// A minimized version of the MarketCap verification problem. address 0x1 { module TestMarketCapWithSchemas { /* TODO(refactoring): this test is deactivated until we have ported this (or a similar) feature, or decided to drop it in which case the test should be removed. spec module { pragma verify = true; } spec module { global sum_of_coins: num; } spec schema SumOfCoinsModuleInvariant { invariant module global(0xA550C18).total_value == sum_of_coins; } // A resource representing the Diem coin resource struct T { // The value of the coin. May be zero value: u64, } spec T { include UpdateSumOfCoins; } spec schema UpdateSumOfCoins { value: num; invariant pack sum_of_coins = sum_of_coins + value; invariant unpack sum_of_coins = sum_of_coins - value; } resource struct MarketCap { // The sum of the values of all DiemCoin::T resources in the system total_value: u128, } public fun deposit(coin_ref: &mut T, check: T) { let T { value } = check; coin_ref.value = coin_ref.value + value; } spec schema DepositContract { coin_ref: &mut T; check: T; aborts_if coin_ref.value + check.value > max_u64(); ensures coin_ref.value == old(coin_ref.value) + check.value; } spec deposit { // module invariant include SumOfCoinsModuleInvariant; // function contract include DepositContract; } // Deposit a check which violates the MarketCap module invariant. public fun deposit_invalid(coin_ref: &mut T, check: T) { let T { value } = check; coin_ref.value = coin_ref.value + value / 2; } spec deposit_invalid { // module invariant include SumOfCoinsModuleInvariant; // function contract aborts_if coin_ref.value + check.value / 2 > max_u64(); ensures coin_ref.value == old(coin_ref.value) + check.value / 2; } */ } }