libhoare

by nrc

Design by contract style assertions for Rust

218 Stars 15 Forks Last release: Not found 39 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

LibHoare

Simple Rust support for design by contract-style assertions. Supports * preconditions (

precond
), * postconditions (
postcond
), * invariants (pre and post) (
invariant
).

Each macro takes a predicate given as a string parameter. Each macro is available in a

debug_
version which only checks the assertion in debug builds, they should be zero overhead in non-debug builds. You can use
result
inside a postcondition to get the value returned by the function.

Preconditions are checked on entry to a function. Postcondiitons are checked when leaving the function by any path.

(The library is named for Tony, not Graydon. Or rather it is named for the logic which was named after Tony).

Using libhoare

You can use libhoare with Cargo by adding

[dependencies.hoare]
git = "https://github.com/nick29581/libhoare.git"

to your projects Cargo manifest.

Otherwise, download this repo, build it (see build instructions below), make sure the path to the compiled libhoare is on your library path in some way (one way of doing this is to

export LD_LIBRARY_PATH=/path/to/libhoare/obj
before building).

Then (whether or not you used Cargo), in your crate you will need the following boilerplate:

#![feature(plugin, custom_attribute)]

#![plugin(hoare)]

Then you can use the macros as shown below.

Examples:

#[precond="x > 0"]
#[postcond="result > 1"]
fn foo(x: int) -> int {
    let y = 45 / x;
    y + 1
}


struct Bar { f1: int, f2: int }

#[invariant="x.f1 < x.f2"] fn baz(x: &mut Bar) { x.f1 += 10; x.f2 += 10; }

fn main() { foo(12); foo(26); // task '

' failed at 'precondition of foo (x > 0)' // foo(-3);

let mut b = Bar { f1: 0, f2: 10 };
baz(&amp;mut b);
b.f2 = 100;
baz(&amp;mut b);
b.f2 = -5;
// task '<main>' failed at 'invariant entering baz (x.f1 &lt; x.f2)'
// baz(&amp;mut b);

}

You can use contracts on methods as well as functions, but they are not as well tested.

Contents

All the code for checking conditions is in

libhoare
. Currently, there is only a single file,
lib.rs
.

The

test
directory contains unit tests for the library.

The

eg
directory contains a few examples of how to use the library:
  • hello.rs is a very simple (hello world!) example of how to use an invariant (useful as a basic test case);
  • doc.rs contains the examples above, so we can check they compiler and run;
  • lexer.rs is a more realistic example of use - a simple (and certainly not industrial-strength) lexer for a very small language.

Building

To build libhoare from the top level of your checked out repo run

cargo build

(if using cargo) or

$RUSTC ./libhoare/lib.rs

This will create libhoare.rs in the current directory, you might want to specify an output file using

-o
.

To build the examples run

eg.sh
in the top level and to run the tests run
tests.sh
. Both of these assume that you have a sibling directory called
obj
and that you used
$RUSTC ./libhoare/lib.rs -o "../obj/libhoare.so"

to build libhoare. Examples are created in

../obj

TODO

  • add tests to RustCI
  • tests for debug_ versions of macros - what is the best way to test this?
  • better use of macro stuff? (I'm a total beginner at syntax extensions, this all could probably be implemented better).
  • better spans.
  • better names for scopes (
     rather than 
    , etc.
    These appear in the user-visible error messages, so it would be nice if they could
    be informative).

Wish list:

  • object invariants (I think this would need compiler support, if it is possible at all. You would add
    [#invariant="..."]
    to a struct, enum, etc. and the invariant would be checked on entering and leaving every method defined in any impl for the object).

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.