# Copyright 2005-2007 Kevin Reid, under the terms of the MIT X license # found at http://www.opensource.org/licenses/mit-license.html ................ Frozen XXX some of these tests should be eventually moved out to files relevant to the objects being checked for DeepFrozenness ? DeepFrozen # value: DeepFrozen ? 1 :DeepFrozen # value: 1 ? any :DeepFrozen # value: any ? {def [x, y] := [1, 1]; &x == &y} # value: true ? (&any) :DeepFrozen # value: <& any> ? {def x := [].diverge(); (&x) :DeepFrozen} # problem: <& [].diverge()> is not DeepFrozen because [].diverge() is not ? def f0 {} :DeepFrozen # problem: is not DeepFrozen ? def f1 implements DeepFrozen {} # value: ? f1 :DeepFrozen # value: ? var f2x := 0 # value: 0 ? def f2 implements DeepFrozen { to run() :void { f2x += 1 } } # problem: "f2x" in the lexical scope of __main$f2 does not have a guard implying DeepFrozen, but VarSlot ? DeepFrozen :DeepFrozen # value: DeepFrozen ? def f22 implements DeepFrozen.optionally() { to run() :void { f2x += 1 } } # value: ? f22 :DeepFrozen # problem: is not DeepFrozen Non-transparent Selfless ? (float64, 1, throw) :DeepFrozen # value: <& 1.0 :float64> ? [(any, def _ {}, throw)] :DeepFrozen # problem: [<& <__main$_> :any>] is not DeepFrozen because <& <__main$_> :any> contains references that are unsettled or not DeepFrozen Broken references are DeepFrozen if the exception is ? Ref.broken("a") :DeepFrozen # value: ? Ref.broken((def x {}, int)) :DeepFrozen # problem: doesn't coerce to an int> is not DeepFrozen because is not XXX test with a disconnected ref (ex-Far ref) --- DeepFrozen auditing details x ? {var x implements DeepFrozen { to run() { x } }} x # problem: "x" in the definition of __main$x is variable and therefore not DeepFrozen XXX enable this and the similar below as soon as we support var patterns --- 'Lazy' checking ? def EventuallyDeepFrozen :()[DeepFrozen."eventually"()] := DeepFrozen."eventually"() # value: ? def secret # value: ? def lazyFailer1 implements EventuallyDeepFrozen {} # problem: EventuallyDeepFrozen: __main$lazyFailer1: no __optSealedDispatch/1 method found ? def lazyFailer2 implements EventuallyDeepFrozen match msg {} # problem: EventuallyDeepFrozen: __main$lazyFailer2: auditing plumbing not yet supported ? def lazyFailer3 implements EventuallyDeepFrozen { > to __optSealedDispatch() :void {} > } # problem: EventuallyDeepFrozen: __main$lazyFailer3: no __optSealedDispatch/1 method found ? def lazyFailer4 implements EventuallyDeepFrozen { > to __optSealedDispatch(brand) :void {} > } # problem: EventuallyDeepFrozen: __main$lazyFailer4: __optSealedDispatch result guard is not any: the guard Same[<& void>] does not give reason to expect <& any> ? def lazyFailer5 implements EventuallyDeepFrozen { > method __optSealedDispatch(brand :void) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer5: __optSealedDispatch argument pattern must not have a guard ? def lazyFailer5 implements EventuallyDeepFrozen { > method __optSealedDispatch(var brand) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer5: __optSealedDispatch argument pattern is not simple ? def lazyFailer6 implements EventuallyDeepFrozen { > method __optSealedDispatch(brand) :void { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer6: __optSealedDispatch result guard is not any: the guard Same[<& void>] does not give reason to expect <& any> XXX can't do this test because Java-E rejects redefining "any" - see if we can replace the node builder or some such to fix this - if not, build an expression using ENode constructors and eval that ' x ? def lazyFailer7 implements (def any := int; EventuallyDeepFrozen) { x > method __optSealedDispatch(brand) :any { x > if (brand == EventuallyDeepFrozen.getPeekBrand()) { x > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) x > } x > } x > } x # problem: EventuallyDeepFrozen: __main$lazyFailer7: __optSealedDispatch/1 does not have appropriate structure ? def lazyFailer8 implements EventuallyDeepFrozen { > to __optSealedDispatch(brand) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer8: __optSealedDispatch body is not an if, but the EscapeExpr e`escape __return { # if (__equalizer.sameEver(brand, EventuallyDeepFrozen.getPeekBrand())) { # EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) # } else { # null # } # null # }` ? def lazyFailer9 implements EventuallyDeepFrozen { > method __optSealedDispatch(brand ? (def EventuallyDeepFrozen := 43; true)) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer9: __optSealedDispatch argument pattern is not simple ? def lazyFailer10 implements EventuallyDeepFrozen { > method __optSealedDispatch(brand) :any { > if (brand != EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer10: __optSealedDispatch if test does not compare the given brand to the peek brand ? def lazyFailer11 implements EventuallyDeepFrozen { > method __optSealedDispatch(brand) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > [].asMap() > } > } > } # problem: EventuallyDeepFrozen: __main$lazyFailer11: __optSealedDispatch if body is not EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) ? def opaqueButDeepFrozen implements EventuallyDeepFrozen { > method __optSealedDispatch(brand) :any { > if (brand == EventuallyDeepFrozen.getPeekBrand()) { > EventuallyDeepFrozen.getPeekSealer().seal(meta.getState()) > } else { > "the auditor doesn't care about this" > } > } > to doSomething() :void { > # mention the secret > secret.run() > # gratuitous self-reference > opaqueButDeepFrozen.__optSealedDispatch(null) > } > } # value: ? opaqueButDeepFrozen :DeepFrozen # problem: is not DeepFrozen because contains references that are unsettled or not DeepFrozen ? bind secret implements DeepFrozen { to run() :void {} } # value: ? opaqueButDeepFrozen :DeepFrozen # value: x ? {var x implements EventuallyDeepFrozen { to run() { x } }} x # problem: "x" in the definition of __main$x is variable and therefore not DeepFrozen XXX test that redefinitions of __equalizer are rejected --- rangeSupersetOf ? def FinalSlot := __makeFinalSlot.asType(); null ? def Same := ; null ? DeepFrozen.rangeSupersetOf(DeepFrozen) # value: true ? DeepFrozen.rangeSupersetOf(int) # value: true ? DeepFrozen.rangeSupersetOf(char) # value: true ? DeepFrozen.rangeSupersetOf(float64) # value: true ? DeepFrozen.rangeSupersetOf(String) # value: true ? DeepFrozen.rangeSupersetOf(Twine) # value: true ? DeepFrozen.rangeSupersetOf(FinalSlot[int]) # value: true ? DeepFrozen.rangeSupersetOf(List[int]) # value: true ? DeepFrozen.rangeSupersetOf(Same[f1]) # value: true ? DeepFrozen.rangeSupersetOf(FinalSlot[Same[f1]]) # value: true ? DeepFrozen.rangeSupersetOf(any) # value: false ? [DeepFrozen.rangeSupersetOf(def Foo {})] # value: [null] ? DeepFrozen.rangeSupersetOf(FinalSlot[any]) # value: false ? DeepFrozen.rangeSupersetOf(List[any]) # value: false ? [DeepFrozen.rangeSupersetOf(FinalSlot[Foo])] # value: [null] ? [DeepFrozen.rangeSupersetOf(List[Foo])] # value: [null] ? DeepFrozen.rangeSupersetOf(Same[[].diverge()]) # value: false ? DeepFrozen.rangeSupersetOf(FinalSlot[Same[[].diverge()]]) # value: false XXX try some spoofing guards XXX primitive union and intersections -- DeepFrozenness checks of various imports ? __auditedBy :DeepFrozen; null ? :DeepFrozen; null XXX the below aren't exported yet - enable tests when they are' x ? :DeepFrozen; null x ? :DeepFrozen; null Should we have some sort of 'test *everything*' tool for the SafeScope/import loader?