inline int getopt(int argc, char * const argv[], const char *optstring) { __CPROVER_HIDE:; unsigned result_index; __CPROVER_assume(result_index<argc); #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(optstring), "getopt zero-termination of 3rd argument"); #endif optarg = argv[result_index]; }
inline size_t strlen(const char *s) { __CPROVER_HIDE:; #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(s), "strlen zero-termination"); return __CPROVER_zero_string_length(s); #else __CPROVER_size_t len=0; while(s[len]!=0) len++; return len; #endif }
int main(void) { unsigned int x = 0; unsigned int y = 1; while (x < 6) { x++; y *= 2; } __CPROVER_assert(x == 6, "A"); return 0; }
inline int strcasecmp(const char *s1, const char *s2) { __CPROVER_HIDE:; #if !defined(__linux__) || defined(__GLIBC__) if(s1!=0 && s1==s2) return 0; #else // musl guarantees non-null of s1 if(s1==s2) return 0; #endif #ifdef __CPROVER_STRING_ABSTRACTION int retval; __CPROVER_assert(__CPROVER_is_zero_string(s1), "strcasecmp zero-termination of 1st argument"); __CPROVER_assert(__CPROVER_is_zero_string(s2), "strcasecmp zero-termination of 2nd argument"); if(__CPROVER_zero_string_length(s1) != __CPROVER_zero_string_length(s2)) __CPROVER_assume(retval!=0); return retval; #else __CPROVER_size_t i=0; unsigned char ch1, ch2; do { ch1=s1[i]; ch2=s2[i]; if(ch1>='A' && ch1<='Z') ch1+=('a'-'A'); if(ch2>='A' && ch2<='Z') ch2+=('a'-'A'); if(ch1==ch2) { } else if(ch1<ch2) return -1; else return 1; i++; } while(ch1!=0 && ch2!=0); return 0; #endif }
int main(void) { opcode_t PROGRAM[PROGRAMSIZE];// = { 208, 202, 100, 101, 207, 208, 208, 204, 122 }; // Initialize the program nondeterministically. init_program_cbmc(PROGRAM, PROGRAMSIZE); bool all_ok = true; for (Unsigned all_inputs = 0; all_inputs < 8; ++all_inputs) { bool in1 = (all_inputs & 4) != 0; bool in2 = (all_inputs & 2) != 0; bool in3 = (all_inputs & 1) != 0; bool out1_desired = (in1 & in2) | (in1 & in3) | (in2 & in3); bool out2_desired = in1 ^ in2 ^ in3; // initialize stack; run the program; and fetch result. bool STACK[STACKSIZE]; for (Unsigned i = 0; i < STACKSIZE; ++i) { STACK[i] = false; } Unsigned STACKPTR = 0; STACK[STACKPTR++] = in1; STACK[STACKPTR++] = in2; STACK[STACKPTR++] = in3; run_program(STACK, &STACKPTR, PROGRAM, PROGRAMSIZE); bool out1 = STACK[STACKPTR - 2]; bool out2 = STACK[STACKPTR - 1]; bool ok = ((out1 == out1_desired) & (out2 == out2_desired)); //printf("all_inputs %u --> %d\n", all_inputs, ok); if (!ok) { all_ok = false; } } //printf("all_ok: %d\n", all_ok); __CPROVER_assert(!all_ok, "found a program that works in all cases."); return 0; }
int main(void) { unsigned int x; while (x < 10) { x++; } __CPROVER_assert(x == 10, "A"); return 0; }
int main() { int *p; p = malloc(sizeof(int)); unsigned int r = p; if (r != 0) *p = 1; if (p != 0) __CPROVER_assert (*p == 1, "malloc"); return 0; }
int main(void) { unsigned int x = 0; //unsigned short N; unsigned int N; N %= 0xFFFF; while (x < N) { x += 2; } __CPROVER_assert(!(x % 2), "A"); return 0; }
int main(void) { __CPROVER_synthesis_private_arg_forall_x=nondet_int(); __CPROVER_synthesis_root(); __CPROVER_assert( __CPROVER_synthesis_ignore_D_x0 && (!(__CPROVER_synthesis_ignore_D_x && __CPROVER_synthesis_ignore_G_x) || __CPROVER_synthesis_ignore_D_x_prime) && (!(__CPROVER_synthesis_ignore_D_x && !__CPROVER_synthesis_ignore_G_x) || !__CPROVER_synthesis_ignore_A_x), ""); return 0; }
int main() { __CPROVER_ASYNC_0: P0(0); __CPROVER_ASYNC_1: P1(0); __CPROVER_ASYNC_2: P2(0); __CPROVER_assume(__unbuffered_cnt==3); fence(); // EXPECT:exists __CPROVER_assert(!(z==2 && __unbuffered_p1_r1==1 && __unbuffered_p1_r3==0), "Program was expected to be safe for PPC, model checker should have said NO.\nThis likely is a bug in the tool chain."); return 0; }
void testA() { char arrayA1[100], arrayA2[100]; _Bool cmp; int index; cmp=__CPROVER_array_equal(arrayA1, arrayA2); __CPROVER_assume(index>=0 && index<100); __CPROVER_assume(cmp); __CPROVER_assert(arrayA1[index]==arrayA2[index], "testA arrays are equal"); }
inline FILE *fopen(const char *filename, const char *mode) { __CPROVER_HIDE:; (void)*filename; (void)*mode; #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(filename), "fopen zero-termination of 1st argument"); __CPROVER_assert(__CPROVER_is_zero_string(mode), "fopen zero-termination of 2nd argument"); #endif FILE *fopen_result; _Bool fopen_error; fopen_result=fopen_error?NULL:malloc(sizeof(FILE)); #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_set_must(fopen_result, "open"); __CPROVER_cleanup(fopen_result, fclose_cleanup); #endif return fopen_result; }
inline long ftell(FILE *stream) { __CPROVER_HIDE:; int return_value; (void)*stream; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "ftell file must be open"); #endif return return_value; }
int main() { int x; int y; while(y > 0 && x<1000003) { x=x+y; } __CPROVER_assert(y<=0 || (y<0 && x>=1000003), "A"); return 0; }
inline int fclose(FILE *stream) { __CPROVER_HIDE:; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "fclose file must be open"); __CPROVER_clear_must(stream, "open"); __CPROVER_set_must(stream, "closed"); #endif int return_value; free(stream); return return_value; }
inline char *strcpy(char *dst, const char *src) { __CPROVER_HIDE:; #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(src), "strcpy zero-termination of 2nd argument"); __CPROVER_assert(__CPROVER_buffer_size(dst)>__CPROVER_zero_string_length(src), "strcpy buffer overflow"); dst[__CPROVER_zero_string_length(src)]=0; __CPROVER_is_zero_string(dst)=1; __CPROVER_zero_string_length(dst)=__CPROVER_zero_string_length(src); #else __CPROVER_size_t i=0; char ch; do { ch=src[i]; dst[i]=ch; i++; } while(ch!=(char)0); #endif return dst; }
inline int pthread_rwlock_destroy(pthread_rwlock_t *lock) { __CPROVER_HIDE:; __CPROVER_assert(*((signed char *)lock)==0, "rwlock held upon destroy"); *((signed char *)lock)=-1; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_set_must(lock, "rwlock_destroyed"); #endif return 0; }
inline int pthread_cancel(pthread_t thread) { __CPROVER_HIDE:; (void)thread; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(&thread, "pthread-id"), "pthread_cancel must be given valid thread ID"); #endif int result; return result; }
int main() { int a[4], b[4]; int x,y,z; __CPROVER_assume(1<=y && y<=3); __CPROVER_assume(0<=z && z<=2); b[y] = x; b[z] = x; for(unsigned i = 0;i<4;i++) { a[i] = b[i]; } __CPROVER_assert(a[y]==a[z], "a[y]==a[z]"); }
inline int fpurge(FILE *stream) { // just return nondet __CPROVER_HIDE:; int return_value; (void)*stream; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "fpurge file must be open"); #endif return return_value; }
void *__builtin___memmove_chk(void *dest, const void *src, size_t n, __CPROVER_size_t size) { __CPROVER_HIDE:; #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_buffer_size(src)>=n, "memmove buffer overflow"); __CPROVER_assert(__CPROVER_buffer_size(dest)==size, "builtin object size"); // dst = src (with overlap allowed) if(__CPROVER_is_zero_string(src) && n > __CPROVER_zero_string_length(src)) { __CPROVER_is_zero_string(src)=1; __CPROVER_zero_string_length(dest)=__CPROVER_zero_string_length(src); } else __CPROVER_is_zero_string(dest)=0; #else (void)size; char src_n[n]; __CPROVER_array_copy(src_n, (char*)src); __CPROVER_array_replace((char*)dest, src_n); #endif return dest; }
void *__builtin___memcpy_chk(void *dst, const void *src, __CPROVER_size_t n, __CPROVER_size_t size) { __CPROVER_HIDE: #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_buffer_size(src)>=n, "memcpy buffer overflow"); __CPROVER_assert(__CPROVER_buffer_size(dst)>=n, "memcpy buffer overflow"); __CPROVER_assert(__CPROVER_buffer_size(dst)==s, "builtin object size"); // for(size_t i=0; i<n ; i++) dst[i]=src[i]; if(__CPROVER_is_zero_string(src) && n > __CPROVER_zero_string_length(src)) { __CPROVER_is_zero_string(dst)=1; __CPROVER_zero_string_length(dst)=__CPROVER_zero_string_length(src); } else if(!(__CPROVER_is_zero_string(dst) && n <= __CPROVER_zero_string_length(dst))) __CPROVER_is_zero_string(dst)=0; #else (void)size; for(__CPROVER_size_t i=0; i<n ; i++) ((char *)dst)[i]=((const char *)src)[i]; #endif return dst; }
int main(void) { unsigned int x = 0; while (x < 0x0fffffff) { if (x < 0xfff0) { x++; } else { x += 2; } } __CPROVER_assert(!(x % 2), "A"); return 0; }
inline int getw(FILE *stream) { __CPROVER_HIDE:; int return_value; (void)*stream; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "getw file must be open"); #endif // it's any int, no restriction return return_value; }
inline FILE *fdopen(int handle, const char *mode) { __CPROVER_HIDE:; (void)handle; (void)*mode; #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(mode), "fdopen zero-termination of 2nd argument"); #endif FILE *f=malloc(sizeof(FILE)); return f; }
inline int pthread_mutex_unlock(pthread_mutex_t *mutex) { __CPROVER_HIDE:; // the fence must be before the unlock __CPROVER_fence("WWfence", "RRfence", "RWfence", "WRfence", "WWcumul", "RRcumul", "RWcumul", "WRcumul"); __CPROVER_atomic_begin(); __CPROVER_assert(*((__CPROVER_mutex_t *)mutex)==1, "must hold lock upon unlock"); *((__CPROVER_mutex_t *)mutex)=0; __CPROVER_atomic_end(); return 0; // we never fail }
inline int fgetc(FILE *stream) { __CPROVER_HIDE:; int return_value; (void)*stream; // it's a byte or EOF (-1) __CPROVER_assume(return_value>=-1 && return_value<=255); #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "fgetc file must be open"); #endif return return_value; }
inline int getc(FILE *stream) { __CPROVER_HIDE:; int return_value; (void)*stream; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "getc file must be open"); #endif // It's a byte or EOF, which we fix to -1. __CPROVER_assume(return_value>=-1 && return_value<=255); return return_value; }
void perror(const char *s) { __CPROVER_HIDE:; if(s!=0) { #ifdef __CPROVER_STRING_ABSTRACTION __CPROVER_assert(__CPROVER_is_zero_string(s), "perror zero-termination"); #endif // should go to stderr if(s[0]!=0) printf("%s: ", s); } // TODO: print errno error }
inline int fseek(FILE *stream, long offset, int whence) { __CPROVER_HIDE:; int return_value; (void)*stream; (void)offset; (void)whence; #ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS __CPROVER_assert(__CPROVER_get_must(stream, "open"), "fseek file must be open"); #endif return return_value; }