diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ca360d48344a917435ac26d848ee6dc36f7d67a6..d1b91f6e7fa2a4c248b15acbce83917786376d59 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -64,7 +64,6 @@ wp-qualif:
- nix/frama-ci.sh build -A frama-c.wp-qualif
tags:
- nix
- allow_failure: true
genassigns:
stage: tests
diff --git a/src/plugins/wp/Changelog b/src/plugins/wp/Changelog
index 51d6fba4b0254b910a89dcbca747f727bdadeb45..cc5e3751d471203b02f5355def021fe551ad6d23 100644
--- a/src/plugins/wp/Changelog
+++ b/src/plugins/wp/Changelog
@@ -23,7 +23,20 @@
- WP [2020/02/21] Why3 prover version fallback
- WP [2020/02/21] Why3 prover full-names use ':' instead of ','
-* WP [2020/02/20] Fixes handling of LoopCurrent in loop invariants
+- WP [2020/02/10] Specify cache mode with FRAMAC_WP_CACHE=<mode> (-wp-cache-env)
+- WP [2020/02/10] Update scripts with FRAMAC_WP_SCRIPT=update and -wp-prover script
+- WP [2020/02/10] Move frame conditions to Type section for better filtering
+- WP [2020/02/10] Extended frame conditions to pointers inside compound
+- WP [2020/02/10] Extended frame conditions with global C-types
+- WP [2019/17/04] Control splitting with -wp-max-split <n>
- WP [2019/12/04] Added option -wp-run-all-provers
+- WP [2019/01/29] Emit a warning when no goal is generated
+- Wp [2019/06/04] Checks for inconsistent requires (-wp-smoke-tests)
+- TIP [2018/04/03] Create session directory only on demand
+- TIP [2018/03/19] Specification of JSON script format
+- Wp [2018/03/18] Additional lemma about remainder (mod)
+- TIP [2018/03/18] Refactor structure of session directory (remove models)
+- Wp [2018/02/18] Additional lemmas about logical shift compositions
##########################
Plugin WP 20.0 (Calcium)
diff --git a/src/plugins/wp/Conditions.ml b/src/plugins/wp/Conditions.ml
index 021ef13b877c4b9336a8c32d1681fbc58ae97f0e..ed4ad6bc1699ee7d9f9380ecfb6a07847d464b93 100644
--- a/src/plugins/wp/Conditions.ml
+++ b/src/plugins/wp/Conditions.ml
@@ -512,11 +512,11 @@ let state ?descr ?stmt state hs =
let s = step ?descr ?stmt cond in
Bundle.add s hs
-let assume ?descr ?stmt ?deps ?warn ?(init=false) p hs =
+let assume ?descr ?stmt ?deps ?warn ?(init=false) ?(domain=false) p hs =
match F.is_ptrue p with
| Yes -> hs
| No ->
- let cond = if init then Init p else Have p in
+ let cond = if init then Init p else if domain then Type p else Have p in
let s = step ?descr ?stmt ?deps ?warn cond in
Bundle.add s Bundle.empty
| Maybe ->
@@ -524,7 +524,8 @@ let assume ?descr ?stmt ?deps ?warn ?(init=false) p hs =
match Bundle.category hs with
| MAYBE | TRUE | EMPTY ->
let p = exist_intro p in
- let cond = if init then Init p else Have p in
+ let cond =
+ if init then Init p else if domain then Type p else Have p in
let s = step ?descr ?stmt ?deps ?warn cond in
Bundle.add s hs
| FALSE -> hs
@@ -1714,13 +1715,13 @@ let insert ?at step sequent =
let at = match at with None -> seq.seq_size | Some k -> k in
if 0 <= at && at <= seq.seq_size
then in_sequence ~replace:false at step seq , goal
- else raise (Invalid_argument "Conditions.insert")
+ else raise Not_found
let replace ~at step sequent =
let seq,goal = sequent in
if 0 <= at && at <= seq.seq_size
then in_sequence ~replace:true at step seq , goal
- else raise (Invalid_argument "Conditions.insert")
+ else raise Not_found
(* -------------------------------------------------------------------------- *)
(* --- Replace --- *)
diff --git a/src/plugins/wp/Conditions.mli b/src/plugins/wp/Conditions.mli
index 8f109852696f530dd785c9876ae28e309da228f4..aa3d088148486fb4f4531c5f381c82a999d91783 100644
--- a/src/plugins/wp/Conditions.mli
+++ b/src/plugins/wp/Conditions.mli
@@ -28,11 +28,19 @@ open Cil_types
open Lang
open Lang.F
-(** Predicates *)
+(** {2 Predicate Introduction} *)
+
+
+(** Introduce universally quantified formulae: head forall quantifiers
+ are instanciated to fresh variables in current pool and left-implies are
+ extracted, recursively. *)
val forall_intro: Lang.F.pred -> Lang.F.pred list * Lang.F.pred
+
+(** Introduce existential quantified formulae: head exist quantifiers
+ are instanciated to fresh variables, recursively. *)
val exist_intro: Lang.F.pred -> Lang.F.pred
-(** Sequent *)
+(** {2 Sequent} *)
type step = private {
mutable id : int ; (** See [index] *)
@@ -46,14 +54,14 @@ type step = private {
}
and condition =
- | Type of pred
- | Have of pred
- | When of pred
- | Core of pred
- | Init of pred
- | Branch of pred * sequence * sequence
- | Either of sequence list
- | State of Mstate.state
+ | Type of pred (** Type section, not constraining for filtering *)
+ | Have of pred (** Normal assumptions section *)
+ | When of pred (** Assumptions introduced after simplifications *)
+ | Core of pred (** Common hypotheses gather from parallel branches *)
+ | Init of pred (** Initializers assumptions *)
+ | Branch of pred * sequence * sequence (** If-Then-Else *)
+ | Either of sequence list (** Disjunction *)
+ | State of Mstate.state (** Memory Model snapshot *)
and sequence (** List of steps *)
@@ -61,6 +69,7 @@ type sequent = sequence * F.pred
val pretty : (Format.formatter -> sequent -> unit) ref
+(** Creates a single step *)
val step :
?descr:string ->
?stmt:stmt ->
@@ -76,29 +85,36 @@ val update_cond :
step ->
condition -> step
-val is_true : sequence -> bool (** Only true or empty steps *)
+val is_true : sequence -> bool (** Contains only true or empty steps *)
val is_empty : sequence -> bool (** No step at all *)
-val vars_hyp : sequence -> Vars.t
-val vars_seq : sequent -> Vars.t
+val vars_hyp : sequence -> Vars.t (** Pre-computed and available in constant time. *)
+val vars_seq : sequent -> Vars.t (** At the cost of the union of hypotheses and goal. *)
-val empty : sequence
-val trivial : sequent
+val empty : sequence (** empty sequence, equivalent to true assumption *)
+val trivial : sequent (** empty implies true *)
val sequence : step list -> sequence
+
val seq_branch : ?stmt:stmt -> F.pred -> sequence -> sequence -> sequence
+(** Creates an If-Then-Else branch located at the provided stmt, if any. *)
-val append : sequence -> sequence -> sequence
-val concat : sequence list -> sequence
+val append : sequence -> sequence -> sequence (** Conjunction *)
+val concat : sequence list -> sequence (** List conjunction *)
-(** Iterate only over the head steps of the sequence *)
+(** Iterate only over the head steps of the sequence.
+ Does not go deeper inside branches and disjunctions. *)
val iter : (step -> unit) -> sequence -> unit
-(** The internal list of steps *)
+(** Same domain than [iter]. *)
val list : sequence -> step list
+(** Compute the {i total} number of steps in the sequence, including
+ nested sequences from branches and disjunctions.
+ Pre-computed and available in constant time. *)
val size : sequence -> int
val steps : sequence -> int
-(** Attributes unique indices to every [step.id] in the sequence, starting from zero.
+(** Attributes unique indices to every [step.id] in the sequence,
+ starting from zero. Recursively
Returns the number of steps in the sequence. *)
val index : sequent -> unit
@@ -112,13 +128,21 @@ val step_at : sequence -> int -> step
@raise Not_found if the index is out of bounds. *)
val is_trivial : sequent -> bool
+(** Goal is true or hypotheses contains false. *)
(** {2 Transformations} *)
val map_condition : (pred -> pred) -> condition -> condition
+(** Rewrite all root predicates in condition *)
+
val map_step : (pred -> pred) -> step -> step
+(** Rewrite all root predicates in step *)
+
val map_sequence : (pred -> pred) -> sequence -> sequence
+(** Rewrite all root predicates in sequence *)
+
val map_sequent : (pred -> pred) -> sequent -> sequent
+(** Rewrite all root predocates in hypotheses and goal *)
val insert : ?at:int -> step -> sequent -> sequent
(** Insert a step in the sequent immediately [at] the specified position.
@@ -159,6 +183,9 @@ val at_closure : (sequent -> sequent ) -> unit (** register a transformation app
Bundles are {i mergeable} pre-sequences.
This the key structure for merging hypotheses with linear complexity
during backward weakest pre-condition calculus.
+
+ Bundle are constructed in backward order with respect to program
+ control-flow, as driven by the wp calculus.
*)
type bundle
@@ -170,20 +197,45 @@ type 'a attributed =
?warn:Warning.Set.t ->
'a )
-val nil : bundle
+val nil : bundle (** Same as empty *)
val occurs : F.var -> bundle -> bool
val intersect : F.pred -> bundle -> bool
+(** Variables of predicate and the bundle intersects *)
+
val merge : bundle list -> bundle
+(** Performs a diff-based disjunction, introducing If-Then-Else or Either
+ branches when possible.
+ Linear complexity is achieved by assuming bundle ordering is consistent
+ over the list. *)
+
+(** Assumes a list of predicates in a [Type] section on top of the bundle. *)
val domain : F.pred list -> bundle -> bundle
+
+(** Assumes a list of predicates in a [Have] section on top of the bundle. *)
val intros : F.pred list -> bundle -> bundle
+
+(** Stack a memory model state on top of the bundle. *)
val state : ?descr:string -> ?stmt:stmt -> Mstate.state -> bundle -> bundle
-val assume : (?init:bool -> F.pred -> bundle -> bundle) attributed
+
+(** Assumes a predicate in the specified section,
+ with the specified decorations. On [~init:true], the predicate is placed
+ in an [Init] section. On [~domain:true], the predicate is placed in a [Type]
+ section. Otherwized, it is placed in a standard [Have] section. *)
+val assume : (?init:bool -> ?domain:bool -> F.pred -> bundle -> bundle) attributed
+
+(** Construct a branch bundle, with merging of all common parts. *)
val branch : (F.pred -> bundle -> bundle -> bundle) attributed
+
+(** Construct a disjunction bundle, with merging of all common parts. *)
val either : (bundle list -> bundle) attributed
+
+(** Computes a formulae equivalent to the bundle. For debugging purpose only. *)
val extract : bundle -> F.pred list
+
+(** Closes the bundle and promote it into a well-formed sequence. *)
val bundle : bundle -> sequence
-(** {2 Simplifier} *)
+(** {2 Simplifiers} *)
val clean : sequent -> sequent
val filter : sequent -> sequent
diff --git a/src/plugins/wp/GuiGoal.ml b/src/plugins/wp/GuiGoal.ml
index 407f98990d661247c025864069dd4497c6717e03..9b88a8c3d594058d079b58d9f79a6e3c563081ab 100644
--- a/src/plugins/wp/GuiGoal.ml
+++ b/src/plugins/wp/GuiGoal.ml
@@ -449,6 +449,13 @@ class pane (gprovers : GuiConfig.provers) =
cancel#set_enabled false ;
forward#set_enabled false ;
status#set_text "Non Proved Property" ;
+ | `Invalid ->
+ icon#set_icon GuiProver.wg_status ;
+ next#set_enabled false ;
+ prev#set_enabled false ;
+ cancel#set_enabled false ;
+ forward#set_enabled false ;
+ status#set_text "Invalid Smoke-test" ;
| `Proved ->
icon#set_icon GuiProver.ok_status ;
next#set_enabled false ;
@@ -493,18 +500,12 @@ class pane (gprovers : GuiConfig.provers) =
self#update_tactics None ;
| Proof proof ->
let wpo = ProofEngine.head proof in
- if Wpo.is_proved wpo then
- begin
- self#update_provers None ;
- self#update_tactics None ;
- end
- else
- begin
- self#update_provers (Some wpo) ;
- let sequent = printer#sequent in
- let select = printer#selection in
- self#update_tactics (Some(proof,sequent,select)) ;
- end
+ begin
+ self#update_provers (Some wpo) ;
+ let sequent = printer#sequent in
+ let select = printer#selection in
+ self#update_tactics (Some(proof,sequent,select)) ;
+ end
| Composer _ | Browser _ -> ()
method private update_proofview =
@@ -626,9 +627,12 @@ class pane (gprovers : GuiConfig.provers) =
Wutil.later
begin fun () ->
let title = tactic#title in
- let tactic = ProofScript.jtactic ~title tactic selection in
- let anchor = ProofEngine.anchor proof () in
- self#fork proof (ProofEngine.fork proof ~anchor tactic process)
+ try
+ let tactic = ProofScript.jtactic ~title tactic selection in
+ let anchor = ProofEngine.anchor proof () in
+ self#fork proof (ProofEngine.fork proof ~anchor tactic process)
+ with Exit | Not_found | Invalid_argument _ ->
+ text#printf "Application of tactic '%s' failed." title
end
method private search proof = function
diff --git a/src/plugins/wp/GuiList.ml b/src/plugins/wp/GuiList.ml
index 83c43b08dcb585f208c705e3bd4a45e8fe74d726..9976597169d525ff32a0591d9e9a967c6e728953 100644
--- a/src/plugins/wp/GuiList.ml
+++ b/src/plugins/wp/GuiList.ml
@@ -70,7 +70,9 @@ let render_prover_result p =
| `Proof -> icn_stock "gtk-edit"
| `Saved -> icn_stock "gtk-file"
end
- | { verdict=r } , _ -> icon_of_verdict r
+ | result , _ ->
+ let smoke = Wpo.is_smoke_test w in
+ icon_of_verdict (VCS.verdict ~smoke result)
class pane (gprovers:GuiConfig.provers) =
let model = new model in
diff --git a/src/plugins/wp/GuiNavigator.ml b/src/plugins/wp/GuiNavigator.ml
index eed9d0dbb42755fd2a0035f35b4032694a03fb20..ab7fec066be8f2a48ca4c2556813f7099af44de2 100644
--- a/src/plugins/wp/GuiNavigator.ml
+++ b/src/plugins/wp/GuiNavigator.ml
@@ -34,7 +34,7 @@ open GuiSource
(* -------------------------------------------------------------------------- *)
type scope = [ `All | `Module | `Select ]
-type filter = [ `ToProve | `Scripts | `All ]
+type filter = [ `ToProve | `Scripts | `Smoke | `All ]
type card = [ `List | `Goal ]
type focus =
[ `All
@@ -105,7 +105,9 @@ class behavior
~values:[`All,"all" ; `Module,"module" ; `Select,"select"]
~default:`Module scope ;
Cfg.config_values ~key:"wp.navigator.filter"
- ~values:[`All,"all" ; `Scripts,"scripts" ;
+ ~values:[`All,"all" ;
+ `Smoke,"smoketests" ;
+ `Scripts,"scripts" ;
`ToProve,"toprove"]
~default:`ToProve filter ;
filter#on_event self#reload ;
@@ -124,7 +126,9 @@ class behavior
method reload () =
begin
list#reload ;
- let to_prove g = not (Wpo.is_proved g || Wpo.reduce g) in
+ let to_prove g =
+ not (Wpo.is_smoke_test g) &&
+ not (Wpo.is_proved g || Wpo.reduce g) in
let has_proof g =
match ProofEngine.get g with
| `None -> false
@@ -133,6 +137,7 @@ class behavior
let ok =
match filter#get with
| `All -> true
+ | `Smoke -> Wpo.is_smoke_test g
| `Scripts -> has_proof g
| `ToProve -> to_prove g && (Wpo.is_unknown g || has_proof g)
in if ok then list#add g
@@ -444,6 +449,7 @@ let make (main : main_window_extension_points) =
let filter = new Widget.menu ~default:`ToProve ~options:[
`ToProve , "Not Proved (yet)" ;
`Scripts , "All Scripts" ;
+ `Smoke , "Smoke Tests" ;
`All , "All Goals" ;
] () in
let prev = new Widget.button ~icon:`GO_BACK ~tooltip:"Previous goal" () in
@@ -466,18 +472,6 @@ let make (main : main_window_extension_points) =
pvrs#connect dp_chooser#run ;
end ;
- (* -------------------------------------------------------------------------- *)
- (* --- Filter Popup --- *)
- (* -------------------------------------------------------------------------- *)
-
- begin
- filter#set_render (function
- | `All -> "All Results"
- | `Scripts -> "All Scripts"
- | `ToProve -> "Not Proved") ;
- filter#set_items [ `ToProve ; `Scripts ; `All ] ;
- end ;
-
(* -------------------------------------------------------------------------- *)
(* --- List/Goal view --- *)
(* -------------------------------------------------------------------------- *)
diff --git a/src/plugins/wp/GuiProof.ml b/src/plugins/wp/GuiProof.ml
index 1b984174b7b0f54bd374c223529e9ba6b22a773f..6a04110dac746baa1e0904c9e5ef911faa3f14ab 100644
--- a/src/plugins/wp/GuiProof.ml
+++ b/src/plugins/wp/GuiProof.ml
@@ -181,10 +181,10 @@ class printer (text : Wtext.text) =
| `Proof ->
text#printf "@{<it>Existing Script (navigate to explore)@}@."
| `Script ->
- text#printf "[%a]@." ProofSession.pp_goal wpo ;
+ text#printf "[%a]@." ProofSession.pp_script_for wpo ;
text#printf "@{<it>Existing Script (replay to explore)@}@."
| `Saved ->
- text#printf "[%a]@." ProofSession.pp_goal wpo ;
+ text#printf "[%a]@." ProofSession.pp_script_for wpo ;
text#printf "@{<it>Saved Script (replay to load)@}@."
| `None ->
text#printf "@{<it>No Script@}@."
diff --git a/src/plugins/wp/GuiProver.ml b/src/plugins/wp/GuiProver.ml
index e195b340f27b94255147f418ceb411639437cc2c..843ac14f89e425f77e1009967c4aa2d1e9b0b22c 100644
--- a/src/plugins/wp/GuiProver.ml
+++ b/src/plugins/wp/GuiProver.ml
@@ -23,7 +23,7 @@
let no_status = `Share "theme/default/never_tried.png"
let ok_status = `Share "theme/default/surely_valid.png"
let ko_status = `Share "theme/default/unknown.png"
-let wg_status = `Share "theme/default/invalid.png"
+let wg_status = `Share "theme/default/surely_invalid.png"
let filter = function
| VCS.Qed | VCS.Tactical | VCS.NativeCoq -> false
diff --git a/src/plugins/wp/GuiTactic.ml b/src/plugins/wp/GuiTactic.ml
index d5e58431b2aa38feee1a0bb8259d1af17cc4f092..e3045be4e03da220c5123c60565745e2853c87c3 100644
--- a/src/plugins/wp/GuiTactic.ml
+++ b/src/plugins/wp/GuiTactic.ml
@@ -365,7 +365,7 @@ class tactic
initializer
begin
form#add_row ~xpadding:4 ~ypadding:2 ~field:`Compact descr#coerce ;
- self#set_action ~tooltip:"Apply Tactic" ~icon:`MEDIA_PLAY () ;
+ self#set_action () ;
wfields <- List.map (wfield tac form pp) tac#params ;
List.iter (fun fd -> fd#connect self#updated) wfields ;
List.iter (fun fd -> fd#compose_with self#compose) wfields ;
diff --git a/src/plugins/wp/Lang.ml b/src/plugins/wp/Lang.ml
index cf1934d1e049824f31ae271281701a52a06300b0..07ab66b3bb4f19ce0183cc03913e849e240a3cd7 100644
--- a/src/plugins/wp/Lang.ml
+++ b/src/plugins/wp/Lang.ml
@@ -883,16 +883,13 @@ end
(* -------------------------------------------------------------------------- *)
-(* --- Fresh Variables & Local Assumptions --- *)
+(* --- Local Assumptions --- *)
(* -------------------------------------------------------------------------- *)
type gamma = {
mutable hyps : pred list ;
- mutable vars : var list ;
}
-(* -------------------------------------------------------------------------- *)
-
let cpool = Context.create "Lang.pool"
let cgamma = Context.create "Lang.gamma"
let add_vars pool = function
@@ -904,8 +901,8 @@ let new_pool ?copy ?(vars = Vars.empty) () =
F.add_vars pool vars ; pool
let new_gamma ?copy () =
match copy with
- | None -> { hyps=[] ; vars=[] }
- | Some g -> { hyps = g.hyps ; vars = g.vars }
+ | None -> { hyps=[] }
+ | Some g -> { hyps = g.hyps }
let get_pool () = Context.get cpool
let get_gamma () = Context.get cgamma
@@ -917,7 +914,7 @@ let freshen x = F.alpha (Context.get cpool) x
let local ?pool ?vars ?gamma f =
let pool = match pool with None -> F.pool () | Some p -> p in
add_vars pool vars ;
- let gamma = match gamma with None -> { hyps=[] ; vars=[] } | Some g -> g in
+ let gamma = match gamma with None -> { hyps=[] } | Some g -> g in
Context.bind cpool pool (Context.bind cgamma gamma f)
let sigma () = F.sigma ~pool:(Context.get cpool) ()
@@ -970,19 +967,16 @@ let assume p =
let d = Context.get cgamma in
d.hyps <- p :: d.hyps
-let epsilon ?basename t phi =
- let d = Context.get cgamma in
- let x = freshvar ?basename t in
- let e = e_var x in
- d.hyps <- phi e :: d.hyps ;
- d.vars <- x :: d.vars ;
- e
-
let hypotheses g = g.hyps
-let variables g = List.rev g.vars
let get_hypotheses () = (Context.get cgamma).hyps
-let get_variables () = (Context.get cgamma).vars
+
+let filter_hypotheses xs =
+ let d = Context.get cgamma in
+ let vars = List.fold_right Vars.add xs Vars.empty in
+ let matches p = Vars.intersect vars (varsp p) in
+ let hs_with_vars , hs_without_vars = List.partition matches d.hyps in
+ d.hyps <- hs_without_vars ; hs_with_vars
(** For why3_api but circular dependency *)
diff --git a/src/plugins/wp/Lang.mli b/src/plugins/wp/Lang.mli
index f835b48962e18d8fe6e85d68af25aa8a6b4ecdbd..f7c9e6a5daf404121b15712e7640979c5fa94447 100644
--- a/src/plugins/wp/Lang.mli
+++ b/src/plugins/wp/Lang.mli
@@ -529,15 +529,13 @@ val freshvar : ?basename:string -> tau -> var
val freshen : var -> var
val assume : pred -> unit
val without_assume : ('a -> 'b) -> 'a -> 'b
-val epsilon : ?basename:string -> tau -> (term -> pred) -> term
val hypotheses : gamma -> pred list
-val variables : gamma -> var list
val get_pool : unit -> pool
val get_gamma : unit -> gamma
val has_gamma : unit -> bool
val get_hypotheses : unit -> pred list
-val get_variables : unit -> var list
+val filter_hypotheses : var list -> pred list
(** {2 Substitutions} *)
diff --git a/src/plugins/wp/LogicCompiler.ml b/src/plugins/wp/LogicCompiler.ml
index 5652757329553f29c2bbe8aa6125376a797411d4..93282ac6e84199a1cbeddd8e8737e1b4d1ceb6d5 100644
--- a/src/plugins/wp/LogicCompiler.ml
+++ b/src/plugins/wp/LogicCompiler.ml
@@ -431,8 +431,9 @@ struct
let env,domain,sigv = profile_env Logic_var.Map.empty [] [] profile in
let env = default_label env labels in
let result = cc env data in
+ let types = Lang.get_hypotheses () in
let used_domain p = occurs_pvars (filter result) p in
- let domain = List.filter used_domain domain in
+ let domain = List.filter used_domain (domain @ types) in
let used_var (_,x) = filter result x || occurs_ps x domain in
let used = List.filter used_var sigv in
let parp = List.map snd used in
diff --git a/src/plugins/wp/LogicSemantics.ml b/src/plugins/wp/LogicSemantics.ml
index 1b0f23d8c3fbda099ca9c02f06e1e8943cf1f9cb..33737573f51ab51fa71e09f404624aa8f921417a 100644
--- a/src/plugins/wp/LogicSemantics.ml
+++ b/src/plugins/wp/LogicSemantics.ml
@@ -1025,6 +1025,9 @@ struct
(* --- Regions --- *)
(* -------------------------------------------------------------------------- *)
+ let assigned_of_lval env ~unfold (lv : Cil_types.lval) =
+ assignable_lval env ~unfold (Logic_utils.lval_to_term_lval ~cast:false lv)
+
let assigned_of_froms env ~unfold froms =
List.concat
(List.map
diff --git a/src/plugins/wp/Makefile.in b/src/plugins/wp/Makefile.in
index b9d1954e66c90885377d0a694dabc8257fcbf32b..2d8c1789b5aa02a4d5b0ba050dfb5da2ee54536f 100644
--- a/src/plugins/wp/Makefile.in
+++ b/src/plugins/wp/Makefile.in
@@ -230,6 +230,7 @@ wp-doc-api:
$(CP) $(Wp_DIR)/doc/ocamldoc.css $(Wp_DIR)/doc/html/style.css
$(OCAMLDOC) \
-package zarith \
+ -package why3 \
-I lib/fc -I lib/plugins -I $(Wp_DIR) -stars \
-html -d $(Wp_DIR)/doc/html -charset utf-8 \
-t "Frama-C/WP API Documentation" \
diff --git a/src/plugins/wp/MemMemory.ml b/src/plugins/wp/MemMemory.ml
index 3297bfdd33e5d765bec98e4957292dc31982f31a..44c812ddf3fe57936b2f4f7845ee511cb1dbdba6 100644
--- a/src/plugins/wp/MemMemory.ml
+++ b/src/plugins/wp/MemMemory.ml
@@ -292,8 +292,8 @@ let r_havoc = function
| _ -> raise Not_found
(* havoc(undef,m,p,a)[k] =
- - undef[k] WHEN separated (p,a,k,1)
- - m[k] WHEN NOT separated (p,a,k,1)
+ - m[k] WHEN separated (p,a,k,1)
+ - undef[k] WHEN NOT separated (p,a,k,1)
*)
let r_get_havoc = function
| [undef;m;p;a] ->
diff --git a/src/plugins/wp/MemVar.ml b/src/plugins/wp/MemVar.ml
index 81b87712410a3099a0bf22a32f831975bb086480..814f165a9b918d4431b257a06ea99520472803ca 100644
--- a/src/plugins/wp/MemVar.ml
+++ b/src/plugins/wp/MemVar.ml
@@ -933,13 +933,16 @@ struct
let frame sigma =
let hs = ref [] in
SIGMA.iter
- (fun x chunk ->
- if (x.vglob || x.vformal) then
+ begin fun x chunk ->
+ (if (x.vglob || x.vformal) then
let t = VAR.typ_of_chunk x in
let v = e_var chunk in
let h = forall_pointers (M.global sigma.mem) v t in
- if not (F.eqp h F.p_true) then hs := h :: !hs
- ) sigma.vars ;
+ if not (F.eqp h F.p_true) then hs := h :: !hs ) ;
+ (if x.vglob then
+ let v = e_var chunk in
+ hs := Cvalues.has_ctype x.vtype v :: !hs ) ;
+ end sigma.vars ;
!hs @ M.frame sigma.mem
(* -------------------------------------------------------------------------- *)
diff --git a/src/plugins/wp/ProofEngine.ml b/src/plugins/wp/ProofEngine.ml
index d049b1ee2eb99347c69d567009050dac12b0217d..4d9c444ef696cab29476918129a01d153a60c9d3 100644
--- a/src/plugins/wp/ProofEngine.ml
+++ b/src/plugins/wp/ProofEngine.ml
@@ -205,12 +205,14 @@ let children n =
(* --- State & Status --- *)
(* -------------------------------------------------------------------------- *)
-type status = [ `Main | `Proved | `Pending of int ]
+type status = [ `Main | `Proved | `Invalid | `Pending of int ]
let status t : status =
match t.root with
| None ->
- if Wpo.is_proved t.main then `Proved else `Main
+ if Wpo.is_proved t.main
+ then if Wpo.is_smoke_test t.main then `Invalid else `Proved
+ else `Main
| Some root ->
match root.script with
| Opened | Script _ -> `Main
diff --git a/src/plugins/wp/ProofEngine.mli b/src/plugins/wp/ProofEngine.mli
index 2150cbae4c1ffbeae3e3a3dd88ecec4e186d2460..7596c654bd45a7f8c767b01624aec2b7d05ec37d 100644
--- a/src/plugins/wp/ProofEngine.mli
+++ b/src/plugins/wp/ProofEngine.mli
@@ -35,7 +35,7 @@ val validate : ?incomplete:bool -> tree -> unit
(** Leaves are numbered from 0 to n-1 *)
-type status = [ `Main | `Proved | `Pending of int ]
+type status = [ `Main | `Invalid | `Proved | `Pending of int ]
type current = [ `Main | `Internal of node | `Leaf of int * node ]
type position = [ `Main | `Node of node | `Leaf of int ]
diff --git a/src/plugins/wp/ProofScript.ml b/src/plugins/wp/ProofScript.ml
index 1c25e49dd9e0623ad45c792981b0f0363f56d5e9..684dd046aefa8dd4ebfe2e65e324faf6b8af1d31 100644
--- a/src/plugins/wp/ProofScript.ml
+++ b/src/plugins/wp/ProofScript.ml
@@ -462,7 +462,7 @@ class console ~pool ~title =
= fun msg ->
Pretty_utils.ksfprintf
(fun s -> errors <- true ;
- Wp_parameters.error "[%s] %s" title s)
+ Wp_parameters.warning "[%s] %s" title s)
msg
end
diff --git a/src/plugins/wp/ProofSession.ml b/src/plugins/wp/ProofSession.ml
index 247566a25aae19417344fc890041433d95870fb6..e370be98b3124ea6fb5f6a4d91ad6af3a380af3e 100644
--- a/src/plugins/wp/ProofSession.ml
+++ b/src/plugins/wp/ProofSession.ml
@@ -22,59 +22,63 @@
open Wpo
-type status =
+type script =
| NoScript
| Script of string
| Deprecated of string
-let files : (string,status) Hashtbl.t = Hashtbl.create 32
+let files : (string,script) Hashtbl.t = Hashtbl.create 32
+
+let jsonfile = Printf.sprintf "%s/%s.json"
let filename ~force wpo =
- let d = Wp_parameters.get_session_dir ~force "script" in
- Printf.sprintf "%s/%s.json" d wpo.po_gid
+ let dscript = Wp_parameters.get_session_dir ~force "script" in
+ jsonfile dscript wpo.po_sid (* no model in name *)
let legacies wpo =
- let m = WpContext.MODEL.id wpo.po_model in
- let d = Wp_parameters.get_session_dir ~force:false m in
- List.map (Printf.sprintf "%s/%s.json" d) [
- wpo.po_gid ;
- wpo.po_leg ;
+ let mid = WpContext.MODEL.id wpo.po_model in
+ let dscript = Wp_parameters.get_session_dir ~force:false "script" in
+ let dmodel = Wp_parameters.get_session_dir ~force:false mid in
+ [
+ jsonfile dscript wpo.po_gid ;
+ jsonfile dmodel wpo.po_gid ;
+ jsonfile dmodel wpo.po_leg ;
]
-let status wpo =
+let get wpo =
let f = filename ~force:false wpo in
try Hashtbl.find files f
with Not_found ->
- let status =
+ let script =
if Sys.file_exists f then Script f else
try
let f' = List.find Sys.file_exists (legacies wpo) in
Wp_parameters.warning ~current:false
- "Deprecated script for '%s' (use prover tip to upgrade)" wpo.po_sid ;
+ "Deprecated script for '%s'" wpo.po_sid ;
Deprecated f'
with Not_found -> NoScript
- in Hashtbl.add files f status ; status
+ in Hashtbl.add files f script ; script
let pp_file fmt s = Filepath.Normalized.(pretty fmt (of_string s))
-let pp_status fmt = function
+let pp_script fmt = function
| NoScript -> Format.pp_print_string fmt "no script file"
| Script f -> Format.fprintf fmt "script '%a'" pp_file f
| Deprecated f -> Format.fprintf fmt "script '%a' (deprecated)" pp_file f
-let pp_goal fmt wpo = pp_status fmt (status wpo)
+let pp_script_for fmt wpo = pp_script fmt (get wpo)
let exists wpo =
- match status wpo with NoScript -> false | Script _ | Deprecated _ -> true
+ match get wpo with NoScript -> false | Script _ | Deprecated _ -> true
let load wpo =
- match status wpo with
+ match get wpo with
| NoScript -> `Null
| Script f | Deprecated f ->
if Sys.file_exists f then Json.load_file f else `Null
let remove wpo =
- match status wpo with
+ match get wpo with
| NoScript -> ()
| Script f ->
begin
@@ -86,7 +90,8 @@ let remove wpo =
Wp_parameters.feedback
"Removed deprecated script for '%s'" wpo.po_sid ;
Extlib.safe_remove f0 ;
- Hashtbl.replace files (filename ~force:true wpo) NoScript ;
+ let f = filename ~force:false wpo in
+ Hashtbl.replace files f NoScript ;
end
let save wpo js =
@@ -95,8 +100,9 @@ let save wpo js =
| `Null | `List [] | `Assoc [] -> true
| _ -> false in
if empty then remove wpo else
- match status wpo with
- | Script f -> Json.save_file f js
+ match get wpo with
+ | Script f ->
+ Json.save_file f js
| NoScript ->
begin
let f = filename ~force:true wpo in
diff --git a/src/plugins/wp/ProofSession.mli b/src/plugins/wp/ProofSession.mli
index c2648b07c3655f6016b9039edec4d7d43dfcef0c..4294ebb2b933709066914b2d96fa34719e9725ef 100644
--- a/src/plugins/wp/ProofSession.mli
+++ b/src/plugins/wp/ProofSession.mli
@@ -20,16 +20,15 @@
(* *)
(**************************************************************************)
-type status =
+type script =
| NoScript
| Script of string
| Deprecated of string
-val pp_status : Format.formatter -> status -> unit
-val pp_goal : Format.formatter -> Wpo.t -> unit
-
-val status : Wpo.t -> status
+val pp_script : Format.formatter -> script -> unit
+val pp_script_for : Format.formatter -> Wpo.t -> unit
+val get : Wpo.t -> script
val exists : Wpo.t -> bool
val save : Wpo.t -> Json.t -> unit
val load : Wpo.t -> Json.t
diff --git a/src/plugins/wp/ProverErgo.ml b/src/plugins/wp/ProverErgo.ml
index 71a3c73a96b8ea364c8285a2cad53cf0d64ea2ca..fbf5e2c88c27a918697f13773365a08512513f46 100644
--- a/src/plugins/wp/ProverErgo.ml
+++ b/src/plugins/wp/ProverErgo.ml
@@ -341,8 +341,6 @@ let re_unsat = Str.regexp p_unsat
class altergo ~config ~pid ~gui ~file ~lines ~logout ~logerr =
object(ergo)
- initializer ignore pid
-
inherit ProverTask.command (Wp_parameters.AltErgo.get ())
val mutable files = []
@@ -437,7 +435,8 @@ class altergo ~config ~pid ~gui ~file ~lines ~logout ~logerr =
if not gui then begin
ergo#add_positive
~name:"-steps-bound" ~value:(VCS.get_stepout config) ;
- ergo#timeout (VCS.get_timeout config) ;
+ let smoke = WpPropId.is_smoke_test pid in
+ ergo#timeout (VCS.get_timeout ~smoke config) ;
end ;
ergo#validate_time ergo#time ;
ergo#validate_pattern ~logs:`ERR re_error ergo#error ;
diff --git a/src/plugins/wp/ProverScript.ml b/src/plugins/wp/ProverScript.ml
index f0ba4bedf839e9865ba25f19b076a84736b63980..ced0e25790f379931cc2009ff3347c3355062dd8 100644
--- a/src/plugins/wp/ProverScript.ml
+++ b/src/plugins/wp/ProverScript.ml
@@ -90,7 +90,7 @@ let jfork tree ?node jtactic =
| Some (script,process) ->
Some (ProofEngine.fork tree ~anchor script process)
with
- | Not_found ->
+ | Exit | Not_found | Invalid_argument _ ->
console#set_error "Can not configure tactic" ; None
| e ->
console#set_error "Exception <%s>" (Printexc.to_string e) ;
@@ -167,7 +167,7 @@ struct
let pending env =
match ProofEngine.status env.tree with
- | `Main | `Proved -> 0 | `Pending n -> n
+ | `Main | `Invalid | `Proved -> 0 | `Pending n -> n
let setup_backtrack env node depth =
if env.backtrack > 0 then
@@ -323,7 +323,8 @@ let rec crawl env on_child node = function
Task.return ()
| Error(msg,json) :: alternative ->
- Wp_parameters.error "@[<hov 2>Script Error %S: %a@]@." msg Json.pp json ;
+ Wp_parameters.warning "@[<hov 2>Script Error %S: %a@]@."
+ msg Json.pp json ;
crawl env on_child node alternative
| Prover( prv , res ) :: alternative ->
diff --git a/src/plugins/wp/ProverSearch.ml b/src/plugins/wp/ProverSearch.ml
index 3580de72fb036ef5072983284e0a3530b26ddb86..48e8c284f226220314d82b3e8f7698eed1495d30 100644
--- a/src/plugins/wp/ProverSearch.ml
+++ b/src/plugins/wp/ProverSearch.ml
@@ -50,7 +50,7 @@ let fork tree anchor strategy =
| Some (script,process) ->
Some (ProofEngine.fork tree ~anchor script process)
with
- | Not_found ->
+ | Exit | Not_found | Invalid_argument _ ->
console#set_error "Can not configure strategy" ; None
| e ->
console#set_error "Exception <%s>" (Printexc.to_string e) ;
diff --git a/src/plugins/wp/ProverTask.ml b/src/plugins/wp/ProverTask.ml
index 4018a3accb411c4214fbf75804eaddf4549044a2..48027cc9ab02c674fa5ca5a1102e39748b570fb2 100644
--- a/src/plugins/wp/ProverTask.ml
+++ b/src/plugins/wp/ProverTask.ml
@@ -133,8 +133,11 @@ let location file line = {
Lexing.pos_cnum = 0 ;
}
-let timeout = function
- | None -> Wp_parameters.Timeout.get ()
+let timeout ~smoke = function
+ | None ->
+ if smoke
+ then Wp_parameters.SmokeTimeout.get ()
+ else Wp_parameters.Timeout.get ()
| Some t -> t
let stepout = function
diff --git a/src/plugins/wp/ProverTask.mli b/src/plugins/wp/ProverTask.mli
index 43fff7d910c0fda972e0ddbfae5e3855e066119b..91e5b9f78bf6d9e2dc3dadadbf6fac666929b31e 100644
--- a/src/plugins/wp/ProverTask.mli
+++ b/src/plugins/wp/ProverTask.mli
@@ -54,7 +54,7 @@ val p_until_space : string (** No space group pattern "\\([^ \t\n]*\\)" *)
val location : string -> int -> Lexing.position
-val timeout : int option -> int
+val timeout : smoke:bool -> int option -> int
val stepout : int option -> int
type logs = [ `OUT | `ERR | `BOTH ]
diff --git a/src/plugins/wp/Sigs.ml b/src/plugins/wp/Sigs.ml
index a4a3bf6cd92eea3ab0cbd1d2ee5370e31746a4e8..c4f341cd9ef37e08c02e45d32ba70319883f7fe2 100644
--- a/src/plugins/wp/Sigs.ml
+++ b/src/plugins/wp/Sigs.ml
@@ -753,6 +753,10 @@ sig
field-by-field. *)
val region : env -> unfold:bool -> Cil_types.term -> region
+ (** Computes the region assigned by a list of froms. *)
+ val assigned_of_lval :
+ env -> unfold:bool -> Cil_types.lval -> region
+
(** Computes the region assigned by a list of froms. *)
val assigned_of_froms :
env -> unfold:bool -> from list -> region
diff --git a/src/plugins/wp/TacHavoc.ml b/src/plugins/wp/TacHavoc.ml
index 9e68996a899b6602601fc6334b8daa46eaa4e600..2f70cab4b56e27967b5eb34db7934388d945ce3e 100644
--- a/src/plugins/wp/TacHavoc.ml
+++ b/src/plugins/wp/TacHavoc.ml
@@ -35,8 +35,8 @@ let lookup_havoc e =
| L.Aget( m , p ) ->
begin
match F.repr m with
- | L.Fun( f , [mr;m0;a;n] ) when f == MemMemory.f_havoc ->
- Some( mr , m0 , a , n , p )
+ | L.Fun( f , [m_undef;m_sep;a;n] ) when f == MemMemory.f_havoc ->
+ Some( m_undef , m_sep , a , n , p )
| _ -> None
end
| _ -> None
diff --git a/src/plugins/wp/VCS.ml b/src/plugins/wp/VCS.ml
index ad02dc72d230e9ba787a7bc00bea7b4b516d3e28..0479e18eca4a90687493c00701b085e5dfe401f9 100644
--- a/src/plugins/wp/VCS.ml
+++ b/src/plugins/wp/VCS.ml
@@ -175,8 +175,11 @@ let current () = {
let default = { valid = false ; timeout = None ; stepout = None }
-let get_timeout = function
- | { timeout = None } -> Wp_parameters.Timeout.get ()
+let get_timeout ~smoke = function
+ | { timeout = None } ->
+ if smoke
+ then Wp_parameters.SmokeTimeout.get ()
+ else Wp_parameters.Timeout.get ()
| { timeout = Some t } -> t
let get_stepout = function
@@ -215,6 +218,16 @@ let is_verdict r = match r.verdict with
let is_valid = function { verdict = Valid } -> true | _ -> false
let is_computing = function { verdict=Computing _ } -> true | _ -> false
+let verdict ~smoke r =
+ if smoke then
+ match r.verdict with
+ | (Failed | NoResult | Checked | Computing _) as r -> r
+ | Valid -> Invalid
+ | Invalid | Unknown | Timeout | Stepout -> Valid
+ else r.verdict
+
+let is_proved ~smoke r = (verdict ~smoke r = Valid)
+
let configure r =
let valid = (r.verdict = Valid) in
let timeout =
diff --git a/src/plugins/wp/VCS.mli b/src/plugins/wp/VCS.mli
index ef4284710e81be4e5c59f1ab3b2f09d921758a84..71b9bc12d8a11937d7e5630b07d1ecb7df7781f5 100644
--- a/src/plugins/wp/VCS.mli
+++ b/src/plugins/wp/VCS.mli
@@ -68,7 +68,7 @@ type config = {
val current : unit -> config (** Current parameters *)
val default : config (** all None *)
-val get_timeout : config -> int (** 0 means no-timeout *)
+val get_timeout : smoke:bool -> config -> int (** 0 means no-timeout *)
val get_stepout : config -> int (** 0 means no-stepout *)
(** {2 Results} *)
@@ -112,6 +112,10 @@ val is_auto : prover -> bool
val is_verdict : result -> bool
val is_valid: result -> bool
val is_computing: result -> bool
+val is_proved: smoke:bool -> result -> bool
+
+val verdict: smoke:bool -> result -> verdict
+
val configure : result -> config
val autofit : result -> bool (** Result that fits the default configuration *)
diff --git a/src/plugins/wp/cfgWP.ml b/src/plugins/wp/cfgWP.ml
index bf42234354bfc24b17cbc91a16e30bf33ba07225..d8b8138bf11265b2397f2a6352aeac068b5bf3f8 100644
--- a/src/plugins/wp/cfgWP.ml
+++ b/src/plugins/wp/cfgWP.ml
@@ -211,7 +211,9 @@ struct
let hyps = Conditions.state ?stmt ?descr state vc.hyps in
{ vc with path ; hyps }
- let assume_vc ?descr ?hpid ?stmt ?warn ?(filter=false) ?(init=false) hs vc =
+ let assume_vc ?descr ?hpid ?stmt ?warn
+ ?(filter=false) ?(domain=false) ?(init=false)
+ hs vc =
if (hs = [] && warn = None) ||
(filter && not (List.exists (intersect_vc vc) hs))
then vc else
@@ -225,7 +227,7 @@ struct
| None -> vc.warn
| Some w -> Warning.Set.union w vc.warn in
let hyps = Conditions.assume
- ?descr ?stmt ?warn ~deps ~init
+ ?descr ?stmt ?warn ~deps ~init ~domain
(F.p_conj hs) vc.hyps
in {
hyps = hyps ;
@@ -685,7 +687,14 @@ struct
{ sigma = Some sigma ; vcs=vcs ; effects = wp.effects }
| Warning.Result(l_warn,(obj,dom,seq,loc)) ->
(* L-Value has been translated *)
- let region = [obj,Sloc loc] in
+ let unfold = Wp_parameters.UnfoldAssigns.get () in
+ let assigned,unfolded =
+ if unfold && Ctypes.is_compound obj then
+ let env_pre = L.move_at env seq.pre in
+ cc_region ~unfold (L.assigned_of_lval env_pre) lv
+ else
+ let region = [obj,Sloc loc] in region,region
+ in
let outcome = Warning.catch
~severe:false ~effect:"Havoc l-value (unknown r-value)"
(cc_stored lv seq loc obj) expr in
@@ -695,7 +704,7 @@ struct
(* R-Value is unknown or L-Value is volatile *)
let warn = Warning.Set.union l_warn r_warn in
let vcs = do_assigns ~source:FromCode
- ~stmt ~warn seq ~assigned:region wp.effects wp.vcs in
+ ~stmt ~warn seq ~assigned ~unfolded wp.effects wp.vcs in
{ sigma = Some seq.pre ; vcs=vcs ; effects = wp.effects }
| Warning.Result(r_warn,Some stored) ->
(* R-Value and effects has been translated *)
@@ -711,7 +720,7 @@ struct
else vc in
let vcs = gmap update wp.vcs in
let vcs =
- check_assigns (Some stmt) FromCode region wp.effects vcs in
+ check_assigns (Some stmt) FromCode unfolded wp.effects vcs in
{ sigma = Some seq.pre ; vcs=vcs ; effects = wp.effects }
end
@@ -748,6 +757,9 @@ struct
let v = Lang.freshvar ~basename:"cond" Logic.Bool in
F.p_bool (F.e_var v)
+ let weight vcs =
+ Gmap.fold (fun _g s n -> n + Splitter.length s) vcs 0
+
let test wenv stmt exp wp1 wp2 = L.in_frame wenv.frame
(fun () ->
let sigma,pa1,pa2 = sigma_union wp1.sigma wp2.sigma in
@@ -760,8 +772,14 @@ struct
| Warning.Failed(warn) -> warn,random()
in
let effects = Eset.union wp1.effects wp2.effects in
+ let dosplit =
+ Wp_parameters.Split.get () &&
+ let n1 = weight wp1.vcs in
+ let n2 = weight wp2.vcs in
+ let nm = Wp_parameters.SplitMax.get () in
+ n1 + n2 <= nm in
let vcs =
- if Wp_parameters.Split.get () then
+ if dosplit then
let cneg = p_not cond in
let vcs1 = gmap (condition pa1 ~stmt ~warn ~descr:"Then" [cond]) wp1.vcs in
let vcs2 = gmap (condition pa2 ~stmt ~warn ~descr:"Else" [cneg]) wp2.vcs in
@@ -1164,7 +1182,7 @@ struct
match sc with
| Mcfg.SC_Global ->
let hs = M.frame (L.current env) in
- let vcs = gmap (assume_vc ~descr:"Heap" hs) wp.vcs in
+ let vcs = gmap (assume_vc ~descr:"Heap" ~domain:true hs) wp.vcs in
{ wp with vcs }
| Mcfg.SC_Function_in -> wp
| Mcfg.SC_Function_frame ->
diff --git a/src/plugins/wp/ctypes.ml b/src/plugins/wp/ctypes.ml
index d6ad36e4a1ff099a330ae22fbfcbf432199d583c..9332fb68a9fcc1bf7ae8d40a5ca365ae0a3ad739 100644
--- a/src/plugins/wp/ctypes.ml
+++ b/src/plugins/wp/ctypes.ml
@@ -416,6 +416,10 @@ let no_infinite_array = function
| C_array {arr_flat = None} -> false
| _ -> true
+let is_compound = function
+ | C_comp _ -> true
+ | _ -> false
+
let is_comp obj c = match obj with
| C_comp c0 -> Compinfo.equal c c0
| _ -> false
diff --git a/src/plugins/wp/ctypes.mli b/src/plugins/wp/ctypes.mli
index 5de9dbf2e282193a7a99d5e21cd1c090f0d95e6e..f443dc3186502209469a8257df40f2dc4b4e792b 100644
--- a/src/plugins/wp/ctypes.mli
+++ b/src/plugins/wp/ctypes.mli
@@ -121,6 +121,7 @@ val field_offset : fieldinfo -> int
val no_infinite_array : c_object -> bool
+val is_compound : c_object -> bool
val is_comp : c_object -> compinfo -> bool
val is_array : c_object -> elt:c_object -> bool
val get_array : c_object -> ( c_object * int option ) option
diff --git a/src/plugins/wp/doc/manual/wp_plugin.tex b/src/plugins/wp/doc/manual/wp_plugin.tex
index a7eacac85146059cb0c10db073fa41ab7f35f73f..06a5b8195453a87f6271b4c8fc3f34b5a09f14b0 100644
--- a/src/plugins/wp/doc/manual/wp_plugin.tex
+++ b/src/plugins/wp/doc/manual/wp_plugin.tex
@@ -888,8 +888,11 @@ weakest precondition calculus.
\item[\tt -wp-(no)-split] conjunctions in generated proof obligations are
recursively split into sub-goals. The generated goal names are
suffixed by ``{\tt part<{\it n}>}'' (defaults to \texttt{no}).
-\item[\tt -wp-split-depth <d>] sets the depth of exploration for the
+\item[\tt -wp-split-depth <{\it d}>] sets the depth of exploration for the
\texttt{-wp-split} option. ``-1'' stands for unlimited depth. Default is 0.
+\item[\tt -wp-split-max <{\it n}>] When \verb+-wp-split+ is active,
+ limit the number of generated sub-goals to \textit{n} parts on each conditional statement.
+ (defaults to \verb+1000+).
\item[\tt -wp-(no)-callee-precond] includes preconditions of the callee
after\footnote{Proof obligations are always generated to check preconditions.}
a call (default is: \texttt{yes}).
@@ -910,6 +913,38 @@ weakest precondition calculus.
(default is: \texttt{yes}).
\end{description}
+\subsection{Smoke Tests}
+
+During modular deductive verification, inconsistencies in function requirements
+can be difficult to detect untill you actually call it.
+Although, such inconsistencies make its post-conditions provable, while its pre-conditions
+would never be provable.
+
+The \textsf{WP} plug-in can generate smoke-tests to detect such inconsistencies.
+Basically, it consists in checking if \verb+\false+ is provable under the requirements
+or assumptions of a behavior, or under the invariants of a loop.
+
+This is best-effort verification : if at least one prover succeed in proving \verb+\false+,
+an inconsistency is detected. Otherwized, the test is not conclusive, and you can never be sure
+that your annotations are free of inconsistencies.
+
+In case any smoke-test fails, a ``\textit{False if reachable}'' status is put on the
+inconsistent requirements, or on the loop with inconsistent invariants, and finally,
+\textsf{WP} generates a user error.
+
+\begin{description}
+\item[\tt -wp-(no)-smoke-tests] generates checks to detect inconsistent
+ annotations.
+\item[\tt -wp-(no)-smoke-timeout] timeout to be used for trying to prove \verb+\false+
+ on smoke-tests (default is \verb+2+ seconds).
+\end{description}
+
+When reporting prover results for smoke-tests, the \textsf{WP} displays
+``Failed'' when some prover succeed in discharing the \verb+\false+ proof-obligation
+and ``Passed'' when all the provers result are unknown or interrupted.
+In the final prover statistics, the interrupted smoke tests are \emph{not} reported, since
+they are considered valid tests.
+
\subsection{Trigger Generation}
\label{triggers}
@@ -1013,6 +1048,8 @@ Support for \textsf{Why-3 IDE} is no longer provided.
on proved goals when available (default is: \texttt{no}).
\item[\tt -wp-timeout <n>] sets the timeout (in seconds) for the calls
to the decision prover (defaults to 10 seconds).
+\item[\tt -wp-smoke-timeout <n>] sets the timeout (in seconds) for smoke tests
+ (see \verb+-wp-smoke-tests+, defaults to 5 seconds).
\item[\tt -wp-time-extra <n>] additional time allocated to provers when
replaying a script. This is used to cope with variable machine load.
Default is \verb+5s+.
diff --git a/src/plugins/wp/doc/manual/wp_simplifier.tex b/src/plugins/wp/doc/manual/wp_simplifier.tex
index 134056e005c5a6ebd83752269f1605a81fffbe37..4dda147545e9ef5766ef6d3e8696a953e6d3443a 100644
--- a/src/plugins/wp/doc/manual/wp_simplifier.tex
+++ b/src/plugins/wp/doc/manual/wp_simplifier.tex
@@ -164,3 +164,193 @@ conditional is:
This form actually factorizes the common postcondition to $A$ and $B$,
which makes the \emph{weakest precondition} calculus linear in the
number of program statements.
+
+\section{Structure of JSON Scripts}
+
+The proof scripts generated by using the Interactive Proof Editor (Section~\ref{wp-proof-editor})
+are saved in the \textsf{Frama-C/WP} session as \textsf{JSON} files. This section defines
+the format of session scripts precisely.
+
+\textsf{JSON} scripts files are located in the \texttt{<session>/wp/scripts} sub-directory
+of the \textsf{Frama-C} session directory (set with command line option \texttt{-session})
+or in the \texttt{<wpsession>/scripts} sub-directory of the \textsf{Frama-C/WP} session
+directory (set with command line option \texttt{-wp-session}).
+
+The proof scripts for goal named \texttt{<goal>} is stored in a single file \texttt{<goal>.json} ; the
+format of the \texttt{<goal>} name is identical to the one used by the \textsf{Frama-C/Report} plug-in
+for its \textsf{JSON} output.
+
+The content of each script file is an array ofs alternatives, each alternative being a record with
+two possible structures, that might represent a \textit{prover} attempt or the application of a
+\textit{tactic}:
+
+\begin{align*}
+ \mathit{wp.script} &::= \mathtt{[} \mathit{wp.alternative} , \ldots \mathtt{]} \\
+ \mathit{wp.alternative} &::= \mathit{wp.prover} \;|\; \mathit{wp.tactic}
+\end{align*}
+
+\paragraph{Prover Attempts} The proof script records previous attempts to discharge a proof obligation
+with external provers (also called decision procedures).
+Each attempt is represented by a \textsf{JSON} record with the following fields:
+
+\begin{align*}
+ \mathit{wp.prover} &::=
+ \left\{
+ \begin{array}{rl}
+ \mathtt{"prover"} :& \mathit{string}, \\
+ \mathtt{"verdict"} :& \mathit{wp.verdict}, \\
+ \mathtt{"time"} :& \mathit{number}? \\
+ \mathtt{"steps"} :& \mathit{number}? \\
+ \mathtt{"depth"} :& \mathit{number}? \\
+ \end{array}
+ \right\} \\
+ \mathit{wp.verdict} &::=
+ \begin{array}[t]{l}
+ \mathtt{"none"} ~|~
+ \mathtt{"valid"} ~|~
+ \mathtt{"unknown"} ~|~ \\
+ \mathtt{"timeout"} ~|~
+ \mathtt{"stepout"} ~|~
+ \mathtt{"invalid"} ~|~
+ \mathtt{"failed"}
+ \end{array}
+\end{align*}
+
+Remark that, since the proof scripts do not record the proof obligation that was exercised, there is no
+guarantee that replying the script on a (potentially new) proof obligation would issue the same result.
+Hence, prover attempts \emph{must} not be used as a cache, but can serve as a hint for choosing among
+several alternatives.
+
+\paragraph{Proof Tactic} Applying a tactic is represented by a \textsf{JSON} record with the following
+fields:
+
+\begin{align*}
+ \mathit{wp.tactic} &::=
+ \left\{
+ \begin{array}{rl}
+ \mathtt{"tactic"} :& \mathit{string}, \\
+ \mathtt{"header"} :& \mathit{string} ? \\
+ \mathtt{"select"} :& \mathit{wp.selection}, \\
+ \mathtt{"params"} :& \mathtt{\{}\; \mathit{string}:\mathit{wp.param} ,\ldots \;\mathtt{\}} ? \\
+ \mathtt{"children"} :& \mathtt{\{}\; \mathit{string}:\mathit{wp.script}, \ldots \;\mathtt{\}} ? \\
+ \end{array}
+ \right\}
+\end{align*}
+
+The \verb"header" field is just a descriptive title and has no special meaning. The \verb"tactic"
+identifies the tactic, as it has been registered in the \textsf{Frama-C/WP} internal API.
+The \verb"selection" is an opaque encoding of the target of the tactic inside the proof obligation
+structure. The \verb"params" array stores the value of tactic parameters, if any.
+The \verb"children" stores the proof scripts associated with each sub-goal generated by applying
+the specified tactic on a proof obligation.
+
+\paragraph{Tactic Parameters} Values of tactical parameters are encoded with the
+following \textsf{JSON} format, depending on the internal type of the parameter
+value:
+
+\begin{align*}
+ \mathit{wp.param} ::=\;&
+ \mathit{bool} ~|~ \mathit{number} ~|~ \mathit{string} \\
+ |\;&\mathit{wp.named} ~|~ \mathit{wp.selection} \\
+ \mathit{wp.named} ::= &\mathtt{null} ~|~
+ \left\{
+ \begin{array}{rl}
+ \mathtt{"id"} :& \mathit{string}, \\
+ \mathtt{"title"} :& \mathit{string}? \\
+ \mathtt{"description"} :& \mathit{string}?
+ \end{array}
+ \right\}
+\end{align*}
+
+Named items (\textit{wp.named}) corresponds, for instance, to searched lemmas.
+Selections corresponds to terms or expressions selected by the user \emph{via}
+the graphical user interface, like the target of the tactic, as described below.
+
+\paragraph{Tactic Selection} The target of the tactic
+is identified by a complex structure
+encoding on which part of the proof obligation it shall be applied. Since the
+exact structure of the proof obligation may vary from time to time, this structure
+allows for searching in the proof obligation a \emph{pattern} that ressemble the
+original target that was originally selected by the user during an interactive
+session with the \textsf{Frama-C/WP} graphical user interface.
+
+Such \emph{patterns} are encoded as follows:
+
+\newcommand{\dash}{\rule[0.5ex]{1ex}{1pt}}
+
+\begin{align*}
+ \mathit{wp.selection}
+ ::=\;& \mathtt{null} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"clause\dash{}goal"},\;
+ \mathit{wp.pattern} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"inside\dash{}goal"},\;
+ \mathit{wp.occur},\; \mathit{wp.pattern} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"clause\dash{}step"},\;
+ \mathit{wp.at},\; \mathit{wp.kind},\;
+ \mathit{wp.pattern} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"inside\dash{}step"},\;
+ \mathit{wp.at},\; \mathit{wp.kind},\;
+ \mathit{wp.occur},\; \mathit{wp.pattern} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"range"},\;
+ \mathtt{"min"}:\mathit{number},\;
+ \mathtt{"max"}:\mathit{number} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"kint"},\;
+ \mathtt{"val"}:\mathit{number} \;\mathtt{\}} \\
+ |\;\;& \mathtt{\{}\; \mathtt{"select":"compose"},\;
+ \mathtt{"id"}:\mathit{string},\;
+ \mathtt{"args"}:[\mathit{wp.selection},\ldots]
+ \;\mathtt{\}} \\
+% --
+ \mathit{wp.pattern} ::=\;& \mathtt{"pattern"} : \mathit{string} \\
+ \mathit{wp.occur} ::=\;& \mathtt{"occur"} : \mathit{number} \\
+ \mathit{wp.at} ::=\;& \mathtt{"at"} : \mathit{number} \\
+ \mathit{wp.kind} ::=\;& \mathtt{"kind"} : \mathtt{"have"|"type"|"init"|"branch"|"either"|"state"} \\
+\end{align*}
+
+The various components of selection patterns have the following meaning: \textit{wp.pattern} encodes
+a term or predicate pattern; \textit{wp.occur} designates which occurrence of the pattern to select,
+in case of there is many of them inside the selected goal or hypothesis; \textit{wp.at} designates the
+order of the selected hypothesis inside the proof obligation (the pattern is searched around this value),
+and \textit{wp.kind} its kind.
+
+The \textit{wp.pattern} is an simple string that encodes the head of the structure of the
+selected term or formulæ inside the designated goal or hypothesis. It is the concatenation of
+the first 32 head nodes of width-first traversal of the selected term, each node being represented by
+the following string:
+\begin{itemize}
+ \item constant are represented by their value,
+ \item free variables by their base-name prefixed with \verb'$',
+ \item bound variables by their de-Bruijn index prefixed with \verb'#',
+ \item true and false by \verb"T" and \verb"F", and quantifiers by \verb"\F" and \verb"\E",
+ \item operators by \verb"&,|,!,~,+,-,*,/,%<,>,=,>=,/,?"
+ \item array operations by \verb"[]", \verb"[.]" and \verb"[=]"
+ \item record operations by \verb".fd" and \verb"{fd,...}"
+ \item function calls by their name
+\end{itemize}
+
+For instance, the term $(x_1 \leq x_2+1)$ will be represented by the pattern \verb|"<=$x+$x1"|.
+
+\paragraph{Alternative Ordering} When several alternatives are available for
+discharging a proof obligation, the \texttt{script} and \texttt{tip} provers
+of \textsf{Frama-C/WP} choose which one to apply first according to the
+following heuristic:
+\begin{enumerate}
+ \item try internal prover \texttt{"Qed"} with a \texttt{"valid"} verdict;
+ \item try any SMT prover with a \texttt{"valid"} verdict;
+ \item try the \texttt{"Coq"} proof assistant with a \texttt{"valid"} verdict;
+ \item try any Tactic alternative;
+ \item finally try the remaining Prover alternatives.
+\end{enumerate}
+
+Inside the same level of priority, alternatives are kept in their original
+order.
+
+
+
+
+
+
+
+
+
+
diff --git a/src/plugins/wp/prover.ml b/src/plugins/wp/prover.ml
index 85b63a14b2b84270803e45dccbb3e8484ae01766..74aa36705756d0086416a20c916e66f6c8919343 100644
--- a/src/plugins/wp/prover.ml
+++ b/src/plugins/wp/prover.ml
@@ -35,10 +35,12 @@ let dispatch ?(config=VCS.default) mode prover wpo =
| Qed | Tactical -> Task.return VCS.no_result
| NativeAltErgo -> ProverErgo.prove ~config ~mode wpo
| NativeCoq -> ProverCoq.prove mode wpo
- | Why3 prover -> ProverWhy3.prove
- ~timeout:(VCS.get_timeout config)
- ~steplimit:(VCS.get_stepout config)
- ~prover wpo
+ | Why3 prover ->
+ let smoke = Wpo.is_smoke_test wpo in
+ ProverWhy3.prove
+ ~timeout:(VCS.get_timeout ~smoke config)
+ ~steplimit:(VCS.get_stepout config)
+ ~prover wpo
end
let started ?start wpo =
diff --git a/src/plugins/wp/register.ml b/src/plugins/wp/register.ml
index 19ec59bd1096ade37ccae62e28129d8c2c775108..1506c85d2a6793d9c4977dc00c1217ee46edb488 100644
--- a/src/plugins/wp/register.ml
+++ b/src/plugins/wp/register.ml
@@ -25,6 +25,7 @@ open Factory
let dkey_main = Wp_parameters.register_category "main"
let dkey_raised = Wp_parameters.register_category "raised"
let dkey_shell = Wp_parameters.register_category "shell"
+let wkey_smoke = Wp_parameters.register_warn_category "smoke"
(* --------- Command Line ------------------- *)
@@ -272,10 +273,10 @@ let do_list_scheduled iter_on_goals =
incr scheduled ;
if !spy then session := GOALS.add goal !session ;
end) ;
- let n = !scheduled in
- if n > 1
- then Wp_parameters.feedback "%d goals scheduled" n
- else Wp_parameters.feedback "%d goal scheduled" n ;
+ match !scheduled with
+ | 0 -> Wp_parameters.warning ~current:false "No goal generated"
+ | 1 -> Wp_parameters.feedback "1 goal scheduled"
+ | n -> Wp_parameters.feedback "%d goals scheduled" n
end
let dkey_prover = Wp_parameters.register_category "prover"
@@ -347,12 +348,14 @@ let do_wpo_stat goal prover res =
let s = get_pstat prover in
let open VCS in
if res.cached then s.incache <- succ s.incache ;
- match res.verdict with
- | Checked | NoResult | Computing _ | Invalid | Unknown ->
+ let smoke = Wpo.is_smoke_test goal in
+ let verdict = VCS.verdict ~smoke res in
+ match verdict with
+ | Checked | NoResult | Computing _ | Unknown ->
s.unknown <- succ s.unknown
| Stepout | Timeout ->
s.interrupted <- succ s.interrupted
- | Failed ->
+ | Failed | Invalid ->
s.failed <- succ s.failed
| Valid ->
if not (Wpo.is_tactic goal) then
@@ -379,6 +382,49 @@ let do_wpo_result goal prover res =
do_wpo_stat goal prover res ;
end
+let do_wpo_failed goal =
+ match Wpo.get_results goal with
+ | [p,r] ->
+ Wp_parameters.result "[%a] Goal %s : %a%a"
+ VCS.pp_prover p (Wpo.get_gid goal)
+ VCS.pp_result r pp_warnings goal
+ | pres ->
+ Wp_parameters.result "[Failed] Goal %s%t" (Wpo.get_gid goal)
+ begin fun fmt ->
+ pp_warnings fmt goal ;
+ List.iter
+ (fun (p,r) ->
+ Format.fprintf fmt "@\n%8s: @[<hv>%a@]"
+ (VCS.title_of_prover p) VCS.pp_result r
+ ) pres ;
+ end
+
+let do_wpo_smoke goal =
+ let results = Wpo.get_results goal in
+ let verdicts = List.filter (fun (_,r) -> VCS.is_verdict r) results in
+ let proved,unproved = List.partition (fun (_,r) -> VCS.is_valid r) verdicts in
+ let pp_provers fmt = function
+ | [] -> ()
+ | (p,_)::prs ->
+ VCS.pp_prover fmt p ;
+ List.iter (fun (p,_) -> Format.fprintf fmt ", %a" VCS.pp_prover p) prs
+ in
+ if proved <> [] then
+ let loc = Property.location (Wpo.get_target goal) in
+ Wp_parameters.warning ~wkey:wkey_smoke ~source:(fst loc)
+ "Smoke-test %s : Failed (%a)"
+ (Wpo.get_gid goal) pp_provers proved
+ else
+ if unproved <> [] then
+ Wp_parameters.feedback ~ontty:`Silent
+ "Smoke-test %s : Passed (%a)"
+ (Wpo.get_gid goal) pp_provers unproved
+ else
+ let loc = Property.location (Wpo.get_target goal) in
+ Wp_parameters.warning ~source:(fst loc)
+ "Smoke-test %s : Non-conclusive (no-result)"
+ (Wpo.get_gid goal)
+
let do_wpo_success goal s =
if not (Wp_parameters.Check.get ()) then
if Wp_parameters.Generate.get () then
@@ -387,36 +433,22 @@ let do_wpo_success goal s =
| Some prover ->
Wp_parameters.feedback ~ontty:`Silent
"[%a] Goal %s : Valid" VCS.pp_prover prover (Wpo.get_gid goal)
+ else
+ if Wpo.is_smoke_test goal then
+ do_wpo_smoke goal
else
match s with
- | None ->
- begin
- match Wpo.get_results goal with
- | [p,r] ->
- Wp_parameters.result "[%a] Goal %s : %a%a"
- VCS.pp_prover p (Wpo.get_gid goal)
- VCS.pp_result r pp_warnings goal
- | pres ->
- Wp_parameters.result "[Failed] Goal %s%t" (Wpo.get_gid goal)
- begin fun fmt ->
- pp_warnings fmt goal ;
- List.iter
- (fun (p,r) ->
- Format.fprintf fmt "@\n%8s: @[<hv>%a@]"
- (VCS.title_of_prover p) VCS.pp_result r
- ) pres ;
- end
- end
- | Some (VCS.Tactical as p) ->
+ | None -> do_wpo_failed goal
+ | Some (VCS.Tactical as script) ->
Wp_parameters.feedback ~ontty:`Silent
"[%a] Goal %s : Valid"
- VCS.pp_prover p (Wpo.get_gid goal)
- | Some p ->
- let r = Wpo.get_result goal p in
+ VCS.pp_prover script (Wpo.get_gid goal)
+ | Some prover ->
+ let result = Wpo.get_result goal prover in
Wp_parameters.feedback ~ontty:`Silent
"[%a] Goal %s : %a"
- VCS.pp_prover p (Wpo.get_gid goal)
- VCS.pp_result r
+ VCS.pp_prover prover (Wpo.get_gid goal)
+ VCS.pp_result result
let do_report_time fmt s =
begin
@@ -487,19 +519,22 @@ let do_report_scheduled () =
let plural = if !exercised > 1 then "s" else "" in
Wp_parameters.result "%d goal%s generated" !exercised plural
else
- let proved = GOALS.cardinal !proved in
- let mode = ProverWhy3.get_mode () in
- if mode <> ProverWhy3.NoCache then do_report_cache_usage mode ;
- Wp_parameters.result "%t"
- begin fun fmt ->
- Format.fprintf fmt "Proved goals: %4d / %d@\n" proved !scheduled ;
- Pretty_utils.pp_items
- ~min:12 ~align:`Left
- ~title:(fun (prover,_) -> VCS.title_of_prover prover)
- ~iter:(fun f -> PM.iter (fun p s -> f (p,s)) !provers)
- ~pp_title:(fun fmt a -> Format.fprintf fmt "%s:" a)
- ~pp_item:do_report_prover_stats fmt ;
- end
+ if !scheduled > 0 then
+ begin
+ let proved = GOALS.cardinal !proved in
+ let mode = ProverWhy3.get_mode () in
+ if mode <> ProverWhy3.NoCache then do_report_cache_usage mode ;
+ Wp_parameters.result "%t"
+ begin fun fmt ->
+ Format.fprintf fmt "Proved goals: %4d / %d@\n" proved !scheduled ;
+ Pretty_utils.pp_items
+ ~min:12 ~align:`Left
+ ~title:(fun (prover,_) -> VCS.title_of_prover prover)
+ ~iter:(fun f -> PM.iter (fun p s -> f (p,s)) !provers)
+ ~pp_title:(fun fmt a -> Format.fprintf fmt "%s:" a)
+ ~pp_item:do_report_prover_stats fmt ;
+ end ;
+ end
let do_list_scheduled_result () =
begin
@@ -560,6 +595,10 @@ let spawn_wp_proofs_iter ~mode iter_on_goals =
let get_prover_names () =
match Wp_parameters.Provers.get () with [] -> [ "alt-ergo" ] | pnames -> pnames
+let env_script_update () =
+ try Sys.getenv "FRAMAC_WP_SCRIPT" = "update"
+ with Not_found -> false
+
let compute_provers ~mode =
mode.provers <- List.fold_right
(fun pname prvs ->
@@ -567,7 +606,8 @@ let compute_provers ~mode =
| None -> prvs
| Some VCS.Tactical ->
mode.tactical <- true ;
- if pname = "tip" then mode.update <- true ;
+ if pname = "tip" || env_script_update () then
+ mode.update <- true ;
prvs
| Some prover ->
(VCS.mode_of_prover_name pname , prover) :: prvs)
diff --git a/src/plugins/wp/share/coqwp/Cbits.v b/src/plugins/wp/share/coqwp/Cbits.v
index a390807d456dfc3778004bfb72891391a35acb29..65a94ba608a460e8fdbf439d0ec1706c9b7799b4 100644
--- a/src/plugins/wp/share/coqwp/Cbits.v
+++ b/src/plugins/wp/share/coqwp/Cbits.v
@@ -168,6 +168,118 @@ Proof.
split; split; split; Zbits.auto_zbits.
Qed.
+(* Why3 goal *)
+Lemma lsl_0 : forall (x:Z), ((Cint.lsl x 0%Z) = x).
+Proof.
+ intros x.
+ unfold Cint.lsl.
+ rewrite Zbits.lsl_pos ; auto with zarith.
+ unfold Zbits.lsl_def. simpl.
+ rewrite Zbits.lsl_arithmetic_shift.
+ unfold Zbits.lsl_arithmetic_def. unfold two_power_nat. simpl.
+ auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsl_1 : forall (x:Z), ((Cint.lsl x 1%Z) = (2%Z * x)%Z).
+Proof.
+ intros x.
+ unfold Cint.lsl.
+ rewrite Zbits.lsl_pos ; auto with zarith.
+ unfold Zbits.lsl_def.
+ rewrite Zbits.lsl_arithmetic_shift.
+ unfold Zbits.lsl_arithmetic_def.
+ replace (two_power_nat (Z.abs_nat 1)) with 2%Z ; auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsl_add : forall (x:Z) (p:Z) (q:Z), (0%Z <= p)%Z -> ((0%Z <= q)%Z ->
+ ((Cint.lsl (Cint.lsl x p) q) = (Cint.lsl x (p + q)%Z))).
+Proof.
+ intros x p q h1 h2.
+ repeat unfold Cint.lsl.
+ repeat (rewrite Zbits.lsl_pos ; auto with zarith).
+ repeat unfold Zbits.lsl_def.
+ repeat rewrite Zbits.lsl_arithmetic_shift.
+ repeat unfold Zbits.lsl_arithmetic_def.
+ replace (Z.abs_nat (p+q)) with (Z.abs_nat p + Z.abs_nat q).
+ - rewrite Bits.two_power_nat_plus. auto with zarith.
+ - rewrite Zabs2Nat.inj_add ; auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsr_0 : forall (x:Z), ((Cint.lsr x 0%Z) = x).
+Proof.
+ intros x.
+ unfold Cint.lsr.
+ rewrite Zbits.lsr_pos ; auto with zarith.
+ unfold Zbits.lsr_def. simpl.
+ rewrite Zbits.lsr_arithmetic_shift.
+ unfold Zbits.lsr_arithmetic_def. unfold two_power_nat. simpl.
+ auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsr_1 : forall (x:Z), (0%Z <= x)%Z -> ((Cint.lsr x
+ 1%Z) = (ZArith.BinInt.Z.quot x 2%Z)).
+Proof.
+ intros pos x.
+ unfold Cint.lsr.
+ rewrite Zbits.lsr_pos ; auto with zarith.
+ unfold Zbits.lsr_def.
+ rewrite Zbits.lsr_arithmetic_shift.
+ unfold Zbits.lsr_arithmetic_def.
+ replace (two_power_nat (Z.abs_nat 1)) with 2%Z ; auto with zarith.
+ rewrite Z.quot_div_nonneg ; auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsr_add : forall (x:Z) (p:Z) (q:Z), (0%Z <= p)%Z -> ((0%Z <= q)%Z ->
+ ((Cint.lsr (Cint.lsr x p) q) = (Cint.lsr x (p + q)%Z))).
+Proof.
+ intros x p q h1 h2.
+ repeat unfold Cint.lsr.
+ repeat (rewrite Zbits.lsr_pos ; auto with zarith).
+ repeat unfold Zbits.lsr_def.
+ repeat rewrite Zbits.lsr_arithmetic_shift.
+ repeat unfold Zbits.lsr_arithmetic_def.
+ replace (Z.abs_nat (p+q)) with (Z.abs_nat p + Z.abs_nat q).
+ - rewrite Bits.two_power_nat_plus.
+ rewrite Z.div_div ; auto with zarith.
+ generalize (Bits.two_power_nat_is_positive (Z.abs_nat p)).
+ auto with zarith. apply Bits.two_power_nat_is_positive.
+ - rewrite Zabs2Nat.inj_add ; auto with zarith.
+Qed.
+
+(* Why3 goal *)
+Lemma lsl_lsr_add : forall (x:Z) (p:Z) (q:Z), ((0%Z <= q)%Z /\ (q <= p)%Z) ->
+ ((Cint.lsr (Cint.lsl x p) q) = (Cint.lsl x (p - q)%Z)).
+Proof.
+ intros x p q (h1,h2).
+ repeat unfold Cint.lsr.
+ repeat unfold Cint.lsl.
+ repeat (rewrite Zbits.lsr_pos ; auto with zarith).
+ repeat (rewrite Zbits.lsl_pos ; auto with zarith).
+ repeat unfold Zbits.lsr_def.
+ repeat unfold Zbits.lsl_def.
+ repeat rewrite Zbits.lsr_arithmetic_shift.
+ repeat unfold Zbits.lsr_arithmetic_def.
+ repeat rewrite Zbits.lsl_arithmetic_shift.
+ repeat unfold Zbits.lsl_arithmetic_def.
+ pose ( r := (p - q)%Z ).
+ fold r.
+ replace p with (q+r)%Z by (unfold r ; auto with zarith).
+ replace (Z.abs_nat (q+r)) with (Z.abs_nat q + Z.abs_nat r).
+ * rewrite Bits.two_power_nat_plus.
+ replace (two_power_nat (Z.abs_nat q) * two_power_nat (Z.abs_nat r))%Z
+ with (two_power_nat (Z.abs_nat r) * two_power_nat (Z.abs_nat q))%Z by (apply Z.mul_comm).
+ rewrite Z.mul_assoc.
+ rewrite Z_div_mult. auto.
+ generalize (Bits.two_power_nat_is_positive (Z.abs_nat q)).
+ auto with zarith.
+ * rewrite Zabs2Nat.inj_add ; unfold r ; auto with zarith.
+Qed.
+
Require Import Qedlib.
Local Open Scope Z_scope.
Require Import Zbits.
diff --git a/src/plugins/wp/share/coqwp/Qed.v b/src/plugins/wp/share/coqwp/Qed.v
index a9371b2a5a84b464a8ff783f7477a2bb7f795cef..232d454835d864e26f8262e4c044ae18068c68b3 100644
--- a/src/plugins/wp/share/coqwp/Qed.v
+++ b/src/plugins/wp/share/coqwp/Qed.v
@@ -204,3 +204,27 @@ Proof.
exact (Z.quot_same a h1).
Qed.
+(* Why3 goal *)
+Lemma cdiv_closed_remainder : forall (a:Z) (b:Z) (n:Z), (0%Z <= a)%Z ->
+ ((0%Z <= b)%Z -> (((0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z) ->
+ (((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b)))).
+Proof.
+ intros a b n PA PB Range Rem.
+ Require Import ZArith.
+ Open Scope Z_scope.
+ pose (p := a/n).
+ pose (q := b/n).
+ replace (Z.rem a n) with (a mod n) in Rem by (rewrite Z.rem_mod_nonneg ; auto with zarith).
+ replace (Z.rem b n) with (b mod n) in Rem by (rewrite Z.rem_mod_nonneg ; auto with zarith).
+ assert (A : a = n * (a/n) + (a mod n)) by (apply Z.div_mod ; auto with zarith). fold p in A.
+ assert (B : b = n * (b/n) + (b mod n)) by (apply Z.div_mod ; auto with zarith). fold q in B.
+ assert (D : (b-a) = n * q - n * p) by (auto with zarith).
+ rewrite <- Z.mul_sub_distr_l in D.
+ assert (R : (b-a) = n * ((b-a)/n) + ((b-a) mod n)) by (apply Z.div_mod ; auto with zarith).
+ assert (Q : (q-p) = (b-a) / n) by (apply Z.div_unique_exact ; auto with zarith).
+ rewrite Q in D.
+ assert (Z : (b-a) mod n = 0) by (auto with zarith).
+ replace ((b - a) mod n) with (b-a) in Z by (symmetry ; apply Z.mod_small ; auto with zarith).
+ auto with zarith.
+Qed.
+
diff --git a/src/plugins/wp/share/ergo/Cbits.mlw b/src/plugins/wp/share/ergo/Cbits.mlw
index 4b2b2d6ed430f12ce4b1c5e3ee9a1380be4a3f7e..89981bd2a8b353c6594067a5c076725d58f1641e 100644
--- a/src/plugins/wp/share/ergo/Cbits.mlw
+++ b/src/plugins/wp/share/ergo/Cbits.mlw
@@ -83,6 +83,26 @@ axiom lxor_0 : (forall x:int [lxor(0, x)]. (lxor(0, x) = x))
axiom lxor_0bis : (forall x:int [lxor(x, 0)]. (lxor(x, 0) = x))
+axiom lsl_0 : (forall x:int. (lsl(x, 0) = x))
+
+axiom lsl_1 : (forall x:int. (lsl(x, 1) = (2 * x)))
+
+axiom lsl_add :
+ (forall x:int. forall p:int. forall q:int. ((0 <= p) -> ((0 <= q) ->
+ (lsl(lsl(x, p), q) = lsl(x, (p + q))))))
+
+axiom lsr_0 : (forall x:int. (lsr(x, 0) = x))
+
+axiom lsr_1 : (forall x:int. ((0 <= x) -> (lsr(x, 1) = div(x,2))))
+
+axiom lsr_add :
+ (forall x:int. forall p:int. forall q:int. ((0 <= p) -> ((0 <= q) ->
+ (lsr(lsr(x, p), q) = lsr(x, (p + q))))))
+
+axiom lsl_lsr_add :
+ (forall x:int. forall p:int. forall q:int. (((0 <= q) and (q <= p)) ->
+ (lsr(lsl(x, p), q) = lsl(x, (p - q)))))
+
axiom bit_test_def :
(forall x:int. forall k:int [bit_testb(x, k)]. ((bit_testb(x, k) = true) ->
bit_test(x, k)))
diff --git a/src/plugins/wp/share/ergo/Qed.mlw b/src/plugins/wp/share/ergo/Qed.mlw
index eeb3d92f8822c9f0c0e116425e7e9c457119cfca..c95ad9125ad125c889f43e91718063b1bcf7b305 100644
--- a/src/plugins/wp/share/ergo/Qed.mlw
+++ b/src/plugins/wp/share/ergo/Qed.mlw
@@ -152,3 +152,7 @@ axiom cdiv_neutral : (forall a:int [div(a, 1)]. (div(a, 1) = a))
axiom cdiv_inv :
(forall a:int [div(a, a)]. ((not (a = 0)) -> (div(a, a) = 1)))
+axiom cdiv_closed_remainder :
+ (forall a:int. forall b:int. forall n:int. ((0 <= a) -> ((0 <= b) ->
+ (((0 <= (b - a)) and ((b - a) < n)) -> ((mod(a,n) = mod(b,n)) ->
+ (a = b))))))
diff --git a/src/plugins/wp/share/why3/frama_c_wp/cbits.mlw b/src/plugins/wp/share/why3/frama_c_wp/cbits.mlw
index 17e89f44e582cced21c42f3799aafe1bd749bd49..b4397d898342b33d20fd00db36cd1ea02aef8490 100644
--- a/src/plugins/wp/share/why3/frama_c_wp/cbits.mlw
+++ b/src/plugins/wp/share/why3/frama_c_wp/cbits.mlw
@@ -85,6 +85,22 @@ theory Cbits
(lxor 0 0) = 0 /\ (lxor 0 1) = 1 /\ (lxor 1 0) = 1 /\ (lxor 1 1) = 0
meta "remove_for_" axiom lxor_bool
+(** ** lsl identities *)
+
+ axiom lsl_0: forall x:int. lsl x 0 = x
+ axiom lsl_1: forall x:int. lsl x 1 = 2 * x
+ axiom lsl_add: forall x p q:int. 0 <= p -> 0 <= q -> lsl (lsl x p) q = lsl x (p+q)
+
+(** ** lsr identities *)
+
+ axiom lsr_0: forall x:int. lsr x 0 = x
+ axiom lsr_1: forall x:int. 0 <= x -> lsr x 1 = CD.div x 2
+ axiom lsr_add: forall x p q :int. 0 <= p -> 0 <= q -> lsr (lsr x p) q = lsr x (p+q)
+
+(** ** lsl+lsr combination *)
+
+ axiom lsl_lsr_add: forall x p q:int. 0 <= q <= p -> lsr (lsl x p) q = lsl x (p-q)
+
(** * Bit extraction *)
(** ** Definition of bit_test predicate *)
diff --git a/src/plugins/wp/share/why3/frama_c_wp/qed.mlw b/src/plugins/wp/share/why3/frama_c_wp/qed.mlw
index 06435d9bf96b7505a79d05ebf39f401c253017ef..0b4d95953113ca598a94853472e42e2eb40a92b2 100644
--- a/src/plugins/wp/share/why3/frama_c_wp/qed.mlw
+++ b/src/plugins/wp/share/why3/frama_c_wp/qed.mlw
@@ -77,4 +77,9 @@ theory Qed
lemma cdiv_neutral : forall a:int [CD.div a 1]. CD.div a 1 = a
lemma cdiv_inv : forall a:int [CD.div a a]. a<>0 -> CD.div a a = 1
+ lemma cdiv_closed_remainder :
+ forall a,b,n:int.
+ 0 <= a -> 0 <= b -> 0 <= b-a < n ->
+ CD.mod a n = CD.mod b n -> a = b
+
end
diff --git a/src/plugins/wp/tests/wp/oracle/sharing.res.oracle b/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
index ea52c7dcb27540192bf438772975bf952af017e5..6a9b973a8bddcd39196f9824696ebc782a926358 100644
--- a/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
@@ -81,10 +81,10 @@ Let m_2 = m_1[shift_sint32(t, 2) <- m_1[a_1]].
Let m_3 = m_2[shift_sint32(t, 3) <- m_2[a_1]].
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ (i <= 9).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= x) /\ (x <= 9) /\ valid_rw(Malloc_0, a, 10) /\
(forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 9) ->
diff --git a/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
index 633e668675b67e97bcd39e59962a16f6d04c8012..9c8ae39d6579bccf309f953d0bb6eb652233c42d 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
@@ -9,8 +9,6 @@
Goal Complete behaviors 'Y', 'X':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -24,8 +22,6 @@ Prove: P_CX \/ P_CY.
Goal Disjoint behaviors 'Y', 'X':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -39,8 +35,6 @@ Prove: (!P_CX) \/ (!P_CY).
Goal Post-condition (file tests/wp/wp_behavior.i, line 24) in 'behaviors':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -56,8 +50,6 @@ Prove: P_P.
Goal Assertion (file tests/wp/wp_behavior.i, line 39):
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -74,9 +66,6 @@ Prove: P_Q.
Goal Post-condition for 'X' (file tests/wp/wp_behavior.i, line 28) in 'behaviors':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -96,11 +85,11 @@ Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 29) in 'behaviors' (1/2)
Effect at line 40
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(px_0.base) <= 0) /\ (region(qx_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, px_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -121,11 +110,11 @@ Prove: qx_0 = px_0.
Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 29) in 'behaviors' (2/2):
Effect at line 41
Assume {
+ (* Heap *)
+ Type: (region(py_0.base) <= 0) /\ (region(qx_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, py_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -146,9 +135,6 @@ Prove: qx_0 = py_0.
Goal Post-condition for 'Y' (file tests/wp/wp_behavior.i, line 33) in 'behaviors':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -168,11 +154,11 @@ Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 34) in 'behaviors' (1/2)
Effect at line 40
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(px_0.base) <= 0) /\ (region(qy_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, px_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -193,11 +179,11 @@ Prove: qy_0 = px_0.
Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 34) in 'behaviors' (2/2):
Effect at line 41
Assume {
+ (* Heap *)
+ Type: (region(py_0.base) <= 0) /\ (region(qy_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, py_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -218,9 +204,6 @@ Prove: qy_0 = py_0.
Goal Post-condition (file tests/wp/wp_behavior.i, line 66) in 'call':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Call 'behaviors' *)
@@ -234,9 +217,6 @@ Prove: P_Q.
Goal Assigns (file tests/wp/wp_behavior.i, line 65) in 'call':
Effect at line 69
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Exit 'behaviors' *)
@@ -249,9 +229,6 @@ Prove: false.
Goal Assigns (file tests/wp/wp_behavior.i, line 65) in 'call':
Effect at line 69
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Call 'behaviors' *)
@@ -264,43 +241,21 @@ Prove: false.
Goal Instance of 'Pre-condition (file tests/wp/wp_behavior.i, line 23) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Pre-condition *) Have: P_RQ. }
Prove: P_R.
------------------------------------------------------------
Goal Instance of 'Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 27) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Goal *)
- When: P_CX.
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Goal *) When: P_CX. (* Pre-condition *) Have: P_RQ. }
Prove: P_RX.
------------------------------------------------------------
Goal Instance of 'Pre-condition for 'Y' (file tests/wp/wp_behavior.i, line 32) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Goal *)
- When: P_CY.
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Goal *) When: P_CY. (* Pre-condition *) Have: P_RQ. }
Prove: P_RY.
------------------------------------------------------------
@@ -309,13 +264,11 @@ Prove: P_RY.
------------------------------------------------------------
Goal Pre-condition (file tests/wp/wp_behavior.i, line 45) in 'main':
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ (region(q.base) <= 0). }
Prove: P_R.
------------------------------------------------------------
Goal Pre-condition (file tests/wp/wp_behavior.i, line 46) in 'main':
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ (region(q.base) <= 0). }
Prove: P_R1.
------------------------------------------------------------
@@ -325,8 +278,6 @@ Prove: P_R1.
Goal Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 49) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -340,8 +291,6 @@ Prove: P_RX.
Goal Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 50) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -362,10 +311,10 @@ Prove: true.
Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 51) in 'main' (2/2):
Effect at line 59
Assume {
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, q, 1).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -386,8 +335,6 @@ Prove: q = p.
Goal Pre-condition for 'Y' (file tests/wp/wp_behavior.i, line 54) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -403,10 +350,10 @@ Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 55) in 'main' (1/2):
Effect at line 58
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, p, 1).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
diff --git a/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
index 5d7a0196910633365a7f76df7feed844d72f02aa..a1618f682664022f6c47fb2dd1c2b4cc510c20b9 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
@@ -8,47 +8,25 @@
------------------------------------------------------------
Goal Complete behaviors 'Y', 'X':
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
- (* Pre-condition *)
- Have: P_R.
-}
+Assume { (* Pre-condition *) Have: P_R. }
Prove: P_CX \/ P_CY.
------------------------------------------------------------
Goal Disjoint behaviors 'Y', 'X':
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
- (* Pre-condition *)
- Have: P_R.
-}
+Assume { (* Pre-condition *) Have: P_R. }
Prove: (!P_CX) \/ (!P_CY).
------------------------------------------------------------
Goal Post-condition (file tests/wp/wp_behavior.i, line 24) in 'behaviors':
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
- (* Pre-condition *)
- Have: P_R.
- (* Assertion *)
- Have: P_Q.
-}
+Assume { (* Pre-condition *) Have: P_R. (* Assertion *) Have: P_Q. }
Prove: P_P.
------------------------------------------------------------
Goal Assertion (file tests/wp/wp_behavior.i, line 39):
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0).
- (* Pre-condition *)
- Have: P_R.
-}
+Assume { (* Pre-condition *) Have: P_R. }
Prove: P_Q.
------------------------------------------------------------
@@ -58,9 +36,6 @@ Prove: P_Q.
Goal Post-condition for 'X' (file tests/wp/wp_behavior.i, line 28) in 'behaviors':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -78,11 +53,11 @@ Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 29) in 'behaviors' (1/2)
Effect at line 40
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(px_0.base) <= 0) /\ (region(qx_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, px_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -101,11 +76,11 @@ Prove: qx_0 = px_0.
Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 29) in 'behaviors' (2/2):
Effect at line 41
Assume {
+ (* Heap *)
+ Type: (region(py_0.base) <= 0) /\ (region(qx_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, py_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
@@ -124,9 +99,6 @@ Prove: qx_0 = py_0.
Goal Post-condition for 'Y' (file tests/wp/wp_behavior.i, line 33) in 'behaviors':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -144,11 +116,11 @@ Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 34) in 'behaviors' (1/2)
Effect at line 40
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(px_0.base) <= 0) /\ (region(qy_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, px_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -167,11 +139,11 @@ Prove: qy_0 = px_0.
Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 34) in 'behaviors' (2/2):
Effect at line 41
Assume {
+ (* Heap *)
+ Type: (region(py_0.base) <= 0) /\ (region(qy_0.base) <= 0) /\
+ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, py_0, 1).
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qy_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
@@ -190,9 +162,6 @@ Prove: qy_0 = py_0.
Goal Post-condition (file tests/wp/wp_behavior.i, line 66) in 'call':
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Call 'behaviors' *)
@@ -206,9 +175,6 @@ Prove: P_Q.
Goal Assigns (file tests/wp/wp_behavior.i, line 65) in 'call':
Effect at line 69
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Exit 'behaviors' *)
@@ -221,9 +187,6 @@ Prove: false.
Goal Assigns (file tests/wp/wp_behavior.i, line 65) in 'call':
Effect at line 69
Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
(* Pre-condition *)
Have: P_RQ.
(* Call 'behaviors' *)
@@ -236,43 +199,21 @@ Prove: false.
Goal Instance of 'Pre-condition (file tests/wp/wp_behavior.i, line 23) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Pre-condition *) Have: P_RQ. }
Prove: P_R.
------------------------------------------------------------
Goal Instance of 'Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 27) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Goal *)
- When: P_CX.
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Goal *) When: P_CX. (* Pre-condition *) Have: P_RQ. }
Prove: P_RX.
------------------------------------------------------------
Goal Instance of 'Pre-condition for 'Y' (file tests/wp/wp_behavior.i, line 32) in 'behaviors'' in 'call' at call 'behaviors' (file tests/wp/wp_behavior.i, line 69)
:
-Assume {
- (* Goal *)
- When: P_CY.
- (* Heap *)
- Have: (region(px_0.base) <= 0) /\ (region(py_0.base) <= 0) /\
- (region(qx_0.base) <= 0) /\ (region(qy_0.base) <= 0).
- (* Pre-condition *)
- Have: P_RQ.
-}
+Assume { (* Goal *) When: P_CY. (* Pre-condition *) Have: P_RQ. }
Prove: P_RY.
------------------------------------------------------------
@@ -281,13 +222,11 @@ Prove: P_RY.
------------------------------------------------------------
Goal Pre-condition (file tests/wp/wp_behavior.i, line 45) in 'main':
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ (region(q.base) <= 0). }
Prove: P_R.
------------------------------------------------------------
Goal Pre-condition (file tests/wp/wp_behavior.i, line 46) in 'main':
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ (region(q.base) <= 0). }
Prove: P_R1.
------------------------------------------------------------
@@ -297,8 +236,6 @@ Prove: P_R1.
Goal Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 49) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -312,8 +249,6 @@ Prove: P_RX.
Goal Pre-condition for 'X' (file tests/wp/wp_behavior.i, line 50) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -334,10 +269,10 @@ Prove: true.
Goal Assigns for 'X' (file tests/wp/wp_behavior.i, line 51) in 'main' (2/2):
Effect at line 59
Assume {
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, q, 1).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -358,8 +293,6 @@ Prove: q = p.
Goal Pre-condition for 'Y' (file tests/wp/wp_behavior.i, line 54) in 'main':
Assume {
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
@@ -375,10 +308,10 @@ Goal Assigns for 'Y' (file tests/wp/wp_behavior.i, line 55) in 'main' (1/2):
Effect at line 58
Assume {
Type: is_sint32(c).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, p, 1).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_R.
(* Pre-condition *)
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
index 3c80646a1b8cec5bf6c150cf4e713d8dc0f7aa98..6d629988524ec0e2396fd74cb9392e73d645e99d 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
@@ -15,10 +15,10 @@ Prove: true.
Goal Post-condition 'A' in 'job':
Assume {
Type: is_sint32(i_1) /\ is_sint32(n).
+ (* Heap *)
+ Type: region(b.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i < n).
- (* Heap *)
- Have: region(b.base) <= 0.
(* Pre-condition *)
Have: (0 <= n) /\ (n <= 3).
(* Invariant *)
@@ -37,7 +37,7 @@ Goal Preservation of Invariant (file tests/wp_acsl/assigns_path.i, line 16):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Heap *)
- Have: region(b.base) <= 0.
+ Type: region(b.base) <= 0.
(* Pre-condition *)
Have: (0 <= n) /\ (n <= 3).
(* Invariant *)
@@ -60,10 +60,10 @@ Prove: true.
Goal Preservation of Invariant (file tests/wp_acsl/assigns_path.i, line 17):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: region(b.base) <= 0.
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
- (* Heap *)
- Have: region(b.base) <= 0.
(* Pre-condition *)
Have: (0 <= n) /\ (n <= 3).
(* Invariant *)
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/assigns_range.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/assigns_range.res.oracle
index 049b05cc6d22c139a68c10308a6cdd3a9eedbd1a..35b9d8777b712221cdd59f1d23729cb2c9156d96 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/assigns_range.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/assigns_range.res.oracle
@@ -92,16 +92,18 @@ Goal Instance of 'Pre-condition (file tests/wp_acsl/assigns_range.i, line 23) in
:
Assume {
Type: is_sint32(i) /\ is_sint32(j).
+ (* Heap *)
+ Type: IsArray1_sint32(t2_0) /\ IsArray1_sint32(t3_0).
(* Pre-condition *)
Have: (0 <= i) /\ (i <= j) /\ (j <= 19).
(* Call 'assigns_t1_an_element' *)
Have: i <= 19.
(* Call Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < i) \/ (j < i_1)) -> (t2_0[i_1] = t2_1[i_1])))).
+ (((i_1 < i) \/ (j < i_1)) -> (t2_1[i_1] = t2_0[i_1])))).
(* Call Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < i) \/ (20 <= i_1)) -> (t3_0[i_1] = t3_1[i_1])))).
+ (((i_1 < i) \/ (20 <= i_1)) -> (t3_1[i_1] = t3_0[i_1])))).
}
Prove: 0 <= j.
@@ -151,6 +153,8 @@ Goal Assigns 'qed_ko' in 'call_assigns_t2':
Call Effect at line 57
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: IsArray1_sint32(t2_0).
(* Goal *)
When: ((-2) <= i) /\ (i <= 19).
(* Pre-condition *)
@@ -159,7 +163,7 @@ Assume {
Have: (0 <= i) /\ (i <= 17).
(* Exit Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < i) \/ ((3 + i) <= i_1)) -> (t2_0[i_1] = t2_1[i_1])))).
+ (((i_1 < i) \/ ((3 + i) <= i_1)) -> (t2_1[i_1] = t2_0[i_1])))).
}
Prove: false.
@@ -169,6 +173,8 @@ Goal Assigns 'qed_ko' in 'call_assigns_t2':
Call Effect at line 57
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: IsArray1_sint32(t2_0).
(* Goal *)
When: ((-2) <= i) /\ (i <= 19).
(* Pre-condition *)
@@ -177,7 +183,7 @@ Assume {
Have: (0 <= i) /\ (i <= 17).
(* Call Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < i) \/ ((3 + i) <= i_1)) -> (t2_0[i_1] = t2_1[i_1])))).
+ (((i_1 < i) \/ ((3 + i) <= i_1)) -> (t2_1[i_1] = t2_0[i_1])))).
}
Prove: false.
@@ -198,13 +204,15 @@ Goal Assigns 'qed_ko' in 'call_assigns_t4':
Call Effect at line 65
Assume {
Type: is_sint32(i) /\ is_sint32(j).
+ (* Heap *)
+ Type: IsArray1_sint32(t4_0).
(* Goal *)
When: 0 <= j.
(* Pre-condition *)
Have: (0 <= i) /\ (i <= j) /\ (j <= 19).
(* Exit Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < 0) \/ (j < i_1)) -> (t4_0[i_1] = t4_1[i_1])))).
+ (((i_1 < 0) \/ (j < i_1)) -> (t4_1[i_1] = t4_0[i_1])))).
}
Prove: i <= 0.
@@ -214,13 +222,15 @@ Goal Assigns 'qed_ko' in 'call_assigns_t4':
Call Effect at line 65
Assume {
Type: is_sint32(i) /\ is_sint32(j).
+ (* Heap *)
+ Type: IsArray1_sint32(t4_0).
(* Goal *)
When: 0 <= j.
(* Pre-condition *)
Have: (0 <= i) /\ (i <= j) /\ (j <= 19).
(* Call Effects *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (((i_1 < 0) \/ (j < i_1)) -> (t4_0[i_1] = t4_1[i_1])))).
+ (((i_1 < 0) \/ (j < i_1)) -> (t4_1[i_1] = t4_0[i_1])))).
}
Prove: i <= 0.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
index 7e1021c89672b4bca607871a6e10d23420862a3c..da37a8a78a065d2a74d321c598706bed1d4a3084 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
@@ -14,7 +14,7 @@ Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'Positive' *)
@@ -36,7 +36,7 @@ Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'Positive' *)
@@ -58,7 +58,7 @@ Let x_1 = 1 + i.
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'Positive' *)
@@ -77,7 +77,7 @@ Goal Establishment of Invariant 'Index' (file tests/wp_acsl/axioms.i, line 30):
Assume {
Type: is_sint32(a) /\ is_sint32(b).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
}
@@ -91,10 +91,10 @@ Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (a <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'Positive' *)
@@ -132,10 +132,10 @@ Let x = -a.
Let a_2 = shift_sint32(t, i).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'Positive' *)
@@ -159,7 +159,7 @@ Assume {
Have: !invalid(Malloc_0, a_1, i - a).
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
}
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/base_offset.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/base_offset.res.oracle
index 0a7f90b8ab6517122f618b52afa937634c613e68..545557ea6d64a714e443efaa902b22ca123e0740 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/base_offset.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/base_offset.res.oracle
@@ -20,10 +20,10 @@ Prove: true.
Goal Post-condition (file tests/wp_acsl/base_offset.i, line 15) in 'f':
Let x = p.offset.
Assume {
+ (* Heap *)
+ Type: region(p.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= i_1) /\ (i_1 <= 3).
- (* Heap *)
- Have: region(p.base) <= 0.
}
Prove: base_offset(1 + i + x) <= base_offset(1 + i_1 + x).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/equal.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/equal.res.oracle
index 3b3cb513ee829e5b754ba4466356681eb6a02545..3a3c58f00c05df2dbf9f333e5bcb987f3ed4fc9b 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/equal.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/equal.res.oracle
@@ -46,8 +46,8 @@ Prove: EqS2_St(st0_0, st1_0).
------------------------------------------------------------
Goal Post-condition (file tests/wp_acsl/equal.i, line 47) in 'with_ptr_and_array_struct':
-Let a = q0_0.F4_Q_qp.
-Let a_1 = q1_0.F4_Q_qp.
+Let a = q1_0.F4_Q_qp.
+Let a_1 = q0_0.F4_Q_qp.
Let a_2 = q0_0.F4_Q_qs.
Let a_3 = q1_0.F4_Q_qs.
Let a_4 = q0_0.F4_Q_qt.
@@ -55,10 +55,10 @@ Let a_5 = q1_0.F4_Q_qt.
Assume {
Type: IsS4_Q(q0_0) /\ IsS4_Q(q1_0) /\ IsArray1_sint32(a_4) /\
IsArray1_sint32(a_5) /\ IsS1_S(a_2) /\ IsS1_S(a_3).
- (* Goal *)
- When: (a_1 = a) /\ EqS1_S(a_2, a_3) /\ EqArray1_int(2, a_4, a_5).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(a_1.base) <= 0).
+ Type: (region(a_1.base) <= 0) /\ (region(a.base) <= 0).
+ (* Goal *)
+ When: (a = a_1) /\ EqS1_S(a_2, a_3) /\ EqArray1_int(2, a_4, a_5).
}
Prove: EqS4_Q(q0_0, q1_0).
@@ -69,11 +69,11 @@ Prove: EqS4_Q(q0_0, q1_0).
Goal Post-condition (file tests/wp_acsl/equal.i, line 40) in 'with_ptr_array':
Assume {
- (* Goal *)
- When: forall i : Z. ((0 <= i) -> ((i <= 4) -> (tp1_0[i] = tp0_0[i]))).
(* Heap *)
- Have: (forall i : Z. region(tp0_0[i].base) <= 0) /\
+ Type: (forall i : Z. region(tp0_0[i].base) <= 0) /\
(forall i : Z. region(tp1_0[i].base) <= 0).
+ (* Goal *)
+ When: forall i : Z. ((0 <= i) -> ((i <= 4) -> (tp1_0[i] = tp0_0[i]))).
}
Prove: EqArray1_pointer(5, tp0_0, tp1_0).
@@ -83,13 +83,13 @@ Prove: EqArray1_pointer(5, tp0_0, tp1_0).
------------------------------------------------------------
Goal Post-condition (file tests/wp_acsl/equal.i, line 34) in 'with_ptr_struct':
-Let a = sp0_0.F3_Sp_p.
-Let a_1 = sp1_0.F3_Sp_p.
+Let a = sp1_0.F3_Sp_p.
+Let a_1 = sp0_0.F3_Sp_p.
Assume {
- (* Goal *)
- When: a_1 = a.
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(a_1.base) <= 0).
+ Type: (region(a_1.base) <= 0) /\ (region(a.base) <= 0).
+ (* Goal *)
+ When: a = a_1.
}
Prove: EqS3_Sp(sp0_0, sp1_0).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.0.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.0.res.oracle
index ddce517d177138b2a4b5cbad7684dd0979c016c9..98e419a07aee8ba4ba48cee5ccb3604e37bc21c3 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.0.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.0.res.oracle
@@ -26,6 +26,8 @@ tests/wp_acsl/funvar_inv.i:23: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x) /\ is_sint32(G[1]).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
If i <= 3
Then { (* Else *) Have: G[i] = 0. }
}
@@ -40,6 +42,8 @@ tests/wp_acsl/funvar_inv.i:24: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
(* Goal *)
When: (x != 0) /\ (G[1] = 0).
If i <= 3
@@ -64,6 +68,8 @@ tests/wp_acsl/funvar_inv.i:37: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x) /\ is_sint32(G[1]).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
If i <= 3
Then { (* Else *) Have: G[i] = 0. }
}
@@ -78,6 +84,8 @@ tests/wp_acsl/funvar_inv.i:38: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
(* Goal *)
When: (x != 0) /\ (G[1] = 0).
If i <= 3
@@ -102,6 +110,8 @@ tests/wp_acsl/funvar_inv.i:52: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x) /\ is_sint32(G[1]).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
If i <= 3
Then { (* Else *) Have: G[i] = 0. }
}
@@ -116,6 +126,8 @@ tests/wp_acsl/funvar_inv.i:53: warning from Empty Model:
Let x = G[0].
Assume {
Type: is_sint32(i) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(G).
(* Goal *)
When: (x != 0) /\ (G[1] = 0).
If i <= 3
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
index 08da43a458417fc280047339c94f6cf5092d16b2..8fbdbbc6383ff32cb5d6e757bc80ad4f6130c45f 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
@@ -14,8 +14,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(Mint_0[shift_sint32(a, 1)]).
(* Goal *)
When: Mint_0[a_1] = 0.
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_25)] = 0.
If v <= 3
@@ -34,8 +32,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(x).
(* Goal *)
When: (x != 0) /\ (Mint_0[a_1] = 0).
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_25)] = 0.
If v <= 3
@@ -61,8 +57,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(Mint_0[shift_sint32(a, 1)]).
(* Goal *)
When: Mint_0[a_1] = 0.
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_30)] = 0.
If v <= 3
@@ -82,8 +76,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(x).
(* Goal *)
When: (x != 0) /\ (Mint_0[a_1] = 0).
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_30)] = 0.
If v <= 3
@@ -110,8 +102,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(Mint_0[shift_sint32(a, 1)]).
(* Goal *)
When: Mint_0[a_1] = 0.
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_35)] = 0.
If v <= 3
@@ -130,8 +120,6 @@ Assume {
Type: is_sint32(v) /\ is_sint32(x).
(* Goal *)
When: (x != 0) /\ (Mint_0[a_1] = 0).
- (* Heap *)
- Have: linked(Malloc_0).
(* Initializer *)
Init: Mint_0[global(L_i_35)] = 0.
If v <= 3
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
index eaf906f5ee4db946fea90806e5400e116ac17f29..fa3df7a23c2dfe79628ecb33c9faafbe31eaed1d 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
@@ -10,7 +10,8 @@
------------------------------------------------------------
Goal Post-condition 'KO' in 'extra':
-Let x = A[2]. Assume { Type: is_sint32(x). }
+Let x = A[2].
+Assume { Type: is_sint32(x). (* Heap *) Type: IsArray1_sint32(A). }
Prove: x = 12.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/init_value.0.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/init_value.0.res.oracle
index bcd9a305a139c01b26fa11ccc56af7dbdfd3c080..ce62bdd3dcb6bc382affb839cfc6bc059ffb20a3 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/init_value.0.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/init_value.0.res.oracle
@@ -14,6 +14,8 @@ Let x_2 = ta1_0[1].
Let x_3 = ta1_0[3].
Assume {
Type: is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
(* Initializer *)
@@ -32,6 +34,8 @@ Let x = ta1_0[4].
Assume {
Type: is_sint32(ta1_0[0]) /\ is_sint32(ta1_0[1]) /\ is_sint32(ta1_0[3]) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
(* Initializer *)
@@ -51,6 +55,8 @@ Let x_1 = ta1_0[3].
Assume {
Type: is_sint32(ta1_0[0]) /\ is_sint32(ta1_0[1]) /\ is_sint32(x_1) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
(* Initializer *)
@@ -73,6 +79,8 @@ Let x_1 = ta2_0[1].
Let x_2 = ta2_0[4].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
(* Initializer *)
@@ -88,6 +96,8 @@ Goal Post-condition 'qed_ko' in 'fa2':
Let x = ta2_0[4].
Assume {
Type: is_sint32(ta2_0[0]) /\ is_sint32(ta2_0[1]) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
(* Initializer *)
@@ -103,6 +113,8 @@ Goal Post-condition 'qed_ko' in 'fa2':
Let x = ta2_0[1].
Assume {
Type: is_sint32(ta2_0[0]) /\ is_sint32(x) /\ is_sint32(ta2_0[4]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
(* Initializer *)
@@ -123,7 +135,11 @@ Let x_1 = ta1_0[2].
Let x_2 = ta3_0[0].
Let x_3 = ta3_0[2].
Assume {
- Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(x_2) /\ is_sint32(x_3).
+ Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(x_2) /\ is_sint32(x_3).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
(* Initializer *)
Init: forall i : Z. ((i <= 0) -> ((0 <= i) -> (ta3_0[i] = 0))).
(* Initializer *)
@@ -135,6 +151,12 @@ Assume {
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta3_0[i] = 0))).
(* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 3) -> (ta2_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta2_0[i] = 0))).
+ (* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
(* Initializer *)
Init: x_1 = 1.
@@ -148,9 +170,15 @@ Prove: (x = x_1) /\ (x_3 = x_2).
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta3_0[0].
+Let x = ta1_0[4].
+Let x_1 = ta1_0[2].
+Let x_2 = ta3_0[0].
Assume {
- Type: is_sint32(x) /\ is_sint32(ta3_0[2]).
+ Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(x_2) /\ is_sint32(ta3_0[2]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
(* Initializer *)
Init: forall i : Z. ((i <= 0) -> ((0 <= i) -> (ta3_0[i] = 0))).
(* Initializer *)
@@ -161,15 +189,35 @@ Assume {
Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (ta3_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta3_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 3) -> (ta2_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 1.
+ (* Initializer *)
+ Init: x = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((3 <= i) -> ((i <= 3) -> (ta1_0[i] = 0))).
}
-Prove: x = 1.
+Prove: x_2 = 1.
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta3_0[2].
+Let x = ta1_0[4].
+Let x_1 = ta1_0[2].
+Let x_2 = ta3_0[2].
Assume {
- Type: is_sint32(ta3_0[0]) /\ is_sint32(x).
+ Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(ta3_0[0]) /\ is_sint32(x_2).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
(* Initializer *)
Init: forall i : Z. ((i <= 0) -> ((0 <= i) -> (ta3_0[i] = 0))).
(* Initializer *)
@@ -180,23 +228,61 @@ Assume {
Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (ta3_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta3_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 3) -> (ta2_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 1.
+ (* Initializer *)
+ Init: x = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((3 <= i) -> ((i <= 3) -> (ta1_0[i] = 0))).
}
-Prove: x = 1.
+Prove: x_2 = 1.
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta2_0[4].
+Let x = ta1_0[4].
+Let x_1 = ta1_0[2].
+Let x_2 = ta2_0[4].
Assume {
- Type: is_sint32(x).
+ Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(x_2) /\
+ is_sint32(ta3_0[0]) /\ is_sint32(ta3_0[2]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
+ (* Initializer *)
+ Init: forall i : Z. ((i <= 0) -> ((0 <= i) -> (ta3_0[i] = 0))).
+ (* Initializer *)
+ Init: ta3_0[1] = 1.
+ (* Initializer *)
+ Init: ta3_0[3] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (ta3_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta3_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta2_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((2 <= i) -> ((i <= 3) -> (ta2_0[i] = 1))).
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (ta2_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (ta1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 1.
+ (* Initializer *)
+ Init: x = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((3 <= i) -> ((i <= 3) -> (ta1_0[i] = 0))).
}
-Prove: x = 1.
+Prove: x_2 = 1.
------------------------------------------------------------
------------------------------------------------------------
@@ -214,6 +300,8 @@ Let a_3 = ts1_0[3].
Assume {
Type: IsS5(a_1) /\ IsS5(a_2) /\ IsS5(a_3) /\ is_sint32(a_1.F5_a) /\
is_sint32(x_2) /\ is_sint32(x_1) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
(* Initializer *)
Init: forall i : Z. let a_4 = ts1_0[i] in ((0 <= i) -> ((i <= 1) ->
(((a_4.F5_a) = 0) /\ ((a_4.F5_b) = 0) /\ ((a_4.F5_c) = 0)))).
@@ -241,6 +329,8 @@ Assume {
Type: IsS5(a_1) /\ IsS5(ts1_0[1]) /\ IsS5(ts1_0[3]) /\
is_sint32(a_1.F5_a) /\ is_sint32(x_2) /\ is_sint32(x_1) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
(* Initializer *)
Init: forall i : Z. let a_2 = ts1_0[i] in ((0 <= i) -> ((i <= 1) ->
(((a_2.F5_a) = 0) /\ ((a_2.F5_b) = 0) /\ ((a_2.F5_c) = 0)))).
@@ -268,6 +358,8 @@ Let x_3 = a_1.F5_a.
Assume {
Type: IsS5(a_1) /\ IsS5(ts1_0[1]) /\ IsS5(ts1_0[3]) /\ is_sint32(x_3) /\
is_sint32(x_2) /\ is_sint32(x_1) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
(* Initializer *)
Init: forall i : Z. let a_2 = ts1_0[i] in ((0 <= i) -> ((i <= 1) ->
(((a_2.F5_a) = 0) /\ ((a_2.F5_b) = 0) /\ ((a_2.F5_c) = 0)))).
@@ -291,84 +383,82 @@ Prove: x_3 = 1.
Goal Pre-condition 'qed_ok,Struct_Simple_a' in 'main':
Let x = s.F1_S_b.
Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
Assume {
- Type: is_sint32(x_1) /\ is_sint32(x).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
(* Initializer *)
- Init: x_1 = 2.
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
(* Initializer *)
- Init: x = 0.
-}
-Prove: x_1 = 2.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Struct_Simple_b' in 'main':
-Let x = s.F1_S_b.
-Let x_1 = s.F1_S_a.
-Assume {
- Type: is_sint32(x_1) /\ is_sint32(x).
+ Init: (sq0_0.F3_Sc_a) = 2.
(* Initializer *)
- Init: x_1 = 2.
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
(* Initializer *)
- Init: x = 0.
-}
-Prove: x = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Simple_Array_0' in 'main':
-Let x = t[0].
-Assume {
- Type: is_sint32(x) /\ is_sint32(t[1]).
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
(* Initializer *)
- Init: x = 1.
+ Init: (sq0_0.F3_Sc_c) = 2.
(* Initializer *)
- Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
-}
-Prove: x = 1.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Simple_Array_1' in 'main':
-Let x = t[0].
-Let x_1 = t[1].
-Assume {
- Type: is_sint32(x) /\ is_sint32(x_1).
+ Init: (sc3_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: x = 1.
+ Init: a_5[0] = 2.
(* Initializer *)
- Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
-}
-Prove: x_1 = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,With_Array_Struct_5' in 'main':
-Let a = st_0.F2_St_tab.
-Let a_1 = a[3].
-Let a_2 = a[5].
-Assume {
- Type: is_sint32(a_1) /\ is_sint32(a_2).
+ Init: a_5[1] = 3.
(* Initializer *)
- Init: a[0] = 1.
+ Init: a_6 = 4.
(* Initializer *)
- Init: a[1] = 2.
+ Init: x_4 = 0.
(* Initializer *)
- Init: a[2] = 3.
+ Init: (sc2_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a_1 = 4.
+ Init: a_4[0] = 2.
(* Initializer *)
- Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
-}
-Prove: a_2 = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,With_Array_Struct_3' in 'main':
-Let a = st_0.F2_St_tab.
-Let a_1 = a[3].
-Assume {
- Type: is_sint32(a_1) /\ is_sint32(a[5]).
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
(* Initializer *)
Init: a[0] = 1.
(* Initializer *)
@@ -379,188 +469,1666 @@ Assume {
Init: a_1 = 4.
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
}
-Prove: a_1 = 4.
+Prove: x_1 = 2.
------------------------------------------------------------
-Goal Pre-condition 'qed_ok,Sc_eq' in 'main':
-Let a = sc0_0.F3_Sc_b.
-Let a_1 = sc1_0.F3_Sc_b.
+Goal Pre-condition 'qed_ok,Struct_Simple_b' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
Assume {
- Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
(* Initializer *)
- Init: (sc1_0.F3_Sc_a) = 1.
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
(* Initializer *)
- Init: a_1[0] = 2.
+ Init: (sq0_0.F3_Sc_a) = 2.
(* Initializer *)
- Init: a_1[1] = 3.
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
(* Initializer *)
- Init: a_1[2] = 4.
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
(* Initializer *)
- Init: (sc1_0.F3_Sc_c) = 5.
+ Init: (sq0_0.F3_Sc_c) = 2.
(* Initializer *)
- Init: (sc0_0.F3_Sc_a) = 1.
+ Init: (sc3_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_5[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_5[1] = 3.
(* Initializer *)
- Init: a[2] = 4.
+ Init: a_6 = 4.
(* Initializer *)
- Init: (sc0_0.F3_Sc_c) = 5.
-}
-Prove: EqS3_Sc(sc1_0, sc0_0).
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Sc_t' in 'main':
-Let x = sc2_0.F3_Sc_c.
-Let a = sc2_0.F3_Sc_b.
-Let a_1 = a[2].
-Assume {
- Type: is_sint32(x) /\ is_sint32(a_1).
+ Init: x_4 = 0.
(* Initializer *)
Init: (sc2_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_4[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_4[1] = 3.
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
(* Initializer *)
- Init: x = 4.
-}
-Prove: a_1 = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Sc_t' in 'main':
-Let x = sc3_0.F3_Sc_c.
-Let a = sc3_0.F3_Sc_b.
-Let a_1 = a[2].
-Assume {
- Type: is_sint32(x) /\ is_sint32(a_1).
+ Init: x_3 = 4.
(* Initializer *)
- Init: (sc3_0.F3_Sc_a) = 1.
+ Init: (sc1_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_3[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_3[1] = 3.
(* Initializer *)
- Init: a_1 = 4.
+ Init: a_3[2] = 4.
(* Initializer *)
- Init: x = 0.
-}
-Prove: a_1 = 4.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Sc_c_2' in 'main':
-Let x = sc2_0.F3_Sc_c.
-Let a = sc2_0.F3_Sc_b.
-Assume {
- Type: is_sint32(x) /\ is_sint32(a[2]).
+ Init: (sc1_0.F3_Sc_c) = 5.
(* Initializer *)
- Init: (sc2_0.F3_Sc_a) = 1.
+ Init: (sc0_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_2[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_2[1] = 3.
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: a_2[2] = 4.
(* Initializer *)
- Init: x = 4.
-}
-Prove: x = 4.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Sc_c_3' in 'main':
-Let x = sc3_0.F3_Sc_c.
-Let a = sc3_0.F3_Sc_b.
-Let a_1 = a[2].
-Assume {
- Type: is_sint32(x) /\ is_sint32(a_1).
+ Init: (sc0_0.F3_Sc_c) = 5.
(* Initializer *)
- Init: (sc3_0.F3_Sc_a) = 1.
+ Init: a[0] = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a[1] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a[2] = 3.
(* Initializer *)
Init: a_1 = 4.
(* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
Init: x = 0.
}
Prove: x = 0.
------------------------------------------------------------
-Goal Pre-condition 'qed_ok,Tab_no_init' in 'main':
-Let x = tab_0[5].
+Goal Pre-condition 'qed_ok,Simple_Array_0' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
Assume {
- Type: is_uint8(x).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
-}
-Prove: x = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok,Tab_todo' in 'main':
-Assume {
- Type: is_uint8(tab_0[5]).
- (* Goal *)
- When: (0 <= i) /\ (i <= 31) /\ is_sint32(i).
- (* Initializer *)
- Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 31) -> (tab_0[i_1] = 0))).
-}
-Prove: tab_0[i] <= 255.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok' in 'main':
-Let a = sq0_0.F3_Sc_b.
-Let a_1 = a[1].
-Assume {
- Type: is_sint32(a_1) /\ is_sint32(a[2]).
(* Initializer *)
Init: (sq0_0.F3_Sc_a) = 2.
(* Initializer *)
- Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a[i] = 2))).
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
(* Initializer *)
Init: (sq0_0.F3_Sc_c) = 2.
-}
-Prove: a_1 = 2.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok' in 'main':
-Let a = sq0_0.F3_Sc_b.
-Let a_1 = a[2].
-Assume {
- Type: is_sint32(a[1]) /\ is_sint32(a_1).
(* Initializer *)
- Init: (sq0_0.F3_Sc_a) = 2.
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_2 = 1.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Simple_Array_1' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let x_6 = t[1].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(x_6) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_6 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,With_Array_Struct_5' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let a_8 = a[5].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a_8).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_8 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,With_Array_Struct_3' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_1 = 4.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Sc_eq' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: EqS3_Sc(sc1_0, sc0_0).
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Sc_t' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let a_8 = a_4[2].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_8) /\ is_sint32(a_6) /\
+ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\ is_sint32(a_1) /\
+ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_8 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Sc_t' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_6 = 4.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Sc_c_2' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_3 = 4.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Sc_c_3' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_4 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Tab_no_init' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let x_6 = tab_0[5].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(x_6) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_6 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok,Tab_todo' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Goal *)
+ When: (0 <= i) /\ (i <= 31) /\ is_sint32(i).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 31) -> (tab_0[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 1) -> (a_7[i_1] = 2))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_7[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_4[i_1] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 9) -> (a[i_1] = 0))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 3) -> (t1_0[i_1] = 1))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((5 <= i_1) -> ((i_1 <= 6) -> (t1_0[i_1] = 2))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 4) -> (t1_0[i_1] = 0))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((7 <= i_1) -> ((i_1 <= 9) -> (t1_0[i_1] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 < i_1) -> ((i_1 <= 1) -> (t[i_1] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: tab_0[i] <= 255.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let a_8 = a_7[1].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_8) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_8 = 2.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let a_8 = a_7[2].
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_8) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: a_8 = 0.
+
+------------------------------------------------------------
+
+Goal Pre-condition 'qed_ok' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Goal *)
+ When: (0 <= i) /\ (i <= 3).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 31) -> (tab_0[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 1) -> (a_7[i_1] = 2))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_7[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_4[i_1] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
(* Initializer *)
- Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a[i] = 2))).
+ Init: a[0] = 1.
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: a[1] = 2.
(* Initializer *)
- Init: (sq0_0.F3_Sc_c) = 2.
-}
-Prove: a_1 = 0.
-
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok' in 'main':
-Assume {
- Type: is_sint32(t1_0[4]).
- (* Goal *)
- When: (0 <= i) /\ (i <= 3).
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 9) -> (a[i_1] = 0))).
(* Initializer *)
Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 3) -> (t1_0[i_1] = 1))).
(* Initializer *)
@@ -569,15 +2137,109 @@ Assume {
Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 4) -> (t1_0[i_1] = 0))).
(* Initializer *)
Init: forall i_1 : Z. ((7 <= i_1) -> ((i_1 <= 9) -> (t1_0[i_1] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 < i_1) -> ((i_1 <= 1) -> (t[i_1] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
}
Prove: t1_0[i] = 1.
------------------------------------------------------------
Goal Pre-condition 'qed_ok,todo' in 'main':
-Let x = t1_0[4].
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Let x_6 = t1_0[4].
Assume {
- Type: is_sint32(x).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(x_6) /\ is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(x_3) /\
+ is_sint32(x_4) /\ is_sint32(a_4[2]) /\ is_sint32(a_6) /\
+ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\ is_sint32(a_1) /\
+ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
(* Initializer *)
@@ -586,17 +2248,111 @@ Assume {
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
}
-Prove: x = 0.
+Prove: x_6 = 0.
------------------------------------------------------------
Goal Pre-condition 'qed_ok' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
Assume {
- Type: is_sint32(t1_0[4]).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
(* Goal *)
When: (6 <= i) /\ (i <= 6).
(* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 31) -> (tab_0[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 1) -> (a_7[i_1] = 2))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_7[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_4[i_1] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 9) -> (a[i_1] = 0))).
+ (* Initializer *)
Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 3) -> (t1_0[i_1] = 1))).
(* Initializer *)
Init: forall i_1 : Z. ((5 <= i_1) -> ((i_1 <= 6) -> (t1_0[i_1] = 2))).
@@ -604,17 +2360,111 @@ Assume {
Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 4) -> (t1_0[i_1] = 0))).
(* Initializer *)
Init: forall i_1 : Z. ((7 <= i_1) -> ((i_1 <= 9) -> (t1_0[i_1] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 < i_1) -> ((i_1 <= 1) -> (t[i_1] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
}
Prove: t1_0[i] = 2.
------------------------------------------------------------
Goal Pre-condition 'qed_ok' in 'main':
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
Assume {
- Type: is_sint32(t1_0[4]).
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
(* Goal *)
When: (7 <= i) /\ (i <= 9).
(* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 31) -> (tab_0[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 1) -> (a_7[i_1] = 2))).
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_7[i_1] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((2 <= i_1) -> ((i_1 <= 2) -> (a_4[i_1] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 9) -> (a[i_1] = 0))).
+ (* Initializer *)
Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 3) -> (t1_0[i_1] = 1))).
(* Initializer *)
Init: forall i_1 : Z. ((5 <= i_1) -> ((i_1 <= 6) -> (t1_0[i_1] = 2))).
@@ -622,14 +2472,125 @@ Assume {
Init: forall i_1 : Z. ((4 <= i_1) -> ((i_1 <= 4) -> (t1_0[i_1] = 0))).
(* Initializer *)
Init: forall i_1 : Z. ((7 <= i_1) -> ((i_1 <= 9) -> (t1_0[i_1] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i_1 : Z. ((0 < i_1) -> ((i_1 <= 1) -> (t[i_1] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
}
Prove: t1_0[i] = 0.
------------------------------------------------------------
Goal Pre-condition 'qed_ok,direct_init_union' in 'main':
-Let x = u.F4_U_a.
-Assume { Type: is_sint16(x). (* Initializer *) Init: x = (-1). }
-Prove: x = (-1).
+Let x = s.F1_S_b.
+Let x_1 = s.F1_S_a.
+Let x_2 = t[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let a_2 = sc0_0.F3_Sc_b.
+Let a_3 = sc1_0.F3_Sc_b.
+Let x_3 = sc2_0.F3_Sc_c.
+Let a_4 = sc2_0.F3_Sc_b.
+Let x_4 = sc3_0.F3_Sc_c.
+Let a_5 = sc3_0.F3_Sc_b.
+Let a_6 = a_5[2].
+Let a_7 = sq0_0.F3_Sc_b.
+Let x_5 = u.F4_U_a.
+Assume {
+ Type: IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ is_uint8(tab_0[5]) /\
+ is_sint16(x_5) /\ is_sint32(x_2) /\ is_sint32(t[1]) /\
+ is_sint32(t1_0[4]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(a_4[2]) /\
+ is_sint32(a_6) /\ is_sint32(a_7[1]) /\ is_sint32(a_7[2]) /\
+ is_sint32(a_1) /\ is_sint32(a[5]).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS1_S(s) /\ IsS2_St(st_0) /\
+ IsS3_Sc(sc0_0) /\ IsS3_Sc(sc1_0) /\ IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\
+ IsS3_Sc(sq0_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: x_5 = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_a) = 2.
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 1) -> (a_7[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_7[i] = 0))).
+ (* Initializer *)
+ Init: (sq0_0.F3_Sc_c) = 2.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_5[0] = 2.
+ (* Initializer *)
+ Init: a_5[1] = 3.
+ (* Initializer *)
+ Init: a_6 = 4.
+ (* Initializer *)
+ Init: x_4 = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_4[0] = 2.
+ (* Initializer *)
+ Init: a_4[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_4[i] = 0))).
+ (* Initializer *)
+ Init: x_3 = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_3[2] = 4.
+ (* Initializer *)
+ Init: (sc1_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: a_2[2] = 4.
+ (* Initializer *)
+ Init: (sc0_0.F3_Sc_c) = 5.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: x_2 = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
+ (* Initializer *)
+ Init: x_1 = 2.
+ (* Initializer *)
+ Init: x = 0.
+}
+Prove: x_5 = (-1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/init_value.1.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/init_value.1.res.oracle
index 125cf6eebc17d9a97091d3c08a58f882d44e2219..ec03acf8c197dad4cb8666eb3bd4c9c80359baf1 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/init_value.1.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/init_value.1.res.oracle
@@ -14,6 +14,8 @@ Let x_2 = ta1_0[3].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\
is_sint32(ta1_0[4]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
}
Prove: (x_1 = x) /\ (x_2 = x_1).
@@ -24,6 +26,8 @@ Let x = ta1_0[4].
Assume {
Type: is_sint32(ta1_0[0]) /\ is_sint32(ta1_0[1]) /\ is_sint32(ta1_0[3]) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
}
Prove: x = 0.
@@ -34,6 +38,8 @@ Let x = ta1_0[3].
Assume {
Type: is_sint32(ta1_0[0]) /\ is_sint32(ta1_0[1]) /\ is_sint32(x) /\
is_sint32(ta1_0[4]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0).
}
Prove: x = 1.
@@ -46,21 +52,33 @@ Goal Post-condition 'qed_ok' in 'fa2':
Let x = ta2_0[0].
Let x_1 = ta2_0[1].
Let x_2 = ta2_0[4].
-Assume { Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2). }
+Assume {
+ Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
+}
Prove: (x_1 = x) /\ (x_2 = x_1).
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa2':
Let x = ta2_0[4].
-Assume { Type: is_sint32(ta2_0[0]) /\ is_sint32(ta2_0[1]) /\ is_sint32(x). }
+Assume {
+ Type: is_sint32(ta2_0[0]) /\ is_sint32(ta2_0[1]) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
+}
Prove: x = 1.
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa2':
Let x = ta2_0[1].
-Assume { Type: is_sint32(ta2_0[0]) /\ is_sint32(x) /\ is_sint32(ta2_0[4]). }
+Assume {
+ Type: is_sint32(ta2_0[0]) /\ is_sint32(x) /\ is_sint32(ta2_0[4]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta2_0).
+}
Prove: x = 1.
------------------------------------------------------------
@@ -74,26 +92,51 @@ Let x_1 = ta1_0[4].
Let x_2 = ta3_0[0].
Let x_3 = ta3_0[2].
Assume {
- Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3).
+ Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(x_2) /\ is_sint32(x_3).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
}
Prove: (x_1 = x) /\ (x_3 = x_2).
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta3_0[0]. Assume { Type: is_sint32(x) /\ is_sint32(ta3_0[2]). }
+Let x = ta3_0[0].
+Assume {
+ Type: is_sint32(ta1_0[2]) /\ is_sint32(ta1_0[4]) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(x) /\ is_sint32(ta3_0[2]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
+}
Prove: x = 1.
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta3_0[2]. Assume { Type: is_sint32(ta3_0[0]) /\ is_sint32(x). }
+Let x = ta3_0[2].
+Assume {
+ Type: is_sint32(ta1_0[2]) /\ is_sint32(ta1_0[4]) /\ is_sint32(ta2_0[4]) /\
+ is_sint32(ta3_0[0]) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
+}
Prove: x = 1.
------------------------------------------------------------
Goal Post-condition 'qed_ko' in 'fa3':
-Let x = ta2_0[4]. Assume { Type: is_sint32(x). }
+Let x = ta2_0[4].
+Assume {
+ Type: is_sint32(ta1_0[2]) /\ is_sint32(ta1_0[4]) /\ is_sint32(x) /\
+ is_sint32(ta3_0[0]) /\ is_sint32(ta3_0[2]).
+ (* Heap *)
+ Type: IsArray1_sint32(ta1_0) /\ IsArray1_sint32(ta2_0) /\
+ IsArray1_sint32(ta3_0).
+}
Prove: x = 1.
------------------------------------------------------------
@@ -111,6 +154,8 @@ Let x_1 = a_3.F5_b.
Assume {
Type: IsS5(a) /\ IsS5(a_1) /\ IsS5(a_2) /\ is_sint32(a.F5_a) /\
is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(a_3.F5_c).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
}
Prove: (x_1 = x) /\ EqS5(a, a_1) /\ EqS5(a_1, a_2).
@@ -123,6 +168,8 @@ Let x = a_1.F5_c.
Assume {
Type: IsS5(a) /\ IsS5(ts1_0[1]) /\ IsS5(ts1_0[3]) /\ is_sint32(a.F5_a) /\
is_sint32(a_1.F5_a) /\ is_sint32(a_1.F5_b) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
}
Prove: x = 1.
@@ -135,6 +182,8 @@ Let a_1 = ts1_0[2].
Assume {
Type: IsS5(a) /\ IsS5(ts1_0[1]) /\ IsS5(ts1_0[3]) /\ is_sint32(x) /\
is_sint32(a_1.F5_a) /\ is_sint32(a_1.F5_b) /\ is_sint32(a_1.F5_c).
+ (* Heap *)
+ Type: IsArray1S5(ts1_0).
}
Prove: x = 1.
@@ -144,93 +193,314 @@ Prove: x = 1.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,Sc_eq_ko' in 'main_ko':
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
Let x = sc2_0.F3_Sc_c.
-Let a = sc2_0.F3_Sc_b.
-Let a_1 = sc3_0.F3_Sc_b.
-Let a_2 = a_1[2].
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
Assume {
- Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_sint32(x) /\ is_sint32(a_2).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
(* Initializer *)
Init: (sc3_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a_1[0] = 2.
+ Init: a_3[0] = 2.
(* Initializer *)
- Init: a_1[1] = 3.
+ Init: a_3[1] = 3.
(* Initializer *)
- Init: a_2 = 4.
+ Init: a_4 = 4.
(* Initializer *)
Init: (sc3_0.F3_Sc_c) = 0.
(* Initializer *)
Init: (sc2_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_2[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_2[1] = 3.
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
(* Initializer *)
Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
Prove: EqS3_Sc(sc2_0, sc3_0).
------------------------------------------------------------
Goal Pre-condition 'qed_ko,Sc_t' in 'main_ko':
-Let a = sc3_0.F3_Sc_b.
-Let a_1 = a[2].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
Assume {
- Type: IsS3_Sc(sc3_0) /\ is_sint32(a_1).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
(* Initializer *)
Init: (sc3_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_3[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_3[1] = 3.
(* Initializer *)
- Init: a_1 = 4.
+ Init: a_4 = 4.
(* Initializer *)
Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: a_1 = 3.
+Prove: a_4 = 3.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,Sc_c_2' in 'main_ko':
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
Let x = sc2_0.F3_Sc_c.
-Let a = sc2_0.F3_Sc_b.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
Assume {
- Type: IsS3_Sc(sc2_0) /\ is_sint32(x).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
(* Initializer *)
Init: (sc2_0.F3_Sc_a) = 1.
(* Initializer *)
- Init: a[0] = 2.
+ Init: a_2[0] = 2.
(* Initializer *)
- Init: a[1] = 3.
+ Init: a_2[1] = 3.
(* Initializer *)
- Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a[i] = 0))).
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
(* Initializer *)
Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
Prove: x = 2.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,Tab_no_init' in 'main_ko':
-Let x = tab_0[5].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
+Let x_1 = tab_0[5].
Assume {
- Type: is_uint8(x).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(x_1) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: x = 1.
+Prove: x_1 = 1.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,With_Array_Struct_3' in 'main_ko':
Let a = st_0.F2_St_tab.
Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
Assume {
- Type: is_sint32(a_1).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
(* Initializer *)
Init: a[0] = 1.
(* Initializer *)
@@ -241,28 +511,142 @@ Assume {
Init: a_1 = 4.
(* Initializer *)
Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
Prove: a_1 = 3.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,Simple_Array_1' in 'main_ko':
-Let x = t[1].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
+Let x_1 = t[1].
Assume {
- Type: is_sint32(x).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(x_1) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
(* Initializer *)
Init: t[0] = 1.
(* Initializer *)
Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: x = 1.
+Prove: x_1 = 1.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,T1_6' in 'main_ko':
-Let x = t1_0[6].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
+Let x_1 = t1_0[6].
Assume {
- Type: is_sint32(x).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(x_1) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
+ (* Initializer *)
+ Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
(* Initializer *)
@@ -271,29 +655,147 @@ Assume {
Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
(* Initializer *)
Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: x = 0.
+Prove: x_1 = 0.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,indirect_init_union_b' in 'main_ko':
-Let x = u.F4_U_b.
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
+Let x_1 = u.F4_U_b.
Assume {
- Type: is_sint64(x) /\ is_sint16((u.F4_U_t)[0]).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(x_1) /\ is_sint16((u.F4_U_t)[0]) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
(* Initializer *)
Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: x = 0.
+Prove: x_1 = 0.
------------------------------------------------------------
Goal Pre-condition 'qed_ko,indirect_init_union_t' in 'main_ko':
-Let a = (u.F4_U_t)[0].
+Let a = st_0.F2_St_tab.
+Let a_1 = a[3].
+Let x = sc2_0.F3_Sc_c.
+Let a_2 = sc2_0.F3_Sc_b.
+Let a_3 = sc3_0.F3_Sc_b.
+Let a_4 = a_3[2].
+Let a_5 = (u.F4_U_t)[0].
Assume {
- Type: is_sint64(u.F4_U_b) /\ is_sint16(a).
+ Type: IsS3_Sc(sc2_0) /\ IsS3_Sc(sc3_0) /\ is_uint8(tab_0[5]) /\
+ is_sint32(t[1]) /\ is_sint32(t1_0[6]) /\ is_sint32(x) /\
+ is_sint64(u.F4_U_b) /\ is_sint16(a_5) /\ is_sint32(a_4) /\
+ is_sint32(a_1).
+ (* Heap *)
+ Type: IsArray1_sint32(t) /\ IsArray1_sint32(t1_0) /\
+ IsArray1_uint8(tab_0) /\ IsS2_St(st_0) /\ IsS3_Sc(sc2_0) /\
+ IsS3_Sc(sc3_0) /\ IsU4_U(u).
(* Initializer *)
Init: (u.F4_U_a) = (-1).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 31) -> (tab_0[i] = 0))).
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_3[0] = 2.
+ (* Initializer *)
+ Init: a_3[1] = 3.
+ (* Initializer *)
+ Init: a_4 = 4.
+ (* Initializer *)
+ Init: (sc3_0.F3_Sc_c) = 0.
+ (* Initializer *)
+ Init: (sc2_0.F3_Sc_a) = 1.
+ (* Initializer *)
+ Init: a_2[0] = 2.
+ (* Initializer *)
+ Init: a_2[1] = 3.
+ (* Initializer *)
+ Init: forall i : Z. ((2 <= i) -> ((i <= 2) -> (a_2[i] = 0))).
+ (* Initializer *)
+ Init: x = 4.
+ (* Initializer *)
+ Init: a[0] = 1.
+ (* Initializer *)
+ Init: a[1] = 2.
+ (* Initializer *)
+ Init: a[2] = 3.
+ (* Initializer *)
+ Init: a_1 = 4.
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 9) -> (a[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((0 <= i) -> ((i <= 3) -> (t1_0[i] = 1))).
+ (* Initializer *)
+ Init: forall i : Z. ((5 <= i) -> ((i <= 6) -> (t1_0[i] = 2))).
+ (* Initializer *)
+ Init: forall i : Z. ((4 <= i) -> ((i <= 4) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: forall i : Z. ((7 <= i) -> ((i <= 9) -> (t1_0[i] = 0))).
+ (* Initializer *)
+ Init: t[0] = 1.
+ (* Initializer *)
+ Init: forall i : Z. ((0 < i) -> ((i <= 1) -> (t[i] = 0))).
}
-Prove: a = 0.
+Prove: a_5 = 0.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/init_value_mem.0.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/init_value_mem.0.res.oracle
index 52cb2453194a1f6accb6021c2431b7aa0a7dd49a..3092db73a21a854f4be7baac8cf74ab2c0e0a960 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/init_value_mem.0.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/init_value_mem.0.res.oracle
@@ -20,8 +20,6 @@ Assume {
Init: Mint_0[shiftfield_F1_St_a(a)] = 1.
(* Initializer *)
Init: Mint_0[shiftfield_F1_St_b(a)] = 2.
- (* Heap *)
- Have: region(G_v_18) <= 0.
}
Prove: EqS1_St(a_1, w).
@@ -40,8 +38,6 @@ Assume {
Init: Mint_0[shiftfield_F1_St_a(a)] = 1.
(* Initializer *)
Init: Mint_0[shiftfield_F1_St_b(a)] = 2.
- (* Heap *)
- Have: region(G_v_18) <= 0.
}
Prove: EqS1_St(a_1, w).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
index 1c84108b378c44fa16db512cf87e86a4d9fe60ab..0f0ac33fa3fd589a6f0cf6100e2478c02e64343b 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
@@ -95,8 +95,6 @@ Assume {
Init: Mint_0[shiftfield_F1_x(a_1)] = 30.
(* Initializer *)
Init: Mint_0[shiftfield_F1_y(a_1)] = 31.
- (* Heap *)
- Have: region(G_tr_33) <= 0.
}
Prove: P_P(m).
@@ -131,8 +129,6 @@ Assume {
Init: Mint_0[shiftfield_F1_x(a_1)] = 30.
(* Initializer *)
Init: Mint_0[shiftfield_F1_y(a_1)] = 31.
- (* Heap *)
- Have: region(G_tr_33) <= 0.
}
Prove: P_P(m).
@@ -167,8 +163,6 @@ Assume {
Init: Mint_0[shiftfield_F1_x(a_1)] = 30.
(* Initializer *)
Init: Mint_0[shiftfield_F1_y(a_1)] = 31.
- (* Heap *)
- Have: region(G_tr_33) <= 0.
}
Prove: P_P(m).
@@ -178,7 +172,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:49: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint2) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w.F1_y) = 11.
------------------------------------------------------------
@@ -187,7 +180,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:50: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Point) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w.F3_tab)[1] = 11.
------------------------------------------------------------
@@ -196,7 +188,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:51: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast to struct (Point) from (int [2]) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w.F1_y) = 11.
------------------------------------------------------------
@@ -205,7 +196,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:52: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Point) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w[1] = 11.
------------------------------------------------------------
@@ -214,7 +204,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:53: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint2) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w[1] = 11.
------------------------------------------------------------
@@ -223,7 +212,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:54: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Buint) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w = 134480385.
------------------------------------------------------------
@@ -261,8 +249,6 @@ Assume {
Init: Mint_0[shiftfield_F1_x(a_1)] = 30.
(* Initializer *)
Init: Mint_0[shiftfield_F1_y(a_1)] = 31.
- (* Heap *)
- Have: region(G_tr_33) <= 0.
}
Prove: EqS4(a_6, w).
@@ -272,7 +258,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:56: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint6) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w[1].F1_y) = 21.
------------------------------------------------------------
@@ -281,7 +266,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:57: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast to sized array (Triangle) from (int [6]) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w[1].F1_y) = 21.
------------------------------------------------------------
@@ -290,7 +274,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:58: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint6) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w[4] = 30.
------------------------------------------------------------
@@ -299,7 +282,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:59: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint6) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w[1] = 11.
------------------------------------------------------------
@@ -308,7 +290,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:60: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast to sized array (int [2]) from (int [6]) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: w[1] = 11.
------------------------------------------------------------
@@ -317,7 +298,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:61: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast from struct (Tint6) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w.F3_tab)[1] = 11.
------------------------------------------------------------
@@ -326,7 +306,6 @@ Goal Pre-condition 'qed_ok' in 'main':
tests/wp_acsl/logic.i:62: warning from wp:
- Warning: Hide sub-term definition
Reason: Logic cast to struct (Tint2) from (int [6]) not implemented yet
-Assume { (* Heap *) Have: region(G_tr_33) <= 0. }
Prove: (w.F3_tab)[1] = 11.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
index 9873fc3036b1e73d8a0b60755412e32b3881a073..d6d7c7ffd7f9c9eccad217d19b140b14684eb9d4 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
@@ -13,7 +13,7 @@ Let a_2 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
@@ -34,7 +34,7 @@ Let a_2 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
@@ -62,7 +62,7 @@ Let x = 1 + i.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < n) /\ valid_rw(Malloc_0, a_3, n) /\
valid_rw(Malloc_0, a_1, n) /\ separated(a_3, n, a_1, n).
@@ -83,7 +83,7 @@ Let a_2 = shift_sint32(b, 0).
Assume {
Type: is_sint32(n).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < n) /\ valid_rw(Malloc_0, a_1, n) /\
valid_rw(Malloc_0, a_2, n) /\ separated(a_1, n, a_2, n).
@@ -104,10 +104,10 @@ Let a_2 = shift_sint32(a, 0).
Let a_3 = shift_sint32(b, i).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/pointer.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/pointer.res.oracle
index 729631120271baea7851ecb93afefce754328d9f..8724a747b0ae66acca4323b77f9c07aace15d781 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/pointer.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/pointer.res.oracle
@@ -21,10 +21,10 @@
Goal Post-condition 'qed_ko,Base_oracle_ko' in 'absurd':
Assume {
+ (* Heap *)
+ Type: region(q.base) <= 0.
(* Goal *)
When: q.offset < p.offset.
- (* Heap *)
- Have: (region(G_t_19) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: p.base = G_t_19.
}
@@ -36,8 +36,6 @@ Goal Post-condition 'qed_ko,Comp_oracle_ko' in 'absurd':
Assume {
(* Goal *)
When: i_1 <= i.
- (* Heap *)
- Have: (region(G_t_19) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: p.base = G_t_19.
}
@@ -70,10 +68,10 @@ Goal Post-condition 'qed_ok,Lt' in 'compare':
Let x = q.base.
Let x_1 = p.base.
Assume {
+ (* Heap *)
+ Type: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Goal *)
When: q.offset < p.offset.
- (* Heap *)
- Have: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Pre-condition *)
Have: x = x_1.
}
@@ -85,10 +83,10 @@ Goal Post-condition 'qed_ok,Le' in 'compare':
Let x = q.base.
Let x_1 = p.base.
Assume {
+ (* Heap *)
+ Type: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Goal *)
When: q.offset <= p.offset.
- (* Heap *)
- Have: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Pre-condition *)
Have: x = x_1.
}
@@ -100,10 +98,10 @@ Goal Post-condition 'qed_ok,Eq' in 'compare':
Let x = q.base.
Let x_1 = p.base.
Assume {
+ (* Heap *)
+ Type: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Goal *)
When: q.offset = p.offset.
- (* Heap *)
- Have: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Pre-condition *)
Have: x = x_1.
}
@@ -118,14 +116,7 @@ Goal Post-condition 'qed_ok,Lt' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:45: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Goal *)
- When: 0 < w.
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
-}
+Assume { (* Goal *) When: 0 < w. (* Pre-condition *) Have: p.base = G_t_19. }
Prove: addr_lt(shift_sint32(global(G_t_19), 0), p).
------------------------------------------------------------
@@ -134,13 +125,7 @@ Goal Post-condition 'qed_ok,Le' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:46: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Goal *)
- When: 0 <= w.
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
+Assume { (* Goal *) When: 0 <= w. (* Pre-condition *) Have: p.base = G_t_19.
}
Prove: addr_le(shift_sint32(global(G_t_19), 0), p).
@@ -150,12 +135,7 @@ Goal Post-condition 'qed_ok,Eq' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:47: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
-}
+Assume { (* Pre-condition *) Have: p.base = G_t_19. }
Prove: shift_sint32(global(G_t_19), 0) = p.
------------------------------------------------------------
@@ -164,13 +144,7 @@ Goal Post-condition 'qed_ok,Ne' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:48: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Goal *)
- When: w != 0.
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
+Assume { (* Goal *) When: w != 0. (* Pre-condition *) Have: p.base = G_t_19.
}
Prove: shift_sint32(global(G_t_19), 0) != p.
@@ -180,13 +154,7 @@ Goal Post-condition 'qed_ko,Le_oracle_ko' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:49: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Goal *)
- When: 0 <= w.
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
+Assume { (* Goal *) When: 0 <= w. (* Pre-condition *) Have: p.base = G_t_19.
}
Prove: addr_lt(shift_sint32(global(G_t_19), 0), p).
@@ -196,14 +164,7 @@ Goal Post-condition 'qed_ko,Lt_oracle_ko' in 'mixed_array_pointer':
tests/wp_acsl/pointer.i:50: warning from Reference Variable Model:
- Warning: Hide sub-term definition
Reason: Uncomparable locations p_0 and mem:t.(0)
-Assume {
- (* Goal *)
- When: 0 < w.
- (* Heap *)
- Have: region(G_t_19) <= 0.
- (* Pre-condition *)
- Have: p.base = G_t_19.
-}
+Assume { (* Goal *) When: 0 < w. (* Pre-condition *) Have: p.base = G_t_19. }
Prove: addr_le(p, shift_sint32(global(G_t_19), 0)).
------------------------------------------------------------
@@ -213,7 +174,7 @@ Prove: addr_le(p, shift_sint32(global(G_t_19), 0)).
Goal Post-condition 'qed_ok,Bool' in 'null':
Let x = int_of_addr(p).
-Assume { Type: is_sint32(x). (* Heap *) Have: region(p.base) <= 0. }
+Assume { Type: is_sint32(x). (* Heap *) Type: region(p.base) <= 0. }
Prove: (x != 0) <-> (null != p).
------------------------------------------------------------
@@ -222,10 +183,10 @@ Goal Post-condition 'qed_ok,NotNull' in 'null':
Let x = int_of_addr(p).
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: region(p.base) <= 0.
(* Goal *)
When: null != p.
- (* Heap *)
- Have: region(p.base) <= 0.
}
Prove: x != 0.
@@ -265,13 +226,12 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'qed_ko,Le_oracle_ko' in 'pointer':
-Assume { (* Goal *) When: i <= i_1. (* Heap *) Have: region(p.base) <= 0. }
+Assume { (* Goal *) When: i <= i_1. }
Prove: i < i_1.
------------------------------------------------------------
Goal Post-condition 'qed_ko,Eq_oracle_ko' in 'pointer':
-Assume { (* Heap *) Have: region(p.base) <= 0. }
Prove: false.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
index 56a30da1a662539946b7cbc0f6a9c91f4cfbcfce..3a8f0e7073f21c2fd8b6fa11751e7b29521945c7 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
@@ -28,7 +28,7 @@ Let x_2 = m[v].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
(* Heap *)
- Have: (region(u.base) <= 0) /\ (region(v.base) <= 0).
+ Type: (region(u.base) <= 0) /\ (region(v.base) <= 0).
(* Pre-condition *)
Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 10) /\ (x_1 <= 10) /\
P_P(Mint_0, u, v).
@@ -48,6 +48,8 @@ Prove: true.
Goal Post-condition 'qed_ko,G_KO' in 'modifies_x':
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(y).
(* Pre-condition *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
@@ -58,6 +60,8 @@ Prove: P_g(1 + x).
Goal Post-condition 'qed_ko,H_KO' in 'modifies_x':
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(y).
(* Pre-condition *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
@@ -68,6 +72,8 @@ Prove: P_h(y, 1 + x).
Goal Post-condition 'qed_ok,W_OK,todo' in 'modifies_x':
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(y).
(* Pre-condition *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
@@ -91,6 +97,8 @@ Prove: true.
Goal Post-condition 'qed_ko,H_KO' in 'modifies_y':
Assume {
Type: is_sint32(y).
+ (* Heap *)
+ Type: is_sint32(x).
(* Pre-condition *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
@@ -101,6 +109,8 @@ Prove: P_h(1 + y, x).
Goal Post-condition 'qed_ok,W_OK,todo' in 'modifies_y':
Assume {
Type: is_sint32(y).
+ (* Heap *)
+ Type: is_sint32(x).
(* Pre-condition *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
index 115de5d9648a90244d293e05cf3fe13140cb66c5..42be62e61943aacc4721bde62a57dd5b2d7b9a34 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
@@ -205,10 +205,10 @@ Let a = shift_sint32(t, 0).
Let a_1 = havoc(Mint_undef_0, Mint_0, a, size_0).
Assume {
Type: is_sint32(i) /\ is_sint32(size_0).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i_1) /\ (i_1 < size_0) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
@@ -233,7 +233,7 @@ Let a = havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), size_0).
Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: region(t.base) <= 0.
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
@@ -265,10 +265,10 @@ Let a_2 = a[a_1].
Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(1 + i) /\
is_sint32(a_2).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
@@ -300,10 +300,10 @@ Let a_2 = a[a_1].
Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(1 + i) /\
is_sint32(a_2).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (i_1 < size_0) /\ (i < i_1) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
@@ -326,10 +326,10 @@ Prove: a[a_1 <- -a_2][shift_sint32(t, i_1)] < 0.
Goal Establishment of Invariant (file tests/wp_acsl/simpl_is_type.i, line 24):
Assume {
Type: is_sint32(size_0).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i < size_0) /\ is_sint32(i).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
@@ -351,10 +351,10 @@ Let a_1 = havoc(Mint_undef_0, Mint_0, a, size_0).
Let a_2 = shift_sint32(t, i).
Assume {
Type: is_sint32(i) /\ is_sint32(size_0).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < size_0) /\
(forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
@@ -382,7 +382,7 @@ Let x = Mint_0[shift_sint32(t, i)].
Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(x).
(* Heap *)
- Have: region(t.base) <= 0.
+ Type: region(t.base) <= 0.
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
@@ -405,7 +405,7 @@ Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(x) /\
is_sint32(1 + i) /\ is_sint32(x_1).
(* Heap *)
- Have: region(t.base) <= 0.
+ Type: region(t.base) <= 0.
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
@@ -432,10 +432,10 @@ Let x_1 = Mint_0[shift_sint32(t, i_1)].
Assume {
Type: is_sint32(i_1) /\ is_sint32(size_0) /\ is_sint32(x) /\
is_sint32(1 + i_1) /\ is_sint32(x_1).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= i_1) /\ is_sint32(i).
- (* Heap *)
- Have: region(t.base) <= 0.
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts0843.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts0843.res.oracle
index 1671a74ea99376546406704bcfe7266b9112c519..127e971b35add046ba4db4dafe3a260d1c433b22 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts0843.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts0843.res.oracle
@@ -21,10 +21,10 @@ Call Effect at line 16
Let a = Mptr_0[global(G_p_18)].
Let a_1 = shiftfield_F1_a(a).
Assume {
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_1, 1).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 1).
}
@@ -37,10 +37,10 @@ Call Effect at line 16
Let a = Mptr_0[global(G_p_18)].
Let a_1 = shiftfield_F1_a(a).
Assume {
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_1, 1).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 1).
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts779.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts779.res.oracle
index 008df3008d1f093b90b5832f55de88c6380b23d4..bf5748d6871b1eb64d32887e583b80a946760f7c 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts779.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts779.res.oracle
@@ -9,7 +9,7 @@
Goal Assertion (file tests/wp_bts/bts779.i, line 6):
Let x = Mint_0[shift_uint8(t, 0)].
-Assume { Type: is_uint8(x). (* Heap *) Have: region(t.base) <= 0. }
+Assume { Type: is_uint8(x). (* Heap *) Type: region(t.base) <= 0. }
Prove: x <= 255.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts788.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts788.res.oracle
index be46cfa682b94ca45837233931bb70519376701f..59fb21a87df970d7586c084d7b416099a704bf30 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts788.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts788.res.oracle
@@ -16,6 +16,8 @@ Goal Post-condition 'I1' in 'main':
Let x = t20_0[1].
Assume {
Type: is_sint32(x) /\ is_sint32(t20_0[2]).
+ (* Heap *)
+ Type: IsArray1_sint32(t20_0).
(* Initializer *)
Init: t20_0[0] = 3.
(* Initializer *)
@@ -29,6 +31,8 @@ Goal Post-condition 'I2' in 'main':
Let x = t20_0[2].
Assume {
Type: is_sint32(t20_0[1]) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(t20_0).
(* Initializer *)
Init: t20_0[0] = 3.
(* Initializer *)
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts986.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts986.res.oracle
index e748fc7f6fa633e35096244796159c4e8342f53a..ce79600349b168bb90ce646baaf14ee145b4c160 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts986.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts986.res.oracle
@@ -8,7 +8,7 @@
------------------------------------------------------------
Goal Assertion 'A' (file tests/wp_bts/bts986.i, line 12):
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: !valid_rw(Malloc_0[L_x_21 <- 0], global(L_x_21), 1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
index 384c3ae7ea16d3c492e5d8b523ce3a4cbae280d4..717419064133157a6bc6d19b725979e2d733fe50 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
@@ -16,7 +16,7 @@ Prove: true.
Goal Assertion 'rte,mem_access' (file tests/wp_bts/bts_1360.i, line 29):
Assume {
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (b != a) /\ valid_rd(Malloc_0, b, 1) /\ valid_rw(Malloc_0, a, 1).
}
@@ -61,7 +61,7 @@ Prove: true.
Goal Assertion 'rte,mem_access' (file tests/wp_bts/bts_1360.i, line 19):
Assume {
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (b != a) /\ valid_rd(Malloc_0, a, 1) /\ valid_rd(Malloc_0, b, 1).
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1382.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1382.res.oracle
index fda8518f28c08a99a5d6e26f5a08d0087ab0fc40..06a8ba6dc041b09818665d0e65aca73f07c6420e 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1382.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1382.res.oracle
@@ -34,10 +34,10 @@ tests/wp_bts/bts_1382.i:17: warning from Typed Model:
Reason: Cast with incompatible pointers types (source: sint32*) (target: uint8*)
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, w, 1).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
(* Then *)
Have: i <= 99.
}
@@ -59,10 +59,10 @@ tests/wp_bts/bts_1382.i:18: warning from Typed Model:
Let a = shift_sint8(w, 0).
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a, 4).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
(* Then *)
Have: i <= 99.
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1828.0.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1828.0.res.oracle
index 2fe9ea0df096ea6e1f04f8c176ce80f72b4dfd8e..811b400b32bc42483ba075d5d271e1ee91c6a369 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1828.0.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1828.0.res.oracle
@@ -10,7 +10,7 @@
Goal Post-condition 'sep_iff_ref' in 'global_frame':
Assume {
(* Heap *)
- Have: (region(one_0.base) <= 0) /\ (region(zero_0.base) <= 0) /\
+ Type: (region(one_0.base) <= 0) /\ (region(zero_0.base) <= 0) /\
linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, one_0, 1) /\ valid_rw(Malloc_0, zero_0, 1).
@@ -29,7 +29,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x + x_1) /\
is_sint32(x_2) /\ is_sint32(x_4).
(* Heap *)
- Have: (region(one_0.base) <= 0) /\ (region(zero_0.base) <= 0) /\
+ Type: (region(one_0.base) <= 0) /\ (region(zero_0.base) <= 0) /\
linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, one_0, 1) /\ valid_rw(Malloc_0, zero_0, 1).
@@ -59,7 +59,7 @@ Prove: true.
Goal Assertion 'ok' (file tests/wp_bts/bts_1828.i, line 23):
Assume {
(* Heap *)
- Have: (region(one_0.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(one_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, one_0, 1).
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1828.1.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1828.1.res.oracle
index 146d6589559b8ea71d89818fef2b53c9a3263869..665539648c83408618818e7ae9ad2cd96419cb03 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1828.1.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1828.1.res.oracle
@@ -38,7 +38,7 @@ Prove: true.
Goal Assertion 'ok' (file tests/wp_bts/bts_1828.i, line 23):
Assume {
(* Heap *)
- Have: (region(one_0.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(one_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, one_0, 1).
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_2079.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_2079.res.oracle
index c1197a6d9fbf09c1189b1a58cc9df5db4655188a..3aaa31af0f66251205832210b85c9d2de28f5238 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_2079.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_2079.res.oracle
@@ -8,19 +8,19 @@
------------------------------------------------------------
Goal Post-condition 'Obs,P' in 'main':
-Assume { Type: is_sint32(k). (* Heap *) Have: region(0) <= 0. }
+Assume { Type: is_sint32(k). }
Prove: P_S(k).
------------------------------------------------------------
Goal Post-condition 'Obs,Q' in 'main':
-Assume { Type: is_sint32(k). (* Heap *) Have: region(0) <= 0. }
+Assume { Type: is_sint32(k). }
Prove: P_S(k).
------------------------------------------------------------
Goal Post-condition 'Obs,R' in 'main':
-Assume { Type: is_sint32(k). (* Heap *) Have: region(0) <= 0. }
+Assume { Type: is_sint32(k). }
Prove: P_S(45 + k).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
index 632e1429bf1e00f533f2f72cb0d829a8f6d00211..8615955b43f8e534b599299f0bbc741dc706b45b 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
@@ -130,10 +130,9 @@ end
(* use Compound *)
goal wp_goal :
- forall t:addr -> int, t1:addr -> int, a:addr, a1:addr.
- let a2 = Load_S2_A a t in
- let a3 = Load_S2_A a (havoc t1 t a 1) in
- region (base a1) <= 0 ->
- region (base a) <= 0 -> IsS2_A a2 -> IsS2_A a3 -> EqS2_A a3 a2
+ forall t:addr -> int, t1:addr -> int, a:addr.
+ let a1 = Load_S2_A a t in
+ let a2 = Load_S2_A a (havoc t1 t a 1) in
+ region (base a) <= 0 -> IsS2_A a1 -> IsS2_A a2 -> EqS2_A a2 a1
end
[wp] 2 goals generated
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue-364.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue-364.res.oracle
index 9b457195b1a6e29133634ce6ac411639b628707a..ae3e885d9102d1aaf30d13185e12852f38e45c0b 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue-364.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue-364.res.oracle
@@ -8,7 +8,7 @@
------------------------------------------------------------
Goal Assertion 'ZERO' (file tests/wp_bts/issue-364.i, line 5):
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rd(Malloc_0, shift_sint8(global(Str_1), 3), 1).
------------------------------------------------------------
@@ -17,7 +17,7 @@ Goal Assertion 'OVER' (file tests/wp_bts/issue-364.i, line 6):
Let a = global(Str_1).
Assume {
(* Heap *)
- Have: linked(Malloc_0).
+ Type: linked(Malloc_0).
(* Assertion 'ZERO' *)
Have: valid_rd(Malloc_0, shift_sint8(a, 3), 1).
}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue-516.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue-516.res.oracle
index 10ff4cc940e4236b96034da0fbc080970991fc2a..9bf1f55fb108cb0f070e334ef8477d3704698b31 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue-516.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue-516.res.oracle
@@ -10,11 +10,7 @@
Goal Assertion (file tests/wp_bts/issue-516.c, line 21):
Let a = Mptr_0[list_0].
-Assume {
- (* Heap *)
- Have: (region(item_0.base) <= 0) /\ (region(list_0.base) <= 0) /\
- framed(Mptr_0).
-}
+Assume { (* Heap *) Type: (region(list_0.base) <= 0) /\ framed(Mptr_0). }
Prove: (a != null) /\ (a = nth(L_to_logic_list(a, null), 0)).
------------------------------------------------------------
@@ -23,11 +19,11 @@ Goal Assertion 'UNROLL' (file tests/wp_bts/issue-516.c, line 23):
Let a = Mptr_0[list_0].
Let a_1 = Mptr_0[shiftfield_F1_list_next(a)].
Assume {
- (* Goal *)
- When: (a_1 != item_0) /\ (a_1 = null).
(* Heap *)
- Have: (region(item_0.base) <= 0) /\ (region(list_0.base) <= 0) /\
+ Type: (region(item_0.base) <= 0) /\ (region(list_0.base) <= 0) /\
framed(Mptr_0).
+ (* Goal *)
+ When: (a_1 != item_0) /\ (a_1 = null).
(* Initializer *)
Init: a = nth(L_to_logic_list(a, a_1), 0).
(* Assertion *)
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_494.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_494.res.oracle
index de5af043b21044090cd01bc9b1a6ff9f135258c4..297b4d981860ff3428f2fa865dc0c1739945acb6 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_494.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_494.res.oracle
@@ -13,7 +13,7 @@ Let x_1 = 1 + x.
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: P_R(x, x_1).
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
index 57af4333a71bb3c61664569d6d27510a7801c797..179be9f834bcce480b9e2d76af6eea6f591bb5be 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
@@ -13,11 +13,11 @@ Let a = shiftfield_F2_data(tbl_0).
Let x = to_uint32(d).
Assume {
Type: is_sint32(d).
+ (* Heap *)
+ Type: (region(tbl_0.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0,
shiftfield_F1_size(shift___anonstruct_Buckets_1(a, x)), 1).
- (* Heap *)
- Have: (region(tbl_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= d) /\ (d <= 16) /\ valid_rw(Malloc_0, tbl_0, 35) /\
valid_rw(Malloc_0, shift___anonstruct_Buckets_1(a, 0), 34).
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_715_b.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_715_b.res.oracle
index a786d13c9660cdba5d7c3aa4c91a37260fa83f88..433297728cb35999429def26a678c5e5e7a996b2 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_715_b.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_715_b.res.oracle
@@ -11,7 +11,7 @@
Goal Instance of 'Pre-condition (file tests/wp_bts/issue_715_b.i, line 4) in 'dummy'' in 'foo' at call 'dummy' (file tests/wp_bts/issue_715_b.i, line 11)
:
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: P_isValid(Malloc_0[L_p_28 <- 1], shift_sint32(global(L_p_28), 0)).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
index 6e440e1cd4fd730736fc7c33f9d10c112a1c6d0d..d54cb3838366d89778e8abc0cccae8de0cef42f0 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
@@ -13,8 +13,6 @@ Let x_1 = x / 256.
Assume {
Type: is_sint32(R) /\ is_sint32(j) /\ is_sint32(1 + j) /\
is_sint32(lsr(x, 8)).
- (* Heap *)
- Have: (region(Data_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < x) /\ (x <= 2303).
(* Invariant 'RANGE' *)
@@ -42,10 +40,10 @@ Let x = land(3840, R).
Let x_1 = x / 256.
Assume {
Type: is_sint32(R) /\ is_sint32(j) /\ is_sint32(lsr(x, 8)).
+ (* Heap *)
+ Type: (region(Data_0.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, shift_sint32(Data_0, j), 1).
- (* Heap *)
- Have: (region(Data_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 < x) /\ (x <= 2303).
(* Invariant 'RANGE' *)
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/byref.0.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/byref.0.res.oracle
index 18583dd3ecd8666038db081c1cb6a775e242e36a..9ec8bc14a7f9fe4e4ede6808f53fa99a9aa0731d 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/byref.0.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/byref.0.res.oracle
@@ -84,7 +84,7 @@ Prove: true.
Goal Instance of 'Pre-condition (file tests/wp_hoare/byref.i, line 11) in 'f'' in 'wrong_without_ref' at call 'f' (file tests/wp_hoare/byref.i, line 22)
:
-Assume { (* Heap *) Have: (region(q.base) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: (region(q.base) <= 0) /\ linked(Malloc_0). }
Prove: valid_rw(Malloc_0, q, 1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
index 3cf473a59c506923dbfa3d265b66408fe3f94da1..43d36bca1fa3e16c24a76a02ec409d85744afdfb 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
@@ -11,6 +11,8 @@ Goal Post-condition (file tests/wp_hoare/dispatch_var2.i, line 37) in 'call_glob
Assume {
Type: is_sint32(call_global_0) /\ is_sint32(load_0) /\ is_sint32(tmp_0) /\
is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(x_1).
(* Block In *)
Have: (ta_tmp_0=false).
(* Call 'reset' *)
@@ -38,6 +40,8 @@ Goal Assigns (file tests/wp_hoare/dispatch_var2.i, line 36) in 'call_global' (2/
Call Result at line 42
Assume {
Type: is_sint32(load_0) /\ is_sint32(tmp_0) /\ is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(x_1).
Have: (ta_tmp_1=true) <-> (ta_tmp_0=true).
(* Block In *)
Have: (ta_tmp_1=false).
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/logicref.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/logicref.res.oracle
index 2fb7bd4c4d9a34d9febbe9d30d1bb82f8a25b5de..093b63521e624272f9819a2f9ce9b86db0052f59 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/logicref.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/logicref.res.oracle
@@ -16,7 +16,7 @@ Goal Assertion (file tests/wp_hoare/logicref.i, line 14):
Assume {
Type: is_sint32(i) /\ is_sint32(k).
(* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= i) /\ (i < k) /\ P_vrange(Malloc_0, a, k).
}
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/logicref_simple.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/logicref_simple.res.oracle
index 094d6b42af2141a0d537fbec570b2c26dd06324e..cb5bbabf891a31381f3ece52b3ff9434bc0b88d8 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/logicref_simple.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/logicref_simple.res.oracle
@@ -21,7 +21,7 @@ Let x = Mint_0[c].
Assume {
Type: is_sint32(x) /\ is_sint32(1 + x).
(* Heap *)
- Have: region(c.base) <= 0.
+ Type: region(c.base) <= 0.
(* Pre-condition *)
Have: P_simple(Mint_0, c).
}
@@ -64,7 +64,7 @@ Let x = Mint_0[Mptr_0[d]].
Assume {
Type: is_sint32(x) /\ is_sint32(1 + x).
(* Heap *)
- Have: (region(d.base) <= 0) /\ framed(Mptr_0).
+ Type: (region(d.base) <= 0) /\ framed(Mptr_0).
(* Pre-condition *)
Have: P_two_star(Mptr_0, Mint_0, d).
}
@@ -89,7 +89,7 @@ Prove: true.
Goal Assertion 'OK' (file tests/wp_hoare/logicref_simple.i, line 30):
Assume {
(* Heap *)
- Have: (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_vpositive(Malloc_0, Mint_0, b).
}
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/reference_and_struct.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/reference_and_struct.res.oracle
index c13e28c419a128b4e0a962e9a1942fa79e6292a8..90f5112a9d1d727ec18d81c9d049d3930b2489ad 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/reference_and_struct.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/reference_and_struct.res.oracle
@@ -39,6 +39,8 @@ Prove: true.
Goal Post-condition 'Pload' in 'call_on_array_in_struct_global':
Let a = s.F2_S_tab.
Assume {
+ (* Heap *)
+ Type: IsS2_S(s).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -131,6 +133,8 @@ Prove: true.
Goal Post-condition 'Preset_5' in 'call_reset_5':
Assume {
+ (* Heap *)
+ Type: IsArray1S1_T(ts_1).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'reset_5' *)
@@ -166,6 +170,8 @@ Prove: true.
Goal Post-condition 'Presset_mat' in 'call_reset_5_dim2':
Let m = smatrix_0[1].
Assume {
+ (* Heap *)
+ Type: IsArray2S1_T(smatrix_1).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'reset_5' *)
@@ -202,10 +208,10 @@ Let a = tps_0[9].
Let a_1 = shift_T(a, 0).
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, 10).
Assume {
+ (* Heap *)
+ Type: linked(Malloc_0) /\ (forall i_1 : Z. region(tps_0[i_1].base) <= 0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
- (* Heap *)
- Have: linked(Malloc_0) /\ (forall i_1 : Z. region(tps_0[i_1].base) <= 0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, 10).
(* Call 'reset_5' *)
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/reference_array.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/reference_array.res.oracle
index 3beaa58f2543d773ccd2649dd8da348ef9a70cb9..8cdc9f4d9d23e67d381f6cfc6d7affffcb8ad1c2 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/reference_array.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/reference_array.res.oracle
@@ -10,10 +10,11 @@
Goal Post-condition (file tests/wp_hoare/reference_array.i, line 49) in 'add_1_5':
Let a = shift_A5_sint32(ap_0, 0).
Assume {
+ (* Heap *)
+ Type: (region(ap_0.base) <= 0) /\ IsArray1_sint32(reg_load_0) /\
+ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
- (* Heap *)
- Have: (region(ap_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, shift_sint32(a, 0), 5).
(* Call 'add_5' *)
@@ -45,6 +46,8 @@ Prove: true.
Goal Post-condition 'Pload' in 'calls_on_array_dim_1':
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(t).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -65,6 +68,8 @@ Prove: t[i] = reg_load_0[i].
Goal Post-condition 'Preset' in 'calls_on_array_dim_1':
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(t_1).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -85,6 +90,8 @@ Prove: t[i] = 0.
Goal Post-condition 'Padd' in 'calls_on_array_dim_1':
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(t).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -137,6 +144,8 @@ Prove: true.
Goal Post-condition 'Pload' in 'calls_on_array_dim_2':
Let m = tt_0[0].
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_1_5' *)
@@ -154,6 +163,8 @@ Prove: m[i] = reg_load_0[i].
Goal Post-condition 'Preset' in 'calls_on_array_dim_2':
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_1_5' *)
@@ -172,6 +183,8 @@ Prove: v[i] = 0.
Goal Post-condition 'Padd' in 'calls_on_array_dim_2':
Let m = tt_0[0].
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_1_5' *)
@@ -222,6 +235,8 @@ Goal Post-condition 'Pload' in 'calls_on_array_dim_2_to_1':
Let m = tt_1[0].
Let m_1 = tt_0[0].
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -242,6 +257,8 @@ Prove: m_1[i] = reg_load_0[i].
Goal Post-condition 'Preset' in 'calls_on_array_dim_2_to_1':
Let m = tt_0[0].
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_1).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -263,6 +280,8 @@ Goal Post-condition 'Padd' in 'calls_on_array_dim_2_to_1':
Let m = tt_1[0].
Let m_1 = tt_0[0].
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(tt_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
(* Call 'load_5' *)
@@ -314,10 +333,10 @@ Prove: true.
Goal Post-condition (file tests/wp_hoare/reference_array.i, line 42) in 'load_1_5':
Let a = shift_A5_sint32(lp_0, 0).
Assume {
+ (* Heap *)
+ Type: (region(lp_0.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
- (* Heap *)
- Have: (region(lp_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, shift_sint32(a, 0), 5).
(* Call 'load_5' *)
@@ -352,10 +371,10 @@ Let a = shift_A5_sint32(rp_0, 0).
Let a_1 = shift_sint32(a, 0).
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, 5).
Assume {
+ (* Heap *)
+ Type: (region(rp_0.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ (i <= 4).
- (* Heap *)
- Have: (region(rp_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, 5).
(* Call 'reset_5' *)
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/refguards.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/refguards.res.oracle
index 00866d3fb22134f5f7c4bdf75a73ee3b4eb35125..25649f1ac968befd3f1858a7d2ba9d75962cf1fb 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/refguards.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/refguards.res.oracle
@@ -22,7 +22,7 @@ Let x_1 = Mint_0[shift_sint32(a, k) <- x][a_1].
Assume {
Type: is_sint32(k) /\ is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
}
Prove: x_1 = x.
@@ -65,7 +65,7 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'KO' in 's':
-Assume { (* Heap *) Have: (region(c.base) <= 0) /\ (region(d.base) <= 0). }
+Assume { (* Heap *) Type: (region(c.base) <= 0) /\ (region(d.base) <= 0). }
Prove: d != c.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/doomed.i b/src/plugins/wp/tests/wp_plugin/doomed.i
new file mode 100644
index 0000000000000000000000000000000000000000..17dadc8118462bc17f8e23647bb7fd951238808f
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed.i
@@ -0,0 +1,44 @@
+/* run.config
+ OPT:
+ OPT: -wp-smoke-tests
+ */
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests
+*/
+
+/*@ axiomatic CFG {
+ predicate ASSUMES(integer x,integer y);
+ predicate REQUIRES(integer x,integer y);
+ predicate ENSURES(integer x,integer y);
+ }*/
+
+/*@
+ requires REQUIRES(0,x);
+ requires x < 0 ;
+ behavior A:
+ assumes ASSUMES(1,x);
+ requires REQUIRES(1,x);
+ requires 2 < x ;
+ behavior B:
+ assumes ASSUMES(2,x);
+ requires REQUIRES(2,x);
+ */
+int foo(int x)
+{
+ x++;
+ return x;
+}
+
+
+/*@ requires x > 0; ensures \result == x+1 ; */
+int bar(int x)
+{
+ return x+1;
+}
+
+/*@ requires x > 0; requires x < -4 ; ensures \result == x-1 ; */
+int buzz(int x)
+{
+ return x-1;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/doomed.report b/src/plugins/wp/tests/wp_plugin/doomed.report
new file mode 100644
index 0000000000000000000000000000000000000000..1493af5c9260e8529cd832d58719bb45d58e085f
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed.report
@@ -0,0 +1,13 @@
+@CONSOLE
+@ZERO " -"
+ &30: Qed Ergo Failed
+@PROPERTY
+ %name &30: %qed %alt-ergo %failed
+@END
+@TAIL
+-------------------------------------------------------------
+Success: %prop%%
+ Total : %prop:total properties
+ Valid : %prop:valid
+ Failed : %prop:failed
+-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/doomed_axioms.i b/src/plugins/wp/tests/wp_plugin/doomed_axioms.i
new file mode 100644
index 0000000000000000000000000000000000000000..3c32fc54714249bafb171d8e9a28fc837172f649
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed_axioms.i
@@ -0,0 +1,33 @@
+/* run.config
+ OPT: -wp-smoke-tests
+ */
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests
+*/
+
+/*@ axiomatic CFG {
+ predicate P(integer x);
+ predicate Q(integer x);
+ predicate R(integer x);
+ axiom init: P(0) && Q(0) && R(0);
+ axiom loop1: \forall integer n; P(n) ==> Q(n+1);
+ axiom loop2: \forall integer n; Q(n) ==> R(n+1);
+ axiom loop3: \forall integer n; R(n) ==> !P(n);
+ }*/
+
+
+int foo(int x)
+{
+ int n = 0;
+ /*@
+ loop invariant A: P(n);
+ loop invariant B: Q(n);
+ loop invariant C: R(n);
+ loop assigns n ;
+ */
+ while (x>0) {
+ n++;
+ }
+ return n;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/doomed_loop.i b/src/plugins/wp/tests/wp_plugin/doomed_loop.i
new file mode 100644
index 0000000000000000000000000000000000000000..4f230f9940cabb0b8b18f95345efb7b03faee1b0
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed_loop.i
@@ -0,0 +1,26 @@
+/* run.config
+ OPT: -wp-smoke-tests
+ */
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests
+*/
+
+/*@ axiomatic CFG {
+ predicate P(integer x);
+ }*/
+
+
+int foo(int x)
+{
+ int n = 0;
+ /*@
+ loop invariant A: P(n);
+ loop invariant B: !P(n);
+ loop assigns n ;
+ */
+ while (x>0) {
+ n++;
+ }
+ return n;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/doomed_report_ko.i b/src/plugins/wp/tests/wp_plugin/doomed_report_ko.i
new file mode 100644
index 0000000000000000000000000000000000000000..2189024b22ebf9d8292cfcc6b9aa7d7a6c7a9af6
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed_report_ko.i
@@ -0,0 +1,31 @@
+/* run.config
+ DONTRUN:
+*/
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests -wp-report tests/wp_plugin/doomed.report
+*/
+
+/*@ axiomatic CFG {
+ predicate P(integer x);
+ predicate Q(integer x);
+ predicate R(integer x);
+ axiom init: P(0) && Q(0) && R(0);
+ axiom loop1: \forall integer n; P(n) ==> Q(n+1);
+ axiom loop2: \forall integer n; Q(n) ==> R(n+1);
+ axiom loop3: \forall integer n; R(n) ==> !P(n);
+ }*/
+
+
+int foo(int x)
+{
+ int n = 0;
+ /*@
+ loop invariant A: P(n);
+ loop invariant B: Q(n);
+ loop invariant C: R(n);
+ loop assigns n ;
+ */
+ while (x>0) { n++; }
+ return n;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/doomed_report_ok.i b/src/plugins/wp/tests/wp_plugin/doomed_report_ok.i
new file mode 100644
index 0000000000000000000000000000000000000000..1b4f94519a27476677b15fee36c129bf4eb61e9a
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed_report_ok.i
@@ -0,0 +1,31 @@
+/* run.config
+ DONTRUN:
+*/
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests -wp-report tests/wp_plugin/doomed.report
+*/
+
+/*@ axiomatic CFG {
+ predicate P(integer x);
+ predicate Q(integer x);
+ predicate R(integer x);
+ axiom init: P(0) && Q(0) && R(0);
+ axiom loop1: \forall integer n; P(n) ==> Q(n+1);
+ axiom loop2: \forall integer n; Q(n) ==> R(n+1);
+ axiom loop3: \forall integer n; R(n) ==> P(n+1);
+ }*/
+
+
+int foo(int x)
+{
+ int n = 0;
+ /*@
+ loop invariant A: P(n);
+ loop invariant B: Q(n);
+ loop invariant C: R(n);
+ loop assigns n ;
+ */
+ while (x>0) { n++; }
+ return n;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/doomed_unroll.i b/src/plugins/wp/tests/wp_plugin/doomed_unroll.i
new file mode 100644
index 0000000000000000000000000000000000000000..dd025d4817a97adde1279711cbce88670b0e1f58
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/doomed_unroll.i
@@ -0,0 +1,16 @@
+/* run.config
+ OPT: -wp-smoke-tests -print
+ */
+
+/* run.config_qualif
+ OPT: -wp-smoke-tests
+*/
+
+void foo(void)
+{
+ int n = 3 ;
+ /*@
+ loop pragma UNROLL "completely", 4 ;
+ */
+ while (n>0) n--;
+}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
index c8a980291364c79ed27ab5f1a70676174e4b91f0..67dda1bd3fcfe40e62b094e3d07c9cda20424268 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
@@ -8,11 +8,7 @@
------------------------------------------------------------
Goal Assertion (file tests/wp_plugin/combined.c, line 27):
-Assume {
- Type: is_sint32(A).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
-}
+Assume { Type: is_sint32(A). }
Prove: (50 <= A) /\ (A <= 100).
------------------------------------------------------------
@@ -21,7 +17,7 @@ Goal Preservation of Invariant (file tests/wp_plugin/combined.c, line 29):
Assume {
Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(v) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: region(t.base) <= 0.
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
@@ -48,10 +44,10 @@ Goal Preservation of Invariant (file tests/wp_plugin/combined.c, line 30):
Let a = havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), 50).
Assume {
Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(v) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
@@ -78,7 +74,7 @@ Let x = 1 + j.
Assume {
Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(j) /\ is_sint32(x).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: region(t.base) <= 0.
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
@@ -107,10 +103,10 @@ Goal Assertion (file tests/wp_plugin/combined.c, line 40):
Let a = havoc(Mint_undef_1, Mint_0, shift_sint32(t, 0), 50).
Assume {
Type: is_sint32(A) /\ is_sint32(i_1) /\ is_sint32(j).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= 49).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
@@ -163,10 +159,10 @@ Call Result at line 38
Let a = shift_sint32(t, j).
Assume {
Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(j).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a, 1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
index 64a196879b2b1cf40de11dfa21d42323d711d0bb..ec243b296dbcdeaa02b776c5d185c6972a309bc4 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
@@ -13,10 +13,10 @@ Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
Let a_3 = havoc(Mint_undef_0, Mint_0, a_1, i).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
@@ -37,10 +37,10 @@ Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
Let a_3 = a_2[shift_sint32(a, i) <- a_2[shift_sint32(b, i)]].
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
@@ -73,7 +73,7 @@ Let a_3 = a_2[shift_sint32(a, i) <- a_2[shift_sint32(b, i)]].
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
@@ -105,10 +105,10 @@ Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
Let a_3 = shift_sint32(a, i_1).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
@@ -130,10 +130,10 @@ Let a_3 = a_2[shift_sint32(a, i) <- a_2[shift_sint32(b, i)]].
Let a_4 = shift_sint32(b, i_1).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
@@ -164,10 +164,10 @@ Let a_3 = shift_sint32(a, i).
Let a_4 = a_2[a_3 <- a_2[shift_sint32(b, i)]].
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed.0.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..4f81eda9072a018dd87cb2a73fc93e3c93f55773
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed.0.res.oracle
@@ -0,0 +1,21 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function bar
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/doomed.i, line 34) in 'bar':
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function buzz
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/doomed.i, line 40) in 'buzz':
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..c8ab85eccdbc7f840a36b3fbf2deb68d90795bb9
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle
@@ -0,0 +1,76 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function bar
+------------------------------------------------------------
+
+Goal Smoke_default_requires in 'bar':
+Assume { Type: is_sint32(x). (* Pre-condition *) Have: 0 < x. }
+Prove: false.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/doomed.i, line 34) in 'bar':
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function buzz
+------------------------------------------------------------
+
+Goal Smoke_default_requires in 'buzz':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/doomed.i, line 40) in 'buzz':
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function foo
+------------------------------------------------------------
+
+Goal Smoke_default_requires in 'foo':
+Assume {
+ Type: is_sint32(x).
+ (* Pre-condition *)
+ Have: (x < 0) /\ P_REQUIRES(0, x).
+ (* Pre-condition for 'A' *)
+ Have: (P_ASSUMES(1, x) -> ((3 <= x) /\ P_REQUIRES(1, x))).
+ (* Pre-condition for 'B' *)
+ Have: (P_ASSUMES(2, x) -> P_REQUIRES(2, x)).
+}
+Prove: false.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function foo with behavior A
+------------------------------------------------------------
+
+Goal Smoke_A_requires in 'foo':
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function foo with behavior B
+------------------------------------------------------------
+
+Goal Smoke_B_requires in 'foo':
+Assume {
+ Type: is_sint32(x).
+ (* Pre-condition *)
+ Have: (x < 0) /\ P_REQUIRES(0, x).
+ (* Pre-condition for 'A' *)
+ Have: (P_ASSUMES(1, x) -> ((3 <= x) /\ P_REQUIRES(1, x))).
+ (* Pre-condition for 'B' *)
+ Have: P_REQUIRES(2, x).
+ (* Pre-condition for 'B' *)
+ Have: P_ASSUMES(2, x).
+}
+Prove: false.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..01bfc26467c48618d00373b5b5ab26ad1ea8bdca
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle
@@ -0,0 +1,93 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_axioms.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function foo
+------------------------------------------------------------
+
+Goal Smoke_loop_invariant in 'foo' at loop (file tests/wp_plugin/doomed_axioms.i, line 29):
+Assume {
+ Type: is_sint32(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'A' *)
+ Have: P_P(n).
+}
+Prove: false.
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'A' (file tests/wp_plugin/doomed_axioms.i, line 24):
+Let x_1 = 1 + n.
+Assume {
+ Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
+ (* Invariant 'C' *)
+ Have: P_R(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'A' *)
+ Have: P_P(n).
+ (* Then *)
+ Have: 0 < x.
+}
+Prove: P_P(x_1).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'A' (file tests/wp_plugin/doomed_axioms.i, line 24):
+Prove: P_P(0).
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'B' (file tests/wp_plugin/doomed_axioms.i, line 25):
+Let x_1 = 1 + n.
+Assume {
+ Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
+ (* Invariant 'C' *)
+ Have: P_R(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'A' *)
+ Have: P_P(n).
+ (* Then *)
+ Have: 0 < x.
+}
+Prove: P_Q(x_1).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'B' (file tests/wp_plugin/doomed_axioms.i, line 25):
+Prove: P_Q(0).
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'C' (file tests/wp_plugin/doomed_axioms.i, line 26):
+Let x_1 = 1 + n.
+Assume {
+ Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
+ (* Invariant 'C' *)
+ Have: P_R(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'A' *)
+ Have: P_P(n).
+ (* Then *)
+ Have: 0 < x.
+}
+Prove: P_R(x_1).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'C' (file tests/wp_plugin/doomed_axioms.i, line 26):
+Prove: P_R(0).
+
+------------------------------------------------------------
+
+Goal Loop assigns (file tests/wp_plugin/doomed_axioms.i, line 27):
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..1eb7464b45e92019f3da245eacc0b0ae0f587632
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle
@@ -0,0 +1,38 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_loop.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function foo
+------------------------------------------------------------
+
+Goal Smoke_loop_invariant in 'foo' at loop (file tests/wp_plugin/doomed_loop.i, line 22):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'A' (file tests/wp_plugin/doomed_loop.i, line 18):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'A' (file tests/wp_plugin/doomed_loop.i, line 18):
+Prove: P_P(0).
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'B' (file tests/wp_plugin/doomed_loop.i, line 19):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'B' (file tests/wp_plugin/doomed_loop.i, line 19):
+Prove: !P_P(0).
+
+------------------------------------------------------------
+
+Goal Loop assigns (file tests/wp_plugin/doomed_loop.i, line 20):
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed_unroll.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed_unroll.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..3f7c7566dcfb0a1866791cfdbebc281e8c2699ba
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed_unroll.res.oracle
@@ -0,0 +1,46 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_unroll.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] tests/wp_plugin/doomed_unroll.i:15: Warning:
+ Missing assigns clause (assigns 'everything' instead)
+------------------------------------------------------------
+ Function foo
+------------------------------------------------------------
+
+Goal Preservation of Invariant (generated):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant (generated):
+Prove: true.
+
+------------------------------------------------------------
+/* Generated by Frama-C */
+void foo(void)
+{
+ int n = 3;
+ if (! (n > 0)) goto unrolling_2_loop;
+ n --;
+ unrolling_6_loop: ;
+ if (! (n > 0)) goto unrolling_2_loop;
+ n --;
+ unrolling_5_loop: ;
+ if (! (n > 0)) goto unrolling_2_loop;
+ n --;
+ unrolling_4_loop: ;
+ if (! (n > 0)) goto unrolling_2_loop;
+ n --;
+ unrolling_3_loop: ;
+ /*@ loop invariant \false;
+ loop pragma UNROLL "completely", 4;
+ loop pragma UNROLL "done", 4;
+ */
+ while (n > 0) n --;
+ unrolling_2_loop: ;
+ return;
+}
+
+
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle
index c2bc3a374169220eec347429f24c6bc1ed12db52..3caefec4a3e23f1ba1c48ddb04c7f69c6cc2f51f 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle
@@ -83,7 +83,7 @@ Let x = Mint_0[shiftfield_F1_S_param(closure_0)].
Assume {
Type: is_sint32(x).
(* Heap *)
- Have: (region(closure_0.base) <= 0) /\ framed(Mptr_0).
+ Type: (region(closure_0.base) <= 0) /\ framed(Mptr_0).
(* Pre-condition *)
Have: (a = a_1) \/ ((a = a_2) /\ (abs_int(x) <= 5)).
}
@@ -110,7 +110,7 @@ Let x = Mint_0[shiftfield_F1_S_param(closure_0)].
Assume {
Type: is_sint32(x).
(* Heap *)
- Have: (region(closure_0.base) <= 0) /\ framed(Mptr_0).
+ Type: (region(closure_0.base) <= 0) /\ framed(Mptr_0).
(* Pre-condition *)
Have: abs_int(x) <= 5.
(* Instance of 'f1' *)
@@ -132,10 +132,10 @@ Prove: true.
Goal Post-condition (file tests/wp_plugin/dynamic.i, line 38) in 'guarded_call' (1/2):
Assume {
Type: is_sint32(X).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ framed(Mptr_0).
(* Goal *)
When: Mptr_0[shiftfield_F1_S_f(p)] = global(0).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ framed(Mptr_0).
(* Else *)
Have: G_g_46 = 0.
}
@@ -164,7 +164,7 @@ Prove: true.
------------------------------------------------------------
Goal Call point h1 in 'missing_context' at instruction (file tests/wp_plugin/dynamic.i, line 87):
-Assume { (* Heap *) Have: region(p.base) <= 0. }
+Assume { (* Heap *) Type: region(p.base) <= 0. }
Prove: global(G_h1_59) = p.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/frame.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/frame.res.oracle
index 8b51eb581fd1b78a01830ba0c3fbde6d22aee74c..a4a77a805e6fe07bec1f37c60b9ef7a1ae3d79bd 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/frame.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/frame.res.oracle
@@ -11,11 +11,7 @@ Goal Post-condition 'KO' in 'alias':
Let a = global(P_r_39).
Let x = Mint_1[a].
Let x_1 = Mint_0[a].
-Assume {
- Type: is_sint32(x) /\ is_sint32(x_1).
- (* Heap *)
- Have: linked(Malloc_0).
-}
+Assume { Type: is_sint32(x) /\ is_sint32(x_1). }
Prove: x_1 = x.
------------------------------------------------------------
@@ -52,7 +48,7 @@ Let x_1 = Mint_0[p].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/init_const.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/init_const.res.oracle
index 1b08f4fd2a0d83136011244bc588fc69e3fd7ed0..dcdf495be1735ff0bb52b336f437ad08c3bf7eba 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/init_const.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/init_const.res.oracle
@@ -16,6 +16,8 @@ Let x_4 = x + x_1 + x_2 + x_3.
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3) /\
is_sint32(x_4).
+ (* Heap *)
+ Type: IsArray1_sint32(A).
}
Prove: x_4 = 6.
@@ -33,7 +35,8 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'KO' in 'fC':
-Let x = A[3]. Assume { Type: is_sint32(x). }
+Let x = A[3].
+Assume { Type: is_sint32(x). (* Heap *) Type: IsArray1_sint32(A). }
Prove: x = 0.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/init_const_guard.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/init_const_guard.res.oracle
index 2ca552720f5614716129614a3d72117f1af028f6..a055c763f2292c7d99c9163ff12edbc76a483055 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/init_const_guard.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/init_const_guard.res.oracle
@@ -13,7 +13,7 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'Pointed_Valid' in 'f':
-Assume { (* Heap *) Have: (region(G_x_18) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rw(Malloc_0, global(G_x_18), 1).
------------------------------------------------------------
@@ -37,7 +37,7 @@ Prove: true.
------------------------------------------------------------
Goal Assertion 'Read' (file tests/wp_plugin/init_const_guard.i, line 31):
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rd(Malloc_0, global(G_x_18), 1).
------------------------------------------------------------
@@ -46,7 +46,7 @@ Goal Assertion 'Guard_against_Const' (file tests/wp_plugin/init_const_guard.i, l
Let a = global(G_x_18).
Assume {
(* Heap *)
- Have: (region(p.base) <= 0) /\ linked(Malloc_0).
+ Type: linked(Malloc_0).
(* Assertion 'Read' *)
Have: valid_rd(Malloc_0, a, 1).
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/initarr.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/initarr.res.oracle
index fc2ec450b36b9b5db65e304f4fe78260882dba1c..59ec8e297714d56d1c5de2f18c2c9956bcb192e1 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/initarr.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/initarr.res.oracle
@@ -14,6 +14,9 @@ Let a_2 = A[0].
Let a_3 = A[i].
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: forall i_1 : Z. let a_4 = A[i_1] in (region(a_4.F1_f.base) <= 0) /\
+ (region(a_4.F1_g.base) <= 0).
(* Initializer *)
Init: (a_2.F1_f) = global(G_a_18).
(* Initializer *)
@@ -26,9 +29,6 @@ Assume {
Init: (a.F1_f) = global(G_e_22).
(* Initializer *)
Init: (a.F1_g) = global(G_f_23).
- (* Heap *)
- Have: forall i_1 : Z. let a_4 = A[i_1] in (region(a_4.F1_f.base) <= 0) /\
- (region(a_4.F1_g.base) <= 0).
(* Pre-condition *)
Have: (0 <= i) /\ (i <= 2).
}
@@ -43,15 +43,15 @@ Let a_2 = global(G_a_18).
Let a_3 = A[i].F1_f.
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: forall i_1 : Z. let a_4 = A[i_1] in (region(a_4.F1_f.base) <= 0) /\
+ (region(a_4.F1_g.base) <= 0).
(* Initializer *)
Init: (A[0].F1_f) = a_2.
(* Initializer *)
Init: (A[1].F1_f) = a_1.
(* Initializer *)
Init: (A[2].F1_f) = a.
- (* Heap *)
- Have: forall i_1 : Z. let a_4 = A[i_1] in (region(a_4.F1_f.base) <= 0) /\
- (region(a_4.F1_g.base) <= 0).
(* Pre-condition *)
Have: (0 <= i) /\ (i <= 2).
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/injector.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/injector.res.oracle
index b39ab14d75f77784a22a17a6b1ab5784d280e437..9f80dffaa4d14bf53dbc7dcf512eb9a6331d9cb8 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/injector.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/injector.res.oracle
@@ -91,6 +91,8 @@ Let x = out_0[0].
Let x_1 = inp_0[0].
Assume {
Type: is_sint32(b) /\ is_sint32(v) /\ is_sint32(x_1) /\ is_sint32(x).
+ (* Heap *)
+ Type: IsArray1_sint32(inp_1) /\ IsArray1_sint32(out_0).
If x != 33
Then { Have: inp_1[0 <- v] = inp_0. }
Else { (* Call Effects *) Have: inp_1[0 <- v][1 <- b] = inp_0. }
@@ -104,6 +106,8 @@ Prove: x_1 = b.
Goal Post-condition for 'ko_1' 'qed_ko' in 'f':
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(out_0).
(* Pre-condition for 'ko_1' *)
Have: out_0[0] = 33.
(* Pre-condition for 'ko_1' *)
@@ -116,6 +120,8 @@ Prove: false.
Goal Post-condition for 'ko_1' 'qed_ko' in 'f':
Assume {
Type: is_sint32(b) /\ is_sint32(v).
+ (* Heap *)
+ Type: IsArray1_sint32(out_0).
(* Pre-condition for 'ko_1' *)
Have: out_0[0] = 33.
(* Pre-condition for 'ko_1' *)
@@ -127,6 +133,8 @@ Prove: v = b.
Goal Post-condition for 'ko_1' 'qed_ko' in 'f':
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(out_0).
(* Pre-condition for 'ko_1' *)
Have: out_0[0] = 33.
(* Pre-condition for 'ko_1' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
index d5d305307f23e4415a29ede3b893e8c8abc50aa7..9dd899de5f15ff0d23edd240f05b69e72668c3f6 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
@@ -13,10 +13,10 @@ Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (i_1 <= b) /\ (a <= i_1) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'qed_ok' *)
@@ -38,7 +38,7 @@ Let x_1 = 1 + i.
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'qed_ok' *)
@@ -57,7 +57,7 @@ Goal Establishment of Invariant 'qed_ok' (file tests/wp_plugin/loop.i, line 12):
Assume {
Type: is_sint32(a) /\ is_sint32(b).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
}
@@ -71,10 +71,10 @@ Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (a <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'qed_ok' *)
@@ -112,10 +112,10 @@ Let x = -a.
Let a_2 = shift_sint32(t, i).
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
(* Invariant 'qed_ok' *)
@@ -139,7 +139,7 @@ Assume {
Have: !invalid(Malloc_0, a_1, i - a).
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/model.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/model.res.oracle
index 55375f62ab76c16dc9f864f4786444ed828128cb..b0884297aa8fac4251acf6f6080b971962d49504 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/model.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/model.res.oracle
@@ -87,7 +87,7 @@ Let x = Mint_0[shift_sint32(p, k)].
Assume {
Type: is_sint32(k) /\ is_sint32(x).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: P_P(x).
@@ -204,7 +204,7 @@ Let x = Mint_0[shift_sint32(p, k)].
Assume {
Type: is_sint32(k) /\ is_sint32(x).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: P_P(x).
@@ -215,7 +215,7 @@ Let x = Mint_0[shift_sint32(p, k)].
Assume {
Type: is_sint32(k) /\ is_sint32(x).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: P_P(x).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/overarray.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/overarray.res.oracle
index 1af09626913019a174131c51ab2be302479051f0..d314b7d06ef44618e72c98a0e90b6eb50d2f31b2 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/overarray.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/overarray.res.oracle
@@ -62,9 +62,11 @@ Prove: true.
Goal Assigns nothing in 'f5_ko':
Call Effect at line 25
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(A).
(* Exit Effects *)
Have: forall i : Z. let x = 15 + i in (((-15) <= i) -> ((i <= 4) ->
- (((i < 0) \/ (10 <= i)) -> (A[x] = A_1[x])))).
+ (((i < 0) \/ (10 <= i)) -> (A_1[x] = A[x])))).
}
Prove: false.
@@ -73,9 +75,11 @@ Prove: false.
Goal Assigns nothing in 'f5_ko':
Call Effect at line 25
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(A).
(* Call Effects *)
Have: forall i : Z. let x = 15 + i in (((-15) <= i) -> ((i <= 4) ->
- (((i < 0) \/ (10 <= i)) -> (A[x] = A_1[x])))).
+ (((i < 0) \/ (10 <= i)) -> (A_1[x] = A[x])))).
}
Prove: false.
@@ -87,9 +91,11 @@ Prove: false.
Goal Assigns nothing in 'f6_ko':
Call Effect at line 28
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(A).
(* Exit Effects *)
Have: forall i : Z. let x = i - 5 in ((5 <= i) -> ((i <= 24) ->
- (((i < 0) \/ (10 <= i)) -> (A[x] = A_1[x])))).
+ (((i < 0) \/ (10 <= i)) -> (A_1[x] = A[x])))).
}
Prove: false.
@@ -98,9 +104,11 @@ Prove: false.
Goal Assigns nothing in 'f6_ko':
Call Effect at line 28
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(A).
(* Call Effects *)
Have: forall i : Z. let x = i - 5 in ((5 <= i) -> ((i <= 24) ->
- (((i < 0) \/ (10 <= i)) -> (A[x] = A_1[x])))).
+ (((i < 0) \/ (10 <= i)) -> (A_1[x] = A[x])))).
}
Prove: false.
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/overassign.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/overassign.res.oracle
index b558a7a6296bf15d1062d6fc9fa45545aadd40ba..67cb9a837b5f4ccacc3c14f893bc374f998a6475 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/overassign.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/overassign.res.oracle
@@ -39,14 +39,14 @@ Prove: true.
Goal Assigns nothing in 'f3_ok':
Call Effect at line 20
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 20), 10).
------------------------------------------------------------
Goal Assigns nothing in 'f3_ok':
Call Effect at line 20
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 20), 10).
------------------------------------------------------------
@@ -56,14 +56,14 @@ Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 20), 10).
Goal Assigns nothing in 'f4_ok':
Call Effect at line 23
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), -10), 10).
------------------------------------------------------------
Goal Assigns nothing in 'f4_ok':
Call Effect at line 23
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), -10), 10).
------------------------------------------------------------
@@ -73,14 +73,14 @@ Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), -10), 10).
Goal Assigns nothing in 'f5_ko':
Call Effect at line 26
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 15), 10).
------------------------------------------------------------
Goal Assigns nothing in 'f5_ko':
Call Effect at line 26
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 15), 10).
------------------------------------------------------------
@@ -90,14 +90,14 @@ Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), 15), 10).
Goal Assigns nothing in 'f6_ko':
Call Effect at line 29
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), -5), 10).
------------------------------------------------------------
Goal Assigns nothing in 'f6_ko':
Call Effect at line 29
-Assume { (* Heap *) Have: (region(G_A_30) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, shift_sint32(global(G_A_30), -5), 10).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
index 52973b74fb00a1db4176626f2687e8d880afda50..ec3540368c3c5c7d195fb1ee82d527553e30fc70 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
@@ -12,7 +12,7 @@ Assume {
Type: is_sint32(diag_0) /\ is_sint32(i) /\ is_sint32(i_1) /\
is_sint32(j) /\ is_sint32(m) /\ is_sint32(n).
(* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0).
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: (0 <= m) /\ (0 <= n).
(* Invariant 'PI' *)
@@ -52,7 +52,7 @@ Assume {
Type: is_sint32(i) /\ is_sint32(j) /\ is_sint32(m) /\ is_sint32(n) /\
is_sint32(1 + i).
(* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0).
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: (0 <= m) /\ (0 <= n).
(* Invariant 'PI' *)
@@ -84,10 +84,10 @@ Goal Preservation of Invariant 'PI' (file tests/wp_plugin/prenex.i, line 21):
Assume {
Type: is_sint32(i_2) /\ is_sint32(j) /\ is_sint32(m) /\ is_sint32(n) /\
is_sint32(1 + i_2).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i_1 < m) /\ (i <= i_2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: (0 <= m) /\ (0 <= n).
(* Invariant 'PI' *)
@@ -122,7 +122,7 @@ Assume {
Type: is_sint32(i) /\ is_sint32(j) /\ is_sint32(m) /\ is_sint32(n) /\
is_sint32(1 + j) /\ is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0).
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: (0 <= m) /\ (0 <= n).
(* Invariant 'PI' *)
@@ -158,10 +158,10 @@ Let x_1 = Mint_0[shift_sint32(q, j)].
Assume {
Type: is_sint32(i) /\ is_sint32(j) /\ is_sint32(m) /\ is_sint32(n) /\
is_sint32(1 + j) /\ is_sint32(x) /\ is_sint32(x_1).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= j).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
Have: (0 <= m) /\ (0 <= n).
(* Invariant 'PI' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
index bbe03a5db46ba4251b369355b73707cc463d1b11..1ece42d9dc380401bdc2379bcb8760d9f2397786 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
@@ -18,6 +18,8 @@ Goal Preservation of Invariant (file tests/wp_plugin/repeat.c, line 61):
Let a = L_sequence(calls_1).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: is_sint32(calls_0).
(* Pre-condition *)
Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
(* Invariant *)
@@ -47,6 +49,8 @@ Let a_2 = [ 1, 2 ].
Let x = 1 + i.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(calls_1).
(* Pre-condition *)
Have: (L_sequence(calls_1) = nil) /\ (0 <= n).
(* Invariant *)
@@ -118,6 +122,8 @@ Let a_1 = (a *^ i).
Let a_2 = a_1 ^ [ 1, 2 ].
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: is_sint32(calls_0).
(* Pre-condition *)
Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
(* Call 'f' *)
@@ -139,6 +145,8 @@ Goal Preservation of Invariant (file tests/wp_plugin/repeat.c, line 81):
Let a = ([ 1, 2 ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: is_sint32(calls_0).
(* Pre-condition *)
Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
(* Call 'f' *)
@@ -170,6 +178,8 @@ Let a_2 = a_1 ^ [ 1, 2 ].
Let x = 1 + i.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
+ (* Heap *)
+ Type: is_sint32(calls_0).
(* Pre-condition *)
Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
(* Call 'f' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
index a24c4844f884b5e3e2003b0ef6658ff760dc5f16..897f3be73baecb92a0425a1729eb6b8671598dfb 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
@@ -18,6 +18,8 @@ Let a_1 = [ x ] ^ a ^ [ z ].
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
@@ -42,6 +44,8 @@ Let a = ([ y ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(1 + i).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
@@ -71,6 +75,8 @@ Let a = ([ y ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(1 + i).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
@@ -101,6 +107,8 @@ Let x_1 = 1 + i.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(x_1).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
@@ -172,6 +180,8 @@ Let a = ([ y ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Pre-condition for 'g_called' *)
@@ -206,6 +216,8 @@ Let a = ([ y ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Pre-condition for 'g_not_called' *)
@@ -232,6 +244,8 @@ Let a = ([ y ] *^ i).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x) /\ is_sint32(y) /\
is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Pre-condition for 'g_not_called' *)
@@ -262,7 +276,12 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'ok,m2' in 'no_calls':
-Assume { (* Pre-condition *) Have: L_call_obs(call_seq_0) = nil. }
+Assume {
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
+ (* Pre-condition *)
+ Have: L_call_obs(call_seq_0) = nil.
+}
Prove: length(L_call_nil) = 0.
------------------------------------------------------------
@@ -273,13 +292,23 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'ok,n2' in 'no_calls':
-Assume { (* Pre-condition *) Have: L_call_obs(call_seq_0) = nil. }
+Assume {
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
+ (* Pre-condition *)
+ Have: L_call_obs(call_seq_0) = nil.
+}
Prove: L_call_nil = nil.
------------------------------------------------------------
Goal Post-condition 'ok,n3' in 'no_calls':
-Assume { (* Pre-condition *) Have: L_call_obs(call_seq_0) = nil. }
+Assume {
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
+ (* Pre-condition *)
+ Have: L_call_obs(call_seq_0) = nil.
+}
Prove: L_call_nil = nil.
------------------------------------------------------------
@@ -287,6 +316,8 @@ Prove: L_call_nil = nil.
Goal Post-condition 'ok,bug_why3,n5' in 'no_calls':
Assume {
Type: is_sint32(a).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Goal *)
When: 0 <= a.
(* Pre-condition *)
@@ -304,6 +335,8 @@ Prove: true.
Goal Post-condition 'ok,bug_why3,n5_ok' in 'no_calls':
Assume {
Type: is_sint32(a).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
}
@@ -355,6 +388,8 @@ Prove: true.
Goal Post-condition for 'g_called' 'ok,p3' in 'sequence':
Assume {
Type: is_sint32(c) /\ is_sint32(x) /\ is_sint32(y) /\ is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Pre-condition for 'g_called' *)
@@ -391,6 +426,8 @@ Prove: true.
Goal Post-condition for 'g_not_called' 'ok,q3' in 'sequence':
Assume {
Type: is_sint32(x) /\ is_sint32(z).
+ (* Heap *)
+ Type: is_sint32(call_seq_0).
(* Pre-condition *)
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
index 7de5c690d8ad85af8707b87772b3b9380bcc422a..42a767b4657d31d0c2611266d24a15f4b230a1b1 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
@@ -10,7 +10,7 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Assume {
Type: is_uint32(i) /\ is_uint32(n).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -40,7 +40,7 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Assume {
Type: is_uint32(i) /\ is_uint32(n).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -62,8 +62,8 @@ Goal Establishment of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line
Assume {
Type: is_uint32(n).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
- linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ linked(Malloc_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n) /\
@@ -79,11 +79,11 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = a_1[shift_sint8(dest_0, i) <- a_1[shift_sint8(src_0, i)]].
Assume {
Type: is_uint32(i) /\ is_uint32(n).
- (* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n) /\
@@ -123,11 +123,11 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(dest_0, i).
Assume {
Type: is_uint32(i) /\ is_uint32(n).
- (* Goal *)
- When: !invalid(Malloc_0, a_2, 1).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n) /\
@@ -156,7 +156,7 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Assume {
Type: is_uint32(i) /\ is_uint32(n).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -184,7 +184,7 @@ Assume {
Type: is_uint32(i) /\ is_uint32(i_1) /\ is_uint32(n) /\
is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -255,7 +255,7 @@ Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -291,8 +291,7 @@ Let a_1 = shift_sint8(s, 0).
Assume {
Type: is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
- sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -317,11 +316,11 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(s, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
+ (* Goal *)
+ When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -363,11 +362,11 @@ Let a_2 = shift_sint8(s, 0).
Let a_3 = shift_sint8(s, i_1).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: (i_1 < n) /\ (to_uint32(1 + i) <= i_1).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
+ (* Goal *)
+ When: (i_1 < n) /\ (to_uint32(1 + i) <= i_1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -408,7 +407,7 @@ Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -444,8 +443,7 @@ Let a_1 = shift_sint8(s, 0).
Assume {
Type: is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
- sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -470,11 +468,11 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(s, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: (i_1 < n) /\ (to_uint32(i - 1) < i_1).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
+ (* Goal *)
+ When: (i_1 < n) /\ (to_uint32(i - 1) < i_1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -509,11 +507,11 @@ Let a = shift_sint8(dest_0, 0).
Let a_1 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: (i < n) /\ (to_uint32(n - 1) < i).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: (i < n) /\ (to_uint32(n - 1) < i).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n).
@@ -539,11 +537,11 @@ Let a_2 = shift_sint8(s, 0).
Let a_3 = shift_sint8(s, i_1).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: (0 <= i_1) /\ (i_1 <= to_uint32(i - 1)).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
+ (* Goal *)
+ When: (0 <= i_1) /\ (i_1 <= to_uint32(i - 1)).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, s, n).
@@ -596,11 +594,11 @@ Let a_2 = shift_sint8(src_0, 0).
Let a_3 = shift_sint8(d, i).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: !invalid(Malloc_0, a_3, 1).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n).
@@ -648,11 +646,11 @@ Let a_2 = shift_sint8(src_0, 0).
Let a_3 = shift_sint8(d, i).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: !invalid(Malloc_0, a_3, 1).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n).
@@ -722,11 +720,11 @@ Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
- (* Goal *)
- When: !invalid(Malloc_0, a, 1).
(* Heap *)
- Have: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
+ (* Goal *)
+ When: !invalid(Malloc_0, a, 1).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, d, n) /\
P_valid_read_or_empty(Malloc_0, src_0, n).
@@ -768,7 +766,7 @@ Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
@@ -810,7 +808,7 @@ Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_uint32(i) /\ is_uint32(n) /\ is_sint32(memoverlap_0).
(* Heap *)
- Have: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
+ Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/subset.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/subset.res.oracle
index 03dfc37e0742fdca4b0015d23d2b4da2f6924cea..29cc3bb629733ce01d9585801f991c7d1035b558 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/subset.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/subset.res.oracle
@@ -13,7 +13,7 @@ Let x_1 = a.base.
Assume {
Type: is_sint32(mem_0) /\ is_sint32(n).
(* Heap *)
- Have: (region(x_1) <= 0) /\ (region(x) <= 0).
+ Type: (region(x_1) <= 0) /\ (region(x) <= 0).
(* Pre-condition *)
Have: x = x_1.
If addr_le(b, a)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/subset_fopen.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/subset_fopen.res.oracle
index 33330929cf4bf79611ac9dd3e14ee1bfe251cce7..eec7909c06154fa357a353f9fb52f211d1a5e68a 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/subset_fopen.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/subset_fopen.res.oracle
@@ -8,7 +8,7 @@
------------------------------------------------------------
Goal Assertion 'Ok_A' (file tests/wp_plugin/subset_fopen.c, line 17):
-Assume { Type: is_sint32(i). (* Heap *) Have: linked(Malloc_0). }
+Assume { Type: is_sint32(i). }
Prove: (0 <= i) /\ (i <= 9).
------------------------------------------------------------
@@ -31,10 +31,10 @@ Prove: true.
Goal Assertion 'Ok_E' (file tests/wp_plugin/subset_fopen.c, line 26):
Assume {
Type: is_sint32(i).
+ (* Heap *)
+ Type: linked(Malloc_0).
(* Goal *)
When: null != p.
- (* Heap *)
- Have: linked(Malloc_0).
(* Assertion 'Ok_A' *)
Have: (0 <= i) /\ (i <= 9).
(* Call 'fopen' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.0.res.oracle
index 562b4a5e1cf94fc4de3fe2fbc20a460ffff3e85b..45858c34dea99fd999b7895364f420838278f42c 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.0.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.0.res.oracle
@@ -3,6 +3,30 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function ASSIGN_NO_UNFOLD_KO
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 62) in 'ASSIGN_NO_UNFOLD_KO':
+Effect at line 65
+Assume {
+ (* Heap *)
+ Type: (region(s.base) <= 0) /\ linked(Malloc_0).
+ (* Goal *)
+ When: !invalid(Malloc_0, s, 2).
+}
+Prove: false.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function ASSIGN_NO_UNFOLD_OK
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 56) in 'ASSIGN_NO_UNFOLD_OK':
+Effect at line 59
+Prove: true.
+
+------------------------------------------------------------
------------------------------------------------------------
Function NO_UNFOLD_KO
------------------------------------------------------------
@@ -10,10 +34,10 @@
Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 33) in 'NO_UNFOLD_KO':
Call Effect at line 35
Assume {
+ (* Heap *)
+ Type: (region(s.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, s, 2).
- (* Heap *)
- Have: (region(s.base) <= 0) /\ linked(Malloc_0).
}
Prove: false.
@@ -22,10 +46,10 @@ Prove: false.
Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 33) in 'NO_UNFOLD_KO':
Call Effect at line 35
Assume {
+ (* Heap *)
+ Type: (region(s.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, s, 2).
- (* Heap *)
- Have: (region(s.base) <= 0) /\ linked(Malloc_0).
}
Prove: false.
@@ -84,10 +108,10 @@ Let a = Load_S1_S(q, Mint_0).
Let a_1 = Load_S1_S(q, havoc(Mint_undef_0, Mint_0, p, 2)).
Assume {
Type: IsS1_S(a) /\ IsS1_S(a_1).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: separated(p, 2, q, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: EqS1_S(a_1, a).
@@ -96,10 +120,10 @@ Prove: EqS1_S(a_1, a).
Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 49) in 'USE_ASSIGN_UNFOLD_KO':
Call Effect at line 53
Assume {
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, p, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: false.
@@ -108,10 +132,10 @@ Prove: false.
Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 49) in 'USE_ASSIGN_UNFOLD_KO':
Call Effect at line 53
Assume {
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, p, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: false.
@@ -125,10 +149,10 @@ Let a = Load_S1_S(q, Mint_0).
Let a_1 = Load_S1_S(q, havoc(Mint_undef_0, Mint_0, p, 2)).
Assume {
Type: IsS1_S(a) /\ IsS1_S(a_1).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: separated(p, 2, q, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: EqS1_S(a_1, a).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.1.res.oracle
index b4b3786d454804de4c7b204358f23839982a9fd0..ab37e2fb1b55d3d83eb32d7489ddfed5c22c2ef7 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.1.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unfold_assigns.1.res.oracle
@@ -3,6 +3,24 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function ASSIGN_NO_UNFOLD_KO
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 62) in 'ASSIGN_NO_UNFOLD_KO':
+Effect at line 65
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function ASSIGN_NO_UNFOLD_OK
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_plugin/unfold_assigns.i, line 56) in 'ASSIGN_NO_UNFOLD_OK':
+Effect at line 59
+Prove: true.
+
+------------------------------------------------------------
------------------------------------------------------------
Function NO_UNFOLD_KO
------------------------------------------------------------
@@ -72,10 +90,10 @@ Let a = Load_S1_S(q, Mint_0).
Let a_1 = Load_S1_S(q, havoc(Mint_undef_0, Mint_0, p, 2)).
Assume {
Type: IsS1_S(a) /\ IsS1_S(a_1).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: separated(p, 2, q, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: EqS1_S(a_1, a).
@@ -101,10 +119,10 @@ Let a = Load_S1_S(q, Mint_0).
Let a_1 = Load_S1_S(q, havoc(Mint_undef_0, Mint_0, p, 2)).
Assume {
Type: IsS1_S(a) /\ IsS1_S(a_1).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: separated(p, 2, q, 2).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
}
Prove: EqS1_S(a_1, a).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
index a47827c25ddd95445b957e641150c7d8a5110713..05fc31fd1c18b2deac8ba6a94f1586ae0218dd75 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
@@ -13,7 +13,7 @@ Goal Post-condition 'zero' in 'unrolled_loop':
Let a = shift_uint32(t, 0).
Assume {
(* Heap *)
- Have: (region(t.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 16).
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unsafe-arrays.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unsafe-arrays.0.res.oracle
index 3b81da4ad342e4a7eae148dedc0b306962608d77..77915655ed3f715c679a25dded7de594d39c9008 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unsafe-arrays.0.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unsafe-arrays.0.res.oracle
@@ -20,7 +20,7 @@ Prove: true.
Goal Post-condition 'INDIRP' in 'f':
Assume {
(* Heap *)
- Have: (region(p.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(p.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, p, 10).
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unsupported_init.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unsupported_init.res.oracle
index df7048c1e5ba92aafecac346399e2538ac4c47c3..de62939814872ec39bd54585f6d53d134a7c622f 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unsupported_init.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unsupported_init.res.oracle
@@ -25,7 +25,6 @@ tests/wp_plugin/unsupported_init.i:1: warning from wp:
- Warning: Target turned to False, looking for context inconsistency
Reason: Allocation, initialization and danglingness not yet implemented
(r1: \initialized(Y + (0 .. 99)))
-Assume { (* Heap *) Have: (region(A.base) <= 0) /\ (region(B.base) <= 0). }
Prove: false.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/volatile.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/volatile.0.res.oracle
index 103487be49e4c6258f5e21eb6a85cbe446cabc23..0c06a8becec85b905f2f501ec5d78ba93f9bd10c 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/volatile.0.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/volatile.0.res.oracle
@@ -33,7 +33,6 @@ Prove: true.
------------------------------------------------------------
Goal Assertion 'KO_WHEN_VOLATILE' (file tests/wp_plugin/volatile.i, line 35):
-Assume { (* Heap *) Have: region(p.base) <= 0. }
Prove: EqS1_st_v(w, w_1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..542834c6d2839b0452d87244e03d6abb06933910
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed.res.oracle
@@ -0,0 +1,24 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] 7 goals scheduled
+[wp] Smoke-test typed_bar_smoke_default_requires : Passed (Alt-Ergo 2.0.0)
+[wp] [Qed] Goal typed_bar_ensures : Valid
+[wp:smoke] tests/wp_plugin/doomed.i:41: Warning:
+ Smoke-test typed_buzz_smoke_default_requires : Failed (Qed)
+[wp] [Qed] Goal typed_buzz_ensures : Valid
+[wp] Smoke-test typed_foo_smoke_default_requires : Passed (Alt-Ergo 2.0.0)
+[wp:smoke] tests/wp_plugin/doomed.i:27: Warning:
+ Smoke-test typed_foo_smoke_A_requires : Failed (Qed)
+[wp] Smoke-test typed_foo_smoke_B_requires : Passed (Alt-Ergo 2.0.0)
+[wp] Proved goals: 5 / 7
+ Qed: 2 (failed: 2)
+ Alt-Ergo 2.0.0: 3
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo - 2 3 66.7%
+ bar 1 1 2 100%
+ buzz 1 - 2 50.0%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_axioms.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_axioms.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..d5398e8816cf54a53182b6602044abd98464469f
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_axioms.res.oracle
@@ -0,0 +1,22 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_axioms.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] 8 goals scheduled
+[wp:smoke] tests/wp_plugin/doomed_axioms.i:29: Warning:
+ Smoke-test typed_foo_smoke_loop_invariant_s2 : Failed (Alt-Ergo 2.0.0)
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_established : Valid
+[wp] [Qed] Goal typed_foo_loop_assigns : Valid
+[wp] Proved goals: 7 / 8
+ Qed: 1
+ Alt-Ergo 2.0.0: 6 (failed: 1)
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo 1 6 8 87.5%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_loop.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..70a79940be0d36ed8aacad162df791401739c36a
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_loop.res.oracle
@@ -0,0 +1,20 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_loop.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] 6 goals scheduled
+[wp:smoke] tests/wp_plugin/doomed_loop.i:22: Warning:
+ Smoke-test typed_foo_smoke_loop_invariant_s2 : Failed (Qed)
+[wp] [Qed] Goal typed_foo_loop_invariant_A_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_established : Unsuccess
+[wp] [Qed] Goal typed_foo_loop_invariant_B_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_established : Unsuccess
+[wp] [Qed] Goal typed_foo_loop_assigns : Valid
+[wp] Proved goals: 3 / 6
+ Qed: 3 (failed: 1)
+ Alt-Ergo 2.0.0: 0 (unsuccess: 2)
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo 3 - 6 50.0%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ko.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ko.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..bf89629007a7d865e96228c7c6179ca1c0223ea1
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ko.res.oracle
@@ -0,0 +1,34 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_report_ko.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] 8 goals scheduled
+[wp:smoke] tests/wp_plugin/doomed_report_ko.i:29: Warning:
+ Smoke-test typed_foo_smoke_loop_invariant_s2 : Failed (Alt-Ergo 2.0.0)
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_established : Valid
+[wp] [Qed] Goal typed_foo_loop_assigns : Valid
+[wp] Proved goals: 7 / 8
+ Qed: 1
+ Alt-Ergo 2.0.0: 6 (failed: 1)
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo 1 6 8 87.5%
+------------------------------------------------------------
+ Qed Ergo Failed
+ foo_loop_assigns 1 - -
+ foo_loop_invariant_A - 2 -
+ foo_loop_invariant_B - 2 -
+ foo_loop_invariant_C - 2 -
+ foo_smoke_loop_invariant_s2 - - 1
+-------------------------------------------------------------
+Success: 80.0%
+ Total : 5 properties
+ Valid : 4
+ Failed : 1
+-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ok.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ok.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..38f4493ea80b93919bace84c94eb0b2a32911a4e
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_report_ok.res.oracle
@@ -0,0 +1,33 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_report_ok.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] 8 goals scheduled
+[wp] Smoke-test typed_foo_smoke_loop_invariant_s2 : Passed (Alt-Ergo 2.0.0)
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_A_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_B_established : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_preserved : Valid
+[wp] [Alt-Ergo 2.0.0] Goal typed_foo_loop_invariant_C_established : Valid
+[wp] [Qed] Goal typed_foo_loop_assigns : Valid
+[wp] Proved goals: 8 / 8
+ Qed: 1
+ Alt-Ergo 2.0.0: 7
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo 1 7 8 100%
+------------------------------------------------------------
+ Qed Ergo Failed
+ foo_loop_assigns 1 - -
+ foo_loop_invariant_A - 2 -
+ foo_loop_invariant_B - 2 -
+ foo_loop_invariant_C - 2 -
+ foo_smoke_loop_invariant_s2 - 1 -
+-------------------------------------------------------------
+Success: 100%
+ Total : 5 properties
+ Valid : 5
+ Failed : -
+-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_unroll.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_unroll.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..236bb768af819213e23ca5e4811ad31fc14adf13
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/doomed_unroll.res.oracle
@@ -0,0 +1,16 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_plugin/doomed_unroll.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Loading driver 'share/wp.driver'
+[wp] Warning: Missing RTE guards
+[wp] tests/wp_plugin/doomed_unroll.i:15: Warning:
+ Missing assigns clause (assigns 'everything' instead)
+[wp] 2 goals scheduled
+[wp] [Qed] Goal typed_foo_loop_invariant_preserved : Valid
+[wp] [Qed] Goal typed_foo_loop_invariant_established : Valid
+[wp] Proved goals: 2 / 2
+ Qed: 2
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ foo 2 - 2 100%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/nowp.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/nowp.res.oracle
index a3a203eb6c7478a61e9b00e6cb453d8f211bda4f..28d3b1aac6194de68decb3aad592930d7d05c1d2 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/nowp.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/nowp.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/removed.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/removed.res.oracle
index 6d0cc9b254aacf4b66f52aa978d3e39177846932..f231fb042cb674fa3721a3af5e738e95e098f545 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/removed.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/removed.res.oracle
@@ -18,5 +18,4 @@
[wp] Proved goals: 0 / 1
Alt-Ergo 2.0.0: 0 (unsuccess: 1)
[wp] Running WP plugin...
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/sequence.2.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/sequence.2.res.oracle
index 2e0c8f963873e4eb1135a5598f69923cadad9af9..b58e86cce5e522462e5d2c639c8cc7b8bee0eb27 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/sequence.2.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/sequence.2.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log b/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log
index a4c5684758293a710da3057a4b6d1a219bcc4541..efc57b6183b5975f7b8605af6ecacb8409e2fa88 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log
@@ -17,5 +17,4 @@
[wp] CFG g -> g_default_for_stmt_11
[wp] CFG f -> f
[wp] CFG f -> f_default_for_stmt_2
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/unroll.0.session/script/typed_unrolled_loop_ensures_zero.json b/src/plugins/wp/tests/wp_plugin/oracle_qualif/unroll.0.session/script/unrolled_loop_ensures_zero.json
similarity index 100%
rename from src/plugins/wp/tests/wp_plugin/oracle_qualif/unroll.0.session/script/typed_unrolled_loop_ensures_zero.json
rename to src/plugins/wp/tests/wp_plugin/oracle_qualif/unroll.0.session/script/unrolled_loop_ensures_zero.json
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/typed_lemma_U32.json b/src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/lemma_U32.json
similarity index 98%
rename from src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/typed_lemma_U32.json
rename to src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/lemma_U32.json
index b077d283b8965ef5489eb3d01b88f7e41f14c7cc..ed49b2a483225bbf83b9120c0741275fa7602763 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/typed_lemma_U32.json
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/unsigned.0.session/script/lemma_U32.json
@@ -10,7 +10,7 @@
"pattern": "&<=<=<=0$x0land$x42949672954294967295" },
"children": { "Goal 1/3": [ { "prover": "why3:Alt-Ergo,2.0.0",
"verdict": "valid",
- "time": 0.0103,
+ "time": 0.0149,
"steps": 10 } ],
"Goal 2/3": [ { "header": "Bit Range",
"tactic": "Wp.bitrange",
@@ -27,6 +27,6 @@
"verdict": "valid" } ] } } ],
"Goal 3/3": [ { "prover": "why3:Alt-Ergo,2.0.0",
"verdict": "valid",
- "time": 0.0105,
+ "time": 0.0153,
"steps": 10 } ] } } ],
"bitwise": [ { "prover": "qed", "verdict": "valid" } ] } } ]
diff --git a/src/plugins/wp/tests/wp_plugin/unfold_assigns.i b/src/plugins/wp/tests/wp_plugin/unfold_assigns.i
index 67134bd987e4cf9f93eb8fa70081da03988cd864..54ba848675c17ebfc2d7605e528b461568515c34 100644
--- a/src/plugins/wp/tests/wp_plugin/unfold_assigns.i
+++ b/src/plugins/wp/tests/wp_plugin/unfold_assigns.i
@@ -35,8 +35,8 @@ void NO_UNFOLD_KO(struct S *s) {
f(s);
}
-/*@
- ensures \separated(p,q) ==> (*q == \old(*q));
+/*@
+ ensures \separated(p,q) ==> (*q == \old(*q));
assigns (*p) ;
*/
void USE_ASSIGN_UNFOLD_OK(struct S *p , struct S *q)
@@ -44,11 +44,23 @@ void USE_ASSIGN_UNFOLD_OK(struct S *p , struct S *q)
f(p);
}
-/*@
- ensures \separated(p,q) ==> (*q == \old(*q));
+/*@
+ ensures \separated(p,q) ==> (*q == \old(*q));
assigns p->a, p->b ;
*/
void USE_ASSIGN_UNFOLD_KO(struct S *p , struct S *q)
{
f(p);
}
+
+//@ assigns *s ;
+void ASSIGN_NO_UNFOLD_OK(struct S *s) {
+ struct S p = { 0,1 };
+ *s = p ;
+}
+
+//@ assigns s->a, s->b ;
+void ASSIGN_NO_UNFOLD_KO(struct S *s) {
+ struct S p = { 0,1 };
+ *s = p ;
+}
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array1.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array1.res.oracle
index 00091d72a9fae928a52d6965cab2ccdbd78f4c97..ed869315385b0a55a80d94923101c8f805babcce 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array1.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array1.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array2.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array2.res.oracle
index 256b9a73626a1c86f0d1ddbecdaf65cd83998adf..5e7de78ee60a2f5aa14cc1f5e319aab15f01ab5e 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array2.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array2.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array3.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array3.res.oracle
index 2ead4dbe67bf2ca9f91899e0445d78ed0d950867..d46d52bdc2ca803b21d3faac80876001c715fc68 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array3.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array3.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array4.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array4.res.oracle
index 03f4311ee37648094fb88008f0bbfff5e15a250c..b732e6a34d538630c79489e85d1256b3a126eeb3 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array4.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array4.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array5.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array5.res.oracle
index c106bd36a024823ff91e91579281a9285231941c..31f6983483faa6a1cf748b59de00f228305d5855 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array5.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array5.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array6.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array6.res.oracle
index d582428d468340a9104a6d2f3d446e3db38d656b..34d7eb2a98234201feba0ed0c8ac99eb43f27da4 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array6.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array6.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array7.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array7.res.oracle
index 0eb3a6468cfa470ae0bf1b4f772a46855ac5633c..0e0ad91c1638620ed0195d7987d0fa01003e73c6 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array7.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array7.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/array8.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/array8.res.oracle
index 9ea4ec380dbcca9cc162fbb906b22ebd0f097475..13c02c6b2d165dd77354201d006bda6425925a7f 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/array8.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/array8.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/fb_ADD.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/fb_ADD.res.oracle
index 67c1fd0139e66e7d4a490b03b1ba294029d50bba..0db49291906bd53d4198f688cb412a1d48eceeab 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/fb_ADD.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/fb_ADD.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/fb_SORT.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/fb_SORT.res.oracle
index 03dd7d0a795315ea3aecd14749487693bbe9cfff..372e798b6738aa13ac1808713975884123dac150 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/fb_SORT.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/fb_SORT.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/garbled.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/garbled.res.oracle
index 47692e24e29916ec2333ca3db7f0bb23c9d4e40e..af0aea662d2da09f00b8ce7532b0d23648a6771c 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/garbled.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/garbled.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/index.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/index.res.oracle
index 2a4bfbb497570646f317a41905d153ff29edca5d..fe16dc545ec4bc400ffb2f52a45392edb2555020 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/index.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/index.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/matrix.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/matrix.res.oracle
index a17c2fcf344a6a740af5e8b9f87f4cb6dea3765d..d0a1dcf567acd74de8f3d99a2045742ec76ea668 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/matrix.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/matrix.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray1.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray1.res.oracle
index 3917685de3c15a95a64243778479c7addc14ab1b..4f31df7dff83aa35c0fa9c26f3428671d4a1b5b5 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray1.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray1.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray2.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray2.res.oracle
index 8360b587599ccb94f2b024c53a2c5152fc3f5cc7..94c1cbf18655420babfe0f2e5252d44574767bc2 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray2.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray2.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray3.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray3.res.oracle
index e317fb0d4fd3a542d7ec024c9030a6078fae9421..0cee2a2b63172d9a9266c3f665cb4bd8bd3a43b3 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray3.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray3.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray4.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray4.res.oracle
index e1a7716376ac86b259906d61a332542ec08da136..70c1d992d17e288ca98283f4f7413b93496b1c8c 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/structarray4.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/structarray4.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_region/oracle_qualif/swap.res.oracle b/src/plugins/wp/tests/wp_region/oracle_qualif/swap.res.oracle
index a41a5ede9f8b081ebb7299cef01116cb42eff42f..258e09a4a6956547a87e73fee12edb2644aaea3c 100644
--- a/src/plugins/wp/tests/wp_region/oracle_qualif/swap.res.oracle
+++ b/src/plugins/wp/tests/wp_region/oracle_qualif/swap.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle b/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
index f7b253c93774540a58afc899672c88258b850761..d98e119512c223fbd86aaec2fd70e3056e798b97 100644
--- a/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
+++ b/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
@@ -18,10 +18,10 @@ Let x_5 = m[q <- x_4][p].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_3) /\ is_sint32(x_4) /\
is_sint32(x_5).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: q != p.
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
@@ -39,10 +39,10 @@ Let x_3 = 1 + x_2.
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3) /\
is_sint32(m[q <- x_3][p]).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: q != p.
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
@@ -63,7 +63,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_3) /\ is_sint32(x_4) /\
is_sint32(x_5).
(* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
@@ -82,7 +82,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3) /\
is_sint32(m[q <- x_3][p]).
(* Heap *)
- Have: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
diff --git a/src/plugins/wp/tests/wp_store/oracle/struct.res.oracle b/src/plugins/wp/tests/wp_store/oracle/struct.res.oracle
index 643bf5f86172de5f77badd11e749a010ba000939..730ef7717db6e243613f7cd2925302afa9ce7e3e 100644
--- a/src/plugins/wp/tests/wp_store/oracle/struct.res.oracle
+++ b/src/plugins/wp/tests/wp_store/oracle/struct.res.oracle
@@ -17,7 +17,7 @@ Goal Instance of 'Pre-condition (file tests/wp_store/struct.i, line 10) in 'g''
Let a_1 = shift_sint32(shiftfield_F1_t_tab(a), 0).
Assume {
(* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 5) /\ valid_rw(Malloc_0, a_1, 5).
}
@@ -55,8 +55,6 @@ Assume {
Init: Mint_0[shiftfield_F2_St_a(a)] = 1.
(* Initializer *)
Init: Mint_0[shiftfield_F2_St_b(a)] = 2.
- (* Heap *)
- Have: region(G_v_28) <= 0.
}
Prove: EqS2_St(a_1, w).
@@ -75,8 +73,6 @@ Assume {
Init: Mint_0[shiftfield_F2_St_a(a)] = 1.
(* Initializer *)
Init: Mint_0[shiftfield_F2_St_b(a)] = 2.
- (* Heap *)
- Have: region(G_v_28) <= 0.
}
Prove: EqS2_St(a_1, w).
diff --git a/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_And.json b/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_And.json
similarity index 100%
rename from src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_And.json
rename to src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_And.json
diff --git a/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_And_bis.json b/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_And_bis.json
similarity index 100%
rename from src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_And_bis.json
rename to src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_And_bis.json
diff --git a/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_Or.json b/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_Or.json
similarity index 100%
rename from src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Goal_Exist_Or.json
rename to src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Goal_Exist_Or.json
diff --git a/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Hyp_Forall_And.json b/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Hyp_Forall_And.json
similarity index 100%
rename from src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Hyp_Forall_And.json
rename to src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Hyp_Forall_And.json
diff --git a/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Hyp_Forall_Or_bis.json b/src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Hyp_Forall_Or_bis.json
similarity index 100%
rename from src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/typed_split_ensures_Hyp_Forall_Or_bis.json
rename to src/plugins/wp/tests/wp_tip/oracle_qualif/tac_split_quantifiers.0.session/script/split_ensures_Hyp_Forall_Or_bis.json
diff --git a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
index 8599291ad47ad0b3f35340abaf02129d7824bb75..dcd5344752014d5444dde03e9b4973b8f3b0d669 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
@@ -11,6 +11,8 @@
Goal Assertion (file tests/wp_typed/array_initialized.c, line 71):
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(g).
(* Goal *)
When: (0 <= i) /\ (i <= 499).
(* Initializer *)
@@ -25,6 +27,8 @@ Prove: g[i] = 0.
Goal Assertion (file tests/wp_typed/array_initialized.c, line 185):
Assume {
+ (* Heap *)
+ Type: IsArray1_sint32(h1_0) /\ IsArray1_sint32(h2_0).
(* Goal *)
When: (0 <= i) /\ (i <= 499).
(* Initializer *)
@@ -249,13 +253,13 @@ Prove: true.
Goal Assertion (file tests/wp_typed/array_initialized.c, line 283):
Assume {
+ (* Heap *)
+ Type: linked(Malloc_0) /\ (forall i_1 : Z. region(p[i_1].base) <= 0).
(* Goal *)
When: (0 <= i) /\ (i <= 499).
(* Initializer *)
Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 499) ->
(p[i_1] = global(G_p0_28)))).
- (* Heap *)
- Have: linked(Malloc_0) /\ (forall i_1 : Z. region(p[i_1].base) <= 0).
}
Prove: valid_rw(Malloc_0, p[i], 1).
@@ -268,10 +272,10 @@ Goal Post-condition (file tests/wp_typed/array_initialized.c, line 288) in 'simp
Let x = Mint_0[shift_sint32(t, 0)].
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= 49).
- (* Heap *)
- Have: region(t.base) <= 0.
(* Pre-condition *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 49) ->
(Mint_0[shift_sint32(t, i_1)] = x))).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
index 390cc16f0e0e92e62bc0d1de50d31de962117534..2831cde85ee67dc7f3d59f4577692c870e6a9355 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
@@ -256,13 +256,13 @@ Prove: true.
Goal Assertion (file tests/wp_typed/array_initialized.c, line 283):
Let a = global(K_p_32).
Assume {
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ (i <= 499).
(* Initializer *)
Init: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 499) ->
(Mptr_0[shift_PTR(a, i_1)] = global(G_p0_31)))).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
}
Prove: valid_rw(Malloc_0, Mptr_0[shift_PTR(a, i)], 1).
@@ -275,10 +275,10 @@ Goal Post-condition (file tests/wp_typed/array_initialized.c, line 288) in 'simp
Let x = Mint_0[shift_sint32(t, 0)].
Assume {
Type: is_sint32(x).
+ (* Heap *)
+ Type: region(t.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= 49).
- (* Heap *)
- Have: region(t.base) <= 0.
(* Pre-condition *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 49) ->
(Mint_0[shift_sint32(t, i_1)] = x))).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/cast_fits.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/cast_fits.0.res.oracle
index 56beccaf01fa52665901dd19e21253de0b119058..5de789f115cfba370b3934f5956180e03715b223 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/cast_fits.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/cast_fits.0.res.oracle
@@ -22,7 +22,7 @@ Let x_1 = Mint_0[shiftfield_F1_i1(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -37,7 +37,7 @@ Let x_1 = Mint_0[shiftfield_F1_i1(shiftfield_F3_ic3(p))].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -54,7 +54,7 @@ Let x_1 = Mint_0
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -71,7 +71,7 @@ Let x_1 = Mchar_0
Assume {
Type: is_sint8(x) /\ is_sint32(x) /\ is_sint8(x_1).
(* Heap *)
- Have: (region(p.base) <= 0) /\ sconst(Mchar_0).
+ Type: (region(p.base) <= 0) /\ sconst(Mchar_0).
}
Prove: x_1 = x.
@@ -86,7 +86,7 @@ Let x_1 = Mint_0[shiftfield_F7_u7(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -105,7 +105,7 @@ Let x_1 = Mchar_0[shiftfield_F2_c2(p)].
Assume {
Type: is_sint32(x) /\ is_sint8(x_1).
(* Heap *)
- Have: (region(p.base) <= 0) /\ sconst(Mchar_0).
+ Type: (region(p.base) <= 0) /\ sconst(Mchar_0).
}
Prove: x_1 = x.
@@ -124,7 +124,7 @@ Let x_1 = Mint_0[shiftfield_F8_i8(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -143,7 +143,7 @@ Let x_1 = Mint_0[shiftfield_F8_i8(q)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/cast_fits.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/cast_fits.1.res.oracle
index cc8072d61ce0f259dd2e73a19b11d96f46c2512d..965f27bfd7d18e284692ac2d1aa47c1f9c980ea0 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/cast_fits.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/cast_fits.1.res.oracle
@@ -22,7 +22,7 @@ Let x_1 = Mint_0[shiftfield_F1_i1(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -37,7 +37,7 @@ Let x_1 = Mint_0[shiftfield_F1_i1(shiftfield_F3_ic3(p))].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -54,7 +54,7 @@ Let x_1 = Mint_0
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -71,7 +71,7 @@ Let x_1 = Mchar_0
Assume {
Type: is_sint8(x) /\ is_sint32(x) /\ is_sint8(x_1).
(* Heap *)
- Have: (region(p.base) <= 0) /\ sconst(Mchar_0).
+ Type: (region(p.base) <= 0) /\ sconst(Mchar_0).
}
Prove: x_1 = x.
@@ -86,7 +86,7 @@ Let x_1 = Mint_0[shiftfield_F7_u7(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -105,7 +105,7 @@ Let x_1 = Mchar_0[shiftfield_F2_c2(p)].
Assume {
Type: is_sint32(x) /\ is_sint8(x_1).
(* Heap *)
- Have: (region(p.base) <= 0) /\ sconst(Mchar_0).
+ Type: (region(p.base) <= 0) /\ sconst(Mchar_0).
}
Prove: x_1 = x.
@@ -124,7 +124,7 @@ Let x_1 = Mint_0[shiftfield_F8_i8(p)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
@@ -143,7 +143,7 @@ Let x_1 = Mint_0[shiftfield_F8_i8(q)].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
}
Prove: x_1 = x.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/frame.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/frame.0.res.oracle
index ded97da98297afe35d47c36dc57e0a57a0b9fd5c..2407c64b95d2599fa97f2c4b9650afeceecb1bb0 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/frame.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/frame.0.res.oracle
@@ -11,7 +11,7 @@ Goal Assertion 'SEP' (file tests/wp_typed/frame.i, line 10):
Assume {
Type: is_sint32(k).
(* Heap *)
- Have: (region(Q.base) <= 0) /\ linked(Malloc_0) /\
+ Type: IsArray1S1(comp_0) /\
(forall i : Z. region(comp_0[i].F1_ptr.base) <= 0).
(* Pre-condition *)
Have: (0 <= k) /\ (k <= 19).
@@ -27,7 +27,7 @@ Let x = Mint_0[a <- 4][a_1].
Assume {
Type: is_sint32(k) /\ is_sint32(x).
(* Heap *)
- Have: (region(Q.base) <= 0) /\ linked(Malloc_0) /\
+ Type: IsArray1S1(comp_0) /\
(forall i : Z. region(comp_0[i].F1_ptr.base) <= 0).
(* Pre-condition *)
Have: (0 <= k) /\ (k <= 19).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/frame.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/frame.1.res.oracle
index 5a4bc40797c8389b66858850d3702aa5ae7a9364..bb4a852b80b9307dfe5ee595220e1c6093edbb31 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/frame.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/frame.1.res.oracle
@@ -11,7 +11,7 @@ Goal Assertion 'SEP' (file tests/wp_typed/frame.i, line 10):
Assume {
Type: is_sint32(k).
(* Heap *)
- Have: (region(Q.base) <= 0) /\ linked(Malloc_0) /\
+ Type: IsArray1S1(comp_0) /\
(forall i : Z. region(comp_0[i].F1_ptr.base) <= 0).
(* Pre-condition *)
Have: (0 <= k) /\ (k <= 19).
@@ -27,7 +27,7 @@ Let x = Mint_0[a <- 4][a_1].
Assume {
Type: is_sint32(k) /\ is_sint32(x).
(* Heap *)
- Have: (region(Q.base) <= 0) /\ linked(Malloc_0) /\
+ Type: IsArray1S1(comp_0) /\
(forall i : Z. region(comp_0[i].F1_ptr.base) <= 0).
(* Pre-condition *)
Have: (0 <= k) /\ (k <= 19).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/mvar.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/mvar.0.res.oracle
index b290830da12f38bd7a0be3610f09ae4b77108df9..573cc01ba43d17f65607f14cae279f5e60061c93 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/mvar.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/mvar.0.res.oracle
@@ -12,7 +12,7 @@
Goal Post-condition (file tests/wp_typed/mvar.i, line 12) in 'Job':
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: IsArray1_sint8(A).
(* Call 'Write' *)
Have: A[0] = 1.
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/mvar.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/mvar.1.res.oracle
index c5ee1a264cf0f1bb92bd2c8d9ea4c9ff09c56a40..a4c11cbaf131aee41f5bd8d0b1e71a2d790d259f 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/mvar.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/mvar.1.res.oracle
@@ -12,7 +12,7 @@
Goal Post-condition (file tests/wp_typed/mvar.i, line 12) in 'Job':
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: IsArray1_sint8(A).
(* Call 'Write' *)
Have: A[0] = 1.
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.0.res.oracle
index 898e0dc198f4a2d699fd09dd5a8209468632965d..9fea0aa32cc281b4a02601332ac2c163c9881497 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.0.res.oracle
@@ -15,7 +15,7 @@ Assume {
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 0))]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 1))]).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
}
@@ -29,10 +29,10 @@ Assume {
Type: is_sint32(Mint_0[shiftfield_F2_s_e(p)]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 0))]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 1))]).
+ (* Heap *)
+ Type: region(p.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= 9) /\ is_sint32(i).
- (* Heap *)
- Have: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
(* Assertion *)
@@ -57,7 +57,7 @@ Let x = Mint_0[shiftfield_F2_s_e(p)].
Assume {
Type: is_sint32(x).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
(* Assertion *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.1.res.oracle
index 4a729687bebc360cd15bf692d9262f5ed2693e8d..4a80ee7c1bedda2b60a821b3a4c77e6726bbed6d 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/shift_lemma.1.res.oracle
@@ -15,7 +15,7 @@ Assume {
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 0))]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 1))]).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
}
@@ -29,10 +29,10 @@ Assume {
Type: is_sint32(Mint_0[shiftfield_F2_s_e(p)]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 0))]) /\
is_sint32(Mint_0[shiftfield_F1_t_c(shift_t(a, 1))]).
+ (* Heap *)
+ Type: region(p.base) <= 0.
(* Goal *)
When: (0 <= i) /\ (i <= 9) /\ is_sint32(i).
- (* Heap *)
- Have: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
(* Assertion *)
@@ -57,7 +57,7 @@ Let x = Mint_0[shiftfield_F2_s_e(p)].
Assume {
Type: is_sint32(x).
(* Heap *)
- Have: region(p.base) <= 0.
+ Type: region(p.base) <= 0.
(* Pre-condition *)
Have: P_inv(Mint_0, p).
(* Assertion *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/struct_array_type.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/struct_array_type.res.oracle
index 82901ded836c14ba3f2ba30ec3e14fc6463f440b..1de296f9e9a5e7d2f57b95348450d7176eb00eed 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/struct_array_type.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/struct_array_type.res.oracle
@@ -5,6 +5,29 @@
[wp] Warning: Missing RTE guards
[wp] 1 goal scheduled
---------------------------------------------
+--- Context 'typed_f' Cluster 'Matrix'
+---------------------------------------------
+theory Matrix
+ (* use why3.BuiltIn.BuiltIn *)
+
+ (* use bool.Bool *)
+
+ (* use int.Int *)
+
+ (* use int.ComputerDivision *)
+
+ (* use real.RealInfix *)
+
+ (* use frama_c_wp.qed.Qed *)
+
+ (* use map.Map *)
+
+ (* use frama_c_wp.cint.Cint *)
+
+ predicate IsArray1_sint32 (t:int -> int) =
+ forall i:int. is_sint32 (get t i)
+end
+---------------------------------------------
--- Context 'typed_f' Cluster 'S1_s'
---------------------------------------------
theory S1_s
@@ -24,6 +47,13 @@ theory S1_s
type S1_s =
| S1_s1 (F1_s_a:int -> int) (F1_s_b:int -> int)
+
+ (* use Matrix *)
+
+ predicate IsS1_s (s:S1_s) =
+ IsArray1_sint32 (F1_s_a s) /\ IsArray1_sint32 (F1_s_b s)
+
+ predicate IsArray1S1_s (t:int -> S1_s) = forall i:int. IsS1_s (get t i)
end
[wp:print-generated]
theory WP
@@ -43,8 +73,6 @@ end
(* use S1_s *)
- (* use frama_c_wp.cint.Cint *)
-
goal wp_goal :
forall i:int, t:int -> S1_s.
let a = get t i in
@@ -54,6 +82,7 @@ end
0 <= i ->
a1 < a2 ->
i <= 9 ->
+ IsArray1S1_s t ->
is_uint32 i ->
is_sint32 a2 ->
is_sint32 a1 -> is_sint32 ((1 + ((- 1) * a1)) + a3) -> (2 * a1) <= a3
@@ -71,6 +100,8 @@ Let a_3 = 2 * a_2.
Assume {
Type: is_uint32(SynchroId_0) /\ is_sint32(a_2) /\ is_sint32(a_1) /\
is_sint32(1 + a_3 - a_1).
+ (* Heap *)
+ Type: IsArray1S1_s(t).
(* Residual *)
When: a_1 < a_2.
(* Pre-condition *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.0.res.oracle
index ccc2ac132d1f59a376ce15cbe1fb70fe0907bda9..190fb6be9db7e84a1b4fcfda7b2aab957feafbfd 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.0.res.oracle
@@ -25,7 +25,7 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition (file tests/wp_typed/unit_alloc.i, line 33) in 'h':
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: !valid_rw(Malloc_0[P_x_38 <- 0], global(P_x_38), 1).
------------------------------------------------------------
@@ -39,7 +39,7 @@ Prove: true.
------------------------------------------------------------
Goal Assertion (file tests/wp_typed/unit_alloc.i, line 21):
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rw(Malloc_0[L_y_23 <- 1], global(L_y_23), 1).
------------------------------------------------------------
@@ -53,7 +53,7 @@ Goal Assertion (file tests/wp_typed/unit_alloc.i, line 24):
Let a = global(L_y_23).
Assume {
(* Heap *)
- Have: (region(p.base) <= 0) /\ linked(Malloc_0).
+ Type: linked(Malloc_0).
(* Assertion *)
Have: valid_rw(Malloc_0[L_y_23 <- 1], a, 1).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.1.res.oracle
index 366d756e8bc9ad1ee847cc97b92253391b48627b..38f2578d64361bff7d17819b0051134275a54545 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_alloc.1.res.oracle
@@ -25,7 +25,7 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition (file tests/wp_typed/unit_alloc.i, line 33) in 'h':
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: !valid_rw(Malloc_0[P_x_38 <- 0], global(P_x_38), 1).
------------------------------------------------------------
@@ -39,7 +39,7 @@ Prove: true.
------------------------------------------------------------
Goal Assertion (file tests/wp_typed/unit_alloc.i, line 21):
-Assume { (* Heap *) Have: (region(p.base) <= 0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rw(Malloc_0[L_y_23 <- 1], global(L_y_23), 1).
------------------------------------------------------------
@@ -53,7 +53,7 @@ Goal Assertion (file tests/wp_typed/unit_alloc.i, line 24):
Let a = global(L_y_23).
Assume {
(* Heap *)
- Have: (region(p.base) <= 0) /\ linked(Malloc_0).
+ Type: linked(Malloc_0).
(* Assertion *)
Have: valid_rw(Malloc_0[L_y_23 <- 1], a, 1).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_cast.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_cast.0.res.oracle
index 9b5510a3df03fa0cb0bca1a5000caf6cc4e75ff6..dfda7aa3f9a879aec4c378acbacc3faaa83f8ec5 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_cast.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_cast.0.res.oracle
@@ -14,11 +14,7 @@ tests/wp_typed/unit_cast.i:4: warning from Typed Model:
- Warning: Hide sub-term definition
Reason: Cast with incompatible pointers types (source: sint32*) (target: sint8*)
Let x = Mchar_0[w].
-Assume {
- Type: is_sint8(x).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(v.base) <= 0) /\ sconst(Mchar_0).
-}
+Assume { Type: is_sint8(x). (* Heap *) Type: sconst(Mchar_0). }
Prove: x <= 255.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_cast.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_cast.1.res.oracle
index 4ae24cc64b06c9b8f22d45d32562ac3ae3d9a81b..bb48de46dd639db6c134a314aeb6dff50675b4b9 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_cast.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_cast.1.res.oracle
@@ -14,11 +14,7 @@ tests/wp_typed/unit_cast.i:4: warning from Typed Model:
- Warning: Hide sub-term definition
Reason: Cast with incompatible pointers types (source: sint32*) (target: sint8*)
Let x = Mchar_0[w].
-Assume {
- Type: is_sint8(x).
- (* Heap *)
- Have: (region(p.base) <= 0) /\ (region(v.base) <= 0) /\ sconst(Mchar_0).
-}
+Assume { Type: is_sint8(x). (* Heap *) Type: sconst(Mchar_0). }
Prove: x <= 255.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_hard.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_hard.0.res.oracle
index 00335201dcde3ac7de8c47331d702451efbddeb0..8dee3ca102c5e09c71768a6a6bcb62f33b98ae52 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_hard.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_hard.0.res.oracle
@@ -18,11 +18,6 @@ Prove: true.
------------------------------------------------------------
Goal Pre-condition 'r_is_q1_ko' in 'main':
-Let a = addr_of_int(26352).
-Assume {
- (* Heap *)
- Have: (region(addr_of_int(13311).base) <= 0) /\ (region(a.base) <= 0).
-}
-Prove: shift_sint32(a, 1) = addr_of_int(26360).
+Prove: shift_sint32(addr_of_int(26352), 1) = addr_of_int(26360).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_hard.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_hard.1.res.oracle
index 33700fa5ea2e61b5088929d048e4a56b208e3462..92ab010a2b72171180ade7aa0a8728fad75fc586 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_hard.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_hard.1.res.oracle
@@ -18,11 +18,6 @@ Prove: true.
------------------------------------------------------------
Goal Pre-condition 'r_is_q1_ko' in 'main':
-Let a = addr_of_int(26352).
-Assume {
- (* Heap *)
- Have: (region(addr_of_int(13311).base) <= 0) /\ (region(a.base) <= 0).
-}
-Prove: shift_sint32(a, 1) = addr_of_int(26360).
+Prove: shift_sint32(addr_of_int(26352), 1) = addr_of_int(26360).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_labels.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_labels.0.res.oracle
index 280905af3c5081db60b6c37dcd27b838798a6093..c1c14a0c6470b457e4acd28cafa21e1281d98c23 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_labels.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_labels.0.res.oracle
@@ -15,7 +15,7 @@ Let m = Mint_0[a_1 <- Mint_0[shift_sint32(a, x_1)]].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
+ Type: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
(region(pj_0.base) <= 0).
(* Pre-condition *)
Have: (pj_0 != pi_0) /\ (a_1 != pi_0) /\ (a_1 != pj_0).
@@ -38,7 +38,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\
is_sint32(m[pj_0]).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
+ Type: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
(region(pj_0.base) <= 0).
(* Pre-condition *)
Have: (pj_0 != pi_0) /\ (a_1 != pi_0) /\ (a_1 != pj_0).
@@ -56,7 +56,7 @@ Let x_2 = m[pj_0].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
+ Type: (region(a.base) <= 0) /\ (region(pi_0.base) <= 0) /\
(region(pj_0.base) <= 0).
(* Pre-condition *)
Have: (pj_0 != pi_0) /\ (a_1 != pi_0) /\ (a_1 != pj_0).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_labels.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_labels.1.res.oracle
index 4c996e346c511f5ad432e610433c892b5ed4e9c1..cba638b02bb8c53145c8fb5181adf1fbdf1982b4 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_labels.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_labels.1.res.oracle
@@ -11,7 +11,7 @@ Goal Post-condition (file tests/wp_typed/unit_labels.i, line 5) in 'duplet':
Assume {
Type: is_sint32(pi_0) /\ is_sint32(pj_0).
(* Heap *)
- Have: region(a.base) <= 0.
+ Type: region(a.base) <= 0.
}
Prove: P_is_duplet(Mint_0[shift_sint32(a, pi_0)
<- Mint_0[shift_sint32(a, pj_0)]], a, pi_0, pj_0).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_local.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_local.0.res.oracle
index 937cffcd9d16e956aaa802d7a900594d8fc30c57..dfa5e2f13d2f78c2ff084841501e5c70e8709f3f 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_local.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_local.0.res.oracle
@@ -24,7 +24,7 @@ Prove: true.
Goal Assigns nothing in 'foo' (2/2):
Effect at line 19
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, global(L_a_21), 1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_local.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_local.1.res.oracle
index a8d04fef44f135503f51b41bf6d5688610ec8912..106ea82cce505befa0216508c64323c48ab8f370 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_local.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_local.1.res.oracle
@@ -9,7 +9,7 @@
Goal Assigns nothing in 'bar':
Effect at line 28
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, global(L_a_26), 1).
------------------------------------------------------------
@@ -19,14 +19,14 @@ Prove: invalid(Malloc_0, global(L_a_26), 1).
Goal Assigns nothing in 'foo' (1/2):
Effect at line 18
-Assume { (* Heap *) Have: framed(Mptr_0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, global(L_pa_22), 1).
------------------------------------------------------------
Goal Assigns nothing in 'foo' (2/2):
Effect at line 19
-Assume { (* Heap *) Have: framed(Mptr_0) /\ linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: invalid(Malloc_0, global(L_a_21), 1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_loopscope.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_loopscope.0.res.oracle
index cb152131437519f16892630649a1428a4df588bc..3ef9cfde40405fdc904df5294e5c88e50756f2e4 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_loopscope.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_loopscope.0.res.oracle
@@ -17,7 +17,7 @@ Prove: true.
Goal Establishment of Invariant (file tests/wp_typed/unit_loopscope.i, line 13):
Assume {
(* Heap *)
- Have: (region(written_0.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(written_0.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, written_0, 1).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.0.res.oracle
index f30a203b1228dc2e4c6272b8fb15a4f8332f4cb0..b744d1ea2ded3c291eba6d3aeae6cc1455a3e0da 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.0.res.oracle
@@ -13,6 +13,8 @@ Let x = m[c <- m[c][d <- 2]][a][b].
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(d) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray2_sint32(t).
(* Goal *)
When: c != a.
}
@@ -31,6 +33,8 @@ Let x = m[c <- m[c][d <- 2]][a][b].
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(d) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray2_sint32(t).
}
Prove: x = 1.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.1.res.oracle
index 8274db8910a99095a9dc36a3932a3f5e722953c6..8a07fab05017a844ede2f8130e13da5bb3a67e37 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_matrix.1.res.oracle
@@ -13,6 +13,8 @@ Let x = m[c <- m[c][d <- 2]][a][b].
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(d) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray2_sint32(t).
(* Goal *)
When: c != a.
}
@@ -31,6 +33,8 @@ Let x = m[c <- m[c][d <- 2]][a][b].
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(d) /\
is_sint32(x).
+ (* Heap *)
+ Type: IsArray2_sint32(t).
}
Prove: x = 1.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_string.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_string.0.res.oracle
index 182b77d3d3671210c3432f75808ad75e032ebecd..e131924404aa5101bd6ddc8ebbe5104e19530c33 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_string.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_string.0.res.oracle
@@ -8,25 +8,18 @@
------------------------------------------------------------
Goal Assertion 'AB' (file tests/wp_typed/unit_string.i, line 11):
-Assume {
- Type: is_sint8(Mchar_0[shift_sint8(global(Str_3), 3)]).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
-}
Prove: Str_4 != Str_3.
------------------------------------------------------------
Goal Assertion 'B_valid' (file tests/wp_typed/unit_string.i, line 12):
-Let a = global(Str_3).
Assume {
- Type: is_sint8(Mchar_0[shift_sint8(a, 3)]).
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
}
-Prove: valid_rd(Malloc_0, shift_sint8(a, 0), 3).
+Prove: valid_rd(Malloc_0, shift_sint8(global(Str_3), 0), 3).
------------------------------------------------------------
@@ -37,7 +30,7 @@ Let x = Mchar_0[a_1].
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -52,7 +45,7 @@ Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -69,7 +62,7 @@ Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -87,10 +80,10 @@ Goal Assertion 'VAL' (file tests/wp_typed/unit_string.i, line 16):
Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
+ (* Heap *)
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (0 <= i) /\ (i <= 2).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_string.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_string.1.res.oracle
index ae6a6ff2b83019e654a40bba62d1acdfece71188..b129820adfb64f78fd855d6a6ea0de6257dca5e4 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_string.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_string.1.res.oracle
@@ -8,25 +8,18 @@
------------------------------------------------------------
Goal Assertion 'AB' (file tests/wp_typed/unit_string.i, line 11):
-Assume {
- Type: is_sint8(Mchar_0[shift_sint8(global(Str_3), 3)]).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
-}
Prove: Str_4 != Str_3.
------------------------------------------------------------
Goal Assertion 'B_valid' (file tests/wp_typed/unit_string.i, line 12):
-Let a = global(Str_3).
Assume {
- Type: is_sint8(Mchar_0[shift_sint8(a, 3)]).
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
}
-Prove: valid_rd(Malloc_0, shift_sint8(a, 0), 3).
+Prove: valid_rd(Malloc_0, shift_sint8(global(Str_3), 0), 3).
------------------------------------------------------------
@@ -37,7 +30,7 @@ Let x = Mchar_0[a_1].
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -52,7 +45,7 @@ Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -69,7 +62,7 @@ Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
(* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
@@ -87,10 +80,10 @@ Goal Assertion 'VAL' (file tests/wp_typed/unit_string.i, line 16):
Let a = global(Str_3).
Let a_1 = shift_sint8(a, 3).
Assume {
+ (* Heap *)
+ Type: linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (0 <= i) /\ (i <= 2).
- (* Heap *)
- Have: linked(Malloc_0) /\ sconst(Mchar_0).
(* Assertion 'AB' *)
Have: Str_4 != Str_3.
(* Assertion 'B_valid' *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
index 7ed70002fbc5d83e5b704f38f2a51dc1652dab1f..361403d8aa29de64eda5957972cccf0bc48cc33a 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
@@ -17,10 +17,10 @@ Goal Post-condition (file tests/wp_typed/user_init.i, line 10) in 'init':
Let a_1 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -40,10 +40,10 @@ Let a_1 = shift_sint32(a, 0).
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -68,7 +68,7 @@ Let a_1 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -99,10 +99,10 @@ Let a_1 = shift_sint32(a, 0).
Let a_2 = shift_sint32(a, i).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -790,6 +790,8 @@ Prove: true.
Goal Post-condition (file tests/wp_typed/user_init.i, line 39) in 'init_t2_v1':
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -809,6 +811,8 @@ Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, lin
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -846,6 +850,8 @@ Prove: true.
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 47):
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -882,6 +888,8 @@ Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, lin
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
(* Loop assigns 'lack,Zone_i' *)
@@ -924,6 +932,8 @@ Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, li
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_2).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i) /\ (0 <= i_2) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -965,6 +975,8 @@ Prove: true.
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 53):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -1020,6 +1032,8 @@ Goal Loop assigns 'lack,Zone_i' (2/3):
Effect at line 51
Assume {
Type: is_uint32(i_2).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1057,6 +1071,8 @@ Goal Loop assigns 'lack,Zone_i' (3/3):
Effect at line 58
Assume {
Type: is_uint32(i_2).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1099,6 +1115,8 @@ Goal Loop assigns 'lack,Zone_j' (2/3):
Effect at line 58
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1139,6 +1157,8 @@ Goal Loop assigns 'lack,Zone_j' (3/3):
Effect at line 59
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i) /\ (0 <= j) /\ (i <= 9) /\ (j <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -1186,6 +1206,8 @@ Assume {
Have: 0 <= i_1.
Have: i <= 9.
Have: i_1 <= 19.
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_5,i_4 : Z. ((0 <= i_5) -> ((0 <= i_4) -> ((i_5 <= 9) ->
((i_4 <= 19) ->
@@ -1200,6 +1222,8 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 51):
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -1235,6 +1259,8 @@ Prove: true.
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 58):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
index f759219c74fa5cf2cda5b811b530c4a10cb3cc1c..0247f47de979fad1f0090fbb71164402c76940b2 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
@@ -17,10 +17,10 @@ Goal Post-condition (file tests/wp_typed/user_init.i, line 10) in 'init':
Let a_1 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -40,10 +40,10 @@ Let a_1 = shift_sint32(a, 0).
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -68,7 +68,7 @@ Let a_1 = shift_sint32(a, 0).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -99,10 +99,10 @@ Let a_1 = shift_sint32(a, 0).
Let a_2 = shift_sint32(a, i).
Assume {
Type: is_sint32(i) /\ is_sint32(n).
+ (* Heap *)
+ Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Heap *)
- Have: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
(* Invariant 'Partial' *)
@@ -790,6 +790,8 @@ Prove: true.
Goal Post-condition (file tests/wp_typed/user_init.i, line 39) in 'init_t2_v1':
Assume {
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -809,6 +811,8 @@ Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, lin
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -846,6 +850,8 @@ Prove: true.
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 47):
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -882,6 +888,8 @@ Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, lin
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_1).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
(* Loop assigns 'lack,Zone_i' *)
@@ -924,6 +932,8 @@ Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, li
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_2).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i) /\ (0 <= i_2) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -965,6 +975,8 @@ Prove: true.
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 53):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -1020,6 +1032,8 @@ Goal Loop assigns 'lack,Zone_i' (2/3):
Effect at line 51
Assume {
Type: is_uint32(i_2).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1057,6 +1071,8 @@ Goal Loop assigns 'lack,Zone_i' (3/3):
Effect at line 58
Assume {
Type: is_uint32(i_2).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1099,6 +1115,8 @@ Goal Loop assigns 'lack,Zone_j' (2/3):
Effect at line 58
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i_6) /\ (0 <= i) /\
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
@@ -1139,6 +1157,8 @@ Goal Loop assigns 'lack,Zone_j' (3/3):
Effect at line 59
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Goal *)
When: (0 <= i) /\ (0 <= j) /\ (i <= 9) /\ (j <= 19).
(* Loop assigns 'lack,Zone_i' *)
@@ -1186,6 +1206,8 @@ Assume {
Have: 0 <= i_1.
Have: i <= 9.
Have: i_1 <= 19.
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_5,i_4 : Z. ((0 <= i_5) -> ((0 <= i_4) -> ((i_5 <= 9) ->
((i_4 <= 19) ->
@@ -1200,6 +1222,8 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 51):
Assume {
Type: is_uint32(i).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
@@ -1235,6 +1259,8 @@ Prove: true.
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 58):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Heap *)
+ Type: IsArray2_sint32(t2_0).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
index 166a56785955e6944837eceefdc83304106a10aa..758429573e32d2523927750a36cebd84cf13d7fb 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
@@ -30,7 +30,7 @@ Let a_1 = shift_sint8(ss_0, 1).
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -52,7 +52,7 @@ Prove: addr_le(s, a_1) /\ addr_le(a_1, a).
Goal Establishment of Invariant 'RANGE' (file tests/wp_typed/user_string.i, line 29):
Assume {
(* Heap *)
- Have: (region(s.base) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(s.base) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -69,10 +69,10 @@ Let x_2 = s.offset.
Let x_3 = ss_0.offset.
Assume {
Type: is_sint8(x).
+ (* Heap *)
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (0 <= i) /\ ((i + x_2) <= x_3).
- (* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
(* Pre-condition *)
@@ -103,7 +103,7 @@ Let x_1 = s.offset.
Let x_2 = ss_0.offset.
Assume {
(* Heap *)
- Have: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -154,7 +154,7 @@ Let x_4 = ss_0.offset.
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
index a7af572dcdecfc8c2df88d06e4c050bdd5ea374a..d99aaaf937e73f39368935427477e925ff1a4818 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
@@ -30,7 +30,7 @@ Let a_1 = shift_sint8(ss_0, 1).
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -52,7 +52,7 @@ Prove: addr_le(s, a_1) /\ addr_le(a_1, a).
Goal Establishment of Invariant 'RANGE' (file tests/wp_typed/user_string.i, line 29):
Assume {
(* Heap *)
- Have: (region(s.base) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(s.base) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -69,10 +69,10 @@ Let x_2 = s.offset.
Let x_3 = ss_0.offset.
Assume {
Type: is_sint8(x).
+ (* Heap *)
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (0 <= i) /\ ((i + x_2) <= x_3).
- (* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
(* Pre-condition *)
@@ -103,7 +103,7 @@ Let x_1 = s.offset.
Let x_2 = ss_0.offset.
Assume {
(* Heap *)
- Have: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
@@ -154,7 +154,7 @@ Let x_4 = ss_0.offset.
Assume {
Type: is_sint8(x).
(* Heap *)
- Have: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
index 53d8231e006520ce709b952a1d0071701f261a35..1bb42be2636e30dee886ed48cfec3afe4d592828 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
@@ -34,7 +34,7 @@ Let x_2 = Mint_0[a <- x_1][b <- x][a].
Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
+ Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 1) /\ valid_rw(Malloc_0, b, 1).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_bitwise.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_bitwise.1.res.oracle
index 23222d15d4fc792f74fe16137c34ec8cdcbf7027..ae33efb03cb7afe2119a6a3853eff1d475303779 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_bitwise.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_bitwise.1.res.oracle
@@ -3,6 +3,5 @@
[wp] Running WP plugin...
[wp] Loading driver 'share/wp.driver'
[wp] Warning: Missing RTE guards
-[wp] 0 goal scheduled
-[wp] Proved goals: 0 / 0
+[wp] Warning: No goal generated
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
index 6987f7690c228539bd23126ec3ab737e4363a275..218d938c66f64884fdc40885b3e6ef021d92727e 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
@@ -24,7 +24,7 @@ Assume {
is_sint32(x_4) /\ is_sint32(x_5) /\
is_sint32(m[a_1 <- x_4][a_2 <- x_5][r]).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
(* Pre-condition *)
Have: separated(a, 2, r, 1).
}
@@ -47,7 +47,7 @@ Assume {
is_sint32(x_4) /\ is_sint32(x_5) /\
is_sint32(m[a_1 <- x_4][a_2 <- x_5][r]).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
(* Pre-condition *)
Have: separated(a, 2, r, 1).
}
@@ -71,7 +71,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_3) /\ is_sint32(x_4) /\
is_sint32(x_5) /\ is_sint32(x_6) /\ is_sint32(x_7).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
(* Pre-condition *)
Have: separated(a, 2, r, 1).
}
@@ -97,7 +97,7 @@ Assume {
is_sint32(x_4) /\ is_sint32(x_5) /\
is_sint32(m[a_1 <- x_4][a_2 <- x_5][r]).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
}
Prove: x_2 = x.
@@ -118,7 +118,7 @@ Assume {
is_sint32(x_4) /\ is_sint32(x_5) /\
is_sint32(m[a_1 <- x_4][a_2 <- x_5][r]).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
}
Prove: x_3 = x_1.
@@ -140,7 +140,7 @@ Assume {
Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_3) /\ is_sint32(x_4) /\
is_sint32(x_5) /\ is_sint32(x_6) /\ is_sint32(x_7).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
}
Prove: x_7 = x_2.
@@ -165,7 +165,7 @@ Assume {
Type: is_sint32(x_2) /\ is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_3) /\
is_sint32(x_4) /\ is_sint32(x_5) /\ is_sint32(x_6) /\ is_sint32(x_7).
(* Heap *)
- Have: (region(a.base) <= 0) /\ (region(r.base) <= 0).
+ Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
(* Pre-condition *)
Have: P_OBS(x, x_1, x_2).
}
diff --git a/src/plugins/wp/tests/wp_usage/oracle/global.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/global.0.res.oracle
index 84f3caac6d906b7faedf1bf00035f57628aba4dd..036b86a3fb4e67100d7de501b7c0be3a0fcfb48e 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/global.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/global.0.res.oracle
@@ -11,7 +11,7 @@ Goal Assertion 'no_address_taken' (file tests/wp_usage/global.c, line 17):
Let a = Mptr_0[global(P_a_21)].
Assume {
(* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a, 1).
}
@@ -24,7 +24,7 @@ Prove: a != global(G_GLOBAL_18).
Goal Instance of 'Pre-condition (file tests/wp_usage/global.c, line 14) in 'foo'' in 'main' at call 'foo' (file tests/wp_usage/global.c, line 21)
:
-Assume { (* Heap *) Have: linked(Malloc_0). }
+Assume { (* Heap *) Type: linked(Malloc_0). }
Prove: valid_rw(Malloc_0[L___retres_24 <- 1], global(G_GLOBAL_18), 1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
index 0dc5561959eaa13718b53698eb15a584c53af8f2..5b1f0e248c44869629709fe8e179158d8e9906ae 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
@@ -15,10 +15,10 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
Let a_4 = shift_uint8(a, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -47,10 +47,10 @@ Let a_4 = shift_uint8(a, 0).
Let a_5 = shift_uint8(a, i).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -79,10 +79,10 @@ Let a_4 = shift_uint8(a, 0).
Let a_5 = a_3[v <- a_3[v_1]].
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -126,7 +126,7 @@ Let a_4 = shift_uint8(a, 0).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_1) /\ valid_rw(Malloc_0, a_2, len_1) /\
separated(a_2, len_1, a_4, len_1).
@@ -189,10 +189,10 @@ Let a_5 = havoc(Mint_undef_0, Mint_0, a_4, len_0).
Let a_6 = shift_uint8(a_1, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_22 <- 1][P_dst_23 <- 1], v, 1).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_6, len_0) /\ valid_rw(Malloc_0, a_4, len_0) /\
separated(a_4, len_0, a_6, len_0).
@@ -229,10 +229,10 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
Let a_4 = shift_uint8(a, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -261,10 +261,10 @@ Let a_4 = shift_uint8(a, 0).
Let a_5 = shift_uint8(a, i).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -293,10 +293,10 @@ Let a_4 = shift_uint8(a, 0).
Let a_5 = a_3[dst2_0 <- a_3[src2_0]].
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
@@ -340,7 +340,7 @@ Let a_4 = shift_uint8(a, 0).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_1) /\ valid_rw(Malloc_0, a_2, len_1) /\
separated(a_2, len_1, a_4, len_1).
@@ -401,10 +401,10 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
Let a_4 = shift_uint8(a, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_45 <- 1][P_dst_46 <- 1], tmp_0, 1).
- (* Heap *)
- Have: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
separated(a_2, len_0, a_4, len_0).
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
index 911ac911111e8ac2b3fee82d06a8e172205cd441..ded08a1708fb7464d71427a7c2dfa2f0fef5237e 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
@@ -12,8 +12,6 @@ Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Heap *)
- Have: linked(Malloc_0).
(* Pre-condition *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
@@ -46,8 +44,6 @@ Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Heap *)
- Have: linked(Malloc_0).
(* Pre-condition *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
@@ -86,8 +82,6 @@ Let a = global(G_src_45).
Let a_1 = global(G_dst_46).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
- (* Heap *)
- Have: linked(Malloc_0).
(* Pre-condition *)
Have: ((0 < len_1) -> (len_1 <= 1)).
(* Invariant 'ok,cpy' *)
@@ -146,10 +140,10 @@ Let a_1 = global(G_dst_46).
Let a_2 = shift_uint8(a_1, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
+ (* Heap *)
+ Type: linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, tmp_0, 1).
- (* Heap *)
- Have: linked(Malloc_0).
(* Pre-condition *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
diff --git a/src/plugins/wp/wpAnnot.ml b/src/plugins/wp/wpAnnot.ml
index 217da38b0854d57b056292892e7e74180a7a5154..5b7fb29db345bcca5190109df6fc24603f5545fc 100644
--- a/src/plugins/wp/wpAnnot.ml
+++ b/src/plugins/wp/wpAnnot.ml
@@ -520,9 +520,8 @@ let is_annot_for_config config ?(loopassigns=false) node s_annot bhv_name_list =
let add_fct_pre config acc spec =
let kf = config.kf in
let add_bhv_pre_hyp b acc =
- let impl_assumes = false in
let kind = WpStrategy.Ahyp in
- WpStrategy.add_prop_fct_bhv_pre acc kind kf b ~impl_assumes
+ WpStrategy.add_prop_fct_bhv_pre acc kind kf b
in
let add_def_pre_hyp acc =
match Cil.find_default_behavior spec with
@@ -558,7 +557,13 @@ let add_fct_pre config acc spec =
in List.fold_left add_hyp acc b.b_assumes
else add_bhv_pre_hyp b acc
in acc
- in acc
+ in
+ let acc = match get_behav config Kglobal spec.spec_behavior with
+ | Some bhv when Wp_parameters.SmokeTests.get () ->
+ WpStrategy.add_prop_fct_smoke acc kf bhv
+ | _ -> acc
+ in
+ acc
let add_variant acc spec = (* TODO *)
@@ -787,6 +792,25 @@ let get_call_annots config v s fct =
empty calls
(*----------------------------------------------------------------------------*)
+
+let is_unrolled_completely spec =
+ match spec.term_node with
+ | TConst (LStr "completely") -> true
+ | _ -> false
+
+let is_unrolled_loop stmt =
+ let exception Unrolled in
+ try
+ Annotations.iter_code_annot (fun _emitter ca ->
+ match ca.annot_content with
+ | APragma (Loop_pragma (Unroll_specs [ spec ; _ ]))
+ when is_unrolled_completely spec ->
+ raise Unrolled ;
+ | _ -> ()
+ ) stmt ;
+ false
+ with Unrolled -> true
+
let add_variant_annot config s ca var_exp loop_entry loop_back =
let (vpos_id, vpos), (vdecr_id, vdecr) =
WpStrategy.mk_variant_properties config.kf s ca var_exp
@@ -876,12 +900,14 @@ let get_loop_annots config vloop s =
in (assigns, loop_entry , loop_back , loop_core)
| _ -> acc (* see get_stmt_annots *)
in
- let acc =
- ((None,None),
- WpStrategy.empty_acc, WpStrategy.empty_acc, WpStrategy.empty_acc)
- in
+ let loop_core =
+ if Wp_parameters.SmokeTests.get () && cur_fct_default_bhv config
+ && not (is_unrolled_loop s)
+ then WpStrategy.add_prop_loop_smoke WpStrategy.empty_acc config.kf s
+ else WpStrategy.empty_acc in
let (h_assigns, g_assigns), loop_entry , loop_back , loop_core =
- Annotations.fold_code_annot do_annot s acc
+ Annotations.fold_code_annot do_annot s
+ ((None,None), WpStrategy.empty_acc, WpStrategy.empty_acc, loop_core)
in
let loop_back = match g_assigns with
| None -> loop_back
diff --git a/src/plugins/wp/wpPropId.ml b/src/plugins/wp/wpPropId.ml
index 4a154c087a2c207237585752f955d3d57dd00842..4a61b0b5a095970e533188695d21b5ce57cce532 100644
--- a/src/plugins/wp/wpPropId.ml
+++ b/src/plugins/wp/wpPropId.ml
@@ -44,21 +44,29 @@ type prop_kind =
| PKVarPos (** computation related to a loop variant being positive *)
| PKAFctOut (** computation related to the function assigns on normal termination *)
| PKAFctExit (** computation related to the function assigns on exit termination *)
- | PKPre of kernel_function * stmt * Property.t (** precondition for function
- at stmt, property of the require. Many information that should come
- from the p_prop part of the prop_id, but in the PKPre case,
- it seems that it is hidden in a IPBlob property ! *)
+ | PKSmoke (** expected to fail *)
+ | PKPre of kernel_function * stmt * Property.t
+ (** precondition for function
+ at stmt, property of the require. Many information that should come
+ from the p_prop part of the prop_id, but in the PKPre case,
+ it seems that it is hidden in a IPBlob property ! *)
type prop_id = {
p_kind : prop_kind ;
p_prop : Property.t ;
+ p_doomed : Property.t list ; (* false-if-reachable props when fired *)
+ p_unreachable : Property.other_loc ; (* false-if-reachable location *)
p_part : (int * int) option ;
}
+let unknown = Property.OLGlob Cil_datatype.Location.unknown
+
let tactical ~gid =
let ip = "Wp.Tactical." ^ gid in
{ p_kind = PKTactic ;
- p_prop = Property.(ip_other ip (OLGlob Cil_datatype.Location.unknown));
+ p_prop = Property.(ip_other ip unknown);
+ p_doomed = [] ;
+ p_unreachable = unknown ;
p_part = None }
(* -------------------------------------------------------------------------- *)
@@ -68,6 +76,8 @@ let tactical ~gid =
let kind_of_id p = p.p_kind
let parts_of_id p = p.p_part
let property_of_id p = p.p_prop
+let doomed_if_valid p = p.p_doomed
+let unreachable_if_valid p = p.p_unreachable
let mk_part pid (k, n) = { pid with p_part = Some (k,n) }
let source_of_id p = fst (Property.location p.p_prop)
@@ -92,9 +102,10 @@ let num_of_bhv_from bhv (out, _) =
(* Constructors *)
(*----------------------------------------------------------------------------*)
-let mk_prop kind prop = { p_kind=kind ; p_prop=prop ; p_part=None }
-let mk_check prop = { p_kind=PKCheck ; p_prop=prop ; p_part=None }
-let mk_property prop = { p_kind=PKProp ; p_prop=prop ; p_part=None }
+let mk_prop kind prop =
+ { p_kind=kind; p_prop=prop; p_unreachable=unknown; p_doomed=[]; p_part=None }
+let mk_check prop = mk_prop PKCheck prop
+let mk_property prop = mk_prop PKProp prop
let mk_annot_id kf stmt ca = Property.ip_of_code_annot_single kf stmt ca
let mk_annot_ids kf stmt ca = Property.ip_of_code_annot kf stmt ca
@@ -168,6 +179,18 @@ let mk_call_pre_id called_kf s_call called_pre called_pre_p =
let kind = PKPre (called_kf, s_call, called_pre) in
mk_prop kind called_pre_p
+let mk_smoke kf ~id ?(doomed=[]) ?unreachable () =
+ let oloc = match unreachable with
+ | None -> Property.OLContract kf
+ | Some stmt -> Property.OLStmt(kf,stmt)
+ in {
+ p_kind = PKSmoke;
+ p_prop = Property.ip_other ("smoke_" ^id) oloc ;
+ p_doomed = doomed ;
+ p_unreachable = oloc ;
+ p_part = None ;
+ }
+
(*----------------------------------------------------------------------------*)
let kind_order = function
@@ -182,6 +205,7 @@ let kind_order = function
| PKAFctExit -> 8
| PKCheck -> 9
| PKTactic -> 10
+ | PKSmoke -> 11
let compare_kind k1 k2 = match k1, k2 with
PKPre (kf1, ki1, p1), PKPre (kf2, ki2, p2) ->
@@ -212,10 +236,7 @@ module PropId =
type t = prop_id
include Datatype.Undefined
let name = "WpAnnot.prop_id"
- let reprs =
- List.map
- (fun x -> { p_kind = PKProp; p_prop = x; p_part = None })
- Property.reprs
+ let reprs = List.map mk_property Property.reprs
let hash pid = Property.hash pid.p_prop
let compare = compare_prop_id
let equal pid1 pid2 = compare_prop_id pid1 pid2 = 0
@@ -299,7 +320,8 @@ end = struct
let basename_of_prop_id p =
match p.p_kind , p.p_prop with
- | (PKTactic | PKCheck | PKProp | PKPropLoop) , p -> base_id_prop_txt p
+ | (PKTactic | PKCheck | PKProp | PKPropLoop | PKSmoke) , p ->
+ base_id_prop_txt p
| PKEstablished , p -> base_id_prop_txt p ^ "_established"
| PKPreserved , p -> base_id_prop_txt p ^ "_preserved"
| PKVarDecr , p -> base_id_prop_txt p ^ "_decrease"
@@ -381,7 +403,7 @@ struct
let get_prop_id_base p =
match p.p_kind , p.p_prop with
- | (PKTactic | PKCheck | PKProp | PKPropLoop) , p -> get_ip p
+ | (PKTactic | PKCheck | PKProp | PKPropLoop | PKSmoke) , p -> get_ip p
| PKEstablished , p -> get_ip p ^ "_established"
| PKPreserved , p -> get_ip p ^ "_preserved"
| PKVarDecr , p -> get_ip p ^ "_decrease"
@@ -502,6 +524,7 @@ let string_of_termination_kind = function
let label_of_kind = function
| PKTactic -> "Tactic"
+ | PKSmoke -> "Smoke-test"
| PKCheck -> "Check"
| PKProp -> "Property"
| PKPropLoop -> "Invariant" (* should be assert false ??? *)
@@ -527,7 +550,7 @@ struct
| None -> ()
| Some(k,n) -> fprintf fmt " (%d/%d)" (succ k) n
let pp_subprop fmt p = match p.p_kind with
- | PKProp | PKTactic | PKCheck | PKPropLoop -> ()
+ | PKProp | PKTactic | PKCheck | PKPropLoop | PKSmoke -> ()
| PKEstablished -> pp_print_string fmt " (established)"
| PKPreserved -> pp_print_string fmt " (preserved)"
| PKVarDecr -> pp_print_string fmt " (decrease)"
@@ -580,6 +603,7 @@ let propid_hints hs p =
let open Property in
match p.p_kind , p.p_prop with
| PKCheck , _ -> ()
+ | PKSmoke , _ -> add_required hs "smoke-test"
| PKProp , IPAssigns {ias_kinstr=Kstmt _} ->
add_required hs "stmt-assigns"
| PKProp , IPAssigns {ias_kinstr=Kglobal} ->
@@ -668,12 +692,8 @@ let prop_id_keys p =
(*----------------------------------------------------------------------------*)
let pp_goal_kind fmt = function
- | PKTactic
- | PKCheck
- | PKProp
- | PKPropLoop
- | PKAFctOut
- | PKAFctExit
+ | PKTactic | PKSmoke | PKCheck
+ | PKProp | PKPropLoop | PKAFctOut | PKAFctExit
| PKPre _ -> ()
| PKEstablished -> Format.pp_print_string fmt "Establishment of "
| PKPreserved -> Format.pp_print_string fmt "Preservation of "
@@ -704,6 +724,7 @@ let pretty_context kf fmt pid =
let is_check p = p.p_kind = PKCheck
let is_tactic p = p.p_kind = PKTactic
+let is_smoke_test p = p.p_kind = PKSmoke
let is_assigns p =
match property_of_id p with
@@ -954,14 +975,14 @@ let _split job pid goals =
let subproofs id = match id.p_kind with
| PKCheck -> 0
- | PKProp | PKTactic | PKPre _ | PKPropLoop -> 1
+ | PKProp | PKSmoke | PKTactic | PKPre _ | PKPropLoop -> 1
| PKEstablished | PKPreserved
| PKVarDecr | PKVarPos
| PKAFctExit | PKAFctOut -> 2
let subproof_idx id = match id.p_kind with
| PKCheck -> (-1) (* 0/0 *)
- | PKProp | PKTactic | PKPre _ | PKPropLoop -> 0 (* 1/1 *)
+ | PKProp | PKTactic | PKPre _ | PKSmoke | PKPropLoop -> 0 (* 1/1 *)
| PKPreserved -> 0 (* 1/2 *)
| PKEstablished-> 1 (* 2/2 *)
| PKVarDecr -> 0 (* 1/2 *)
@@ -1011,7 +1032,7 @@ let get_induction p =
| IPAssigns {ias_kf; ias_kinstr=Kstmt stmt} -> Some (ias_kf, stmt)
| _ -> None
in match p.p_kind with
- | PKCheck | PKAFctOut|PKAFctExit|PKPre _ | PKTactic -> None
+ | PKCheck|PKSmoke |PKAFctOut|PKAFctExit|PKPre _ | PKTactic -> None
| PKProp ->
let loop_stmt_opt = match get_stmt (property_of_id p) with
| None -> None
diff --git a/src/plugins/wp/wpPropId.mli b/src/plugins/wp/wpPropId.mli
index 5b143da74269b1e92f2923eaa1a92533c6c6f64f..42007ca2ce1ad0b73a80ae84696058f00cacb455 100644
--- a/src/plugins/wp/wpPropId.mli
+++ b/src/plugins/wp/wpPropId.mli
@@ -32,11 +32,15 @@ open LogicUsage
(** Property.t information and kind of PO (establishment, preservation, etc) *)
type prop_id
-(** returns the annotation which lead to the given PO.
- Dynamically exported.
-*)
+(** returns the annotation which lead to the given PO. *)
val property_of_id : prop_id -> Property.t
+(** Properties that are False-if-unreachable in case the PO is valid. *)
+val doomed_if_valid : prop_id -> Property.t list
+
+(** Stmt that is unreachable in case the PO is valid. *)
+val unreachable_if_valid : prop_id -> Property.other_loc
+
val source_of_id : prop_id -> Filepath.position
(*----------------------------------------------------------------------------*)
@@ -53,6 +57,7 @@ val is_tactic : prop_id -> bool
val is_assigns : prop_id -> bool
val is_requires : Property.t -> bool
val is_loop_preservation : prop_id -> stmt option
+val is_smoke_test : prop_id -> bool
(** test if the prop_id does not have a [no_wp:] in its name(s). *)
val select_default : prop_id -> bool
@@ -86,6 +91,7 @@ type prop_kind =
| PKVarPos (** computation related to a loop variant being positive *)
| PKAFctOut (** computation related to the function assigns on normal termination *)
| PKAFctExit (** computation related to the function assigns on exit termination *)
+ | PKSmoke (** smoke property *)
| PKPre of kernel_function * stmt * Property.t (** precondition for function
at stmt, property of the require. Many information that should come
from the p_prop part of the prop_id, but in the PKPre case,
@@ -104,6 +110,11 @@ val string_of_termination_kind : termination_kind -> string
val num_of_bhv_from : funbehavior -> from -> int
(*----------------------------------------------------------------------------*)
+val mk_smoke : kernel_function -> id:string ->
+ ?doomed:Property.t list ->
+ ?unreachable:stmt ->
+ unit -> prop_id
+
val mk_code_annot_ids : kernel_function -> stmt -> code_annotation -> prop_id list
val mk_assert_id : kernel_function -> stmt -> code_annotation -> prop_id
diff --git a/src/plugins/wp/wpReport.ml b/src/plugins/wp/wpReport.ml
index 4769a676fef60c6ec7eba09c2b1fe2ed47405d8b..608f6a6040721c199acd52e8caa0ef8787418f6e 100644
--- a/src/plugins/wp/wpReport.ml
+++ b/src/plugins/wp/wpReport.ml
@@ -90,7 +90,8 @@ let rank n =
type res = VALID | UNSUCCESS | INCONCLUSIVE | NORESULT
-let result (r:VCS.result) = match r.VCS.verdict with
+let result ~smoke (r:VCS.result) =
+ match VCS.verdict ~smoke r with
| VCS.NoResult | VCS.Checked | VCS.Computing _ -> NORESULT
| VCS.Failed -> INCONCLUSIVE
| VCS.Invalid | VCS.Unknown | VCS.Timeout | VCS.Stepout -> UNSUCCESS
@@ -209,7 +210,8 @@ let add_results (plist:pstats list) (wpo:Wpo.t) =
let sm = ref 0 in
List.iter
(fun (p,r) ->
- let re = result r in
+ let smoke = Wpo.is_smoke_test wpo in
+ let re = result ~smoke r in
let st = Wpo.get_steps r in
let tc = Wpo.get_time r in
let ts = r.VCS.solver_time in
diff --git a/src/plugins/wp/wpStrategy.ml b/src/plugins/wp/wpStrategy.ml
index af09f957b438dff77ff268fc00abb4b02c398b81..5891fc87db30935a79783177d652977a374319bc 100644
--- a/src/plugins/wp/wpStrategy.ml
+++ b/src/plugins/wp/wpStrategy.ml
@@ -166,14 +166,11 @@ let add_prop_fct_post acc kind kf bhv tkind post =
let p = normalize id labels p in
add_prop acc kind id p
-let add_prop_fct_bhv_pre acc kind kf bhv ~impl_assumes =
- let assumes =
- if impl_assumes then Some (Ast_info.behavior_assumes bhv) else None
- in
+let add_prop_fct_bhv_pre acc kind kf bhv =
+ let assumes = None in
let add acc p = add_prop_fct_pre acc kind kf bhv ~assumes p in
let acc = List.fold_left add acc bhv.b_requires in
- if impl_assumes then acc
- else List.fold_left add acc bhv.b_assumes
+ List.fold_left add acc bhv.b_assumes
let add_prop_stmt_pre acc kind kf s bhv ~assumes pre =
let id = WpPropId.mk_pre_id kf (Kstmt s) bhv pre in
@@ -247,6 +244,27 @@ let fold_bhv_post_cond ~warn f_normal f_exits acc b =
end
in List.fold_left add acc b.b_post_cond
+(* -------------------------------------------------------------------------- *)
+(* --- Smoke --- *)
+(* -------------------------------------------------------------------------- *)
+
+let add_smoke acc kf ~id ?doomed ?unreachable () =
+ let id = WpPropId.mk_smoke kf ~id ?doomed ?unreachable () in
+ add_prop acc Agoal id (Some Logic_const.pfalse)
+
+let add_prop_fct_smoke acc kf bhv =
+ if bhv.b_requires = [] then acc else
+ let bname =
+ if Cil.is_default_behavior bhv then "default" else bhv.b_name in
+ let id = bname ^ "_requires" in
+ let doomed = Property.ip_requires_of_behavior kf Kglobal bhv in
+ add_smoke acc kf ~id ~doomed ()
+
+let add_prop_loop_smoke acc kf stmt =
+ if not (Wp_parameters.Split.get()) then
+ add_smoke acc kf ~id:"loop_invariant" ~unreachable:stmt ()
+ else acc
+
(* -------------------------------------------------------------------------- *)
let add_assigns acc kind id a_desc =
diff --git a/src/plugins/wp/wpStrategy.mli b/src/plugins/wp/wpStrategy.mli
index 3ae3b03b0c07b824e98afd7877d4d1ff52771dee..7b94580d54ee93cab0212c8a94b4f37e8bedb338 100644
--- a/src/plugins/wp/wpStrategy.mli
+++ b/src/plugins/wp/wpStrategy.mli
@@ -80,11 +80,15 @@ val add_prop_fct_pre : t_annots -> annot_kind ->
kernel_function -> funbehavior ->
assumes: predicate option -> identified_predicate -> t_annots
-(** Add the preconditions of the behavior :
- * if [impl_assumes], add [b_assumes => b_requires]
- * else add both the [b_requires] and the [b_assumes] *)
+(** Add the preconditions of the behavior *)
val add_prop_fct_bhv_pre : t_annots -> annot_kind ->
- kernel_function -> funbehavior -> impl_assumes:bool -> t_annots
+ kernel_function -> funbehavior -> t_annots
+
+(** Add Smoke Test behavior *)
+val add_prop_fct_smoke : t_annots -> kernel_function -> funbehavior -> t_annots
+
+(** Add Smoke Test behavior for loop *)
+val add_prop_loop_smoke : t_annots -> kernel_function -> stmt -> t_annots
val add_prop_fct_post : t_annots -> annot_kind ->
kernel_function -> funbehavior -> termination_kind -> identified_predicate
diff --git a/src/plugins/wp/wp_parameters.ml b/src/plugins/wp/wp_parameters.ml
index 958e965027a12ed3b484f48d527e68fac17ba51d..11d857b710473a2f0922e098d075d99a2667d563 100644
--- a/src/plugins/wp/wp_parameters.ml
+++ b/src/plugins/wp/wp_parameters.ml
@@ -369,6 +369,13 @@ module RTE =
let help = "Generate RTE guards before WP."
end)
+let () = Parameter_customize.set_group wp_strategy
+module SmokeTests =
+ False(struct
+ let option_name = "-wp-smoke-tests"
+ let help = "Smoke-tests : look for inconsistent contracts (best effort)"
+ end)
+
let () = Parameter_customize.set_group wp_strategy
module Split =
False(struct
@@ -389,8 +396,17 @@ module SplitDepth =
let option_name = "-wp-split-depth"
let default = 0
let arg_name = "p"
- let help = "Set depth of exploration for splitting conjunctions into sub-goals.\n\
- Value `-1` means an unlimited depth."
+ let help = "Set depth for splitting conjunctions into sub-goals.\n\
+ Value -1 means unlimited depth (default 0)"
+ end)
+
+let () = Parameter_customize.set_group wp_strategy
+module SplitMax =
+ Int(struct
+ let option_name = "-wp-max-split"
+ let default = 1000
+ let arg_name = "n"
+ let help = "Set maximum number of splitted sub-goals (default 1000)"
end)
let () = Parameter_customize.set_group wp_strategy
@@ -645,6 +661,17 @@ module Timeout =
"Set the timeout (in seconds) for provers (default: %d)." default
end)
+let () = Parameter_customize.set_group wp_prover
+module SmokeTimeout =
+ Int(struct
+ let option_name = "-wp-smoke-timeout"
+ let default = 2
+ let arg_name = "n"
+ let help =
+ Printf.sprintf
+ "Set the timeout (in seconds) for provers (default: %d)." default
+ end)
+
let () = Parameter_customize.set_group wp_prover
module TimeExtra =
Int(struct
diff --git a/src/plugins/wp/wp_parameters.mli b/src/plugins/wp/wp_parameters.mli
index e8077cadabfa82722c848c01ad664209eed4a2bc..55daa2868a5965921a960546a1af68c72e057274 100644
--- a/src/plugins/wp/wp_parameters.mli
+++ b/src/plugins/wp/wp_parameters.mli
@@ -91,6 +91,7 @@ module Reduce: Parameter_sig.Bool
module ExtEqual : Parameter_sig.Bool
module UnfoldAssigns : Parameter_sig.Bool
module Split: Parameter_sig.Bool
+module SplitMax: Parameter_sig.Int
module SplitDepth: Parameter_sig.Int
module DynCall : Parameter_sig.Bool
module SimplifyIsCint : Parameter_sig.Bool
@@ -112,6 +113,7 @@ module Drivers: Parameter_sig.String_list
module Script: Parameter_sig.String
module UpdateScript: Parameter_sig.Bool
module Timeout: Parameter_sig.Int
+module SmokeTimeout: Parameter_sig.Int
module TimeExtra: Parameter_sig.Int
module TimeMargin: Parameter_sig.Int
module CoqTimeout: Parameter_sig.Int
@@ -145,6 +147,7 @@ module ReportJson: Parameter_sig.String
module ReportName: Parameter_sig.String
module MemoryContext: Parameter_sig.Bool
module Check: Parameter_sig.Bool
+module SmokeTests: Parameter_sig.Bool
(** {2 Getters} *)
diff --git a/src/plugins/wp/wpo.ml b/src/plugins/wp/wpo.ml
index 514a16f74264130427e9c7b6674a9c9043ef24f5..b1d36224aa0807d4946d4cd542a163d10b77cc09 100644
--- a/src/plugins/wp/wpo.ml
+++ b/src/plugins/wp/wpo.ml
@@ -505,6 +505,7 @@ let qed_time wpo =
(* -------------------------------------------------------------------------- *)
let is_tactic t = WpPropId.is_tactic t.po_pid
+let is_smoke_test t = WpPropId.is_smoke_test t.po_pid
module Hproof = Hashtbl.Make(Datatype.Pair(Datatype.String)(Property))
(* Table indexed by ( Model name , Property proved ) *)
@@ -689,10 +690,10 @@ let warnings = function
let get_time = function { prover_time=t } -> t
let get_steps= function { prover_steps=n } -> n
-
+let get_target g = WpPropId.property_of_id g.po_pid
let get_proof g =
let system = SYSTEM.get () in
- let target = WpPropId.property_of_id g.po_pid in
+ let target = get_target g in
let status =
try
let proof = Hproof.find system.proofs (proof g target) in
@@ -700,6 +701,17 @@ let get_proof g =
with Not_found -> false
in status , target
+let doomed_unreachable emitter pid =
+ match WpPropId.unreachable_if_valid pid with
+ | Property.OLStmt(kf,stmt) ->
+ let pred_loc = Stmt.loc stmt in
+ let pred_name = [ "Wp" ; "SmokeTest" ] in
+ let pf = { Logic_const.pfalse with pred_loc ; pred_name } in
+ let ca = Logic_const.new_code_annotation (AAssert ([],Assert,pf)) in
+ Annotations.add_code_annot emitter ~kf stmt ca ;
+ Property.ip_of_code_annot kf stmt ca
+ | Property.OLGlob _ | Property.OLContract _ -> []
+
let update_property_status g r =
let system = SYSTEM.get () in
try
@@ -710,14 +722,30 @@ let update_property_status g r =
let proof = WpAnnot.create_proof g.po_pid in
Hproof.add system.proofs pi proof ; proof
in
- if is_valid r then WpAnnot.add_proof proof g.po_pid (get_depend g) ;
+ let emitter = WpContext.get_emitter g.po_model in
+ let smoke = is_smoke_test g in
let status =
- if WpAnnot.is_proved proof then Property_status.True
- else Property_status.Dont_know
+ match VCS.verdict ~smoke r with
+ | Valid ->
+ WpAnnot.add_proof proof g.po_pid (get_depend g) ;
+ if WpAnnot.is_proved proof then Property_status.True
+ else Property_status.Dont_know
+ | Invalid when smoke ->
+ let status = Property_status.False_if_reachable in
+ List.iter
+ (fun tgt -> Property_status.emit emitter ~hyps:[] tgt status)
+ (WpPropId.doomed_if_valid g.po_pid) ;
+ let status = Property_status.True in
+ List.iter
+ (fun tgt -> Property_status.emit emitter ~hyps:[] tgt status)
+ (doomed_unreachable emitter g.po_pid) ;
+ Property_status.False_if_reachable
+ | _ ->
+ if WpAnnot.is_proved proof then Property_status.True
+ else Property_status.Dont_know
in
let target = WpAnnot.target proof in
let depends = WpAnnot.dependencies proof in
- let emitter = WpContext.get_emitter g.po_model in
Property_status.emit emitter ~hyps:depends target status ;
with err ->
Wp_parameters.failure "Update-status failed (%s)" (Printexc.to_string err) ;
diff --git a/src/plugins/wp/wpo.mli b/src/plugins/wp/wpo.mli
index 4035da3f2f7fd5b94d57d1602757409161c0b584..d8615a6576283ee406ac8c39f9264593d3e1ace5 100644
--- a/src/plugins/wp/wpo.mli
+++ b/src/plugins/wp/wpo.mli
@@ -156,6 +156,7 @@ val has_verdict : t -> prover -> bool
val get_result : t -> prover -> result
val get_results : t -> (prover * result) list
val get_proof : t -> bool * Property.t
+val get_target : t -> Property.t
val is_trivial : t -> bool (** do not tries simplification, do not check prover results *)
val is_proved : t -> bool (** do not tries simplification, check prover results *)
val is_unknown : t -> bool
@@ -170,6 +171,7 @@ val get_time: result -> float
val get_steps: result -> int
val is_tactic : t -> bool
+val is_smoke_test : t -> bool
val iter :
?ip:Property.t ->