diff --git a/.Makefile.lint b/.Makefile.lint
index 69b506b6c4e6dcb894a746aed704839d6e5b8ee3..32f6011d23d63b935665a9f6d15f91a0adefdced 100644
--- a/.Makefile.lint
+++ b/.Makefile.lint
@@ -196,9 +196,6 @@ ML_LINT_KO+=src/plugins/aorai/aorai_dataflow.ml
ML_LINT_KO+=src/plugins/aorai/aorai_dataflow.mli
ML_LINT_KO+=src/plugins/aorai/aorai_option.ml
ML_LINT_KO+=src/plugins/aorai/aorai_register.ml
-ML_LINT_KO+=src/plugins/aorai/aorai_utils.ml
-ML_LINT_KO+=src/plugins/aorai/aorai_utils.mli
-ML_LINT_KO+=src/plugins/aorai/aorai_visitors.ml
ML_LINT_KO+=src/plugins/aorai/data_for_aorai.ml
ML_LINT_KO+=src/plugins/aorai/data_for_aorai.mli
ML_LINT_KO+=src/plugins/aorai/logic_simplification.ml
diff --git a/src/kernel_internals/parsing/cparser.mly b/src/kernel_internals/parsing/cparser.mly
index 0da0b7020349f1bf7f3646cddf230055b094af86..87325decb88c1c7056de3787504affb710d37af0 100644
--- a/src/kernel_internals/parsing/cparser.mly
+++ b/src/kernel_internals/parsing/cparser.mly
@@ -161,6 +161,18 @@ let doDeclaration logic_spec (loc: cabsloc) (specs: spec_elem list) (nl: init_na
DECDEF (logic_spec, (specs, nl), loc)
end
+let in_ghost =
+ let ghost_me = object
+ inherit Cabsvisit.nopCabsVisitor
+ method! vstmt s =
+ s.stmt_ghost <- true;
+ Cil.DoChildren
+ end
+ in
+ List.map
+ (fun s -> ignore (Cabsvisit.visitCabsStatement ghost_me s); s)
+
+let ghost_global = ref false
let doFunctionDef spec (loc: cabsloc)
(lend: cabsloc)
@@ -170,6 +182,7 @@ let doFunctionDef spec (loc: cabsloc)
let fname = (specs, n) in
let name = match n with (n,_,_,_) -> n in
Extlib.may (fun (spec, _) -> check_funspec_abrupt_clauses name spec) spec;
+ let b = if !ghost_global then { b with bstmts = in_ghost b.bstmts } else b in
FUNDEF (spec, fname, b, loc, lend)
let doOldParDecl (names: string list)
@@ -279,17 +292,6 @@ let no_ghost_stmt s = {stmt_ghost = false ; stmt_node = s}
let no_ghost = List.map no_ghost_stmt
-let in_ghost =
- let ghost_me = object
- inherit Cabsvisit.nopCabsVisitor
- method! vstmt s =
- s.stmt_ghost <- true;
- Cil.DoChildren
- end
- in
- List.map
- (fun s -> ignore (Cabsvisit.visitCabsStatement ghost_me s); s)
-
let in_block l =
match l with
[] -> no_ghost_stmt (NOP cabslu)
@@ -440,15 +442,19 @@ file: globals EOF {$1}
globals:
/* empty */ { [] }
| global globals { (false,$1) :: $2 }
-| LGHOST ghost_globals globals { $2 @ $3 }
+| ghost_glob_begin ghost_globals globals { $2 @ $3 }
| SEMICOLON globals { $2 }
;
+ghost_glob_begin:
+| LGHOST { ghost_global:=true }
+;
+
/* Rules for global ghosts: TODO keep the ghost status! */
ghost_globals:
-| declaration ghost_globals { (true,$1)::$2 }
-| function_def ghost_globals { (true,$1)::$2 }
-| RGHOST { [] }
+| declaration ghost_globals { (true,$1)::$2 }
+| function_def ghost_globals { (true,$1)::$2 }
+| RGHOST { ghost_global:=false; [] }
;
/*** Global Definition ***/
diff --git a/src/kernel_internals/typing/cabs2cil.ml b/src/kernel_internals/typing/cabs2cil.ml
index 4cfcf1a6dbc2fb12b9cd97f28067f0579f2c34a1..b14ad59df17dc996dabd4f936fafaebc2d1bebc5 100644
--- a/src/kernel_internals/typing/cabs2cil.ml
+++ b/src/kernel_internals/typing/cabs2cil.ml
@@ -857,10 +857,17 @@ type envdata =
* declared labels. The lookup name
* for this category is "label foo" *)
-let env : (string, envdata * location) H.t = H.create 307
+let env = Datatype.String.Hashtbl.create 307
+(* ghost environment: keep track of all symbols, in the order
+ in which they have been introduced. Superset of env *)
+let ghost_env = Datatype.String.Hashtbl.create 307
(* We also keep a global environment. This is always a subset of the env *)
-let genv : (string, envdata * location) H.t = H.create 307
+let global_env = Datatype.String.Hashtbl.create 307
+(* ghost global environment: superset of global and subset of ghost *)
+let ghost_global_env = Datatype.String.Hashtbl.create 307
+(* maps a C label to the ghost environment of variables in scope
+ at this program point. Used for typing \at() terms and predicates. *)
let label_env = Datatype.String.Hashtbl.create 307
let add_label_env lab =
@@ -870,8 +877,9 @@ let add_label_env lab =
Datatype.String.Map.add v vi map
| _ -> map
in
- let lab_env = H.fold add_if_absent env Datatype.String.Map.empty in
- Datatype.String.Hashtbl.add label_env lab lab_env
+ let open Datatype.String.Hashtbl in
+ let lab_env = fold add_if_absent ghost_env Datatype.String.Map.empty in
+ add label_env lab lab_env
let remove_label_env lab =
Datatype.String.Hashtbl.remove label_env lab
@@ -879,50 +887,59 @@ let remove_label_env lab =
(* In the scope we keep the original name, so we can remove them from the
* hash table easily *)
type undoScope =
- UndoRemoveFromEnv of string
+ UndoRemoveFromEnv of bool * string (* boolean indicates whether we should
+ remove from ghost env only, or both.*)
| UndoAlphaEnv of location Alpha.undoAlphaElement list
let scopes : undoScope list ref list ref = ref []
(* tries to estimate if the name 's' was declared in the current scope;
note that this may not work in all cases *)
-let declared_in_current_scope s =
+let declared_in_current_scope ~ghost s =
match !scopes with
- | [] -> (* global scope: check if present in genv *) H.mem genv s
+ | [] -> (* global scope *)
+ let env = if ghost then ghost_global_env else global_env in
+ Datatype.String.Hashtbl.mem env s
| cur_scope :: _ ->
let names_declared_in_current_scope =
Extlib.filter_map
- (function UndoRemoveFromEnv _ -> true | UndoAlphaEnv _ -> false)
(function
- | UndoRemoveFromEnv s -> s
+ | UndoRemoveFromEnv (ghost',_) -> ghost || not ghost'
+ | UndoAlphaEnv _ -> false)
+ (function
+ | UndoRemoveFromEnv (_, s) -> s
| UndoAlphaEnv _ -> assert false (* already filtered *)
) !cur_scope
in
List.mem s names_declared_in_current_scope
(* When you add to env, you also add it to the current scope *)
-let addLocalToEnv (n: string) (d: envdata) =
- (*log "%a: adding local %s to env\n" d_loc !currentLoc n; *)
- H.add env n (d, CurrentLoc.get ());
+let addLocalToEnv ghost name data =
+ let v = data, CurrentLoc.get() in
+ Datatype.String.Hashtbl.add ghost_env name v;
+ if not ghost then Datatype.String.Hashtbl.add env name v;
(* If we are in a scope, then it means we are not at top level. Add the
* name to the scope *)
- (match !scopes with
- | [] -> begin
- match d with
- | EnvVar _ ->
- Kernel.fatal ~current:true
- "addLocalToEnv: not in a scope when adding %s!" n
- | _ ->
- H.add genv n (d,CurrentLoc.get()) (* We might add types *)
- end
- | s :: _ ->
- s := (UndoRemoveFromEnv n) :: !s)
+ match !scopes with
+ | [] -> begin
+ match data with
+ | EnvVar _ ->
+ Kernel.fatal ~current:true
+ "addLocalToEnv: not in a scope when adding %s!" name
+ | _ ->
+ (* Adding a type with local scope *)
+ Datatype.String.Hashtbl.add ghost_global_env name v;
+ if not ghost then Datatype.String.Hashtbl.add global_env name v
+ end
+ | s :: _ -> s := UndoRemoveFromEnv (ghost, name) :: !s
-let addGlobalToEnv (k: string) (d: envdata) : unit =
- (* ignore (E.log "%a: adding global %s to env\n" d_loc !currentLoc k); *)
- H.add env k (d, CurrentLoc.get ());
- (* Also add it to the global environment *)
- H.add genv k (d, CurrentLoc.get ())
+let addGlobalToEnv ghost name data =
+ let open Datatype.String.Hashtbl in
+ let v = data, CurrentLoc.get () in
+ add ghost_env name v;
+ if not ghost then add env name v;
+ add ghost_global_env name v;
+ if not ghost then add global_env name v
(* Create a new name based on a given name. The new name is formed from a
* prefix (obtained from the given name as the longest prefix that ends with
@@ -966,12 +983,15 @@ let is_same_kind kind info =
| "", EnvVar _ -> true
| _, _ -> false
-let find_identifier_decl name info =
+let find_identifier_decl ghost name info =
match info with
- | UndoRemoveFromEnv name' -> name = name'
+ | UndoRemoveFromEnv (ghost', name') ->
+ (ghost || not ghost') && name = name'
| _ -> false
-let newAlphaName (globalscope: bool) (* The name should have global scope *)
+let newAlphaName
+ ghost
+ (globalscope: bool) (* The name should have global scope *)
(kind: string)
(origname: string) : string * location =
let lookupname = kindPlusName kind origname in
@@ -1001,10 +1021,15 @@ let newAlphaName (globalscope: bool) (* The name should have global scope *)
try
let info =
if !scopes = [] then begin
- fst (H.find genv lookupname)
+ let env = if ghost then ghost_global_env else global_env in
+ fst (Datatype.String.Hashtbl.find env lookupname)
end else
- if List.exists (find_identifier_decl lookupname) !(List.hd !scopes)
- then fst (H.find env lookupname)
+ if List.exists
+ (find_identifier_decl ghost lookupname) !(List.hd !scopes)
+ then begin
+ let env = if ghost then ghost_env else env in
+ fst (Datatype.String.Hashtbl.find env lookupname)
+ end
else raise Not_found
in
if not (Kernel.C11.get () && kind = "type") then
@@ -1045,51 +1070,39 @@ let constrExprId = ref 0
let startFile () =
- Datatype.String.Hashtbl.clear label_env;
- H.clear env;
- H.clear genv;
+ let open Datatype.String.Hashtbl in
+ clear label_env;
+ clear env;
+ clear ghost_env;
H.clear alphaTable;
- lastStructId := 0;
-;;
+ lastStructId := 0
(* Lookup a variable name. Return also the location of the definition. Might
* raise Not_found *)
-let lookupVar (n: string) : varinfo * location =
- match H.find env n with
+let lookupVar ghost name =
+ let env = if ghost then ghost_env else env in
+ match Datatype.String.Hashtbl.find env name with
| (EnvVar vi), loc -> vi, loc
| _ -> raise Not_found
+let only_ghost_symbol name =
+ try ignore (lookupVar false name); false
+ with Not_found ->
+ try ignore (lookupVar true name); true
+ with Not_found -> false
-let lookupGlobalVar (n: string) : varinfo * location =
- match H.find genv n with
+let lookupGlobalVar ghost name =
+ let env = if ghost then ghost_global_env else global_env in
+ match Datatype.String.Hashtbl.find env name with
| (EnvVar vi), loc -> vi, loc
| _ -> raise Not_found
-let _docEnv () =
- let acc : (string * (envdata * location)) list ref = ref [] in
- let doone fmt = function
- EnvVar vi, l ->
- Format.fprintf fmt "Var(%s,global=%b) (at %a)"
- vi.vname vi.vglob Cil_printer.pp_location l
- | EnvEnum (_item), l -> Format.fprintf fmt "Enum (at %a)" Cil_printer.pp_location l
- | EnvTyp _t, _l -> Format.fprintf fmt "typ"
- | EnvLabel l, _ -> Format.fprintf fmt "label %s" l
- in
- H.iter (fun k d -> acc := (k, d) :: !acc) env;
- Pretty_utils.pp_list ~sep:"@\n"
- (fun fmt (k, d) -> Format.fprintf fmt " %s -> %a" k doone d)
- Format.std_formatter
- !acc
-
-
-
(* Add a new variable. Do alpha-conversion if necessary *)
-let alphaConvertVarAndAddToEnv (addtoenv: bool) (vi: varinfo) : varinfo =
-(*
- ignore (E.log "%t: alphaConvert(addtoenv=%b) %s" d_thisloc addtoenv vi.vname);
-*)
+let alphaConvertVarAndAddToEnv addtoenv vi =
(* Announce the name to the alpha conversion table *)
- let newname, oldloc = newAlphaName (addtoenv && vi.vglob) "" vi.vname in
+ let newname, oldloc =
+ newAlphaName vi.vghost (addtoenv && vi.vglob) "" vi.vname
+ in
(* Make a copy of the vi if the name has changed. Never change the name for
* global variables *)
let newvi =
@@ -1122,12 +1135,7 @@ let alphaConvertVarAndAddToEnv (addtoenv: bool) (vi: varinfo) : varinfo =
because of previous occurrence at %a"
vi.vname newname Cil_printer.pp_location oldloc;
end
- end else begin
- (* We have changed the name of a local variable. Can we try to detect
- * if the other variable was also local in the same scope? Not for
- * now. *)
- copyVarinfo vi newname
- end
+ end else copyVarinfo vi newname
end
in
(* Store all locals in the slocals (in reversed order). *)
@@ -1136,9 +1144,9 @@ let alphaConvertVarAndAddToEnv (addtoenv: bool) (vi: varinfo) : varinfo =
(if addtoenv then
if vi.vglob then
- addGlobalToEnv vi.vname (EnvVar newvi)
+ addGlobalToEnv vi.vghost vi.vname (EnvVar newvi)
else
- addLocalToEnv vi.vname (EnvVar newvi));
+ addLocalToEnv vi.vghost vi.vname (EnvVar newvi));
(*
ignore (E.log " new=%s\n" newvi.vname);
*)
@@ -1163,7 +1171,7 @@ end
let constFoldType (t:typ) : typ =
visitCilType constFoldTypeVisitor t
-let get_temp_name ?(ghost=false) () =
+let get_temp_name ghost () =
let undolist = ref [] in
let data = CurrentLoc.get() in
let name = if ghost then "g_tmp" else "tmp" in
@@ -1177,7 +1185,7 @@ let get_temp_name ?(ghost=false) () =
(* Create a new temporary variable *)
let newTempVar ~ghost loc descr (descrpure:bool) typ =
let t' = (!typeForInsertedVar) typ in
- let name = get_temp_name ~ghost () in
+ let name = get_temp_name ghost () in
let vi = makeVarinfo ~ghost ~temp:true ~loc false false name t' in
vi.vdescr <- Some descr;
vi.vdescrpure <- descrpure;
@@ -1208,19 +1216,18 @@ let compInfoNameEnv : (string, compinfo) H.t = H.create 113
let enumInfoNameEnv : (string, enuminfo) H.t = H.create 113
-let lookupTypeNoError (kind: string)
- (n: string) : typ * location =
- let kn = kindPlusName kind n in
- match H.find env kn with
+let lookupTypeNoError ghost kind name =
+ let kn = kindPlusName kind name in
+ let env = if ghost then ghost_env else env in
+ match Datatype.String.Hashtbl.find env kn with
| EnvTyp t, l -> t, l
| _ -> raise Not_found
-let lookupType (kind: string)
- (n: string) : typ * location =
+let lookupType ghost kind name =
try
- lookupTypeNoError kind n
+ lookupTypeNoError ghost kind name
with Not_found ->
- Kernel.fatal ~current:true "Cannot find type %s (kind:%s)" n kind
+ Kernel.fatal ~current:true "Cannot find type %s (kind:%s)" name kind
(* Create the self ref cell and add it to the map. Return also an indication
* if this is a new one. *)
@@ -1256,28 +1263,28 @@ let createEnumInfo (n: string) ~(norig:string) : enuminfo * bool =
(* kind is either "struct" or "union" or "enum" and n is a name *)
-let findCompType (kind: string) (n: string) (a: attributes) =
+let findCompType ghost kind name attr =
let makeForward () =
(* This is a forward reference, either because we have not seen this
* struct already or because we want to create a version with different
* attributes *)
if kind = "enum" then
- let enum, isnew = createEnumInfo n n in
+ let enum, isnew = createEnumInfo name name in
if isnew then
cabsPushGlobal (GEnumTagDecl (enum, CurrentLoc.get ()));
- TEnum (enum, a)
+ TEnum (enum, attr)
else
let iss = if kind = "struct" then true else false in
- let self, isnew = createCompInfo iss n ~norig:n in
+ let self, isnew = createCompInfo iss name ~norig:name in
if isnew then
cabsPushGlobal (GCompTagDecl (self, CurrentLoc.get ()));
- TComp (self, empty_size_cache (), a)
+ TComp (self, empty_size_cache (), attr)
in
try
- let old, _ = lookupTypeNoError kind n in (* already defined *)
+ let old, _ = lookupTypeNoError ghost kind name in (* already defined *)
let olda = typeAttrs old in
let equal =
- try List.for_all2 Cil_datatype.Attribute.equal olda a
+ try List.for_all2 Cil_datatype.Attribute.equal olda attr
with Invalid_argument _ -> false
in
if equal then old else makeForward ()
@@ -2200,7 +2207,7 @@ type loopstate =
let continues : loopstate list ref = ref []
(* Sometimes we need to create new label names *)
-let newLabelName (base: string) = fst (newAlphaName false "label" base)
+let newLabelName ghost base = fst (newAlphaName ghost false "label" base)
let continueOrLabelChunk ~ghost (l: location) : chunk =
match !continues with
@@ -2209,14 +2216,14 @@ let continueOrLabelChunk ~ghost (l: location) : chunk =
if !doTransformWhile then
begin
if !lr = "" then begin
- lr := newLabelName "__Cont"
+ lr := newLabelName ghost "__Cont"
end;
gotoChunk ~ghost !lr l
end
else continueChunk ~ghost l
| NotWhile lr :: _ ->
if !lr = "" then begin
- lr := newLabelName "__Cont"
+ lr := newLabelName ghost "__Cont"
end;
gotoChunk ~ghost !lr l
@@ -2237,21 +2244,21 @@ let exit_break_env () =
ignore (Stack.pop break_env)
(* In GCC we can have locally declared labels. *)
-let genNewLocalLabel (l: string) =
+let genNewLocalLabel ghost l =
(* Call the newLabelName to register the label name in the alpha conversion
* table. *)
- let l' = newLabelName l in
+ let l' = newLabelName ghost l in
(* Add it to the environment *)
- addLocalToEnv (kindPlusName "label" l) (EnvLabel l');
+ addLocalToEnv ghost (kindPlusName "label" l) (EnvLabel l');
l'
-let lookupLabel (l: string) =
+let lookupLabel ghost l =
try
- match H.find env (kindPlusName "label" l) with
+ let env = if ghost then ghost_env else env in
+ match Datatype.String.Hashtbl.find env (kindPlusName "label" l) with
| EnvLabel l', _ -> l'
| _ -> raise Not_found
- with Not_found ->
- l
+ with Not_found -> l
class gatherLabelsClass : V.cabsVisitor = object (self)
inherit V.nopCabsVisitor
@@ -2297,7 +2304,9 @@ class gatherLabelsClass : V.cabsVisitor = object (self)
(* Mark this label as defined *)
H.replace localLabels lbl (Some (CurrentLoc.get())))
with Not_found -> (* lbl is not a local label *)
- let newname, oldloc = newAlphaName false "label" lbl in
+ let newname, oldloc =
+ newAlphaName s.stmt_ghost false "label" lbl
+ in
if newname <> lbl then
Kernel.error ~once:true ~current:true
"Duplicate label '%s' (previous definition was at %a)"
@@ -2946,8 +2955,14 @@ let makeGlobalVarinfo (isadef: bool) (vi: varinfo) : varinfo * bool =
Kernel.debug ~dkey:Kernel.dkey_typing_global
"makeGlobalVarinfo isadef=%B vi.vname=%s(%d), vreferenced=%B"
isadef vi.vname vi.vid vi.vreferenced;
- (* This may throw an exception Not_found *)
- let oldvi, oldloc = lookupGlobalVar vi.vname in
+ (* This may throw an exception Not_found
+ Note that we always search in all the context, including ghost *)
+ let oldvi, oldloc = lookupGlobalVar true vi.vname in
+ if oldvi.vghost <> vi.vghost then
+ abort_context "Inconsistent ghost specification for %s.@ \
+ Previous declaration was at: %a"
+ vi.vname Cil_datatype.Location.pretty oldloc ;
+
Kernel.debug ~dkey:Kernel.dkey_typing_global
" %s(%d) already in the env at loc %a"
vi.vname oldvi.vid Cil_printer.pp_location oldloc;
@@ -3118,8 +3133,9 @@ let setupBuiltin ?(force_keep=false) name ?spec (resTyp, args_or_argtypes, isva)
v
;;
+(* builtin is never ghost *)
let memoBuiltin ?force_keep ?spec name proto =
- try fst (lookupGlobalVar name)
+ try fst (lookupGlobalVar false name)
with Not_found -> setupBuiltin ?force_keep ?spec name proto
let vla_alloc_fun () =
@@ -3812,7 +3828,8 @@ struct
let find_macro _ = raise Not_found
let find_var ?label ~var =
let find_from_curr_env test =
- match H.find env var with
+ (* logic has always access to the ghost variables. *)
+ match Datatype.String.Hashtbl.find ghost_env var with
| EnvVar vi, _ when test vi -> cvar_to_lvar vi
| _ -> raise Not_found
in
@@ -3831,7 +3848,8 @@ struct
(Datatype.String.Map.find var
(Datatype.String.Hashtbl.find label_env lab))
- let find_enum_tag x = match H.find env x with
+ let find_enum_tag x =
+ match Datatype.String.Hashtbl.find ghost_env x with
| EnvEnum item,_ ->
dummy_exp (Const (CEnum item)), typeOf item.eival
| _ -> raise Not_found
@@ -3840,10 +3858,10 @@ struct
let find_type namespace s =
match namespace with
- | Logic_typing.Typedef -> let t,_ = lookupTypeNoError "type" s in t
- | Logic_typing.Union -> findCompType "union" s []
- | Logic_typing.Struct -> findCompType "struct" s []
- | Logic_typing.Enum -> findCompType "enum" s []
+ | Logic_typing.Typedef -> let t,_ = lookupTypeNoError true "type" s in t
+ | Logic_typing.Union -> findCompType true "union" s []
+ | Logic_typing.Struct -> findCompType true "struct" s []
+ | Logic_typing.Enum -> findCompType true "enum" s []
include Logic_labels
@@ -3902,8 +3920,10 @@ let exitScope () =
scopes := rest;
let rec loop = function
[] -> ()
- | UndoRemoveFromEnv n :: t ->
- H.remove env n; loop t
+ | UndoRemoveFromEnv (ghost, n) :: t ->
+ Datatype.String.Hashtbl.remove ghost_env n;
+ if not ghost then Datatype.String.Hashtbl.remove env n;
+ loop t
| UndoAlphaEnv undolist :: t ->
Alpha.undoAlphaChanges ~alphaTable ~undolist;
loop t
@@ -4500,15 +4520,16 @@ let rec doSpecList ghost (suggestedAnonName: string)
TBuiltin_va_list []
| [A.Tnamed "__fc_builtin_size_t"] -> Cil.theMachine.typeOfSizeOf
| [A.Tnamed n] ->
- (match lookupType "type" n with
+ (match lookupType ghost "type" n with
| (TNamed _) as x, _ -> x
| _ ->
Kernel.fatal ~current:true "Named type %s is not mapped correctly" n)
| [A.Tstruct (n, None, _)] -> (* A reference to a struct *)
if n = "" then
- Kernel.error ~once:true ~current:true "Missing struct tag on incomplete struct";
- findCompType "struct" n []
+ Kernel.error ~once:true ~current:true
+ "Missing struct tag on incomplete struct";
+ findCompType ghost "struct" n []
| [A.Tstruct (n, Some nglist, extraAttrs)] -> (* A definition of a struct *)
let n' =
if n <> "" then n else anonStructName "struct" suggestedAnonName in
@@ -4518,8 +4539,9 @@ let rec doSpecList ghost (suggestedAnonName: string)
| [A.Tunion (n, None, _)] -> (* A reference to a union *)
if n = "" then
- Kernel.error ~once:true ~current:true "Missing union tag on incomplete union";
- findCompType "union" n []
+ Kernel.error ~once:true ~current:true
+ "Missing union tag on incomplete union";
+ findCompType ghost "union" n []
| [A.Tunion (n, Some nglist, extraAttrs)] -> (* A definition of a union *)
let n' =
if n <> "" then n else anonStructName "union" suggestedAnonName in
@@ -4529,14 +4551,15 @@ let rec doSpecList ghost (suggestedAnonName: string)
| [A.Tenum (n, None, _)] -> (* Just a reference to an enum *)
if n = "" then
- Kernel.error ~once:true ~current:true "Missing enum tag on incomplete enum";
- findCompType "enum" n []
+ Kernel.error ~once:true ~current:true
+ "Missing enum tag on incomplete enum";
+ findCompType ghost "enum" n []
| [A.Tenum (n, Some eil, extraAttrs)] -> (* A definition of an enum *)
let n' =
if n <> "" then n else anonStructName "enum" suggestedAnonName in
(* make a new name for this enumeration *)
- let n'', _ = newAlphaName true "enum" n' in
+ let n'', _ = newAlphaName ghost true "enum" n' in
(* Create the enuminfo, or use one that was created already for a
* forward reference *)
@@ -4589,14 +4612,14 @@ let rec doSpecList ghost (suggestedAnonName: string)
(* add this tag to the list so that it ends up in the real
* environment when we're finished *)
- let newname, _ = newAlphaName true "" kname in
+ let newname, _ = newAlphaName ghost true "" kname in
let item = { eiorig_name = kname;
einame = newname;
eival = i;
eiloc = loc;
eihost = enum }
in
- addLocalToEnv kname (EnvEnum item);
+ addLocalToEnv ghost kname (EnvEnum item);
(kname, item) :: loop (increm i 1) rest
end
@@ -4653,7 +4676,7 @@ let rec doSpecList ghost (suggestedAnonName: string)
enum.ekind <- ekind;
end;
(* Record the enum name in the environment *)
- addLocalToEnv (kindPlusName "enum" n') (EnvTyp res);
+ addLocalToEnv ghost (kindPlusName "enum" n') (EnvTyp res);
(* And define the tag *)
cabsPushGlobal (GEnumTag (enum, CurrentLoc.get ()));
res
@@ -4775,8 +4798,8 @@ and doAttr ghost (a: A.attribute) : attribute list =
(** See if this is an enumeration *)
try
if not foldenum then raise Not_found;
-
- match H.find env n' with
+ let env = if ghost then ghost_env else env in
+ match Datatype.String.Hashtbl.find env n' with
| EnvEnum item, _ -> begin
match constFoldToInt item.eival with
| Some i64 when theMachine.lowerConstants ->
@@ -5083,7 +5106,7 @@ and doType (ghost:bool) isFuncArg
(* Add the formal to the environment, so it can be referenced by
other formals (e.g. in an array type, although that will be
changed to a pointer later, or though typeof). *)
- addLocalToEnv vi.vname (EnvVar vi);
+ addLocalToEnv ghost vi.vname (EnvVar vi);
vi
in
let make_noopt_targs ghost args =
@@ -5245,7 +5268,7 @@ and makeCompType ghost (isstruct: bool)
(a: attribute list) =
(* Make a new name for the structure *)
let kind = if isstruct then "struct" else "union" in
- let n', _ = newAlphaName true kind n in
+ let n', _ = newAlphaName ghost true kind n in
(* Create the self cell for use in fields and forward references. Or maybe
* one exists already from a forward reference *)
let comp, _ = createCompInfo isstruct n' norig in
@@ -5450,7 +5473,7 @@ and makeCompType ghost (isstruct: bool)
cabsPushGlobal (GCompTag (comp, CurrentLoc.get ()));
(* There must be a self cell created for this already *)
- addLocalToEnv (kindPlusName kind n) (EnvTyp res);
+ addLocalToEnv ghost (kindPlusName kind n) (EnvTyp res);
(* Now create a typedef with just this type *)
res
@@ -5622,7 +5645,8 @@ and doExp local_env
end;
(* Look up in the environment *)
try
- let envdata = H.find env n in
+ let env = if ghost then ghost_env else env in
+ let envdata = Datatype.String.Hashtbl.find env n in
match envdata with
| EnvVar vi, _ ->
let lval = var vi in
@@ -5659,13 +5683,18 @@ and doExp local_env
| _ -> raise Not_found
with Not_found -> begin
if isOldStyleVarArgName n then
- Kernel.fatal ~current:true
+ Kernel.abort ~current:true
"Cannot resolve variable %s. \
- This could be a CIL bug due to the handling of old-style variable argument \
- functions"
+ This could be a CIL bug due to \
+ the handling of old-style variable argument functions"
n
+ else if only_ghost_symbol n then
+ Kernel.abort ~current:true
+ "Variable %s is a ghost symbol. \
+ It cannot be used in non-ghost context. \
+ Did you forget a /*@@ ghost ... /?" n
else
- Kernel.fatal ~current:true "Cannot resolve variable %s" n
+ Kernel.abort ~current:true "Cannot resolve variable %s" n
end
end
| A.INDEX (e1, e2) -> begin
@@ -6446,7 +6475,7 @@ and doExp local_env
end
| _ -> n
in
- let vi, _ = lookupVar n in
+ let vi, _ = lookupVar ghost n in
let reads =
if Lval.Set.mem
(var vi) local_env.authorized_reads
@@ -6459,6 +6488,11 @@ and doExp local_env
new_exp ~loc:f.expr_loc (Lval(var vi)), vi.vtype)
(* Found. Do not use finishExp. Simulate what = AExp None *)
with Not_found -> begin
+ if only_ghost_symbol n then
+ Kernel.abort ~current:true
+ "Function %s is a ghost symbol. \
+ It cannot be used in non-ghost context. \
+ Did you forget a /*@@ ghost ... /?" n ;
Kernel.debug ~level:3
"Calling function %s without prototype." n ;
let ftype = TFun(intType, None, false,
@@ -6831,7 +6865,8 @@ and doExp local_env
begin
(* Lookup the prototype for the replacement *)
let v, _ =
- try lookupGlobalVar "__builtin_stdarg_start"
+ (* builtin is not ghost *)
+ try lookupGlobalVar false "__builtin_stdarg_start"
with Not_found ->
abort_context
"Cannot find __builtin_stdarg_start to replace %s"
@@ -7380,7 +7415,7 @@ and doExp local_env
end
| A.LABELADDR l -> begin (* GCC's taking the address of a label *)
- let l = lookupLabel l in (* To support locally declared labels *)
+ let l = lookupLabel ghost l in (* To support locally declared labels *)
let addrval =
try H.find gotoTargetHash l
with Not_found -> begin
@@ -7704,7 +7739,7 @@ and compileCondExp ~ghost ce st sf =
(* If sf is small then will copy it *)
try (true, sf, duplicateChunk sf)
with Failure _ ->
- let lab = newLabelName "_LAND" in
+ let lab = newLabelName ghost "_LAND" in
(false, gotoChunk ~ghost lab loc, consLabel ~ghost lab sf loc false)
in
let st' = compileCondExp ~ghost ce2 st sf1 in
@@ -7714,7 +7749,7 @@ and compileCondExp ~ghost ce st sf =
after the else part. This prevents spurious falls-through warning
afterwards. *)
let sf' = duplicateChunk sf1 in
- let lab = newLabelName "_LAND" in
+ let lab = newLabelName ghost "_LAND" in
let gotostmt =
if st_fall_through then gotoChunk ~ghost lab loc else skipChunk
in
@@ -7736,14 +7771,14 @@ and compileCondExp ~ghost ce st sf =
(* If st is small then will copy it *)
try (true, st, duplicateChunk st)
with Failure _ ->
- let lab = newLabelName "_LOR" in
+ let lab = newLabelName ghost "_LOR" in
(false, gotoChunk ~ghost lab loc, consLabel ~ghost lab st loc false)
in
if not duplicable && !doAlternateConditional then
let st' = duplicateChunk st1 in
let sf' = compileCondExp ~ghost ce2 st1 sf in
let sf_fall_through = chunkFallsThrough sf' in
- let lab = newLabelName "_LOR" in
+ let lab = newLabelName ghost "_LOR" in
let gotostmt =
if sf_fall_through then
gotoChunk ~ghost lab loc
@@ -8613,7 +8648,7 @@ and createLocal ghost ((_, sto, _, _) as specs)
| _ when isProto ndt ->
let vi = createGlobal ghost None specs init_name in
(* Add it to the environment to shadow previous decls *)
- addLocalToEnv n (EnvVar vi);
+ addLocalToEnv ghost n (EnvVar vi);
LocalFuncHook.apply vi;
empty
@@ -8623,7 +8658,7 @@ and createLocal ghost ((_, sto, _, _) as specs)
(* Now alpha convert it to make sure that it does not conflict with
* existing globals or locals from this function. *)
let full_name = !currentFunctionFDEC.svar.vname ^ "_" ^ n in
- let newname, _ = newAlphaName true "" full_name in
+ let newname, _ = newAlphaName ghost true "" full_name in
(* Make it global *)
let vi = makeVarInfoCabs ~ghost ~isformal:false
~isglobal:true
@@ -8638,7 +8673,7 @@ and createLocal ghost ((_, sto, _, _) as specs)
H.add staticLocals vi.vname vi;
(* Add it to the environment as a local so that the name goes out of
* scope properly *)
- addLocalToEnv n (EnvVar vi);
+ addLocalToEnv ghost n (EnvVar vi);
(* Maybe this is an array whose length depends on something with local
scope, e.g. "static char device[ sizeof(local) ]".
@@ -8677,7 +8712,7 @@ and createLocal ghost ((_, sto, _, _) as specs)
let vi = createGlobal ghost None specs init_name in
(* Add it to the local environment to ensure that it shadows previous
* local variables *)
- addLocalToEnv n (EnvVar vi);
+ addLocalToEnv ghost n (EnvVar vi);
empty
| _ ->
@@ -8822,7 +8857,7 @@ and createLocal ghost ((_, sto, _, _) as specs)
[], [(Var vi,NoOffset)], Cil_datatype.Lval.Set.elements r), ghost)
end
-and doAliasFun vtype (thisname:string) (othername:string)
+and doAliasFun ghost vtype (thisname:string) (othername:string)
(sname:single_name) (loc: cabsloc) : unit =
(* This prototype declares that name is an alias for
othername, which must be defined in this file *)
@@ -8845,7 +8880,7 @@ and doAliasFun vtype (thisname:string) (othername:string)
ignore (doDecl empty_local_env true fdef);
(* get the new function *)
let v,_ =
- try lookupGlobalVar thisname
+ try lookupGlobalVar ghost thisname
with Not_found -> abort_context "error in doDecl"
in
v.vattr <- dropAttribute "alias" v.vattr
@@ -8882,7 +8917,7 @@ and doDecl local_env (isglobal: bool) : A.definition -> chunk = function
Cil_printer.pp_location (CurrentLoc.get ());
ignore (createGlobal ghost logic_spec spec_res name)
end else
- doAliasFun vtype n othername (s, (n,ndt,a,l)) loc
+ doAliasFun ghost vtype n othername (s, (n,ndt,a,l)) loc
| _ ->
Kernel.error ~once:true ~current:true
"Bad alias attribute at %a" Cil_printer.pp_location (CurrentLoc.get()));
@@ -8961,7 +8996,7 @@ and doDecl local_env (isglobal: bool) : A.definition -> chunk = function
(* Make the fundec right away, and we'll populate it later. We
* need this throughout the code to create temporaries. *)
currentFunctionFDEC :=
- { svar = makeGlobalVar ~temp:false n voidType;
+ { svar = makeGlobalVar ~temp:false ~ghost n voidType;
slocals = []; (* For now we'll put here both the locals and
* the formals. Then "endFunction" will
* separate them *)
@@ -9012,7 +9047,7 @@ and doDecl local_env (isglobal: bool) : A.definition -> chunk = function
* environment for the original name as well. This will ensure
* that all uses of this function will refer to the renamed
* function *)
- addGlobalToEnv n (EnvVar !currentFunctionFDEC.svar);
+ addGlobalToEnv ghost n (EnvVar !currentFunctionFDEC.svar);
if H.mem alreadyDefined !currentFunctionFDEC.svar.vname then
Kernel.error ~once:true ~current:true "There is a definition already for %s" n;
@@ -9380,7 +9415,8 @@ and doTypedef ghost ((specs, nl): A.name_group) =
let tattr = fc_stdlib_attribute tattr in
let newTyp' = cabsTypeAddAttributes tattr newTyp in
checkRestrictQualifierDeep newTyp';
- if H.mem typedefs n && H.mem env n then
+ let env = if ghost then ghost_env else env in
+ if H.mem typedefs n && Datatype.String.Hashtbl.mem env n then
(* check if type redefinition is allowed (C11 only);
in all cases, do not create a new type.
TODO: if local typedef redefinitions are to be supported, then the new type
@@ -9390,7 +9426,7 @@ and doTypedef ghost ((specs, nl): A.name_group) =
Kernel.failure ~current:true
"redefinition of a typedef in a non-global scope is currently unsupported";
let typeinfo = H.find typedefs n in
- let _, oldloc = lookupType "type" n in
+ let _, oldloc = lookupType ghost "type" n in
if areCompatibleTypes typeinfo.ttype newTyp' then
begin
let error_conflicting_types () =
@@ -9413,7 +9449,7 @@ and doTypedef ghost ((specs, nl): A.name_group) =
which are invalid)
- redefinition via a typedef of a struct/union/enum IS allowed;
- other types are allowed. *)
- if declared_in_current_scope n then
+ if declared_in_current_scope ghost n then
begin
match newTyp' with (* do NOT unroll type here,
redefinitions of typedefs are ok *)
@@ -9440,13 +9476,13 @@ and doTypedef ghost ((specs, nl): A.name_group) =
if not (Kernel.C11.get ()) then error_c11_redefinition ()
end
end
- else if declared_in_current_scope n then
+ else if declared_in_current_scope ghost n then
Kernel.error ~current:true
"redefinition of type '%s' in the same scope with incompatible type.@ \
Previous declaration was at %a" n Cil_datatype.Location.pretty oldloc;
end
else (* effectively create new type *) begin
- let n', _ = newAlphaName true "type" n in
+ let n', _ = newAlphaName ghost true "type" n in
let ti =
{ torig_name = n; tname = n';
ttype = newTyp'; treferenced = false }
@@ -9459,7 +9495,7 @@ and doTypedef ghost ((specs, nl): A.name_group) =
let namedTyp = TNamed(ti, []) in
(* Register the type. register it as local because we might be in a
* local context *)
- addLocalToEnv (kindPlusName "type" n) (EnvTyp namedTyp);
+ addLocalToEnv ghost (kindPlusName "type" n) (EnvTyp namedTyp);
cabsPushGlobal (GType (ti, CurrentLoc.get ()))
end
in
@@ -9508,7 +9544,7 @@ and doOnlyTypedef ghost (specs: A.spec_elem list) : unit =
and doBody local_env (blk: A.block) : chunk =
let ghost = local_env.is_ghost in
(* Rename the labels and add them to the environment *)
- List.iter (fun l -> ignore (genNewLocalLabel l)) blk.blabels;
+ List.iter (fun l -> ignore (genNewLocalLabel ghost l)) blk.blabels;
(* See if we have some attributes *)
let battrs = doAttributes ghost blk.A.battrs in
@@ -9852,7 +9888,7 @@ and doStatement local_env (s : A.statement) : chunk =
C_logic_env.add_current_label l;
(* Lookup the label because it might have been locally defined *)
let chunk =
- consLabel ~ghost (lookupLabel l) (doStatement local_env s) loc' true
+ consLabel ~ghost (lookupLabel ghost l) (doStatement local_env s) loc' true
in
C_logic_env.reset_current_label (); chunk
@@ -9860,7 +9896,7 @@ and doStatement local_env (s : A.statement) : chunk =
let loc' = convLoc loc in
CurrentLoc.set loc';
(* Maybe we need to rename this label *)
- gotoChunk ~ghost (lookupLabel l) loc'
+ gotoChunk ~ghost (lookupLabel ghost l) loc'
| A.COMPGOTO (e, loc) -> begin
let loc' = convLoc loc in
@@ -9888,7 +9924,7 @@ and doStatement local_env (s : A.statement) : chunk =
Kernel.fatal ~current:true
"Non-empty chunk in creating temporary for goto *";
let switchv, _ =
- try lookupVar "__compgoto"
+ try lookupVar ghost "__compgoto"
with Not_found -> abort_context "Cannot find temporary for goto *";
in
(* Make a switch statement. We'll fill in the statements at the
@@ -9956,7 +9992,7 @@ and doStatement local_env (s : A.statement) : chunk =
let asm_gotos =
List.map
(fun label ->
- let label = lookupLabel label in
+ let label = lookupLabel ghost label in
let gref = ref dummyStmt in
addGoto label gref;
gref)
@@ -9992,7 +10028,7 @@ and doStatement local_env (s : A.statement) : chunk =
makeVarInfoCabs
~ghost ~isformal:false ~isglobal:false ldecl spec (n,ndt,a)
in
- addLocalToEnv n (EnvVar vi);
+ addLocalToEnv ghost n (EnvVar vi);
!currentFunctionFDEC.slocals <- vi :: !currentFunctionFDEC.slocals;
Catch_exn(vi,[])
in
@@ -10165,8 +10201,10 @@ let convFile (path, f) =
H.clear enumInfoNameEnv;
H.clear staticLocals;
H.clear typedefs;
- H.clear env;
- H.clear genv;
+ Datatype.String.Hashtbl.clear env;
+ Datatype.String.Hashtbl.clear global_env;
+ Datatype.String.Hashtbl.clear ghost_env;
+ Datatype.String.Hashtbl.clear ghost_global_env;
IH.clear callTempVars;
H.clear alpha_renaming;
constrExprId := 0;
diff --git a/src/kernel_internals/typing/infer_annotations.ml b/src/kernel_internals/typing/infer_annotations.ml
index 2bc549d5caf779a1dcc81ebca20143fe31af2de7..f6e46efb0ca2b4d2b6f9e2082646691e76ee5654 100644
--- a/src/kernel_internals/typing/infer_annotations.ml
+++ b/src/kernel_internals/typing/infer_annotations.ml
@@ -142,9 +142,10 @@ let assigns_from_prototype kf =
(fun (g, t) acc -> if g then acc else t :: acc) inputs []
in
let inputs = List.map (fun (_g, t) -> t) inputs in
+ let inputs g = if g then inputs else inputs_no_ghost in
let arguments =
List.map
- (fun (g, content) -> content, From (if g then inputs else inputs_no_ghost))
+ (fun (g, content) -> content, From (inputs g))
to_assign
in
match rtyp with
@@ -155,7 +156,7 @@ let assigns_from_prototype kf =
(* assigns result from basic args and content of pointer args *)
let loc = vi.vdecl in
let result = Logic_const.(new_identified_term (tresult ~loc rtyp)) in
- (result, From inputs_no_ghost):: arguments
+ (result, From (inputs vi.vghost)):: arguments
let is_frama_c_builtin name =
Ast_info.is_frama_c_builtin name
diff --git a/src/kernel_services/ast_queries/cil.ml b/src/kernel_services/ast_queries/cil.ml
index 924ce6b3312eb3ca4ef719345d7ee2d22a087794..d52be341225739de126ccc744555a101393a6d96 100644
--- a/src/kernel_services/ast_queries/cil.ml
+++ b/src/kernel_services/ast_queries/cil.ml
@@ -5236,8 +5236,8 @@ let makeLocal ?(temp=false) ?referenced ?ghost ?(formal=false) ?loc fdec name ty
vi
(* Make a local variable and add it to a function *)
-let makeLocalVar fdec ?scope ?(temp=false) ?referenced ?(insert=true) ?loc name typ =
- let vi = makeLocal ~temp ?referenced ?loc fdec name typ in
+let makeLocalVar fdec ?scope ?(temp=false) ?referenced ?(insert=true) ?ghost ?loc name typ =
+ let vi = makeLocal ~temp ?referenced ?ghost ?loc fdec name typ in
refresh_local_name fdec vi;
if insert then
begin
@@ -5251,8 +5251,8 @@ let makeLocalVar fdec ?scope ?(temp=false) ?referenced ?(insert=true) ?loc name
end;
vi
-let makeTempVar fdec ?insert ?(name = "__cil_tmp") ?descr ?(descrpure = true) ?loc typ : varinfo =
- let vi = makeLocalVar fdec ~temp:true ?insert ?loc name typ in
+let makeTempVar fdec ?insert ?ghost ?(name = "__cil_tmp") ?descr ?(descrpure = true) ?loc typ : varinfo =
+ let vi = makeLocalVar fdec ~temp:true ?insert ?ghost ?loc name typ in
vi.vdescr <- descr;
vi.vdescrpure <- descrpure;
vi
@@ -5338,8 +5338,8 @@ let makeFormalVar fdec ?(ghost=fdec.svar.vghost) ?(where = "$") ?loc name typ :
(* Make a global variable. Your responsibility to make sure that the name
* is unique *)
-let makeGlobalVar ?source ?temp ?referenced ?loc name typ =
- makeVarinfo ?source ?temp ?referenced ?loc true false name typ
+let makeGlobalVar ?source ?temp ?referenced ?ghost ?loc name typ =
+ makeVarinfo ?source ?temp ?referenced ?ghost ?loc true false name typ
let mkPureExprInstr ~fundec ~scope ?loc e =
let loc = match loc with None -> e.eloc | Some l -> l in
@@ -6450,12 +6450,15 @@ let uniqueVarNames (f: file) : unit =
newname Location.pretty oldloc ;
v.vname <- newname
in
- (* Do the formals first *)
- List.iter processLocal fdec.sformals;
+ let ghost vi = vi.vghost in
+ let formals_ghost, formals = List.partition ghost fdec.sformals in
+ let locals_ghost, locals = List.partition ghost fdec.slocals in
+ List.iter processLocal formals;
+ List.iter processLocal locals;
+ List.iter processLocal formals_ghost;
+ List.iter processLocal locals_ghost;
(* Fix the type again *)
setFormals fdec fdec.sformals;
- (* And now the locals *)
- List.iter processLocal fdec.slocals;
(* Undo the changes to the global table *)
Alpha.undoAlphaChanges gAlphaTable !undolist;
()
diff --git a/src/kernel_services/ast_queries/cil.mli b/src/kernel_services/ast_queries/cil.mli
index 38039b32d1f24f359acf784da5d35d5bc1a8628d..cfd3cfef66b89fc3b4f84c2bd77806a852451cbb 100644
--- a/src/kernel_services/ast_queries/cil.mli
+++ b/src/kernel_services/ast_queries/cil.mli
@@ -697,10 +697,11 @@ val makeFormalVar: fundec -> ?ghost:bool -> ?where:string -> ?loc:Location.t ->
a fresh name will be generated for the varinfo.
@modify Chlorine-20180501 the name of the variable is guaranteed to be fresh.
+ @modify Frama-C+dev add ghost optional argument
*)
val makeLocalVar:
fundec -> ?scope:block -> ?temp:bool -> ?referenced:bool -> ?insert:bool ->
- ?loc:Location.t -> string -> typ -> varinfo
+ ?ghost:bool -> ?loc:Location.t -> string -> typ -> varinfo
(** if needed, rename the given varinfo so that its [vname] does not
clash with the one of a local or formal variable of the given function.
@@ -718,14 +719,19 @@ val refresh_local_name: fundec -> varinfo -> unit
If [insert] is true (the default), the variable will be inserted
among other locals of the function. The value for [insert] should
only be changed if you are completely sure this is not useful.
+
+ @modify Frama-C+dev add ghost optional argument
*)
-val makeTempVar: fundec -> ?insert:bool -> ?name:string -> ?descr:string ->
- ?descrpure:bool -> ?loc:Location.t -> typ -> varinfo
+val makeTempVar: fundec -> ?insert:bool -> ?ghost:bool -> ?name:string ->
+ ?descr:string -> ?descrpure:bool -> ?loc:Location.t -> typ -> varinfo
(** Make a global variable. Your responsibility to make sure that the name
- is unique. [source] defaults to [true]. [temp] defaults to [false].*)
-val makeGlobalVar: ?source:bool -> ?temp:bool -> ?referenced:bool -> ?loc:Location.t -> string ->
- typ -> varinfo
+ is unique. [source] defaults to [true]. [temp] defaults to [false].
+
+ @modify Frama-C+dev add ghost optional arg
+*)
+val makeGlobalVar: ?source:bool -> ?temp:bool -> ?referenced:bool ->
+ ?ghost:bool -> ?loc:Cil_datatype.Location.t -> string -> typ -> varinfo
(** Make a shallow copy of a [varinfo] and assign a new identifier.
If the original varinfo has an associated logic var, it is copied too and
diff --git a/src/plugins/aorai/aorai_utils.ml b/src/plugins/aorai/aorai_utils.ml
index 1480c68e82977d189855c1f94b3d42061162df72..89ca04df020047bdd206c208d7e6693006ab8e2c 100644
--- a/src/plugins/aorai/aorai_utils.ml
+++ b/src/plugins/aorai/aorai_utils.ml
@@ -32,44 +32,44 @@ open Cil_datatype
open Promelaast
open Bool3
-let func_body_dkey = Aorai_option.register_category "func-body"
+let func_body_dkey = Aorai_option.register_category "func-body"
let action_dkey = Aorai_option.register_category "action"
let rename_pred v1 v2 p =
let r =
- object
- inherit Visitor.frama_c_copy (Project.current())
- method! vlogic_var_use v =
- if Cil_datatype.Logic_var.equal v v1 then Cil.ChangeTo v2
- else Cil.JustCopy
- end
+ object
+ inherit Visitor.frama_c_copy (Project.current())
+ method! vlogic_var_use v =
+ if Cil_datatype.Logic_var.equal v v1 then Cil.ChangeTo v2
+ else Cil.JustCopy
+ end
in
Visitor.visitFramacPredicate r p
(** Given a transition a function name and a function status (call or
return) it returns if the cross condition can be satisfied with
only function status.
- *)
+*)
let isCrossable tr func st =
let rec isCross p =
match p with
- | TOr (c1, c2) -> bool3or (isCross c1) (isCross c2)
- | TAnd (c1, c2) -> bool3and (isCross c1) (isCross c2)
- | TNot c1 -> bool3not (isCross c1)
- | TCall (kf,None) when Kernel_function.equal func kf && st=Call -> True
- | TCall (kf, Some _) when Kernel_function.equal func kf && st=Call ->
- Undefined
- | TCall _ -> False
- | TReturn kf when Kernel_function.equal func kf && st=Return -> True
- | TReturn _ -> False
- | TTrue -> True
- | TFalse -> False
- | TRel _ -> Undefined
+ | TOr (c1, c2) -> bool3or (isCross c1) (isCross c2)
+ | TAnd (c1, c2) -> bool3and (isCross c1) (isCross c2)
+ | TNot c1 -> bool3not (isCross c1)
+ | TCall (kf,None) when Kernel_function.equal func kf && st=Call -> True
+ | TCall (kf, Some _) when Kernel_function.equal func kf && st=Call ->
+ Undefined
+ | TCall _ -> False
+ | TReturn kf when Kernel_function.equal func kf && st=Return -> True
+ | TReturn _ -> False
+ | TTrue -> True
+ | TFalse -> False
+ | TRel _ -> Undefined
in
let cond,_ = tr.cross in
let res = isCross cond <> False in
Aorai_option.debug ~level:2 "Function %a %s-state, \
- transition %s -> %s is%s possible" Kernel_function.pretty func
+ transition %s -> %s is%s possible" Kernel_function.pretty func
(if st=Call then "pre" else "post")
tr.start.Promelaast.name
tr.stop.Promelaast.name
@@ -77,7 +77,7 @@ let isCrossable tr func st =
res
(** Returns the lval associated to the curState generated variable *)
-let state_lval () =
+let state_lval () =
Cil.var (get_varinfo curState)
(* ************************************************************************* *)
@@ -87,23 +87,23 @@ let find_enum, set_enum =
State_builder.Int_hashtbl
(Cil_datatype.Enumitem)
(struct
- let name = "ltl_states_enum"
- let size = 17
- let dependencies = (* TODO: projectify the automata
- and depend on it.
- *)
- [ Ast.self;
- Aorai_option.Ltl_File.self;
- Aorai_option.Buchi.self;
- Aorai_option.Ya.self
- ]
- end)
+ let name = "ltl_states_enum"
+ let size = 17
+ let dependencies = (* TODO: projectify the automata
+ and depend on it.
+ *)
+ [ Ast.self;
+ Aorai_option.Ltl_File.self;
+ Aorai_option.Buchi.self;
+ Aorai_option.Ya.self
+ ]
+ end)
in
(fun n ->
- try H.find n
- with Not_found ->
- Aorai_option.fatal
- "Could not find the enum item corresponding to a state"),
+ try H.find n
+ with Not_found ->
+ Aorai_option.fatal
+ "Could not find the enum item corresponding to a state"),
(List.iter (fun (n,item) -> H.add n item))
(* ************************************************************************* *)
@@ -122,148 +122,148 @@ let isCrossableAtInit tr func =
in
let bool3_res dft test =
match test with
- | True -> bool_res true
- | False -> bool_res false
- | Undefined -> dft
+ | True -> bool_res true
+ | False -> bool_res false
+ | Undefined -> dft
in
let is_true t =
match t with
- | TConst(Integer(i,_)) ->
- Bool3.bool3_of_bool (not (Integer.is_zero i))
- | TConst(LChr c) -> Bool3.bool3_of_bool (not (Char.code c <> 0))
- | TConst(LReal r) -> Bool3.bool3_of_bool (not (r.r_nearest <> 0.))
- | TConst(LStr _ | LWStr _) -> Bool3.True
- | _ -> Bool3.Undefined
+ | TConst(Integer(i,_)) ->
+ Bool3.bool3_of_bool (not (Integer.is_zero i))
+ | TConst(LChr c) -> Bool3.bool3_of_bool (not (Char.code c <> 0))
+ | TConst(LReal r) -> Bool3.bool3_of_bool (not (r.r_nearest <> 0.))
+ | TConst(LStr _ | LWStr _) -> Bool3.True
+ | _ -> Bool3.Undefined
in
let rec aux t =
match t.term_node with
- | TConst (LEnum ei) ->
- aux (Logic_utils.expr_to_term ~cast:false ei.eival)
- | TLval lv ->
- (match aux_lv lv with
- | Some t -> t
- | None -> t)
- | TUnOp(op,t1) ->
- let t1 = aux t1 in
- (match op,t1.term_node with
- | Neg, TConst(Integer(i,_)) ->
- { t with term_node = TConst(Integer(Integer.neg i,None)) }
- | Neg, TConst(LReal r) ->
- let f = ~-. (r.r_nearest) in
- let r = {
- r_literal = string_of_float f ;
- r_nearest = f ;
- r_upper = ~-. (r.r_lower) ;
- r_lower = ~-. (r.r_upper) ;
- } in
- { t with term_node = TConst(LReal r) }
- | LNot, t1 -> bool3_res t (is_true t1)
- | _ -> t)
- | TBinOp(op,t1,t2) ->
- let t1 = aux t1 in
- let t2 = aux t2 in
- let rec comparison comp t1 t2 =
- match t1.term_node,t2.term_node with
- | TConst (Integer(i1,_)), TConst (Integer(i2,_)) ->
- bool_res (comp (Integer.compare i1 i2))
- | TConst (LChr c1), TConst (LChr c2) ->
- bool_res (comp (Char.compare c1 c2))
- | TConst(LReal r1), TConst (LReal r2) ->
- bool_res (comp (compare r1.r_nearest r2.r_nearest))
- | TCastE(ty1,t1), TCastE(ty2,t2)
- when Cil_datatype.Typ.equal ty1 ty2 ->
- comparison comp t1 t2
- | _ -> t
- in
- (match op, t1.term_node, t2.term_node with
-
- | PlusA, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
- { t with term_node =
- TConst(Integer(Integer.add i1 i2,None))}
- | MinusA, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
- { t with term_node =
- TConst(Integer(Integer.sub i1 i2,None)) }
- | Mult, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
- { t with term_node =
- TConst(Integer(Integer.mul i1 i2,None)) }
- | Div, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
- (try
- { t with term_node =
- TConst(Integer(Integer.c_div i1 i2,None)) }
- with Division_by_zero -> t)
- | Mod, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
- (try
- { t with term_node =
- TConst(Integer(Integer.c_rem i1 i2,None)) }
- with Division_by_zero -> t)
- | Shiftlt, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ | TConst (LEnum ei) ->
+ aux (Logic_utils.expr_to_term ~cast:false ei.eival)
+ | TLval lv ->
+ (match aux_lv lv with
+ | Some t -> t
+ | None -> t)
+ | TUnOp(op,t1) ->
+ let t1 = aux t1 in
+ (match op,t1.term_node with
+ | Neg, TConst(Integer(i,_)) ->
+ { t with term_node = TConst(Integer(Integer.neg i,None)) }
+ | Neg, TConst(LReal r) ->
+ let f = ~-. (r.r_nearest) in
+ let r = {
+ r_literal = string_of_float f ;
+ r_nearest = f ;
+ r_upper = ~-. (r.r_lower) ;
+ r_lower = ~-. (r.r_upper) ;
+ } in
+ { t with term_node = TConst(LReal r) }
+ | LNot, t1 -> bool3_res t (is_true t1)
+ | _ -> t)
+ | TBinOp(op,t1,t2) ->
+ let t1 = aux t1 in
+ let t2 = aux t2 in
+ let rec comparison comp t1 t2 =
+ match t1.term_node,t2.term_node with
+ | TConst (Integer(i1,_)), TConst (Integer(i2,_)) ->
+ bool_res (comp (Integer.compare i1 i2))
+ | TConst (LChr c1), TConst (LChr c2) ->
+ bool_res (comp (Char.compare c1 c2))
+ | TConst(LReal r1), TConst (LReal r2) ->
+ bool_res (comp (compare r1.r_nearest r2.r_nearest))
+ | TCastE(ty1,t1), TCastE(ty2,t2)
+ when Cil_datatype.Typ.equal ty1 ty2 ->
+ comparison comp t1 t2
+ | _ -> t
+ in
+ (match op, t1.term_node, t2.term_node with
+
+ | PlusA, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ { t with term_node =
+ TConst(Integer(Integer.add i1 i2,None))}
+ | MinusA, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ { t with term_node =
+ TConst(Integer(Integer.sub i1 i2,None)) }
+ | Mult, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ { t with term_node =
+ TConst(Integer(Integer.mul i1 i2,None)) }
+ | Div, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ (try
{ t with term_node =
- TConst(Integer(Integer.shift_left i1 i2,None)) }
- | Shiftrt, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ TConst(Integer(Integer.c_div i1 i2,None)) }
+ with Division_by_zero -> t)
+ | Mod, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ (try
{ t with term_node =
- TConst(Integer(Integer.shift_right i1 i2,None)) }
- | Lt, _, _ -> comparison ((<) 0) t1 t2
- | Gt, _, _ -> comparison ((>) 0) t1 t2
- | Le, _, _ -> comparison ((<=) 0) t1 t2
- | Ge, _, _ -> comparison ((>=) 0) t1 t2
- | Eq, _, _ -> comparison ((=) 0) t1 t2
- | Ne, _, _ -> comparison ((<>) 0) t1 t2
- | LAnd, t1, t2 ->
- bool3_res t (Bool3.bool3and (is_true t1) (is_true t2))
- | LOr, t1, t2 ->
- bool3_res t (Bool3.bool3or (is_true t1) (is_true t2))
- | _ -> t)
- | TCastE(ty,t1) ->
- let t1 = aux t1 in
- (match t1.term_type with
- Ctype ty1 when Cil_datatype.Typ.equal ty ty1 -> t1
- | _ -> { t with term_node = TCastE(ty,t1) })
- | _ -> t
+ TConst(Integer(Integer.c_rem i1 i2,None)) }
+ with Division_by_zero -> t)
+ | Shiftlt, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ { t with term_node =
+ TConst(Integer(Integer.shift_left i1 i2,None)) }
+ | Shiftrt, TConst(Integer(i1,_)), TConst(Integer(i2,_)) ->
+ { t with term_node =
+ TConst(Integer(Integer.shift_right i1 i2,None)) }
+ | Lt, _, _ -> comparison ((<) 0) t1 t2
+ | Gt, _, _ -> comparison ((>) 0) t1 t2
+ | Le, _, _ -> comparison ((<=) 0) t1 t2
+ | Ge, _, _ -> comparison ((>=) 0) t1 t2
+ | Eq, _, _ -> comparison ((=) 0) t1 t2
+ | Ne, _, _ -> comparison ((<>) 0) t1 t2
+ | LAnd, t1, t2 ->
+ bool3_res t (Bool3.bool3and (is_true t1) (is_true t2))
+ | LOr, t1, t2 ->
+ bool3_res t (Bool3.bool3or (is_true t1) (is_true t2))
+ | _ -> t)
+ | TCastE(ty,t1) ->
+ let t1 = aux t1 in
+ (match t1.term_type with
+ Ctype ty1 when Cil_datatype.Typ.equal ty ty1 -> t1
+ | _ -> { t with term_node = TCastE(ty,t1) })
+ | _ -> t
and aux_lv (base,off) =
match base with
- | TVar v ->
- (try
- Extlib.opt_bind
- (fun v ->
- let init = Globals.Vars.find v in
- let init = match init.Cil_types.init with
- None -> Cil.makeZeroInit ~loc:v.vdecl v.vtype
- | Some i -> i
- in
- aux_init off init)
- v.lv_origin
- with Not_found -> None)
- | TMem t ->
- (match (aux t).term_node with
- | TAddrOf lv -> aux_lv (Logic_const.addTermOffsetLval off lv)
- | _ -> None)
- | TResult _ -> None
+ | TVar v ->
+ (try
+ Extlib.opt_bind
+ (fun v ->
+ let init = Globals.Vars.find v in
+ let init = match init.Cil_types.init with
+ None -> Cil.makeZeroInit ~loc:v.vdecl v.vtype
+ | Some i -> i
+ in
+ aux_init off init)
+ v.lv_origin
+ with Not_found -> None)
+ | TMem t ->
+ (match (aux t).term_node with
+ | TAddrOf lv -> aux_lv (Logic_const.addTermOffsetLval off lv)
+ | _ -> None)
+ | TResult _ -> None
and aux_init off initinfo =
match off, initinfo with
- | TNoOffset, SingleInit e ->
- Some (aux (Logic_utils.expr_to_term ~cast:false e))
- | TIndex(t,oth), CompoundInit (ct,initl) ->
- (match (aux t).term_node with
- | TConst(Integer(i1,_)) ->
- Cil.foldLeftCompound ~implicit:true
- ~doinit:
- (fun o i _ t ->
+ | TNoOffset, SingleInit e ->
+ Some (aux (Logic_utils.expr_to_term ~cast:false e))
+ | TIndex(t,oth), CompoundInit (ct,initl) ->
+ (match (aux t).term_node with
+ | TConst(Integer(i1,_)) ->
+ Cil.foldLeftCompound ~implicit:true
+ ~doinit:
+ (fun o i _ t ->
match o with
- | Index({ enode = Const(CInt64(i2,_,_))},_)
- when Integer.equal i1 i2 -> aux_init oth i
- | _ -> t)
- ~ct ~initl ~acc:None
- | _ -> None)
- | TField(f1,oth), CompoundInit(ct,initl) ->
- Cil.foldLeftCompound ~implicit:true
- ~doinit:
+ | Index({ enode = Const(CInt64(i2,_,_))},_)
+ when Integer.equal i1 i2 -> aux_init oth i
+ | _ -> t)
+ ~ct ~initl ~acc:None
+ | _ -> None)
+ | TField(f1,oth), CompoundInit(ct,initl) ->
+ Cil.foldLeftCompound ~implicit:true
+ ~doinit:
(fun o i _ t ->
- match o with
- | Field(f2,_) when Cil_datatype.Fieldinfo.equal f1 f2 ->
- aux_init oth i
- | _ -> t)
- ~ct ~initl ~acc:None
- | _ -> None
+ match o with
+ | Field(f2,_) when Cil_datatype.Fieldinfo.equal f1 f2 ->
+ aux_init oth i
+ | _ -> t)
+ ~ct ~initl ~acc:None
+ | _ -> None
in
aux t
end
@@ -282,15 +282,15 @@ let isCrossableAtInit tr func =
in
let rec comparison t1 t2 =
match t1.term_node,t2.term_node with
- | TConst (Integer(i1,_)), TConst (Integer(i2,_)) ->
- Bool3.bool3_of_bool (comp (Integer.compare i1 i2))
- | TConst (LChr c1), TConst (LChr c2) ->
- Bool3.bool3_of_bool (comp (Char.compare c1 c2))
- | TConst(LReal r1), TConst (LReal r2) ->
- Bool3.bool3_of_bool (comp (compare r1.r_nearest r2.r_nearest))
- | TCastE(ty1,t1), TCastE(ty2,t2) when Cil_datatype.Typ.equal ty1 ty2 ->
- comparison t1 t2
- | _ -> Bool3.Undefined
+ | TConst (Integer(i1,_)), TConst (Integer(i2,_)) ->
+ Bool3.bool3_of_bool (comp (Integer.compare i1 i2))
+ | TConst (LChr c1), TConst (LChr c2) ->
+ Bool3.bool3_of_bool (comp (Char.compare c1 c2))
+ | TConst(LReal r1), TConst (LReal r2) ->
+ Bool3.bool3_of_bool (comp (compare r1.r_nearest r2.r_nearest))
+ | TCastE(ty1,t1), TCastE(ty2,t2) when Cil_datatype.Typ.equal ty1 ty2 ->
+ comparison t1 t2
+ | _ -> Bool3.Undefined
in
comparison t1 t2
in
@@ -309,8 +309,8 @@ let isCrossableAtInit tr func =
in
let (cond,_) = tr.cross in
match isCross cond with
- | Bool3.True | Bool3.Undefined -> true
- | Bool3.False -> false
+ | Bool3.True | Bool3.Undefined -> true
+ | Bool3.False -> false
(* ************************************************************************* *)
(** {b Expressions management} *)
@@ -323,7 +323,7 @@ let mk_int_exp value =
(** This function rewrites a cross condition into an ACSL expression.
Moreover, by giving current operation name and its status (call or
return) the generation simplifies the generated expression.
- *)
+*)
let crosscond_to_pred cross curr_f curr_status =
let check_current_event f status pred =
if Kernel_function.equal curr_f f && curr_status = status then pred
@@ -334,41 +334,41 @@ let crosscond_to_pred cross curr_f curr_status =
(* Lazy evaluation of logic operators if the result can be statically
computed *)
| TOr (c1, c2) -> (*BinOp(LOr,convert c1,convert c2,Cil.intType)*)
- begin
- let (c1_val,c1_pred) = convert c1 in
- match c1_val with
- | Bool3.True -> (c1_val,c1_pred)
- | Bool3.False -> convert c2
- | Undefined ->
- let (c2_val,c2_pred) = convert c2 in
- match c2_val with
- | Bool3.True -> (c2_val,c2_pred)
- | Bool3.False -> (c1_val,c1_pred)
- | Undefined -> (Undefined,Logic_const.por(c1_pred, c2_pred))
- end
+ begin
+ let (c1_val,c1_pred) = convert c1 in
+ match c1_val with
+ | Bool3.True -> (c1_val,c1_pred)
+ | Bool3.False -> convert c2
+ | Undefined ->
+ let (c2_val,c2_pred) = convert c2 in
+ match c2_val with
+ | Bool3.True -> (c2_val,c2_pred)
+ | Bool3.False -> (c1_val,c1_pred)
+ | Undefined -> (Undefined,Logic_const.por(c1_pred, c2_pred))
+ end
| TAnd (c1, c2) -> (*BinOp(LAnd,convert c1,convert c2,Cil.intType)*)
- begin
- let (c1_val,c1_pred) = convert c1 in
- match c1_val with
- | Bool3.True -> convert c2
- | Bool3.False -> (c1_val,c1_pred)
- | Undefined ->
- let (c2_val,c2_pred) = convert c2 in
- match c2_val with
- | Bool3.True -> (c1_val,c1_pred)
- | Bool3.False -> (c2_val,c2_pred)
- | Undefined -> (Undefined,Logic_const.pand(c1_pred, c2_pred))
- end
+ begin
+ let (c1_val,c1_pred) = convert c1 in
+ match c1_val with
+ | Bool3.True -> convert c2
+ | Bool3.False -> (c1_val,c1_pred)
+ | Undefined ->
+ let (c2_val,c2_pred) = convert c2 in
+ match c2_val with
+ | Bool3.True -> (c1_val,c1_pred)
+ | Bool3.False -> (c2_val,c2_pred)
+ | Undefined -> (Undefined,Logic_const.pand(c1_pred, c2_pred))
+ end
| TNot (c1) -> (*UnOp(LNot,convert c1,Cil.intType)*)
- begin
- let (c1_val,c1_pred) = convert c1 in
- match c1_val with
- | Bool3.True -> (Bool3.False,pfalse)
- | Bool3.False -> (Bool3.True,ptrue)
- | Undefined -> (c1_val,Logic_const.pnot(c1_pred))
- end
+ begin
+ let (c1_val,c1_pred) = convert c1 in
+ match c1_val with
+ | Bool3.True -> (Bool3.False,pfalse)
+ | Bool3.False -> (Bool3.True,ptrue)
+ | Undefined -> (c1_val,Logic_const.pnot(c1_pred))
+ end
| TCall (f,b) ->
let pred = match b with
@@ -390,41 +390,41 @@ let crosscond_to_pred cross curr_f curr_status =
in
snd (convert cross)
-(* Translate a term into the correct expression at the location in argument.
+(* Translate a term into the correct expression at the location in argument.
Be careful if you wish to re-use this function elsewhere, some cases are
not treated generically.
Used in crosscond_to_exp. *)
- let rec term_to_exp t res =
- let loc = t.term_loc in
- match t.term_node with
- | TConst (Integer (value,repr)) -> Cil.kinteger64 ~loc ?repr value
- | TConst (LStr str) -> new_exp loc (Const (CStr str))
- | TConst (LWStr l) -> new_exp loc (Const (CWStr l))
- | TConst (LChr c) -> new_exp loc (Const (CChr c))
- | TConst (LReal l_real) ->
- (* r_nearest is by definition in double precision. *)
- new_exp loc (Const (CReal (l_real.r_nearest, FDouble, None)))
- | TConst (LEnum e) -> new_exp loc (Const (CEnum e))
- | TLval tlval -> new_exp loc (Lval (tlval_to_lval tlval res))
- | TSizeOf ty -> new_exp loc (SizeOf ty)
- | TSizeOfE t -> new_exp loc (SizeOfE(term_to_exp t res))
- | TSizeOfStr s -> new_exp loc (SizeOfStr s)
- | TAlignOf ty -> new_exp loc (AlignOf ty)
- | TAlignOfE t -> new_exp loc (AlignOfE (term_to_exp t res))
- | TUnOp (unop, t) ->
- new_exp loc (UnOp (unop, term_to_exp t res, Cil.intType))
- | TBinOp (binop, t1, t2)->
- new_exp loc
- (BinOp(binop, term_to_exp t1 res, term_to_exp t2 res, Cil.intType))
- | TCastE (ty, t) -> new_exp loc (CastE (ty, term_to_exp t res))
- | TAddrOf tlval -> new_exp loc (AddrOf (tlval_to_lval tlval res))
- | TStartOf tlval -> new_exp loc (StartOf (tlval_to_lval tlval res))
- | TLogic_coerce (_,t) -> term_to_exp t res
- | _ ->
- Aorai_option.fatal
- "Term %a cannot be transformed into exp."
- Printer.pp_term t
+let rec term_to_exp t res =
+ let loc = t.term_loc in
+ match t.term_node with
+ | TConst (Integer (value,repr)) -> Cil.kinteger64 ~loc ?repr value
+ | TConst (LStr str) -> new_exp loc (Const (CStr str))
+ | TConst (LWStr l) -> new_exp loc (Const (CWStr l))
+ | TConst (LChr c) -> new_exp loc (Const (CChr c))
+ | TConst (LReal l_real) ->
+ (* r_nearest is by definition in double precision. *)
+ new_exp loc (Const (CReal (l_real.r_nearest, FDouble, None)))
+ | TConst (LEnum e) -> new_exp loc (Const (CEnum e))
+ | TLval tlval -> new_exp loc (Lval (tlval_to_lval tlval res))
+ | TSizeOf ty -> new_exp loc (SizeOf ty)
+ | TSizeOfE t -> new_exp loc (SizeOfE(term_to_exp t res))
+ | TSizeOfStr s -> new_exp loc (SizeOfStr s)
+ | TAlignOf ty -> new_exp loc (AlignOf ty)
+ | TAlignOfE t -> new_exp loc (AlignOfE (term_to_exp t res))
+ | TUnOp (unop, t) ->
+ new_exp loc (UnOp (unop, term_to_exp t res, Cil.intType))
+ | TBinOp (binop, t1, t2)->
+ new_exp loc
+ (BinOp(binop, term_to_exp t1 res, term_to_exp t2 res, Cil.intType))
+ | TCastE (ty, t) -> new_exp loc (CastE (ty, term_to_exp t res))
+ | TAddrOf tlval -> new_exp loc (AddrOf (tlval_to_lval tlval res))
+ | TStartOf tlval -> new_exp loc (StartOf (tlval_to_lval tlval res))
+ | TLogic_coerce (_,t) -> term_to_exp t res
+ | _ ->
+ Aorai_option.fatal
+ "Term %a cannot be transformed into exp."
+ Printer.pp_term t
and tlval_to_lval (tlhost, toffset) res =
let rec t_to_loffset t_offset = match t_offset with
@@ -433,36 +433,36 @@ and tlval_to_lval (tlhost, toffset) res =
| TIndex (t, t_off) -> Index (term_to_exp t res, t_to_loffset t_off)
| TModel _ -> Aorai_option.fatal "TModel cannot be treated as exp."
in
- match tlhost with
- | TVar l_var ->
- let v_info =
+ match tlhost with
+ | TVar l_var ->
+ let v_info =
begin
match l_var.lv_origin with
- | Some vinfo -> vinfo
- | None -> Aorai_option.fatal "TVar not coming from a C Variable"
+ | Some vinfo -> vinfo
+ | None -> Aorai_option.fatal "TVar not coming from a C Variable"
end
in
(Var v_info, t_to_loffset toffset)
|TMem t -> mkMem (term_to_exp t res) (t_to_loffset toffset)
|TResult _ ->
(match res with
- | Some res -> Var res, t_to_loffset toffset
- (* This should not happen, as we always pass a real variable when
- generating body for a post-function when the original function
- has a non-void result. pre-functions and functions that return void
- should not see \result. *)
- | None -> Aorai_option.fatal "Unexpected \\result")
-
-(* Translate the cross condition of an automaton edge to an expression.
+ | Some res -> Var res, t_to_loffset toffset
+ (* This should not happen, as we always pass a real variable when
+ generating body for a post-function when the original function
+ has a non-void result. pre-functions and functions that return void
+ should not see \result. *)
+ | None -> Aorai_option.fatal "Unexpected \\result")
+
+(* Translate the cross condition of an automaton edge to an expression.
Used in mk_stmt. *)
-let crosscond_to_exp curr_f curr_status loc (cond,_) res =
+let crosscond_to_exp curr_f curr_status loc (cond,_) res =
let check_current_event f status =
if Kernel_function.equal curr_f f && curr_status = status then
Cil.one loc
else Cil.zero loc
in
- let rel_convert = function
+ let rel_convert = function
| Rlt -> Lt
| Rgt -> Gt
| Rle -> Le
@@ -489,11 +489,11 @@ let crosscond_to_exp curr_f curr_status loc (cond,_) res =
(match Cil.isInteger e1 with
| None -> Cil.new_exp loc (UnOp(LNot, e1,Cil.intType))
| Some i when Integer.is_zero i -> Cil.one loc
- | Some _ -> Cil.zero loc)
+ | Some _ -> Cil.zero loc)
| TCall (f,_) -> check_current_event f Promelaast.Call
| TReturn f -> check_current_event f Promelaast.Return
| TTrue -> (Cil.one loc)
- | TFalse -> (Cil.zero loc)
+ | TFalse -> (Cil.zero loc)
| TRel(rel,t1,t2) ->
Cil.mkBinOp
loc (rel_convert rel) (term_to_exp t1 res) (term_to_exp t2 res)
@@ -515,25 +515,25 @@ let initFile f =
Globals.Vars.iter (fun vi _ -> set_varinfo vi.vname vi);
Globals.Functions.iter
(fun kf ->
- let fname = Kernel_function.get_name kf in
- List.iter
- (fun vi -> set_paraminfo fname vi.vname vi)
- (Kernel_function.get_formals kf);
- if not (Data_for_aorai.isIgnoredFunction fname) then
- begin
- try
- let ret = Kernel_function.find_return kf in
- match ret.skind with
- | Cil_types.Return (Some e,_) ->
- (match e.enode with
- | Lval (Var vi,NoOffset) ->
- set_returninfo fname vi (* Add the vi of return stmt *)
- | _ -> () (* function without returned value *))
- | _ -> () (* function without returned value *)
- with Kernel_function.No_Statement ->
- Aorai_option.fatal
- "Don't know what to do with a function declaration"
- end)
+ let fname = Kernel_function.get_name kf in
+ List.iter
+ (fun vi -> set_paraminfo fname vi.vname vi)
+ (Kernel_function.get_formals kf);
+ if not (Data_for_aorai.isIgnoredFunction fname) then
+ begin
+ try
+ let ret = Kernel_function.find_return kf in
+ match ret.skind with
+ | Cil_types.Return (Some e,_) ->
+ (match e.enode with
+ | Lval (Var vi,NoOffset) ->
+ set_returninfo fname vi (* Add the vi of return stmt *)
+ | _ -> () (* function without returned value *))
+ | _ -> () (* function without returned value *)
+ with Kernel_function.No_Statement ->
+ Aorai_option.fatal
+ "Don't know what to do with a function declaration"
+ end)
(** List of globals awaiting for adding into C file globals *)
let globals_queue = ref []
@@ -543,17 +543,17 @@ let flush_globals () =
let before, after =
List.fold_left
(fun (b,a) elem ->
- match elem with
- | GFun(f,loc) as func ->
- (* [VP] if address of function is taken, it might be
- used in a global initializer: keep a declaration at this point
- to ensure ending up with a compilable C file in the end... *)
- let b =
- if f.svar.vaddrof then GFunDecl(Cil.empty_funspec(),f.svar,loc) :: b
- else b
- in
- b, func :: a
- | other -> other :: b, a)
+ match elem with
+ | GFun(f,loc) as func ->
+ (* [VP] if address of function is taken, it might be
+ used in a global initializer: keep a declaration at this point
+ to ensure ending up with a compilable C file in the end... *)
+ let b =
+ if f.svar.vaddrof then GFunDecl(Cil.empty_funspec(),f.svar,loc) :: b
+ else b
+ in
+ b, func :: a
+ | other -> other :: b, a)
([], [])
!file.globals
in
@@ -566,10 +566,10 @@ let mk_global glob = globals_queue := glob :: !globals_queue
(* Utilities for global variables *)
let mk_global_c_initialized_vars name ty ini=
let vi = (Cil.makeGlobalVar name ty) in
- vi.vghost<-true;
- mk_global (GVar(vi,ini,vi.vdecl));
- Globals.Vars.add vi ini;
- set_varinfo name vi
+ vi.vghost<-true;
+ mk_global (GVar(vi,ini,vi.vdecl));
+ Globals.Vars.add vi ini;
+ set_varinfo name vi
let mk_global_var_init vi ini =
vi.vghost<-true;
@@ -596,11 +596,11 @@ let mk_int_const value =
new_exp
~loc:(CurrentLoc.get())
(Const(
- CInt64(
- Integer.of_int (value),
- IInt,
- Some(string_of_int(value))
- )))
+ CInt64(
+ Integer.of_int (value),
+ IInt,
+ Some(string_of_int(value))
+ )))
(* Utilities for global enumerations *)
let mk_global_c_enum_type_tagged name elements_l =
@@ -615,11 +615,11 @@ let mk_global_c_enum_type_tagged name elements_l =
let l =
List.map
(fun (e,i) ->
- { eiorig_name = e;
- einame = e;
- eival = mk_int_const i;
- eiloc = Location.unknown;
- eihost = einfo})
+ { eiorig_name = e;
+ einame = e;
+ eival = mk_int_const i;
+ eiloc = Location.unknown;
+ eihost = einfo})
elements_l
in
einfo.eitems <- l;
@@ -709,23 +709,24 @@ let is_state_pred state =
if Aorai_option.Deterministic.get () then
Logic_const.prel (Req,state_term(),int2enumstate state.nums)
else
- Logic_const.prel
- (Req,one_term(),
+ Logic_const.prel
+ (Req,one_term(),
Logic_const.tvar (Data_for_aorai.get_state_logic_var state))
-let is_state_stmt (state,copy) loc =
- if Aorai_option.Deterministic.get ()
- then
- mkStmtOneInstr (Set (Cil.var copy, int2enumstate_exp loc state.nums, loc))
- else mkStmtOneInstr (Set (Cil.var copy, Cil.one loc, loc))
+let is_state_stmt (state,copy) loc =
+ if Aorai_option.Deterministic.get ()
+ then
+ mkStmtOneInstr
+ ~ghost:true (Set (Cil.var copy, int2enumstate_exp loc state.nums, loc))
+ else mkStmtOneInstr ~ghost:true (Set (Cil.var copy, Cil.one loc, loc))
let is_state_exp state loc =
- if Aorai_option.Deterministic.get ()
+ if Aorai_option.Deterministic.get ()
then
Cil.mkBinOp
loc Eq
(int2enumstate_exp loc state.nums)
- (Cil.evar ~loc (Data_for_aorai.get_varinfo curState))
+ (Cil.evar ~loc (Data_for_aorai.get_varinfo curState))
else
Cil.mkBinOp
loc Eq (Cil.evar (Data_for_aorai.get_state_var state)) (Cil.one loc)
@@ -734,24 +735,24 @@ let is_out_of_state_pred state =
if Aorai_option.Deterministic.get () then
Logic_const.prel (Rneq,state_term(),int2enumstate state.nums)
else
- Logic_const.prel
- (Req,zero_term(),
+ Logic_const.prel
+ (Req,zero_term(),
Logic_const.tvar (Data_for_aorai.get_state_logic_var state))
(* In the deterministic case, we only assign the unique state variable
to a specific enumerated constant. Non-deterministic automata on the other
hand, need to have the corresponding state variable explicitly set to 0. *)
-let is_out_of_state_stmt (_,copy) loc =
+let is_out_of_state_stmt (_,copy) loc =
if Aorai_option.Deterministic.get ()
then
Aorai_option.fatal
"Deterministic automaton sync functions can't have out-of-state stmt. \
Maybe this should use `is_out_of_state_exp' instead."
- else mkStmtOneInstr (Set(Cil.var copy , mk_int_exp 0 , loc ))
+ else mkStmtOneInstr ~ghost:true (Set(Cil.var copy , mk_int_exp 0 , loc ))
+
+let is_out_of_state_exp state loc =
-let is_out_of_state_exp state loc =
-
- if Aorai_option.Deterministic.get ()
+ if Aorai_option.Deterministic.get ()
then
Cil.mkBinOp
loc Ne
@@ -780,42 +781,44 @@ let mk_global_states_init root =
in
List.iter
(fun state ->
- let init =
- if is_possible_init state then mk_int_exp 1 else mk_int_exp 0
- in
- let init = SingleInit init in
- let var = Data_for_aorai.get_state_var state in
- mk_global_var_init var { Cil_types.init = Some init})
+ let init =
+ if is_possible_init state then mk_int_exp 1 else mk_int_exp 0
+ in
+ let init = SingleInit init in
+ let var = Data_for_aorai.get_state_var state in
+ mk_global_var_init var { Cil_types.init = Some init})
states
let func_to_init name =
{Cil_types.init=
- Some(SingleInit(
- new_exp ~loc:(CurrentLoc.get()) (Const(func_to_cenum (name)))))}
+ Some(SingleInit(
+ new_exp ~loc:(CurrentLoc.get()) (Const(func_to_cenum (name)))))}
let funcStatus_to_init st =
{Cil_types.init=Some(SingleInit(new_exp ~loc:(CurrentLoc.get())
(Const(op_status_to_cenum (st)))))}
class visit_decl_loops_init () =
-object(self)
- inherit Visitor.frama_c_inplace
+ object(self)
+ inherit Visitor.frama_c_inplace
- method! vstmt_aux stmt =
- begin
- match stmt.skind with
+ method! vstmt_aux stmt =
+ begin
+ match stmt.skind with
| Loop _ ->
let scope = Kernel_function.find_enclosing_block stmt in
let f = Extlib.the self#current_func in
let name = Data_for_aorai.loopInit ^ "_" ^ (string_of_int stmt.sid) in
- let var =
- Cil.makeLocalVar f ~scope name Cil.intType
+ let typ =
+ Cil.typeAddAttributes
+ [Attr (Cil.frama_c_ghost_formal,[])] Cil.intType
in
+ let var = Cil.makeLocalVar ~ghost:true f ~scope name typ in
Data_for_aorai.set_varinfo name var
| _ -> ()
- end;
- Cil.DoChildren
-end
+ end;
+ Cil.DoChildren
+ end
let mk_decl_loops_init () =
let visitor = new visit_decl_loops_init () in
@@ -829,59 +832,59 @@ let change_vars subst subst_res kf label pred =
method! vterm t =
match t.term_node with
- TLval (TVar { lv_origin = Some v},_) when v.vglob -> add_label t
- | TLval (TMem _,_) -> add_label t
- | _ -> DoChildren
+ TLval (TVar { lv_origin = Some v},_) when v.vglob -> add_label t
+ | TLval (TMem _,_) -> add_label t
+ | _ -> DoChildren
method! vterm_lhost = function
| TResult ty ->
(match kf with
- None -> Aorai_option.fatal
- "found \\result without being at a Return event"
- | Some kf ->
- (try
- ChangeTo (TVar (Kernel_function.Hashtbl.find subst_res kf))
- with Not_found ->
- let new_lv =
- Cil_const.make_logic_var_quant
- ("__retres_" ^ (Kernel_function.get_name kf)) (Ctype ty)
- in
- Kernel_function.Hashtbl.add subst_res kf new_lv;
- ChangeTo (TVar new_lv)))
+ None -> Aorai_option.fatal
+ "found \\result without being at a Return event"
+ | Some kf ->
+ (try
+ ChangeTo (TVar (Kernel_function.Hashtbl.find subst_res kf))
+ with Not_found ->
+ let new_lv =
+ Cil_const.make_logic_var_quant
+ ("__retres_" ^ (Kernel_function.get_name kf)) (Ctype ty)
+ in
+ Kernel_function.Hashtbl.add subst_res kf new_lv;
+ ChangeTo (TVar new_lv)))
| TMem _ | TVar _ -> DoChildren
method! vlogic_var_use lv =
match lv.lv_origin with
- | Some v when not v.vglob ->
- (try
- ChangeTo (Cil_datatype.Logic_var.Hashtbl.find subst lv)
- with Not_found ->
- let new_lv =
- Cil_const.make_logic_var_quant lv.lv_name lv.lv_type
- in
- Cil_datatype.Logic_var.Hashtbl.add subst lv new_lv;
- ChangeTo new_lv)
- | Some _ | None -> DoChildren
+ | Some v when not v.vglob ->
+ (try
+ ChangeTo (Cil_datatype.Logic_var.Hashtbl.find subst lv)
+ with Not_found ->
+ let new_lv =
+ Cil_const.make_logic_var_quant lv.lv_name lv.lv_type
+ in
+ Cil_datatype.Logic_var.Hashtbl.add subst lv new_lv;
+ ChangeTo new_lv)
+ | Some _ | None -> DoChildren
end
in Visitor.visitFramacPredicateNode visitor pred
let pred_of_condition subst subst_res label cond =
let mk_func_event f =
let op = tat (mk_term_from_vi (get_varinfo curOp),label) in
- (* [VP] TODO: change int to appropriate enum type. Also true
- elsewhere.
- *)
- let f =
- term
+ (* [VP] TODO: change int to appropriate enum type. Also true
+ elsewhere.
+ *)
+ let f =
+ term
(TConst (constant_to_lconstant (func_to_cenum f)))
- (Ctype (func_enum_type ()))
+ (Ctype (func_enum_type ()))
in
prel (Req,op,f)
in
let mk_func_status f status =
let curr = tat (mk_term_from_vi (get_varinfo curOpStatus),label) in
let call =
- term
+ term
(TConst (constant_to_lconstant (op_status_to_cenum status)))
(Ctype (status_enum_type()))
in
@@ -891,28 +894,28 @@ let pred_of_condition subst subst_res label cond =
let mk_func_return f = mk_func_status f Promelaast.Return in
let rec aux kf is_or = function
| TOr(c1,c2) ->
- let kf, c1 = aux kf true c1 in
- let kf, c2 = aux kf true c2 in
- kf, Logic_const.por (c1, c2)
+ let kf, c1 = aux kf true c1 in
+ let kf, c2 = aux kf true c2 in
+ kf, Logic_const.por (c1, c2)
| TAnd(c1,c2) ->
let kf, c1 = aux kf false c1 in
let kf, c2 = aux kf false c2 in
kf, Logic_const.pand (c1, c2)
| TNot c ->
- let kf, c = aux kf (not is_or) c in kf, Logic_const.pnot c
+ let kf, c = aux kf (not is_or) c in kf, Logic_const.pnot c
| TCall (s,b) ->
let pred = mk_func_start (Kernel_function.get_name s) in
let pred =
match b with
- | None -> pred
- | Some b ->
- Logic_const.pands
- (pred :: (List.map Logic_const.pred_of_id_pred b.b_assumes))
+ | None -> pred
+ | Some b ->
+ Logic_const.pands
+ (pred :: (List.map Logic_const.pred_of_id_pred b.b_assumes))
in
kf, pred
| TReturn s ->
- let kf = if is_or then kf else Some s in
- kf, mk_func_return (Kernel_function.get_name s)
+ let kf = if is_or then kf else Some s in
+ kf, mk_func_return (Kernel_function.get_name s)
| TTrue -> kf, ptrue
| TFalse -> kf, pfalse
| TRel(rel,t1,t2) ->
@@ -943,7 +946,7 @@ let mk_deterministic_lemma () =
(fun _ lv acc -> lv :: acc) subst []
in
let quants = Kernel_function.Hashtbl.fold
- (fun _ lv acc -> lv :: acc) subst_res quants
+ (fun _ lv acc -> lv :: acc) subst_res quants
in
(* [VP] far from perfect, but should give oracles for
regression tests that stay relatively stable across vid
@@ -969,25 +972,25 @@ let make_enum_states () =
List.map (fun x -> (x.Promelaast.name, x.Promelaast.nums)) state_list
in
let state_list =
- if not (Aorai_option.Deterministic.get ()) then state_list
- else
- (*[VP] Strictly speaking this is not needed, but Jessie tends
- to consider that a value of enum type can only be one of the
- tags, so that we must add this dummy state that is always a
- possible value, even when a contract concludes that curState
- is none of the others. Note that ISO C does not impose this
- limitation to values of enum types.
- *)
- (get_fresh "aorai_reject_state", -2)::state_list
+ if not (Aorai_option.Deterministic.get ()) then state_list
+ else
+ (*[VP] Strictly speaking this is not needed, but Jessie tends
+ to consider that a value of enum type can only be one of the
+ tags, so that we must add this dummy state that is always a
+ possible value, even when a contract concludes that curState
+ is none of the others. Note that ISO C does not impose this
+ limitation to values of enum types.
+ *)
+ (get_fresh "aorai_reject_state", -2)::state_list
in
let enum = mk_global_c_enum_type_tagged states state_list in
let mapping =
List.map
(fun (name,id) ->
- let item =
- List.find (fun y -> y.einame = name) enum.eitems
- in
- (id, item))
+ let item =
+ List.find (fun y -> y.einame = name) enum.eitems
+ in
+ (id, item))
state_list
in
set_enum mapping
@@ -1045,17 +1048,17 @@ let initGlobals root complete =
end;
(match Data_for_aorai.abstract_logic_info () with
- | [] -> ()
- | l ->
- let annot =
- Daxiomatic
- ("Aorai_pebble_axiomatic",
- List.map
- (fun li -> Dfun_or_pred(li,Cil_datatype.Location.unknown)) l,
- [],
- Cil_datatype.Location.unknown)
- in
- Annotations.add_global Aorai_option.emitter annot);
+ | [] -> ()
+ | l ->
+ let annot =
+ Daxiomatic
+ ("Aorai_pebble_axiomatic",
+ List.map
+ (fun li -> Dfun_or_pred(li,Cil_datatype.Location.unknown)) l,
+ [],
+ Cil_datatype.Location.unknown)
+ in
+ Annotations.add_global Aorai_option.emitter annot);
mk_global_comment "//* ";
mk_global_comment "//* END Primitives generated for LTL verification";
mk_global_comment "//****************";
@@ -1072,20 +1075,20 @@ let automaton_locations loc =
else
List.map
(fun state ->
- Logic_const.new_identified_term
- (Logic_const.tvar
- (Data_for_aorai.get_state_logic_var state)), FromAny)
+ Logic_const.new_identified_term
+ (Logic_const.tvar
+ (Data_for_aorai.get_state_logic_var state)), FromAny)
(fst (Data_for_aorai.getAutomata()))
in
(Logic_const.new_identified_term
(Logic_const.tvar ~loc
(Data_for_aorai.get_logic_var Data_for_aorai.curOpStatus)),
FromAny) ::
- (Logic_const.new_identified_term
- (Logic_const.tvar ~loc
- (Data_for_aorai.get_logic_var Data_for_aorai.curOp)),
- FromAny) ::
- auto_state
+ (Logic_const.new_identified_term
+ (Logic_const.tvar ~loc
+ (Data_for_aorai.get_logic_var Data_for_aorai.curOp)),
+ FromAny) ::
+ auto_state
let automaton_assigns loc = Writes (automaton_locations loc)
@@ -1100,7 +1103,7 @@ let aorai_assigns state loc =
(fun _ (_,_,b) acc -> Data_for_aorai.merge_bindings b acc)
merged_states Cil_datatype.Term.Map.empty
in
- let elements =
+ let elements =
Cil_datatype.Term.Map.fold
(fun t _ acc -> (Logic_const.new_identified_term t,FromAny)::acc)
bindings []
@@ -1116,85 +1119,85 @@ let action_assigns trans =
in
let treat_one_action acc =
function
- | Counter_init (host,off) | Counter_incr (host,off)
- | Copy_value ((host,off),_) ->
- let my_var =
- match host with
- | TVar ({ lv_origin = Some v}) -> v
- | _ -> Aorai_option.fatal "Auxiliary variable is not a C global"
- in
- let my_off =
- match off with
- | TNoOffset -> TNoOffset
- | TIndex _ -> TIndex(Logic_const.trange (None,None), TNoOffset)
- | TField _ | TModel _ ->
- Aorai_option.fatal "Unexpected offset in auxiliary variable"
- in
- add_if_needed my_var
- (Logic_const.term (TLval(host,my_off))
- (Cil.typeOfTermLval (host,my_off)))
- acc
- | Pebble_init(_,v,c) ->
- let cc = Extlib.the c.lv_origin in
- let cv = Extlib.the v.lv_origin in
- add_if_needed cv (Logic_const.tvar v)
- (add_if_needed cc (Logic_const.tvar c) acc)
- | Pebble_move(_,v1,_,v2) ->
- let cv1 = Extlib.the v1.lv_origin in
- let cv2 = Extlib.the v2.lv_origin in
- add_if_needed cv1 (Logic_const.tvar v1)
- (add_if_needed cv2 (Logic_const.tvar v2) acc)
+ | Counter_init (host,off) | Counter_incr (host,off)
+ | Copy_value ((host,off),_) ->
+ let my_var =
+ match host with
+ | TVar ({ lv_origin = Some v}) -> v
+ | _ -> Aorai_option.fatal "Auxiliary variable is not a C global"
+ in
+ let my_off =
+ match off with
+ | TNoOffset -> TNoOffset
+ | TIndex _ -> TIndex(Logic_const.trange (None,None), TNoOffset)
+ | TField _ | TModel _ ->
+ Aorai_option.fatal "Unexpected offset in auxiliary variable"
+ in
+ add_if_needed my_var
+ (Logic_const.term (TLval(host,my_off))
+ (Cil.typeOfTermLval (host,my_off)))
+ acc
+ | Pebble_init(_,v,c) ->
+ let cc = Extlib.the c.lv_origin in
+ let cv = Extlib.the v.lv_origin in
+ add_if_needed cv (Logic_const.tvar v)
+ (add_if_needed cc (Logic_const.tvar c) acc)
+ | Pebble_move(_,v1,_,v2) ->
+ let cv1 = Extlib.the v1.lv_origin in
+ let cv2 = Extlib.the v2.lv_origin in
+ add_if_needed cv1 (Logic_const.tvar v1)
+ (add_if_needed cv2 (Logic_const.tvar v2) acc)
in
let empty = (Cil_datatype.Varinfo.Set.empty,[]) in
let empty_pebble =
match trans.start.multi_state, trans.stop.multi_state with
- | Some(_,aux), None ->
- let caux = Extlib.the aux.lv_origin in
- add_if_needed caux (Logic_const.tvar aux) empty
- | _ -> empty
+ | Some(_,aux), None ->
+ let caux = Extlib.the aux.lv_origin in
+ add_if_needed caux (Logic_const.tvar aux) empty
+ | _ -> empty
in
let _,res = List.fold_left treat_one_action empty_pebble (snd trans.cross) in
Writes res
let get_reachable_trans state st auto current_state =
match st with
- | Promelaast.Call ->
- (try
- let reach = Data_for_aorai.Aorai_state.Map.find state current_state in
- let treat_one_state end_state _ l =
- Path_analysis.get_edges state end_state auto @ l
- in
- Data_for_aorai.Aorai_state.Map.fold treat_one_state reach []
- with Not_found -> [])
- | Promelaast.Return ->
- let treat_one_state end_state (_,last,_) l =
- if Data_for_aorai.Aorai_state.Set.mem state last then
- Path_analysis.get_edges state end_state auto @ l
- else l
- in
- let treat_one_start _ map l =
- Data_for_aorai.Aorai_state.Map.fold treat_one_state map l
- in
- Data_for_aorai.Aorai_state.Map.fold treat_one_start current_state []
-
+ | Promelaast.Call ->
+ (try
+ let reach = Data_for_aorai.Aorai_state.Map.find state current_state in
+ let treat_one_state end_state _ l =
+ Path_analysis.get_edges state end_state auto @ l
+ in
+ Data_for_aorai.Aorai_state.Map.fold treat_one_state reach []
+ with Not_found -> [])
+ | Promelaast.Return ->
+ let treat_one_state end_state (_,last,_) l =
+ if Data_for_aorai.Aorai_state.Set.mem state last then
+ Path_analysis.get_edges state end_state auto @ l
+ else l
+ in
+ let treat_one_start _ map l =
+ Data_for_aorai.Aorai_state.Map.fold treat_one_state map l
+ in
+ Data_for_aorai.Aorai_state.Map.fold treat_one_start current_state []
+
let get_reachable_trans_to state st auto current_state =
match st with
- | Promelaast.Call ->
- let treat_one_start start map acc =
- if Data_for_aorai.Aorai_state.Map.mem state map then
- Path_analysis.get_edges start state auto @ acc
- else acc
- in
- Data_for_aorai.Aorai_state.Map.fold treat_one_start current_state []
- | Promelaast.Return ->
- let treat_one_state _ map acc =
- try
- let (_,last,_) = Data_for_aorai.Aorai_state.Map.find state map in
- Data_for_aorai.Aorai_state.Set.fold
- (fun start acc -> Path_analysis.get_edges start state auto @ acc)
- last acc
- with Not_found -> acc
- in Data_for_aorai.Aorai_state.Map.fold treat_one_state current_state []
+ | Promelaast.Call ->
+ let treat_one_start start map acc =
+ if Data_for_aorai.Aorai_state.Map.mem state map then
+ Path_analysis.get_edges start state auto @ acc
+ else acc
+ in
+ Data_for_aorai.Aorai_state.Map.fold treat_one_start current_state []
+ | Promelaast.Return ->
+ let treat_one_state _ map acc =
+ try
+ let (_,last,_) = Data_for_aorai.Aorai_state.Map.find state map in
+ Data_for_aorai.Aorai_state.Set.fold
+ (fun start acc -> Path_analysis.get_edges start state auto @ acc)
+ last acc
+ with Not_found -> acc
+ in Data_for_aorai.Aorai_state.Map.fold treat_one_state current_state []
(* force that we have a crossable transition for each state in which the
automaton might be at current event. *)
@@ -1202,29 +1205,29 @@ let force_transition loc f st current_state =
let (states, _ as auto) = Data_for_aorai.getAutomata () in
(* We iterate aux on all the states, to get
- the predicate indicating in which states the automaton cannot possibly
- be before the transition (because we can't fire a transition from there).
+ be before the transition (because we can't fire a transition from there).
- the predicate indicating in which states the automaton might be, outside
- of the reject state
+ of the reject state
- a list of predicate indicating for each possible state which condition
- must hold to have at least one possible transition.
- *)
+ must hold to have at least one possible transition.
+ *)
let aux (impossible_states,possible_states,has_crossable_trans) state =
let reachable_trans = get_reachable_trans state st auto current_state in
(* we inspect each transition originating from state, and maintain the
following information:
- a typed condition indicating under which condition a transition
- can be crossed from the current state
+ can be crossed from the current state
- a flag indicating whether a transition that
- does not lead to a reject state can be crossed.
- *)
+ does not lead to a reject state can be crossed.
+ *)
let add_one_trans (has_crossable_trans, crossable_non_reject) trans =
let has_crossable_trans =
Logic_simplification.tor has_crossable_trans (fst trans.cross)
in
- let crossable_non_reject =
+ let crossable_non_reject =
crossable_non_reject ||
- (isCrossable trans f st
- && not (Data_for_aorai.is_reject_state trans.stop))
+ (isCrossable trans f st
+ && not (Data_for_aorai.is_reject_state trans.stop))
in has_crossable_trans, crossable_non_reject
in
let cond, crossable_non_reject =
@@ -1251,13 +1254,13 @@ let force_transition loc f st current_state =
let possible_states =
(* reject_state must not be the only possible state *)
match st with
- | Promelaast.Return ->
- if Data_for_aorai.is_reject_state state then possible_states
- else Logic_const.por ~loc (possible_states,start)
- | Promelaast.Call ->
- if crossable_non_reject then
- Logic_const.por ~loc (possible_states, start)
- else possible_states
+ | Promelaast.Return ->
+ if Data_for_aorai.is_reject_state state then possible_states
+ else Logic_const.por ~loc (possible_states,start)
+ | Promelaast.Call ->
+ if crossable_non_reject then
+ Logic_const.por ~loc (possible_states, start)
+ else possible_states
in
impossible_states, possible_states, has_crossable_trans
end
@@ -1269,7 +1272,7 @@ let force_transition loc f st current_state =
if Aorai_option.Deterministic.get() then
possible_states (* We're always in exactly one state, among the possible
ones, no need to list the impossible ones.
- *)
+ *)
else (* requires that the cells for impossible states be '0' *)
Logic_const.pand ~loc (possible_states, impossible_states)
in
@@ -1277,7 +1280,7 @@ let force_transition loc f st current_state =
let partition_action trans =
let add_state t st map =
- let old =
+ let old =
try Cil_datatype.Term_lval.Map.find t map
with Not_found -> Data_for_aorai.Aorai_state.Set.empty
in
@@ -1286,11 +1289,11 @@ let partition_action trans =
in
let treat_one_action st acc =
function
- | Counter_init t | Counter_incr t | Copy_value (t,_) -> add_state t st acc
- | Pebble_init _ | Pebble_move _ -> acc (* moving pebbles can occur at
- the same time (but not for
- same pebbles)
- *)
+ | Counter_init t | Counter_incr t | Copy_value (t,_) -> add_state t st acc
+ | Pebble_init _ | Pebble_move _ -> acc (* moving pebbles can occur at
+ the same time (but not for
+ same pebbles)
+ *)
in
let treat_one_trans acc tr =
List.fold_left (treat_one_action tr.start) acc (snd tr.cross)
@@ -1303,21 +1306,21 @@ let disjoint_states loc _ states precond =
let states = Data_for_aorai.Aorai_state.Set.elements states in
let rec product acc l =
match l with
- | [] -> acc
- | hd::tl ->
- let pairs = List.map (fun x -> (hd,x)) tl in
- product (pairs @ acc) tl
+ | [] -> acc
+ | hd::tl ->
+ let pairs = List.map (fun x -> (hd,x)) tl in
+ product (pairs @ acc) tl
in
let disjoint = product [] states in
List.fold_left
(fun acc (st1, st2) ->
- Logic_const.new_predicate
- (Logic_const.por ~loc
- (is_out_of_state_pred st1,is_out_of_state_pred st2)) :: acc)
+ Logic_const.new_predicate
+ (Logic_const.por ~loc
+ (is_out_of_state_pred st1,is_out_of_state_pred st2)) :: acc)
precond
disjoint
-(*
+(*
forces that parent states of a state with action are mutually exclusive,
at least at pebble level.
*)
@@ -1331,8 +1334,8 @@ let incompatible_states loc st current_state =
List.fold_left aux [] states
let auto_func_preconditions loc f st current_state =
- force_transition loc f st current_state @
- incompatible_states loc st current_state
+ force_transition loc f st current_state @
+ incompatible_states loc st current_state
let find_pebble_origin lab actions =
@@ -1381,79 +1384,79 @@ let pebble_post ~loc pebble_set aux_var guard =
*)
let add_behavior_pebble_actions ~loc f st behaviors state trans =
match state.multi_state with
- | None -> behaviors
- | Some (set,aux) ->
- let name = Printf.sprintf "pebble_%s" state.name in
- let assumes =
- List.fold_left
- (fun acc b ->
- let assumes = List.map pred_of_id_pred b.b_assumes in
- Logic_const.por ~loc (acc, Logic_const.pands assumes))
- pfalse behaviors
- in
- let assumes = [ Logic_const.new_predicate assumes ] in
- let set = Data_for_aorai.pebble_set_at set Logic_const.here_label in
- let treat_action guard res action =
- match action with
- | Copy_value _ | Counter_incr _ | Counter_init _ -> res
- | Pebble_init (_,_,v) ->
- let a = Cil_const.make_logic_var_quant aux.lv_name aux.lv_type in
- let guard = rename_pred aux a guard in
- let guard =
- Logic_const.pand ~loc
- (Logic_const.prel
- ~loc (Req,Logic_const.tvar a,Logic_const.tvar v),
- guard)
- in
- Logic_const.term ~loc
- (Tcomprehension (Logic_const.tvar a,[a], Some guard))
- set.term_type
- :: res
- | Pebble_move(_,_,s1,_) ->
- let a = Cil_const.make_logic_var_quant aux.lv_name aux.lv_type in
- let guard = rename_pred aux a guard in
- let in_s =
- mk_sub ~loc
- (Data_for_aorai.pebble_set_at s1 Logic_const.pre_label) a
- in
- let guard = Logic_const.pand ~loc (in_s,guard) in
- Logic_const.term ~loc
- (Tcomprehension (Logic_const.tvar a,[a], Some guard))
- set.term_type
- :: res
- in
- let treat_one_trans acc tr =
- let guard = crosscond_to_pred (fst tr.cross) f st in
- let guard = Logic_const.pold guard in
- List.fold_left (treat_action guard) acc (snd tr.cross)
- in
- let res = List.fold_left treat_one_trans [] trans in
- let res = Logic_const.term (Tunion res) set.term_type in
- let post_cond =
- [ Normal, Logic_const.new_predicate (Logic_const.prel (Req,set,res))]
- in
- Cil.mk_behavior ~name ~assumes ~post_cond () :: behaviors
+ | None -> behaviors
+ | Some (set,aux) ->
+ let name = Printf.sprintf "pebble_%s" state.name in
+ let assumes =
+ List.fold_left
+ (fun acc b ->
+ let assumes = List.map pred_of_id_pred b.b_assumes in
+ Logic_const.por ~loc (acc, Logic_const.pands assumes))
+ pfalse behaviors
+ in
+ let assumes = [ Logic_const.new_predicate assumes ] in
+ let set = Data_for_aorai.pebble_set_at set Logic_const.here_label in
+ let treat_action guard res action =
+ match action with
+ | Copy_value _ | Counter_incr _ | Counter_init _ -> res
+ | Pebble_init (_,_,v) ->
+ let a = Cil_const.make_logic_var_quant aux.lv_name aux.lv_type in
+ let guard = rename_pred aux a guard in
+ let guard =
+ Logic_const.pand ~loc
+ (Logic_const.prel
+ ~loc (Req,Logic_const.tvar a,Logic_const.tvar v),
+ guard)
+ in
+ Logic_const.term ~loc
+ (Tcomprehension (Logic_const.tvar a,[a], Some guard))
+ set.term_type
+ :: res
+ | Pebble_move(_,_,s1,_) ->
+ let a = Cil_const.make_logic_var_quant aux.lv_name aux.lv_type in
+ let guard = rename_pred aux a guard in
+ let in_s =
+ mk_sub ~loc
+ (Data_for_aorai.pebble_set_at s1 Logic_const.pre_label) a
+ in
+ let guard = Logic_const.pand ~loc (in_s,guard) in
+ Logic_const.term ~loc
+ (Tcomprehension (Logic_const.tvar a,[a], Some guard))
+ set.term_type
+ :: res
+ in
+ let treat_one_trans acc tr =
+ let guard = crosscond_to_pred (fst tr.cross) f st in
+ let guard = Logic_const.pold guard in
+ List.fold_left (treat_action guard) acc (snd tr.cross)
+ in
+ let res = List.fold_left treat_one_trans [] trans in
+ let res = Logic_const.term (Tunion res) set.term_type in
+ let post_cond =
+ [ Normal, Logic_const.new_predicate (Logic_const.prel (Req,set,res))]
+ in
+ Cil.mk_behavior ~name ~assumes ~post_cond () :: behaviors
let mk_action ~loc a =
let term_lval lv =
Logic_const.term ~loc (TLval lv) (Cil.typeOfTermLval lv)
in
match a with
- | Counter_init lv ->
- [Logic_const.prel ~loc
- (Req, term_lval lv, Logic_const.tinteger ~loc 1)]
- | Counter_incr lv ->
- [Logic_const.prel ~loc
- (Req, term_lval lv,
- Logic_const.term ~loc
- (TBinOp (PlusA,
- Logic_const.told ~loc (term_lval lv),
- Logic_const.tinteger ~loc 1))
- (Cil.typeOfTermLval lv))]
- | Pebble_init _ | Pebble_move _ -> [] (* Treated elsewhere *)
- | Copy_value (lv,t) ->
- [Logic_const.prel ~loc
- (Req, term_lval lv, Logic_const.told t)]
+ | Counter_init lv ->
+ [Logic_const.prel ~loc
+ (Req, term_lval lv, Logic_const.tinteger ~loc 1)]
+ | Counter_incr lv ->
+ [Logic_const.prel ~loc
+ (Req, term_lval lv,
+ Logic_const.term ~loc
+ (TBinOp (PlusA,
+ Logic_const.told ~loc (term_lval lv),
+ Logic_const.tinteger ~loc 1))
+ (Cil.typeOfTermLval lv))]
+ | Pebble_init _ | Pebble_move _ -> [] (* Treated elsewhere *)
+ | Copy_value (lv,t) ->
+ [Logic_const.prel ~loc
+ (Req, term_lval lv, Logic_const.told t)]
let is_reachable state status =
let treat_one_state _ map = Data_for_aorai.Aorai_state.Map.mem state map in
@@ -1461,21 +1464,21 @@ let is_reachable state status =
let concat_assigns a1 a2 =
match a1,a2 with
- | WritesAny, _ -> a2
- | _, WritesAny -> a1
- | Writes l1, Writes l2 ->
- Writes
- (List.fold_left
- (fun acc (loc,_ as elt) ->
- if List.exists
- (fun (x,_) ->
- Cil_datatype.Term.equal x.it_content loc.it_content)
- l2
- then
- acc
- else
- elt :: acc)
- l2 l1)
+ | WritesAny, _ -> a2
+ | _, WritesAny -> a1
+ | Writes l1, Writes l2 ->
+ Writes
+ (List.fold_left
+ (fun acc (loc,_ as elt) ->
+ if List.exists
+ (fun (x,_) ->
+ Cil_datatype.Term.equal x.it_content loc.it_content)
+ l2
+ then
+ acc
+ else
+ elt :: acc)
+ l2 l1)
let get_accessible_transitions auto state status =
let treat_one_state curr_state (_,last,_) acc =
@@ -1487,7 +1490,7 @@ let get_accessible_transitions auto state status =
Data_for_aorai.Aorai_state.Map.fold treat_one_state map acc
in
let previous_set =
- Data_for_aorai.Aorai_state.Map.fold
+ Data_for_aorai.Aorai_state.Map.fold
treat_start_state status Data_for_aorai.Aorai_state.Set.empty
in
Data_for_aorai.Aorai_state.Set.fold
@@ -1495,7 +1498,7 @@ let get_accessible_transitions auto state status =
(* Assumes that we don't have a multi-state here.
pebbles are handled elsewhere
- *)
+*)
let mk_unchanged_aux_vars trans =
let my_aux_vars = Cil_datatype.Term_lval.Set.empty in
let add_one_action acc = function
@@ -1503,7 +1506,7 @@ let mk_unchanged_aux_vars trans =
Cil_datatype.Term_lval.Set.add lv acc
| Pebble_init _ | Pebble_move _ -> acc
in
- let add_one_trans acc tr =
+ let add_one_trans acc tr =
let (_,actions) = tr.cross in
List.fold_left add_one_action acc actions
in
@@ -1522,103 +1525,103 @@ let mk_behavior ~loc auto kf e status state =
if is_reachable state status then begin
Aorai_option.debug "state %s is reachable" state.Promelaast.name;
let my_trans = get_accessible_transitions auto state status in
- let rec treat_trans
+ let rec treat_trans
((in_assumes, out_assumes, assigns, action_bhvs) as acc) l =
match l with
- | [] -> acc
- | trans :: tl ->
- let consider, others =
- List.partition (fun x -> x.start.nums = trans.start.nums) tl
+ | [] -> acc
+ | trans :: tl ->
+ let consider, others =
+ List.partition (fun x -> x.start.nums = trans.start.nums) tl
- in
- let start = is_state_pred trans.start in
- let not_start = is_out_of_state_pred trans.start in
- let in_guard, out_guard, assigns, my_action_bhvs =
- List.fold_left
- (fun (in_guard, out_guard, all_assigns, action_bhvs) trans ->
- Aorai_option.debug "examining transition %d" trans.numt;
- let (cond,actions) = trans.cross in
- Aorai_option.debug "transition %d is active" trans.numt;
- let guard = crosscond_to_pred cond kf e in
- let my_in_guard,my_out_guard =
- match state.multi_state with
- | None -> guard, Logic_const.pnot ~loc guard
- | Some (_,aux) ->
- let set =
- find_pebble_origin Logic_const.here_label actions
- in
- pebble_guard ~loc set aux guard,
- pebble_guard_neg ~loc set aux guard
- in
- let out_guard =
- Logic_const.pand ~loc (out_guard, my_out_guard)
- in
- let in_guard, all_assigns, action_bhvs =
- match actions with
- | [] ->
- (Logic_const.por ~loc (in_guard,my_in_guard),
- all_assigns,
- action_bhvs)
- | _ ->
- let name =
- Printf.sprintf "buch_state_%s_in_%d"
- state.name (List.length action_bhvs)
- in
- Aorai_option.debug "Name is %s" name;
- let assumes = [
- Logic_const.new_predicate
- (Logic_const.pand ~loc (start,my_in_guard))
- ]
- in
- let post_cond =
- Normal,
- Logic_const.new_predicate (is_state_pred state)
- in
- let treat_one_action acc a =
- let posts = mk_action ~loc a in
- match state.multi_state with
- | None ->
- acc @
- List.map
- (fun x ->
- (Normal, Logic_const.new_predicate x))
- posts
- | Some (_,aux) ->
- let set =
- find_pebble_origin
- Logic_const.pre_label actions
- in
- acc @
- List.map
- (fun x ->
- (Normal,
- Logic_const.new_predicate
- (pebble_post ~loc set aux x)))
- posts
- in
- let post_cond =
- List.fold_left treat_one_action [post_cond] actions
- in
- let assigns = action_assigns trans in
- let all_assigns = concat_assigns assigns all_assigns in
- let bhv =
- Cil.mk_behavior ~name ~assumes ~post_cond ()
- in
- in_guard, all_assigns, bhv :: action_bhvs
- in
- in_guard, out_guard, all_assigns, action_bhvs)
- (pfalse,ptrue,assigns, action_bhvs) (trans::consider)
- in
- treat_trans
- (Logic_const.por ~loc
- (in_assumes, (Logic_const.pand ~loc (start, in_guard))),
- Logic_const.pand ~loc
- (out_assumes,
- (Logic_const.por ~loc (not_start, out_guard))),
- assigns,
- my_action_bhvs
- )
- others
+ in
+ let start = is_state_pred trans.start in
+ let not_start = is_out_of_state_pred trans.start in
+ let in_guard, out_guard, assigns, my_action_bhvs =
+ List.fold_left
+ (fun (in_guard, out_guard, all_assigns, action_bhvs) trans ->
+ Aorai_option.debug "examining transition %d" trans.numt;
+ let (cond,actions) = trans.cross in
+ Aorai_option.debug "transition %d is active" trans.numt;
+ let guard = crosscond_to_pred cond kf e in
+ let my_in_guard,my_out_guard =
+ match state.multi_state with
+ | None -> guard, Logic_const.pnot ~loc guard
+ | Some (_,aux) ->
+ let set =
+ find_pebble_origin Logic_const.here_label actions
+ in
+ pebble_guard ~loc set aux guard,
+ pebble_guard_neg ~loc set aux guard
+ in
+ let out_guard =
+ Logic_const.pand ~loc (out_guard, my_out_guard)
+ in
+ let in_guard, all_assigns, action_bhvs =
+ match actions with
+ | [] ->
+ (Logic_const.por ~loc (in_guard,my_in_guard),
+ all_assigns,
+ action_bhvs)
+ | _ ->
+ let name =
+ Printf.sprintf "buch_state_%s_in_%d"
+ state.name (List.length action_bhvs)
+ in
+ Aorai_option.debug "Name is %s" name;
+ let assumes = [
+ Logic_const.new_predicate
+ (Logic_const.pand ~loc (start,my_in_guard))
+ ]
+ in
+ let post_cond =
+ Normal,
+ Logic_const.new_predicate (is_state_pred state)
+ in
+ let treat_one_action acc a =
+ let posts = mk_action ~loc a in
+ match state.multi_state with
+ | None ->
+ acc @
+ List.map
+ (fun x ->
+ (Normal, Logic_const.new_predicate x))
+ posts
+ | Some (_,aux) ->
+ let set =
+ find_pebble_origin
+ Logic_const.pre_label actions
+ in
+ acc @
+ List.map
+ (fun x ->
+ (Normal,
+ Logic_const.new_predicate
+ (pebble_post ~loc set aux x)))
+ posts
+ in
+ let post_cond =
+ List.fold_left treat_one_action [post_cond] actions
+ in
+ let assigns = action_assigns trans in
+ let all_assigns = concat_assigns assigns all_assigns in
+ let bhv =
+ Cil.mk_behavior ~name ~assumes ~post_cond ()
+ in
+ in_guard, all_assigns, bhv :: action_bhvs
+ in
+ in_guard, out_guard, all_assigns, action_bhvs)
+ (pfalse,ptrue,assigns, action_bhvs) (trans::consider)
+ in
+ treat_trans
+ (Logic_const.por ~loc
+ (in_assumes, (Logic_const.pand ~loc (start, in_guard))),
+ Logic_const.pand ~loc
+ (out_assumes,
+ (Logic_const.por ~loc (not_start, out_guard))),
+ assigns,
+ my_action_bhvs
+ )
+ others
in
let my_trans = List.filter (fun x -> isCrossable x kf e) my_trans in
let in_assumes, out_assumes, assigns, action_behaviors =
@@ -1632,7 +1635,7 @@ let mk_behavior ~loc auto kf e status state =
~name:(Printf.sprintf "buch_state_%s_in" state.Promelaast.name)
~assumes:[Logic_const.new_predicate in_assumes]
~post_cond:
- [Normal, Logic_const.new_predicate (is_state_pred state)]
+ [Normal, Logic_const.new_predicate (is_state_pred state)]
()
in behavior_in :: action_behaviors
end
@@ -1645,16 +1648,16 @@ let mk_behavior ~loc auto kf e status state =
else begin
let post_cond =
match state.multi_state with
- | None -> mk_unchanged_aux_vars my_trans
- | Some (set,_) ->
- let set =
- Data_for_aorai.pebble_set_at set Logic_const.here_label
- in
- [Normal,
- Logic_const.new_predicate
- (Logic_const.prel ~loc
- (Req,set,
- Logic_const.term ~loc Tempty_set set.term_type))]
+ | None -> mk_unchanged_aux_vars my_trans
+ | Some (set,_) ->
+ let set =
+ Data_for_aorai.pebble_set_at set Logic_const.here_label
+ in
+ [Normal,
+ Logic_const.new_predicate
+ (Logic_const.prel ~loc
+ (Req,set,
+ Logic_const.term ~loc Tempty_set set.term_type))]
in
let post_cond =
(Normal, (Logic_const.new_predicate (is_out_of_state_pred state)))
@@ -1675,15 +1678,15 @@ let mk_behavior ~loc auto kf e status state =
let name = Printf.sprintf "buch_state_%s_out" state.Promelaast.name in
let post_cond =
match state.multi_state with
- | None -> []
- | Some (set,_) ->
- let set =
- Data_for_aorai.pebble_set_at set Logic_const.here_label
- in [Normal,
- Logic_const.new_predicate
- (Logic_const.prel ~loc
- (Req,set,
- Logic_const.term ~loc Tempty_set set.term_type))]
+ | None -> []
+ | Some (set,_) ->
+ let set =
+ Data_for_aorai.pebble_set_at set Logic_const.here_label
+ in [Normal,
+ Logic_const.new_predicate
+ (Logic_const.prel ~loc
+ (Req,set,
+ Logic_const.term ~loc Tempty_set set.term_type))]
in
let post_cond =
(Normal, Logic_const.new_predicate (is_out_of_state_pred state))
@@ -1695,16 +1698,16 @@ let mk_behavior ~loc auto kf e status state =
let auto_func_behaviors loc f st state =
let call_or_ret =
match st with
- | Promelaast.Call -> "call"
- | Promelaast.Return -> "return"
+ | Promelaast.Call -> "call"
+ | Promelaast.Return -> "return"
in
Aorai_option.debug
"func behavior for %a (%s)" Kernel_function.pretty f call_or_ret;
let (states, _) as auto = Data_for_aorai.getAutomata() in
- (* requires is not needed for pre_func, as it is enforced by the
- requires of the original C function itself (and the call to pre_func
- by definition the first instruction of the function).
- *)
+ (* requires is not needed for pre_func, as it is enforced by the
+ requires of the original C function itself (and the call to pre_func
+ by definition the first instruction of the function).
+ *)
let post_cond =
let called_pre =
Logic_const.new_predicate
@@ -1725,11 +1728,11 @@ let auto_func_behaviors loc f st state =
(Data_for_aorai.get_logic_var Data_for_aorai.curOp),
(Logic_const.term
(TConst((constant_to_lconstant
- (Data_for_aorai.func_to_cenum
+ (Data_for_aorai.func_to_cenum
(Kernel_function.get_name f)))))
- (Ctype Cil.intType))))
+ (Ctype Cil.intType))))
in
- (* let old_pred = Aorai_utils.mk_old_state_pred loc in *)
+ (* let old_pred = Aorai_utils.mk_old_state_pred loc in *)
[(Normal, called_pre); (Normal, called_pre_2)]
in
let requires =
@@ -1750,30 +1753,31 @@ let auto_func_behaviors loc f st state =
global_behavior :: (List.rev behaviors)
-let act_convert loc (_,act) res =
- let treat_one_act =
- function
- | Counter_init t_lval ->
- Cil.mkStmtOneInstr (Set (tlval_to_lval t_lval res, Cil.one loc, loc))
- | Counter_incr t_lval ->
- let my_lval = tlval_to_lval t_lval res in
- Cil.mkStmtOneInstr
- (Set
- (my_lval,
- (Cil.mkBinOp
- loc
- PlusA
- (Cil.new_exp loc (Lval my_lval))
- (Cil.one loc)),
- loc))
- | Copy_value (t_lval, t) ->
- Cil.mkStmtOneInstr
- (Set (tlval_to_lval t_lval res, term_to_exp t res, loc))
- | _ ->
- Aorai_option.fatal "Peebles not treated yet." (* TODO : Treat peebles. *)
+let act_convert loc (_,act) res =
+ let treat_one_act =
+ function
+ | Counter_init t_lval ->
+ Cil.mkStmtOneInstr
+ ~ghost:true (Set (tlval_to_lval t_lval res, Cil.one loc, loc))
+ | Counter_incr t_lval ->
+ let my_lval = tlval_to_lval t_lval res in
+ Cil.mkStmtOneInstr ~ghost:true
+ (Set
+ (my_lval,
+ (Cil.mkBinOp
+ loc
+ PlusA
+ (Cil.new_exp loc (Lval my_lval))
+ (Cil.one loc)),
+ loc))
+ | Copy_value (t_lval, t) ->
+ Cil.mkStmtOneInstr ~ghost:true
+ (Set (tlval_to_lval t_lval res, term_to_exp t res, loc))
+ | _ ->
+ Aorai_option.fatal "Peebles not treated yet." (* TODO : Treat peebles. *)
in
List.map treat_one_act act
-
+
let copy_stmt s =
let vis = new Visitor.frama_c_refresh (Project.current()) in
Visitor.visitFramacStmt vis s
@@ -1784,32 +1788,32 @@ let copy_stmt s =
If state is reachable, generates a "If then else" statement, else it is
just an assignment.
Used in auto_func_block. *)
-let mk_stmt loc (states, tr) f fst status ((st,_) as state) res =
+let mk_stmt loc (states, tr) f fst status ((st,_) as state) res =
if is_reachable st status then begin
let useful_trans = get_accessible_transitions (states,tr) st status in
- let exp_from_trans,stmt_from_action =
+ let exp_from_trans,stmt_from_action =
List.split
(List.map
- (function trans ->
- (Cil.mkBinOp
- loc
- LAnd
- (is_state_exp trans.start loc)
- (crosscond_to_exp f fst loc trans.cross res)),
- (act_convert loc trans.cross res)
- )
+ (function trans ->
+ (Cil.mkBinOp
+ loc
+ LAnd
+ (is_state_exp trans.start loc)
+ (crosscond_to_exp f fst loc trans.cross res)),
+ (act_convert loc trans.cross res)
+ )
useful_trans
)
in
let mkIfStmt exp1 block1 block2 =
- Cil.mkStmt (If (exp1, block1, block2, loc))
+ Cil.mkStmt ~ghost:true (If (exp1, block1, block2, loc))
in
let if_cond =
- List.fold_left
- (fun acc exp -> Cil.mkBinOp loc LOr exp acc)
+ List.fold_left
+ (fun acc exp -> Cil.mkBinOp loc LOr exp acc)
(List.hd exp_from_trans)
(List.tl exp_from_trans)
- in
+ in
let then_stmt = is_state_stmt state loc in
let else_stmt =
if Aorai_option.Deterministic.get () then []
@@ -1818,7 +1822,7 @@ let mk_stmt loc (states, tr) f fst status ((st,_) as state) res =
if Aorai_option.Deterministic.get () then
List.fold_left2
(fun acc cond stmt_act ->
- [mkIfStmt cond
+ [mkIfStmt cond
(mkBlock (copy_stmt then_stmt :: stmt_act)) (mkBlock acc)])
else_stmt
(List.rev exp_from_trans)
@@ -1846,9 +1850,9 @@ let auto_func_block loc f st status res =
Aorai_option.debug
~dkey "func code for %a (%s)" Kernel_function.pretty f call_or_ret;
let (states, _) as auto = Data_for_aorai.getAutomata() in
-
+
(* For the following tests, we need a copy of every state. *)
-
+
let copies, local_var =
if Aorai_option.Deterministic.get () then begin
let orig = Data_for_aorai.get_varinfo curState in
@@ -1865,17 +1869,16 @@ let auto_func_block loc f st status res =
end
in
let equalsStmt lval exp = (* assignment *)
- Cil.mkStmtOneInstr ( Set ( lval , exp , loc) )
-
+ Cil.mkStmtOneInstr ~ghost:true (Set (lval, exp, loc))
in
- let stmt_begin_list =
+ let stmt_begin_list =
- [
- (* First statement : what is the current status : called or return ? *)
- equalsStmt
+ [
+ (* First statement : what is the current status : called or return ? *)
+ equalsStmt
(Cil.var (Data_for_aorai.get_varinfo Data_for_aorai.curOpStatus)) (* current status... *)
(Cil.new_exp loc (Const (Data_for_aorai.op_status_to_cenum st))); (* ... equals to what it is *)
-
+
(* Second statement : what is the current operation, i.e. which function ? *)
equalsStmt
(Cil.var (Data_for_aorai.get_varinfo Data_for_aorai.curOp)) (* current operation ... *)
@@ -1883,7 +1886,7 @@ let auto_func_block loc f st status res =
]
in
-
+
(* As we work on copies, they need to be set to their actual values *)
let copies_update =
@@ -1898,12 +1901,12 @@ let auto_func_block loc f st status res =
copies
in
(* For each state, we have to generate the statement that will update its copy. *)
- let main_stmt =
+ let main_stmt =
- List.fold_left
- (fun acc state -> (mk_stmt loc auto f st status state res)@acc )
- []
- copies
+ List.fold_left
+ (fun acc state -> (mk_stmt loc auto f st status state res)@acc )
+ []
+ copies
in
@@ -1920,7 +1923,7 @@ let auto_func_block loc f st status res =
(Cil.evar ~loc copy))
copies
in
- let ret = [ Cil.mkStmt (Cil_types.Return(None,loc)) ] in
+ let ret = [ Cil.mkStmt ~ghost:true (Cil_types.Return(None,loc)) ] in
let res_block =
(Cil.mkBlock
( stmt_begin_list @ copies_update @ main_stmt @ stvar_update @ ret))
@@ -1929,12 +1932,12 @@ let auto_func_block loc f st status res =
Aorai_option.debug ~dkey "Generated body is:@\n%a"
Printer.pp_block res_block;
res_block,local_var
-
+
let get_preds_wrt_params_reachable_states state f status =
let auto = Data_for_aorai.getAutomata () in
let treat_one_trans acc tr = Logic_simplification.tor acc (fst tr.cross) in
- let find_trans state prev tr =
- Path_analysis.get_edges prev state auto @ tr
+ let find_trans state prev tr =
+ Path_analysis.get_edges prev state auto @ tr
in
let treat_one_state state (_,last,_) acc =
let my_trans =
@@ -1951,7 +1954,7 @@ let get_preds_wrt_params_reachable_states state f status =
let get_preds_wrt_params_reachable_states state f status =
let merge_reachable_state _ = Data_for_aorai.merge_end_state in
let reachable_states =
- Data_for_aorai.Aorai_state.Map.fold
+ Data_for_aorai.Aorai_state.Map.fold
merge_reachable_state state Data_for_aorai.Aorai_state.Map.empty
in
get_preds_wrt_params_reachable_states reachable_states f status
@@ -1968,22 +1971,22 @@ let treat_val loc base range pred =
let add term =
if Cil.isLogicZero base then term
else Logic_const.term
- (TBinOp (PlusA, Logic_const.tat (base,Logic_const.pre_label), term))
- Linteger
+ (TBinOp (PlusA, Logic_const.tat (base,Logic_const.pre_label), term))
+ Linteger
in
let add_cst i = add (Logic_const.tinteger i) in
let res =
match range with
- | Fixed i -> Logic_const.prel (Req,loc, add_cst i)
- | Interval(min,max) ->
- let min = Logic_const.prel (Rle, add_cst min, loc) in
- let max = Logic_const.prel (Rle, loc, add_cst max) in
- Logic_const.pand (min,max)
- | Bounded (min,max) ->
- let min = Logic_const.prel (Rle, add_cst min, loc) in
- let max = Logic_const.prel (Rle, loc, add max) in
- Logic_const.pand (min,max)
- | Unbounded min -> Logic_const.prel (Rle, add_cst min, loc)
+ | Fixed i -> Logic_const.prel (Req,loc, add_cst i)
+ | Interval(min,max) ->
+ let min = Logic_const.prel (Rle, add_cst min, loc) in
+ let max = Logic_const.prel (Rle, loc, add_cst max) in
+ Logic_const.pand (min,max)
+ | Bounded (min,max) ->
+ let min = Logic_const.prel (Rle, add_cst min, loc) in
+ let max = Logic_const.prel (Rle, loc, add max) in
+ Logic_const.pand (min,max)
+ | Unbounded min -> Logic_const.prel (Rle, add_cst min, loc)
in
Aorai_option.debug ~dkey:action_dkey "Action predicate: %a"
Printer.pp_predicate res;
@@ -2012,13 +2015,13 @@ let update_to_pred ~start ~pre_state ~post_state location bindings =
in
let pred =
match post_state.multi_state with
- | None -> intv
- | Some(set,aux) ->
- (* [VP 2011-09-05] In fact, not all the pebble come from the considered
- pre-state. Will this lead to too strong post-conditions?
- *)
- let set = Data_for_aorai.pebble_set_at set Logic_const.here_label in
- pebble_post ~loc set aux intv
+ | None -> intv
+ | Some(set,aux) ->
+ (* [VP 2011-09-05] In fact, not all the pebble come from the considered
+ pre-state. Will this lead to too strong post-conditions?
+ *)
+ let set = Data_for_aorai.pebble_set_at set Logic_const.here_label in
+ pebble_post ~loc set aux intv
in
let guard =
Logic_const.pand ~loc
diff --git a/src/plugins/aorai/aorai_utils.mli b/src/plugins/aorai/aorai_utils.mli
index 1d1fabbe7a9b3510055097ca014d3e62f52ff489..7c85d31d0f52dfc0e767a53c2fa485d2b51b0bea 100644
--- a/src/plugins/aorai/aorai_utils.mli
+++ b/src/plugins/aorai/aorai_utils.mli
@@ -29,7 +29,7 @@ open Promelaast
(** Given a transition a function and a function status (call or return)
it returns if the cross condition can be satisfied
with only function status.
- *)
+*)
val isCrossable:
(typed_condition * action) trans -> kernel_function -> funcStatus -> bool
@@ -42,7 +42,7 @@ val isCrossableAtInit:
(** This function rewrites a cross condition into an ACSL expression.
Moreover, by giving current operation name and its status (call or
return) the generation simplifies the generated expression.
- *)
+*)
val crosscond_to_pred:
typed_condition -> kernel_function -> funcStatus -> predicate
@@ -67,7 +67,7 @@ val initGlobals : Cil_types.kernel_function -> bool -> unit
(** base lhost corresponding to curState. *)
val host_state_term: unit -> Cil_types.term_lval
-(** Returns the predicate saying that automaton is in
+(** Returns the predicate saying that automaton is in
corresponding state. *)
val is_state_pred: state -> predicate
@@ -99,7 +99,7 @@ val is_out_of_state_exp: state -> location -> Cil_types.exp
in the function.
@since Nitrogen-20111001
@since Neon-20140301 adds kf argument
- *)
+*)
val aorai_assigns:
Data_for_aorai.state -> Cil_types.location -> Cil_types.assigns
@@ -111,7 +111,7 @@ val force_transition:
Cil_types.location -> kernel_function -> Promelaast.funcStatus ->
Data_for_aorai.state -> Cil_types.identified_predicate list
-(** return list of preconditions for the given auxiliary function
+(** return list of preconditions for the given auxiliary function
(f_pre_func or f_post_func). *)
val auto_func_preconditions:
Cil_types.location -> kernel_function -> Promelaast.funcStatus ->
@@ -150,7 +150,7 @@ val possible_states_preds:
(** Possible values of the given auxiliary variable under the current path,
[start]ing from the given point
@since Neon-20140301 add logic_label argument
- *)
+*)
val update_to_pred:
start: Cil_types.logic_label ->
pre_state:Promelaast.state -> post_state:Promelaast.state ->
@@ -161,7 +161,7 @@ val update_to_pred:
the function, guarded by the fact that we have followed this path, from
the given program point
@modify Neon-20130301 add logic_label argument
- *)
+*)
val action_to_pred:
start:Cil_types.logic_label ->
pre_state:Promelaast.state -> post_state:Promelaast.state ->
@@ -170,8 +170,8 @@ val action_to_pred:
(** All actions that might have been performed on aux variables from the
given program point, guarded by the path followed.
@modify Neon-20140301 add logic_label argument
- *)
-val all_actions_preds:
+*)
+val all_actions_preds:
Cil_types.logic_label ->
Data_for_aorai.state -> predicate list
diff --git a/src/plugins/aorai/aorai_visitors.ml b/src/plugins/aorai/aorai_visitors.ml
index 165990df1ce1bf35fe8b81f022bcd9820cd24d98..ff4000cb4d52e9b4baaa634c054c1c06075ea127 100644
--- a/src/plugins/aorai/aorai_visitors.ml
+++ b/src/plugins/aorai/aorai_visitors.ml
@@ -36,9 +36,9 @@ let get_acceptance_pred () =
let (st,_) = Data_for_aorai.getAutomata () in
List.fold_left
(fun acc s ->
- match s.acceptation with
- Bool3.True -> Logic_const.por (acc, Aorai_utils.is_state_pred s)
- | Bool3.False | Bool3.Undefined -> acc)
+ match s.acceptation with
+ Bool3.True -> Logic_const.por (acc, Aorai_utils.is_state_pred s)
+ | Bool3.False | Bool3.Undefined -> acc)
Logic_const.pfalse st
let get_call_name exp = match exp.enode with
@@ -67,7 +67,7 @@ type func_auto_mode =
the automaton when f is called. *)
| Post_func of kernel_function (* Post_func f denotes a function updating
the automaton when returning from f. *)
-
+
(* table from auxiliary functions to the corresponding original one. *)
let func_orig_table = Cil_datatype.Varinfo.Hashtbl.create 17
@@ -75,27 +75,27 @@ let kind_of_func vi =
try Cil_datatype.Varinfo.Hashtbl.find func_orig_table vi
with Not_found -> Not_auto_func
-(* The following functions will be used to generate C code for pre & post
+(* The following functions will be used to generate C code for pre & post
functions. *)
let mk_auto_fct_block kf status auto_state res =
let loc = Kernel_function.get_location kf in
Aorai_utils.auto_func_block loc kf status auto_state res
-
+
let mk_pre_fct_block kf =
- mk_auto_fct_block
- kf
- Promelaast.Call
+ mk_auto_fct_block
+ kf
+ Promelaast.Call
(Data_for_aorai.get_kf_init_state kf)
None
let mk_post_fct_block kf res =
- mk_auto_fct_block
+ mk_auto_fct_block
kf
- Promelaast.Return
+ Promelaast.Return
(Data_for_aorai.get_kf_return_state kf)
res
-
+
(**
This visitor adds an auxiliary function for each C function which takes
care of setting the automaton in a correct state before calling the
@@ -104,86 +104,88 @@ let mk_post_fct_block kf res =
return.
*)
class visit_adding_code_for_synchronisation =
-object (self)
- inherit Visitor.frama_c_inplace
+ object (self)
+ inherit Visitor.frama_c_inplace
- val aux_post_table = Kernel_function.Hashtbl.create 17
+ val aux_post_table = Kernel_function.Hashtbl.create 17
- method! vglob_aux g =
- match g with
- | GFun (fundec,loc) ->
- let kf = Extlib.the self#current_kf in
- let vi = Kernel_function.get_vi kf in
- let vi_pre = Cil_const.copy_with_new_vid vi in
- vi_pre.vname <- Data_for_aorai.get_fresh (vi_pre.vname ^ "_pre_func");
- vi_pre.vdefined <- true;
- Cil_datatype.Varinfo.Hashtbl.add func_orig_table vi_pre (Pre_func kf);
+ method! vglob_aux g =
+ match g with
+ | GFun (fundec,loc) ->
+ let kf = Extlib.the self#current_kf in
+ let vi = Kernel_function.get_vi kf in
+ let vi_pre = Cil_const.copy_with_new_vid vi in
+ vi_pre.vname <- Data_for_aorai.get_fresh (vi_pre.vname ^ "_pre_func");
+ vi_pre.vdefined <- true;
+ vi_pre.vghost <- true;
+ Cil_datatype.Varinfo.Hashtbl.add func_orig_table vi_pre (Pre_func kf);
(* TODO:
- what about protos that have no specified args
- (NB: cannot be identified here because of implem of Kernel_function).
+ (NB: cannot be identified here because of implem of Kernel_function).
- what about varargs?
- *)
- let (rettype,args,varargs,_) = Cil.splitFunctionTypeVI vi_pre in
- vi_pre.vtype <- TFun(Cil.voidType, args, varargs,[]);
- vi_pre.vattr <- [];
+ *)
+ let (rettype,args,varargs,_) = Cil.splitFunctionTypeVI vi_pre in
+ vi_pre.vtype <- TFun(Cil.voidType, args, varargs,[]);
+ vi_pre.vattr <- [];
(* in particular get rid of __no_return if set in vi*)
- let arg =
- if Cil.isVoidType rettype
- then []
- else ["res",rettype,[]]
- in
- let vi_post =
- Cil.makeGlobalVar
- (Data_for_aorai.get_fresh (vi.vname ^ "_post_func"))
- (TFun(voidType,Some arg,false,[]))
- in
- Kernel_function.Hashtbl.add aux_post_table kf vi_post;
- Cil_datatype.Varinfo.Hashtbl.add func_orig_table vi_post (Post_func kf);
- let fun_dec_pre = Cil.emptyFunctionFromVI vi_pre in
- let fun_dec_post = Cil.emptyFunctionFromVI vi_post in
- (* For a future analysis of function arguments,
- we have to update the function's formals. Search
- for LBLsformals. *)
- Cil.setFunctionTypeMakeFormals
- fun_dec_pre (TFun(Cil.voidType, args, varargs,[]));
- Cil.setFunctionTypeMakeFormals
- fun_dec_post (TFun(voidType,Some arg,false,[]));
- (* We will now fill the function with the result
- of the automaton's analysis. *)
- let pre_block,pre_locals = mk_pre_fct_block kf in
- let post_block,post_locals =
- mk_post_fct_block kf (Extlib.opt_of_list fun_dec_post.sformals)
- in
- fun_dec_pre.slocals <- pre_locals;
- fun_dec_pre.sbody <- pre_block;
- fun_dec_pre.svar.vdefined <- true;
- fun_dec_post.slocals <- post_locals;
- fun_dec_post.sbody <- post_block;
- fun_dec_post.svar.vdefined <- true;
- let globs = [ GFun(fun_dec_pre,loc); GFun(fun_dec_post,loc);] in
- fundec.sbody.bstmts <- Cil.mkStmtOneInstr
- (Call(None,Cil.evar ~loc vi_pre,
- List.map (fun x -> Cil.evar ~loc x)
- (Kernel_function.get_formals kf),
- loc))
- :: fundec.sbody.bstmts;
- Globals.Functions.replace_by_definition
- (Cil.empty_funspec()) fun_dec_pre loc;
- Globals.Functions.replace_by_definition
- (Cil.empty_funspec()) fun_dec_post loc;
- (* Finally, we update the CFG for the new fundec *)
- let keepSwitch = Kernel.KeepSwitch.get() in
- Cfg.prepareCFG ~keepSwitch fun_dec_pre;
- Cfg.cfgFun fun_dec_pre;
- Cfg.prepareCFG ~keepSwitch fun_dec_post;
- Cfg.cfgFun fun_dec_post;
- ChangeDoChildrenPost([g], fun x -> globs @ x)
- | _ -> DoChildren
+ let arg =
+ if Cil.isVoidType rettype
+ then []
+ else ["res",rettype,[]]
+ in
+ let vi_post =
+ Cil.makeGlobalVar ~ghost:true
+ (Data_for_aorai.get_fresh (vi.vname ^ "_post_func"))
+ (TFun(voidType,Some arg,false,[]))
+ in
+ Kernel_function.Hashtbl.add aux_post_table kf vi_post;
+ Cil_datatype.Varinfo.Hashtbl.add func_orig_table vi_post (Post_func kf);
+ let fun_dec_pre = Cil.emptyFunctionFromVI vi_pre in
+ let fun_dec_post = Cil.emptyFunctionFromVI vi_post in
+ (* For a future analysis of function arguments,
+ we have to update the function's formals. Search
+ for LBLsformals. *)
+ Cil.setFunctionTypeMakeFormals
+ fun_dec_pre (TFun(Cil.voidType, args, varargs,[]));
+ Cil.setFunctionTypeMakeFormals
+ fun_dec_post (TFun(voidType,Some arg,false,[]));
+ (* We will now fill the function with the result
+ of the automaton's analysis. *)
+ let pre_block,pre_locals = mk_pre_fct_block kf in
+ let post_block,post_locals =
+ mk_post_fct_block kf (Extlib.opt_of_list fun_dec_post.sformals)
+ in
+ fun_dec_pre.slocals <- pre_locals;
+ fun_dec_pre.sbody <- pre_block;
+ fun_dec_pre.svar.vdefined <- true;
+ fun_dec_post.slocals <- post_locals;
+ fun_dec_post.sbody <- post_block;
+ fun_dec_post.svar.vdefined <- true;
+ let globs = [ GFun(fun_dec_pre,loc); GFun(fun_dec_post,loc);] in
+ fundec.sbody.bstmts <-
+ Cil.mkStmtOneInstr ~ghost:true
+ (Call(None,Cil.evar ~loc vi_pre,
+ List.map (fun x -> Cil.evar ~loc x)
+ (Kernel_function.get_formals kf),
+ loc))
+ :: fundec.sbody.bstmts;
+ Globals.Functions.replace_by_definition
+ (Cil.empty_funspec()) fun_dec_pre loc;
+ Globals.Functions.replace_by_definition
+ (Cil.empty_funspec()) fun_dec_post loc;
+ (* Finally, we update the CFG for the new fundec *)
+ let keepSwitch = Kernel.KeepSwitch.get() in
+ Cfg.prepareCFG ~keepSwitch fun_dec_pre;
+ Cfg.cfgFun fun_dec_pre;
+ Cfg.prepareCFG ~keepSwitch fun_dec_post;
+ Cfg.cfgFun fun_dec_post;
+ ChangeDoChildrenPost([g], fun x -> globs @ x)
+ | _ -> DoChildren
- method! vstmt_aux stmt =
- match stmt.skind with
+ method! vstmt_aux stmt =
+ match stmt.skind with
| Return (res,loc) ->
let kf = Extlib.the self#current_kf in
let vi = Kernel_function.get_vi kf in
@@ -201,7 +203,8 @@ object (self)
Kernel_function.pretty kf
in
let call =
- mkStmtOneInstr (Call (None,Cil.evar ~loc aux_vi,args,loc))
+ mkStmtOneInstr
+ ~ghost:true (Call (None,Cil.evar ~loc aux_vi,args,loc))
in
let new_return = mkStmt ~valid_sid:true stmt.skind in
let new_stmts = [call; new_return] in
@@ -210,21 +213,21 @@ object (self)
SkipChildren
| _ -> DoChildren
-end
+ end
(*********************************************************************)
(* update from formals of original C function to one of the auxiliary
function (f_aux or f_pre)
- *)
+*)
class change_formals old_kf new_kf =
let old_formals = Kernel_function.get_formals old_kf in
let new_formals = Kernel_function.get_formals new_kf in
let formals = List.combine old_formals new_formals in
-object
- inherit Visitor.frama_c_inplace
- method! vlogic_var_use lv =
- match lv.lv_origin with
+ object
+ inherit Visitor.frama_c_inplace
+ method! vlogic_var_use lv =
+ match lv.lv_origin with
| None -> SkipChildren
| Some vi ->
try
@@ -232,24 +235,24 @@ object
ChangeTo (Cil.cvar_to_lvar vi')
with Not_found -> SkipChildren
- method! vvrbl vi =
- try
- let vi' = List.assq vi formals in
- ChangeTo vi'
- with Not_found -> SkipChildren
-end
+ method! vvrbl vi =
+ try
+ let vi' = List.assq vi formals in
+ ChangeTo vi'
+ with Not_found -> SkipChildren
+ end
(* update \result to param of f_post when it exists. Must not be called if
f_post has no parameter (original f returns void). *)
class change_result new_kf =
let v = List.hd (Kernel_function.get_formals new_kf) in
-object
- inherit Visitor.frama_c_inplace
- method! vterm_lhost lh =
- match lh with
+ object
+ inherit Visitor.frama_c_inplace
+ method! vterm_lhost lh =
+ match lh with
TResult _ -> ChangeTo (TVar (Cil.cvar_to_lvar v))
| _ -> DoChildren
-end
+ end
let post_treatment_loops = Hashtbl.create 97
@@ -257,33 +260,33 @@ let update_loop_assigns kf stmt state vi code_annot =
let loc = Cil_datatype.Stmt.loc stmt in
let assigns = Aorai_utils.aorai_assigns state loc in
let assigns =
- Logic_utils.concat_assigns
+ Logic_utils.concat_assigns
(Writes
[Logic_const.new_identified_term (Logic_const.tvar ~loc vi), From []])
assigns
in
let new_assigns =
match code_annot.annot_content with
- | AAssigns (bhvs,old_assigns) ->
- Logic_const.new_code_annotation
- (AAssigns (bhvs, Logic_utils.concat_assigns old_assigns assigns))
- | _ -> Aorai_option.fatal "Expecting an assigns clause here"
+ | AAssigns (bhvs,old_assigns) ->
+ Logic_const.new_code_annotation
+ (AAssigns (bhvs, Logic_utils.concat_assigns old_assigns assigns))
+ | _ -> Aorai_option.fatal "Expecting an assigns clause here"
in
Annotations.add_code_annot Aorai_option.emitter ~kf stmt new_assigns
let get_action_post_cond kf ?init_trans return_states =
let to_consider pre_state int_states =
match init_trans with
- | None -> true
- | Some init_trans ->
- try
- let possible_states =
- Data_for_aorai.Aorai_state.Map.find pre_state init_trans
- in
- not (Data_for_aorai.Aorai_state.Set.is_empty
- (Data_for_aorai.Aorai_state.Set.inter
- int_states possible_states))
- with Not_found -> false
+ | None -> true
+ | Some init_trans ->
+ try
+ let possible_states =
+ Data_for_aorai.Aorai_state.Map.find pre_state init_trans
+ in
+ not (Data_for_aorai.Aorai_state.Set.is_empty
+ (Data_for_aorai.Aorai_state.Set.inter
+ int_states possible_states))
+ with Not_found -> false
in
let treat_one_path pre_state post_state (int_states,_,bindings) acc =
if to_consider pre_state int_states then begin
@@ -329,9 +332,9 @@ let needs_zero_one_choice states =
false
with Exit -> true
in
- if needs_choice then
- List.map
- Logic_const.new_predicate
+ if needs_choice then
+ List.map
+ Logic_const.new_predicate
(make_zero_one_choice states)
else []
@@ -365,34 +368,34 @@ let neg_trans kf trans =
let auto = Data_for_aorai.getAutomata () in
let rec aux l acc =
match l with
- | [] -> acc
- | (start,stop) :: l ->
- let same_start, rest =
- List.fold_left
- (fun (same_start, rest) (start', stop' as elt) ->
- if Data_for_aorai.Aorai_state.equal start start' then
- stop' :: same_start, rest
- else
- same_start, elt :: rest)
- ([stop],[]) l
- in
- let cond =
- List.fold_left
- (fun cond stop ->
- let trans = Path_analysis.get_edges start stop auto in
- List.fold_left
- (fun cond tr ->
- Logic_simplification.tand
+ | [] -> acc
+ | (start,stop) :: l ->
+ let same_start, rest =
+ List.fold_left
+ (fun (same_start, rest) (start', stop' as elt) ->
+ if Data_for_aorai.Aorai_state.equal start start' then
+ stop' :: same_start, rest
+ else
+ same_start, elt :: rest)
+ ([stop],[]) l
+ in
+ let cond =
+ List.fold_left
+ (fun cond stop ->
+ let trans = Path_analysis.get_edges start stop auto in
+ List.fold_left
+ (fun cond tr ->
+ Logic_simplification.tand
cond (Logic_simplification.tnot (fst tr.cross)))
- cond trans)
- TTrue same_start
- in
- let cond = fst (Logic_simplification.simplifyCond cond) in
- let cond = Aorai_utils.crosscond_to_pred cond kf Promelaast.Call in
- let cond =
- Logic_const.por (Aorai_utils.is_out_of_state_pred start, cond)
- in
- aux rest (Logic_const.pand (acc,cond))
+ cond trans)
+ TTrue same_start
+ in
+ let cond = fst (Logic_simplification.simplifyCond cond) in
+ let cond = Aorai_utils.crosscond_to_pred cond kf Promelaast.Call in
+ let cond =
+ Logic_const.por (Aorai_utils.is_out_of_state_pred start, cond)
+ in
+ aux rest (Logic_const.pand (acc,cond))
in
aux trans Logic_const.ptrue
@@ -415,18 +418,18 @@ let get_unchanged_aux_var loc current_state =
in
let treat_one_action pre_hyp possible_states t action_states acc =
if not (Data_for_aorai.Aorai_state.Set.is_empty
- (Data_for_aorai.Aorai_state.Set.diff
+ (Data_for_aorai.Aorai_state.Set.diff
possible_states action_states))
then begin
let post_hyp =
Data_for_aorai.Aorai_state.Set.fold
(fun st acc ->
- Logic_const.pand ~loc (acc,Aorai_utils.is_out_of_state_pred st))
+ Logic_const.pand ~loc (acc,Aorai_utils.is_out_of_state_pred st))
action_states Logic_const.ptrue
in
let pred =
Logic_const.new_predicate
- (Logic_const.pimplies ~loc
+ (Logic_const.pimplies ~loc
(pre_hyp,
Logic_const.pimplies ~loc
(post_hyp,
@@ -434,18 +437,18 @@ let get_unchanged_aux_var loc current_state =
in
(Normal,pred) :: acc
end else acc
- (* all possible states will update this lval, no need to
- make a special case here.
- *)
+ (* all possible states will update this lval, no need to
+ make a special case here.
+ *)
in
let treat_one_pre_state start map acc =
let pre_hyp = Logic_const.pold ~loc (Aorai_utils.is_state_pred start) in
let actions_map, possible_states =
Data_for_aorai.Aorai_state.Map.fold
- partition_action map
+ partition_action map
(Cil_datatype.Term.Map.empty, Data_for_aorai.Aorai_state.Set.empty)
in
- Cil_datatype.Term.Map.fold
+ Cil_datatype.Term.Map.fold
(treat_one_action pre_hyp possible_states) actions_map acc
in
Data_for_aorai.Aorai_state.Map.fold treat_one_pre_state current_state []
@@ -478,7 +481,7 @@ class visit_adding_pre_post_from_buch treatloops =
(fun _ _ b -> if b then raise Exit else true)
possible_states false);
false
- with Exit ->
+ with Exit ->
true
in
let treat_one_state s =
@@ -492,7 +495,7 @@ class visit_adding_pre_post_from_buch treatloops =
end else begin
(* We can only be in one state. Since we must be in at least one
state, the invariant is quite simple.
- *)
+ *)
predicate_to_invariant kf stmt (Aorai_utils.is_state_pred s)
end
end else begin
@@ -544,11 +547,11 @@ class visit_adding_pre_post_from_buch treatloops =
(treat_one_start_state state) my_state Logic_const.ptrue
in
if Data_for_aorai.Aorai_state.Map.cardinal my_state = 1 &&
- not (Logic_utils.is_trivially_true out_states)
+ not (Logic_utils.is_trivially_true out_states)
then acc (* we only have a single entry state: we can't possibly be
out of it, or another annotation above is invalid. No need
to put an implication with a false lhs.
- *)
+ *)
else
Logic_const.pimplies
(out_states, Aorai_utils.is_out_of_state_pred state)
@@ -582,7 +585,7 @@ class visit_adding_pre_post_from_buch treatloops =
let end_states =
Data_for_aorai.Aorai_state.Map.filter
(fun _ (int_states,_,_) ->
- Data_for_aorai.Aorai_state.Set.mem state int_states)
+ Data_for_aorai.Aorai_state.Set.mem state int_states)
end_states
in
if Data_for_aorai.Aorai_state.Map.is_empty end_states then equivs
@@ -598,26 +601,26 @@ class visit_adding_pre_post_from_buch treatloops =
(* NB: The assigns for a statement contract is a bit overapproximated,
(includes assigns of the whole function), but we don't really have
a better information at this point.
- *)
+ *)
let assigns =
Aorai_utils.aorai_assigns (Data_for_aorai.get_kf_return_state kf) loc
in
match ki with
- | Kstmt stmt -> (* stmt contract *)
- if bhv.b_assigns <> WritesAny then begin
- let bhv_aorai = Cil.mk_behavior ~name:bhv.b_name ~assigns () in
- let spec = Cil.empty_funspec () in
- spec.spec_behavior <- [ bhv_aorai ];
- let ca = Logic_const.new_code_annotation (AStmtSpec ([],spec)) in
- Annotations.add_code_annot Aorai_option.emitter ~kf stmt ca
- end
- | Kglobal -> (* function contract *)
- Annotations.add_assigns
- ~keep_empty:true
- Aorai_option.emitter
- kf
- ~behavior:bhv.b_name
- assigns;
+ | Kstmt stmt -> (* stmt contract *)
+ if bhv.b_assigns <> WritesAny then begin
+ let bhv_aorai = Cil.mk_behavior ~name:bhv.b_name ~assigns () in
+ let spec = Cil.empty_funspec () in
+ spec.spec_behavior <- [ bhv_aorai ];
+ let ca = Logic_const.new_code_annotation (AStmtSpec ([],spec)) in
+ Annotations.add_code_annot Aorai_option.emitter ~kf stmt ca
+ end
+ | Kglobal -> (* function contract *)
+ Annotations.add_assigns
+ ~keep_empty:true
+ Aorai_option.emitter
+ kf
+ ~behavior:bhv.b_name
+ assigns;
in
List.iter update_assigns spec.spec_behavior
in
@@ -638,13 +641,13 @@ class visit_adding_pre_post_from_buch treatloops =
let possible_states =
Data_for_aorai.Aorai_state.Map.fold
(fun _ map acc ->
- Data_for_aorai.Aorai_state.Map.fold
- (fun st _ acc -> Data_for_aorai.Aorai_state.Set.add st acc)
- map acc)
+ Data_for_aorai.Aorai_state.Map.fold
+ (fun st _ acc -> Data_for_aorai.Aorai_state.Set.add st acc)
+ map acc)
return_state Data_for_aorai.Aorai_state.Set.empty
in
let action_post = get_unchanged_aux_var loc return_state in
- if
+ if
Data_for_aorai.Aorai_state.Set.exists
Data_for_aorai.is_reject_state possible_states
then
@@ -653,8 +656,8 @@ class visit_adding_pre_post_from_buch treatloops =
let cond =
Data_for_aorai.Aorai_state.Set.fold
(fun st acc ->
- if Data_for_aorai.is_reject_state st then acc
- else Logic_const.por (Aorai_utils.is_state_pred st,acc))
+ if Data_for_aorai.is_reject_state st then acc
+ else Logic_const.por (Aorai_utils.is_state_pred st,acc))
possible_states Logic_const.pfalse
in
(Normal,Logic_const.new_predicate cond) :: action_post
@@ -670,7 +673,7 @@ class visit_adding_pre_post_from_buch treatloops =
match equivs with
| [ e ] -> (* we just have one possible case, no need to generate
assumes and a negative behavior
- *)
+ *)
let name = "Buchi_property_behavior" in
let s = fst (List.hd e) in
let reachable_states =
@@ -691,7 +694,7 @@ class visit_adding_pre_post_from_buch treatloops =
let preds = make_zero_one_choice reachable_states in
List.fold_left
(fun acc p ->
- (Normal, Logic_const.new_predicate p) :: acc)
+ (Normal, Logic_const.new_predicate p) :: acc)
post_cond preds
end
else post_cond
@@ -707,65 +710,65 @@ class visit_adding_pre_post_from_buch treatloops =
let _,bhvs =
List.fold_left
(fun (i,acc) equiv ->
- let (case_start, case_int) = List.hd equiv in
- let assumes_l =
- List.map (possible_start kf) equiv
- in
- let name = "Buchi_behavior_in_" ^ (string_of_int i) in
- let assumes =
- [Logic_const.new_predicate (Logic_const.pors assumes_l)]
- in
- let reachable_states =
- Data_for_aorai.Aorai_state.Map.find case_start return_state
- in
- let reachable_states =
- Data_for_aorai.Aorai_state.Map.filter
- (fun _ (int,_,_) ->
- Data_for_aorai.Aorai_state.Set.mem case_int int)
- reachable_states
- in
- let (multi_choice, reachable, _) =
- pred_reachable reachable_states
- in
- let post_cond =
- [Normal, Logic_const.new_predicate reachable]
- in
- let post_cond =
- if multi_choice && not (Aorai_option.Deterministic.get()) then
- begin
- let preds = make_zero_one_choice reachable_states in
- List.fold_left
- (fun acc p ->
- (Normal, Logic_const.new_predicate p) :: acc)
- post_cond preds
- end
- else post_cond
- in
- let infos = Aorai_utils.get_preds_post_bc_wrt_params kf in
- let post_cond =
- if Logic_utils.is_trivially_true infos then post_cond
- else (Normal, Logic_const.new_predicate infos) :: post_cond
- in
- let init_trans =
- List.fold_left
- (fun acc (start, int) ->
- let set =
- try Data_for_aorai.Aorai_state.Map.find start acc
- with Not_found -> Data_for_aorai.Aorai_state.Set.empty
- in
- Data_for_aorai.Aorai_state.Map.add
- start
- (Data_for_aorai.Aorai_state.Set.add int set)
- acc)
- Data_for_aorai.Aorai_state.Map.empty
- equiv
- in
- let post_cond =
- post_cond @
- (get_action_post_cond kf ~init_trans return_state)
- in
- (i+1,
- Cil.mk_behavior ~name ~assumes ~post_cond () :: acc))
+ let (case_start, case_int) = List.hd equiv in
+ let assumes_l =
+ List.map (possible_start kf) equiv
+ in
+ let name = "Buchi_behavior_in_" ^ (string_of_int i) in
+ let assumes =
+ [Logic_const.new_predicate (Logic_const.pors assumes_l)]
+ in
+ let reachable_states =
+ Data_for_aorai.Aorai_state.Map.find case_start return_state
+ in
+ let reachable_states =
+ Data_for_aorai.Aorai_state.Map.filter
+ (fun _ (int,_,_) ->
+ Data_for_aorai.Aorai_state.Set.mem case_int int)
+ reachable_states
+ in
+ let (multi_choice, reachable, _) =
+ pred_reachable reachable_states
+ in
+ let post_cond =
+ [Normal, Logic_const.new_predicate reachable]
+ in
+ let post_cond =
+ if multi_choice && not (Aorai_option.Deterministic.get()) then
+ begin
+ let preds = make_zero_one_choice reachable_states in
+ List.fold_left
+ (fun acc p ->
+ (Normal, Logic_const.new_predicate p) :: acc)
+ post_cond preds
+ end
+ else post_cond
+ in
+ let infos = Aorai_utils.get_preds_post_bc_wrt_params kf in
+ let post_cond =
+ if Logic_utils.is_trivially_true infos then post_cond
+ else (Normal, Logic_const.new_predicate infos) :: post_cond
+ in
+ let init_trans =
+ List.fold_left
+ (fun acc (start, int) ->
+ let set =
+ try Data_for_aorai.Aorai_state.Map.find start acc
+ with Not_found -> Data_for_aorai.Aorai_state.Set.empty
+ in
+ Data_for_aorai.Aorai_state.Map.add
+ start
+ (Data_for_aorai.Aorai_state.Set.add int set)
+ acc)
+ Data_for_aorai.Aorai_state.Map.empty
+ equiv
+ in
+ let post_cond =
+ post_cond @
+ (get_action_post_cond kf ~init_trans return_state)
+ in
+ (i+1,
+ Cil.mk_behavior ~name ~assumes ~post_cond () :: acc))
(0,[])
equivs
in
@@ -793,9 +796,9 @@ class visit_adding_pre_post_from_buch treatloops =
let my_trans =
List.fold_left
(fun acc equiv ->
- if select_equivalence_class equiv then
- acc @ equiv
- else acc)
+ if select_equivalence_class equiv then
+ acc @ equiv
+ else acc)
[] equivs
in
let assumes = neg_trans kf my_trans in
@@ -819,11 +822,11 @@ class visit_adding_pre_post_from_buch treatloops =
in
(* If this is the main function, we should exit in at least one
acceptance state.
- *)
+ *)
let bhvs =
if Aorai_option.ConsiderAcceptance.get () &&
- Datatype.String.equal
- (Kernel_function.get_name kf) (Kernel.MainFunction.get())
+ Datatype.String.equal
+ (Kernel_function.get_name kf) (Kernel.MainFunction.get())
then
let accept = Logic_const.new_predicate (get_acceptance_pred()) in
let post_cond = [Normal, accept] in
@@ -863,243 +866,240 @@ class visit_adding_pre_post_from_buch treatloops =
Cil.mk_behavior ~name ~post_cond () :: bhvs
end else bhvs
in
-object(self)
+ object(self)
- inherit Visitor.frama_c_inplace
+ inherit Visitor.frama_c_inplace
- (* We have to update assigns whenever a call occurs in the scope of
- a statement contract (function always update the automaton's state,
- so assigns there have to be changed anyway.) *)
- val has_call = Stack.create ()
+ (* We have to update assigns whenever a call occurs in the scope of
+ a statement contract (function always update the automaton's state,
+ so assigns there have to be changed anyway.) *)
+ val has_call = Stack.create ()
- method private enter_block () = Stack.push (ref false) has_call
+ method private enter_block () = Stack.push (ref false) has_call
- method private call () = Stack.iter (fun x -> x := true) has_call
+ method private call () = Stack.iter (fun x -> x := true) has_call
- method private leave_block () = !(Stack.pop has_call)
+ method private leave_block () = !(Stack.pop has_call)
- method! vfunc f =
- let my_kf = Extlib.the self#current_kf in
- let vi = Kernel_function.get_vi my_kf in
- let spec = Annotations.funspec my_kf in
- let loc = Kernel_function.get_location my_kf in
- (match kind_of_func vi with
- | Pre_func _ | Post_func _ -> ()
- | Not_auto_func -> (* Normal C function *)
- let bhvs = mk_post my_kf in
- let my_state = Data_for_aorai.get_kf_init_state my_kf in
- let requires = needs_zero_one_choice my_state in
- let requires =
- Aorai_utils.auto_func_preconditions
- loc my_kf Promelaast.Call my_state
- @ requires
- in
- let post_cond = needs_post my_kf in
- match Cil.find_default_behavior spec with
- | Some b ->
- let behavior = b.b_name in
- Annotations.add_requires
- Aorai_option.emitter my_kf ~behavior requires;
- Annotations.add_ensures
- Aorai_option.emitter my_kf ~behavior post_cond;
- Annotations.add_behaviors Aorai_option.emitter my_kf bhvs
- | None ->
- let bhv = Cil.mk_behavior ~requires ~post_cond () in
- Annotations.add_behaviors Aorai_option.emitter my_kf (bhv :: bhvs));
- let after f = update_assigns f.svar.vdecl my_kf Kglobal spec; f in
- ChangeDoChildrenPost(f,after)
-
- method! vglob_aux g =
- match g with
- | GFun(f,_) ->
+ method! vfunc f =
let my_kf = Extlib.the self#current_kf in
- (* don't use get_spec, as we'd generate default assigns,
- while we'll fill the spec just below. *)
let vi = Kernel_function.get_vi my_kf in
+ let spec = Annotations.funspec my_kf in
+ let loc = Kernel_function.get_location my_kf in
(match kind_of_func vi with
- | Pre_func kf ->
- (* must advance the automaton according to current call. *)
- let bhvs = mk_pre_fct_spec kf in
- let vis = new change_formals kf my_kf in
- let bhvs =
- Visitor.visitFramacBehaviors vis bhvs
- in
- Annotations.add_behaviors Aorai_option.emitter my_kf bhvs;
- f.sbody <- Visitor.visitFramacBlock vis f.sbody;
- SkipChildren
- | Post_func kf ->
- (* must advance the automaton according to return event. *)
- let (rt, _, _, _) =
- Cil.splitFunctionTypeVI (Kernel_function.get_vi kf)
- in
- let bhvs = mk_post_fct_spec kf in
- let bhvs =
- (* if return type is not void, convert \result in the formal
- arg of current kf. Otherwise, there's no conversion to do. *)
- if Cil.isVoidType rt then bhvs
- else (Visitor.visitFramacBehaviors
- (new change_result my_kf) (* LBLsformals : change_result must not be called
- if f_post has no arguments, ie no formals for a
- function declaration.
- That's why we had to update sformals. *)
- bhvs;)
+ | Pre_func _ | Post_func _ -> ()
+ | Not_auto_func -> (* Normal C function *)
+ let bhvs = mk_post my_kf in
+ let my_state = Data_for_aorai.get_kf_init_state my_kf in
+ let requires = needs_zero_one_choice my_state in
+ let requires =
+ Aorai_utils.auto_func_preconditions
+ loc my_kf Promelaast.Call my_state
+ @ requires
+ in
+ let post_cond = needs_post my_kf in
+ match Cil.find_default_behavior spec with
+ | Some b ->
+ let behavior = b.b_name in
+ Annotations.add_requires
+ Aorai_option.emitter my_kf ~behavior requires;
+ Annotations.add_ensures
+ Aorai_option.emitter my_kf ~behavior post_cond;
+ Annotations.add_behaviors Aorai_option.emitter my_kf bhvs
+ | None ->
+ let bhv = Cil.mk_behavior ~requires ~post_cond () in
+ Annotations.add_behaviors Aorai_option.emitter my_kf (bhv :: bhvs));
+ let after f = update_assigns f.svar.vdecl my_kf Kglobal spec; f in
+ ChangeDoChildrenPost(f,after)
- in
- Annotations.add_behaviors Aorai_option.emitter my_kf bhvs;
- SkipChildren
- | Not_auto_func -> DoChildren (* they are not considered here. *))
-
- | _ -> DoChildren;
+ method! vglob_aux g =
+ match g with
+ | GFun(f,_) ->
+ let my_kf = Extlib.the self#current_kf in
+ (* don't use get_spec, as we'd generate default assigns,
+ while we'll fill the spec just below. *)
+ let vi = Kernel_function.get_vi my_kf in
+ (match kind_of_func vi with
+ | Pre_func kf ->
+ (* must advance the automaton according to current call. *)
+ let bhvs = mk_pre_fct_spec kf in
+ let vis = new change_formals kf my_kf in
+ let bhvs =
+ Visitor.visitFramacBehaviors vis bhvs
+ in
+ Annotations.add_behaviors Aorai_option.emitter my_kf bhvs;
+ f.sbody <- Visitor.visitFramacBlock vis f.sbody;
+ SkipChildren
+ | Post_func kf ->
+ (* must advance the automaton according to return event. *)
+ let (rt, _, _, _) =
+ Cil.splitFunctionTypeVI (Kernel_function.get_vi kf)
+ in
+ let bhvs = mk_post_fct_spec kf in
+ let bhvs =
+ (* if return type is not void, convert \result in the formal
+ arg of current kf. Otherwise, there's no conversion to do. *)
+ if Cil.isVoidType rt then bhvs
+ else (Visitor.visitFramacBehaviors
+ (new change_result my_kf) (* LBLsformals : change_result must not be called
+ if f_post has no arguments, ie no formals for a
+ function declaration.
+ That's why we had to update sformals. *)
+ bhvs;)
- method! vstmt_aux stmt =
- let kf = Extlib.the self#current_kf in
- let treat_loop body_ref stmt =
- let init_state = Data_for_aorai.get_loop_init_state stmt in
- let inv_state = Data_for_aorai.get_loop_invariant_state stmt in
+ in
+ Annotations.add_behaviors Aorai_option.emitter my_kf bhvs;
+ SkipChildren
+ | Not_auto_func -> DoChildren (* they are not considered here. *))
- let possible_states =
- Data_for_aorai.merge_end_state
- (all_possible_states init_state) (all_possible_states inv_state)
- in
- let loop_assigns =
- Annotations.code_annot ~filter:Logic_utils.is_assigns stmt
- in
- (* varinfo of the init_var associated to this loop *)
- let vi_init =
- Data_for_aorai.get_varinfo
- (Data_for_aorai.loopInit ^ "_" ^ string_of_int stmt.sid)
- in
+ | _ -> DoChildren;
- (* 1) The associated init variable is set to 0 in first position
- (or in second position if the first stmt is a if)*)
+ method! vstmt_aux stmt =
+ let kf = Extlib.the self#current_kf in
+ let treat_loop body_ref stmt =
+ let init_state = Data_for_aorai.get_loop_init_state stmt in
+ let inv_state = Data_for_aorai.get_loop_invariant_state stmt in
- let loc = Cil_datatype.Stmt.loc stmt in
- let stmt_varset =
- Cil.mkStmtOneInstr
- (Set((Var vi_init,NoOffset), Cil.zero ~loc, loc))
- in
- stmt_varset.sid<-(Cil_const.Sid.next ());
- stmt_varset.ghost<-true;
- begin
- (* Function adapted from the cil printer *)
- try
- let rec skipEmpty = function
- [] -> []
- | {skind=Instr (Skip _);labels=[]} :: rest -> skipEmpty rest
- | x -> x
- in
- match skipEmpty !body_ref.bstmts with
- | {skind=If(_,tb,fb,_)} as head:: _ ->
- begin
- match skipEmpty tb.bstmts, skipEmpty fb.bstmts with
- | _, {skind=Break _}:: _
- | _, {skind=Goto _} :: _
- | {skind=Goto _} :: _, _
- | {skind=Break _} :: _, _ ->
- !body_ref.bstmts <-
- head :: stmt_varset :: List.tl !body_ref.bstmts
- | _ ->
- raise Not_found
- end
- | _ -> raise Not_found
- with Not_found ->
- !body_ref.bstmts<-stmt_varset::!body_ref.bstmts
- end;
+ let possible_states =
+ Data_for_aorai.merge_end_state
+ (all_possible_states init_state) (all_possible_states inv_state)
+ in
+ let loop_assigns =
+ Annotations.code_annot ~filter:Logic_utils.is_assigns stmt
+ in
+ (* varinfo of the init_var associated to this loop *)
+ let vi_init =
+ Data_for_aorai.get_varinfo
+ (Data_for_aorai.loopInit ^ "_" ^ string_of_int stmt.sid)
+ in
- (* 2) The associated init variable is set to 1 before the loop *)
- let new_loop = mkStmt ~valid_sid:true stmt.skind in
- let stmt_varset =
- Cil.mkStmtOneInstr ~valid_sid:true
- (Set((Var(vi_init),NoOffset), Cil.one ~loc, loc))
- in
- stmt_varset.ghost <- true;
- let block = mkBlock [stmt_varset;new_loop] in
- stmt.skind<-Block(block);
+ (* 1) The associated init variable is set to 0 in first position
+ (or in second position if the first stmt is a if)*)
- (* Overcome WP limitation wrt LoopEntry. See bug 1353 *)
- new_loop.labels <-
- [ Label ("aorai_loop_" ^ string_of_int stmt.sid,
- Cil_datatype.Stmt.loc stmt, false)];
- let loop_entry_label = StmtLabel (ref new_loop) in
+ let loc = Cil_datatype.Stmt.loc stmt in
+ let stmt_varset =
+ Cil.mkStmtOneInstr ~ghost:true ~valid_sid:true
+ (Set((Var vi_init,NoOffset), Cil.zero ~loc, loc))
+ in
+ begin
+ (* Function adapted from the cil printer *)
+ try
+ let rec skipEmpty = function
+ [] -> []
+ | {skind=Instr (Skip _);labels=[]} :: rest -> skipEmpty rest
+ | x -> x
+ in
+ match skipEmpty !body_ref.bstmts with
+ | {skind=If(_,tb,fb,_)} as head:: _ ->
+ begin
+ match skipEmpty tb.bstmts, skipEmpty fb.bstmts with
+ | _, {skind=Break _}:: _
+ | _, {skind=Goto _} :: _
+ | {skind=Goto _} :: _, _
+ | {skind=Break _} :: _, _ ->
+ !body_ref.bstmts <-
+ head :: stmt_varset :: List.tl !body_ref.bstmts
+ | _ ->
+ raise Not_found
+ end
+ | _ -> raise Not_found
+ with Not_found ->
+ !body_ref.bstmts<-stmt_varset::!body_ref.bstmts
+ end;
- (* 3) Generation of the loop invariant *)
- let mk_imply operator predicate =
- pimplies
- (prel(operator,
- Aorai_utils.mk_term_from_vi vi_init,
- Aorai_utils.zero_term()),
- predicate)
- in
- (* The loop invariant is :
- (Global invariant) // all never reached state are set to zero
- & (Init => Pre1) // external pre-condition
- & (not Init => Post2) // internal post-condition
- & counter_invariant // values of counters.
- (init: fresh variable which indicates if the iteration is the first
- one). *)
- condition_to_invariant kf possible_states new_loop;
+ (* 2) The associated init variable is set to 1 before the loop *)
+ let new_loop = mkStmt ~valid_sid:true stmt.skind in
+ let stmt_varset =
+ Cil.mkStmtOneInstr ~ghost:true ~valid_sid:true
+ (Set((Var(vi_init),NoOffset), Cil.one ~loc, loc))
+ in
+ let block = mkBlock [stmt_varset;new_loop] in
+ stmt.skind<-Block(block);
- let init_preds =
- impossible_states_preds Logic_const.pre_label possible_states init_state
- in
- let treat_init_pred pred =
- let pred = mk_imply Rneq pred in
- predicate_to_invariant kf new_loop pred
- in
- List.iter treat_init_pred init_preds;
- let invariant_preds =
- impossible_states_preds_inv loop_entry_label possible_states inv_state
- in
- let treat_inv_pred pred =
- let pred = mk_imply Req pred in
- predicate_to_invariant kf new_loop pred
- in
- List.iter treat_inv_pred invariant_preds;
+ (* Overcome WP limitation wrt LoopEntry. See bug 1353 *)
+ new_loop.labels <-
+ [ Label ("aorai_loop_" ^ string_of_int stmt.sid,
+ Cil_datatype.Stmt.loc stmt, false)];
+ let loop_entry_label = StmtLabel (ref new_loop) in
- let action_inv_preds =
- Aorai_utils.all_actions_preds loop_entry_label inv_state
- in
- List.iter (predicate_to_invariant kf new_loop) action_inv_preds;
-
- List.iter
- (update_loop_assigns kf new_loop inv_state (Cil.cvar_to_lvar vi_init))
- loop_assigns;
+ (* 3) Generation of the loop invariant *)
+ let mk_imply operator predicate =
+ pimplies
+ (prel(operator,
+ Aorai_utils.mk_term_from_vi vi_init,
+ Aorai_utils.zero_term()),
+ predicate)
+ in
+ (* The loop invariant is :
+ (Global invariant) // all never reached state are set to zero
+ & (Init => Pre1) // external pre-condition
+ & (not Init => Post2) // internal post-condition
+ & counter_invariant // values of counters.
+ (init: fresh variable which indicates if the iteration is the first
+ one). *)
+ condition_to_invariant kf possible_states new_loop;
+
+ let init_preds =
+ impossible_states_preds Logic_const.pre_label possible_states init_state
+ in
+ let treat_init_pred pred =
+ let pred = mk_imply Rneq pred in
+ predicate_to_invariant kf new_loop pred
+ in
+ List.iter treat_init_pred init_preds;
+ let invariant_preds =
+ impossible_states_preds_inv loop_entry_label possible_states inv_state
+ in
+ let treat_inv_pred pred =
+ let pred = mk_imply Req pred in
+ predicate_to_invariant kf new_loop pred
+ in
+ List.iter treat_inv_pred invariant_preds;
- (* 4) Keeping in mind to preserve old annotations after visitor end *)
- Hashtbl.add post_treatment_loops (ref stmt) (ref new_loop);
+ let action_inv_preds =
+ Aorai_utils.all_actions_preds loop_entry_label inv_state
+ in
+ List.iter (predicate_to_invariant kf new_loop) action_inv_preds;
- (* 5) Updated stmt is returned *)
- stmt
- in
- self#enter_block ();
- let after s =
- if self#leave_block () then
- let annots = Annotations.code_annot stmt in
- let _, specs = List.split (Logic_utils.extract_contract annots) in
List.iter
- (update_assigns
- (Cil_datatype.Stmt.loc stmt)
- (Extlib.the self#current_kf)
- (Kstmt stmt))
- specs;
- s
- else
- s
- in
- if treatloops then
- match stmt.skind with
- | Loop (_,block,_,_,_) ->
- ChangeDoChildrenPost(stmt, after $ (treat_loop (ref block)))
+ (update_loop_assigns kf new_loop inv_state (Cil.cvar_to_lvar vi_init))
+ loop_assigns;
- | _ -> ChangeDoChildrenPost(stmt, after)
- else
- ChangeDoChildrenPost(stmt,after)
+ (* 4) Keeping in mind to preserve old annotations after visitor end *)
+ Hashtbl.add post_treatment_loops (ref stmt) (ref new_loop);
+
+ (* 5) Updated stmt is returned *)
+ stmt
+ in
+ self#enter_block ();
+ let after s =
+ if self#leave_block () then
+ let annots = Annotations.code_annot stmt in
+ let _, specs = List.split (Logic_utils.extract_contract annots) in
+ List.iter
+ (update_assigns
+ (Cil_datatype.Stmt.loc stmt)
+ (Extlib.the self#current_kf)
+ (Kstmt stmt))
+ specs;
+ s
+ else
+ s
+ in
+ if treatloops then
+ match stmt.skind with
+ | Loop (_,block,_,_,_) ->
+ ChangeDoChildrenPost(stmt, after $ (treat_loop (ref block)))
+
+ | _ -> ChangeDoChildrenPost(stmt, after)
+ else
+ ChangeDoChildrenPost(stmt,after)
- method! vinst = function
- | Call _ | Local_init (_, ConsInit _, _) -> self#call (); DoChildren
- | _ -> DoChildren
+ method! vinst = function
+ | Call _ | Local_init (_, ConsInit _, _) -> self#call (); DoChildren
+ | _ -> DoChildren
-end
+ end
let add_pre_post_from_buch file treatloops =
let visitor = new visit_adding_pre_post_from_buch treatloops in
@@ -1108,21 +1108,21 @@ let add_pre_post_from_buch file treatloops =
Variant clause has to be preserved at the end of the annotation.*)
Hashtbl.iter
(fun old_stmt new_stmt ->
- let new_s = !new_stmt in
- let old_s = !old_stmt in
- let kf = Kernel_function.find_englobing_kf old_s in
- (* Erasing annotations from the old statement before attaching them with
- the new one *)
- let annots =
- Annotations.fold_code_annot
- (fun e a acc ->
- Annotations.remove_code_annot e ~kf old_s a;
- if (Logic_utils.is_assigns a) then acc else (e, a) :: acc)
- old_s
- [];
- in
- List.iter (fun (e, a) -> Annotations.add_code_annot e ~kf new_s a) annots)
- post_treatment_loops
+ let new_s = !new_stmt in
+ let old_s = !old_stmt in
+ let kf = Kernel_function.find_englobing_kf old_s in
+ (* Erasing annotations from the old statement before attaching them with
+ the new one *)
+ let annots =
+ Annotations.fold_code_annot
+ (fun e a acc ->
+ Annotations.remove_code_annot e ~kf old_s a;
+ if (Logic_utils.is_assigns a) then acc else (e, a) :: acc)
+ old_s
+ [];
+ in
+ List.iter (fun (e, a) -> Annotations.add_code_annot e ~kf new_s a) annots)
+ post_treatment_loops
let add_sync_with_buch file =
let visitor = new visit_adding_code_for_synchronisation in
diff --git a/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
index d4dfd5db8dd4c6ebbea9033d37489c1118508643..6c66a3027f5e460bd9c2f940af4e5161e5b44de4 100644
--- a/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
@@ -18,111 +18,117 @@ int X;
/*@ ghost int S_in_f = 0; */
/*@ ghost int Sf = 0; */
/*@ ghost int in_main = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_in:
- assumes 1 ≡ Sf;
- ensures 1 ≡ S_in_f;
-
- behavior buch_state_S_in_f_out:
- assumes 0 ≡ Sf;
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- Sf_tmp = 0;
- if (Sf == 1) S_in_f_tmp = 1; else S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_in:
+ assumes 1 ≡ Sf;
+ ensures 1 ≡ S_in_f;
+
+ behavior buch_state_S_in_f_out:
+ assumes 0 ≡ Sf;
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void f_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ Sf_tmp = 0;
+ if (Sf == 1) S_in_f_tmp = 1; else S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S_in_f ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_in:
- assumes 1 ≡ S_in_f;
- ensures 1 ≡ in_main;
-
- behavior buch_state_in_main_out:
- assumes 0 ≡ S_in_f;
- ensures 0 ≡ in_main;
- */
-void f_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- if (S_in_f == 1) in_main_tmp = 1; else in_main_tmp = 0;
- Sf_tmp = 0;
- S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S_in_f ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_in:
+ assumes 1 ≡ S_in_f;
+ ensures 1 ≡ in_main;
+
+ behavior buch_state_in_main_out:
+ assumes 0 ≡ S_in_f;
+ ensures 0 ≡ in_main;
+ @/
+ void f_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ if (S_in_f == 1) in_main_tmp = 1; else in_main_tmp = 0;
+ Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Sf ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ in_main;
@@ -133,117 +139,123 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
X ++;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- if (S1 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ if (S1 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ in_main ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ in_main;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ in_main;
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- Sf_tmp = 0;
- S_in_f_tmp = 0;
- if (in_main == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ in_main ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ in_main;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ in_main;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ if (in_main == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
@@ -260,14 +272,14 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ assigns X; */
X ++;
/*@ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
in_main, X;
*/
f();
- main_post_func(X);
+ /*@ ghost main_post_func(X); */
return X;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
index b52a02ae3106afe0e4d7e496dc7f81726e40bb3b..2434556b05d580bac96d12dfa195f2e84cc9ee09 100644
--- a/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
@@ -32,76 +32,82 @@ int X;
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int aorai_CurStates = S1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_in:
- assumes aorai_CurStates ≡ Sf;
- ensures aorai_CurStates ≡ S_in_f;
-
- behavior buch_state_S_in_f_out:
- assumes aorai_CurStates ≢ Sf;
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void f_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (3 == aorai_CurStates) aorai_CurStates_tmp = S_in_f;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_in:
+ assumes aorai_CurStates ≡ Sf;
+ ensures aorai_CurStates ≡ S_in_f;
+
+ behavior buch_state_S_in_f_out:
+ assumes aorai_CurStates ≢ Sf;
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void f_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (3 == aorai_CurStates) aorai_CurStates_tmp = S_in_f;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S_in_f;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_in:
- assumes aorai_CurStates ≡ S_in_f;
- ensures aorai_CurStates ≡ in_main;
-
- behavior buch_state_in_main_out:
- assumes aorai_CurStates ≢ S_in_f;
- ensures aorai_CurStates ≢ in_main;
- */
-void f_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = in_main;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S_in_f;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_in:
+ assumes aorai_CurStates ≡ S_in_f;
+ ensures aorai_CurStates ≡ in_main;
+
+ behavior buch_state_in_main_out:
+ assumes aorai_CurStates ≢ S_in_f;
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void f_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = in_main;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ Sf;
@@ -110,82 +116,88 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
X ++;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ S1;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ S1;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ S1;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ S1;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ in_main;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ in_main;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ in_main;
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) aorai_CurStates_tmp = S2;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ in_main;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ in_main;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ in_main;
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) aorai_CurStates_tmp = S2;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S1;
assigns X, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
@@ -198,12 +210,12 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ assigns X; */
X ++;
/*@ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates, X; */
f();
- main_post_func(X);
+ /*@ ghost main_post_func(X); */
return X;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
index c7cdce1675eca5b5f360f6b59e68b5ea7f68c998..97ad07ce779b14e27de99125e07e9e9b2bd71f11 100644
--- a/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
@@ -14,42 +14,48 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void a_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void a_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void a_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void a_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -57,47 +63,53 @@ void a_post_func(void)
ensures 0 ≡ S; */
void a(void)
{
- a_pre_func();
- a_post_func();
+ /*@ ghost a_pre_func(); */
+ /*@ ghost a_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -105,8 +117,8 @@ void main_post_func(void)
ensures 0 ≡ S; */
void main(void)
{
- int aorai_Loop_Init_4;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_4; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_4 = 1; */
aorai_loop_4:
@@ -120,7 +132,7 @@ void main(void)
a();
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
index c9699d26a614ecc8c606734d4a103b7e45029c70..566b9dc7ab47ef19917278a6e3bc53664b0d291a 100644
--- a/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
@@ -17,124 +17,130 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state = 0; */
/*@ ghost int aorai_intermediate_state_0 = 0; */
/*@ ghost int init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ T;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ T;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void a_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- if (T == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- if (S == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ T;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ T;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void a_pre_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ if (T == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ if (S == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S ∧ 0 ≡ T ∧ 0 ≡ init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ S;
-
- behavior buch_state_T_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ T;
-
- behavior buch_state_T_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void a_post_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) T_tmp = 1; else T_tmp = 0;
- if (aorai_intermediate_state_0 == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S ∧ 0 ≡ T ∧ 0 ≡ init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ T;
+
+ behavior buch_state_T_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void a_post_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) T_tmp = 1; else T_tmp = 0;
+ if (aorai_intermediate_state_0 == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ S ∨ 1 ≡ T) ∧ 0 ≡ aorai_intermediate_state ∧
@@ -169,117 +175,123 @@ void a_post_func(void)
*/
void a(void)
{
- a_pre_func();
- a_post_func();
+ /*@ ghost a_pre_func(); */
+ /*@ ghost a_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ init;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ init;
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- if (init == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ init;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ init;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ if (init == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S ∧ 0 ≡ T ∧ 0 ≡ aorai_intermediate_state ∧
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S ∧ 0 ≡ T ∧ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ init ∧ 0 ≡ S ∧ 0 ≡ T ∧
@@ -293,8 +305,8 @@ void main_post_func(void)
*/
void main(void)
{
- int aorai_Loop_Init_4;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_4; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_4 = 1; */
aorai_loop_4:
@@ -316,7 +328,7 @@ void main(void)
a();
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle b/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
index 785558db321c01527dcb2e890c70aa8c8b61b395..f30827619507d6a1d3244f24cb2af9416e749eb3 100644
--- a/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
@@ -45,52 +45,58 @@ lemma I_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Terminated ∧ __retres_f ≡ 0));
*/
/*@ ghost int aorai_CurStates = I; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_I_in:
- assumes aorai_CurStates ≡ I;
- ensures aorai_CurStates ≡ I;
-
- behavior buch_state_I_out:
- assumes aorai_CurStates ≢ I;
- ensures aorai_CurStates ≢ I;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_I_in:
+ assumes aorai_CurStates ≡ I;
+ ensures aorai_CurStates ≡ I;
+
+ behavior buch_state_I_out:
+ assumes aorai_CurStates ≢ I;
+ ensures aorai_CurStates ≢ I;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ I;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_I_in:
- assumes aorai_CurStates ≡ I;
- ensures aorai_CurStates ≡ I;
-
- behavior buch_state_I_out:
- assumes aorai_CurStates ≢ I;
- ensures aorai_CurStates ≢ I;
- */
-void main_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ I;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_I_in:
+ assumes aorai_CurStates ≡ I;
+ ensures aorai_CurStates ≡ I;
+
+ behavior buch_state_I_out:
+ assumes aorai_CurStates ≢ I;
+ ensures aorai_CurStates ≢ I;
+ @/
+ void main_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ I;
@@ -99,9 +105,9 @@ void main_post_func(void)
*/
void main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f();
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle b/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
index 5cf565f5e56aac1d286c5e2c0656161ad4a132a4..37d537ca5af54b6e147169cb5a78c9903dc749fb 100644
--- a/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
@@ -62,108 +62,114 @@ lemma S0_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Called ∧ c ≡ 0);
*/
/*@ ghost int aorai_CurStates = Si; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_in:
- assumes aorai_CurStates ≡ S3 ∧ x ≡ 4;
- ensures aorai_CurStates ≡ S4;
-
- behavior buch_state_S4_out:
- assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 4);
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_in:
- assumes aorai_CurStates ≡ S3 ∧ x ≡ 5;
- ensures aorai_CurStates ≡ S5;
-
- behavior buch_state_S5_out:
- assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 5);
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void g_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (3 == aorai_CurStates)
- if (x == 5) aorai_CurStates_tmp = S5;
- if (3 == aorai_CurStates)
- if (x == 4) aorai_CurStates_tmp = S4;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_in:
+ assumes aorai_CurStates ≡ S3 ∧ x ≡ 4;
+ ensures aorai_CurStates ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 4);
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_in:
+ assumes aorai_CurStates ≡ S3 ∧ x ≡ 5;
+ ensures aorai_CurStates ≡ S5;
+
+ behavior buch_state_S5_out:
+ assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 5);
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void g_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (3 == aorai_CurStates)
+ if (x == 5) aorai_CurStates_tmp = S5;
+ if (3 == aorai_CurStates)
+ if (x == 4) aorai_CurStates_tmp = S4;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S4 ∨ aorai_CurStates ≡ S5;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_in:
- assumes aorai_CurStates ≡ S5;
- ensures aorai_CurStates ≡ S1;
-
- behavior buch_state_S1_out:
- assumes aorai_CurStates ≢ S5;
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_in:
- assumes aorai_CurStates ≡ S4;
- ensures aorai_CurStates ≡ S3;
-
- behavior buch_state_S3_out:
- assumes aorai_CurStates ≢ S4;
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void g_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) aorai_CurStates_tmp = S3;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = S1;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S4 ∨ aorai_CurStates ≡ S5;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_in:
+ assumes aorai_CurStates ≡ S5;
+ ensures aorai_CurStates ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes aorai_CurStates ≢ S5;
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_in:
+ assumes aorai_CurStates ≡ S4;
+ ensures aorai_CurStates ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes aorai_CurStates ≢ S4;
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void g_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) aorai_CurStates_tmp = S3;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = S1;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S3;
requires aorai_CurStates ≡ S3 ⇒ x ≡ 5 ∨ x ≡ 4;
@@ -178,104 +184,110 @@ void g_post_func(void)
*/
void g(int x)
{
- g_pre_func(x);
+ /*@ ghost g_pre_func(x); */
Y = x;
- g_post_func();
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_in:
- assumes aorai_CurStates ≡ S1 ∧ x ≡ 4;
- ensures aorai_CurStates ≡ S3;
-
- behavior buch_state_S3_out:
- assumes aorai_CurStates ≢ S1 ∨ ¬(x ≡ 4);
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (1 == aorai_CurStates)
- if (x == 4) aorai_CurStates_tmp = S3;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_in:
+ assumes aorai_CurStates ≡ S1 ∧ x ≡ 4;
+ ensures aorai_CurStates ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes aorai_CurStates ≢ S1 ∨ ¬(x ≡ 4);
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void f_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (1 == aorai_CurStates)
+ if (x == 4) aorai_CurStates_tmp = S3;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S1;
- requires aorai_CurStates ≡ S1 ⇒ res ≡ 0 ∧ X ≡ 5;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ S1 ∧ res ≡ 0 ∧ X ≡ 5;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ S1 ∨ ¬(res ≡ 0 ∧ X ≡ 5);
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void f_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (1 == aorai_CurStates)
- if (res == 0)
- if (X == 5) aorai_CurStates_tmp = S2;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S1;
+ requires aorai_CurStates ≡ S1 ⇒ res ≡ 0 ∧ X ≡ 5;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ S1 ∧ res ≡ 0 ∧ X ≡ 5;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ S1 ∨ ¬(res ≡ 0 ∧ X ≡ 5);
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void f_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (1 == aorai_CurStates)
+ if (res == 0)
+ if (X == 5) aorai_CurStates_tmp = S2;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S1;
requires aorai_CurStates ≡ S1 ⇒ x ≡ 4;
@@ -287,112 +299,118 @@ void f_post_func(int res)
int f(int x)
{
int __retres;
- f_pre_func(x);
+ /*@ ghost f_pre_func(x); */
X = x;
g(X);
X ++;
g(X);
__retres = 0;
- f_post_func(__retres);
+ /*@ ghost f_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_real_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_in:
- assumes aorai_CurStates ≡ S0 ∧ c ≢ 0;
- ensures aorai_CurStates ≡ S1;
-
- behavior buch_state_S1_out:
- assumes aorai_CurStates ≢ S0 ∨ c ≡ 0;
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ S0 ∧ c ≡ 0;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ S0 ∨ ¬(c ≡ 0);
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void real_main_pre_func(int c)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_real_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates)
- if (c == 0) aorai_CurStates_tmp = S2;
- if (0 == aorai_CurStates)
- if (c != 0) aorai_CurStates_tmp = S1;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_real_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_in:
+ assumes aorai_CurStates ≡ S0 ∧ c ≢ 0;
+ ensures aorai_CurStates ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes aorai_CurStates ≢ S0 ∨ c ≡ 0;
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ S0 ∧ c ≡ 0;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ S0 ∨ ¬(c ≡ 0);
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void real_main_pre_func(int c)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_real_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates)
+ if (c == 0) aorai_CurStates_tmp = S2;
+ if (0 == aorai_CurStates)
+ if (c != 0) aorai_CurStates_tmp = S1;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_real_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ S2;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ S2;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void real_main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_real_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_real_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ S2;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ S2;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void real_main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_real_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S0;
requires aorai_CurStates ≡ S0 ⇒ c ≡ 0 ∨ c ≢ 0;
@@ -403,101 +421,107 @@ void real_main_post_func(int res)
int real_main(int c)
{
int __retres;
- real_main_pre_func(c);
+ /*@ ghost real_main_pre_func(c); */
if (c) f(4);
__retres = 0;
- real_main_post_func(__retres);
+ /*@ ghost real_main_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_in:
- assumes aorai_CurStates ≡ Si;
- ensures aorai_CurStates ≡ S0;
-
- behavior buch_state_S0_out:
- assumes aorai_CurStates ≢ Si;
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (7 == aorai_CurStates) aorai_CurStates_tmp = S0;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_in:
+ assumes aorai_CurStates ≡ Si;
+ ensures aorai_CurStates ≡ S0;
+
+ behavior buch_state_S0_out:
+ assumes aorai_CurStates ≢ Si;
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void main_pre_func(int c)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (7 == aorai_CurStates) aorai_CurStates_tmp = S0;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ Sf;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ Sf;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (6 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ Sf;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ Sf;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (6 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ Si;
@@ -507,9 +531,9 @@ void main_post_func(int res)
int main(int c)
{
int tmp;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
tmp = real_main(c);
- main_post_func(tmp);
+ /*@ ghost main_post_func(tmp); */
return tmp;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle b/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
index 2aa1667c2d9f80f1459a3841b4d9206007a7c2a3..2e24eb7f8a7502ffb36cad5f670b90fc673a2b01 100644
--- a/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
@@ -76,151 +76,159 @@ lemma aorai_intermediate_state_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Terminated) ∨
\at(aorai_x,L) ≢ 1));
*/
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_x_0, aorai_x, aorai_CurOpStatus, aorai_CurOperation,
- aorai_CurStates;
-
- behavior buch_state_OK_out:
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_in_0:
- assumes aorai_CurStates ≡ main_0 ∧ x ≡ 1;
- ensures aorai_CurStates ≡ aorai_intermediate_state;
- ensures aorai_x ≡ \old(x);
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 1);
- ensures aorai_CurStates ≢ aorai_intermediate_state;
- ensures aorai_x ≡ \old(aorai_x);
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in_0:
- assumes aorai_CurStates ≡ main_0 ∧ x ≡ 3;
- ensures aorai_CurStates ≡ aorai_intermediate_state_2;
- ensures aorai_x_0 ≡ \old(x);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 3);
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
- ensures aorai_x_0 ≡ \old(aorai_x_0);
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (7 == aorai_CurStates)
- if (x == 3) {
- aorai_CurStates_tmp = aorai_intermediate_state_2;
- aorai_x_0 = x;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_x_0, aorai_x, aorai_CurOpStatus, aorai_CurOperation,
+ aorai_CurStates;
+
+ behavior buch_state_OK_out:
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_in_0:
+ assumes aorai_CurStates ≡ main_0 ∧ x ≡ 1;
+ ensures aorai_CurStates ≡ aorai_intermediate_state;
+ ensures aorai_x ≡ \old(x);
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 1);
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+ ensures aorai_x ≡ \old(aorai_x);
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in_0:
+ assumes aorai_CurStates ≡ main_0 ∧ x ≡ 3;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_2;
+ ensures aorai_x_0 ≡ \old(x);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 3);
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+ ensures aorai_x_0 ≡ \old(aorai_x_0);
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void f_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (7 == aorai_CurStates)
+ if (x == 3) {
+ aorai_CurStates_tmp = aorai_intermediate_state_2;
+ aorai_x_0 = x;
+ }
+ if (7 == aorai_CurStates)
+ if (x == 1) {
+ aorai_CurStates_tmp = aorai_intermediate_state;
+ aorai_x = x;
+ }
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
+
+/*@ ghost
+ /@ requires
+ aorai_CurStates ≡ aorai_intermediate_state ∨
+ aorai_CurStates ≡ aorai_intermediate_state_2;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state ⇒
+ aorai_x ≢ 1 ∨ aorai_x ≡ 1;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state_2 ⇒
+ aorai_x_0 ≢ 3 ∨ aorai_x_0 ≡ 3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes
+ aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≡ 3;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes
+ aorai_CurStates ≢ aorai_intermediate_state_2 ∨
+ ¬(aorai_x_0 ≡ 3);
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes
+ aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≡ 1;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes
+ aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≡ 1);
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ (aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≢ 3) ∨
+ (aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≢ 1);
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ (aorai_CurStates ≢ aorai_intermediate_state_2 ∨
+ ¬(aorai_x_0 ≢ 3)) ∧
+ (aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≢ 1));
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void f_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) {
+ if (aorai_x_0 != 3) aorai_CurStates_tmp = aorai_reject;
+ else goto _LAND;
}
- if (7 == aorai_CurStates)
- if (x == 1) {
- aorai_CurStates_tmp = aorai_intermediate_state;
- aorai_x = x;
+ else {
+ _LAND: ;
+ if (1 == aorai_CurStates)
+ if (aorai_x != 1) aorai_CurStates_tmp = aorai_reject;
}
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
-
-/*@ requires
- aorai_CurStates ≡ aorai_intermediate_state ∨
- aorai_CurStates ≡ aorai_intermediate_state_2;
- requires
- aorai_CurStates ≡ aorai_intermediate_state ⇒
- aorai_x ≢ 1 ∨ aorai_x ≡ 1;
- requires
- aorai_CurStates ≡ aorai_intermediate_state_2 ⇒
- aorai_x_0 ≢ 3 ∨ aorai_x_0 ≡ 3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes
- aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≡ 3;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes
- aorai_CurStates ≢ aorai_intermediate_state_2 ∨
- ¬(aorai_x_0 ≡ 3);
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≡ 1;
- ensures aorai_CurStates ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes
- aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≡ 1);
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- (aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≢ 3) ∨
- (aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≢ 1);
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- (aorai_CurStates ≢ aorai_intermediate_state_2 ∨
- ¬(aorai_x_0 ≢ 3)) ∧
- (aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≢ 1));
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void f_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) {
- if (aorai_x_0 != 3) aorai_CurStates_tmp = aorai_reject; else goto _LAND;
- }
- else {
- _LAND: ;
if (1 == aorai_CurStates)
- if (aorai_x != 1) aorai_CurStates_tmp = aorai_reject;
+ if (aorai_x == 1) aorai_CurStates_tmp = aorai_intermediate_state_0;
+ if (4 == aorai_CurStates)
+ if (aorai_x_0 == 3) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- if (1 == aorai_CurStates)
- if (aorai_x == 1) aorai_CurStates_tmp = aorai_intermediate_state_0;
- if (4 == aorai_CurStates)
- if (aorai_x_0 == 3) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+
+*/
/*@ requires aorai_CurStates ≡ main_0;
requires aorai_CurStates ≡ main_0 ⇒ x ≡ 3 ∨ x ≡ 1;
@@ -281,144 +289,152 @@ void f_post_func(int res)
*/
int f(int x)
{
- f_pre_func(x);
- f_post_func(x);
+ /*@ ghost f_pre_func(x); */
+ /*@ ghost f_post_func(x); */
return x;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_y, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes aorai_CurStates ≡ aorai_intermediate_state_0;
- ensures aorai_CurStates ≡ aorai_intermediate_state_1;
- ensures aorai_y ≡ \old(y);
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes aorai_CurStates ≢ aorai_intermediate_state_0;
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
- ensures aorai_y ≡ \old(aorai_y);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void g_pre_func(int y)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- if (2 == aorai_CurStates) {
- aorai_CurStates_tmp = aorai_intermediate_state_1;
- aorai_y = y;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_y, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes aorai_CurStates ≡ aorai_intermediate_state_0;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_1;
+ ensures aorai_y ≡ \old(y);
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes aorai_CurStates ≢ aorai_intermediate_state_0;
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+ ensures aorai_y ≡ \old(aorai_y);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void g_pre_func(int y)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ if (2 == aorai_CurStates) {
+ aorai_CurStates_tmp = aorai_intermediate_state_1;
+ aorai_y = y;
+ }
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
-/*@ requires
- aorai_CurStates ≡ OK ∨
- aorai_CurStates ≡ aorai_intermediate_state_1;
- requires
- aorai_CurStates ≡ aorai_intermediate_state_1 ⇒
- aorai_y ≢ 2 ∨ aorai_y ≡ 2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes
- (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≡ 2) ∨
- aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes
- (aorai_CurStates ≢ aorai_intermediate_state_1 ∨ ¬(aorai_y ≡ 2)) ∧
- aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- aorai_CurStates ≡ aorai_reject ∨
- (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≢ 2);
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- aorai_CurStates ≢ aorai_reject ∧
- (aorai_CurStates ≢ aorai_intermediate_state_1 ∨ ¬(aorai_y ≢ 2));
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void g_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- else
- if (3 == aorai_CurStates)
- if (aorai_y != 2) aorai_CurStates_tmp = aorai_reject;
- if (3 == aorai_CurStates) {
- if (aorai_y == 2) aorai_CurStates_tmp = OK; else goto _LAND;
- }
- else {
- _LAND: ;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+*/
+
+/*@ ghost
+ /@ requires
+ aorai_CurStates ≡ OK ∨
+ aorai_CurStates ≡ aorai_intermediate_state_1;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state_1 ⇒
+ aorai_y ≢ 2 ∨ aorai_y ≡ 2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes
+ (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≡ 2) ∨
+ aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes
+ (aorai_CurStates ≢ aorai_intermediate_state_1 ∨
+ ¬(aorai_y ≡ 2)) ∧
+ aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ aorai_CurStates ≡ aorai_reject ∨
+ (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≢ 2);
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ aorai_CurStates ≢ aorai_reject ∧
+ (aorai_CurStates ≢ aorai_intermediate_state_1 ∨
+ ¬(aorai_y ≢ 2));
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void g_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ else
+ if (3 == aorai_CurStates)
+ if (aorai_y != 2) aorai_CurStates_tmp = aorai_reject;
+ if (3 == aorai_CurStates) {
+ if (aorai_y == 2) aorai_CurStates_tmp = OK; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ }
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+
+*/
/*@ requires
aorai_CurStates ≡ OK ∨
@@ -451,105 +467,111 @@ void g_post_func(int res)
*/
int g(int y)
{
- g_pre_func(y);
- g_post_func(y);
+ /*@ ghost g_pre_func(y); */
+ /*@ ghost g_post_func(y); */
return y;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_out:
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_in:
- assumes aorai_CurStates ≡ init;
- ensures aorai_CurStates ≡ main_0;
-
- behavior buch_state_main_0_out:
- assumes aorai_CurStates ≢ init;
- ensures aorai_CurStates ≢ main_0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (6 == aorai_CurStates) aorai_CurStates_tmp = main_0;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_out:
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_in:
+ assumes aorai_CurStates ≡ init;
+ ensures aorai_CurStates ≡ main_0;
+
+ behavior buch_state_main_0_out:
+ assumes aorai_CurStates ≢ init;
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (6 == aorai_CurStates) aorai_CurStates_tmp = main_0;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ OK;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ OK;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ init;
ensures aorai_CurStates ≡ OK;
@@ -581,11 +603,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f(1);
g(2);
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle b/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
index d0d19c2132d071d68dad1c4f0f1b53af2cab99ec..f256e74d9cbfec7dfa9e9d2917fffe6deff0149e 100644
--- a/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
@@ -12,52 +12,58 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S;
@@ -67,8 +73,8 @@ void main_post_func(void)
*/
void main(void)
{
- int aorai_Loop_Init_2;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_2; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_2 = 1; */
aorai_loop_2:
@@ -81,7 +87,7 @@ void main(void)
/*@ ghost aorai_Loop_Init_2 = 0; */
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle b/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
index 094b941a28b8b2a98dc33e32fb7fdcaadaa48190..0043d14bb25bf9672874239bd7375191989faa0d 100644
--- a/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
@@ -27,141 +27,147 @@ int rr = 1;
/*@ ghost int accept_S6 = 0; */
/*@ ghost int accept_all = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
- 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
+ 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧
@@ -180,147 +186,153 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_S6;
-
- behavior buch_state_accept_S6_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_S6;
+
+ behavior buch_state_accept_S6_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -335,134 +347,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -489,147 +507,153 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 60000;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S6;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S6;
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S6;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S6;
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -651,7 +675,7 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) goto L;
opc();
L4: goto L5;
@@ -667,7 +691,7 @@ int main(void)
L5: opb();
goto L6;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle b/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
index c4de6d08ef21404b9a739cc1e376b7cce1bb661c..9025e381a6c817d1455ffe392d0de9f1382755bc 100644
--- a/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
@@ -19,158 +19,164 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_1 = 0; */
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_reject = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_reject;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_intermediate_state == 1) aorai_reject_tmp = 1;
- else aorai_reject_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_1_tmp = 1;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_intermediate_state == 1) aorai_reject_tmp = 1;
+ else aorai_reject_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes 1 ≡ aorai_reject;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes 0 ≡ aorai_reject;
- ensures 0 ≡ aorai_reject;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes 1 ≡ aorai_reject;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes 0 ≡ aorai_reject;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_0 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -215,187 +221,194 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0 ∧ c > 0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0 ∨ ¬(c > 0);
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ S0 ∧ c ≤ 0;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ S0 ∨ ¬(c ≤ 0);
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_out:
- ensures 0 ≡ aorai_reject;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- aorai_reject_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (S0 == 1)
- if (c <= 0) aorai_intermediate_state_0_tmp = 1;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0 ∧ c > 0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0 ∨ ¬(c > 0);
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ S0 ∧ c ≤ 0;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ S0 ∨ ¬(c ≤ 0);
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_out:
+ ensures 0 ≡ aorai_reject;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ aorai_reject_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (S0 == 1)
+ if (c <= 0) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
else aorai_intermediate_state_0_tmp = 0;
- else aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
- 1 ≡ aorai_intermediate_state_2) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1;
- requires 1 ≡ aorai_intermediate_state_2 ⇒ res ≢ 0 ∨ res ≡ 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- (1 ≡ aorai_intermediate_state_2 ∧ res ≡ 0) ∨
- 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- (0 ≡ aorai_intermediate_state_2 ∨ ¬(res ≡ 0)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- 1 ≡ aorai_reject ∨
- (1 ≡ aorai_intermediate_state_2 ∧ res ≢ 0) ∨
- 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- 0 ≡ aorai_reject ∧
- (0 ≡ aorai_intermediate_state_2 ∨ res ≡ 0) ∧
- 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ aorai_reject;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_intermediate_state_0 == 1) aorai_reject_tmp = 1;
- else
- if (aorai_intermediate_state_2 == 1) {
- if (res != 0) aorai_reject_tmp = 1; else goto _LAND;
- }
- else {
- _LAND: ;
- if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
- }
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_2 == 1)
- if (res == 0) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
+ 1 ≡ aorai_intermediate_state_2) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1;
+ requires 1 ≡ aorai_intermediate_state_2 ⇒ res ≢ 0 ∨ res ≡ 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ (1 ≡ aorai_intermediate_state_2 ∧ res ≡ 0) ∨
+ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_2 ∨ ¬(res ≡ 0)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ 1 ≡ aorai_reject ∨
+ (1 ≡ aorai_intermediate_state_2 ∧ res ≢ 0) ∨
+ 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ 0 ≡ aorai_reject ∧
+ (0 ≡ aorai_intermediate_state_2 ∨ res ≡ 0) ∧
+ 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_intermediate_state_0 == 1) aorai_reject_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1) {
+ if (res != 0) aorai_reject_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (aorai_reject == 1) aorai_reject_tmp = 1;
+ else aorai_reject_tmp = 0;
+ }
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1)
+ if (res == 0) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -424,10 +437,10 @@ void main_post_func(int res)
int main(int c)
{
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c <= 0) f();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle b/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
index aff805d14e96b5d866f917331cbf3858a2035a4f..ebe6f07db4c9567f195bde9895293748e61bd6a4 100644
--- a/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
@@ -22,48 +22,54 @@ int f(void);
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int aorai_CurStates = s0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_s0_out:
- ensures aorai_CurStates ≢ s0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_s0_out:
+ ensures aorai_CurStates ≢ s0;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_s0_out:
- ensures aorai_CurStates ≢ s0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_s0_out:
+ ensures aorai_CurStates ≢ s0;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false; */
int main(void)
{
int tmp;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
tmp = f();
- main_post_func(tmp);
+ /*@ ghost main_post_func(tmp); */
return tmp;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle b/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
index 6c2ded3fb12e815c4a12db213eb99fba710f34df..a6f3f8f7d8a6c963688ebbb9b7231ae346ab2944 100644
--- a/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
@@ -21,163 +21,170 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_1_in_1:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes
- (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_counter ++;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_1_in_1:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ if (aorai_counter < 5) aorai_counter ++;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1)
+ if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
else aorai_intermediate_state_1_tmp = 0;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
@@ -207,152 +214,159 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in:
- assumes 1 ≡ aorai_intermediate_state_2;
- ensures 1 ≡ aorai_intermediate_state_3;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes 0 ≡ aorai_intermediate_state_2;
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in:
+ assumes 1 ≡ aorai_intermediate_state_2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes 0 ≡ aorai_intermediate_state_2;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -368,155 +382,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -541,9 +561,9 @@ void main_post_func(int res)
*/
int main(int c)
{
- int aorai_Loop_Init_13;
+ /*@ ghost int aorai_Loop_Init_13; */
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c < 0) c = 0;
if (c > 0) c = 5;
/*@ ghost aorai_Loop_Init_13 = 1; */
@@ -581,7 +601,7 @@ int main(int c)
c --;
}
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle b/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
index 9d20f728baa6537ef95e2ec1fd374534fdd6742a..e4e6c64f81a3e62fcd37119fae12ca6dd86062c6 100644
--- a/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
@@ -38,70 +38,76 @@ lemma Init_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Called));
*/
/*@ ghost int aorai_CurStates = Init; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_in:
- assumes
- aorai_CurStates ≡ aorai_reject ∨
- aorai_CurStates ≡ aorai_intermediate_state;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- aorai_CurStates ≢ aorai_reject ∧
- aorai_CurStates ≢ aorai_intermediate_state;
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void f_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- else
- if (1 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ aorai_CurStates ≡ aorai_reject ∨
+ aorai_CurStates ≡ aorai_intermediate_state;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ aorai_CurStates ≢ aorai_reject ∧
+ aorai_CurStates ≢ aorai_intermediate_state;
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void f_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ else
+ if (1 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void f_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void f_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
requires
@@ -116,63 +122,69 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void main_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void main_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false; */
void main(void)
{
- int aorai_Loop_Init_3;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_3; */
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_3 = 1; */
aorai_loop_3:
/*@ loop invariant Aorai: aorai_CurStates ≢ Init;
@@ -183,7 +195,7 @@ void main(void)
/*@ ghost aorai_Loop_Init_3 = 0; */
f();
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle b/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
index c936e1183e0c1e85b5412805bc751887b1b80c83..ba7d90bbeced0d8b23285c47292b045b98b3e073 100644
--- a/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
@@ -13,68 +13,74 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S0 = 1; */
/*@ ghost int Sf = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ S0 ∧ x ≥ 4;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ S0 ∨ ¬(x ≥ 4);
- ensures 0 ≡ Sf;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- if (S0 == 1)
- if (x >= 4) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ S0 ∧ x ≥ 4;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ S0 ∨ ¬(x ≥ 4);
+ ensures 0 ≡ Sf;
+ @/
+ void f_pre_func(int x)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ if (S0 == 1)
+ if (x >= 4) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ return;
+ }
-/*@ requires 1 ≡ Sf ∧ 0 ≡ S0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ Sf;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ Sf;
- ensures 0 ≡ Sf;
- */
-void f_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- if (Sf == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ Sf ∧ 0 ≡ S0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ Sf;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ Sf;
+ ensures 0 ≡ Sf;
+ @/
+ void f_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ if (Sf == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S0 ∧ 0 ≡ Sf;
requires 1 ≡ S0 ⇒ x ≥ 4;
@@ -88,8 +94,8 @@ void f_post_func(int res)
*/
int f(int x)
{
- f_pre_func(x);
- f_post_func(x);
+ /*@ ghost f_pre_func(x); */
+ /*@ ghost f_post_func(x); */
return x;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/other.res.oracle b/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
index 705124879237fa436ae0719bc00a243fe0eeefb2..91b4e2cc2ad540571330772e709520258a653f9b 100644
--- a/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
@@ -17,181 +17,187 @@ int x = 0;
/*@ ghost int init = 1; */
/*@ ghost int last = 0; */
/*@ ghost int step1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void f_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void f_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void f_post_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void f_post_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
@@ -251,187 +257,193 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
x = 3;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void g_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void g_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void g_post_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void g_post_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
@@ -491,139 +503,145 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
+ /*@ ghost g_pre_func(); */
x = 4;
- g_post_func();
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes 1 ≡ init ∧ x ≢ 3;
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes 0 ≡ init ∨ ¬(x ≢ 3);
- ensures 0 ≡ init;
-
- behavior buch_state_last_out:
- ensures 0 ≡ last;
-
- behavior buch_state_step1_out:
- ensures 0 ≡ step1;
- */
-void main_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- step1_tmp = 0;
- last_tmp = 0;
- if (init == 1)
- if (x != 3) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes 1 ≡ init ∧ x ≢ 3;
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes 0 ≡ init ∨ ¬(x ≢ 3);
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_out:
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_out:
+ ensures 0 ≡ step1;
+ @/
+ void main_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ step1_tmp = 0;
+ last_tmp = 0;
+ if (init == 1)
+ if (x != 3) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- else {
- _LAND_0: ;
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void main_post_func(int res)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∧ 0 ≡ last ∧ 0 ≡ step1;
requires 1 ≡ init ⇒ x ≢ 3;
@@ -644,12 +662,12 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f();
g();
f();
g();
- main_post_func(x);
+ /*@ ghost main_post_func(x); */
return x;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle b/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
index 0feb9f18cabb9294676350b02e034d635ecd5b76..6640fa2d480d2331da9cf76d2b78ae199029d41d 100644
--- a/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
@@ -21,147 +21,154 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -178,176 +185,183 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in_0:
- assumes 1 ≡ aorai_intermediate_state_2 ∧ aorai_counter < 2;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_3_in_1:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_3_in_2:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes
- (0 ≡ aorai_intermediate_state_2 ∨ ¬(aorai_counter < 2)) ∧
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ \old(aorai_counter);
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1)
- if (aorai_counter < 2) aorai_counter ++;
- if (aorai_intermediate_state_0 == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_3_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_3_tmp = 1;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in_0:
+ assumes 1 ≡ aorai_intermediate_state_2 ∧ aorai_counter < 2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_3_in_1:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_3_in_2:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_2 ∨ ¬(aorai_counter < 2)) ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ \old(aorai_counter);
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1)
+ if (aorai_counter < 2) aorai_counter ++;
+ if (aorai_intermediate_state_0 == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_3_tmp = 1;
else
- if (aorai_intermediate_state_2 == 1)
- if (aorai_counter < 2) aorai_intermediate_state_3_tmp = 1;
+ if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_3_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1)
+ if (aorai_counter < 2) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
else aorai_intermediate_state_3_tmp = 0;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
@@ -387,154 +401,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_3;
- requires 1 ≡ aorai_intermediate_state_2 ⇒ 1 ≤ aorai_counter;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ aorai_intermediate_state_2 ∧ 1 ≤ aorai_counter;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ aorai_intermediate_state_2 ∨ ¬(1 ≤ aorai_counter);
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state_2 == 1)
- if (1 <= aorai_counter) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_3;
+ requires 1 ≡ aorai_intermediate_state_2 ⇒ 1 ≤ aorai_counter;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ aorai_intermediate_state_2 ∧ 1 ≤ aorai_counter;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ aorai_intermediate_state_2 ∨ ¬(1 ≤ aorai_counter);
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state_2 == 1)
+ if (1 <= aorai_counter) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -558,12 +579,12 @@ void main_post_func(int res)
int main(int c)
{
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c) f();
g();
if (c) g();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle b/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
index d846ff2ed1de631698bceb91738be087d1911bb9..b71bd8809d29cfc3d80253833fb03a144991aa1f 100644
--- a/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
@@ -21,163 +21,170 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_1_in_1:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes
- (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_counter ++;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_1_in_1:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ if (aorai_counter < 5) aorai_counter ++;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1)
+ if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
else aorai_intermediate_state_1_tmp = 0;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
@@ -207,152 +214,159 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in:
- assumes 1 ≡ aorai_intermediate_state_2;
- ensures 1 ≡ aorai_intermediate_state_3;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes 0 ≡ aorai_intermediate_state_2;
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in:
+ assumes 1 ≡ aorai_intermediate_state_2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes 0 ≡ aorai_intermediate_state_2;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -368,155 +382,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -545,9 +565,9 @@ void main_post_func(int res)
*/
int main(int c)
{
- int aorai_Loop_Init_14;
+ /*@ ghost int aorai_Loop_Init_14; */
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c < 0) c = 0;
if (c > 5) c = 5;
/*@ assert 0 ≤ c ≤ 5; */ ;
@@ -592,7 +612,7 @@ int main(int c)
c --;
}
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle b/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
index 5f8d466d22424908feb54148ff330348025086b0..cfb4234eb0cc7b8041bf606a33047a0e78c41e62 100644
--- a/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
@@ -14,83 +14,89 @@ enum aorai_OpStatusList {
/*@ ghost int S0 = 1; */
/*@ ghost int Sf = 0; */
/*@ ghost int aorai_intermediate_state = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+ @/
+ void main_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ return;
+ }
-/*@ requires 1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state;
@@ -104,9 +110,9 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
index d703a2229a90e7ba6cce9b3d66bbb5b708c753d5..3e646c93b8ae727e15a415e503375931b43eb550 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
@@ -23,128 +23,134 @@ int rr = 1;
/*@ ghost int S4 = 0; */
/*@ ghost int SF = 0; */
/*@ ghost int mainst = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ i ≥ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ ¬(i ≥ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opa_pre_func(int i, int j)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- if (S1 == 1)
- if (i >= 0) S2_tmp = 1; else S2_tmp = 0;
- else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ i ≥ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ ¬(i ≥ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opa_pre_func(int i, int j)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ if (S1 == 1)
+ if (i >= 0) S2_tmp = 1; else S2_tmp = 0;
+ else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
- 0 ≡ mainst;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_in:
- assumes 1 ≡ S2;
- ensures 1 ≡ S3;
-
- behavior buch_state_S3_out:
- assumes 0 ≡ S2;
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opa_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- if (S2 == 1) S3_tmp = 1; else S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
+ 0 ≡ mainst;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_in:
+ assumes 1 ≡ S2;
+ ensures 1 ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes 0 ≡ S2;
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opa_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ if (S2 == 1) S3_tmp = 1; else S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
@@ -162,135 +168,141 @@ void opa_post_func(void)
*/
void opa(int i, int j)
{
- opa_pre_func(i,j);
+ /*@ ghost opa_pre_func(i,j); */
rr = i + j;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_in:
- assumes 1 ≡ S3;
- ensures 1 ≡ S4;
-
- behavior buch_state_S4_out:
- assumes 0 ≡ S3;
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- if (S3 == 1) S4_tmp = 1; else S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_in:
+ assumes 1 ≡ S3;
+ ensures 1 ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes 0 ≡ S3;
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opb_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ if (S3 == 1) S4_tmp = 1; else S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ SF ∧
- 0 ≡ mainst;
- requires 1 ≡ S4 ⇒ res > 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_in:
- assumes 1 ≡ S4 ∧ res > 0;
- ensures 1 ≡ SF;
-
- behavior buch_state_SF_out:
- assumes 0 ≡ S4 ∨ ¬(res > 0);
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opb_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- if (S4 == 1)
- if (res > 0) SF_tmp = 1; else SF_tmp = 0;
- else SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ SF ∧
+ 0 ≡ mainst;
+ requires 1 ≡ S4 ⇒ res > 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_in:
+ assumes 1 ≡ S4 ∧ res > 0;
+ ensures 1 ≡ SF;
+
+ behavior buch_state_SF_out:
+ assumes 0 ≡ S4 ∨ ¬(res > 0);
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opb_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ if (S4 == 1)
+ if (res > 0) SF_tmp = 1; else SF_tmp = 0;
+ else SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
@@ -305,133 +317,139 @@ void opb_post_func(int res)
int opb(void)
{
int __retres;
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
__retres = status * 3;
- opb_post_func(__retres);
+ /*@ ghost opb_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ mainst;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ mainst;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- if (mainst == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ mainst;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ mainst;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ if (mainst == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ SF ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ mainst;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_in:
- assumes 1 ≡ SF;
- ensures 1 ≡ SF;
-
- behavior buch_state_SF_out:
- assumes 0 ≡ SF;
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- if (SF == 1) SF_tmp = 1; else SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ SF ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ mainst;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_in:
+ assumes 1 ≡ SF;
+ ensures 1 ≡ SF;
+
+ behavior buch_state_SF_out:
+ assumes 0 ≡ SF;
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ if (SF == 1) SF_tmp = 1; else SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ mainst ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
@@ -445,11 +463,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) opa(rr,300);
rr = opb();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
index 92799624f78e869afade5563e14186da7e789a43..a45dd2a4943de29c09a912eaecf6499f6a60da54 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
@@ -24,145 +24,151 @@ int rr = 1;
/*@ ghost int S5 = 0; */
/*@ ghost int S6 = 0; */
/*@ ghost int S7 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_in:
- assumes 1 ≡ S2 ∧ r ≥ 0;
- ensures 1 ≡ S3;
-
- behavior buch_state_S3_out:
- assumes 0 ≡ S2 ∨ ¬(r ≥ 0);
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opa_pre_func(int r)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- if (S2 == 1)
- if (r >= 0) S3_tmp = 1; else S3_tmp = 0;
- else S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_in:
+ assumes 1 ≡ S2 ∧ r ≥ 0;
+ ensures 1 ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes 0 ≡ S2 ∨ ¬(r ≥ 0);
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opa_pre_func(int r)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ if (S2 == 1)
+ if (r >= 0) S3_tmp = 1; else S3_tmp = 0;
+ else S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
- 0 ≡ S6 ∧ 0 ≡ S7;
- requires 1 ≡ S3 ⇒ res ≤ 5000;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_in:
- assumes 1 ≡ S3 ∧ res ≤ 5000;
- ensures 1 ≡ S4;
-
- behavior buch_state_S4_out:
- assumes 0 ≡ S3 ∨ ¬(res ≤ 5000);
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opa_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- if (S3 == 1)
- if (res <= 5000) S4_tmp = 1; else S4_tmp = 0;
- else S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
+ 0 ≡ S6 ∧ 0 ≡ S7;
+ requires 1 ≡ S3 ⇒ res ≤ 5000;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_in:
+ assumes 1 ≡ S3 ∧ res ≤ 5000;
+ ensures 1 ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes 0 ≡ S3 ∨ ¬(res ≤ 5000);
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opa_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ if (S3 == 1)
+ if (res <= 5000) S4_tmp = 1; else S4_tmp = 0;
+ else S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
@@ -183,146 +189,152 @@ void opa_post_func(int res)
int opa(int r)
{
int __retres;
- opa_pre_func(r);
+ /*@ ghost opa_pre_func(r); */
__retres = r + 1;
- opa_post_func(__retres);
+ /*@ ghost opa_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_in:
- assumes 1 ≡ S4;
- ensures 1 ≡ S5;
-
- behavior buch_state_S5_out:
- assumes 0 ≡ S4;
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- if (S4 == 1) S5_tmp = 1; else S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_in:
+ assumes 1 ≡ S4;
+ ensures 1 ≡ S5;
+
+ behavior buch_state_S5_out:
+ assumes 0 ≡ S4;
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opb_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ if (S4 == 1) S5_tmp = 1; else S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S5 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ S6 ∧ 0 ≡ S7;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_in:
- assumes 1 ≡ S5;
- ensures 1 ≡ S6;
-
- behavior buch_state_S6_out:
- assumes 0 ≡ S5;
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opb_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- if (S5 == 1) S6_tmp = 1; else S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S5 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ S6 ∧ 0 ≡ S7;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_in:
+ assumes 1 ≡ S5;
+ ensures 1 ≡ S6;
+
+ behavior buch_state_S6_out:
+ assumes 0 ≡ S5;
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opb_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ if (S5 == 1) S6_tmp = 1; else S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S5 ∧
@@ -340,134 +352,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
if (rr < 4998) rr += 2;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opc_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opc_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opc_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -497,146 +515,152 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 600;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S6 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ S5 ∧ 0 ≡ S7;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_in:
- assumes 1 ≡ S6;
- ensures 1 ≡ S7;
-
- behavior buch_state_S7_out:
- assumes 0 ≡ S6;
- ensures 0 ≡ S7;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- if (S6 == 1) S7_tmp = 1; else S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S6 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ S5 ∧ 0 ≡ S7;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_in:
+ assumes 1 ≡ S6;
+ ensures 1 ≡ S7;
+
+ behavior buch_state_S7_out:
+ assumes 0 ≡ S6;
+ ensures 0 ≡ S7;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ if (S6 == 1) S7_tmp = 1; else S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
@@ -652,13 +676,13 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) rr = opa(rr);
opb();
goto L6;
opc();
L6: __retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
index 538051ad5514f5e1aab1dcdc5290e4b4e14bae4f..a418b2f7c9e83d32274eff23ee3173ea9cba90cf 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
@@ -21,82 +21,90 @@ extern int call_to_an_undefined_function(void);
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void a_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void a_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void a_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void a_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
/*@ requires (1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init;
requires 1 ≡ accept_S1 ∨ 0 ≡ accept_S1;
@@ -111,88 +119,96 @@ void a_post_func(int res)
int a(void)
{
int __retres;
- a_pre_func();
+ /*@ ghost a_pre_func(); */
__retres = 1;
- a_post_func(__retres);
+ /*@ ghost a_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_b;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void b_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_b;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_b;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void b_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_b;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_b;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void b_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_b;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_b;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void b_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_b;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init;
requires 1 ≡ accept_S1 ∨ 0 ≡ accept_S1;
@@ -207,87 +223,95 @@ void b_post_func(int res)
int b(void)
{
int __retres;
- b_pre_func();
+ /*@ ghost b_pre_func(); */
call_to_an_undefined_function();
__retres = 2;
- b_post_func(__retres);
+ /*@ ghost b_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
requires \true;
@@ -302,9 +326,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int tmp_1;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
int x = a();
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
@@ -327,7 +351,7 @@ int main(void)
}
}
tmp_1 = a();
- main_post_func(tmp_1);
+ /*@ ghost main_post_func(tmp_1); */
return tmp_1;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
index 272eb96f193a91897513bc49f4b1c74bdfd49a99..4fd824e2ad33bdb3a46508999084d5f048ad25a6 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
@@ -24,112 +24,118 @@ int status = 0;
/*@ ghost int accept_S3 = 0; */
/*@ ghost int accept_S4 = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_commit_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void commit_trans_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_commit_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S4 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_commit_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void commit_trans_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_commit_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S4 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_commit_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void commit_trans_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_commit_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_commit_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void commit_trans_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_commit_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧
@@ -148,128 +154,134 @@ void commit_trans_post_func(int res)
int commit_trans(void)
{
int __retres;
- commit_trans_pre_func();
+ /*@ ghost commit_trans_pre_func(); */
__retres = 1;
- commit_trans_post_func(__retres);
+ /*@ ghost commit_trans_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_init_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void init_trans_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_init_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_init_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void init_trans_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_init_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- requires 1 ≡ accept_S2 ⇒ status ≢ 0 ∨ status ≡ 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_init_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∧ status ≡ 0;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∨ ¬(status ≡ 0);
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S2 ∧ status ≢ 0;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S2 ∨ status ≡ 0;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void init_trans_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_init_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S2 == 1)
- if (status != 0) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1)
- if (status == 0) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ requires 1 ≡ accept_S2 ⇒ status ≢ 0 ∨ status ≡ 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_init_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∧ status ≡ 0;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∨ ¬(status ≡ 0);
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S2 ∧ status ≢ 0;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S2 ∨ status ≡ 0;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void init_trans_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_init_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S2 == 1)
+ if (status != 0) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1)
+ if (status == 0) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
@@ -291,128 +303,134 @@ void init_trans_post_func(int res)
int init_trans(void)
{
int __retres;
- init_trans_pre_func();
+ /*@ ghost init_trans_pre_func(); */
__retres = 1;
- init_trans_post_func(__retres);
+ /*@ ghost init_trans_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧
@@ -436,9 +454,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
cpt = 3;
status = 0;
/*@ ghost aorai_Loop_Init_7 = 1; */
@@ -466,7 +484,7 @@ int main(void)
goto return_label;
label_ok: __retres = 1;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
index 4f101eb24f62cff6ab0f08b9c9604dd83e0869dc..4b6cca74dbc83f17871fb61da2e0b92b388a9e8a 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
@@ -23,133 +23,139 @@ int rr = 1;
/*@ ghost int accept_S4 = 0; */
/*@ ghost int accept_S5 = 0; */
/*@ ghost int accept_all = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ T0_S2 ∧ rr ≡ 51;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ T0_S2 ∨ ¬(rr ≡ 51);
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_post_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (T0_S2 == 1)
- if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- else accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ T0_S2 ∧ rr ≡ 51;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ T0_S2 ∨ ¬(rr ≡ 51);
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_post_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (T0_S2 == 1)
+ if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ else accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -170,132 +176,138 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S4 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
- 0 ≡ accept_S3 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_post_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S4 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_post_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S3 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
@@ -309,132 +321,138 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
- 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_all;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- if (accept_S5 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_all;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ if (accept_S5 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S3 ∧
@@ -453,9 +471,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
/*@ loop invariant 0 ≤ rr ≤ 50;
@@ -479,7 +497,7 @@ int main(void)
/*@ ghost int tmp = 1; */
/*@ ghost tmp = 0; */
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
index 02a0be5d77b163a9623bba2d62f8b846fed48f61..611da850e54cd7f992ea6c81baa61527aff85002 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
@@ -22,122 +22,128 @@ int rr = 1;
/*@ ghost int T1_S2 = 0; */
/*@ ghost int accept_S3 = 0; */
/*@ ghost int accept_all = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T1_S2;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T1_S2;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T1_S2;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T1_S2;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T1_S2;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T1_S2;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_post_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T1_S2;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T1_S2;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_post_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -176,120 +182,126 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_out:
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ T1_S2 ∧ rr ≡ 51;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ T1_S2 ∨ ¬(rr ≡ 51);
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- if (T1_S2 == 1)
- if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- else accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_out:
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ T1_S2 ∧ rr ≡ 51;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ T1_S2 ∨ ¬(rr ≡ 51);
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ if (T1_S2 == 1)
+ if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ else accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_post_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S3 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧
+ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_post_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S3 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T1_S2 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -304,123 +316,129 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_out:
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T0_init == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_out:
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T0_init == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ accept_all;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- if (T0_S4 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ accept_all;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ if (T0_S4 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S4 ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
@@ -437,10 +455,10 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_15;
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_15; */
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
/*@ loop invariant 0 ≤ rr ≤ 50;
@@ -469,7 +487,7 @@ int main(void)
opa();
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
index 70269ff32b3aa4575dba0f72d54792b415c86e0a..4b0631f98f1d319c24ddf6be7b3fbfd24241c367 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
@@ -20,90 +20,96 @@ enum aorai_OpStatusList {
/*@ ghost int End = 0; */
/*@ ghost int Idle = 1; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ Idle ∧ res ≢ -1;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ Idle ∨ ¬(res ≢ -1);
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_in:
- assumes 1 ≡ Idle ∧ res ≡ -1;
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes 0 ≡ Idle ∨ ¬(res ≡ -1);
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (Idle == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ Idle ∧ res ≢ -1;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ Idle ∨ ¬(res ≢ -1);
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes 1 ≡ Idle ∧ res ≡ -1;
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes 0 ≡ Idle ∨ ¬(res ≡ -1);
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (Idle == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
requires \valid(t + (0 .. max));
@@ -126,9 +132,9 @@ void isPresent_post_func(int res)
*/
int isPresent(int *t, int max, int val)
{
- int aorai_Loop_Init_2;
+ /*@ ghost int aorai_Loop_Init_2; */
int __retres;
- isPresent_pre_func(t,max,val);
+ /*@ ghost isPresent_pre_func(t,max,val); */
int i = 0;
/*@ ghost aorai_Loop_Init_2 = 1; */
aorai_loop_2:
@@ -154,86 +160,93 @@ int isPresent(int *t, int max, int val)
goto return_label;
}
__retres = -1;
- return_label: {
- isPresent_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresent_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle;
@@ -243,85 +256,91 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
@@ -335,12 +354,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,3,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
index 016b305d9ce280df11073170b4f7b4fd35e645af..bc2b324895728405c00ffa43fcb51fd18cd6c681 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
@@ -16,87 +16,93 @@ enum aorai_OpStatusList {
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void decode_int_pre_func(char *s)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_decode_int;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void decode_int_pre_func(char *s)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_decode_int;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void decode_int_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_decode_int;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void decode_int_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_decode_int;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
@@ -108,10 +114,10 @@ void decode_int_post_func(int res)
*/
int decode_int(char *s)
{
- int aorai_Loop_Init_5;
+ /*@ ghost int aorai_Loop_Init_5; */
int __retres;
char c;
- decode_int_pre_func(s);
+ /*@ ghost decode_int_pre_func(s); */
int intmax = ~ (1 << (sizeof(int) * (unsigned int)8 - (unsigned int)1));
int cutlim = intmax % 10;
int cutoff = intmax / 10;
@@ -171,99 +177,106 @@ int decode_int(char *s)
}
}
__retres = value;
- return_label: {
- decode_int_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost decode_int_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void factorial_pre_func(int value)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_factorial;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void factorial_pre_func(int value)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_factorial;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void factorial_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_factorial;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1;
- else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void factorial_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_factorial;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
requires 1 ≡ accept_S2 ∨ 0 ≡ accept_S2;
@@ -281,98 +294,104 @@ void factorial_post_func(int res)
int factorial(int value)
{
int tmp_0;
- factorial_pre_func(value);
+ /*@ ghost factorial_pre_func(value); */
if (value > 0) {
int tmp;
tmp = factorial(value - 1);
tmp_0 = tmp * value;
}
else tmp_0 = 1;
- factorial_post_func(tmp_0);
+ /*@ ghost factorial_post_func(tmp_0); */
return tmp_0;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S2_tmp = 0;
- if (accept_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S2_tmp = 0;
+ if (accept_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
requires argc ≡ 2;
@@ -388,7 +407,7 @@ int main(int argc, char **argv)
{
int __retres;
int value;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
if (argc != 2) {
__retres = 1;
goto return_label;
@@ -408,7 +427,7 @@ int main(int argc, char **argv)
factorial(value);
__retres = 0;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
index 709a03bb33cd884daad37670ce28cbce30677c0b..13d491bf7faf1f26825db7ca0ca991ba715d9315 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
@@ -16,85 +16,91 @@ enum aorai_OpStatusList {
/*@ ghost int S1 = 0; */
/*@ ghost int S2 = 0; */
/*@ ghost int main_0 = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void decode_int_pre_func(char *s)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_decode_int;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void decode_int_pre_func(char *s)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_decode_int;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ 1 ≢ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ 1 ≡ 0;
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void decode_int_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_decode_int;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ 1 ≢ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ 1 ≡ 0;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void decode_int_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_decode_int;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
@@ -107,10 +113,10 @@ void decode_int_post_func(int res)
*/
int decode_int(char *s)
{
- int aorai_Loop_Init_5;
+ /*@ ghost int aorai_Loop_Init_5; */
int __retres;
char c;
- decode_int_pre_func(s);
+ /*@ ghost decode_int_pre_func(s); */
int intmax = ~ (1 << (sizeof(int) * (unsigned int)8 - (unsigned int)1));
int cutlim = intmax % 10;
int cutoff = intmax / 10;
@@ -170,97 +176,104 @@ int decode_int(char *s)
}
}
__retres = value;
- return_label: {
- decode_int_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost decode_int_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void factorial_pre_func(int value)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_factorial;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1;
- else
- if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void factorial_pre_func(int value)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_factorial;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1;
+ else
+ if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S2 ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S2 ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void factorial_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_factorial;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1;
- else
- if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (S2 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S2 ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S2 ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void factorial_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_factorial;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1;
+ else
+ if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (S2 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
requires 1 ≡ S1 ⇒ 1 ≢ 0;
@@ -279,96 +292,102 @@ void factorial_post_func(int res)
int factorial(int value)
{
int tmp_0;
- factorial_pre_func(value);
+ /*@ ghost factorial_pre_func(value); */
if (value > 0) {
int tmp;
tmp = factorial(value - 1);
tmp_0 = tmp * value;
}
else tmp_0 = 1;
- factorial_post_func(tmp_0);
+ /*@ ghost factorial_post_func(tmp_0); */
return tmp_0;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ main_0;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ main_0;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- S2_tmp = 0;
- if (main_0 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ main_0;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ main_0;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ S2_tmp = 0;
+ if (main_0 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ 1 ≢ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ 1 ≡ 0;
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ 1 ≢ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ 1 ≡ 0;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ main_0 ∧ 0 ≡ S1 ∧ 0 ≡ S2;
requires argc ≡ 2;
@@ -385,7 +404,7 @@ int main(int argc, char **argv)
{
int __retres;
int value;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
if (argc != 2) {
__retres = 1;
goto return_label;
@@ -405,7 +424,7 @@ int main(int argc, char **argv)
factorial(value);
__retres = 0;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
index 6b08217bc0250b174eec5f55e629d0d21844f0c5..bcd5caca7e911c3bfa1d4622186c5f95c7ed4f95 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
@@ -50,80 +50,88 @@ predicate valid_string{L}(char *s) =
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
requires valid_string(argv);
@@ -137,7 +145,7 @@ int countOne(char *argv)
{
int __retres;
int tmp;
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
if ((int)*(argv + 0) == 0) {
__retres = 0;
@@ -147,86 +155,95 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
__retres = r;
- return_label: {
- countOne_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost countOne_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
requires
@@ -240,96 +257,104 @@ void count_post_func(int res)
*/
int count(int argc, char **argv)
{
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
int s = countOne(*(argv + 0));
if (argc > 1) {
int tmp_0;
tmp_0 = count(argc - 1,argv + 1);
s += tmp_0;
}
- count_post_func(s);
+ /*@ ghost count_post_func(s); */
return s;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
requires
@@ -350,11 +375,11 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int somme = 0;
if (argc > 0) somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
index 4a1cd28e828892d2cb196a7c0473bb40362d2273..efa580f6bc6e5aae0b60ae36c26c5fc05bdf1b01 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
@@ -66,100 +66,106 @@ int global_argc = 0;
/*@ ghost int T0_init = 1; */
/*@ ghost int T1 = 0; */
/*@ ghost int accept_T2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_pre_func(char *argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (T1 == 1)
- if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_pre_func(char *argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (T1 == 1)
+ if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ T1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
requires 1 ≡ T1 ⇒ global_argc > 0;
@@ -176,7 +182,7 @@ int count(char *argv)
{
int __retres;
int tmp;
- count_pre_func(argv);
+ /*@ ghost count_pre_func(argv); */
if ((int)*(argv + 0) == 0) {
__retres = 0;
goto return_label;
@@ -184,101 +190,107 @@ int count(char *argv)
tmp = count(argv + 1);
__retres = 1 + tmp;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_pre_func(char *t, int length)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_pre_func(char *t, int length)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires valid_string(t) ∧ length ≥ 0 ∧ length ≡ string_len(t);
@@ -290,8 +302,8 @@ void sumOne_post_func(int res)
*/
int sumOne(char *t, int length)
{
- int aorai_Loop_Init_11;
- sumOne_pre_func(t,length);
+ /*@ ghost int aorai_Loop_Init_11; */
+ /*@ ghost sumOne_pre_func(t,length); */
int sum = 0;
int i = 0;
i = 0;
@@ -310,105 +322,111 @@ int sumOne(char *t, int length)
sum += (int)*(t + i);
i ++;
}
- sumOne_post_func(sum);
+ /*@ ghost sumOne_post_func(sum); */
return sum;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ accept_T2;
-
- behavior buch_state_accept_T2_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ accept_T2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- if (T1 == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ accept_T2;
+
+ behavior buch_state_accept_T2_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ if (T1 == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ S1 ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires
@@ -429,7 +447,7 @@ int main(int argc, char **argv)
{
int __retres;
int length;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int sum = 0;
global_argc = argc;
if (argc > 0) {
@@ -437,7 +455,7 @@ int main(int argc, char **argv)
sum = sumOne(*(argv + 0),length);
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
index 9eac73a1ce5a1e766fa963d6ddfe89c38f985f05..8b5a200aeaa8f8ae1ec8d1f931528ee7fdc52242 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
@@ -66,100 +66,106 @@ int global_argc = 0;
/*@ ghost int T0_init = 1; */
/*@ ghost int T1 = 0; */
/*@ ghost int accept_T2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_pre_func(char *argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (T1 == 1)
- if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_pre_func(char *argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (T1 == 1)
+ if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ T1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
requires 1 ≡ T1 ⇒ global_argc > 0;
@@ -176,7 +182,7 @@ int count(char *argv)
{
int __retres;
int tmp;
- count_pre_func(argv);
+ /*@ ghost count_pre_func(argv); */
if ((int)*(argv + 0) == 0) {
__retres = 0;
goto return_label;
@@ -184,101 +190,107 @@ int count(char *argv)
tmp = count(argv + 1);
__retres = 1 + tmp;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_pre_func(char *t, int length)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_pre_func(char *t, int length)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires valid_string(t) ∧ length ≥ 0 ∧ length ≡ string_len(t);
@@ -290,8 +302,8 @@ void sumOne_post_func(int res)
*/
int sumOne(char *t, int length)
{
- int aorai_Loop_Init_11;
- sumOne_pre_func(t,length);
+ /*@ ghost int aorai_Loop_Init_11; */
+ /*@ ghost sumOne_pre_func(t,length); */
int sum = 0;
int i = 0;
i = 0;
@@ -310,107 +322,113 @@ int sumOne(char *t, int length)
sum += (int)*(t + i);
i ++;
}
- sumOne_post_func(sum);
+ /*@ ghost sumOne_post_func(sum); */
return sum;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_in:
- assumes 1 ≡ T1 ∧ res ≡ 1;
- ensures 1 ≡ accept_T2;
-
- behavior buch_state_accept_T2_out:
- assumes 0 ≡ T1 ∨ ¬(res ≡ 1);
- ensures 0 ≡ accept_T2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- if (T1 == 1)
- if (res == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
- else accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_in:
+ assumes 1 ≡ T1 ∧ res ≡ 1;
+ ensures 1 ≡ accept_T2;
+
+ behavior buch_state_accept_T2_out:
+ assumes 0 ≡ T1 ∨ ¬(res ≡ 1);
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ if (T1 == 1)
+ if (res == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
+ else accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ S1 ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires
@@ -432,7 +450,7 @@ int main(int argc, char **argv)
{
int __retres;
int length;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int sum = 0;
global_argc = argc;
if (argc > 0) {
@@ -440,7 +458,7 @@ int main(int argc, char **argv)
sum = sumOne(*(argv + 0),length);
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
index 3a5ab9e3cd38f9dd3e5446296ccb6c34b9caca92..09a6e371c266a733e453905cbb7c6d3a06323cbe 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
@@ -17,108 +17,114 @@ enum aorai_OpStatusList {
/*@ ghost int End = 0; */
/*@ ghost int Idle = 1; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int size, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
-
-/*@ requires 1 ≡ End ∨ 1 ≡ Idle ∨ 1 ≡ WillDoFoo;
- requires 1 ≡ End ⇒ res ≢ -1;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes (1 ≡ Idle ∧ res ≢ -1) ∨ (1 ≡ End ∧ res ≢ -1);
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes
- (0 ≡ Idle ∨ ¬(res ≢ -1)) ∧ (0 ≡ End ∨ ¬(res ≢ -1));
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_in:
- assumes
- (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes
- (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≡ -1));
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1) {
- if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int size, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- else {
- _LAND: ;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- }
- Idle_tmp = 0;
- if (End == 1) {
- if (res != -1) End_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
- if (Idle == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∨ 1 ≡ Idle ∨ 1 ≡ WillDoFoo;
+ requires 1 ≡ End ⇒ res ≢ -1;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes (1 ≡ Idle ∧ res ≢ -1) ∨ (1 ≡ End ∧ res ≢ -1);
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes
+ (0 ≡ Idle ∨ ¬(res ≢ -1)) ∧ (0 ≡ End ∨ ¬(res ≢ -1));
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes
+ (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes
+ (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≡ -1));
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1) {
+ if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ }
+ Idle_tmp = 0;
+ if (End == 1) {
+ if (res != -1) End_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (Idle == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ }
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
requires \valid(t + (0 .. size - 1));
@@ -147,7 +153,7 @@ int isPresent(int *t, int size, int val)
{
int __retres;
int tmp;
- isPresent_pre_func(t,size,val);
+ /*@ ghost isPresent_pre_func(t,size,val); */
if (size == 0) {
__retres = -1;
goto return_label;
@@ -160,86 +166,93 @@ int isPresent(int *t, int size, int val)
int r = 1 + tmp;
if (r == 0) r = -1;
__retres = r;
- return_label: {
- isPresent_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresent_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle;
@@ -249,85 +262,91 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
@@ -341,12 +360,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,4,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
index 40cd2510d3380e743b2f80074c35e9e7b539dc8f..b5c3e5aa9304fc5c42d1db1f402c63097c595463 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
@@ -22,127 +22,133 @@ enum aorai_OpStatusList {
/*@ ghost int Idle = 1; */
/*@ ghost int IgnoreFoo = 0; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresentRec;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresentRec_pre_func(int *t, int i, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresentRec;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
-
-/*@ requires
- (1 ≡ Idle ∨ 1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresentRec;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_in:
- assumes
- (1 ≡ IgnoreFoo ∧ res ≢ -1) ∨ (1 ≡ Idle ∧ res ≢ -1);
- ensures 1 ≡ IgnoreFoo;
-
- behavior buch_state_IgnoreFoo_out:
- assumes
- (0 ≡ IgnoreFoo ∨ ¬(res ≢ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≢ -1));
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_in:
- assumes
- (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes
- (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≡ -1));
- ensures 0 ≡ WillDoFoo;
- */
-void isPresentRec_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresentRec;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1) {
- if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
- }
- else {
- _LAND: ;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresentRec;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresentRec_pre_func(int *t, int i, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresentRec;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- if (Idle == 1) {
- if (res != -1) IgnoreFoo_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
- if (IgnoreFoo == 1)
- if (res != -1) IgnoreFoo_tmp = 1; else IgnoreFoo_tmp = 0;
- else IgnoreFoo_tmp = 0;
+
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ Idle ∨ 1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresentRec;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_in:
+ assumes
+ (1 ≡ IgnoreFoo ∧ res ≢ -1) ∨ (1 ≡ Idle ∧ res ≢ -1);
+ ensures 1 ≡ IgnoreFoo;
+
+ behavior buch_state_IgnoreFoo_out:
+ assumes
+ (0 ≡ IgnoreFoo ∨ ¬(res ≢ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≢ -1));
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes
+ (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes
+ (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≡ -1));
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresentRec_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresentRec;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1) {
+ if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ }
+ if (Idle == 1) {
+ if (res != -1) IgnoreFoo_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (IgnoreFoo == 1)
+ if (res != -1) IgnoreFoo_tmp = 1; else IgnoreFoo_tmp = 0;
+ else IgnoreFoo_tmp = 0;
+ }
+ Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -172,7 +178,7 @@ int isPresentRec(int *t, int i, int max, int val)
{
int __retres;
int tmp;
- isPresentRec_pre_func(t,i,max,val);
+ /*@ ghost isPresentRec_pre_func(t,i,max,val); */
if (*(t + i) == val) {
__retres = i;
goto return_label;
@@ -183,114 +189,121 @@ int isPresentRec(int *t, int i, int max, int val)
}
tmp = isPresentRec(t,i + 1,max,val);
__retres = tmp;
- return_label: {
- isPresentRec_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresentRec_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End ∧ 0 ≡ Idle;
- requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ IgnoreFoo ∧ res ≢ -1;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ IgnoreFoo ∨ ¬(res ≢ -1);
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_in:
- assumes 1 ≡ WillDoFoo ∧ res ≡ -1;
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes 0 ≡ WillDoFoo ∨ ¬(res ≡ -1);
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (IgnoreFoo == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End ∧ 0 ≡ Idle;
+ requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ IgnoreFoo ∧ res ≢ -1;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ IgnoreFoo ∨ ¬(res ≢ -1);
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes 1 ≡ WillDoFoo ∧ res ≡ -1;
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes 0 ≡ WillDoFoo ∨ ¬(res ≡ -1);
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (IgnoreFoo == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -315,103 +328,109 @@ void isPresent_post_func(int res)
int isPresent(int *t, int max, int val)
{
int tmp;
- isPresent_pre_func(t,max,val);
+ /*@ ghost isPresent_pre_func(t,max,val); */
tmp = isPresentRec(t,0,max,val);
- isPresent_post_func(tmp);
+ /*@ ghost isPresent_post_func(tmp); */
return tmp;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo;
@@ -422,102 +441,108 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -532,12 +557,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,3,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
index d958a05da1c12e6610283cd831a8ee2f8f652a44..485f555e125d20c2ae094c7edfeb9fb49284ef75 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
@@ -20,71 +20,77 @@ int myAge = 0;
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S1 = 0; */
/*@ ghost int main_0 = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_increment;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void increment_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_increment;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_increment;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void increment_pre_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_increment;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
- requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_increment;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void increment_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_increment;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
+ requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_increment;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void increment_post_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_increment;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
@@ -96,78 +102,84 @@ void increment_post_func(void)
*/
void increment(void)
{
- increment_pre_func();
+ /*@ ghost increment_pre_func(); */
(nobody.Age) ++;
myAge ++;
- increment_post_func();
+ /*@ ghost increment_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ main_0 ∧ nobody.Age ≡ 0;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ main_0 ∨ ¬(nobody.Age ≡ 0);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (main_0 == 1)
- if (nobody.Age == 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ main_0 ∧ nobody.Age ≡ 0;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ main_0 ∨ ¬(nobody.Age ≡ 0);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (main_0 == 1)
+ if (nobody.Age == 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
- requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
+ requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ main_0 ∧ 0 ≡ S1;
requires 1 ≡ main_0 ⇒ nobody.Age ≡ 0;
@@ -183,11 +195,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
nobody.Age = 0;
increment();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
index 35483e014d7cded359bb73ff0d110f517a90116e..cf43cbba6f083bd3c2f9f92301ec727ef15d74fe 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
@@ -29,141 +29,147 @@ int rr = 1;
/*@ ghost int accept_S6 = 0; */
/*@ ghost int accept_all = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
- 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
+ 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧
@@ -182,147 +188,153 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_S6;
-
- behavior buch_state_accept_S6_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_S6;
+
+ behavior buch_state_accept_S6_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -337,134 +349,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -491,147 +509,153 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 9000;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S6;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S6;
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S6;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S6;
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -653,7 +677,7 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
switch (rr) {
case 1: opa();
break;
@@ -662,7 +686,7 @@ int main(void)
}
opb();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
index 73b974a6b584a4ebbcd52e273c906b33a073284d..7c650ba0861a05cd096cf028417e699e2328cf20 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -122,7 +128,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -132,122 +138,129 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -264,7 +277,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -275,112 +288,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -398,10 +417,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
index a11dd2f6e1ce4ef4303150e1748e376c5c62cf4d..36ea60d0a6ebc872ec3f26d8f37a0aa53d8a46a6 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
@@ -18,75 +18,83 @@ enum aorai_OpStatusList {
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -101,7 +109,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -110,84 +118,92 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
@@ -198,7 +214,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -209,90 +225,98 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
@@ -309,10 +333,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
index cf8462c802b3110588ac392456a0e231cd3a0c0a..d0d98a3a8d87ccdcc08c916ad90c03ecdb9c8459 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -122,7 +128,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
if ((int)*(argv + 0) != 0) {
int tmp;
@@ -130,122 +136,129 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -262,7 +275,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -273,112 +286,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -396,10 +415,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
index 32c5aecfa35383c854ecabf90a6bede3087d20bd..e3f099446489b1a2263da75cbaf33a37c1ef68fe 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -123,7 +129,7 @@ void countOne_post_func(int res)
int countOne(char *argv)
{
int __retres;
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -134,124 +140,132 @@ int countOne(char *argv)
r += tmp;
}
__retres = r;
- return_label: {
- countOne_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost countOne_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -268,7 +282,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -279,112 +293,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -402,10 +422,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/variadic/generic.ml b/src/plugins/variadic/generic.ml
index af1f6658b94062ea666141de0224163252757e8b..23f35effb9b94adc3d88b253d37c38f26a1f8b76 100644
--- a/src/plugins/variadic/generic.ml
+++ b/src/plugins/variadic/generic.ml
@@ -137,7 +137,7 @@ let translate_va_builtin caller inst =
(* Translation of calls to variadic functions *)
-let translate_call ~fundec block loc mk_call callee pars =
+let translate_call ~fundec ~ghost block loc mk_call callee pars =
(* Log translation *)
Self.result ~current:true ~level:2
@@ -154,7 +154,7 @@ let translate_call ~fundec block loc mk_call callee pars =
let add_var i exp =
let typ = Cil.typeOf exp
and name = "__va_arg" ^ string_of_int i in
- let res = Cil.makeLocalVar fundec ~scope:block name typ in
+ let res = Cil.makeLocalVar ~ghost fundec ~scope:block name typ in
res.vdefined <- true;
res
in
@@ -165,7 +165,7 @@ let translate_call ~fundec block loc mk_call callee pars =
(* Build an array to store addresses *)
let addrs = List.map Cil.mkAddrOfVi vis in
- let vargs, assigns = Build.array_init ~loc fundec block
+ let vargs, assigns = Build.array_init ~loc fundec ~ghost block
"__va_args" Cil.voidPtrType addrs
in
let instrs = instrs @ [assigns] in
diff --git a/src/plugins/variadic/standard.ml b/src/plugins/variadic/standard.ml
index 8d5b77be6e5907ec979ed47cdc5193dfea4f554b..4d3350970a03b8f7d79e90669a398adbea9d04e3 100644
--- a/src/plugins/variadic/standard.ml
+++ b/src/plugins/variadic/standard.ml
@@ -179,7 +179,7 @@ let find_null exp_list =
let aggregator_call
- ~fundec {a_target; a_pos; a_type; a_param} scope loc mk_call vf args =
+ ~fundec ~ghost {a_target; a_pos; a_type; a_param} scope loc mk_call vf args =
let name = vf.vf_decl.vorig_name
and tparams = Typ.params_types a_target.vtype
and pname, ptyp = a_param in
@@ -222,7 +222,7 @@ let aggregator_call
name a_target.vorig_name;
let pname = if pname = "" then "param" else pname in
let vaggr, assigns =
- Build.array_init ~loc fundec scope pname ptyp args_middle
+ Build.array_init ~loc fundec ~ghost scope pname ptyp args_middle
in
let new_arg = Cil.mkAddrOrStartOf ~loc (Cil.var vaggr) in
let new_args = args_left @ [new_arg] @ args_right in
diff --git a/src/plugins/variadic/tests/declared/called_in_ghost.i b/src/plugins/variadic/tests/declared/called_in_ghost.i
new file mode 100644
index 0000000000000000000000000000000000000000..5526129011507eacfdd38c4dc89734cc8958e40d
--- /dev/null
+++ b/src/plugins/variadic/tests/declared/called_in_ghost.i
@@ -0,0 +1,18 @@
+/* run.config
+ OPT: -load-script tests/declared/called_in_ghost.ml -print
+*/
+
+/*@ assigns \nothing ; */
+void function(int e, ...);
+
+void foo(void){
+ //@ ghost function(1, 2, 3, 4);
+}
+
+/*@ assigns \nothing ; */
+int function_wr(int e, ...);
+
+void bar(void){
+ //@ ghost int x = function_wr(1, 2);
+ //@ ghost x = function_wr(1, 2);
+}
diff --git a/src/plugins/variadic/tests/declared/called_in_ghost.ml b/src/plugins/variadic/tests/declared/called_in_ghost.ml
new file mode 100755
index 0000000000000000000000000000000000000000..5f7f6383d20b8aadc71520d60afb92e081300b74
--- /dev/null
+++ b/src/plugins/variadic/tests/declared/called_in_ghost.ml
@@ -0,0 +1,40 @@
+open Cil_types
+
+class print =
+ object
+ inherit Visitor.frama_c_inplace
+
+ method! vglob_aux g =
+ begin match g with
+ | GFun(fd, _) ->
+ Kernel.feedback "%a is%s ghost"
+ Cil_datatype.Varinfo.pretty fd.svar
+ (if fd.svar.vghost then "" else " not")
+ | GFunDecl(_, vi, _) ->
+ Kernel.feedback "%a is%s ghost"
+ Cil_datatype.Varinfo.pretty vi
+ (if vi.vghost then "" else " not")
+ | _ -> ()
+ end ;
+ Cil.DoChildren
+
+ method! vstmt_aux s =
+ Kernel.feedback "%a is a%s ghost statement"
+ Cil_datatype.Stmt.pretty s
+ (if s.ghost then "" else " non")
+ ;
+ Cil.DoChildren
+
+ method! vvdec vi =
+ Kernel.feedback "%a is a%s ghost %s"
+ Cil_datatype.Varinfo.pretty vi
+ (if vi.vghost then "" else " non")
+ (if vi.vformal then "formal"
+ else if vi.vglob then "global"
+ else "local") ;
+ Cil.DoChildren
+ end
+
+let run () = Visitor.visitFramacFileSameGlobals (new print) (Ast.get())
+
+let () = Db.Main.extend run
diff --git a/src/plugins/variadic/tests/declared/oracle/called_in_ghost.res.oracle b/src/plugins/variadic/tests/declared/oracle/called_in_ghost.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..9d66c6a41ea99002a90858d315f8e28c160fcd49
--- /dev/null
+++ b/src/plugins/variadic/tests/declared/oracle/called_in_ghost.res.oracle
@@ -0,0 +1,88 @@
+[kernel] Parsing tests/declared/called_in_ghost.i (no preprocessing)
+[kernel] function is not ghost
+[kernel] function is a non ghost global
+[kernel] e is a non ghost formal
+[kernel] __va_params is a non ghost formal
+[kernel] foo is not ghost
+[kernel] foo is a non ghost global
+[kernel] __va_arg0 is a ghost local
+[kernel] __va_arg1 is a ghost local
+[kernel] __va_arg2 is a ghost local
+[kernel] __va_args is a ghost local
+[kernel] /*@ ghost
+ {
+ int __va_arg0 = 2;
+ int __va_arg1 = 3;
+ int __va_arg2 = 4;
+ void *__va_args[3] = {& __va_arg0, & __va_arg1, & __va_arg2};
+ function(1,(void * const *)(__va_args));
+ }
+ */ is a ghost statement
+[kernel] /*@ ghost int __va_arg0 = 2; */ is a ghost statement
+[kernel] /*@ ghost int __va_arg1 = 3; */ is a ghost statement
+[kernel] /*@ ghost int __va_arg2 = 4; */ is a ghost statement
+[kernel] /*@ ghost void *__va_args[3] = {& __va_arg0, & __va_arg1, & __va_arg2}; */ is a ghost statement
+[kernel] /*@ ghost function(1,(void * const *)(__va_args)); */ is a ghost statement
+[kernel] return; is a non ghost statement
+[kernel] function_wr is not ghost
+[kernel] function_wr is a non ghost global
+[kernel] e is a non ghost formal
+[kernel] __va_params is a non ghost formal
+[kernel] bar is not ghost
+[kernel] bar is a non ghost global
+[kernel] x is a ghost local
+[kernel] __va_arg0 is a ghost local
+[kernel] __va_args is a ghost local
+[kernel] __va_arg0_6 is a ghost local
+[kernel] __va_args_8 is a ghost local
+[kernel] /*@ ghost int __va_arg0 = 2; */ is a ghost statement
+[kernel] /*@ ghost void *__va_args[1] = {& __va_arg0}; */ is a ghost statement
+[kernel] /*@ ghost int x = function_wr(1,(void * const *)(__va_args)); */ is a ghost statement
+[kernel] /*@ ghost
+ {
+ int __va_arg0_6 = 2;
+ void *__va_args_8[1] = {& __va_arg0_6};
+ x = function_wr(1,(void * const *)(__va_args_8));
+ }
+ */ is a ghost statement
+[kernel] /*@ ghost int __va_arg0_6 = 2; */ is a ghost statement
+[kernel] /*@ ghost void *__va_args_8[1] = {& __va_arg0_6}; */ is a ghost statement
+[kernel] /*@ ghost x = function_wr(1,(void * const *)(__va_args_8)); */ is a ghost statement
+[kernel] return; is a non ghost statement
+/* Generated by Frama-C */
+/*@ assigns \nothing; */
+void function(int e, void * const *__va_params);
+
+void foo(void)
+{
+ /*@ ghost
+ {
+ int __va_arg0 = 2;
+ int __va_arg1 = 3;
+ int __va_arg2 = 4;
+ void *__va_args[3] = {& __va_arg0, & __va_arg1, & __va_arg2};
+ function(1,(void * const *)(__va_args));
+ }
+ */
+ return;
+}
+
+/*@ assigns \nothing; */
+int function_wr(int e, void * const *__va_params);
+
+void bar(void)
+{
+ /*@ ghost int __va_arg0 = 2; */
+ /*@ ghost void *__va_args[1] = {& __va_arg0}; */
+ /*@ ghost int x = function_wr(1,(void * const *)(__va_args)); */
+ /*@ ghost
+ {
+ int __va_arg0_6 = 2;
+ void *__va_args_8[1] = {& __va_arg0_6};
+ x = function_wr(1,(void * const *)(__va_args_8));
+ }
+ */
+ return;
+}
+
+
diff --git a/src/plugins/variadic/translate.ml b/src/plugins/variadic/translate.ml
index 6e7e7c7212514305affbbdb957b0f0facbb6de33..09765262adc9e10e8988d90531e5c9c387fc9c6a 100644
--- a/src/plugins/variadic/translate.ml
+++ b/src/plugins/variadic/translate.ml
@@ -140,19 +140,20 @@ let translate_variadics (file : file) =
let fundec = the self#current_func in
let loc = Cil_datatype.Instr.loc i in
let block = self#enclosing_block () in
+ let ghost = (the self#current_stmt).ghost in
let make_new_args mk_call f args =
let vf = Table.find classification f in
try
let call_translator = match vf.vf_class with
| Overload o -> Standard.overloaded_call ~fundec o
- | Aggregator a -> Standard.aggregator_call ~fundec a
+ | Aggregator a -> Standard.aggregator_call ~fundec ~ghost a
| FormatFun f -> Standard.format_fun_call ~fundec env f
| _ -> raise Standard.Translate_call_exn
in
call_translator block loc mk_call vf args
with Standard.Translate_call_exn ->
Generic.translate_call
- ~fundec block loc mk_call (Cil.evar ~loc f) args
+ ~fundec ~ghost block loc mk_call (Cil.evar ~loc f) args
in
begin match i with
| Call(_, {enode = Lval(Var vi, _)}, _, _)
@@ -181,7 +182,7 @@ let translate_variadics (file : file) =
if is_variadic then begin
let mk_call f args = Call (lv, f, args, loc) in
let res =
- Generic.translate_call ~fundec block loc mk_call callee args
+ Generic.translate_call ~fundec ~ghost block loc mk_call callee args
in
File.must_recompute_cfg fundec;
Cil.ChangeTo res
diff --git a/src/plugins/variadic/va_build.ml b/src/plugins/variadic/va_build.ml
index a5852d4a84d93ea6f773325fb1ed5b2bfa2fccb3..6084f167b9355dda50cfaf1115313ad5c14da2ae 100644
--- a/src/plugins/variadic/va_build.ml
+++ b/src/plugins/variadic/va_build.ml
@@ -41,11 +41,11 @@ let function_declaration ?vattr ~loc name typ mk_spec =
let vi_init ~loc vi exp = Local_init(vi, AssignInit (SingleInit exp), loc)
-let array_init ~loc fundec scope name elem_typ values =
+let array_init ~loc fundec ~ghost scope name elem_typ values =
let size = max (List.length values) 1 in (* In C, Array size >= 1 *)
let esize = Cil.integer ~loc size in
let typ = TArray (elem_typ, Some esize, Cil.empty_size_cache (), []) in
- let vi = Cil.makeLocalVar fundec ~scope name typ in
+ let vi = Cil.makeLocalVar fundec ~ghost ~scope name typ in
let initl =
match values with
| [] -> [ Index (Cil.zero ~loc, NoOffset), Cil.makeZeroInit ~loc elem_typ]
diff --git a/tests/cil/insert_formal.i b/tests/cil/insert_formal.i
index d6222ef953c9ff024b70b15790c0599661a69875..5b30c58d98030efe6ba865ee764fc5e8b7140d86 100644
--- a/tests/cil/insert_formal.i
+++ b/tests/cil/insert_formal.i
@@ -102,3 +102,40 @@ void a_ghost_b_c_a ( int a )/*@ ghost (int b, int c) */ {
void b_ghost_a_c_a ( int b )/*@ ghost (int a, int c) */ {
}
+
+/*@ ghost
+ // v
+ void g_void_circumflex( void ) {
+
+ }
+
+ // v
+ void g_void_dollar( void ) {
+
+ }
+
+ // v
+ void g_a_circumflex( int a ) {
+
+ }
+
+ // v
+ void g_a_dollar( int a ) {
+
+ }
+
+ // v
+ void g_a_a( int a ){
+
+ }
+
+ // v
+ void g_a_b_c_a (int a, int b, int c) {
+
+ }
+
+ // v
+ void g_b_a_c_a (int b, int a, int c) {
+
+ }
+*/
diff --git a/tests/cil/insert_formal.ml b/tests/cil/insert_formal.ml
index 0a0a7e013955303b51259055161c3e30a9526836..a4796d9b33bb2fdf068980b0230a25f860cba669 100644
--- a/tests/cil/insert_formal.ml
+++ b/tests/cil/insert_formal.ml
@@ -20,12 +20,16 @@ let update_func f =
let circ_g_list = [
"void_circumflex_g" ;
"a_circumflex_g" ;
- "ghost_a_circumflex_g"
+ "ghost_a_circumflex_g" ;
+ "g_void_circumflex" ;
+ "g_a_circumflex"
] in
let dollar_g_list = [
"void_dollar_g" ;
"a_dollar_g" ;
- "ghost_a_dollar_g"
+ "ghost_a_dollar_g" ;
+ "g_void_dollar" ;
+ "g_a_dollar"
] in
let a_list = [
"a_a" ;
@@ -37,7 +41,10 @@ let update_func f =
"ghost_a_a" ;
"all_ghost_a_b_c_a" ;
"all_ghost_b_a_c_a" ;
- "b_ghost_a_c_a"
+ "b_ghost_a_c_a" ;
+ "g_a_a" ;
+ "g_a_b_c_a" ;
+ "g_b_a_c_a"
] in
if List.mem f.svar.vname circ_list then ignore(insert_circ f) ;
if List.mem f.svar.vname dollar_list then ignore(insert_dollar f) ;
diff --git a/tests/cil/oracle/insert_formal.res.oracle b/tests/cil/oracle/insert_formal.res.oracle
index faefb89b04774d031958731f2df0f3da1dc8176c..06fe54925388a880fa643e2d843b97244abc567e 100644
--- a/tests/cil/oracle/insert_formal.res.oracle
+++ b/tests/cil/oracle/insert_formal.res.oracle
@@ -100,4 +100,53 @@ void b_ghost_a_c_a(int b) /*@ ghost (int a, int x, int c) */
return;
}
+/*@ ghost void g_void_circumflex(int x)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_void_dollar(int x)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_a_circumflex(int x, int a)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_a_dollar(int a, int x)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_a_a(int a, int x)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_a_b_c_a(int a, int x, int b, int c)
+ {
+ return;
+ }
+
+*/
+
+/*@ ghost void g_b_a_c_a(int b, int a, int x, int c)
+ {
+ return;
+ }
+
+*/
+
diff --git a/tests/pretty_printing/annotations.i b/tests/pretty_printing/annotations.i
index 1d80a03ba031afea73f4f4f1b3e9d306078df4e5..c42249060c9e8008387b530cc9fbdcd83a1fc92b 100644
--- a/tests/pretty_printing/annotations.i
+++ b/tests/pretty_printing/annotations.i
@@ -72,7 +72,7 @@ void function_with_ghost(int x) {
*/
}
-/* @ ghost TODO: reactivate this test when ghost-functions are supported
+/*@ ghost
/@
requires P(x) && x > 0 ;
ensures P(x) ;
@@ -104,10 +104,10 @@ void function_with_ghost(int x) {
}
*/
-/* @ ghost TODO: reactivate this test when ghost-functions are supported
+/*@ ghost
void function_declaration(int variable) ;
*/
void reference_function(void){
- // @ ghost function_declaration(42) ;
+ //@ ghost function_declaration(42) ;
}
diff --git a/tests/pretty_printing/oracle/annotations.res.oracle b/tests/pretty_printing/oracle/annotations.res.oracle
index e0259ac8679d28eb2dc45f1e187766a9979c90c7..1f621523d2d90cd6714bc1aa9c3021d60034e538 100644
--- a/tests/pretty_printing/oracle/annotations.res.oracle
+++ b/tests/pretty_printing/oracle/annotations.res.oracle
@@ -66,8 +66,43 @@ void function_with_ghost(int x)
return;
}
+/*@ ghost
+ /@ requires P(x) ∧ x > 0;
+ ensures P(\old(x)); @/
+ void ghost_function(int x)
+ {
+ int y = 0;
+ /@ loop invariant 0 ≤ y ≤ x;
+ loop assigns y;
+ loop variant x - y; @/
+ while (y < x) {
+ /@ assert y < x; @/
+ ;
+ y ++;
+ /@ assert y ≤ x; @/
+ ;
+ }
+ /@ assert y ≡ x; @/
+ ;
+ /@ requires y ≡ x;
+ ensures y ≢ x;
+ assigns y; @/
+ {
+ y --;
+ y *= 2;
+ }
+ /@ requires y ≥ 0; @/
+ y /= y;
+ return;
+ }
+
+*/
+
+/*@ ghost void function_declaration(int variable); */
+
void reference_function(void)
{
+ /*@ ghost function_declaration(42); */
return;
}
@@ -78,8 +113,10 @@ void reference_function(void)
def'n of func function_no_ghost at tests/pretty_printing/annotations.i:13 (sum 9297192) conflicts with the one at tests/pretty_printing/result/annotations.c:12 (sum 14988159); keeping the one at tests/pretty_printing/result/annotations.c:12.
[kernel] tests/pretty_printing/annotations.i:43: Warning:
def'n of func function_with_ghost at tests/pretty_printing/annotations.i:43 (sum 9297192) conflicts with the one at tests/pretty_printing/result/annotations.c:38 (sum 14988159); keeping the one at tests/pretty_printing/result/annotations.c:38.
+[kernel] tests/pretty_printing/annotations.i:80: Warning:
+ def'n of func ghost_function at tests/pretty_printing/annotations.i:80 (sum 9297192) conflicts with the one at tests/pretty_printing/result/annotations.c:71 (sum 14988159); keeping the one at tests/pretty_printing/result/annotations.c:71.
[kernel] tests/pretty_printing/annotations.i:111: Warning:
- dropping duplicate def'n of func reference_function at tests/pretty_printing/annotations.i:111 in favor of that at tests/pretty_printing/result/annotations.c:68
+ dropping duplicate def'n of func reference_function at tests/pretty_printing/annotations.i:111 in favor of that at tests/pretty_printing/result/annotations.c:102
/* Generated by Frama-C */
/*@ axiomatic A {
predicate P(ℤ x)
@@ -147,8 +184,43 @@ void function_with_ghost(int x)
return;
}
+/*@ ghost
+ /@ requires P(x) ∧ x > 0;
+ ensures P(\old(x)); @/
+ void ghost_function(int x)
+ {
+ int y = 0;
+ /@ loop invariant 0 ≤ y ≤ x;
+ loop assigns y;
+ loop variant x - y; @/
+ while (y < x) {
+ /@ assert y < x; @/
+ ;
+ y ++;
+ /@ assert y ≤ x; @/
+ ;
+ }
+ /@ assert y ≡ x; @/
+ ;
+ /@ requires y ≡ x;
+ ensures y ≢ x;
+ assigns y; @/
+ {
+ y --;
+ y *= 2;
+ }
+ /@ requires y ≥ 0; @/
+ y /= y;
+ return;
+ }
+
+*/
+
+/*@ ghost void function_declaration(int variable); */
+
void reference_function(void)
{
+ /*@ ghost function_declaration(42); */
return;
}
diff --git a/tests/spec/assigns_array.c b/tests/spec/assigns_array.c
index ae1e717e53bed3b7d2436d784cf0f4187a56a93d..c044389fd8aa335d00ecff39d25c189c94955b29 100644
--- a/tests/spec/assigns_array.c
+++ b/tests/spec/assigns_array.c
@@ -9,7 +9,7 @@
assigns ghost_loctable;
*/
-void acquire_lock(int m) { ghost_loctable[m]++; }
+void acquire_lock(int m) { /*@ ghost ghost_loctable[m]++; */ }
// The specification above should be accepted
/*@
@@ -18,7 +18,7 @@ void acquire_lock(int m) { ghost_loctable[m]++; }
ensures !ghost_loctable[m];
assigns ghost_loctable[..];
*/
-void release_lock(int m) { ghost_loctable[m]--; }
+void release_lock(int m) { /*@ ghost ghost_loctable[m]--; */ }
diff --git a/tests/spec/assigns_from_kf.i b/tests/spec/assigns_from_kf.i
index cf8f4228ed4bbb3f61a637e1508e6d97315ecbd9..1def9b69986ada84b2f0ffe0a1ba1544ac89120d 100644
--- a/tests/spec/assigns_from_kf.i
+++ b/tests/spec/assigns_from_kf.i
@@ -12,8 +12,17 @@ void something_ghost(void) /*@ ghost (int* p) */;
int something_non_ghost_r(int *p);
int something_ghost_r(void) /*@ ghost (int* p) */;
-void both(int* p, int x) /*@ ghost (int* gp, int gx) */;
-int both_r(int* p, int x) /*@ ghost (int* gp, int gx) */;
+void both(int *p, int x) /*@ ghost (int* gp, int gx) */;
+int both_r(int *p, int x) /*@ ghost (int* gp, int gx) */;
+
+/*@ ghost
+ void g_nothing(void);
+ int g_nothing_r(void);
+ void g_something_non_ghost(int *p);
+ int g_something_non_ghost_r(int *p);
+ void g_both(int *p, int x, int *gp, int gx);
+ int g_both_r(int *p, int x, int *gp, int gx);
+*/
void reference(void) {
nothing();
@@ -24,4 +33,13 @@ void reference(void) {
something_ghost_r() /*@ ghost (0) */;
both(0, 1) /*@ ghost (0, 2) */;
both_r(0, 1) /*@ ghost (0, 2) */;
+
+ /*@ ghost
+ g_nothing();
+ g_nothing_r();
+ g_something_non_ghost(0);
+ g_something_non_ghost_r(0);
+ g_both(0, 1, 0, 2);
+ g_both_r(0, 1, 0, 2);
+ */
}
\ No newline at end of file
diff --git a/tests/spec/oracle/assigns_array.res.oracle b/tests/spec/oracle/assigns_array.res.oracle
index 4a571e41bf10b05c1f1fcdd69cf45181decc140a..6e4846e218d9c35e30edec7a74b34aa5e7f1492c 100644
--- a/tests/spec/oracle/assigns_array.res.oracle
+++ b/tests/spec/oracle/assigns_array.res.oracle
@@ -5,7 +5,7 @@
/*@ ghost int ghost_loctable[100]; */
void acquire_lock(int m)
{
- (ghost_loctable[m]) ++;
+ /*@ ghost (ghost_loctable[m]) ++; */
return;
}
@@ -16,7 +16,7 @@ void acquire_lock(int m)
*/
void release_lock(int m)
{
- (ghost_loctable[m]) --;
+ /*@ ghost (ghost_loctable[m]) --; */
return;
}
diff --git a/tests/spec/oracle/assigns_from_kf.res.oracle b/tests/spec/oracle/assigns_from_kf.res.oracle
index ac10b7070c2d88b55fd1b456f5a3a9ac30099cdf..1f02fd47e908d4d2eef0496fb797738d2723bb46 100644
--- a/tests/spec/oracle/assigns_from_kf.res.oracle
+++ b/tests/spec/oracle/assigns_from_kf.res.oracle
@@ -1,19 +1,31 @@
[kernel] Parsing tests/spec/assigns_from_kf.i (no preprocessing)
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function both, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function both_r, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_both, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_both_r, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_nothing, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_nothing_r, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_something_non_ghost, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
+ Neither code nor specification for function g_something_non_ghost_r, generating default assigns from the prototype
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function nothing, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function nothing_r, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function something_ghost, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function something_ghost_r, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function something_non_ghost, generating default assigns from the prototype
-[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:18: Warning:
+[kernel:annot:missing-spec] tests/spec/assigns_from_kf.i:27: Warning:
Neither code nor specification for function something_non_ghost_r, generating default assigns from the prototype
/* Generated by Frama-C */
/*@ assigns \nothing; */
@@ -55,6 +67,40 @@ void both(int *p, int x) /*@ ghost (int *gp, int gx) */;
*/
int both_r(int *p, int x) /*@ ghost (int *gp, int gx) */;
+/*@ ghost /@ assigns \nothing; @/
+void g_nothing(void); */
+
+/*@ ghost
+/@ assigns \result;
+ assigns \result \from \nothing; @/
+int g_nothing_r(void); */
+
+/*@ ghost
+/@ assigns *p;
+ assigns *p \from *p; @/
+void g_something_non_ghost(int *p); */
+
+/*@ ghost
+/@ assigns \result, *p;
+ assigns \result \from *p;
+ assigns *p \from *p; @/
+int g_something_non_ghost_r(int *p); */
+
+/*@ ghost
+/@ assigns *p, *gp;
+ assigns *p \from *p, *gp, x, gx;
+ assigns *gp \from *p, *gp, x, gx;
+ @/
+void g_both(int *p, int x, int *gp, int gx); */
+
+/*@ ghost
+/@ assigns \result, *p, *gp;
+ assigns \result \from *p, *gp, x, gx;
+ assigns *p \from *p, *gp, x, gx;
+ assigns *gp \from *p, *gp, x, gx;
+ @/
+int g_both_r(int *p, int x, int *gp, int gx); */
+
void reference(void)
{
nothing();
@@ -65,6 +111,12 @@ void reference(void)
something_ghost_r() /*@ ghost ((int *)0) */;
both((int *)0,1) /*@ ghost ((int *)0,2) */;
both_r((int *)0,1) /*@ ghost ((int *)0,2) */;
+ /*@ ghost g_nothing(); */
+ /*@ ghost g_nothing_r(); */
+ /*@ ghost g_something_non_ghost((int *)0); */
+ /*@ ghost g_something_non_ghost_r((int *)0); */
+ /*@ ghost g_both((int *)0,1,(int *)0,2); */
+ /*@ ghost g_both_r((int *)0,1,(int *)0,2); */
return;
}
diff --git a/tests/syntax/ghost_local_capture.i b/tests/syntax/ghost_local_capture.i
new file mode 100644
index 0000000000000000000000000000000000000000..32c520c6903772d10c42df68b0d1d6003273b101
--- /dev/null
+++ b/tests/syntax/ghost_local_capture.i
@@ -0,0 +1,28 @@
+void titi() {
+ int c = 0; {
+ L0: ;
+ /*@ ghost int c = 1; */
+ L1: ;
+ c = 2;
+ /*@ assert c == 1; */
+ /*@ assert \at(c,L0) == 0; */
+ /*@ assert \at(c,L1) == 1; */
+ }
+ /*@ assert c == 2; */
+}
+
+void toto() {
+ /*@ ghost int c = 1; */ {
+ L0: ;
+ int c = 0;
+ L1: ;
+ c = 2;
+ /*@ assert c == 2; */
+ /*@ assert \at(c,L0) == 1; */
+ /*@ assert \at(c,L1) == 0; */
+ }
+ /*@ assert c == 1; */
+}
+
+/*@ ghost int x; */
+/*@ ghost void f() { x++; } */
diff --git a/tests/syntax/ghost_local_ill_formed.i b/tests/syntax/ghost_local_ill_formed.i
new file mode 100644
index 0000000000000000000000000000000000000000..d3d786b2880f1a69d94a0826f3379c43ea25f692
--- /dev/null
+++ b/tests/syntax/ghost_local_ill_formed.i
@@ -0,0 +1,18 @@
+void titi() {
+ int c = 0;
+ L0: ;
+ /* ill-formed: in ghost mode, we have two local c in the same scope. */
+ /*@ ghost int c = 1; */
+ L1: ;
+ c = 2;
+ /*@ assert c == 1; */
+ /*@ assert \at(c,L0) == 0; */
+ /*@ assert \at(c,L1) == 1; */
+ /*@ assert c == 2; */
+}
+
+void toto () {
+ //@ ghost int c = 0;
+ // ill-formed: the instruction should be ghost as well
+ c++;
+}
diff --git a/tests/syntax/inconsistent_global_ghost_spec.c b/tests/syntax/inconsistent_global_ghost_spec.c
new file mode 100644
index 0000000000000000000000000000000000000000..8a3aa44011c7c8c8bfa1693b57631cdc8f5b5f1a
--- /dev/null
+++ b/tests/syntax/inconsistent_global_ghost_spec.c
@@ -0,0 +1,50 @@
+/* run.config
+OPT: -cpp-extra-args="-DNON_GHOST_DECL_GHOST_DEF"
+OPT: -cpp-extra-args="-DGHOST_DECL_NON_GHOST_DEF"
+OPT: -cpp-extra-args="-DGHOST_DEF_NON_GHOST_DECL"
+OPT: -cpp-extra-args="-DNON_GHOST_DEF_GHOST_DECL"
+*/
+
+#ifdef NON_GHOST_DECL_GHOST_DEF
+
+void function(void) ;
+/*@ ghost void function(void){ } */
+
+void user(void){
+ function();
+}
+
+#endif
+
+#ifdef GHOST_DECL_NON_GHOST_DEF
+
+/*@ ghost void function(void) ; */
+void function(void){ }
+
+void user(void){
+ function();
+}
+
+#endif
+
+#ifdef GHOST_DEF_NON_GHOST_DECL
+
+/*@ ghost void function(void){ } */
+void function(void) ;
+
+void user(void){
+ function();
+}
+
+#endif
+
+#ifdef NON_GHOST_DEF_GHOST_DECL
+
+void function(void){ }
+/*@ ghost void function(void) ; */
+
+void user(void){
+ function();
+}
+
+#endif
diff --git a/tests/syntax/oracle/arg_type.res.oracle b/tests/syntax/oracle/arg_type.res.oracle
index 8fe99704dddfeb6373d5662d551a2cf3d4a27bd6..6115193a5c10236f87e3870997085ea9c3cd53a8 100644
--- a/tests/syntax/oracle/arg_type.res.oracle
+++ b/tests/syntax/oracle/arg_type.res.oracle
@@ -2,6 +2,6 @@
[kernel] tests/syntax/arg_type.i:15: User Error:
Declaration of g does not match previous declaration from tests/syntax/arg_type.i:13 (different integer types:
'int' and 'short').
-[kernel] tests/syntax/arg_type.i:15: Failure: Cannot resolve variable x
+[kernel] tests/syntax/arg_type.i:15: User Error: Cannot resolve variable x
[kernel] User Error: stopping on file "tests/syntax/arg_type.i" that has errors.
[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/cert_msc_38.0.res.oracle b/tests/syntax/oracle/cert_msc_38.0.res.oracle
index 9824fc415ba8a6638ce69e45071d9feaaffb3cf8..f6f03be6c14ed3c35391fa7938fb7d3ddebec501 100644
--- a/tests/syntax/oracle/cert_msc_38.0.res.oracle
+++ b/tests/syntax/oracle/cert_msc_38.0.res.oracle
@@ -1,7 +1,8 @@
[kernel] Parsing tests/syntax/cert_msc_38.c (with preprocessing)
[kernel:CERT:MSC:38] Warning:
assert is a standard macro. Its definition cannot be suppressed, see CERT C coding rules MSC38-C
-[kernel] tests/syntax/cert_msc_38.c:25: Failure: Cannot resolve variable assert
+[kernel] tests/syntax/cert_msc_38.c:25: User Error:
+ Cannot resolve variable assert
[kernel] User Error: stopping on file "tests/syntax/cert_msc_38.c" that has errors. Add
'-kernel-msg-key pp' for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/cert_msc_38.3.res.oracle b/tests/syntax/oracle/cert_msc_38.3.res.oracle
index e7e3e470dbc12dbddfdfa9b61a0552e0c6caa953..f85b07111ff8c9a4ee739e586920a7ccaf5427f4 100644
--- a/tests/syntax/oracle/cert_msc_38.3.res.oracle
+++ b/tests/syntax/oracle/cert_msc_38.3.res.oracle
@@ -1,7 +1,7 @@
[kernel] Parsing tests/syntax/cert_msc_38.c (with preprocessing)
[kernel:CERT:MSC:38] Warning:
va_start is a standard macro. Its definition cannot be suppressed, see CERT C coding rules MSC38-C
-[kernel] tests/syntax/cert_msc_38.c:42: Failure:
+[kernel] tests/syntax/cert_msc_38.c:42: User Error:
Cannot resolve variable va_start
[kernel] User Error: stopping on file "tests/syntax/cert_msc_38.c" that has errors. Add
'-kernel-msg-key pp' for preprocessing command.
diff --git a/tests/syntax/oracle/cert_msc_38.4.res.oracle b/tests/syntax/oracle/cert_msc_38.4.res.oracle
index 47e5a66d0b30560faa89927c75d1b68a891c2297..e8c0de5ba19c8a5268c8afd7424d7798582d8ece 100644
--- a/tests/syntax/oracle/cert_msc_38.4.res.oracle
+++ b/tests/syntax/oracle/cert_msc_38.4.res.oracle
@@ -1,7 +1,8 @@
[kernel] Parsing tests/syntax/cert_msc_38.c (with preprocessing)
[kernel:CERT:MSC:38] Warning:
va_copy is a standard macro. Its definition cannot be suppressed, see CERT C coding rules MSC38-C
-[kernel] tests/syntax/cert_msc_38.c:46: Failure: Cannot resolve variable va_copy
+[kernel] tests/syntax/cert_msc_38.c:46: User Error:
+ Cannot resolve variable va_copy
[kernel] User Error: stopping on file "tests/syntax/cert_msc_38.c" that has errors. Add
'-kernel-msg-key pp' for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/cert_msc_38.5.res.oracle b/tests/syntax/oracle/cert_msc_38.5.res.oracle
index 84140cf482f8f33089ab52ebbbedadda5cc7d1b3..7d12efef5671c40bc453c63227ae6e853fa92584 100644
--- a/tests/syntax/oracle/cert_msc_38.5.res.oracle
+++ b/tests/syntax/oracle/cert_msc_38.5.res.oracle
@@ -1,7 +1,8 @@
[kernel] Parsing tests/syntax/cert_msc_38.c (with preprocessing)
[kernel:CERT:MSC:38] Warning:
va_arg is a standard macro. Its definition cannot be suppressed, see CERT C coding rules MSC38-C
-[kernel] tests/syntax/cert_msc_38.c:50: Failure: Cannot resolve variable va_arg
+[kernel] tests/syntax/cert_msc_38.c:50: User Error:
+ Cannot resolve variable va_arg
[kernel] User Error: stopping on file "tests/syntax/cert_msc_38.c" that has errors. Add
'-kernel-msg-key pp' for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/cert_msc_38.6.res.oracle b/tests/syntax/oracle/cert_msc_38.6.res.oracle
index c90f405e1df64605330a7cc7a9e68daaf5bbc7be..cbd86b6a84b58691348f42db7f3a6910952c20de 100644
--- a/tests/syntax/oracle/cert_msc_38.6.res.oracle
+++ b/tests/syntax/oracle/cert_msc_38.6.res.oracle
@@ -1,7 +1,8 @@
[kernel] Parsing tests/syntax/cert_msc_38.c (with preprocessing)
[kernel:CERT:MSC:38] Warning:
va_end is a standard macro. Its definition cannot be suppressed, see CERT C coding rules MSC38-C
-[kernel] tests/syntax/cert_msc_38.c:54: Failure: Cannot resolve variable va_end
+[kernel] tests/syntax/cert_msc_38.c:54: User Error:
+ Cannot resolve variable va_end
[kernel] User Error: stopping on file "tests/syntax/cert_msc_38.c" that has errors. Add
'-kernel-msg-key pp' for preprocessing command.
[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/ghost_local_capture.res.oracle b/tests/syntax/oracle/ghost_local_capture.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..9ec3c5e8a407511204a83f21caa661beb0f7c832
--- /dev/null
+++ b/tests/syntax/oracle/ghost_local_capture.res.oracle
@@ -0,0 +1,44 @@
+[kernel] Parsing tests/syntax/ghost_local_capture.i (no preprocessing)
+/* Generated by Frama-C */
+void titi(void)
+{
+ int c = 0;
+ {
+ L0: ;
+ /*@ ghost int c_0 = 1; */
+ L1: ;
+ c = 2;
+ /*@ assert c_0 ≡ 1; */ ;
+ /*@ assert \at(c,L0) ≡ 0; */ ;
+ /*@ assert \at(c_0,L1) ≡ 1; */ ;
+ }
+ /*@ assert c ≡ 2; */ ;
+ return;
+}
+
+void toto(void)
+{
+ /*@ ghost int c_0 = 1; */
+ {
+ L0: ;
+ int c = 0;
+ L1: ;
+ c = 2;
+ /*@ assert c ≡ 2; */ ;
+ /*@ assert \at(c_0,L0) ≡ 1; */ ;
+ /*@ assert \at(c,L1) ≡ 0; */ ;
+ }
+ /*@ assert c_0 ≡ 1; */ ;
+ return;
+}
+
+/*@ ghost int x; */
+/*@ ghost void f(void)
+ {
+ x ++;
+ return;
+ }
+
+*/
+
+
diff --git a/tests/syntax/oracle/ghost_local_ill_formed.res.oracle b/tests/syntax/oracle/ghost_local_ill_formed.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..f1017ea0fd6d2995e921f0f11b879852e02a5d53
--- /dev/null
+++ b/tests/syntax/oracle/ghost_local_ill_formed.res.oracle
@@ -0,0 +1,8 @@
+[kernel] Parsing tests/syntax/ghost_local_ill_formed.i (no preprocessing)
+[kernel] tests/syntax/ghost_local_ill_formed.i:5: User Error:
+ redefinition of 'c' in the same scope.
+ Previous declaration was at tests/syntax/ghost_local_ill_formed.i:2
+[kernel] tests/syntax/ghost_local_ill_formed.i:17: User Error:
+ Variable c is a ghost symbol. It cannot be used in non-ghost context. Did you forget a /*@ ghost ... /?
+[kernel] User Error: stopping on file "tests/syntax/ghost_local_ill_formed.i" that has errors.
+[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/inconsistent_global_ghost_spec.0.res.oracle b/tests/syntax/oracle/inconsistent_global_ghost_spec.0.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..1a6ff7363d29f6dc41109ee9f63bf417d1cd00bd
--- /dev/null
+++ b/tests/syntax/oracle/inconsistent_global_ghost_spec.0.res.oracle
@@ -0,0 +1,13 @@
+[kernel] Parsing tests/syntax/inconsistent_global_ghost_spec.c (with preprocessing)
+[kernel] tests/syntax/inconsistent_global_ghost_spec.c:11: User Error:
+ Inconsistent ghost specification for function.
+ Previous declaration was at: tests/syntax/inconsistent_global_ghost_spec.c:10
+ 9
+ 10 void function(void) ;
+ 11 /*@ ghost void function(void){ } */
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ 12
+ 13 void user(void){
+[kernel] User Error: stopping on file "tests/syntax/inconsistent_global_ghost_spec.c" that has
+ errors. Add '-kernel-msg-key pp' for preprocessing command.
+[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/inconsistent_global_ghost_spec.1.res.oracle b/tests/syntax/oracle/inconsistent_global_ghost_spec.1.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..f44d69202405c7ad9edec60736f181877f8dc38d
--- /dev/null
+++ b/tests/syntax/oracle/inconsistent_global_ghost_spec.1.res.oracle
@@ -0,0 +1,13 @@
+[kernel] Parsing tests/syntax/inconsistent_global_ghost_spec.c (with preprocessing)
+[kernel] tests/syntax/inconsistent_global_ghost_spec.c:22: User Error:
+ Inconsistent ghost specification for function.
+ Previous declaration was at: tests/syntax/inconsistent_global_ghost_spec.c:21
+ 20
+ 21 /*@ ghost void function(void) ; */
+ 22 void function(void){ }
+ ^^^^^^^^^^^^^^^^^^^^^^
+ 23
+ 24 void user(void){
+[kernel] User Error: stopping on file "tests/syntax/inconsistent_global_ghost_spec.c" that has
+ errors. Add '-kernel-msg-key pp' for preprocessing command.
+[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/inconsistent_global_ghost_spec.2.res.oracle b/tests/syntax/oracle/inconsistent_global_ghost_spec.2.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..ce9a25fb88246f4983f60c6aff87c3dc00ddd89c
--- /dev/null
+++ b/tests/syntax/oracle/inconsistent_global_ghost_spec.2.res.oracle
@@ -0,0 +1,13 @@
+[kernel] Parsing tests/syntax/inconsistent_global_ghost_spec.c (with preprocessing)
+[kernel] tests/syntax/inconsistent_global_ghost_spec.c:33: User Error:
+ Inconsistent ghost specification for function.
+ Previous declaration was at: tests/syntax/inconsistent_global_ghost_spec.c:32
+ 31
+ 32 /*@ ghost void function(void){ } */
+ 33 void function(void) ;
+ ^^^^^^^^^^^^^^^^^^^^^
+ 34
+ 35 void user(void){
+[kernel] User Error: stopping on file "tests/syntax/inconsistent_global_ghost_spec.c" that has
+ errors. Add '-kernel-msg-key pp' for preprocessing command.
+[kernel] Frama-C aborted: invalid user input.
diff --git a/tests/syntax/oracle/inconsistent_global_ghost_spec.3.res.oracle b/tests/syntax/oracle/inconsistent_global_ghost_spec.3.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..70bc963d684bac791353879db43ce3a7d2421e1a
--- /dev/null
+++ b/tests/syntax/oracle/inconsistent_global_ghost_spec.3.res.oracle
@@ -0,0 +1,13 @@
+[kernel] Parsing tests/syntax/inconsistent_global_ghost_spec.c (with preprocessing)
+[kernel] tests/syntax/inconsistent_global_ghost_spec.c:44: User Error:
+ Inconsistent ghost specification for function.
+ Previous declaration was at: tests/syntax/inconsistent_global_ghost_spec.c:43
+ 42
+ 43 void function(void){ }
+ 44 /*@ ghost void function(void) ; */
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ 45
+ 46 void user(void){
+[kernel] User Error: stopping on file "tests/syntax/inconsistent_global_ghost_spec.c" that has
+ errors. Add '-kernel-msg-key pp' for preprocessing command.
+[kernel] Frama-C aborted: invalid user input.