X < res -> X <= seq) 16 | } 17 | } 18 | 19 | object impl = { 20 | interpret t->bv[16] 21 | implement next { 22 | res := seq + 1 23 | } 24 | } 25 | 26 | isolate iso_props = props with impl 27 | } 28 | -------------------------------------------------------------------------------- /examples/sht/test_delmap.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include key 4 | include delmap 5 | 6 | type id 7 | 8 | instance dmap : delegation_map(key,id) 9 | 10 | isolate iso_dmap = dmap.impl with dmap, key 11 | 12 | export dmap.set 13 | export dmap.get 14 | 15 | interpret key.t -> bv[1] 16 | interpret id -> bv[1] 17 | 18 | extract iso_impl = dmap.impl, dmap.impl.has.impl, key.impl 19 | 20 | -------------------------------------------------------------------------------- /examples/sht/test_queue.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include queue 4 | include seq_num 5 | 6 | instance seq_num : sequence_numbers 7 | 8 | object net_msg = { 9 | type t = struct { 10 | num : seq_num.t 11 | } 12 | } 13 | 14 | instance q : message_queue(net_msg,seq_num.t) 15 | 16 | isolate iso_q = q.impl with q,net_msg,seq_num 17 | 18 | export q.enqueue 19 | export q.empty 20 | export q.pick_one 21 | export q.delete_all 22 | -------------------------------------------------------------------------------- /examples/sht/test_shard.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include shard 4 | 5 | type key 6 | type data 7 | 8 | instance foo : table_shard(key,data) 9 | 10 | -------------------------------------------------------------------------------- /examples/sht/test_table.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include shard 4 | include table 5 | 6 | object key = { 7 | type t 8 | instantiate totally_ordered(t) 9 | instance iter : order_iterator(t) 10 | } 11 | 12 | type value 13 | 14 | instance shard : table_shard(key.t,value) 15 | instance tab : hash_table(key,value,shard) 16 | 17 | object impl = { 18 | interpret key.t -> bv[2] 19 | interpret value -> bv[2] 20 | } 21 | 22 | export tab.set 23 | export tab.get 24 | export tab.extract_ 25 | export tab.incorporate 26 | 27 | isolate iso_tab = tab.impl with tab,shard,key 28 | 29 | -------------------------------------------------------------------------------- /examples/sht/test_trans.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include trans 4 | include seq_num 5 | include udp 6 | 7 | type id 8 | type req 9 | type shard 10 | type data 11 | 12 | instance seq_num : sequence_numbers 13 | 14 | instance t : net(u,req,shard,seq_num,data) 15 | 16 | instance u : udp_simple(id,t.net_msg.t) 17 | 18 | 19 | isolate iso_t = t.impl with t,u,seq_num 20 | 21 | export t.send_request 22 | export t.send_delegate 23 | import t.recv_request 24 | import t.recv_delegate 25 | -------------------------------------------------------------------------------- /examples/tilelink/tilelink_notes.txt: -------------------------------------------------------------------------------- 1 | Issues to be addressed: 2 | 3 | 1) One grant for all release beats 4 | 5 | 2) Manager-side txid's (grants contain two txid's) 6 | 7 | 3) What happens if we remove rules 8 | 9 | 4) What happens if we allow release with no priviledges? 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /examples/tilelink/unit_test/.gitignore: -------------------------------------------------------------------------------- 1 | L2BroadcastHub/* 2 | L2HellaCacheBank/* 3 | dump* 4 | *.cpp 5 | test_L2BroadcastHub 6 | test_L2HellaCacheBank 7 | tilelink_broadcast_hub.cpp 8 | tilelink_coherence_manager 9 | tilelink_coherence_manager_hella.cpp 10 | tilelink_coherence_manager_tester.cpp 11 | tilelink_coherence_manager_tester.h 12 | tilelink_l2_cache 13 | tilelink_l2_cache.cpp 14 | .z3-trace -------------------------------------------------------------------------------- /examples/tilelink/unit_test/single_client/.gitignore: -------------------------------------------------------------------------------- 1 | tilelink_two_port_tester 2 | tilelink_two_port_tester.h 3 | tilelink_two_port_tester.cpp 4 | -------------------------------------------------------------------------------- /examples/tilelink/unit_test/tilelink_broadcast_hub.cpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | #include "L2BroadcastHub.h" 4 | #include "L2BroadcastHub.prms.h" 5 | 6 | // typedef L2BroadcastHub_t L2Unit_t; 7 | 8 | #define L2Unit L2BroadcastHub 9 | 10 | #include "tilelink_coherence_manager_bcast.cpp" 11 | 12 | -------------------------------------------------------------------------------- /examples/tilelink/unit_test/tilelink_hella_cache.cpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | #include "L2HellaCacheBank.h" 4 | #include "L2HellaCacheBank.prms.h" 5 | 6 | // typedef L2HellaCacheBank_t L2Unit_t; 7 | 8 | #define L2Unit L2HellaCacheBank 9 | 10 | #define HAS_TAG_ARRAY 11 | 12 | #include "tilelink_coherence_manager_hella.cpp" 13 | 14 | -------------------------------------------------------------------------------- /examples/tilelink/unit_test/tilelink_l2_broadcast.cpp: -------------------------------------------------------------------------------- 1 | /* This file instantiates the two-port dut structure with 2 | a model of the BroadcastHub unit. 3 | 4 | */ 5 | 6 | #include "L2Unit.DefaultCPPConfig.h" 7 | 8 | #include "tilelink_coherence_manager.cpp" 9 | 10 | 11 | -------------------------------------------------------------------------------- /examples/tilelink/unit_test/tilelink_l2_cache.cpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | #include "L2Unit.DefaultL2CPPConfig.h" 4 | 5 | #include "tilelink_coherence_manager.cpp" 6 | 7 | -------------------------------------------------------------------------------- /ivy/__init__.py: -------------------------------------------------------------------------------- 1 | __path__ = [__path__[0]] + [(__path__[0] + '/' + x) for x in ['core','tkui']] 2 | 3 | # import concept 4 | -------------------------------------------------------------------------------- /ivy/general.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 3 | # 4 | """ 5 | Module with general Ivy classes 6 | """ 7 | 8 | 9 | # Exceptions 10 | 11 | class IvyError(Exception): 12 | pass 13 | -------------------------------------------------------------------------------- /ivy/include/1.5/README: -------------------------------------------------------------------------------- 1 | There are no standard library files in versions <= 1.5 2 | -------------------------------------------------------------------------------- /ivy/include/1.7/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | } 6 | 7 | module arith_int = { 8 | type this 9 | } 10 | -------------------------------------------------------------------------------- /ivy/include/1.7/ip.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # Definitions for the internet protocol 4 | 5 | # Note, "ip" here refers to IPv4. 6 | 7 | object ip = { 8 | 9 | type addr 10 | type port 11 | type protocol = {udp,tcp} 12 | 13 | object endpoint = { 14 | type this = struct { 15 | protocol : ip.protocol, 16 | addr : ip.addr, 17 | port : ip.port 18 | } 19 | } 20 | 21 | implementation { 22 | 23 | interpret addr -> bv[32] 24 | interpret port -> bv[16] 25 | 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /ivy/include/1.7/ip_packet.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | include packet_wrapper 4 | 5 | # Linux packet sockets 6 | # 7 | # - pkt : packet type ("array of integer" traits) 8 | # - ifnum : interface number type ("integer" traits) 9 | # - macaddr : mac address type ("integer" traits) 10 | # 11 | # 12 | 13 | module ip_packet_socket(pkt,ifnum,macaddr) = { 14 | 15 | action recv(v:pkt,ifidx:ifnum) 16 | action send(v:pkt,ifidx:ifnum,dst:macaddr) 17 | 18 | specification { 19 | before send { 20 | require true; 21 | } 22 | } 23 | 24 | instance impl : packet_wrapper(pkt,ifnum,macaddr) 25 | trusted isolate iso = this 26 | attribute test = impl 27 | } 28 | -------------------------------------------------------------------------------- /ivy/include/1.7/ip_raw.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | include ip_wrapper 4 | 5 | # Raw IP sockets 6 | # 7 | # - pkt : packet type (with integer array traits) 8 | # - protocol : IP protocol number 9 | # 10 | # Because of limitations on Unix raw sockets, this module can only 11 | # send and receive with a single IP protocol number. 12 | # 13 | 14 | module ip_raw_socket(pkt,protocol) = { 15 | 16 | action recv(v:pkt) 17 | action send(v:pkt) 18 | 19 | specification { 20 | before send { 21 | require true; 22 | } 23 | } 24 | 25 | instance impl : ip_wrapper(pkt,protocol) 26 | trusted isolate iso = this 27 | attribute test = impl 28 | } 29 | -------------------------------------------------------------------------------- /ivy/include/1.8/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | } 6 | 7 | module arith_int = { 8 | type this 9 | } 10 | -------------------------------------------------------------------------------- /ivy/include/1.8/ip.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | # Definitions for the internet protocol 4 | 5 | # Note, "ip" here refers to IPv4. 6 | 7 | object ip = { 8 | 9 | type addr 10 | type port 11 | type protocol = {udp,tcp} 12 | 13 | object endpoint = { 14 | type this = struct { 15 | protocol : ip.protocol, 16 | addr : ip.addr, 17 | port : ip.port 18 | } 19 | } 20 | 21 | implementation { 22 | 23 | interpret addr -> bv[32] 24 | interpret port -> bv[16] 25 | 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /ivy/include/1.8/ip_packet.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | include packet_wrapper 4 | 5 | # Linux packet sockets 6 | # 7 | # - pkt : packet type ("array of integer" traits) 8 | # - ifnum : interface number type ("integer" traits) 9 | # - macaddr : mac address type ("integer" traits) 10 | # 11 | # 12 | 13 | module ip_packet_socket(pkt,ifnum,macaddr) = { 14 | 15 | action recv(v:pkt,ifidx:ifnum) 16 | action send(v:pkt,ifidx:ifnum,dst:macaddr) 17 | 18 | specification { 19 | before send { 20 | require true; 21 | } 22 | } 23 | 24 | instance impl : packet_wrapper(pkt,ifnum,macaddr) 25 | trusted isolate iso = this 26 | attribute test = impl 27 | } 28 | -------------------------------------------------------------------------------- /ivy/include/1.8/ip_raw.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | include ip_wrapper 4 | 5 | # Raw IP sockets 6 | # 7 | # - pkt : packet type (with integer array traits) 8 | # - protocol : IP protocol number 9 | # 10 | # Because of limitations on Unix raw sockets, this module can only 11 | # send and receive with a single IP protocol number. 12 | # 13 | 14 | module ip_raw_socket(pkt,protocol) = { 15 | 16 | action recv(v:pkt) 17 | action send(v:pkt) 18 | 19 | specification { 20 | before send { 21 | require true; 22 | } 23 | } 24 | 25 | instance impl : ip_wrapper(pkt,protocol) 26 | trusted isolate iso = this 27 | attribute test = impl 28 | } 29 | -------------------------------------------------------------------------------- /ivy/ivy.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # 3 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 4 | # 5 | 6 | from .ivy_init import ivy_init 7 | from . import ivy_module 8 | from .tk_ui import ui_main_loop 9 | 10 | def main(): 11 | import signal 12 | signal.signal(signal.SIGINT,signal.SIG_DFL) 13 | with ivy_module.Module(): 14 | ui_main_loop(ivy_init()) 15 | 16 | if __name__ == "__main__": 17 | main() 18 | 19 | -------------------------------------------------------------------------------- /ivy/ivy2/ast.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include string 4 | 5 | instance pos : unbounded_sequence 6 | type char 7 | 8 | instance str : string(pos,char) 9 | 10 | type expr 11 | 12 | variant symbol of expr = struct { 13 | name : str 14 | } 15 | 16 | variant plus of expr = struct { 17 | lhs : expr, 18 | rhs : expr 19 | } 20 | 21 | action sym(name:str) returns (res:expr) = { 22 | var s:symbol; 23 | s.name := name; 24 | res := s 25 | } 26 | 27 | action add(x:expr,y:expr) returns (res:expr) = { 28 | var s:plus; 29 | s.lhs := x; 30 | s.rhs := y; 31 | res := s; 32 | } 33 | 34 | 35 | export sym 36 | export add 37 | 38 | -------------------------------------------------------------------------------- /ivy/ivy2/include/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | interpret this -> ivy.native_int[char] 6 | } 7 | 8 | module arith_int = { 9 | type this 10 | interpret this -> ivy.native_int[int] 11 | } 12 | -------------------------------------------------------------------------------- /ivy/ivy2/include/order.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module unbounded_sequence = { 4 | type this 5 | interpret this -> ivy.native_unsigned[size_t] 6 | 7 | action next(x:this) returns (y:this) = { 8 | y := x + 1; 9 | } 10 | 11 | action prev(x:this) returns (y:this) = { 12 | y := x - 1; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ivy/ivy2/include/sys.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | # This file contains modules to access system resources such as 4 | # processes and environment variables. 5 | 6 | # This module gives access to environement variable, where `str` is a 7 | # type with string traits. 8 | 9 | module environment(str) = { 10 | 11 | # The `get` action gets the value of an environment variable 12 | # `name` or returns the empty string if `name` is undefined. 13 | 14 | action get(name:str) returns (res:str) = { 15 | res := cast(ivy.getenv(cast(name))) 16 | } 17 | } 18 | 19 | module sys_argv(pos,str) = { 20 | action end returns (res:pos) = { 21 | res := cast(ivy.get_argc); 22 | } 23 | action value(idx:pos) returns (res:str) = { 24 | res := cast(ivy.get_argv(cast(idx),cast(res))); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /ivy/ivy2/ivyc_s1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include pass_typeinfer 6 | include ivy_to_cpp 7 | 8 | object ivy = { ... 9 | action show_expr(e:expr) = { 10 | call stdio.writeln(e.enc) 11 | } 12 | 13 | action testelide(inp:str) returns (res:str) = { 14 | var e := expr.dec(inp); 15 | var ty : expr; 16 | var m : symeval; 17 | m := m.set(strident.make("foo"),expr.dec("t")); 18 | var st : elidest; 19 | (e,st) := e.type_elide_int(false,m,st); 20 | res := expr.enc(e); 21 | } 22 | 23 | 24 | } 25 | 26 | parameter input_file_name : str 27 | 28 | after init { 29 | var tmp := ivy.testelide("x"); 30 | call ivy.prog.file_to_cpp(input_file_name); 31 | } 32 | 33 | -------------------------------------------------------------------------------- /ivy/ivy2/ivyc_s2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include pass_typeinfer 6 | include ivy_to_cpp 7 | 8 | instance argv : sys_argv(pos,str) 9 | 10 | object ivy { ... 11 | action show_expr(e:expr) = { 12 | call stdio.writeln(e.enc) 13 | } 14 | } 15 | 16 | init { 17 | if argv.end > 1 { 18 | ivy.prog.file_to_cpp(argv.value(1)); 19 | } else { 20 | stdio.writeln("usage: ivyc .ivy"); 21 | } 22 | } 23 | 24 | 25 | -------------------------------------------------------------------------------- /ivy/ivy2/ivyc_s3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include pass_typeinfer 6 | include ivy_to_cpp 7 | 8 | instance argv : sys_argv(pos,str) 9 | 10 | object ivy { ... 11 | action show_expr(e:expr) = { 12 | call stdio.writeln(e.enc) 13 | } 14 | } 15 | 16 | init { 17 | if argv.end > 1 { 18 | ivy.prog.file_to_cpp(argv.value(1)); 19 | } else { 20 | stdio.writeln("usage: ivyc .ivy"); 21 | } 22 | } 23 | 24 | 25 | -------------------------------------------------------------------------------- /ivy/ivy2/s1/README.md: -------------------------------------------------------------------------------- 1 | Stage 1 compiler 2 | ================ 3 | 4 | The stage 1 compiler is written in Ivy and can be compiled by Ivy 1.7, 5 | written in Python. To compile: 6 | 7 | $ ivyc target=repl ivyc_s1.ivy 8 | $ g++ -O2 -o ivyc_s1 ivyc_s1.cpp -pthread 9 | -------------------------------------------------------------------------------- /ivy/ivy2/s1/include/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | interpret this -> ivy.native_int[char] 6 | } 7 | 8 | module arith_int = { 9 | type this 10 | interpret this -> ivy.native_int[int] 11 | } 12 | -------------------------------------------------------------------------------- /ivy/ivy2/s1/include/order.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module unbounded_sequence = { 4 | type this 5 | interpret this -> ivy.native_unsigned[size_t] 6 | 7 | action next(x:this) returns (y:this) = { 8 | y := x + 1; 9 | } 10 | 11 | action prev(x:this) returns (y:this) = { 12 | y := x - 1; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ivy/ivy2/s1/ivyc_s1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include pass_typeinfer 6 | include ivy_to_cpp 7 | 8 | object ivy = { ... 9 | action show_expr(e:expr) = { 10 | call stdio.writeln(e.enc) 11 | } 12 | 13 | action testelide(inp:str) returns (res:str) = { 14 | var e := expr.dec(inp); 15 | var ty : expr; 16 | var m : symeval; 17 | m := m.set(strident.make("foo"),expr.dec("t")); 18 | var st : elidest; 19 | (e,st) := e.type_elide_int(false,m,st); 20 | res := expr.enc(e); 21 | } 22 | 23 | 24 | } 25 | 26 | parameter input_file_name : str 27 | 28 | after init { 29 | var tmp := ivy.testelide("x"); 30 | call ivy.prog.file_to_cpp(input_file_name); 31 | } 32 | 33 | -------------------------------------------------------------------------------- /ivy/ivy2/s2/README.md: -------------------------------------------------------------------------------- 1 | Stage 2 compiler 2 | ================ 3 | 4 | This is stage 2 compiler. For the moment, it is identical to the stage 5 | 1 compiler except for some small changes in the main file 6 | `ivy_s2.ivy`. In can be compiler by the stage 1 compiler like this: 7 | 8 | $ IVY_INCLUDE_PATH=../s1/include ../s1/ivyc_s1 ivyc_s2.ivy 9 | $ g++ -I../s1/include -O2 -o ivyc_s2 -std=c++17 ivyc_s2.cpp 10 | 11 | 12 | -------------------------------------------------------------------------------- /ivy/ivy2/s2/include/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | interpret this -> ivy.native_int[char] 6 | } 7 | 8 | module arith_int = { 9 | type this 10 | interpret this -> ivy.native_int[int] 11 | } 12 | -------------------------------------------------------------------------------- /ivy/ivy2/s2/include/order.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module unbounded_sequence = { 4 | type this 5 | interpret this -> ivy.native_unsigned[size_t] 6 | 7 | action next(x:this) returns (y:this) = { 8 | y := x + 1; 9 | } 10 | 11 | action prev(x:this) returns (y:this) = { 12 | y := x - 1; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ivy/ivy2/s3/README.md: -------------------------------------------------------------------------------- 1 | Stage 3 compiler 2 | ================ 3 | 4 | This is stage 3 compiler. In the stage 3 compiler, we begin to add 5 | some features that are not present in Ivy 1.7. The stage 3 compiler 6 | can be compiled by the stage 2 compiler like this: 7 | 8 | $ IVY_INCLUDE_PATH=../s2/include ../s2/ivyc_s2 ivyc_s3.ivy 9 | $ g++ -I../s1/include -O2 -o ivyc_s3 -std=c++17 ivyc_s3.cpp 10 | 11 | 12 | -------------------------------------------------------------------------------- /ivy/ivy2/s3/include/arith.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module arith_char = { 4 | type this 5 | interpret this -> ivy.native_int[char] 6 | } 7 | 8 | module arith_int = { 9 | type this 10 | interpret this -> ivy.native_int[int] 11 | } 12 | -------------------------------------------------------------------------------- /ivy/ivy2/s3/include/order.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | module unbounded_sequence = { 4 | type this 5 | interpret this -> ivy.native_unsigned[size_t] 6 | 7 | action next(x:this) returns (y:this) = { 8 | y := x + 1; 9 | } 10 | 11 | action prev(x:this) returns (y:this) = { 12 | y := x - 1; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ivy/ivy2/s3/include/std.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | include arith 4 | include order 5 | include string 6 | include collections 7 | include io 8 | 9 | instance char : arith_char 10 | instance pos : unbounded_sequence 11 | instance str : string(pos,char) 12 | instance stdio : io_stdio(str,pos,char) 13 | 14 | object dbl = { 15 | type this 16 | interpret this -> ivy.native_int[double] 17 | action sqrt(self:this) returns (res:this) = { 18 | res := cast(ivy.sqrt(cast(self))); 19 | } 20 | instantiate string.conv(str,this) 21 | } 22 | -------------------------------------------------------------------------------- /ivy/ivy2/test1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/ivy/ivy2/test1.py -------------------------------------------------------------------------------- /ivy/ivy2/test1.src: -------------------------------------------------------------------------------- 1 | # This is a test of Eval 2 | 3 | format inp = [ ~'[_a-zA-Z0-9]+' '+' ... ] 4 | 5 | format out = var sum := set() [ $ sum.add(this) $ ... ] 6 | 7 | >>> 8 | 9 | src = "test1_inp.txt" 10 | obj = "test1_out.txt" 11 | with ivywhite: 12 | with grammar: 13 | with DefaultSemantics(globals()): 14 | thing = parse_file("inp",src) 15 | pretty_to_file("out",thing,obj) 16 | -------------------------------------------------------------------------------- /ivy/ivy2/test_ivylang.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include ivylang 4 | include io 5 | 6 | instance stdio : io.stdio(str,pos,char) 7 | 8 | init { 9 | var line := stdio.read; 10 | var e : ivy.prog; 11 | e := ivy.prog.dec(line); 12 | var s : str; 13 | s := e.enc; 14 | stdio.write(s); 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /ivy/ivy2/test_lang.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include lang 4 | include io 5 | 6 | instance stdio : io.stdio(str,pos,char) 7 | 8 | init { 9 | var b := pretty.make(10,4); 10 | b := b.extend("fooooo"); 11 | b := b.extend(" "); 12 | b := b.extend("barrrr"); 13 | b := b.flush; 14 | stdio.write(b.output); 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /ivy/ivy2/test_pass_flat.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include io 6 | 7 | init { 8 | var p : ivy.prog; 9 | p := ivy.prog.read_file("test.ivy"); 10 | p := p.flat; 11 | var s : str; 12 | s := p.enc; 13 | stdio.write(s); 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /ivy/ivy2/test_pass_typeinfer.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include pass_flat 5 | include pass_typeinfer 6 | include io 7 | 8 | instance stdio : io.stdio(str,pos,char) 9 | 10 | object ivy { ... 11 | action show_expr(e:expr) = { 12 | call stdio.writeln(e.enc) 13 | } 14 | } 15 | 16 | 17 | init { 18 | var p : ivy.prog; 19 | p := ivy.prog.read_file("test.ivy"); 20 | p := p.flat; 21 | p := p.typeinfer; 22 | var s : str; 23 | s := p.enc; 24 | stdio.write(s); 25 | } 26 | 27 | 28 | -------------------------------------------------------------------------------- /ivy/ivy2/test_reader.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include reader 4 | include io 5 | 6 | instance stdio : io.stdio(str,pos,char) 7 | 8 | init { 9 | var p : ivy.prog; 10 | p := ivy.prog.read_file("test.ivy"); 11 | var s : str; 12 | s := p.enc; 13 | stdio.write(s); 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /ivy/ivy2/test_syntax.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include syntax 4 | include io 5 | 6 | instance stdio : io.stdio(str,pos,char) 7 | 8 | init { 9 | var b := pretty.make(10,4); 10 | b := b.extend("fooooo"); 11 | b := b.extend(" "); 12 | b := b.extend("barrrr"); 13 | b := b.flush; 14 | stdio.write(b.output); 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /ivy/ivy_dafny_parser.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 3 | # 4 | from .ivy_dafny_lexer import * 5 | from .ivy_dafny_grammar import * 6 | from .ivy_utils import p_error, parse_with 7 | 8 | import ply.yacc as yacc 9 | 10 | import os 11 | tabdir = os.path.dirname(os.path.abspath(__file__)) 12 | parser = yacc.yacc(start='top',tabmodule='ivy_dafny_parsetab',errorlog=yacc.NullLogger(),outputdir=tabdir) 13 | 14 | def parse(s): 15 | return parse_with(s,parser,lexer) 16 | 17 | if __name__ == "__main__": 18 | print(parser.parse('var x : y; method P(x:T) ensures x == y; {x := y;}')) 19 | -------------------------------------------------------------------------------- /ivy/ivy_shell.py: -------------------------------------------------------------------------------- 1 | import os 2 | import platform 3 | from . import ivy_to_cpp 4 | 5 | def main(): 6 | if platform.system() == 'Darwin': 7 | path = ':'.join(os.path.join(x,'lib') for x in ivy_to_cpp.get_lib_dirs()) 8 | pvar = 'DYLD_LIBRARY_PATH' 9 | if os.environ.get(pvar): 10 | path += ':' + os.environ[pvar] 11 | cmd = 'export {}={}'.format(pvar,path) 12 | print(cmd) 13 | -------------------------------------------------------------------------------- /ivy/ivy_ui_none.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 3 | # 4 | 5 | compile_kwargs = {} 6 | -------------------------------------------------------------------------------- /ivy/token_counter.py: -------------------------------------------------------------------------------- 1 | from . import ivy_lexer 2 | import sys 3 | 4 | f = open(sys.argv[1],'r') 5 | ivy_lexer.lexer.input(f.read()) 6 | 7 | count = 0 8 | 9 | while True: 10 | tok = ivy_lexer.lexer.token() 11 | if not tok: 12 | break # No more input 13 | count += 1 14 | 15 | print(count) 16 | 17 | -------------------------------------------------------------------------------- /ivy/utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kenmcmil/ivy/dbe45e7fc5769170b92492b70827d1cf7efb7972/ivy/utils/__init__.py -------------------------------------------------------------------------------- /ivy/widget_modal_messages.py: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 3 | # 4 | """ 5 | Widget for displaying a modal dialog of messages. 6 | 7 | Multiple messages may be grouped into the same dialog. 8 | """ 9 | 10 | from IPython.html import widgets 11 | from IPython.utils.traitlets import Unicode 12 | 13 | class ModalMessagesWidget(widgets.Widget): 14 | _view_module = Unicode('nbextensions/ivy/js/widget_modal_messages', sync=True) 15 | _view_name = Unicode('ModalMessagesView', sync=True) 16 | 17 | def new_message(self, title, body): 18 | """ 19 | Send a new message, title and body are strings 20 | """ 21 | self.send({ 22 | "method": "new_message", 23 | "title": title, 24 | "body": body, 25 | }) 26 | -------------------------------------------------------------------------------- /notebooks/clear_outputs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 4 | 5 | # Clear all outputs from all notebooks 6 | 7 | ipython nbconvert --to notebook --ClearOutputPreprocessor.enabled=True --inplace *.ipynb 8 | -------------------------------------------------------------------------------- /notebooks/start_notebook_server: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 4 | 5 | # Set PYTHONPATH and start IPython notebook server 6 | 7 | # Use start_notebook_server --no-browser to not open the default browser 8 | 9 | env PYTHONPATH=`pwd`/../ivy:`pwd`/../src/ivy:$PYTHONPATH ipython notebook "$@" 10 | -------------------------------------------------------------------------------- /scripts/setup/submodules.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 5 | # 6 | 7 | # submodule setup script 8 | 9 | # show what's happening. 10 | set -x 11 | # exit on any unobserved failure. 12 | set -e 13 | 14 | gitroot=$(git rev-parse --show-toplevel) 15 | 16 | git submodule init 17 | git submodule update 18 | 19 | # this shouldn't do anything if we're using vagrant (see `/scripts/setup/vagrant.sh`). 20 | if [ "x$1" == "x--vagrant" ]; then 21 | git submodule foreach '$SHELL ../../scripts/setup/git.sh' 22 | fi 23 | 24 | $SHELL $gitroot/scripts/setup/z3.sh build 25 | -------------------------------------------------------------------------------- /scripts/setup/userland.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 5 | # 6 | 7 | # userland setup script 8 | 9 | # show what's happening. 10 | set -x 11 | # exit on any unobserved failure. 12 | set -e 13 | 14 | gitroot=$(git rev-parse --show-toplevel) 15 | 16 | $SHELL $gitroot/scripts/setup/python.sh 17 | 18 | if [ "x$1" = "x--vagrant" ] && ! grep -q 'cd /vagrant' $HOME/.profile; then 19 | echo 'cd /vagrant' >> $HOME/.profile 20 | echo 'eval "export PATH=$HOME/.local/bin:$PATH"' >> $HOME/.profile 21 | echo 'eval "$(sh /vagrant/scripts/setup/z3.sh env)"' >> $HOME/.profile 22 | fi 23 | -------------------------------------------------------------------------------- /scripts/setup/vagrant.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Copyright (c) Microsoft Corporation. All Rights Reserved. 5 | # 6 | 7 | # vagrant bootstrap script 8 | 9 | # show what's happening. 10 | set -x 11 | # exit on any unobserved failure. 12 | set -e 13 | 14 | # this solves a problem with upgrading the `grub-pc` package. see 15 | # https://github.com/mitchellh/vagrant/issues/289 16 | (echo "set grub-pc/install_devices /dev/sda" | debconf-communicate) || true > /dev/null 17 | 18 | cd /vagrant 19 | 20 | $SHELL ./scripts/setup/debian.sh 21 | sudo -H -u vagrant -- $SHELL ./scripts/setup/userland.sh --vagrant 22 | sudo -H -u vagrant -- $SHELL ./scripts/setup/submodules.sh --vagrant 23 | -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | *.cpp 2 | *.h 3 | arraygen 4 | genstruct 5 | strlit1 6 | -------------------------------------------------------------------------------- /test/Makefile: -------------------------------------------------------------------------------- 1 | %.cpp: %.ivy 2 | ivy_to_cpp target=repl isolate=iso_impl $< 3 | 4 | %: %.cpp 5 | g++ -g -o $@ $< 6 | 7 | %.test.cpp: %.ivy 8 | ivy_to_cpp target=test classname=$*.test $< 9 | 10 | %.test: %.test.cpp 11 | g++ -I $(Z3DIR)/include -L $(Z3DIR)/lib -g -o $@ $< hash.cpp -lz3 12 | 13 | 14 | .PRECIOUS: %.cpp %.test.cpp 15 | -------------------------------------------------------------------------------- /test/action1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | isolate foo = { 4 | } 5 | 6 | isolate bar = { 7 | action a 8 | invariant true 9 | } 10 | 11 | export bar.a 12 | -------------------------------------------------------------------------------- /test/annot1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object t = { 4 | type this 5 | action a(x:this) 6 | } 7 | 8 | object q = { 9 | variant this of t = struct { 10 | b : bool 11 | } 12 | action a(x:this) = { 13 | } 14 | } 15 | 16 | 17 | 18 | action a(x:t) = { 19 | assume true; 20 | call x.a; 21 | assert false 22 | } 23 | 24 | export a 25 | -------------------------------------------------------------------------------- /test/around1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | isolate foo = { 4 | 5 | action a(x:bool) returns (y:bool) 6 | 7 | specification { 8 | around a { 9 | require x; 10 | ... 11 | ensure y 12 | } 13 | } 14 | 15 | implementation { 16 | implement a { 17 | y := x 18 | } 19 | } 20 | } 21 | 22 | export foo.a 23 | -------------------------------------------------------------------------------- /test/array1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include collections 4 | 5 | type t 6 | interpret t -> bv[8] 7 | 8 | instance arr : array(t,t) 9 | 10 | var x : arr 11 | 12 | export action a(y:t) = { 13 | x := x.append(y); 14 | } 15 | -------------------------------------------------------------------------------- /test/array2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include collections 4 | 5 | type idx 6 | type val 7 | 8 | interpret idx -> int 9 | 10 | instance arr : array(idx,val) 11 | 12 | action foo(x:arr) = { 13 | var i : idx; 14 | var z := x.value(i) 15 | } 16 | -------------------------------------------------------------------------------- /test/array_inplace.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | object me = { 6 | type idx 7 | type val 8 | 9 | instance arr : array(idx,val) 10 | 11 | var a : arr.t 12 | 13 | action foo(a:arr.t,b:arr.t) returns (a:arr.t) = { 14 | b := a; 15 | a := b 16 | } 17 | 18 | action add(i:idx,v:val) = { 19 | var b : arr.t; 20 | b := arr.append(a,arr.get(a,i)); 21 | a := foo(a,a) 22 | } 23 | 24 | 25 | 26 | interpret idx -> int 27 | interpret val -> int 28 | } 29 | 30 | export me.add 31 | 32 | trusted isolate iso = me 33 | 34 | -------------------------------------------------------------------------------- /test/arraygen.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | include collections 5 | 6 | type domain 7 | type range 8 | 9 | instance arr : array(domain,range) 10 | 11 | action a(inp:arr.t) = { 12 | 13 | } 14 | 15 | interpret domain -> bv[4] 16 | interpret range -> bv[4] 17 | 18 | export a 19 | 20 | -------------------------------------------------------------------------------- /test/asgeir2.ivy: -------------------------------------------------------------------------------- 1 | action step(ph:dram_ph_type,a:addr_type.t,t:lclock.t) = { 2 | 3 | 4 | var blk_older_wr_same_a : bool; 5 | 6 | 7 | var p : proc.t; 8 | 9 | var src : bool; 10 | 11 | 12 | var tt : lclock.t; 13 | 14 | 15 | tt := t; 16 | 17 | 18 | if ph=dram_rd0_ph & rd0(a).cmd = read { 19 | 20 | p := rd0(a).p; 21 | 22 | 23 | if ~rd0(a).src { 24 | 25 | blk_older_wr_same_a := 26 | exists T1,T2. ep(p).isd_wr0(a,T1) & ep(p).isd_rd0(a,T2) & T1 < T2; 27 | 28 | 29 | 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /test/asgn_call1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | object obj = { 4 | 5 | type q 6 | 7 | type t = struct { 8 | a : q 9 | } 10 | 11 | var x :t 12 | 13 | function fun(X:t) = X 14 | 15 | action foo(x:t) returns(x:t) = { 16 | x := x 17 | } 18 | 19 | action bar = { 20 | x := x.foo; 21 | x := fun(x) 22 | 23 | } 24 | 25 | } 26 | -------------------------------------------------------------------------------- /test/assertpf1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var x:t 6 | var y:t 7 | 8 | action a = { 9 | 10 | assert x = y -> x = y proof let X = x; 11 | assert x = y -> x = y proof let X = x; 12 | 13 | } 14 | 15 | export a 16 | -------------------------------------------------------------------------------- /test/assertpf2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | relation p 4 | 5 | action a = { 6 | 7 | assert p -> p 8 | } 9 | 10 | export a 11 | -------------------------------------------------------------------------------- /test/assertpf3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | 6 | relation r(X:t,Y:t) 7 | 8 | definition r(X,Y) = (X = Y) 9 | theorem [foo] {property exists Y. r(X,Y)} 10 | 11 | 12 | action a(x:t) = { 13 | var y : t; 14 | assert exists Z. r(y,Z) proof assume foo with X=y 15 | 16 | } 17 | 18 | export a 19 | -------------------------------------------------------------------------------- /test/assumetactic1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | relation p(X:t) 5 | 6 | schema foo = { 7 | function v : t 8 | property p(v) 9 | } 10 | 11 | var w : t 12 | 13 | property [thing] p(w) 14 | proof 15 | assume foo with v = w 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /test/auto1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | include collections 5 | 6 | 7 | # autoinstance myarr[x][y] : array(x,y) 8 | 9 | instance idx : unbounded_sequence 10 | 11 | type t 12 | 13 | var p : array[idx][t] 14 | 15 | action get(i:idx) returns(v: t) = { 16 | v := p.value(i) 17 | } 18 | 19 | object thing = { 20 | 21 | type bargl 22 | 23 | type foo = struct { 24 | bar : vector[bargl] 25 | } 26 | 27 | var q : foo 28 | 29 | action qget(i:vector[bargl].domain) returns(v: bargl) = { 30 | v := q.bar.value(i) 31 | } 32 | 33 | } 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /test/badmethodcall.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | object obj = { 3 | type t 4 | action act(a:t) returns (b:t) = { 5 | 6 | } 7 | } 8 | 9 | action caller(a:obj.t) = { 10 | var x:obj.t; 11 | call x := a.act.act 12 | } 13 | 14 | type r 15 | 16 | action foo returns (x:r,y:r) = { 17 | 18 | } 19 | 20 | action bar = { 21 | var s:r; 22 | var q:r; 23 | (s,q) := foo 24 | } 25 | 26 | -------------------------------------------------------------------------------- /test/badrecursion1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | function f(X:t) = f(X-1) + X 6 | -------------------------------------------------------------------------------- /test/badwith1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | isolate foo = { 4 | } with xxx 5 | -------------------------------------------------------------------------------- /test/before1.py: -------------------------------------------------------------------------------- 1 | 2 | from ivy import ivy_module as im 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy.tk_ui import new_ui 5 | from ivy import ivy_utils as iu 6 | from ivy import ivy_check as ick 7 | prog = """#lang ivy1.5 8 | 9 | type foo 10 | type bar 11 | 12 | individual x : foo 13 | # individual y : foo 14 | 15 | action a(z:foo,y:foo) = { 16 | x := y 17 | } 18 | 19 | object m(me:foo) = { 20 | after a { 21 | assert x = y | x = me 22 | } 23 | } 24 | 25 | 26 | export a 27 | """ 28 | 29 | with im.Module(): 30 | iu.set_parameters({'mode':'induction','show_compiled':'true'}) 31 | ivy_from_string(prog,create_isolate=False) 32 | ick.check_module() 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /test/big.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | interpret t -> bv[16] 6 | 7 | relation r(X:t) 8 | 9 | action a = { 10 | r(X) := false 11 | } 12 | 13 | action b(x:t) = { 14 | r(x) := true 15 | } 16 | 17 | action c(x:t) returns (y:bool) = { 18 | y := r(x) 19 | } 20 | -------------------------------------------------------------------------------- /test/callback.ivy: -------------------------------------------------------------------------------- 1 | 2 | isolate1: 3 | 4 | var x : t 5 | 6 | action foo = { 7 | ... 8 | call bar 9 | invariant ... 10 | 11 | if (x = ...) .... 12 | ... 13 | } 14 | 15 | action baz = { 16 | x := ... 17 | } 18 | 19 | isolate2: 20 | 21 | action bar = { 22 | 23 | ... 24 | call baz 25 | ... 26 | -------------------------------------------------------------------------------- /test/capture1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | schema foo = { 6 | function q : t 7 | { 8 | function x : t 9 | property x = q 10 | } 11 | property Y:t = Z 12 | } 13 | 14 | var x : t 15 | var y : t 16 | 17 | property x = y 18 | proof 19 | apply foo with q = x; 20 | showgoals 21 | -------------------------------------------------------------------------------- /test/capture2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | schema foo = { 6 | property X:t = X 7 | { 8 | function x : t 9 | property x = X 10 | } 11 | property Y:t = Z 12 | } 13 | 14 | var x : t 15 | var y : t 16 | 17 | property x = y 18 | proof 19 | apply foo with X = x; 20 | showgoals 21 | -------------------------------------------------------------------------------- /test/capture3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var x : t 5 | 6 | schema bar = { 7 | type t 8 | function y : t 9 | property x = y 10 | } 11 | 12 | var z : t 13 | 14 | property x = z 15 | proof 16 | apply bar; 17 | showgoals 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /test/capture4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var x : t 5 | 6 | schema bar = { 7 | type t 8 | function y : t 9 | { 10 | function x : t 11 | property x = y 12 | } 13 | property y = y 14 | } 15 | 16 | var z : t 17 | 18 | property x = z 19 | proof 20 | apply bar; 21 | showgoals 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /test/capture5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | relation p(X:t) 5 | 6 | axiom [foo] { 7 | individual x:t 8 | individual y:t 9 | property p(x) 10 | property p(y) 11 | } 12 | 13 | theorem [bar] { 14 | individual x:t 15 | individual y:t 16 | property p(y) 17 | property p(x) 18 | } 19 | proof 20 | apply foo with y = x, x = y; 21 | showgoals 22 | 23 | -------------------------------------------------------------------------------- /test/check1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.5 2 | 3 | type foo 4 | type bar 5 | 6 | module mod(me) = { 7 | relation r 8 | individual x:foo 9 | init x = me 10 | 11 | action thing(y:foo) = { 12 | x := me 13 | } 14 | 15 | action set_me(y:foo) = { 16 | x := y; 17 | r := true 18 | } 19 | 20 | conjecture r -> x = me 21 | } 22 | 23 | instance inst(X:foo) : mod(X) 24 | 25 | isolate iso(me:foo) = inst(me) 26 | 27 | export inst.set_me 28 | -------------------------------------------------------------------------------- /test/circdef1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | individual x : t 5 | individual y : t 6 | 7 | definition x = y 8 | definition y = x 9 | -------------------------------------------------------------------------------- /test/client_server_mc_finite1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type client 4 | type server 5 | 6 | relation link(X:client, Y:server) 7 | relation semaphore(X:server) 8 | 9 | after init { 10 | semaphore(W) := true; 11 | link(X,Y) := false 12 | } 13 | 14 | action connect(x:client,y:server) = { 15 | assume semaphore(y); 16 | link(x,y) := true; 17 | semaphore(y) := false 18 | } 19 | 20 | action disconnect(x:client,y:server) = { 21 | assume link(x,y); 22 | link(x,y) := false; 23 | semaphore(y) := true 24 | } 25 | 26 | 27 | invariant [safety] ~(X ~= Z & link(X,Y) & link(Z,Y)) 28 | 29 | interpret client -> {0..5} 30 | interpret server -> bv[1] 31 | 32 | attribute method = mc 33 | 34 | 35 | export connect 36 | export disconnect 37 | -------------------------------------------------------------------------------- /test/comp_liveness1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | type u 5 | 6 | schema admit = { 7 | relation p 8 | property p 9 | } 10 | 11 | var x : bool 12 | var y : bool 13 | 14 | var q : t 15 | var r : u 16 | 17 | temporal property [p1] globally ~x 18 | proof { 19 | showgoals 20 | tactic l2s_full 21 | showgoals 22 | tactic mc 23 | } 24 | 25 | action a = { 26 | y := x; 27 | } 28 | 29 | after init { 30 | x := false; 31 | y := false; 32 | q := 0; 33 | r := 0; 34 | } 35 | 36 | export a 37 | 38 | temporal property [p2] globally ~y 39 | proof { 40 | # assume p1 41 | showgoals 42 | tactic l2s with 43 | invariant ~y & ~ (globally ~y) & ~($happened$ y) & (globally ~x) 44 | showgoals 45 | } 46 | 47 | 48 | -------------------------------------------------------------------------------- /test/conjpf1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | isolate foo = { 4 | relation p 5 | action act 6 | 7 | specification { 8 | explicit invariant [inv1] p 9 | 10 | after init { 11 | p := true; 12 | } 13 | 14 | implement act { 15 | p := true; 16 | } 17 | } 18 | } 19 | 20 | 21 | isolate bar = { 22 | relation p 23 | 24 | after init { 25 | p := true; 26 | } 27 | 28 | action act = { 29 | p := foo.p; 30 | } 31 | 32 | invariant [inv1] p 33 | proof { 34 | assume foo.inv1 35 | } 36 | 37 | } with foo 38 | 39 | export bar.act 40 | export foo.act 41 | 42 | 43 | -------------------------------------------------------------------------------- /test/constructor.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | type r = struct { 5 | f : t 6 | } 7 | 8 | var q : t 9 | 10 | schema thing = { 11 | property exists Y. f(Y) = X 12 | } 13 | 14 | property exists R. f(R) = q named foo 15 | proof { 16 | apply constructor[r] 17 | } 18 | 19 | property f(foo) = q 20 | 21 | -------------------------------------------------------------------------------- /test/cont1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | module mod = { 4 | object obj = { 5 | type foo 6 | } 7 | } 8 | 9 | instantiate mod 10 | 11 | object obj = { ... 12 | var x : foo 13 | } 14 | 15 | action bar = { 16 | obj.x := obj.x; 17 | } 18 | 19 | export bar 20 | -------------------------------------------------------------------------------- /test/cont2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include cont2a 4 | include cont2a 5 | include cont2b 6 | 7 | export foo.obj.bar 8 | -------------------------------------------------------------------------------- /test/cont2a.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object foo = { 4 | object obj = { 5 | type foo 6 | } 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/cont2b.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object foo = { ... 4 | action bar = {} 5 | } 6 | 7 | object foo = { ... 8 | object obj = { ... 9 | var x : foo 10 | action bar = {} 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /test/crash1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var p(X:t) : bool 6 | 7 | after init { 8 | p(X) := true 9 | } 10 | 11 | action crash(self:t) = * 12 | 13 | after crash { 14 | p(self) := true 15 | } 16 | 17 | invariant p(X) 18 | 19 | export crash 20 | 21 | -------------------------------------------------------------------------------- /test/cut1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var a : bool 4 | var b : bool 5 | var c : bool 6 | 7 | axiom a 8 | axiom [foo] a -> b 9 | axiom [bar] b -> c 10 | 11 | property c proof { 12 | property [baz] b; 13 | showgoals; 14 | assume bar 15 | } 16 | -------------------------------------------------------------------------------- /test/cut2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | relation p(X:t) 5 | 6 | var a : t 7 | var b : bool 8 | var c : bool 9 | 10 | axiom p(a) 11 | axiom forall X. p(X) -> c 12 | 13 | property c proof { 14 | property [baz] exists X. p(X) named y; 15 | showgoals 16 | } 17 | -------------------------------------------------------------------------------- /test/cut3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | relation p(X:t) 5 | relation q(X:t) 6 | 7 | var a : t 8 | var b : bool 9 | var c : bool 10 | 11 | axiom p(a) 12 | 13 | relation r(X:t,Y:t) 14 | schema foo = { 15 | property exists Y. r(X,Y) 16 | } 17 | 18 | axiom p(X) & r(X,Y) -> q(X) 19 | 20 | 21 | property exists Z. q(Z) 22 | proof { 23 | property [baz] exists X. p(X) named y; 24 | showgoals; 25 | instantiate foo with X = y; 26 | showgoals 27 | } 28 | -------------------------------------------------------------------------------- /test/decreases1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | interpret t -> int 6 | 7 | var n : t 8 | 9 | action a = { 10 | var i : t := 0; 11 | while i < n 12 | decreases n - i 13 | { 14 | i := i - 1; 15 | } 16 | } 17 | 18 | export a 19 | -------------------------------------------------------------------------------- /test/decreases2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object foo = { 4 | 5 | type t 6 | 7 | interpret t -> int 8 | 9 | var n : t 10 | 11 | action a = { 12 | var i : t := 0; 13 | while i < n 14 | decreases n - i 15 | { 16 | i := i + 1; 17 | } 18 | } 19 | 20 | } 21 | 22 | object bar = { 23 | action b = { 24 | call foo.a 25 | } 26 | } 27 | 28 | export bar.b 29 | 30 | isolate iso_bar = bar 31 | isolate iso_foo = foo 32 | -------------------------------------------------------------------------------- /test/ded2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | axiom [elimAndR] { 4 | function p : bool 5 | function q : bool 6 | property p & q 7 | #---------------------- 8 | property q 9 | } 10 | 11 | 12 | theorem [test_elimAndR] { 13 | relation p 14 | relation q 15 | relation r 16 | property ((p & q) & r) 17 | property r 18 | } 19 | proof 20 | apply elimAndR with p = p & q 21 | -------------------------------------------------------------------------------- /test/ded3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | theorem [thm14] { 6 | type t 7 | function p(X:t) : bool 8 | property forall X. p(X) 9 | property exists X. p(X) 10 | } 11 | proof { 12 | apply introE; 13 | apply elimA with X = witness; 14 | showgoals 15 | } 16 | -------------------------------------------------------------------------------- /test/ded4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | axiom [ax1] { 4 | relation p 5 | relation q 6 | property q 7 | property q 8 | } 9 | 10 | relation p 11 | axiom p 12 | property p 13 | proof 14 | apply ax1 with q = p; 15 | showgoals 16 | 17 | -------------------------------------------------------------------------------- /test/ded5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | theorem [nonce] { 6 | type t 7 | individual x : t 8 | relation p 9 | property [triv] p 10 | property p 11 | } 12 | proof 13 | apply triv 14 | 15 | theorem [andA2] { 16 | type t 17 | function p(X:t) : bool 18 | function q : bool 19 | property forall X. p(X) & q 20 | property (forall X. p(X)) & q 21 | } 22 | proof 23 | apply introAnd; 24 | apply introA; 25 | apply elimAndL with q = q; 26 | apply elimA with X=x; 27 | apply nonce; 28 | apply elimAndR with p = p(x); 29 | apply elimA with X=x 30 | 31 | 32 | theorem [thing] { 33 | type u 34 | 35 | -------------------------------------------------------------------------------- /test/ded6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | theorem [nonce] { 6 | type t 7 | individual x : t 8 | relation p 9 | property [triv] p 10 | property p 11 | } 12 | proof 13 | apply triv 14 | 15 | theorem [andA2] { 16 | type u 17 | function p(X:u) : bool 18 | function q : bool 19 | property forall X. p(X) & q 20 | property (forall X. p(X)) & q 21 | } 22 | proof 23 | apply introAnd; 24 | apply introA; 25 | apply elimAndL with q = q; 26 | apply elimA with X=x; 27 | showgoals; 28 | apply nonce; 29 | apply elimAndR with p = p(x); 30 | apply elimA with X=x 31 | 32 | -------------------------------------------------------------------------------- /test/ded7.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | theorem [commE] { 6 | type t 7 | type u 8 | function p(X:t,Y:u) : bool 9 | property exists X. exists Y. p(X,Y) 10 | property exists Y. exists X. p(X,Y) 11 | } 12 | proof 13 | apply elimE with p(X) = exists Y. p(X,Y); 14 | apply elimE with p(X) = p(x,X); 15 | apply introE with witness = y; 16 | apply introE with witness = x; 17 | showgoals 18 | -------------------------------------------------------------------------------- /test/ded8.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | theorem [leibniz] { 6 | type t 7 | individual x : t 8 | individual y : t 9 | property [my_prem] { 10 | relation q(X:t) 11 | property q(x) -> q(y) 12 | } 13 | property x = y 14 | } 15 | proof 16 | apply introEq; 17 | apply elimImp with p = p(x); 18 | apply my_prem; 19 | showgoals 20 | -------------------------------------------------------------------------------- /test/defcond1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation foo(X:t) 6 | relation m(X:t) 7 | 8 | definition foo(X) = m(X) 9 | 10 | action a(c:bool,x:t) = { 11 | if c { 12 | m(x) := true 13 | }; 14 | if c { 15 | m(x) := true 16 | }; 17 | } 18 | 19 | invariant foo(X) 20 | 21 | export a 22 | 23 | 24 | -------------------------------------------------------------------------------- /test/derived1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | derived ident(X:t) = some Y. X = Y 6 | 7 | property ident(Z) = Z 8 | -------------------------------------------------------------------------------- /test/derived2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | function ident(X:t):t 6 | 7 | definition ident(X) = some Y. X = Y 8 | 9 | property ident(Z) = Z 10 | -------------------------------------------------------------------------------- /test/derived3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | type q 5 | type u 6 | 7 | function ident(U:u,X:t):q 8 | relation r(U:u,X:t,Y:q) 9 | 10 | definition ident(U:u,x:t) = some Y. r(U,x,Y) in Y else 0 11 | 12 | action a = { 13 | assert r(U,X,ident(U,X)) | ident(U,X) = 0 14 | } 15 | 16 | conjecture r(U,X,ident(U,X)) | ident(U,X) = 0 17 | 18 | property r(U,X,ident(U,X)) | ident(U,X) = 0 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /test/derpar1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | 4 | type t 5 | 6 | var q : t 7 | relation z(T:t) 8 | 9 | type s = struct { 10 | f1 : bool, 11 | f2 : bool 12 | } 13 | 14 | action foo(x:bool, y:s) 15 | 16 | function inv(X:bool) : bool 17 | definition inv(X) = ~X 18 | 19 | before foo { 20 | # z(q) := ~z(q); 21 | var yy := y; 22 | require yy.f1 = (inv(y.f2) & z(q)); 23 | } 24 | 25 | interpret t -> bv[1] 26 | 27 | action foo1(x:bool, y:s) = { 28 | call foo(x,y) 29 | } 30 | 31 | export foo1 32 | -------------------------------------------------------------------------------- /test/detect_transitive.py: -------------------------------------------------------------------------------- 1 | 2 | import ivy.ivy_module as ivy_module 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy.tk_ui import new_ui 5 | import ivy.ivy_utils as iu 6 | 7 | prog = """#lang ivy1.3 8 | 9 | type t 10 | 11 | relation le(X : t, Y : t) 12 | 13 | axiom le(X,Y) & le(Y,Z) -> le(X,Z) 14 | axiom le(X,X) 15 | 16 | """ 17 | 18 | with ivy_module.Module(): 19 | iu.set_parameters({'ui':'cti','ext':'ext'}) 20 | main_ui = new_ui() 21 | ui = main_ui.add(ivy_from_string(prog)) 22 | # ui.mainloop() 23 | 24 | 25 | -------------------------------------------------------------------------------- /test/enum1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.3 2 | 3 | type t 4 | type color = {red,green,blue} 5 | 6 | individual c(X:t):color 7 | relation p(X:t) 8 | 9 | init p(X) -> c(X) = green 10 | -------------------------------------------------------------------------------- /test/enum1.py: -------------------------------------------------------------------------------- 1 | 2 | import ivy.ivy_module as ivy_module 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy.tk_ui import new_ui 5 | import ivy.ivy_utils as iu 6 | 7 | prog = """#lang ivy1.3 8 | 9 | type t 10 | type color = {red,green,blue} 11 | 12 | individual c(X:t):color 13 | relation p(X:t) 14 | 15 | init p(X) -> c(X) = green 16 | 17 | """ 18 | 19 | with ivy_module.Module(): 20 | main_ui = new_ui() 21 | ui = main_ui.add(ivy_from_string(prog)) 22 | cg = ui.view_state(ui.g.states[0]) 23 | t = cg.node('t') 24 | s = cg.relation('c') 25 | cg.split(s,t) 26 | g = cg.node('c=green') 27 | p = cg.relation('p') 28 | cg.split(p,g) 29 | # ui.mainloop() 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/errflag1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | var q : bool 5 | 6 | export action act = { 7 | p := true; 8 | while q 9 | invariant p 10 | invariant p 11 | invariant p 12 | invariant p 13 | invariant p 14 | invariant p 15 | invariant p 16 | invariant p 17 | { 18 | assert p; 19 | p := p; 20 | q := * 21 | }; 22 | assert ~q 23 | } 24 | -------------------------------------------------------------------------------- /test/ext1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | include collections 5 | 6 | type t 7 | instance idx : unbounded_sequence 8 | instance arr : array(idx,t) 9 | 10 | var x : arr 11 | var y : arr 12 | 13 | axiom x.end = y.end & forall I. 0 <= I & I < x.end -> x.value(I) = y.value(I) 14 | 15 | property x = y 16 | proof assume arr.spec.extensionality with X = x, Y = y 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /test/ext_precond.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | object foo = { 6 | action a(v:t) = { 7 | assert v = 0 8 | } 9 | } 10 | 11 | object bar = { 12 | action a = { 13 | call foo.a(0) 14 | } 15 | } 16 | 17 | isolate iso_foo = foo 18 | 19 | interpret t -> int 20 | -------------------------------------------------------------------------------- /test/failpass.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | action a = { 4 | assert false 5 | } 6 | 7 | action b = { 8 | } 9 | 10 | export a 11 | 12 | -------------------------------------------------------------------------------- /test/field1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t = struct { 4 | foo : bool 5 | } 6 | 7 | individual bar : t 8 | 9 | action a = { 10 | assert bar.foo 11 | } 12 | 13 | type q 14 | 15 | object baz = { 16 | type t = struct { 17 | foo(X:q) : bool 18 | } 19 | action blarg(inp:t) returns (out:t) = { 20 | out := inp 21 | } 22 | } 23 | 24 | individual bif(Y:q) : baz.t 25 | 26 | action b(y:q,z:q) = { 27 | assert bif(z).foo(y); 28 | assert bif(z).blarg.foo(y) 29 | } 30 | 31 | interpret q -> bv[1] 32 | 33 | -------------------------------------------------------------------------------- /test/finite_mc1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | 7 | after init { 8 | p(X) := true 9 | } 10 | 11 | invariant p(X) 12 | 13 | interpret t -> bv[1] 14 | 15 | attribute method = mc 16 | -------------------------------------------------------------------------------- /test/frag1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | 16 | axiom foo(g(Y)) 17 | 18 | # result: OK 19 | -------------------------------------------------------------------------------- /test/frag10.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom g(X) = Y if q else Z 22 | 23 | # result: An interpreted symbol is applied to a universally quantified variable 24 | -------------------------------------------------------------------------------- /test/frag11.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | 22 | object test1 = { 23 | function f(X:t) : t 24 | function g(X:t,Y:t) : t 25 | function h(X:t) : t 26 | var a : t 27 | var b : t 28 | axiom g(X1, X2) = 0 | h(X2) = 0 29 | axiom g(f(X1), b) + 1 <= f(X1) 30 | axiom h(b) = 1 31 | axiom f(a) = 0 32 | } 33 | 34 | # result: OK 35 | -------------------------------------------------------------------------------- /test/frag12.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom X <= p 22 | 23 | # result: OK 24 | -------------------------------------------------------------------------------- /test/frag13.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom X:t < Y 22 | 23 | # result: OK 24 | -------------------------------------------------------------------------------- /test/frag14.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom X:t <= Y 22 | 23 | # result: An interpreted symbol is applied to a universally quantified variable 24 | -------------------------------------------------------------------------------- /test/frag15.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom X <= h(Y) 22 | 23 | # result: An interpreted symbol is applied to a universally quantified variable 24 | -------------------------------------------------------------------------------- /test/frag16.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | object test2 = { 22 | relation r(X:t) 23 | definition r(X) = (X <= p) 24 | axiom r(Y) 25 | } 26 | 27 | # result: OK 28 | -------------------------------------------------------------------------------- /test/frag17.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | object test3 = { 22 | relation r(X:t) 23 | definition r(X) = (X <= p) 24 | axiom r(p) 25 | } 26 | 27 | # result: OK 28 | 29 | -------------------------------------------------------------------------------- /test/frag18.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | 22 | object test4 = { 23 | function f(X:t) : t 24 | definition f(X) = X 25 | axiom f(Y) <= (p) 26 | } 27 | 28 | # result: OK 29 | -------------------------------------------------------------------------------- /test/frag19.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | object test5 = { 22 | function f(X:t) : t 23 | definition f(X) = g(X) 24 | axiom f(Y) <= (p) 25 | } 26 | 27 | # result: OK 28 | -------------------------------------------------------------------------------- /test/frag2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | axiom foo(Y) 16 | 17 | # result: An interpreted symbol is applied to a universally quantified variable 18 | -------------------------------------------------------------------------------- /test/frag3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | axiom bar(g(Y)) 20 | 21 | # result: OK 22 | -------------------------------------------------------------------------------- /test/frag4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | axiom bar(Y) 20 | 21 | # result: An interpreted symbol is applied to a universally quantified variable 22 | -------------------------------------------------------------------------------- /test/frag5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom g(X) = f(X) if q else g(X) 22 | 23 | # result: OK 24 | -------------------------------------------------------------------------------- /test/frag6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | function ite(X:t) : t 22 | axiom q -> ite(X) = f(X) 23 | axiom ~q -> ite(X) = g(X) 24 | axiom g(X) = ite(X) 25 | 26 | # result: OK 27 | -------------------------------------------------------------------------------- /test/frag7.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | var q : bool 19 | 20 | axiom g(X) = f(X) if q else X 21 | 22 | # result: An interpreted symbol is applied to a universally quantified variable 23 | -------------------------------------------------------------------------------- /test/frag8.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | axiom g(X) = p if q else X 22 | 23 | # result: An interpreted symbol is applied to a universally quantified variable 24 | 25 | -------------------------------------------------------------------------------- /test/frag9.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | function ite(X:t) : t 22 | axiom q -> ite(X) = p 23 | axiom ~q -> ite(X) = X 24 | axiom g(X) = ite(X) 25 | 26 | -------------------------------------------------------------------------------- /test/fundef1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | function f(X:t) = Y:t 6 | -------------------------------------------------------------------------------- /test/fundef2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | function f(X:t,X:t) = false 6 | -------------------------------------------------------------------------------- /test/generating.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | action act(x:t) 7 | 8 | before act { 9 | if __generating { 10 | require x >= 2 11 | } 12 | } 13 | 14 | export act 15 | -------------------------------------------------------------------------------- /test/genstruct.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | interpret t -> bv[1] 6 | 7 | type s = struct { 8 | x : t, 9 | y : t 10 | } 11 | 12 | relation sent(X:s,Y:t) 13 | 14 | after init { 15 | sent(X,Y) := false 16 | } 17 | 18 | individual foo : s 19 | 20 | action baz(q:s,r:t) = { 21 | sent(q,r) := true 22 | } 23 | 24 | action bar(q:s,r:t) = { 25 | assume sent(q,r) 26 | } 27 | 28 | export baz 29 | export bar 30 | -------------------------------------------------------------------------------- /test/havocmc.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var x : t 6 | var y : t 7 | 8 | after init { 9 | x := y 10 | } 11 | 12 | action a = { 13 | y := * 14 | } 15 | 16 | invariant x = y 17 | proof let X = y 18 | 19 | export a 20 | 21 | schema trans1 = { 22 | type t 23 | function x : t 24 | function z : t 25 | property x = X & z = X -> x = z 26 | } 27 | 28 | schema trans2 = { 29 | type t 30 | function x : t 31 | property Y = X -> (x = X <-> x = Y) 32 | } 33 | 34 | schema contra = { 35 | type t 36 | function x : t 37 | property Y ~= X -> ~(x = X & x = Y) 38 | } 39 | 40 | -------------------------------------------------------------------------------- /test/ifsome1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # Testing problem with traces and 'if some' 4 | 5 | type t 6 | relation p(X:t) 7 | var v : t 8 | 9 | action a = { 10 | if some (x:t) p(x) { 11 | v := x; 12 | } 13 | else { 14 | assume false; 15 | }; 16 | assert false; 17 | } 18 | 19 | export a 20 | -------------------------------------------------------------------------------- /test/ifstar1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy 2 | 3 | type t 4 | 5 | var x : t 6 | 7 | action a = { 8 | if * { 9 | x := 0 10 | } else { 11 | x := 1 12 | }; 13 | assert x = 0 | x = 1 14 | } 15 | 16 | export a 17 | -------------------------------------------------------------------------------- /test/iftactic1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | var q : bool 5 | 6 | type t 7 | var x : t 8 | var y : t 9 | 10 | action a = { 11 | assert p 12 | proof { 13 | let Y = y; 14 | if q {let X = x} 15 | else {} 16 | } 17 | } 18 | 19 | export a 20 | -------------------------------------------------------------------------------- /test/immutable1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation r 6 | 7 | function q(X:t) = r 8 | 9 | axiom q(Y) 10 | 11 | 12 | action a = { 13 | r := true 14 | } 15 | -------------------------------------------------------------------------------- /test/implies1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | function f(X:t):t 6 | 7 | axiom X:t < f(0) & true 8 | 9 | # axiom 0 < X:t + Y 10 | -------------------------------------------------------------------------------- /test/impltype1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | 7 | type q = struct {foo : bool} 8 | 9 | implement type t with q 10 | 11 | definition p(X) = foo(X as q) 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/include.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | var p : bool 6 | init p 7 | -------------------------------------------------------------------------------- /test/inconsistent.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type node 4 | interpret node -> int 5 | individual max_node : node 6 | axiom max_node > N 7 | action empty = {} 8 | 9 | -------------------------------------------------------------------------------- /test/ind1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function sum(X:t) : t 7 | 8 | definition { 9 | sum(X:t) = 0 if X <= 0 else (X + sum(X-1)) 10 | } 11 | proof { 12 | apply rec[t] 13 | } 14 | 15 | property sum(Y) >= Y 16 | proof { 17 | apply ind[t] with X = Y; 18 | showgoals; 19 | assume sum with X = Y; 20 | defergoal; 21 | assume sum with X = Y + 1; 22 | showgoals 23 | } 24 | -------------------------------------------------------------------------------- /test/ind2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function sumdiv(N:t,X:t) : t 7 | 8 | 9 | definition sumdiv(N,X) = 0 if X <= 0 else (X/N + sumdiv(N,X-1)) 10 | proof 11 | apply rec[t] 12 | -------------------------------------------------------------------------------- /test/ineqmacros.py: -------------------------------------------------------------------------------- 1 | 2 | from ivy import ivy_module as im 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy.tk_ui import new_ui 5 | from ivy import ivy_utils as iu 6 | from ivy import ivy_check as ick 7 | 8 | prog = """#lang ivy1.6 9 | 10 | type t 11 | 12 | relation (X:t < Y:t) 13 | 14 | individual x:t,y:t 15 | 16 | axiom x <= y 17 | 18 | action a = { 19 | assert y > x | x = y 20 | } 21 | 22 | export a 23 | 24 | """ 25 | 26 | with im.Module(): 27 | iu.set_parameters({'mode':'induction','show_compiled':'true'}) 28 | ivy_from_string(prog,create_isolate=False) 29 | ick.check_module() 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/intbv1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> intbv[1][13][2] 5 | 6 | action fun(x:t) returns(x:t) = { 7 | x := 1; 8 | } 9 | 10 | action foo(x:t) returns(y:t) = { 11 | if __generating { 12 | y := fun(x); 13 | } 14 | } 15 | 16 | export foo 17 | -------------------------------------------------------------------------------- /test/interpdef1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | type nat 3 | interpret nat->nat 4 | relation (N:nat < N:nat) 5 | definition (N:nat < N1) = true 6 | invariant X:nat p(X) 11 | } 12 | 13 | export a 14 | 15 | extract code = this,foo 16 | -------------------------------------------------------------------------------- /test/iterable2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | instance foo : iterable 6 | 7 | relation p(X:foo) 8 | 9 | after init { 10 | p(X) := true 11 | } 12 | 13 | action a returns(q:bool) = { 14 | q := forall X. p(X) 15 | } 16 | 17 | export a 18 | 19 | extract code = this,foo 20 | -------------------------------------------------------------------------------- /test/latebind1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type r 4 | 5 | object a = { 6 | type this 7 | action run(arg:this) = {} 8 | } 9 | 10 | var x : a 11 | 12 | object b = { 13 | variant this of a = struct { 14 | foo : r 15 | } 16 | action run(arg:this) = {x := arg} 17 | } 18 | 19 | 20 | action bar = { 21 | call x.run 22 | } 23 | 24 | export bar 25 | -------------------------------------------------------------------------------- /test/lean1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | type t 3 | 4 | var x : t 5 | 6 | -------------------------------------------------------------------------------- /test/lettac1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var x : t 6 | 7 | invariant true proof let X = x, Y = x 8 | 9 | action a = 10 | { 11 | } 12 | 13 | export a 14 | 15 | -------------------------------------------------------------------------------- /test/liveness1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | 5 | after init { 6 | p := false; 7 | } 8 | 9 | action a = { 10 | p := true 11 | } 12 | 13 | temporal property eventually p 14 | proof { 15 | tactic l2s with 16 | invariant [inv1] globally ~p 17 | 18 | } 19 | 20 | export a 21 | -------------------------------------------------------------------------------- /test/liveness2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | 5 | after init { 6 | p := false; 7 | } 8 | 9 | export action a = { 10 | p := true 11 | } 12 | 13 | export action b = { 14 | } 15 | 16 | # Should be false 17 | 18 | temporal property eventually p 19 | proof { 20 | tactic l2s with 21 | invariant [inv1] globally ~p 22 | 23 | } 24 | 25 | -------------------------------------------------------------------------------- /test/map1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.8 2 | 3 | include order 4 | include collections 5 | include numbers 6 | 7 | instance key_t : iterable 8 | 9 | 10 | instance imap : ordered_map(key_t,nat) 11 | 12 | export imap.set 13 | export imap.get 14 | export imap.lub 15 | 16 | -------------------------------------------------------------------------------- /test/marcelo2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t -> int 5 | relation value(A:t,X:t) 6 | definition value(A:t,X:t) = <<< 3 >>> 7 | relation contains(SET:t) = exists IDX. IDX < 0 & IDX > 0 & value(SET,IDX) 8 | 9 | action foo(a:t) = { 10 | if ~contains(a) { 11 | 12 | } 13 | } 14 | 15 | export foo 16 | extract iso_impl = foo 17 | -------------------------------------------------------------------------------- /test/marcelo3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type node 4 | isolate nset = { 5 | type this 6 | relation member(N:node, S:this) 7 | individual emptyset : nset 8 | invariant ~member(N, emptyset) 9 | implementation { 10 | 11 | relation _member(N:node, S:this) 12 | definition member(N, S) = _member(N, S) 13 | after init { 14 | _member(N, emptyset) := false; 15 | } 16 | } 17 | } 18 | with node 19 | 20 | object localstate = { 21 | individual my_voters : nset 22 | invariant ~nset.member(VOTER, my_voters) 23 | after init { 24 | my_voters := nset.emptyset; 25 | } 26 | } #localstate 27 | 28 | isolate ilocalstate = localstate with nset, node 29 | -------------------------------------------------------------------------------- /test/marcelo4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type key 4 | type value 5 | 6 | object noparam = { 7 | action caller(n:key) = { 8 | var q := parametrized.implicit_value(n); 9 | } 10 | export caller 11 | } 12 | 13 | 14 | isolate parametrized(n:key) = { 15 | individual implicit_value: value 16 | } with noparam(n) 17 | 18 | -------------------------------------------------------------------------------- /test/marcelo6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type paramtype 4 | 5 | isolate inonparam = { 6 | action myaction = { 7 | } 8 | 9 | export myaction 10 | } with iparam 11 | 12 | isolate iparam(p: paramtype) = { 13 | 14 | 15 | } with inonparam 16 | -------------------------------------------------------------------------------- /test/marcelocrash1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | relation rel1(E:t) 5 | derived rel2(E) = rel1(E) 6 | 7 | -------------------------------------------------------------------------------- /test/marcelocrash2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type q 4 | 5 | object marcelo[class](self:marcelo[class].t) = { 6 | type t 7 | destructor foo : q 8 | action hello(x:q) = { 9 | foo := x 10 | } 11 | } 12 | 13 | alias marcelo = marcelo[class].t 14 | 15 | action world = { 16 | var x:marcelo; 17 | call x.hello(0) 18 | } 19 | -------------------------------------------------------------------------------- /test/marcelocrash3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | object marcelo = { 4 | type t 5 | action hello(x:t) = { 6 | 7 | } 8 | } 9 | alias marcelo = marcelo.t 10 | 11 | action world = { 12 | var x:t 13 | x.hello 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /test/match1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var x:t 5 | var y:t 6 | 7 | after init { 8 | x := y 9 | } 10 | 11 | action a = { 12 | x := y 13 | } 14 | 15 | schema trans2 = { 16 | type q 17 | function r : t 18 | property r = X & Y = X -> r = Y 19 | } 20 | 21 | invariant Z:t = Z 22 | 23 | export a 24 | -------------------------------------------------------------------------------- /test/mc1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var x : bool 4 | 5 | invariant x 6 | 7 | after init { 8 | x := true 9 | } 10 | 11 | action a = { 12 | x := ~x 13 | } 14 | 15 | export a 16 | -------------------------------------------------------------------------------- /test/mc2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t = {f,g,h} 4 | 5 | var x : t 6 | 7 | invariant x = f 8 | 9 | after init { 10 | x := f 11 | } 12 | 13 | action a = { 14 | x := g 15 | } 16 | 17 | export a 18 | -------------------------------------------------------------------------------- /test/mc3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var x : t 6 | 7 | invariant x = 0 8 | 9 | after init { 10 | x := 0 11 | } 12 | 13 | action a = { 14 | x := (x + 1) - 1 15 | } 16 | 17 | interpret t -> bv[2] 18 | 19 | export a 20 | -------------------------------------------------------------------------------- /test/mc4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var x : t 6 | var y : t 7 | 8 | 9 | axiom X:t = 0 & Y = 0 -> X = Y 10 | axiom X:t = Y & Y = 0 -> X = 0 11 | 12 | invariant x = y 13 | 14 | after init { 15 | x := 0; 16 | y := 0 17 | } 18 | 19 | action a = { 20 | x := 0 21 | } 22 | 23 | 24 | export a 25 | -------------------------------------------------------------------------------- /test/mc5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | 7 | 8 | axiom X:t = 0 & Y = 0 -> X = Y 9 | axiom X:t = Y & Y = 0 -> X = 0 10 | 11 | invariant p(X) 12 | 13 | after init { 14 | p(X) := true 15 | } 16 | 17 | action a(x:t) = { 18 | p(x) := true 19 | } 20 | 21 | 22 | export a 23 | -------------------------------------------------------------------------------- /test/mc6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | 7 | 8 | #axiom X:t = 0 & Y = 0 -> X = Y 9 | #axiom X:t = Y & Y = 0 -> X = 0 10 | 11 | invariant p(X) 12 | 13 | after init { 14 | p(X) := true 15 | } 16 | 17 | action a(x:t) = { 18 | p(x) := false 19 | } 20 | 21 | 22 | export a 23 | -------------------------------------------------------------------------------- /test/mcassert1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | 5 | action a = { 6 | assert p 7 | } 8 | 9 | export a 10 | -------------------------------------------------------------------------------- /test/mcite.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var x:t 5 | var y:t 6 | var z:bool 7 | 8 | after init { 9 | z := true 10 | } 11 | 12 | action a(c:bool) = { 13 | # var c := x = y; 14 | if c { 15 | z := true 16 | } 17 | else { 18 | z := false 19 | } 20 | } 21 | 22 | invariant z 23 | 24 | export a 25 | -------------------------------------------------------------------------------- /test/mcleq1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | action a(x:t) = { 6 | if x <= 0 { 7 | assert x < 0 | x = 0 8 | } 9 | } 10 | 11 | export a 12 | 13 | attribute method=mc 14 | -------------------------------------------------------------------------------- /test/naming1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | schema elimE = { 4 | type t 5 | relation p(X:t) 6 | property exists X. p(X) 7 | fresh individual n:t 8 | #---------------------- 9 | property p(n) 10 | } 11 | 12 | type t 13 | relation succ(X:t,Y:t) 14 | 15 | axiom exists Y. succ(X,Y) 16 | 17 | function next(X:t):t 18 | 19 | property succ(X,next(X)) 20 | proof 21 | apply elimE with n = next(X), p(Y) = succ(X,Y) 22 | 23 | property exists Y. succ(X,Y) named next2(X) 24 | 25 | # definition next2(X) = 0 26 | # definition next2(X) = 1 27 | -------------------------------------------------------------------------------- /test/nat1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | interpret t->nat 6 | 7 | type q 8 | 9 | function f(Q:q) : t 10 | 11 | # property f(Q) >= 0 12 | 13 | # property 0 <= X:t 14 | 15 | #property X:t - Y:t >= 0 16 | 17 | relation p(X:t) 18 | 19 | axiom p(X) 20 | 21 | property p(X) 22 | 23 | -------------------------------------------------------------------------------- /test/nat2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | instance foo : unbounded_sequence 6 | 7 | export foo.next 8 | export foo.prev 9 | 10 | extract iso_impl = this 11 | 12 | -------------------------------------------------------------------------------- /test/native/.gitignore: -------------------------------------------------------------------------------- 1 | test.cpp 2 | test.h 3 | test 4 | -------------------------------------------------------------------------------- /test/native/Makefile: -------------------------------------------------------------------------------- 1 | all: test 2 | 3 | test.cpp: test.ivy 4 | ivy_to_cpp target=repl test.ivy 5 | 6 | test: test.cpp 7 | g++ -g -o test test.cpp 8 | -------------------------------------------------------------------------------- /test/nesteddestr1.py: -------------------------------------------------------------------------------- 1 | 2 | from ivy import ivy_module as im 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy import ivy_utils as iu 5 | prog = """#lang ivy1.6 6 | 7 | type t 8 | 9 | type s1 = struct { 10 | foo : t, 11 | bar : t 12 | } 13 | 14 | type s2 = struct { 15 | baz : s1, 16 | bif : t 17 | } 18 | 19 | individual w : t 20 | individual v : s2 21 | 22 | action a = { 23 | v.baz.foo := w 24 | } 25 | 26 | export a 27 | """ 28 | 29 | with im.Module(): 30 | iu.set_parameters({'show_compiled':'true'}) 31 | ivy_from_string(prog,create_isolate=False) 32 | print(im.module.actions["a"].update(im.module,{})) 33 | 34 | -------------------------------------------------------------------------------- /test/numeral1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t = struct { 4 | } 5 | 6 | var x : t 7 | 8 | action a = { 9 | x := 0 10 | } 11 | 12 | export a 13 | 14 | -------------------------------------------------------------------------------- /test/old1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | action a(x:bool) returns (x:bool) = { 4 | x := ~x; 5 | assert ~(x & old x) 6 | } 7 | 8 | action b(y:bool) returns (z:bool) = { 9 | z := a(y); 10 | assert ~(y & z) 11 | } 12 | 13 | export b 14 | 15 | -------------------------------------------------------------------------------- /test/old2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object t = { 4 | type this 5 | relation r(X:this) 6 | } 7 | 8 | action foo(a:t) = { 9 | assert (old a).r 10 | } 11 | 12 | export foo 13 | 14 | -------------------------------------------------------------------------------- /test/old3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object foo = { 4 | relation r 5 | } 6 | 7 | action a = { 8 | assert (old foo).r; 9 | } 10 | 11 | export a 12 | -------------------------------------------------------------------------------- /test/ordered_set.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | type t 6 | 7 | instance s : ordered_set(t) 8 | 9 | interpret t -> bv[2] 10 | 11 | export s.insert 12 | export s.erase 13 | export s.get_glb 14 | -------------------------------------------------------------------------------- /test/outparam1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | type u 5 | interpret t->int 6 | interpret u->int 7 | 8 | action a1 returns (out:t) = { 9 | assume out >= 0; 10 | } 11 | 12 | 13 | action a2 returns (out:u) = { 14 | assume out >= 1; 15 | } 16 | 17 | object bar = { 18 | action foo = { 19 | var x := a1; 20 | assume x = 0; 21 | var y := a2; 22 | } 23 | } 24 | 25 | export bar.foo 26 | -------------------------------------------------------------------------------- /test/parameter1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | parameter p : t 7 | 8 | action a returns (r:t) = { 9 | r := p 10 | } 11 | 12 | export a 13 | -------------------------------------------------------------------------------- /test/parameter2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | instance foo : iterable 6 | 7 | action a (s:foo) returns (r:foo) = { 8 | require ~s.is_max; 9 | r := s.next 10 | } 11 | 12 | action b returns (r:foo) = { 13 | r := 0 14 | } 15 | 16 | export a 17 | export b 18 | 19 | extract iso_impl = this 20 | -------------------------------------------------------------------------------- /test/parameter3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # include order 4 | 5 | type foo 6 | interpret foo -> bv[3] 7 | 8 | 9 | parameter max : foo = 3 10 | 11 | action a (s:foo) returns (r:foo) = { 12 | require s < max; 13 | r := s + 1 14 | } 15 | 16 | action b returns (r:foo) = { 17 | r := 0 18 | } 19 | 20 | export a 21 | export b 22 | 23 | -------------------------------------------------------------------------------- /test/paramiso.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | object foo(me:t) = { 6 | action a returns (v:bool) 7 | 8 | object spec = { 9 | after a { 10 | assert v 11 | } 12 | } 13 | 14 | object impl = { 15 | implement a { 16 | v := true 17 | } 18 | } 19 | 20 | isolate iso = impl with spec 21 | } 22 | 23 | export foo.a 24 | -------------------------------------------------------------------------------- /test/passtype.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | action foo(y:t) = { 6 | } 7 | 8 | action bar = { 9 | call foo(t) 10 | } 11 | -------------------------------------------------------------------------------- /test/polycycle1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation r(X:t,Y:t) 6 | 7 | definition r(X,Y) = (Y = X + 1) 8 | 9 | axiom r(X,Y) <-> r(Y,X) 10 | 11 | property false 12 | 13 | -------------------------------------------------------------------------------- /test/proving1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | individual n : t 6 | 7 | function f(X:t) : t 8 | 9 | schema congruence1 = { 10 | type d 11 | type r 12 | function f(X:d) : r 13 | #-------------------------- 14 | property X=Y -> f(X) = f(Y) 15 | } 16 | 17 | property [prop_n] Z=n -> Z + 1 = n + 1 18 | proof congruence1 19 | -------------------------------------------------------------------------------- /test/proving2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | individual n : t 6 | 7 | function f(X:t) : t 8 | 9 | schema congruence1 = { 10 | type d 11 | type r 12 | function f(X:d) : r 13 | #-------------------------- 14 | property X=Y -> f(X) = f(Y) 15 | } 16 | 17 | property [prop_n] Z=n -> Z + 1 = n + 1 18 | proof congruence1 with d=t, r=t, X=Z, Y=n, f(V)=V+1 19 | 20 | -------------------------------------------------------------------------------- /test/proving3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation man(X:t) 6 | relation mortal(X:t) 7 | individual socrates : t 8 | 9 | schema socrates_species = { 10 | #------------------ 11 | property man(socrates) 12 | } 13 | 14 | property man(socrates) 15 | proof socrates_species 16 | 17 | schema mortality_of_man = { 18 | property [prem] man(X) 19 | #--------------- 20 | property mortal(X) 21 | } 22 | 23 | property [mortsoc] mortal(socrates) 24 | proof mortality_of_man 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /test/proving4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation man(X:t) 6 | relation mortal(X:t) 7 | individual socrates : t 8 | 9 | schema socrates_species = { 10 | #------------------ 11 | property man(socrates) 12 | } 13 | 14 | schema mortality_of_man = { 15 | property [prem] man(X) 16 | #--------------- 17 | property mortal(X) 18 | } 19 | 20 | property mortal(socrates) 21 | proof mortality_of_man; socrates_species 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /test/proving5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t->int 5 | 6 | 7 | schema rec[t] = { 8 | type q 9 | function base(X:t) : q 10 | function step(X:q,Y:t) : q 11 | function fun(X:t) : q 12 | #--------------------------------------------------------- 13 | definition fun(X:t) = base(X) if X <= 0 else step(fun(X-1),X) 14 | } 15 | 16 | function sum(X:t) : t 17 | definition sum(X:t) = 0 if X <= 0 else (X + sum(X-1)) 18 | proof rec[t] 19 | 20 | schema ind[t] = { 21 | relation p(X:t) 22 | property X <= 0 -> p(X) 23 | property p(X) -> p(X+1) 24 | #-------------------------- 25 | property p(X) 26 | } 27 | 28 | property sum(X) >= X 29 | proof ind[t] 30 | 31 | -------------------------------------------------------------------------------- /test/proving6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t->int 5 | 6 | function sum(X:t) : t 7 | definition sum(X:t) = 0 if X <= 0 else (X + sum(X-1)) 8 | proof rec[t] 9 | 10 | property sum(X) >= X 11 | proof ind[t] 12 | 13 | -------------------------------------------------------------------------------- /test/proving7.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | relation succ(X:t,Y:t) 5 | 6 | schema existsE = { 7 | type t 8 | relation p(X:t) 9 | property exists X. p(X) 10 | fresh function n:t 11 | #---------------------- 12 | property p(n) 13 | } 14 | 15 | axiom exists Y. succ(X,Y) 16 | 17 | function next(X:t):t 18 | 19 | property succ(X,next(X)) 20 | proof existsE with n = next(X), p(Y) = succ(X,Y) 21 | 22 | -------------------------------------------------------------------------------- /test/proving7a.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | relation succ(X:t,Y:t) 5 | 6 | schema existsE = { 7 | type t 8 | relation p(X:t) 9 | property exists X. p(X) 10 | fresh function n:t 11 | #---------------------- 12 | property p(n) 13 | } 14 | 15 | axiom exists Y. succ(X,Y) 16 | 17 | property exists Y. succ(X,Y) named next(X) 18 | 19 | 20 | -------------------------------------------------------------------------------- /test/proving8.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t->int 5 | 6 | function sumdiv(N:t,X:t):t 7 | 8 | definition sumdiv(N,X) = 0 if X <= 0 else (X/N + sumdiv(N,X-1)) 9 | proof rec[t] 10 | 11 | -------------------------------------------------------------------------------- /test/proving9.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | function f(X:t) : t 6 | 7 | isolate t_theory = { 8 | 9 | interpret t -> int 10 | definition f(X) = X + 1 11 | 12 | property [expanding] f(X) > X 13 | property [transitivity] X:t < Y & Y < Z -> X < Z 14 | 15 | } 16 | 17 | isolate extra = { 18 | 19 | property [prop] f(f(X)) > X 20 | 21 | } 22 | with t_theory.expanding, t_theory.transitivity 23 | -------------------------------------------------------------------------------- /test/proving9a.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | function f(X:t) : t 5 | 6 | isolate t_theory = { 7 | 8 | object impl = { 9 | interpret t -> int 10 | definition f(X) = X + 1 11 | } 12 | 13 | property [expanding] f(X) > X 14 | property [transitivity] X:t < Y & Y < Z -> X < Z 15 | 16 | } 17 | 18 | 19 | isolate extra = { 20 | 21 | property [prop] f(f(X)) > X 22 | 23 | } 24 | with t_theory 25 | -------------------------------------------------------------------------------- /test/proving9b.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | function f(X:t) : t 5 | 6 | isolate extra = { 7 | 8 | isolate t_theory = { 9 | 10 | object impl = { 11 | interpret t -> int 12 | definition f(X) = X + 1 13 | } 14 | 15 | object spec = { 16 | property [expanding] f(X) > X 17 | property [transitivity] X:t < Y & Y < Z -> X < Z 18 | } 19 | 20 | } 21 | 22 | property [prop] f(f(X)) > X 23 | 24 | } 25 | -------------------------------------------------------------------------------- /test/proving9c.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | function f(X:t) : t 5 | 6 | isolate extra = { 7 | 8 | property [prop] f(f(X)) > X 9 | 10 | isolate t_theory = { 11 | 12 | object spec = { 13 | property [expanding] f(X) > X 14 | property [transitivity] X:t < Y & Y < Z -> X < Z 15 | } 16 | 17 | object impl = { 18 | interpret t -> int 19 | definition f(X) = X + 1 20 | } 21 | 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /test/recursion1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | schema recursion[t](f:t->beta,c:t,b:t->beta,g:beta->beta) = { 4 | definition f(X) = b(X) if X <= c else g(f(X-1)) 5 | } 6 | 7 | schema recursion[t](beta,f) = { 8 | require type beta 9 | require function f(X:t) : beta 10 | individual c : t 11 | function b(X:t) : beta 12 | function g(X:beta) : beta 13 | recursive definition f(X) = b(X) if X <= c else g(f(X-1)) 14 | } 15 | 16 | schema recursion[t] = { 17 | individual c : t 18 | function b(X:t) : 'beta 19 | function g(X:'beta) : 'beta 20 | recursive definition f(X) = b(X) if X <= c else g(f(X-1)) 21 | } 22 | 23 | -------------------------------------------------------------------------------- /test/rel1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation p(X:t),q(X:t)=true 6 | -------------------------------------------------------------------------------- /test/runall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | tests=`ls *.py | grep -v run_expects` 4 | 5 | sh_tests='tilelink_unit_test.sh' 6 | 7 | trap '{ echo "Exiting on SIGINT." ; exit 1; }' INT 8 | 9 | errors=0 10 | for x in $tests; do 11 | echo ${x/.py/} ... 12 | if timeout 100 python $x > ${x/.py/.log} 2>&1 ; then 13 | echo PASS 14 | else 15 | echo FAIL 16 | (( errors += 1 )) 17 | fi 18 | done 19 | 20 | 21 | for x in $sh_tests; do 22 | echo $x ... 23 | if timeout 100 ./$x ; then 24 | echo PASS 25 | else 26 | echo FAIL 27 | (( errors += 1 )) 28 | fi 29 | done 30 | 31 | 32 | echo "errors: $errors" -------------------------------------------------------------------------------- /test/scen1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | action a = { 4 | } 5 | 6 | var q : bool 7 | 8 | after init { 9 | q := false; 10 | } 11 | 12 | export a 13 | 14 | scenario { 15 | -> s0; 16 | s0 -> s1 : before a { 17 | q := true 18 | } 19 | s1 -> s0 : before a { 20 | q := false 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /test/scen2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | action a = { 4 | } 5 | 6 | action b = { 7 | } 8 | 9 | var q : bool 10 | 11 | after init { 12 | q := false; 13 | } 14 | 15 | export a 16 | export b 17 | 18 | scenario { 19 | -> s0; 20 | s0 -> s1 : before a { 21 | q := true 22 | } 23 | s1 -> s0 : before b { 24 | q := false 25 | } 26 | } 27 | 28 | -------------------------------------------------------------------------------- /test/scen3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | type index 6 | interpret index -> int 7 | instance arr : array(index,bool) 8 | 9 | type foo = struct { 10 | y : bool, 11 | ar : arr.t 12 | } 13 | 14 | action a(x:foo) = { 15 | call b(x) 16 | } 17 | 18 | 19 | action b(z:foo) = { 20 | } 21 | 22 | var q : bool 23 | 24 | after init { 25 | q := false; 26 | } 27 | 28 | export a 29 | import b 30 | 31 | object scen = { 32 | scenario { 33 | -> s0; 34 | s0 -> s1 : before a { 35 | var v := x.ar.end; 36 | q := x.y 37 | } 38 | s1 -> s0 : after b { 39 | q := z.y 40 | } 41 | } 42 | } 43 | 44 | -------------------------------------------------------------------------------- /test/seg2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | include collections 5 | 6 | instance dom : unbounded_sequence 7 | type rng 8 | instance arr : array(dom,rng) 9 | 10 | instance s : segment(dom,rng,arr) 11 | 12 | export s.make 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /test/segment1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | include order 6 | include collections 7 | 8 | instance idx : unbounded_sequence 9 | 10 | instance arr : array(idx,t) 11 | 12 | action a(x:arr,lo:idx,hi:idx) returns(y:arr) = { 13 | y := x.segment(lo,hi) 14 | } 15 | 16 | export a 17 | 18 | 19 | -------------------------------------------------------------------------------- /test/separate1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var x : bool 4 | var y : bool 5 | 6 | after init { 7 | x := true; 8 | y := true; 9 | } 10 | 11 | action a = { 12 | var temp : bool; 13 | temp := x; 14 | x := y; 15 | assert x; 16 | y := temp; 17 | } 18 | 19 | invariant x 20 | invariant y 21 | 22 | export a 23 | -------------------------------------------------------------------------------- /test/seqnum.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | module sequence_numbers = { 6 | 7 | type t 8 | 9 | instance iter : order_iterator_impl(this) 10 | 11 | action next(seq:t) returns (res:t) 12 | 13 | interpret t->bv[8] 14 | implement next { 15 | res := seq + 1 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /test/skolem1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation foo(V1: t, V2: t) 6 | relation bar(V3: t) 7 | 8 | init ~foo(V4, V5) 9 | init ~bar(V6) 10 | 11 | action receive(c1: t, c2: t) = { 12 | assume exists X. foo(c2, X); 13 | assume c1 ~= c2; 14 | bar(c1) := true; 15 | } 16 | 17 | export receive 18 | 19 | # bug does not manifest without the following conjecture 20 | conjecture foo(V7, V8) -> V7 = V8 21 | 22 | # bug manifrsts when using X below, and not another variable name below 23 | conjecture bar(X) -> foo(X, V9) 24 | -------------------------------------------------------------------------------- /test/skolem2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | relation r(X:t,Y:t) 6 | 7 | axiom exists Y. r(X,Y) 8 | axiom exists U. r(U,V) 9 | 10 | function f(X:t):t 11 | function g(X:t):t 12 | 13 | #axiom r(X,f(X)) 14 | #axiom r(g(Y),Y) 15 | -------------------------------------------------------------------------------- /test/skolem3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | type t 6 | 7 | axiom [transitivity] (T:t < U & U < V) -> (T < V) 8 | axiom [antisymmetry] ~(T:t < U & U < T) 9 | axiom [totality] T:t < U | T = U | U < T 10 | 11 | relation r(X:t,Y:t) 12 | 13 | axiom exists Y. r(X,Y) 14 | 15 | axiom r(X,Y) -> X < Y 16 | 17 | 18 | -------------------------------------------------------------------------------- /test/some.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | init p(X) <-> X = 1 7 | 8 | action foo = { 9 | if some x:t. p(x) { 10 | call bar(x) 11 | } 12 | } 13 | 14 | action bar(x:t) 15 | 16 | interpret t -> bv[1] 17 | 18 | export foo 19 | import bar 20 | -------------------------------------------------------------------------------- /test/somemax.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | type q 5 | 6 | relation p(X:t) 7 | init p(X) 8 | 9 | action foo = { 10 | if some x:t. p(x) maximizing x { 11 | call bar(x) 12 | } 13 | } 14 | 15 | action bar(x:t) 16 | 17 | interpret t -> bv[1] 18 | 19 | export foo 20 | import bar 21 | -------------------------------------------------------------------------------- /test/somemin.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | type q 5 | 6 | relation p(X:t) 7 | init p(X) 8 | 9 | action foo = { 10 | if some x:t. p(x) minimizing x { 11 | call bar(x) 12 | } 13 | } 14 | 15 | action bar(x:t) 16 | 17 | interpret t -> bv[1] 18 | 19 | export foo 20 | import bar 21 | -------------------------------------------------------------------------------- /test/strat1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | type t 3 | relation le(X:t,Y:t) 4 | axiom le(X,X) 5 | axiom forall X. exists Y. le(X,Y) 6 | action step(a:t) = { assume true } 7 | export step 8 | conjecture le(X,X) 9 | -------------------------------------------------------------------------------- /test/strat2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | type t 3 | relation le(X:t,Y:t) 4 | function f(X:t) : t 5 | individual q : t 6 | 7 | axiom le(X,X) 8 | 9 | #axiom le(X,f(X)) 10 | axiom forall X. exists Y. le(X,Y) 11 | 12 | axiom ~le(q,q) 13 | 14 | property false 15 | 16 | 17 | -------------------------------------------------------------------------------- /test/strat4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | function f(X:t) : t 5 | function g(X:t) : t 6 | 7 | # axiom f(g(X)) = 0 8 | 9 | axiom f(g(X)) = 0 10 | axiom g(X) = 0 11 | 12 | property false 13 | -------------------------------------------------------------------------------- /test/strbv1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t -> strbv[2] 5 | 6 | action a(inp:t) returns (out:t) = { 7 | out := inp 8 | } 9 | -------------------------------------------------------------------------------- /test/string1.py: -------------------------------------------------------------------------------- 1 | 2 | import ivy.ivy_module as ivy_module 3 | from ivy.ivy_compiler import ivy_from_string 4 | from ivy.tk_ui import new_ui 5 | import ivy.ivy_utils as iu 6 | 7 | prog = """#lang ivy1.3 8 | 9 | type t 10 | type color = {red,green,blue} 11 | 12 | individual c(X:t):color 13 | relation p(X:t) 14 | 15 | init p(X) -> c(X) = green 16 | 17 | """ 18 | 19 | with ivy_module.Module(): 20 | main_ui = new_ui() 21 | ui = main_ui.add(ivy_from_string(prog)) 22 | cg = ui.view_state(ui.g.states[0]) 23 | t = cg.node('t') 24 | s = cg.relation('c') 25 | cg.split(s,t) 26 | g = cg.node('c=green') 27 | p = cg.relation('p') 28 | cg.split(p,g) 29 | # ui.mainloop() 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/stripinit1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | object foo(self:t) = { 6 | var x : bool 7 | after init { 8 | x := false 9 | } 10 | } 11 | 12 | isolate iso(self:t) = foo(self) 13 | 14 | -------------------------------------------------------------------------------- /test/strlit1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | interpret t -> strlit 5 | 6 | action a(inp:t) returns (out:t) = { 7 | out := inp 8 | } 9 | -------------------------------------------------------------------------------- /test/struct1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type q 4 | type r 5 | 6 | type t = struct { 7 | first : q, 8 | second : r 9 | } 10 | 11 | individual v:t 12 | 13 | action a(c:q,d:r) = { 14 | first(v) := c; 15 | second(v) := d; 16 | assert first(v) = c & second(v) = d 17 | } 18 | 19 | action b returns (x:q) = { 20 | x := first(v) 21 | } 22 | 23 | action c returns (x:r) = { 24 | x := second(v) 25 | } 26 | 27 | action d(x:t) = { 28 | v := x 29 | } 30 | 31 | action e returns (x:t) = { 32 | x := v 33 | } 34 | 35 | interpret q -> bv[16] 36 | interpret r -> bv[16] 37 | 38 | export a 39 | export b 40 | export c 41 | export d 42 | export e 43 | -------------------------------------------------------------------------------- /test/temp.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | interpret t -> int 5 | 6 | function f(X:t) : t 7 | 8 | function foo(X:t) = f(X) = X 9 | 10 | # definition f(X) = X 11 | 12 | function g(X:t) : t 13 | var p : t 14 | 15 | function h(X:t) : t 16 | definition h(Z) = Z 17 | function bar(X:t) = f(X) = h(X) 18 | 19 | var q : bool 20 | 21 | object test3 = { 22 | relation r(X:t) 23 | definition r(X) = (X <= p) 24 | axiom r(p) 25 | } 26 | 27 | # OK 28 | # object test4 = { 29 | # function f(X:t) : t 30 | # definition f(X) = X 31 | # axiom f(Y) <= (p) 32 | # } 33 | 34 | # OK 35 | # object test5 = { 36 | # function f(X:t) : t 37 | # definition f(X) = g(X) 38 | # axiom f(Y) <= (p) 39 | # } 40 | 41 | property false 42 | 43 | -------------------------------------------------------------------------------- /test/temporal1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # This is a test for the temporal logic plumbing. 4 | 5 | var b : bool 6 | 7 | after init { 8 | b := true 9 | } 10 | 11 | action act(x:bool) = { 12 | b := b | x 13 | } 14 | 15 | temporal property [myprop] globally b 16 | proof { 17 | tactic invariance with 18 | invariant [inv1] b 19 | } 20 | 21 | export act 22 | -------------------------------------------------------------------------------- /test/temporal2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # This is a test for the temporal logic plumbing. 4 | 5 | var b : bool 6 | 7 | after init { 8 | b := true 9 | } 10 | 11 | action act(x:bool) = { 12 | b := b | x 13 | } 14 | 15 | property [triv] true 16 | 17 | temporal property [myprop] globally b 18 | proof { 19 | tactic invariance with 20 | invariant [inv1] b 21 | } 22 | 23 | export act 24 | -------------------------------------------------------------------------------- /test/temporal3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # This is a test for the temporal logic plumbing. 4 | 5 | var b : bool 6 | 7 | after init { 8 | b := true 9 | } 10 | 11 | action act(x:bool) = { 12 | b := b | x 13 | } 14 | 15 | temporal property [triv] globally true 16 | proof { 17 | tactic invariance 18 | } 19 | 20 | temporal property [myprop] globally b 21 | proof { 22 | tactic invariance with 23 | invariant [inv1] b 24 | } 25 | 26 | export act 27 | -------------------------------------------------------------------------------- /test/temporal4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # This is a test for the temporal logic plumbing. 4 | 5 | var b : bool 6 | var c : bool 7 | 8 | after init { 9 | b := true; 10 | c := true 11 | } 12 | 13 | action act(x:bool) = { 14 | c := c & b; 15 | b := b | x 16 | } 17 | 18 | temporal property [p1] globally b 19 | proof { 20 | tactic invariance 21 | } 22 | 23 | temporal property [p2] globally c 24 | proof { 25 | tactic invariance 26 | } 27 | 28 | export act 29 | -------------------------------------------------------------------------------- /test/temporal5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # This is a test for the temporal logic plumbing. 4 | 5 | isolate iso1 = { 6 | 7 | var b : bool 8 | 9 | after init { 10 | b := true; 11 | } 12 | 13 | action act(x:bool) = { 14 | b := b | x 15 | } 16 | 17 | temporal property [p1] globally b 18 | proof { 19 | tactic invariance 20 | } 21 | } 22 | 23 | isolate iso2 = { 24 | var c : bool 25 | 26 | after init { 27 | c := true 28 | } 29 | 30 | action act(x:bool) = { 31 | c := c & iso1.b; 32 | } 33 | 34 | 35 | temporal property [p2] globally c 36 | proof { 37 | tactic invariance 38 | } 39 | 40 | } with iso1 41 | 42 | 43 | export iso1.act 44 | export iso2.act 45 | -------------------------------------------------------------------------------- /test/test1.iev: -------------------------------------------------------------------------------- 1 | foo([0,1,2],{a:[0,1],b:5}){ 2 | bar(1) 3 | bar(2){ 4 | baz(3) 5 | } 6 | } 7 | foo(1) 8 | -------------------------------------------------------------------------------- /test/test_array.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include collections 4 | 5 | type d 6 | type r 7 | 8 | instance arr : array(d,r) 9 | 10 | interpret d -> int 11 | interpret r -> bv[8] 12 | 13 | object p = { 14 | 15 | individual a : arr.t 16 | action get(x:d) returns (y:r) = { 17 | y := arr.get(a,x) 18 | } 19 | 20 | action set(x:d,y:r) = { 21 | a := arr.set(a,x,y) 22 | } 23 | 24 | action create(s:d,v:r) = { 25 | a := arr.create(s,v) 26 | } 27 | 28 | action size returns (s:d) = { 29 | s := arr.size(a) 30 | } 31 | } 32 | 33 | export p.get 34 | export p.set 35 | export p.create 36 | export p.size 37 | export arr.create 38 | export arr.get 39 | export arr.size 40 | export arr.set 41 | 42 | extract iso_impl = p,arr 43 | -------------------------------------------------------------------------------- /test/test_lexer.ivy: -------------------------------------------------------------------------------- 1 | a b c 2 | -------------------------------------------------------------------------------- /test/test_map.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | include collections 5 | 6 | 7 | object key = { 8 | type t 9 | instantiate totally_ordered(t) 10 | instance iter : order_iterator(t) 11 | } 12 | 13 | type value 14 | 15 | instance foo : ordered_map(key,value) 16 | 17 | interpret key.t -> bv[2] 18 | interpret value -> bv[2] 19 | 20 | export foo.set 21 | export foo.get 22 | export foo.erase 23 | export foo.begin 24 | export foo.next 25 | 26 | -------------------------------------------------------------------------------- /test/testout.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | action inp(x:bool) = { 4 | call out(x) 5 | } 6 | 7 | action out(x:bool) 8 | 9 | export inp 10 | import out 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/theorem1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | schema exi = { 4 | type t 5 | function p(X:t) : bool 6 | function witness : t 7 | property p(witness) 8 | #------------------- 9 | property exists Y. p(Y) 10 | } 11 | 12 | theorem refl = { 13 | type t 14 | property X:t = X 15 | } 16 | 17 | type q 18 | var z : q 19 | 20 | property [foo] z = z 21 | proof apply refl 22 | 23 | type t1 24 | var v1 : t1 25 | 26 | property exists X:t1. X = v1 27 | proof apply exi with foo = v1; apply refl 28 | 29 | 30 | -------------------------------------------------------------------------------- /test/theorem2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | theorem impi = { 4 | function p : bool 5 | function q : bool 6 | { 7 | property p 8 | property q 9 | } 10 | property p -> q 11 | } 12 | 13 | theorem refl = { 14 | type t 15 | property X:t = X 16 | } 17 | 18 | relation a 19 | 20 | type t1 21 | var b : t1 22 | 23 | object bar = { 24 | theorem silly = { 25 | property a -> (b = b) 26 | } 27 | proof apply impi; apply refl 28 | } 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/theorem3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | isolate ob1 = { 4 | specification { 5 | theorem impi = { 6 | function p : bool 7 | function q : bool 8 | { 9 | property p 10 | property q 11 | } 12 | property p -> q 13 | } 14 | } 15 | } 16 | 17 | theorem refl = { 18 | type t 19 | property X:t = X 20 | } 21 | 22 | relation a 23 | 24 | type t1 25 | var b : t1 26 | 27 | object bar = { 28 | theorem silly = { 29 | property a -> (b = b) 30 | } 31 | proof apply ob1.impi; apply refl 32 | } 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /test/theorem4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | schema alli = { 4 | type t 5 | function p(X:t) : bool 6 | { 7 | function x : t 8 | property p(x) 9 | } 10 | #---------------------- 11 | property forall X. p(X) 12 | } 13 | 14 | type t 15 | relation q(X:t) 16 | 17 | theorem foo = { 18 | property forall X:t. X = 0 19 | } 20 | proof 21 | apply alli; 22 | showgoals 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /test/theorem5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | schema alli = { 4 | type t 5 | function p(X:t) : bool 6 | { 7 | function x : t 8 | property p(x) 9 | } 10 | #---------------------- 11 | property forall X. p(X) 12 | } 13 | 14 | type t 15 | relation q(X:t) 16 | var x : t 17 | 18 | theorem foo = { 19 | property forall X:t. X = x 20 | } 21 | proof 22 | apply alli; 23 | showgoals 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /test/theorem6.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | schema alli = { 4 | type t 5 | function p(X:t) : bool 6 | { 7 | function x : t 8 | property p(x) 9 | } 10 | #---------------------- 11 | property forall X. p(X) 12 | } 13 | 14 | type t 15 | relation q(X:t) 16 | var x : t 17 | 18 | theorem foo = { 19 | property forall X:t. X = x 20 | } 21 | proof 22 | apply alli; 23 | showgoals 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /test/theory1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | type q 5 | 6 | function f(X:t) : q 7 | 8 | individual a:t, b:t 9 | 10 | axiom f(X) = f(Y) + Z 11 | 12 | interpret q->int 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /test/thing.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | relation p(X:t) 5 | axiom p(Y) 6 | -------------------------------------------------------------------------------- /test/this1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | 4 | action foo(inp:bool) 5 | 6 | object spec = { 7 | before foo { 8 | assert inp 9 | } 10 | } 11 | 12 | object impl = { 13 | 14 | individual thing : bool 15 | 16 | implement foo { 17 | thing := inp 18 | } 19 | } 20 | 21 | 22 | export foo 23 | 24 | isolate iso_this = this 25 | -------------------------------------------------------------------------------- /test/this2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | 4 | action foo(inp:bool) 5 | 6 | object spec = { 7 | before foo { 8 | assert inp 9 | } 10 | } 11 | 12 | object impl = { 13 | 14 | individual thing : bool 15 | 16 | object bar = { 17 | 18 | object spec = { 19 | after foo { 20 | assert thing 21 | } 22 | } 23 | 24 | object impl = { 25 | implement foo { 26 | thing := inp 27 | } 28 | } 29 | } 30 | } 31 | 32 | 33 | export foo 34 | 35 | isolate iso_this = this 36 | -------------------------------------------------------------------------------- /test/thunk1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | # Here we want to test that a function closure captures the value of 4 | # all relevant symbols in the environment. 5 | 6 | type t 7 | interpret t -> int 8 | 9 | var thing : t 10 | function f(X:t) = X + thing 11 | function g(X:t) : t 12 | 13 | action myaction = { 14 | g(X) := f(g(X)) + 1 15 | } 16 | 17 | export myaction 18 | -------------------------------------------------------------------------------- /test/thunk2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | action run(x:t) = {} 5 | 6 | var q : bool 7 | 8 | action a = { 9 | var v : bool; 10 | thunk [bar] f : t := { 11 | q := v 12 | }; 13 | call f.run 14 | } 15 | 16 | var g : t 17 | 18 | action b = { 19 | call g.run 20 | } 21 | 22 | export a 23 | export b 24 | -------------------------------------------------------------------------------- /test/thunk3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | type p 6 | 7 | action run(proc:p, ^x:t) = {} 8 | 9 | var q : p 10 | 11 | object baz(self:p) = { 12 | 13 | action a = { 14 | thunk [bar] f : t := { 15 | q := self 16 | }; 17 | call f.run(self) 18 | } 19 | 20 | } 21 | 22 | var g : t 23 | 24 | action b = { 25 | call g.run(q) 26 | } 27 | 28 | export baz.a 29 | export b 30 | -------------------------------------------------------------------------------- /test/tilelink_unit_test.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | cd ../examples/tilelink/unit_test 4 | ivy_to_cpp isolate=iso_b tilelink_coherence_manager_tester.ivy 5 | g++ -c -I../../../ivy/include tilelink_coherence_manager_tester.cpp 6 | 7 | -------------------------------------------------------------------------------- /test/tls1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | 4 | include order 5 | include collections 6 | include tls 7 | 8 | 9 | instance idx : unbounded_sequence 10 | type byte 11 | instance bytes : array(idx,byte) 12 | interpret byte -> bv[8] 13 | type cid 14 | 15 | type extens 16 | type exten_ser 17 | 18 | instance lower : tls_lower_intf(cid,bytes) 19 | instance upper : tls_intf(cid,idx,bytes,lower,extens,exten_ser) 20 | 21 | import lower.send 22 | export lower.recv 23 | export upper.send 24 | import upper.recv 25 | import upper.alert 26 | import upper.session_established 27 | export upper.key_material_export 28 | export upper.create 29 | export upper.destroy 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/tls2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | 4 | include order 5 | include collections 6 | include tls 7 | 8 | 9 | instance idx : unbounded_sequence 10 | type byte 11 | instance bytes : array(idx,byte) 12 | interpret byte -> bv[8] 13 | type cid 14 | 15 | type extens 16 | type exten_ser 17 | 18 | instance lower : tls_lower_intf(cid,bytes) 19 | instance upper : tls_intf(cid,idx,bytes,lower,extens,exten_ser) 20 | 21 | import lower.send 22 | export lower.recv 23 | export upper.send 24 | import upper.recv 25 | import upper.alert 26 | import upper.session_established 27 | export upper.key_material_export 28 | export upper.create 29 | export upper.destroy 30 | 31 | 32 | -------------------------------------------------------------------------------- /test/trace1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | var q : bool 5 | 6 | action a = { 7 | assume p & ~q; 8 | if p | q { 9 | assert false 10 | } 11 | else { 12 | assert false 13 | }; 14 | p := true; 15 | } 16 | 17 | export a 18 | -------------------------------------------------------------------------------- /test/trace2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | var q : bool 5 | 6 | after init { 7 | p := false 8 | } 9 | 10 | action a = { 11 | if q { 12 | p := false 13 | } 14 | else { 15 | q := true 16 | } 17 | } 18 | 19 | invariant p 20 | 21 | 22 | export a 23 | 24 | -------------------------------------------------------------------------------- /test/trace3.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var p(X:t) : bool 5 | var q : bool 6 | 7 | var y : t 8 | 9 | after init { 10 | p(X) := true 11 | } 12 | 13 | action a(x:t) = { 14 | if q & x ~= y { 15 | p(x) := false 16 | } 17 | else { 18 | q := true 19 | } 20 | } 21 | 22 | invariant p(X) 23 | 24 | 25 | export a 26 | 27 | -------------------------------------------------------------------------------- /test/trace4.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var p(X:t) : bool 5 | var q : bool 6 | 7 | var y : t 8 | 9 | after init { 10 | p(X) := true 11 | } 12 | 13 | action a(x:t) = { 14 | q := *; 15 | if * { 16 | p(x) := false 17 | } 18 | else { 19 | q := true 20 | } 21 | } 22 | 23 | invariant p(X) 24 | 25 | 26 | export a 27 | 28 | -------------------------------------------------------------------------------- /test/trace5.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | var p(X:t) : bool 5 | var q : bool 6 | 7 | var y : t 8 | 9 | after init { 10 | p(X) := true 11 | } 12 | 13 | action b(x:t) = { 14 | p(x) := false 15 | } 16 | 17 | action a = { 18 | q := *; 19 | while q 20 | invariant p(X) 21 | { 22 | var x : t; 23 | call b(x) 24 | } 25 | } 26 | 27 | invariant p(X) 28 | 29 | 30 | export a 31 | 32 | -------------------------------------------------------------------------------- /test/typethis1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | object foo = { 6 | type this = struct { 7 | f : t 8 | } 9 | 10 | action bar (x:this) returns (y:t) = { 11 | y := x.f 12 | } 13 | } 14 | 15 | var v : foo 16 | 17 | action baz = { 18 | var q := v.bar 19 | } 20 | -------------------------------------------------------------------------------- /test/udp6_test_array.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | include collections 5 | 6 | type a # network addresses 7 | type index 8 | type t 9 | instance arr : array(index,t) 10 | 11 | include udp6 12 | instance foo : udp_simple(a,arr.t) 13 | 14 | # action send(src:a,dst:a,idx:index,val:t) = { 15 | # var x : arr.t; 16 | # x := arr.resize(x,idx,val); 17 | # call foo.send(src,dst,x) 18 | # } 19 | 20 | import foo.recv 21 | export foo.send 22 | #export send 23 | 24 | interpret a->bv[1] 25 | 26 | extract iso_impl = this 27 | -------------------------------------------------------------------------------- /test/udp_test_array.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | include order 4 | include collections 5 | 6 | type a # network addresses 7 | type index 8 | type t 9 | instance arr : array(index,t) 10 | 11 | include udp 12 | instance foo : udp_simple(a,arr.t) 13 | 14 | import foo.recv 15 | export foo.send 16 | 17 | interpret a->bv[1] 18 | 19 | extract iso_impl = foo.impl, arr 20 | -------------------------------------------------------------------------------- /test/udp_test_struct.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type a # network addresses 4 | type t 5 | type p = struct { 6 | x : t, 7 | y : t 8 | } 9 | 10 | include udp 11 | instance foo : udp_simple(a,p) 12 | 13 | import foo.recv 14 | export foo.send 15 | 16 | interpret a->bv[1] 17 | 18 | extract iso_impl = foo.impl 19 | -------------------------------------------------------------------------------- /test/unroll1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | relation p(X:t) 6 | 7 | individual idx : t 8 | 9 | action a(max:t) 10 | 11 | object spec = { 12 | before a { 13 | idx := 0; 14 | while idx < max { 15 | assert p(idx); 16 | idx := idx + 1 17 | } 18 | } 19 | } 20 | 21 | interpret t -> bv[2] 22 | 23 | export a 24 | 25 | isolate iso = this 26 | 27 | -------------------------------------------------------------------------------- /test/var1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | action b(x:t) returns (z:t) = { 6 | z := x 7 | } 8 | 9 | action a(x:t) returns (z:t)= { 10 | var y := b(x); 11 | { 12 | var q : t := b(y); 13 | z := q 14 | }; 15 | z := x; 16 | z := y 17 | } 18 | 19 | export a 20 | -------------------------------------------------------------------------------- /test/vardot.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | object foo = { 4 | type this 5 | action a(x:foo) returns(y:foo) = { 6 | y := x 7 | } 8 | function f(X:foo) = X 9 | } 10 | 11 | 12 | 13 | action b(x:foo) = { 14 | var z := x.a.a.a; 15 | assert forall X:foo. X.f = X 16 | 17 | } 18 | 19 | export b 20 | -------------------------------------------------------------------------------- /test/variant1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | variant a of t 6 | 7 | variant b of t 8 | 9 | individual v : t 10 | 11 | action act (inp: a) = { 12 | v := inp 13 | } 14 | 15 | action act2 returns(out:a) = { 16 | if some (q:a) v *> q { 17 | out := q; 18 | } 19 | } 20 | 21 | export act 22 | export act2 23 | -------------------------------------------------------------------------------- /test/variant2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | type t 4 | 5 | type a 6 | type b 7 | 8 | individual v : t 9 | 10 | 11 | variant v1 of t = struct { 12 | foo : a 13 | } 14 | 15 | variant v2 of t = struct { 16 | bar : b 17 | } 18 | 19 | after init { 20 | var w : v1; 21 | w.foo := 2; 22 | v := w; 23 | } 24 | 25 | action act (inp: t) = { 26 | } 27 | 28 | before act { 29 | assume inp = v; 30 | } 31 | 32 | export act 33 | 34 | interpret a->bv[2] 35 | interpret b->bv[3] 36 | -------------------------------------------------------------------------------- /test/vcgen1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include deduction 4 | 5 | var p : bool 6 | 7 | after init { 8 | p := true 9 | } 10 | 11 | export action a(q:bool) = { 12 | p := p | q; 13 | } 14 | 15 | invariant p 16 | 17 | proof [this] { 18 | tactic vcgen 19 | proof [initiation] { 20 | apply introNot 21 | apply elimNot with p = p 22 | property (p <-> true) proof {apply elimAndL with q = ~p} 23 | apply elimIffRev with q = true 24 | apply trivial 25 | apply elimAndR with p = p <-> true 26 | }; 27 | proof [consecution] { 28 | apply introNot 29 | apply elimNot with p = p 30 | # let Z3 finish... 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /test/vcgen2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | var p : bool 4 | 5 | after init { 6 | p := true 7 | } 8 | 9 | export action a(q:bool) = { 10 | p := p & q; 11 | } 12 | 13 | invariant p 14 | 15 | proof [this] { 16 | tactic vcgen 17 | } 18 | -------------------------------------------------------------------------------- /test/while1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | individual p : bool 4 | 5 | action foo = { 6 | p := true; 7 | while p 8 | invariant true 9 | { 10 | p := false 11 | }; 12 | assert ~p 13 | 14 | } 15 | 16 | export foo 17 | -------------------------------------------------------------------------------- /test/whileexists1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var v : t 6 | interpret t -> nat 7 | 8 | action a = { 9 | while exists X. X < v { 10 | v := v - 1; 11 | } 12 | } 13 | 14 | export a 15 | 16 | 17 | -------------------------------------------------------------------------------- /test/whilesome1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | type t 4 | 5 | var v : t 6 | interpret t -> nat 7 | 8 | action a = { 9 | while some x:t. x < v { 10 | assert v > 0; 11 | assert x < v; 12 | v := v - 1; 13 | }; 14 | assert v = 0; 15 | } 16 | 17 | export a 18 | 19 | 20 | -------------------------------------------------------------------------------- /test/whilesome2.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.7 2 | 3 | include order 4 | 5 | instance t : unbounded_sequence 6 | 7 | var v : t 8 | relation p(X:t) 9 | 10 | 11 | action a(bound:t) = { 12 | while some x:t. (x < bound & ~p(x)) { 13 | assert ~p(x); 14 | p(x) := true 15 | }; 16 | assert X < bound -> p(X) 17 | } 18 | 19 | export a 20 | 21 | 22 | -------------------------------------------------------------------------------- /test/yacc1.ivy: -------------------------------------------------------------------------------- 1 | #lang ivy1.6 2 | 3 | module set = { 4 | action add() 5 | } 6 | -------------------------------------------------------------------------------- /vs/ext/GlobalSuppressions.cs: -------------------------------------------------------------------------------- 1 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1017:MarkAssembliesWithComVisible")] 2 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "Ivy", Scope = "resource", Target = "VSPackage.resources")] 3 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Ivy")] 4 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Ivy", Scope = "type", Target = "IvyLanguage.IvyMenu.IvyMenuPackage")] 5 | --------------------------------------------------------------------------------