Module move_model::pragmas
source · Expand description
Provides pragmas and properties of the specification language.
Constants
- Pragma indicating whether aborts_if specification should be considered partial.
- Pragma indicating whether no explicit aborts_if specification should be treated like
aborts_iffalse. - Pragma indicating that adding u64 or u128 values should not be checked for overflow.
- Pragma indicating that the function will run smoke tests
- Pragma indicating that aborts from this function shall be ignored.
- Property which indicates that an aborts_if should be asserted. For callers of a function with such an aborts_if, the negation of the condition becomes an assertion.
- Property which indicates that an aborts_if should be assumed. For callers of a function with such an aborts_if, the negation of the condition becomes an assumption.
- Abstract property which can be used together with an opaque specification. An abstract property is not verified against the implementation, but will be used for the function’s behavior in the application context. This allows to “override” the specification with a more abstract version. In general we would need to prove the abstraction is subsumed by the implementation, but this is currently not done.
- A property which can be attached to an aborts_with to indicate that it should act as check whether the function produces exactly the provided number of error codes.
- Opposite to the abstract property.
- A property which can be attached to any condition to exclude it from verification. The condition will still be type checked.
- Property which can be attached to conditions to make them exported into the VC context even if they are injected.
- Property which can be attached to a module invariant to make it global.
- Internal property attached to conditions if they are injected via an apply or a module invariant.
- Property which can be attached to a global invariant to mark it as not to be used as an assumption in other verification steps. This can be used for invariants which are nonoperational constraints on system behavior, i.e. the systems “works” whether the invariant holds or not. Invariant marked as such are not assumed when memory is accessed, but only in the pre-state of a memory update.
- A property that can be attached to a global invariant to indicate that it should be enabled disabled by the disable_invariant_in_body pragma
- Pragma indicating that invariants are not to be checked between entry and exit to this function
- Pragma indicating that invariants are not to be checked between entry and exit to this function
- Pragma indicating whether emits specification should be considered partial.
- Pragma indicating whether no emits specification should mean that no events are to be emitted.
- Pragma which indicates that the function’s abort and ensure conditions shall be exported to the verification context even if the implementation of the function is inlined.
- Pragma indicating that the function can only be called from certain caller. Unlike other pragmas, this pragma expects a function name like
0x1::M::finstead of a boolean or a number. - Pragma indicating whether implementation of function should be ignored and instead treated to be like a native function.
- Pragma indicating whether implementation of function should be ignored and instead interpreted by its pre and post conditions only.
- Pragma indicating that requires are also enforced if the aborts condition is true.
- Pragma defining a random seed.
- Pragma defining a timeout.
- Pragma indicating an estimate how long verification takes. Verification is skipped if the timeout is smaller than this.
- Pragma indicating whether verification should be performed for a function.
Functions
- Checks whether a pragma is valid in a specific spec block.
- A function which determines whether a property is valid for a given condition kind.