Property and Invariant Functions¶
These are functions available in properties and invariants – not necessarily in executable Pact code. All of these functions are available in properties, but only a subset are available in invariants. As a general rule, invariants have vocabulary for talking about the shape of data, whereas properties also add vocabulary for talking about function inputs and outputs, and database interactions. Each function also explicitly says whether it’s available in just properties, or invariants as well.
Numerical operators¶
+¶
(+ x y)
takes
x: atakes
y: aproduces a
where a is of type
integerordecimal
Addition of integers and decimals.
Supported in either invariants or properties.
-¶
(- x y)
takes
x: atakes
y: aproduces a
where a is of type
integerordecimal
Subtraction of integers and decimals.
Supported in either invariants or properties.
*¶
(* x y)
takes
x: atakes
y: aproduces a
where a is of type
integerordecimal
Multiplication of integers and decimals.
Supported in either invariants or properties.
/¶
(/ x y)
takes
x: atakes
y: aproduces a
where a is of type
integerordecimal
Division of integers and decimals.
Supported in either invariants or properties.
^¶
(^ x y)
takes
x: atakes
y: aproduces a
where a is of type
integerordecimal
Exponentiation of integers and decimals.
Supported in either invariants or properties.
log¶
(log b x)
takes
b: atakes
x: aproduces a
where a is of type
integerordecimal
Logarithm of x base b.
Supported in either invariants or properties.
-¶
(- x)
takes
x: aproduces a
where a is of type
integerordecimal
Negation of integers and decimals.
Supported in either invariants or properties.
sqrt¶
(sqrt x)
takes
x: aproduces a
where a is of type
integerordecimal
Square root of integers and decimals.
Supported in either invariants or properties.
ln¶
(ln x)
takes
x: aproduces a
where a is of type
integerordecimal
Logarithm of integers and decimals base e.
Supported in either invariants or properties.
exp¶
(exp x)
takes
x: aproduces a
where a is of type
integerordecimal
Exponential of integers and decimals. e raised to the integer or decimal
x.
Supported in either invariants or properties.
abs¶
(abs x)
takes
x: aproduces a
where a is of type
integerordecimal
Absolute value of integers and decimals.
Supported in either invariants or properties.
round¶
(round x)
takes
x:decimalproduces
integer
(round x prec)
takes
x:decimaltakes
prec:integerproduces
integer
Banker’s rounding value of decimal x as integer, or to prec
precision as decimal.
Supported in either invariants or properties.
ceiling¶
(ceiling x)
takes
x:decimalproduces
integer
(ceiling x prec)
takes
x:decimaltakes
prec:integerproduces
integer
Rounds the decimal x up to the next integer, or to prec
precision as decimal.
Supported in either invariants or properties.
floor¶
(floor x)
takes
x:decimalproduces
integer
(floor x prec)
takes
x:decimaltakes
prec:integerproduces
integer
Rounds the decimal x down to the previous integer, or to prec
precision as decimal.
Supported in either invariants or properties.
dec¶
(dec x)
takes
x:integerproduces
decimal
Casts the integer x to its decimal equivalent.
Supported in either invariants or properties.
mod¶
(mod x y)
takes
x:integertakes
y:integerproduces
integer
Integer modulus
Supported in either invariants or properties.
Bitwise operators¶
&¶
(& x y)
takes
x:integertakes
y:integerproduces
integer
Bitwise and
Supported in either invariants or properties.
|¶
(| x y)
takes
x:integertakes
y:integerproduces
integer
Bitwise or
Supported in either invariants or properties.
xor¶
(xor x y)
takes
x:integertakes
y:integerproduces
integer
Bitwise exclusive-or
Supported in either invariants or properties.
shift¶
(shift x y)
takes
x:integertakes
y:integerproduces
integer
Shift x y bits left if y is positive, or right by -y
bits otherwise.
Supported in either invariants or properties.
~¶
(~ x)
takes
x:integerproduces
integer
Reverse all bits in x
Supported in either invariants or properties.
Logical operators¶
>¶
(> x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integerordecimal
True if x > y
Supported in either invariants or properties.
<¶
(< x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integerordecimal
True if x < y
Supported in either invariants or properties.
>=¶
(>= x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integerordecimal
True if x >= y
Supported in either invariants or properties.
<=¶
(<= x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integerordecimal
True if x <= y
Supported in either invariants or properties.
=¶
(= x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integer,decimal,string,time,bool,object, orkeyset
True if x = y
Supported in either invariants or properties.
!=¶
(!= x y)
takes
x: atakes
y: aproduces
boolwhere a is of type
integer,decimal,string,time,bool,object, orkeyset
True if x != y
Supported in either invariants or properties.
and¶
(and x y)
takes
x:booltakes
y:boolproduces
bool
Short-circuiting logical conjunction
Supported in either invariants or properties.
or¶
(or x y)
takes
x:booltakes
y:boolproduces
bool
Short-circuiting logical disjunction
Supported in either invariants or properties.
not¶
(not x)
takes
x:boolproduces
bool
Logical negation
Supported in either invariants or properties.
when¶
(when x y)
takes
x:booltakes
y:boolproduces
bool
Logical implication. Equivalent to (or (not x) y).
Supported in either invariants or properties.
and?¶
(and? f g a)
takes
f: a ->booltakes
g: a ->booltakes
a: aproduces
bool
and the results of applying both f and g to a
Supported in either invariants or properties.
or?¶
(or? f g a)
takes
f: a ->booltakes
g: a ->booltakes
a: aproduces
bool
or the results of applying both f and g to a
Supported in either invariants or properties.
hash¶
(hash s)
takes
s:boolproduces
string
BLAKE2b 256-bit hash of bool values
Supported in properties only.
Object operators¶
at¶
(at k o)
takes
k:stringtakes
o:objectproduces a
(at i l)
takes
i:integertakes
o:listproduces
bool
projection
Supported in either invariants or properties.
+¶
(+ x y)
takes
x:objecttakes
y:objectproduces
object
Object merge
Supported in either invariants or properties.
drop¶
(drop keys o)
takes
keys: [string]takes
o:objectproduces
object
drop entries having the specified keys from an object
Supported in either invariants or properties.
take¶
(take keys o)
takes
keys: [string]takes
o:objectproduces
object
take entries having the specified keys from an object
Supported in either invariants or properties.
length¶
(length o)
takes
o:objectproduces
integer
the number of key-value pairs in the object
Supported in either invariants or properties.
List operators¶
at¶
(at k l)
takes
k:stringtakes
l: [a]produces a
(at i l)
takes
i:integertakes
o:listproduces
bool
projection
Supported in either invariants or properties.
length¶
(length s)
takes
s: [a]produces
integer
List length
Supported in either invariants or properties.
contains¶
(contains x xs)
takes
x: atakes
xs: [a]produces
bool
(contains k o)
takes
k:stringtakes
o:objectproduces
bool
(contains value string)
takes
value:stringtakes
string:stringproduces
bool
List / string / object contains
Supported in either invariants or properties.
enumerate¶
(enumerate from to step)
takes
from:integertakes
to:integertakes
step:integerproduces [
integer]
Returns a sequence of numbers as a list
Supported in either invariants or properties.
reverse¶
(reverse xs)
takes
xs: [a]produces [a]
reverse a list of values
Supported in either invariants or properties.
sort¶
(sort xs)
takes
xs: [a]produces [a]
sort a list of values
Supported in either invariants or properties.
drop¶
(drop n xs)
takes
n:integertakes
xs: [a]produces [a]
drop the first n values from the beginning of a list (or the end if
n is negative)
Supported in either invariants or properties.
take¶
(take n xs)
takes
n:integertakes
xs: [a]produces [a]
take the first n values from xs (taken from the end if n is
negative)
Supported in either invariants or properties.
make-list¶
(make-list n a)
takes
n:integertakes
a: aproduces [a]
create a new list with n copies of a
Supported in either invariants or properties.
map¶
(map f as)
takes
f: a -> btakes
as: [a]produces [b]
apply f to each element in a list
Supported in either invariants or properties.
filter¶
(filter f as)
takes
f: a ->booltakes
as: [a]produces [a]
filter a list by keeping the values for which f returns true
Supported in either invariants or properties.
distinct¶
(distinct xs)
takes
xs: [a]produces [a]
returns a list of distinct values
Supported in either invariants or properties.
fold¶
(fold f a bs)
takes
f: a -> b -> atakes
a: atakes
bs: [b]produces a
reduce a list by applying f to each element and the previous result
Supported in either invariants or properties.
hash¶
(hash xs)
takes
xs: [a]produces
stringwhere a is of type
integer,decimal,bool, orstring
BLAKE2b 256-bit hash of lists
Supported in properties only.
String operators¶
length¶
(length s)
takes
s:stringproduces
integer
String length
Supported in either invariants or properties.
+¶
(+ s t)
takes
s:stringtakes
t:stringproduces
string
(+ s t)
takes
s: [a]takes
t: [a]produces [a]
String / list concatenation
Supported in either invariants or properties.
str-to-int¶
(str-to-int s)
takes
s:stringproduces
integer
(str-to-int b s)
takes
b:integertakes
s:stringproduces
integer
String to integer conversion
Supported in either invariants or properties.
take¶
(take n s)
takes
n:integertakes
s:stringproduces
string
take the first n values from xs (taken from the end if n is
negative)
Supported in either invariants or properties.
drop¶
(drop n s)
takes
n:integertakes
s:stringproduces
string
drop the first n values from xs (dropped from the end if n
is negative)
Supported in either invariants or properties.
hash¶
(hash s)
takes
s:stringproduces
string
BLAKE2b 256-bit hash of string values
Supported in properties only.
hash¶
(hash s)
takes
s: aproduces
stringwhere a is of type
integerordecimal
BLAKE2b 256-bit hash of numerical values
Supported in properties only.
Temporal operators¶
add-time¶
(add-time t s)
takes
t:timetakes
s: aproduces
timewhere a is of type
integerordecimal
Add seconds to a time
Supported in either invariants or properties.
Quantification operators¶
forall¶
(forall (x:string) y)
binds
x: atakes
y: rproduces r
where a is any type
where r is any type
Bind a universally-quantified variable
Supported in properties only.
exists¶
(exists (x:string) y)
binds
x: atakes
y: rproduces r
where a is any type
where r is any type
Bind an existentially-quantified variable
Supported in properties only.
column-of¶
(column-of t)
takes
t:tableproduces
type
The type of columns for a given table. Commonly used in
conjunction with quantification; e.g.:
(exists (col:(column-of accounts)) (column-written accounts col)).
Supported in properties only.
Transactional operators¶
abort¶
abort
of type
bool
Whether the transaction aborts. This function is only useful when
expressing propositions that do not assume transaction success.
Propositions defined via property implicitly assume transaction
success. We will be adding a new mode in which to use this feature in
the future – please let us know if you need this functionality.
Supported in properties only.
success¶
success
of type
bool
Whether the transaction succeeds. This function is only useful when
expressing propositions that do not assume transaction success.
Propositions defined via property implicitly assume transaction
success. We will be adding a new mode in which to use this feature in
the future – please let us know if you need this functionality.
Supported in properties only.
governance-passes¶
governance-passes
of type
bool
Whether the governance predicate passes. For keyset-based governance,
this is the same as something like
(authorized-by 'governance-ks-name). Pact’s property checking system
currently does not analyze the body of a capability when it is used for
governance due to challenges around capabilities making DB modifications
– the system currently assumes that a capability-based governance
predicate is equally capable of succeeding or failing. This feature
allows describing the scenarios where the predicate passes or fails.
Supported in properties only.
result¶
result
of type r
where r is any type
The return value of the function under test
Supported in properties only.
Database operators¶
table-written¶
(table-written t)
takes
t: aproduces
boolwhere a is of type
tableorstring
Whether a table is written in the function under analysis
Supported in properties only.
table-read¶
(table-read t)
takes
t: aproduces
boolwhere a is of type
tableorstring
Whether a table is read in the function under analysis
Supported in properties only.
cell-delta¶
(cell-delta t c r)
takes
t: atakes
c: btakes
r:stringproduces c
where a is of type
tableorstringwhere b is of type
columnorstringwhere c is of type
integerordecimal
The difference in a cell’s value before and after the transaction
Supported in properties only.
column-delta¶
(column-delta t c)
takes
t: atakes
c: bproduces c
where a is of type
tableorstringwhere b is of type
columnorstringwhere c is of type
integerordecimal
The difference in a column’s total summed value before and after the transaction
Supported in properties only.
column-written¶
(column-written t c)
takes
t: atakes
c: bproduces
boolwhere a is of type
tableorstringwhere b is of type
columnorstring
Whether a column is written to in a transaction
Supported in properties only.
column-read¶
(column-read t c)
takes
t: atakes
c: bproduces
boolwhere a is of type
tableorstringwhere b is of type
columnorstring
Whether a column is read from in a transaction
Supported in properties only.
row-read¶
(row-read t r)
takes
t: atakes
r:stringproduces
boolwhere a is of type
tableorstring
Whether a row is read in the function under analysis
Supported in properties only.
row-written¶
(row-written t r)
takes
t: atakes
r:stringproduces
boolwhere a is of type
tableorstring
Whether a row is written in the function under analysis
Supported in properties only.
row-read-count¶
(row-read-count t r)
takes
t: atakes
r:stringproduces
integerwhere a is of type
tableorstring
The number of times a row is read during a transaction
Supported in properties only.
row-write-count¶
(row-write-count t r)
takes
t: atakes
r:stringproduces
integerwhere a is of type
tableorstring
The number of times a row is written during a transaction
Supported in properties only.
row-exists¶
(row-exists t r time)
takes
t: atakes
r:stringtakes
time: one of {“before”,“after”}produces
boolwhere a is of type
tableorstring
Whether a row exists before or after a transaction
Supported in properties only.
read¶
(read t r)
takes
t: atakes
r:stringtakes
time: one of {“before”,“after”}produces
objectwhere a is of type
tableorstring
The value of a read before or after a transaction
Supported in properties only.
Function operators¶
identity¶
(identity a)
takes
a: aproduces a
where a is of type
tableorstring
identity returns its argument unchanged
Supported in either invariants or properties.
constantly¶
(constantly a)
takes
a: atakes
b: bproduces a
constantly returns its first argument, ignoring the second
Supported in either invariants or properties.
compose¶
(compose f g)
takes
f: a -> btakes
g: b -> cproduces c
compose two functions
Supported in either invariants or properties.
Other operators¶
where¶
(where field f obj)
takes
field:stringtakes
f: a ->booltakes
obj:objectproduces
bool
utility for use in filter and select applying f to field
in obj
Supported in either invariants or properties.
typeof¶
(typeof a)
takes
a: aproduces
string
return the type of a as a string
Supported in either invariants or properties.
