tessl/pypi-crosshair-tool
Analyze Python code for correctness using symbolic execution and SMT solving to automatically find counterexamples for functions with type annotations and contracts.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-crosshair-tool@0.0.0index.mddocs/
CrossHair
CrossHair is a Python analysis tool that uses symbolic execution and SMT solving to automatically find counterexamples for functions with type annotations and contracts. It blurs the line between testing and type systems by exploring viable execution paths through symbolic reasoning, making it a comprehensive solution for code correctness verification.
Package Information
- Package Name: crosshair-tool
- Language: Python
- Installation:
pip install crosshair-tool - License: MIT
- Console Commands:
crosshair,mypycrosshair
Core Imports
import crosshairFor symbolic execution and core functionality:
from crosshair import (
realize,
deep_realize,
register_type,
register_patch,
with_realized_args,
SymbolicFactory,
StateSpace,
IgnoreAttempt
)For tracing control:
from crosshair import NoTracing, ResumedTracingFor debugging:
from crosshair import debugBasic Usage
Command Line Analysis
# Check a single function
crosshair check mymodule.py::my_function
# Check all functions in a module
crosshair check mymodule.py
# Watch for changes and auto-recheck
crosshair watch mymodule.py
# Generate unit tests
crosshair cover mymodule.py::my_function --coverage_type=pytestProgrammatic Usage
import crosshair
from crosshair import realize, SymbolicFactory, StateSpace
# Basic symbolic execution
def analyze_function(x: int) -> int:
"""
pre: x > 0
post: __return__ > x
"""
return x + 1
# Using CrossHair's symbolic execution
from crosshair.core_and_libs import run_checkables
from crosshair.options import AnalysisOptions
options = AnalysisOptions()
# Analysis will find counterexamples if contracts can be violatedContract Verification
from crosshair.register_contract import register_contract
def my_precondition(x):
return x > 0
def my_postcondition(x, result):
return result > x
# Register contract for function
register_contract(my_function, pre=my_precondition, post=my_postcondition)Architecture
CrossHair's symbolic execution engine consists of several key components:
- StateSpace: Manages SMT solver state and execution branches
- SymbolicFactory: Creates symbolic values for different types
- Core Engine: Handles symbolic execution, patching, and realization
- Contract System: Validates preconditions and postconditions
- CLI Interface: Provides command-line tools for analysis
- LSP Server: Enables IDE integration
The tool can analyze built-in types, user-defined classes, and much of the Python standard library through symbolic reasoning, making it comprehensive for code correctness verification.
Capabilities
Symbolic Execution Engine
Core symbolic execution functionality for creating and manipulating symbolic values, managing execution state, and converting between symbolic and concrete representations.
def realize(value):
"""Convert symbolic values to concrete values."""
def deep_realize(value, memo=None):
"""Deeply convert symbolic values using copy mechanism."""
class SymbolicFactory:
"""Factory for creating symbolic values."""
def __init__(self, space, pytype, varname): ...
def __call__(self, typ, suffix="", allow_subtypes=True): ...
class StateSpace:
"""Holds SMT solver state and execution information."""
def __init__(self, execution_deadline, model_check_timeout, search_root): ...
def add(self, expr): ...
def fork_parallel(self, false_probability, desc=""): ...
def is_possible(self, expr): ...Command Line Interface
Comprehensive CLI tools for analyzing Python code, including checking contracts, watching for changes, generating tests, comparing function behaviors, and running an LSP server for IDE integration.
def main(cmd_args=None):
"""Main CLI entry point."""
def check(args, options, stdout, stderr):
"""Check command implementation."""
def watch(args, options, max_watch_iterations=sys.maxsize):
"""Watch command implementation."""
def cover(args, options, stdout, stderr):
"""Cover command implementation."""
def diffbehavior(args, options, stdout, stderr):
"""Diff behavior command."""
def server(args, options, stdout, stderr):
"""LSP server implementation."""Contract Registration and Enforcement
System for registering and enforcing preconditions and postconditions on functions, enabling contract-based programming and verification.
def register_contract(fn, *, pre=None, post=None, sig=None, skip_body=True):
"""Register contract for function."""
def clear_contract_registrations():
"""Clear all registered contracts."""
def get_contract(fn):
"""Get contract for function."""
class PreconditionFailed(BaseException):
"""Exception for precondition failures."""
class PostconditionFailed(BaseException):
"""Exception for postcondition failures."""
def WithEnforcement(fn):
"""Ensure conditions are enforced on callable."""Behavioral Analysis and Comparison
Tools for analyzing and comparing the behavior of different function implementations, finding behavioral differences, and generating comprehensive behavior descriptions.
def diff_behavior(*args):
"""Compare behaviors of functions."""
def describe_behavior(*args):
"""Describe function behavior."""
class BehaviorDiff:
"""Difference between function behaviors."""
class ExceptionEquivalenceType(enum.Enum):
"""Types of exception equivalence."""
SAME_TYPE = ...
SAME_TYPE_AND_MESSAGE = ...
EXACT = ...Types
class IgnoreAttempt(Exception):
"""Exception to ignore analysis attempts."""
class CrossHairInternal(Exception):
"""Internal CrossHair exception."""
class UnexploredPath(Exception):
"""Exception for unexplored execution paths."""
class NotDeterministic(Exception):
"""Exception for non-deterministic behavior."""
class PathTimeout(Exception):
"""Exception for path execution timeouts."""
class AnalysisKind(enum.Enum):
"""Types of analysis."""
PEP316 = ...
icontract = ...
deal = ...
hypothesis = ...
asserts = ...
class AnalysisOptions:
"""Configuration options for analysis."""
class MessageType(enum.Enum):
"""Types of analysis messages."""
CONFIRMED = ...
CANNOT_CONFIRM = ...
PRE_UNSAT = ...
POST_FAIL = ...
POST_ERR = ...
EXEC_ERR = ...
SYNTAX_ERR = ...
IMPORT_ERR = ...