// N must be even int main() { #ifdef ENABLE_CPROVER int a = nondet_int(); int b = nondet_int(); __CPROVER_assume(a < 16384); __CPROVER_assume(b < 16384); #elif ENABLE_KLEE int a; int b; klee_make_symbolic(&a, sizeof(a), "a"); klee_make_symbolic(&b, sizeof(b), "b"); if (a >= 16384) return 0; if (b >= 16384) return 0; #endif int result = sumR(a, b, N); #ifndef FORCE_BRANCH assert(result == ((a*(N+1)) + (b*(N+1)*(N/2)))); #endif return 0; }
int main () { int i, v, count, qcount, prev; int s = nondet_int(); __CPROVER_assume((s > 0) && (s <=SIZE)); for (i = 0; i < s; i++) { v = nondet_int(); ref[i] = v; a[i] = v; } sort(a, s); v = nondet_int(); count = 0; qcount = 0; prev = a[0]; for (i = 0; i < s; i++) { if (ref[i] == v) { count++; } if (a[i] == v) { qcount++; } assert (a[i] >= prev); /* MUTANT (del_stmt) */ /* prev = a[i]; */ } assert (count == qcount); }
int main() { int x = nondet_int(); int y = nondet_int(); int z = nondet_int(); while(x<100 && 100<z) { int tmp=nondet_bool(); if (tmp) { x++; } else { x--; z--; } } //assert(0); if(! (0)) goto ERROR; ERROR: assert(0, "ERROR"); }
void main() { int a, b; int * d = &globalVar; void * e = malloc(sizeof(int)); d = (int*)e; a = nondet_int() * nondet_int(); b = -7 * nondet_int(); a = times2(a); a = times2(a); b = negate(b); *d = nondet_int(); *d = negate(*d); if (a == 44 && b == 7) { ERROR: return; } check(a); check(b); int c = a + b; c *= 2; }
t_Alarm_system_io havocIO() { t_Alarm_system_io _io_; _io_.VehLocked = nondet_int(); _io_.AlarmSensor = nondet_int(); __CPROVER_assume(0<=_io_.VehLocked && _io_.VehLocked<=1 && 0<=_io_.AlarmSensor && _io_.AlarmSensor<=1); return _io_; }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} wchar_t* hay = alloca(in_len*sizeof(wchar_t)); hay[in_len-1]=0; wchar_t needle = nondet_int(); return (int) wcsrchr(hay, needle); }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* in = alloca(in_len); in[in_len-1]=0; int base = nondet_int(); char* end = 0; return strtol(in, &end, base); }
void f() { int x0, y0, x1, y1; int dy; int dx; int stepx, stepy; int fraction; int AUXVAR; x0=nondet_int(); y0=nondet_int(); x1=x0+42; y1=y0+42; dy = y1 - y0; dx = x1 - x0+1; if (dy < 0) { dy = -dy; stepy = -1; } else { stepy = 1; } if (dx < 0) { dx = -dx; stepx = -1; } else { stepx = 1; } dy = dy*2; dx = dx*2; if (dx > dy) { fraction = 2*dy - dx; AUXVAR = x0 < x1 || x0 > x1; while (AUXVAR) { if (fraction >= 0) { y0 = y0 + stepy; fraction = fraction - 2*dx; } else {} x0 = x0 + stepx; fraction = fraction + 2*dy; AUXVAR = x0 < x1 || x0 > x1; } } else { fraction = 2*dx - dy; AUXVAR = y0 < y1 || y0 > y1; while (AUXVAR) { if (fraction >= 0) { x0 = x0 + stepx; fraction = fraction - 2*dy; } else {} y0 = y0 + stepy; fraction = fraction + 2*dx; AUXVAR = y0 < y1 || y0 > y1; } } assert(y1==y0); }
int main() { int x = nondet_int(); int y = nondet_int(); int N = nondet_int(); f(x,y,N); return 0; }
int main() { int x = nondet_int(); int y = nondet_int(); int z = nondet_int(); f(x,y,z); return 0; }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* in = alloca(in_len); in[in_len-1]=0; int out_len = nondet_int(); if(out_len < in_len){return 1;} char* out = alloca(out_len); return (int) stpcpy(out, in); }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* in = alloca(in_len); in[in_len-1]=0; int out_len = nondet_int(); if(out_len < 1){return 1;} char* out = alloca(out_len); out[out_len-1]=0; return (int) strcspn(in, out); }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* hay = alloca(in_len); hay[in_len-1]=0; int out_len = nondet_int(); if(out_len < 1){return 1;} char* needle = alloca(out_len); needle[out_len-1]=0; return (int) strspn(hay, needle); }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* in = alloca(in_len); in[in_len-1]=0; int delim_len = nondet_int(); if(delim_len < 1){return 1;} char* delim = alloca(delim_len); char* ptr = 0; return (int) strtok_r(in, delim, &ptr); }
int main() { int cbSrcLength = nondet_int(); int cbHeader = nondet_int(); int nBlockAlignment = nondet_int(); DWORD *pbSrc, *pbDst; int *step; f(cbSrcLength, cbHeader, nBlockAlignment, pbSrc, pbSrc, step); return 0; }
void f() { int i=nondet_int(),k=nondet_int(),n=nondet_int(),l=nondet_int(); assume(l>0); for (k=1;k<n;k++){ for (i=l;i<n;i++){ assert(1<=i); } if(nondet_int()) l = l + 1; } }
int main() { int i, v, last, val; int refc = 0; int acount = 0; unsigned int s = nondet_unsigned_int(); //s is an arbitrary unsigned_int __CPROVER_assume(s <= SIZE); // s is used to loop for a[],so assume s<=SIZE int val = nondet_int(); //val is an arbitrary int printf("LOG: s = %u, val = %d\n", s, val); for (i = 0; i < s; i++) { v = nondet_int(); //v is an arbitrary int a[i] = v; printf("LOG: a[%d] = %d\n", i, v); if (v == val) { refc++; // record times that a[i] has the same value = val } } mysort(a, s); //do sort printf("LOG: sorted a\n"); //after sort, verify two things: 1. whether sorted 2. whether times of values = val keep the same //1. think about a[0] if (s > 0) { last = a[0]; //set first tail for comparison if (a[0] == val) { acount++; // record times that a[i] has the same value = val } } //2. think about common a[i] for (i = 1; i < s; i++) { printf("LOG: last = %d, a[%d] = %d\n", last, i, a[i]); assert(a[i] >= last); //1. assert whether head is always bigger than tail if (a[i] == val) { acount++; // keep recording times that a[i] has the same value = val } last = a[i]; // keep updating the tail } printf("LOG: refc = %d, acount = %d\n", refc, acount); assert(refc == acount); //2. assert the number of same value is the same. }
int main(){ int a; int b; int c; int nondet; nondet = nondet_int(); a = 0; b = nondet_int(); if(nondet) { while(1){ if(a == 10){ goto L1; } else { a++; } } } else { if(b > 5) { c = 100; if(nondet < -10){ } else if(nondet < -20){ } } else { c = 0; } } L1: if(a != 10){ if (b <= 5){ if(c != 0){ goto ERROR; } } } return (0); ERROR: return (-1); }
void main() { int i,first; unsigned int initial_no = nondet_int(); unsigned int size = nondet_int(); __CPROVER_assume (size <= SIZE); jsValue(initial_no,size,array); first = array[0]; for(i=1;i<size;i++) { assert( array[i]<=first); first=array[i]; } }
char *realpath(char const *pathname , char *result , char *chroot_path ) { char curpath[256] ; char workpath[256] ; char linkpath[256] ; char namebuf[256] ; char *where ; int len ; int tmp ; char *__retres ; {where = curpath; tmp = nondet_int(); if (tmp == 1) {len = readlink((char const *)(namebuf), linkpath, 256); if (len <= 0) {__retres = (char *)((void *)0); goto return_label;} /* STAC: BAD */ linkpath[len] = (char)0; if ((int )linkpath[0] == '/') {workpath[0] = (char)0;} if ((int )*(where + 0) != 0) {r_strcat(linkpath, "/"); r_strcat(linkpath, where);} /* STAC: BAD */ r_strcpy(curpath, linkpath);} __retres = result; return_label: /* CIL Label */ return (__retres);} }
int main() { int arraylen=nondet_int(); if(arraylen==3) { int** array_init = malloc(sizeof(int *)*arraylen); // mis-align that pointer! char * char_ptr = (char *) array_init; char_ptr++; int local_var; int **array2=(int**)char_ptr; // write array2[0]=&local_var; // check int value=*array2[0]; assert(value==local_var); } }
void sysfs_thread() { int nondet1; while (1) { noReorderBegin(); want_sysfs = 6; atomicBegin(); assume(sysfs_lock == 0); sysfs_lock = 6; want_sysfs = 0; atomicEnd(); noReorderEnd(); noReorderBegin(); want_dev = 6; atomicBegin(); assume(dev_lock == 0); dev_lock = 6; want_dev = 0; atomicEnd(); noReorderEnd(); if (sysfs_registered != 0) { nondet1 = nondet_int(); drv_sysfs_read(nondet1); } unlock(dev_lock); unlock(sysfs_lock); } }
/* Returns the number of bytes written to buf, or -1 if there's an error. This'll do it, assuming buf is initially uninitialized. */ int readlink(const char *path, char *buf, int bufsiz) { int n = nondet_int (); if (n < bufsiz && n >= 0) return n; return -1; }
int main() { badgers = nondet_int(); int nou; pthread_t face; pthread_create(&face, NULL, thread, NULL); // Plase a false guard into state guard if (global == 1) { nou++; } // And now when removing it, we remove a non-false guard, so the false sticks // around. if (badgers == 0) { nou++; } // Enable assertion in the other thread; it doesn't fire because false is // still in the thread guard. batsignal = 1; return 0; }
int main(void) { #ifdef __GNUC__ float low = 0x1p+25f; // 33554432 float high = 0x1.000002p+25f; // 33554436 float higher = 0x1.000004p+25f;// 33554440 // There are no other floating point numbers between these float other = nondet_float(); assert(!((low < other) && (other < high))); // Inference tests int x = nondet_int(); // x is 33554433, 33554434 or 33554435 __CPROVER_assume((33554432 < x) && (x < 33554436)); assert((castWithRounding(FE_TONEAREST,x) == high) == (x == 33554435)); #ifdef FE_UPWARD assert(castWithRounding(FE_UPWARD,x) == high); assert(castWithRounding(FE_UPWARD,-x) == -low); #endif #ifdef FE_DOWNWARD assert(castWithRounding(FE_DOWNWARD,x) == low); assert(castWithRounding(FE_DOWNWARD,-x) == -high); #endif assert(castWithRounding(FE_TOWARDZERO,x) == low); assert(castWithRounding(FE_TOWARDZERO,-x) == -low); #endif }
void f() { int i,j,temp; int a[7]; i=0; while(i<7) { a[i]=nondet_int(); i=i+1; } j=0; while(j<7-1) { i=0; while(i<7-j-1) { temp = a[i+1]; if (a[i] > temp){ a[i+1] = a[i]; a[i] = temp; } i=i+1; } j=j+1; } assert(a[0]<=a[0+1] && a[1]<=a[1+1] && a[2]<=a[2+1] && a[3]<=a[3+1] && a[4]<=a[4+1] && a[5]<=a[5+1]); }
int main(){ int in_len = nondet_int(); if(in_len < 1){return 1;} char* hay = alloca(in_len); hay[in_len-1]=0; return strlen(hay); }
void f() { int a[3]; int i,j,temp,min; i = 0; while(i<3) { a[i] = nondet_int(); i = i+1; } j = 0; while(j<3-1){ min = j; temp = a[min]; i = j+1; while(i<3){ if(a[i]>temp){ min = i; temp = a[min]; } else { } i = i+1; } temp = a[j]; a[j] = a[min]; a[min] = temp; j=j+1; } assert(a[0]<=a[0+1] && a[1]<=a[1+1]); }
static int rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) { u_char *eom, *cp, *cp1, *rdatap; u_int class, type, dlen; int n; u_char data[MAXDATA*2 + SPACE_FOR_VARS]; data [(MAXDATA*2 + SPACE_FOR_VARS)-1] = EOS; cp = rrp; eom = msg + msglen; GETSHORT(dlen, cp); BOUNDS_CHECK(cp, dlen); /* Cut a bunch of stuff which we can reintroduce later. */ n = dn_expand(msg, eom, cp, (char *)data, sizeof data); if (n < 0) { return (-1); } if (nondet_int()) { return (-1); } cp += n; cp1 = data + strlen((char *)data) + 1; /* BAD */ r_memcpy(cp1, cp, dlen - n); return 0; }
int main() { int z=nondet_int(); int x=0; __CPROVER_assume(z<0 && z>-10); while(x<100) { assert(z<x); int y = nondet_int(); __CPROVER_assume(y>0 && y<10); x=x+y; z=z-x; assert(x<150); if(z<-100) z=-z; assert(z<x); } }