diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f27809a2c512f0e9e41bac352104fd0197a30e0d..07877a1ee98ab6bc2ab2f1a465cd25465a238be9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -184,25 +184,10 @@ internal_nightly:
tags:
- nix
-frama-c-ocaml-4.09:
- variables:
- OCAML: "4_09"
- <<: *frama-c-ocaml
- only:
- - schedules
-
-frama-c-ocaml-4.12:
- variables:
- OCAML: "4_12"
- <<: *frama-c-ocaml
-
-# check compatibility with future OCaml version
frama-c-ocaml-4.13:
variables:
OCAML: "4_13"
<<: *frama-c-ocaml
- allow_failure: true
-
caveat-importer:
stage: tests
diff --git a/headers/header_spec.txt b/headers/header_spec.txt
index c77ac35916f2a607fe15fddb2a9b7803144a24f8..4397a53ffb823e5f3b17f17261cd7ab30b86e436 100644
--- a/headers/header_spec.txt
+++ b/headers/header_spec.txt
@@ -1738,6 +1738,8 @@ src/plugins/wp/TacBittest.ml: CEA_WP
src/plugins/wp/TacBittest.mli: CEA_WP
src/plugins/wp/TacChoice.ml: CEA_WP
src/plugins/wp/TacChoice.mli: CEA_WP
+src/plugins/wp/TacClear.ml: CEA_WP
+src/plugins/wp/TacClear.mli: CEA_WP
src/plugins/wp/TacCongruence.ml: CEA_WP
src/plugins/wp/TacCongruence.mli: CEA_WP
src/plugins/wp/TacCompound.ml: CEA_WP
diff --git a/ptests/ptests.ml b/ptests/ptests.ml
index 6ea8fbd5ec4f6ff0ee0c1d75713d3c3c48bf674c..0908d3a500eab8e128bfb294e5da371107a2f536 100644
--- a/ptests/ptests.ml
+++ b/ptests/ptests.ml
@@ -157,11 +157,25 @@ let print_default_env fmt =
List.iter (fun (x,y) -> Format.fprintf fmt "%s = \"%s\"@\n" x y) l;
Format.fprintf fmt "@]"
-let default_env var value =
+let get_default_env var value =
try
let v = Unix.getenv var in
- add_default_env (var ^ " (set from outside)") v
- with Not_found -> add_env var value
+ add_default_env (var ^ " (set from outside)") v;
+ v
+ with Not_found -> add_env var value ; value
+
+let default_env var value = ignore (get_default_env var value)
+
+let get_default_env_of_int var value =
+ try
+ int_of_string (get_default_env var (string_of_int value))
+ with _ -> value
+
+(* 0 -> no change
+ 1 -> apply a filter (about pathname) to prepare oracles
+ 2 -> run tests from result directories (except make command)
+*)
+let dune_mode = ref (get_default_env_of_int "PTEST_DUNE_MODE" 0)
(** the name of the directory-wide configuration file*)
let dir_config_file = "test_config"
@@ -218,6 +232,36 @@ let unlink ?(silent = true) file =
| Unix_error (ENOENT,_,_) -> () (* Ignore "No such file or directory" *)
| Unix_error _ as e -> output_unix_error e
+let fail s =
+ Format.printf "Error: %s@." s;
+ exit 2
+
+let is_nonexisting_link filename =
+ let open Unix in
+ try
+ match (lstat filename).st_kind with
+ | S_LNK -> false
+ | _ -> fail ("Existing result file with the same name than one in the upper directory:" ^ filename)
+ with
+ | Unix_error (UnixLabels.ENOENT, _, _) -> (* file does not exist *)
+ true
+ | Unix_error _ as e ->
+ output_unix_error e;
+ raise e
+
+let is_nonexisting_file filename =
+ let open Unix in
+ try
+ match (lstat filename).st_kind with
+ | S_REG -> false
+ | _ -> fail ("Existing result file with the same name than one in the upper directory:" ^ filename)
+ with
+ | Unix_error (UnixLabels.ENOENT, _, _) -> (* file does not exist *)
+ true
+ | Unix_error _ as e ->
+ output_unix_error e;
+ raise e
+
let is_file_empty_or_nonexisting filename =
let open Unix in
try
@@ -238,7 +282,9 @@ let base_path = Filename.current_dir_name
(** Command-line flags *)
type behavior = Examine | Update | Run | Show | Gui
-let behavior = ref Run
+let behavior = ref (if 1 = (get_default_env_of_int "PTEST_UPDATE" 0)
+ then Update else Run)
+
let verbosity = ref 0
let dry_run = ref false
let use_byte = ref false
@@ -251,7 +297,7 @@ let do_make = ref "make"
let n = ref 4 (* the level of parallelism *)
(** special configuration, with associated oracles *)
-let special_config = ref ""
+let special_config = ref (get_default_env "PTEST_CONFIG" "")
let do_error_code = ref false
let xunit = ref false
@@ -307,7 +353,8 @@ let example_msg =
# NB: a dependency to the included files can be added with this directive.@ \
# That is not necessary for files mentioned into the command or options when using the %%{dep:<file>} feature of dune.@]@ \
LOG: <file>... @[<v 0># Defines targets built by the next sub-test command.@]@ \
- CMD: <command> @[<v 0># Defines the command to execute for all tests in order to get results to be compared to oracles.@]@ \
+ CMD: <command> @[<v 0># Defines the command to execute for all tests in order to get results to be compared to oracles.@ \
+ # NB: the dune feature %%{bin:tool} has to be used to access to a tool of the binary directory of Frama-C.@]@ \
OPT: <options> @[<v 0># Defines a sub-test using the 'CMD' definition: <command> <options>@]@ \
STDOPT: -\"<extra>\" @[<v 0># Defines a sub-test and remove the extra from the current option.@ \
# NB: current version does not allow to remove a multiple-extra-argument.@]@ \
@@ -320,7 +367,7 @@ let example_msg =
# An empty command drops the previous FILTER directives.@ \
# NB: in such a command, the @@PTEST_ORACLE@@ macro is set to the basename of the oracle.@ \
# This allows running a 'diff' command with the oracle of another test configuration:@ \
- # FILTER: diff --new-file @@PTEST_DIR@@/oracle_configuration/@@PTEST_ORACLE@@ @]@ \
+ # FILTER: diff --new-file @@PTEST_SUITE_DIR@@/oracle_configuration/@@PTEST_ORACLE@@ @]@ \
TIMEOUT: <delay> @[<v 0># Set a timeout for all sub-test.@]@ \
NOFRAMAC: @[<v 0># Drops previous sub-test definitions and considers that there is no defined default sub-test.@]@ \
GCC: @[<v 0># Deprecated.@]@ \
@@ -334,18 +381,20 @@ let example_msg =
@]@ \
@[<v 1>\
Some predefined macros can be used in test commands:@ \
- @@PTEST_DIR@@ # Dirname of the test file.@ \
+ @@PTEST_DIR@@ # Path to the test file from the execution directory (depends from -dune-mode option).@ \
@@PTEST_FILE@@ # Substituted by the test filename.@ \
@@PTEST_NAME@@ # Basename of the test file.@ \
@@PTEST_NUMBER@@ # Test command number.@ \
@@PTEST_CONFIG@@ # Test configuration suffix.@ \
- @@PTEST_RESULT@@ # Shorthand alias to '@@PTEST_DIR@@/result@@PTEST_CONFIG@@' (the result directory dedicated to the tested configuration).@ \
+ @@PTEST_SUITE_DIR@@ # Path to the directory contained the source of the test file (depends from -dune-mode option).@ \
+ @@PTEST_RESULT@@ # Shorthand alias to '@@PTEST_SUITE_DIR@@/result@@PTEST_CONFIG@@' (the result directory dedicated to the tested configuration).@ \
@@PTEST_ORACLE@@ # Basename of the current oracle file (macro only usable in FILTER directives).@ \
@@PTEST_DEPS@@ # Current list of dependencies defined by the DEPS directive.@ \
@@PTEST_LIBS@@ # Current list of modules defined by the LIBS directive.@ \
@@PTEST_MODULE@@ # Current list of modules defined by the MODULE directive.@ \
@@PTEST_PLUGIN@@ # Current list of plugins defined by the PLUGIN directive.@ \
@@PTEST_SCRIPT@@ # Current list of ML scripts defined by the SCRIPT directive.@ \
+ @@PTEST_SHARE_DIR@@ # Shorthand alias to '@@PTEST_SUITE_DIR@@/../../share (the share directory related to the test suite).@ \
@]@ \
Other macros can only be used in test commands (CMD and EXECNOW directives):@ \
@@PTEST_DEFAULT_OPTIONS@@ # The default option list: %s@ \
@@ -392,7 +441,8 @@ let rec argspec =
) ,
" Start the tests in Frama-C's gui.";
"-update", Arg.Unit (fun () -> behavior := Update) ,
- " Take the current logs as oracles.";
+ " Take the current logs as oracles. \
+ \n NB: the default value can be modified in setting the environment variable PTEST_UPDATE to 1";
"-show", Arg.Unit (fun () -> behavior := Show) ,
" Show the results of the tests.";
"-run", Arg.Unit (fun () -> behavior := Run) ,
@@ -423,7 +473,8 @@ let rec argspec =
"-opt", Arg.Clear use_byte,
" Use native toplevel (default)";
"-config", Arg.Set_string special_config,
- " <name> Use special configuration and oracles";
+ " <name> Use special configuration and oracles \
+ \n NB: the default value can be modified in setting the environment variable PTEST_CONFIG";
"-add-options", Arg.Set_string macro_post_options,
"<options> Add additional options to be passed to the toplevels \
that will be launched. <options> are added after standard test options";
@@ -438,6 +489,12 @@ let rec argspec =
" Create a xUnit file named xunit.xml collecting results";
"-error-code", Arg.Set do_error_code,
" Exit with error code 1 if tests failed (useful for scripts)";
+ "-dune-mode", Arg.Set_int dune_mode,
+ " <mode> Run test commands: \
+ \n 0 -> from the plugin or frama-c directory \
+ \n 1 -> same as mode 0 with some extra ptest directives giving results closer to those obtained with the mode 2 \
+ \n 2 -> from the result directories of the current configuration \
+ \n NB: the default value can be modified in setting the environment variable PTEST_DUNE_MODE";
]
and help_msg () = Arg.usage (Arg.align argspec) umsg;;
@@ -451,10 +508,6 @@ let () =
) @ ["", Arg.Unit (fun () -> ()), example_msg;])
make_test_suite umsg
-let fail s =
- Format.printf "Error: %s@." s;
- exit 2
-
(** split the filename into before including "tests" dir and after including "tests" dir
NOTA: both part contains "tests" (one as suffix the other as prefix).
*)
@@ -623,6 +676,49 @@ end = struct
end
+let mk_symbolic_link =
+ let symlink = match !dune_mode with
+ | 0 | 1 -> fun ~unlink ~to_dir ~link_dst:_ ~link ->
+ if unlink then begin
+ if !verbosity >= 4 then lock_printf "removing symbolic link %s/%s@." (Unix.getcwd ()) link;
+ Unix.unlink link;
+ end
+ | _ -> fun ~unlink ~to_dir ~link_dst ~link ->
+ if !verbosity >= 4 then lock_printf "creating symbolic link %s/%s -> %s@." (Unix.getcwd ()) link link_dst;
+ if unlink then
+ Unix.unlink link;
+ Unix.symlink ~to_dir link_dst link
+ in
+ let symlink_there = match !dune_mode with
+ | 0 | 1 -> fun ~link ->
+ if !verbosity >= 4 then lock_printf "removing symbolic link %s/%s@." (Unix.getcwd ()) link;
+ Unix.unlink link
+ | _ -> fun ~link:_ -> ()
+ in
+ let regexp_ignored_dir = Str.regexp "^\\(result\\|oracle\\)" in
+ if not (Unix.has_symlink ()) then
+ fail "unable to create symbolic links!";
+ fun directory file ->
+ let dst = SubDir.make_file directory file in
+ let infos = Unix.stat dst in
+ let link = SubDir.make_result_file directory file in
+ let link_dst = "../" ^ file in
+ let mk_symlink ~to_dir =
+ if is_nonexisting_link link then (* not there *)
+ symlink ~unlink:false ~to_dir ~link_dst ~link
+ else if String.(link_dst <> (Unix.readlink link)) then (* goes elsewhere *)
+ symlink ~unlink:true ~to_dir ~link_dst ~link
+ else symlink_there link (* is already there *)
+ in
+ match infos.st_kind with
+ | Unix.S_LNK
+ | Unix.S_REG ->
+ mk_symlink ~to_dir:false
+ | Unix.S_DIR ->
+ if str_string_match regexp_ignored_dir file 0 then ()
+ else mk_symlink ~to_dir:true
+ | _ -> ()
+
type does_expand = {
has_ptest_file : bool;
has_ptest_opt : bool;
@@ -733,6 +829,7 @@ end
type execnow =
{
ex_cmd: string; (** command to launch *)
+ ex_make_cmd: bool; (** is it a make command *)
ex_macros: Macros.t; (** current macros *)
ex_log: string list; (** log files *)
ex_bin: string list; (** bin files *)
@@ -752,6 +849,7 @@ type execnow =
(** configuration of a directory/test. *)
type cmd = {
toplevel: string;
+ make_cmd: bool; (** is it a make command *)
opts: string;
macros: Macros.t;
exit_code: string option;
@@ -812,6 +910,16 @@ let launch command_string =
let dev_null = if Sys.os_type = "Win32" then "NUL" else "/dev/null"
+let default_filter = match !dune_mode with
+ | 1 -> Some "sed -e \"s| share/| FRAMAC_SHARE/|g; s|@PTEST_DIR@/||g; s|result@PTEST_CONFIG@/||g\""
+ | _ -> None
+
+let log_default_filter = match default_filter with
+ | Some filter ->
+ let redirection = Str.regexp " > " in
+ fun s -> str_global_replace redirection (" | " ^ filter ^ " > ") s
+ | None -> fun s -> s
+
module Test_config: sig
val scan_directives: drop:bool ->
SubDir.t -> file:string -> Scanf.Scanning.in_channel -> config -> config
@@ -819,13 +927,18 @@ module Test_config: sig
val scan_test_file: config -> SubDir.t -> string -> config
end = struct
+ let default_options =
+ match !dune_mode with
+ | 0 -> !macro_default_options
+ | _ -> !macro_default_options ^ " -add-symbolic-path $FRAMAC_SESSION:."
+
let default_macros () =
let l = [
"frama-c-exe", !toplevel_path;
"frama-c-cmd", !macro_frama_c_cmd;
"frama-c", !macro_frama_c;
"DEV_NULL", dev_null;
- "PTEST_DEFAULT_OPTIONS", !macro_default_options;
+ "PTEST_DEFAULT_OPTIONS", default_options;
"PTEST_OPTIONS", !macro_options;
"PTEST_PRE_OPTIONS", !macro_pre_options;
"PTEST_POST_OPTIONS", !macro_post_options;
@@ -843,10 +956,10 @@ end = struct
{ dc_test_regexp = test_file_regexp ;
dc_macros = default_macros ();
dc_execnow = [];
- dc_filter = None ;
+ dc_filter = default_filter ;
dc_exit_code = None;
dc_default_toplevel = !default_toplevel;
- dc_commands = [ { toplevel= !default_toplevel; opts=""; macros=Macros.empty; exit_code=None; logs= []; timeout= ""} ];
+ dc_commands = [ { toplevel= !default_toplevel; make_cmd=false; opts=""; macros=Macros.empty; exit_code=None; logs= []; timeout= ""} ];
dc_dont_run = false;
dc_load_module = "";
dc_load_libs = "";
@@ -868,7 +981,7 @@ end = struct
aux { s with ex_cmd = cmd; ex_log = name :: s.ex_log })
with Scanf.Scan_failure _ ->
try
- Scanf.sscanf s.ex_cmd "%_[ ]BIN%_[ ]%[A-Za-z0-9_.\\-@@]%_[ ]%s@\n"
+ Scanf.sscanf s.ex_cmd "%_[ ]BIN%_[ ]%[-A-Za-z0-9_.\\@@]%_[ ]%s@\n"
(fun name cmd ->
aux { s with ex_cmd = cmd; ex_bin = name :: s.ex_bin })
with Scanf.Scan_failure _ ->
@@ -877,7 +990,11 @@ end = struct
(fun cmd ->
(* It should be better to use a specific macro into the command (such as @MAKE@) for that. *)
let s = aux ({ s with ex_cmd = cmd; }) in
- let r = { s with ex_cmd = !do_make^" "^cmd; } in
+ let r = { s with
+ ex_cmd = !do_make^" "^cmd;
+ ex_make_cmd = true
+ }
+ in
if warn then
Format.eprintf "%s: EXEC%s directive with a make command (DEPRECATED): %s@."
file (if once then "NOW" else "") r.ex_cmd;
@@ -887,6 +1004,7 @@ end = struct
in
let execnow = aux
{ ex_cmd = s;
+ ex_make_cmd = false;
ex_macros;
ex_log = [];
ex_bin = [];
@@ -974,12 +1092,17 @@ end = struct
current
end
+ let update_make_module_name s =
+ let s = (Filename.remove_extension s) ^ (if !use_byte then ".cmo" else ".cmxs") in
+ if "." = Filename.dirname s then "@PTEST_MAKE_DIR@/" ^ s else s
+
let update_module_libs_name s =
- "@PTEST_DIR@/" ^ (Filename.remove_extension s) ^ (if !use_byte then ".cmo" else ".cmxs")
+ let s = (Filename.remove_extension s) ^ (if !use_byte then ".cmo" else ".cmxs") in
+ if "." = Filename.dirname s then "@PTEST_SUITE_DIR@/" ^ s else s
let add_make_modules ~file dir deps current =
let deps,current = List.fold_left (fun ((deps,curr) as acc) s ->
- let s = update_module_libs_name s in
+ let s = update_make_module_name s in
if StringSet.mem s curr.dc_cmxs_module then acc
else
(deps ^ " " ^ s),
@@ -1004,7 +1127,8 @@ end = struct
{ current with dc_macros }
let update_script_name s =
- "@PTEST_DIR@/" ^ (Filename.remove_extension s) ^ ".ml"
+ let s = (Filename.remove_extension s) ^ ".ml" in
+ if "." = Filename.dirname s then "@PTEST_DIR@/" ^ s else s
let update_module_macros =
update_macros update_module_libs_name "-load-module=" "PTEST_MODULE" "PTEST_LOAD_MODULE"
@@ -1052,6 +1176,7 @@ end = struct
let s = Macros.expand_directive ~file current.dc_macros s in
let t =
{ toplevel= current.dc_default_toplevel;
+ make_cmd = false;
opts= s;
logs= current.dc_default_log;
exit_code= current.dc_exit_code;
@@ -1073,6 +1198,7 @@ end = struct
List.map
(fun command ->
{ toplevel = current.dc_default_toplevel;
+ make_cmd = false;
opts= make_custom_opts ~file command.opts s;
logs= command.logs @ current.dc_default_log;
macros= current.dc_macros;
@@ -1253,6 +1379,7 @@ type toplevel_command =
nb_files : int ;
options : string ;
toplevel: string ;
+ make_cmd: bool ;
filter : string option ;
exit_code : int ;
directory : SubDir.t ;
@@ -1322,12 +1449,20 @@ let lock () = Mutex.lock shared.lock
let update_log_files dir file =
mv (SubDir.make_result_file dir file) (SubDir.make_oracle_file dir file)
+let dune_feature_cmd = (* removes dune feature such as %{deps:...} *)
+ let dune_cmd_features = Str.regexp "%{[a-z][a-z-]*:\\([^}]*\\)}" in
+ let dune_bin_features = Str.regexp "%{bin:\\([^}]*\\)}" in
+ let dune_bin_subst = (Filename.dirname !toplevel_path) ^ "/\\1" in
+ fun cmd ->
+ let cmd = str_global_replace dune_bin_features dune_bin_subst cmd in
+ str_global_replace dune_cmd_features "\\1" cmd
+
module Cmd : sig
val log_prefix : toplevel_command -> string
val oracle_prefix : toplevel_command -> string
- val expand_macros : defaults:Macros.t -> toplevel_command -> toplevel_command
+ val expand_macros : execnow:bool -> defaults:Macros.t -> toplevel_command -> toplevel_command
(* [basic_command_string cmd] does not redirect the outputs, and does
not overwrite the result files *)
@@ -1337,6 +1472,10 @@ module Cmd : sig
val update_toplevel_command : toplevel_command -> unit
+ val get_ptest_dir : toplevel_command -> string
+
+ val remove_results : toplevel_command -> unit
+
end = struct
let catenate_number nb_files prefix n =
@@ -1359,78 +1498,99 @@ end = struct
let log_prefix = gen_prefix SubDir.make_result_file
let oracle_prefix = gen_prefix SubDir.make_oracle_file
- let get_ptest_file cmd = SubDir.make_file cmd.directory cmd.file
+ let get_ptest_file = match !dune_mode with
+ | 0 | 1 -> fun cmd -> SubDir.make_file cmd.directory cmd.file
+ | _ -> fun cmd -> Filename.basename cmd.file
+
+ let get_ptest_dir = match !dune_mode with
+ | 0 | 1 -> fun cmd -> SubDir.get cmd.directory
+ | _ -> fun _ -> "."
+
+ let get_ptest_suite_dir = match !dune_mode with
+ | 0 | 1 -> fun cmd -> SubDir.get cmd.directory
+ | _ -> fun _ -> ".."
+
+ let ptest_share_dir = match !dune_mode with
+ | 0 | 1 -> "./share"
+ | _ -> "../../../share"
+
+ let get_ptest_result = match !dune_mode with
+ | 0 | 1 -> fun cmd -> SubDir.get cmd.directory ^ "/" ^ SubDir.result_dirname
+ | _ -> fun _ -> "."
+
+ let get_ptest_toplevel = match !dune_mode with
+ | 0 | 1 -> fun _ s -> s
+ | _ -> fun cmd s ->
+ if cmd.make_cmd then s
+ else Format.sprintf "(cd %s && (%s))" (SubDir.make_result_file cmd.directory "") s
let expand_macros =
- let dune_cmd_features = Str.regexp "%{[a-z][a-z-]*:\\([^}]*\\)}" in
- let dune_bin_features = Str.regexp "%{bin:\\([^}]*\\)}" in
- let dune_bin_subst = (Filename.dirname !toplevel_path) ^ "/\\1" in
- fun ~defaults cmd ->
- let ptest_config =
- if !special_config = "" then "" else "_" ^ !special_config
- in
- let ptest_file = get_ptest_file cmd in
- let ptest_name =
- try Filename.chop_extension cmd.file
- with Invalid_argument _ -> cmd.file
- in
- let ptest_file = Filename.sanitize ptest_file in
- let ptest_load_plugin = Macros.get "PTEST_LOAD_PLUGIN" cmd.macros in
- let ptest_load_module = Macros.get "PTEST_LOAD_MODULE" cmd.macros in
- let ptest_load_libs = Macros.get "PTEST_LOAD_LIBS" cmd.macros in
- let ptest_load_script = Macros.get "PTEST_LOAD_SCRIPT" cmd.macros in
- let macros =
- [ "PTEST_CONFIG", ptest_config;
- "PTEST_DIR", SubDir.get cmd.directory;
- "PTEST_RESULT",
- SubDir.get cmd.directory ^ "/" ^ SubDir.result_dirname;
- "PTEST_FILE", ptest_file;
- "PTEST_NAME", ptest_name;
- "PTEST_NUMBER", string_of_int cmd.n;
- "PTEST_OPT", cmd.options;
- "PTEST_LOAD_OPTIONS", (String.concat " "
- [ ptest_load_plugin ;
- ptest_load_libs ;
- ptest_load_module ;
- ptest_load_script ; ])
- ]
- in
- let macros = Macros.add_list macros cmd.macros in
- let macros = Macros.add_defaults ~defaults macros in
- let process_macros s = Macros.expand macros s in
- let toplevel =
- let in_toplevel,toplevel= Macros.does_expand macros cmd.toplevel in
- if not cmd.execnow then begin
- let has_ptest_file, options =
- if in_toplevel.has_ptest_opt then in_toplevel.has_ptest_file, []
- else
- let in_option,options= Macros.does_expand macros cmd.options in
- (in_option.has_ptest_file || in_toplevel.has_ptest_file),
- (if in_toplevel.has_frama_c_exe then
- [ process_macros "@PTEST_PRE_OPTIONS@" ;
- options ;
- process_macros "@PTEST_POST_OPTIONS@" ;
- ]
- else [ options ])
- in
- String.concat " " (toplevel::(if has_ptest_file then options else ptest_file::options))
- end
- else toplevel
- in
- let toplevel = (* removes dune feature such as %{deps:...} *)
- let x = str_global_replace dune_bin_features dune_bin_subst toplevel in
- str_global_replace dune_cmd_features "\\1" x
- in
- { cmd with
- macros;
- toplevel;
- options = ""; (* no more usable *)
- log_files = List.map process_macros cmd.log_files;
- filter =
- match cmd.filter with
- | None -> None
- | Some filter -> Some (process_macros filter)
- }
+ fun ~execnow ~defaults cmd ->
+ let ptest_config =
+ if !special_config = "" then "" else "_" ^ !special_config
+ in
+ let ptest_file = get_ptest_file cmd in
+ let ptest_name =
+ try Filename.chop_extension cmd.file
+ with Invalid_argument _ -> cmd.file
+ in
+ let ptest_file = Filename.sanitize ptest_file in
+ let ptest_load_plugin = Macros.get "PTEST_LOAD_PLUGIN" cmd.macros in
+ let ptest_load_module = Macros.get "PTEST_LOAD_MODULE" cmd.macros in
+ let ptest_load_libs = Macros.get "PTEST_LOAD_LIBS" cmd.macros in
+ let ptest_load_script = Macros.get "PTEST_LOAD_SCRIPT" cmd.macros in
+ let macros =
+ [ "PTEST_CONFIG", ptest_config;
+ "PTEST_DIR", get_ptest_dir cmd;
+ "PTEST_SHARE_DIR", ptest_share_dir;
+ "PTEST_SUITE_DIR", get_ptest_suite_dir cmd;
+ "PTEST_MAKE_DIR", SubDir.get cmd.directory;
+ "PTEST_RESULT", get_ptest_result cmd;
+ "PTEST_FILE", ptest_file;
+ "PTEST_NAME", ptest_name;
+ "PTEST_NUMBER", string_of_int cmd.n;
+ "PTEST_OPT", cmd.options;
+ "PTEST_LOAD_OPTIONS", (String.concat " "
+ [ ptest_load_plugin ;
+ ptest_load_libs ;
+ ptest_load_module ;
+ ptest_load_script ; ])
+ ]
+ in
+ let macros = Macros.add_list macros cmd.macros in
+ let macros = Macros.add_defaults ~defaults macros in
+ let process_macros s = Macros.expand macros s in
+ let toplevel =
+ let toplevel = log_default_filter cmd.toplevel in
+ let in_toplevel,toplevel= Macros.does_expand macros toplevel in
+ if not cmd.execnow then begin
+ let has_ptest_file, options =
+ if in_toplevel.has_ptest_opt then in_toplevel.has_ptest_file, []
+ else
+ let in_option,options= Macros.does_expand macros cmd.options in
+ (in_option.has_ptest_file || in_toplevel.has_ptest_file),
+ (if in_toplevel.has_frama_c_exe then
+ [ process_macros "@PTEST_PRE_OPTIONS@" ;
+ options ;
+ process_macros "@PTEST_POST_OPTIONS@" ;
+ ]
+ else [ options ])
+ in
+ String.concat " " (toplevel::(if has_ptest_file then options else ptest_file::options))
+ end
+ else toplevel
+ in
+ let toplevel = get_ptest_toplevel cmd (dune_feature_cmd toplevel) in
+ { cmd with
+ macros;
+ toplevel;
+ options = ""; (* no more usable *)
+ log_files = List.map process_macros cmd.log_files;
+ filter =
+ match cmd.filter with
+ | None -> None
+ | Some filter -> Some (process_macros filter)
+ }
let basic_command_string =
fun command ->
@@ -1486,6 +1646,15 @@ end = struct
(* Update files related to LOG directives *)
List.iter (update_log_files command.directory) command.log_files
+ let remove_results cmd =
+ let log_prefix = log_prefix cmd in
+ unlink (log_prefix ^ ".res.log ");
+ unlink (log_prefix ^ ".err.log ");
+ let unlink_log_files dir file =
+ unlink (SubDir.make_result_file dir file)
+ in
+ List.iter (unlink_log_files cmd.directory) cmd.log_files
+
end
let rec update_command = function
@@ -1599,7 +1768,7 @@ let do_command command =
(* basic_command_string does not redirect the outputs, and does
not overwrite the result files *)
let basic_command_string = Cmd.basic_command_string command in
- lock_printf "%% launch %s@." basic_command_string ;
+ lock_printf "%% launch GUI: %s@." basic_command_string ;
ignore (launch basic_command_string)
end
else begin
@@ -1608,7 +1777,7 @@ let do_command command =
if !behavior <> Examine
then begin
if !verbosity >= 1
- then lock_printf "%% launch %s@." command_string ;
+ then lock_printf "%% launch TOPLEVEL: %s@." command_string ;
let launch_result = launch command_string in
let time = 0. (* Individual time is difficult to compute correctly
for now, and currently unused *) in
@@ -1654,8 +1823,7 @@ let do_command command =
Toplevel cmd ->
shared.summary_run <- succ shared.summary_run;
shared.summary_ret <- succ shared.summary_ret;
- let log_prefix = Cmd.log_prefix cmd in
- unlink (log_prefix ^ ".res.log ")
+ Cmd.remove_results cmd;
| Target (execnow,cmds) ->
shared.summary_run <- succ shared.summary_run;
shared.summary_ret <- succ shared.summary_ret;
@@ -1683,7 +1851,7 @@ let do_command command =
remove_execnow_results execnow;
let cmd = execnow.ex_cmd in
if !verbosity >= 1 || !behavior = Show then begin
- lock_printf "%% launch %s@." cmd;
+ lock_printf "%% launch EXECNOW: %s@." cmd;
end;
shared.summary_run <- succ shared.summary_run;
shared.summary_ret <- succ shared.summary_ret;
@@ -1706,7 +1874,7 @@ let launch_and_check_compare_file diff ~cmp_string ~log_file ~oracle_file =
lock();
shared.summary_log <- shared.summary_log + 1;
unlock();
- let res = launch cmp_string in
+ let res = if is_nonexisting_file log_file then 2 else launch cmp_string in
begin
match res with
0 ->
@@ -1765,6 +1933,17 @@ let find_in_path s =
with Exit ->
Some !found
+(* filter commands are executed from the same directory than test commands *)
+let get_filter_cmd = match !dune_mode with
+ | 0 | 1 -> fun _ s -> dune_feature_cmd s
+ | _ -> fun cmd s -> Format.sprintf "(cd %s && (%s))"
+ (SubDir.make_result_file cmd.directory "")
+ (dune_feature_cmd s)
+
+let get_unfiltered_log = match !dune_mode with
+ | 0 | 1 -> fun s -> s
+ | _ -> Filename.basename
+
let do_filter =
let regexp_ptest_oracle = Str.regexp "@PTEST_ORACLE@" in
fun cmd kind ->
@@ -1783,20 +1962,24 @@ let do_filter =
else
match find_in_path exec_name with
| Some full_exec_name -> full_exec_name
- | None ->
+ | None -> (* must be in the suite directory *)
Filename.concat
- (Filename.dirname (Filename.dirname log_prefix))
+ (Cmd.get_ptest_dir cmd)
(Filename.basename exec_name)
in
- let unfiltered_file = Filename.sanitize (log_prefix ^ log_ext ^ ".unfiltered-log") in
- let filter_cmd = Format.sprintf "%s | %s%s > %s 2> %s"
- (* the filter command can be a diff from a [@PTEST_ORACLE@] *)
- (if Sys.file_exists unfiltered_file then "cat " ^ unfiltered_file else "echo \"\"")
- exec_name params log_file
- dev_null
+ let filter_cmd =
+ let unfiltered_file = Filename.sanitize (log_prefix ^ log_ext ^ ".unfiltered-log") in
+ let unfiltered_log = get_unfiltered_log unfiltered_file in
+ let filter_cmd = Format.sprintf "%s | %s%s"
+ (* the filter command can be a diff from a [@PTEST_ORACLE@] *)
+ (if Sys.file_exists unfiltered_file then "cat " ^ unfiltered_log else "echo \"\"")
+ exec_name params
+ in
+ let filter_cmd = get_filter_cmd cmd filter_cmd in
+ Format.sprintf "%s > %s 2> %s" filter_cmd log_file dev_null
in
if !verbosity >= 1
- then lock_printf "%tFilter command:@\n%s@." print_default_env filter_cmd;
+ then lock_printf "%% launch FILTER:@\n%s@." filter_cmd;
ignore (launch filter_cmd)
let compare_one_file cmp log_prefix oracle_prefix log_kind =
@@ -1818,9 +2001,9 @@ let compare_one_file cmp log_prefix oracle_prefix log_kind =
let cmp_string = Format.sprintf "%s %s %s > %s 2> %s"
!do_cmp log_file oracle_file dev_null dev_null
in
- if !verbosity >= 2 then lock_printf "%% cmp%s (%d) :%s@."
- ext
+ if !verbosity >= 2 then lock_printf "%% launch CMP (%d%s): %s@."
cmp.n
+ ext
cmp_string;
launch_and_check_compare_file (Command_error (cmp,log_kind))
~cmp_string ~log_file ~oracle_file
@@ -1838,7 +2021,7 @@ let compare_one_log_file dir ~test_file ~log =
let oracle_file = Filename.sanitize (SubDir.make_oracle_file dir log) in
let cmp_string = Format.sprintf "%s %s %s > %s 2> %s"
!do_cmp log_file oracle_file dev_null dev_null in
- if !verbosity >= 2 then lock_printf "%% cmplog: %s / %s@." (SubDir.get dir) log;
+ if !verbosity >= 2 then lock_printf "%% launch CMP-LOG: %s/%s %s/%s@." (SubDir.get dir) log (SubDir.get dir) oracle_file;
ignore (launch_and_check_compare_file (Log_error (dir,test_file,log))
~cmp_string ~log_file ~oracle_file)
@@ -1941,6 +2124,10 @@ let do_diff =
Filename.sanitize (oracle_prefix ^ log_ext ^ ".oracle")
in
let diff_string = diff_check_exist oracle_file log_file in
+ if !verbosity >= 2 then lock_printf "%% launch DIFF (%d%s): %s@."
+ diff.n
+ log_ext
+ diff_string;
ignore (launch diff_string);
lock_printf "#- Tested file: %s #- Command:@\n%s@." test_file (Cmd.command_string diff);
| Target_error execnow ->
@@ -1975,6 +2162,8 @@ let do_diff =
Filename.sanitize (SubDir.make_oracle_file dir log)
in
let diff_string = diff_check_exist oracle_file result_file in
+ if !verbosity >= 2 then lock_printf "%% launch DIFF-LOG: %s@."
+ diff_string;
ignore (launch diff_string)
end;
lock_printf "#- Tested file: %s #- Log file: %s@." test_file result_file
@@ -2063,31 +2252,38 @@ let () =
end
else dir_config
in
- if interpret_as_file
- then begin
- if not (List.mem suite exclude_file) then
+ let process_dir action =
+ let dirname = SubDir.get directory in
+ let dir_files = Array.to_list (Sys.readdir dirname) in
+ (* ignore hidden files (starting with '.') *)
+ let dir_files =
+ List.filter (fun n -> String.get n 0 <> '.') dir_files
+ in
+ if !verbosity >= 2 then
+ lock_printf "%% - Look at %d entries of the directory %S ...@."
+ (List.length dir_files) dirname;
+ List.iter
+ (fun file ->
+ (* creates a symbolic link into the result directory *)
+ mk_symbolic_link directory file ;
+ assert (Filename.is_relative file);
+ action file) dir_files
+ in
+ if interpret_as_file then begin
+ if not (List.mem suite exclude_file) then begin
+ process_dir (fun _ -> ()) ;
Queue.push (Filename.basename suite, directory, dir_config) files
+ end;
end
else begin
- if not (List.mem suite exclude_suite) then begin
- let dirname = SubDir.get directory in
- let dir_files = Array.to_list (Sys.readdir dirname) in
- (* ignore hidden files (starting with '.' *)
- let dir_files =
- List.filter (fun n -> String.get n 0 <> '.') dir_files
- in
- if !verbosity >= 2 then
- lock_printf "%% - Look at %d entries of the directory %S ...@."
- (List.length dir_files) dirname;
- List.iter
+ if not (List.mem suite exclude_suite) then
+ process_dir
(fun file ->
- assert (Filename.is_relative file);
if test_pattern dir_config file &&
(not (List.mem (SubDir.make_file directory file) exclude_file))
then
Queue.push (file, directory, dir_config) files;
- ) dir_files
- end
+ );
end)
suites
@@ -2108,11 +2304,11 @@ let dispatcher () =
let nb_files = List.length config.dc_commands in
let make_toplevel_cmd =
let i = ref 0 in
- fun {toplevel; opts=options; logs=log_files; macros; exit_code; timeout} ->
+ fun {toplevel; make_cmd; opts=options; logs=log_files; macros; exit_code; timeout} ->
let n = !i in
incr i;
- Cmd.expand_macros ~defaults:config.dc_macros
- { file; options; toplevel; nb_files; directory; n; log_files;
+ Cmd.expand_macros ~execnow:false ~defaults:config.dc_macros
+ { file; make_cmd; options; toplevel; nb_files; directory; n; log_files;
filter = config.dc_filter; macros;
exit_code = begin
match exit_code with
@@ -2131,12 +2327,13 @@ let dispatcher () =
fun execnow ->
let n = !e in
incr e;
- let cmd = Cmd.expand_macros ~defaults:config.dc_macros
+ let cmd = Cmd.expand_macros ~execnow:true ~defaults:config.dc_macros
{file ;
nb_files = nb_files_execnow;
log_files = execnow.ex_log;
options = "";
toplevel = execnow.ex_cmd;
+ make_cmd = execnow.ex_make_cmd;
exit_code = 0;
n;
directory;
@@ -2148,6 +2345,7 @@ let dispatcher () =
in
let process_macros s = Macros.expand cmd.macros s in
{ ex_cmd = Cmd.basic_command_string cmd;
+ ex_make_cmd = execnow.ex_make_cmd;
ex_macros = cmd.macros;
ex_log = cmd.log_files;
ex_bin = List.map process_macros execnow.ex_bin;
diff --git a/src/plugins/aorai/tests/test_config b/src/plugins/aorai/tests/test_config
index f5c85b9049e58c1186384afda71624ced9f4b54b..9ff1b014011bbb31f78dfc53604b40012240b119 100644
--- a/src/plugins/aorai/tests/test_config
+++ b/src/plugins/aorai/tests/test_config
@@ -1,6 +1,6 @@
PLUGIN: aorai eva,from,scope report wp,rtegen
COMMENT: Path to the library from the test file
-LIBS: ../Aorai_test
+LIBS: @PTEST_SUITE_DIR@/../Aorai_test
MACRO: PROVE_OPTIONS
diff --git a/src/plugins/aorai/tests/test_config_prove.in b/src/plugins/aorai/tests/test_config_prove.in
index 04ebf5a2e478a0cb0e0767bd58e33a09e26ff99e..d4b6b4fda2b33bbecfa86e992ebdd7ab94d8a79b 100644
--- a/src/plugins/aorai/tests/test_config_prove.in
+++ b/src/plugins/aorai/tests/test_config_prove.in
@@ -1,6 +1,6 @@
PLUGIN: aorai eva,from,scope report wp,rtegen
COMMENT: Path to the library from the test file
-LIBS: ../Aorai_test
+LIBS: @PTEST_SUITE_DIR@/../Aorai_test
MACRO: PROVE_OPTIONS @AORAI_WP_SHARE@ -aorai-test-prove-aux-spec
diff --git a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcat.c b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcat.c
index 76184e157cb74d313132d37a6040e0f145897c61..5cc078f129551271693125266520e05e1e47b26d 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcat.c
+++ b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcat.c
@@ -116,7 +116,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data.pred_txt = "\\initialized(&dest[0 .. 1])";
__gen_e_acsl_assert_data.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data.line = 15;
+ __gen_e_acsl_assert_data.line = 16;
__e_acsl_assert(__gen_e_acsl_initialized,& __gen_e_acsl_assert_data);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data);
}
@@ -152,7 +152,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_2.pred_txt = "!\\initialized(&dest[2 .. 3])";
__gen_e_acsl_assert_data_2.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_2.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_2.line = 16;
+ __gen_e_acsl_assert_data_2.line = 17;
__e_acsl_assert(! __gen_e_acsl_initialized_2,
& __gen_e_acsl_assert_data_2);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_2);
@@ -189,7 +189,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_3.pred_txt = "\\initialized(&src[0 .. 1])";
__gen_e_acsl_assert_data_3.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_3.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_3.line = 17;
+ __gen_e_acsl_assert_data_3.line = 18;
__e_acsl_assert(__gen_e_acsl_initialized_3,
& __gen_e_acsl_assert_data_3);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_3);
@@ -227,7 +227,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_4.pred_txt = "\\initialized(&dest[0 .. 2])";
__gen_e_acsl_assert_data_4.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_4.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_4.line = 20;
+ __gen_e_acsl_assert_data_4.line = 21;
__e_acsl_assert(__gen_e_acsl_initialized_4,
& __gen_e_acsl_assert_data_4);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_4);
@@ -251,7 +251,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_5.pred_txt = "!\\initialized(&dest[3])";
__gen_e_acsl_assert_data_5.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_5.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_5.line = 21;
+ __gen_e_acsl_assert_data_5.line = 22;
__e_acsl_assert(! __gen_e_acsl_initialized_5,
& __gen_e_acsl_assert_data_5);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_5);
@@ -299,7 +299,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_6.pred_txt = "\\initialized(&dest_0[0 .. 1])";
__gen_e_acsl_assert_data_6.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_6.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_6.line = 27;
+ __gen_e_acsl_assert_data_6.line = 28;
__e_acsl_assert(__gen_e_acsl_initialized_6,
& __gen_e_acsl_assert_data_6);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_6);
@@ -337,7 +337,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_7.pred_txt = "!\\initialized(&dest_0[2 .. 3])";
__gen_e_acsl_assert_data_7.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_7.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_7.line = 28;
+ __gen_e_acsl_assert_data_7.line = 29;
__e_acsl_assert(! __gen_e_acsl_initialized_7,
& __gen_e_acsl_assert_data_7);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_7);
@@ -375,7 +375,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_8.pred_txt = "\\initialized(&src_0[0 .. 2])";
__gen_e_acsl_assert_data_8.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_8.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_8.line = 29;
+ __gen_e_acsl_assert_data_8.line = 30;
__e_acsl_assert(__gen_e_acsl_initialized_8,
& __gen_e_acsl_assert_data_8);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_8);
@@ -414,7 +414,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_9.pred_txt = "\\initialized(&dest_0[0 .. 2])";
__gen_e_acsl_assert_data_9.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_9.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_9.line = 32;
+ __gen_e_acsl_assert_data_9.line = 33;
__e_acsl_assert(__gen_e_acsl_initialized_9,
& __gen_e_acsl_assert_data_9);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_9);
@@ -438,7 +438,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_10.pred_txt = "!\\initialized(&dest_0[3])";
__gen_e_acsl_assert_data_10.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_10.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_10.line = 33;
+ __gen_e_acsl_assert_data_10.line = 34;
__e_acsl_assert(! __gen_e_acsl_initialized_10,
& __gen_e_acsl_assert_data_10);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_10);
@@ -486,7 +486,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_11.pred_txt = "\\initialized(&dest_1[0 .. 1])";
__gen_e_acsl_assert_data_11.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_11.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_11.line = 39;
+ __gen_e_acsl_assert_data_11.line = 40;
__e_acsl_assert(__gen_e_acsl_initialized_11,
& __gen_e_acsl_assert_data_11);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_11);
@@ -524,7 +524,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_12.pred_txt = "!\\initialized(&dest_1[2 .. 3])";
__gen_e_acsl_assert_data_12.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_12.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_12.line = 40;
+ __gen_e_acsl_assert_data_12.line = 41;
__e_acsl_assert(! __gen_e_acsl_initialized_12,
& __gen_e_acsl_assert_data_12);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_12);
@@ -562,7 +562,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_13.pred_txt = "\\initialized(&src_1[0 .. 1])";
__gen_e_acsl_assert_data_13.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_13.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_13.line = 41;
+ __gen_e_acsl_assert_data_13.line = 42;
__e_acsl_assert(__gen_e_acsl_initialized_13,
& __gen_e_acsl_assert_data_13);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_13);
@@ -601,7 +601,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_14.pred_txt = "\\initialized(&dest_1[0 .. 2])";
__gen_e_acsl_assert_data_14.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_14.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_14.line = 44;
+ __gen_e_acsl_assert_data_14.line = 45;
__e_acsl_assert(__gen_e_acsl_initialized_14,
& __gen_e_acsl_assert_data_14);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_14);
@@ -625,7 +625,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_15.pred_txt = "!\\initialized(&dest_1[3])";
__gen_e_acsl_assert_data_15.file = "tests/builtin/strcat.c";
__gen_e_acsl_assert_data_15.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_15.line = 45;
+ __gen_e_acsl_assert_data_15.line = 46;
__e_acsl_assert(! __gen_e_acsl_initialized_15,
& __gen_e_acsl_assert_data_15);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_15);
@@ -823,114 +823,114 @@ void __e_acsl_globals_init(void)
static char __e_acsl_already_run = 0;
if (! __e_acsl_already_run) {
__e_acsl_already_run = 1;
- __gen_e_acsl_literal_string_27 = "tests/builtin/strcat.c:98";
+ __gen_e_acsl_literal_string_27 = "tests/builtin/strcat.c:99";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_27,
- sizeof("tests/builtin/strcat.c:98"));
+ sizeof("tests/builtin/strcat.c:99"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_27);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_27);
- __gen_e_acsl_literal_string_26 = "tests/builtin/strcat.c:97";
+ __gen_e_acsl_literal_string_26 = "tests/builtin/strcat.c:98";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_26,
- sizeof("tests/builtin/strcat.c:97"));
+ sizeof("tests/builtin/strcat.c:98"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_26);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_26);
- __gen_e_acsl_literal_string_25 = "tests/builtin/strcat.c:96";
+ __gen_e_acsl_literal_string_25 = "tests/builtin/strcat.c:97";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_25,
- sizeof("tests/builtin/strcat.c:96"));
+ sizeof("tests/builtin/strcat.c:97"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_25);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_25);
- __gen_e_acsl_literal_string_24 = "tests/builtin/strcat.c:95";
+ __gen_e_acsl_literal_string_24 = "tests/builtin/strcat.c:96";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_24,
- sizeof("tests/builtin/strcat.c:95"));
+ sizeof("tests/builtin/strcat.c:96"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_24);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_24);
- __gen_e_acsl_literal_string_23 = "tests/builtin/strcat.c:94";
+ __gen_e_acsl_literal_string_23 = "tests/builtin/strcat.c:95";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_23,
- sizeof("tests/builtin/strcat.c:94"));
+ sizeof("tests/builtin/strcat.c:95"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_23);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_23);
- __gen_e_acsl_literal_string_22 = "tests/builtin/strcat.c:93";
+ __gen_e_acsl_literal_string_22 = "tests/builtin/strcat.c:94";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_22,
- sizeof("tests/builtin/strcat.c:93"));
+ sizeof("tests/builtin/strcat.c:94"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_22);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_22);
- __gen_e_acsl_literal_string_21 = "tests/builtin/strcat.c:92";
+ __gen_e_acsl_literal_string_21 = "tests/builtin/strcat.c:93";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_21,
- sizeof("tests/builtin/strcat.c:92"));
+ sizeof("tests/builtin/strcat.c:93"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_21);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_21);
- __gen_e_acsl_literal_string_20 = "tests/builtin/strcat.c:79";
+ __gen_e_acsl_literal_string_20 = "tests/builtin/strcat.c:80";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_20,
- sizeof("tests/builtin/strcat.c:79"));
+ sizeof("tests/builtin/strcat.c:80"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_20);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_20);
- __gen_e_acsl_literal_string_19 = "tests/builtin/strcat.c:78";
+ __gen_e_acsl_literal_string_19 = "tests/builtin/strcat.c:79";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_19,
- sizeof("tests/builtin/strcat.c:78"));
+ sizeof("tests/builtin/strcat.c:79"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_19);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_19);
- __gen_e_acsl_literal_string_18 = "tests/builtin/strcat.c:77";
+ __gen_e_acsl_literal_string_18 = "tests/builtin/strcat.c:78";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_18,
- sizeof("tests/builtin/strcat.c:77"));
+ sizeof("tests/builtin/strcat.c:78"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_18);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_18);
- __gen_e_acsl_literal_string_17 = "tests/builtin/strcat.c:76";
+ __gen_e_acsl_literal_string_17 = "tests/builtin/strcat.c:77";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_17,
- sizeof("tests/builtin/strcat.c:76"));
+ sizeof("tests/builtin/strcat.c:77"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_17);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_17);
- __gen_e_acsl_literal_string_16 = "tests/builtin/strcat.c:75";
+ __gen_e_acsl_literal_string_16 = "tests/builtin/strcat.c:76";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_16,
- sizeof("tests/builtin/strcat.c:75"));
+ sizeof("tests/builtin/strcat.c:76"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_16);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_16);
- __gen_e_acsl_literal_string_15 = "tests/builtin/strcat.c:74";
+ __gen_e_acsl_literal_string_15 = "tests/builtin/strcat.c:75";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_15,
- sizeof("tests/builtin/strcat.c:74"));
+ sizeof("tests/builtin/strcat.c:75"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_15);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_15);
- __gen_e_acsl_literal_string_14 = "tests/builtin/strcat.c:73";
+ __gen_e_acsl_literal_string_14 = "tests/builtin/strcat.c:74";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_14,
- sizeof("tests/builtin/strcat.c:73"));
+ sizeof("tests/builtin/strcat.c:74"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_14);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_14);
- __gen_e_acsl_literal_string_13 = "tests/builtin/strcat.c:72";
+ __gen_e_acsl_literal_string_13 = "tests/builtin/strcat.c:73";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_13,
- sizeof("tests/builtin/strcat.c:72"));
+ sizeof("tests/builtin/strcat.c:73"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_13);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_13);
- __gen_e_acsl_literal_string_12 = "tests/builtin/strcat.c:71";
+ __gen_e_acsl_literal_string_12 = "tests/builtin/strcat.c:72";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_12,
- sizeof("tests/builtin/strcat.c:71"));
+ sizeof("tests/builtin/strcat.c:72"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_12);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_12);
- __gen_e_acsl_literal_string_11 = "tests/builtin/strcat.c:70";
+ __gen_e_acsl_literal_string_11 = "tests/builtin/strcat.c:71";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_11,
- sizeof("tests/builtin/strcat.c:70"));
+ sizeof("tests/builtin/strcat.c:71"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_11);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_11);
- __gen_e_acsl_literal_string_10 = "tests/builtin/strcat.c:69";
+ __gen_e_acsl_literal_string_10 = "tests/builtin/strcat.c:70";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_10,
- sizeof("tests/builtin/strcat.c:69"));
+ sizeof("tests/builtin/strcat.c:70"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_10);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_10);
- __gen_e_acsl_literal_string_9 = "tests/builtin/strcat.c:67";
+ __gen_e_acsl_literal_string_9 = "tests/builtin/strcat.c:68";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_9,
- sizeof("tests/builtin/strcat.c:67"));
+ sizeof("tests/builtin/strcat.c:68"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_9);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_9);
- __gen_e_acsl_literal_string_30 = "tests/builtin/strcat.c:102";
+ __gen_e_acsl_literal_string_30 = "tests/builtin/strcat.c:103";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_30,
- sizeof("tests/builtin/strcat.c:102"));
+ sizeof("tests/builtin/strcat.c:103"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_30);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_30);
- __gen_e_acsl_literal_string_29 = "tests/builtin/strcat.c:101";
+ __gen_e_acsl_literal_string_29 = "tests/builtin/strcat.c:102";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_29,
- sizeof("tests/builtin/strcat.c:101"));
+ sizeof("tests/builtin/strcat.c:102"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_29);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_29);
- __gen_e_acsl_literal_string_28 = "tests/builtin/strcat.c:100";
+ __gen_e_acsl_literal_string_28 = "tests/builtin/strcat.c:101";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_28,
- sizeof("tests/builtin/strcat.c:100"));
+ sizeof("tests/builtin/strcat.c:101"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_28);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_28);
__gen_e_acsl_literal_string_7 = "abcd";
diff --git a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcmp.c b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcmp.c
index fcc76624c98e753c5e2bd700d0f26ffcc45bcf4b..74a48131471bfca4fe081b672c840c31ba2e6e0c 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcmp.c
+++ b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcmp.c
@@ -384,124 +384,124 @@ void __e_acsl_globals_init(void)
static char __e_acsl_already_run = 0;
if (! __e_acsl_already_run) {
__e_acsl_already_run = 1;
- __gen_e_acsl_literal_string_32 = "tests/builtin/strcmp.c:88";
+ __gen_e_acsl_literal_string_32 = "tests/builtin/strcmp.c:90";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_32,
- sizeof("tests/builtin/strcmp.c:88"));
+ sizeof("tests/builtin/strcmp.c:90"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_32);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_32);
- __gen_e_acsl_literal_string_31 = "tests/builtin/strcmp.c:85";
+ __gen_e_acsl_literal_string_31 = "tests/builtin/strcmp.c:87";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_31,
- sizeof("tests/builtin/strcmp.c:85"));
+ sizeof("tests/builtin/strcmp.c:87"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_31);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_31);
- __gen_e_acsl_literal_string_30 = "tests/builtin/strcmp.c:84";
+ __gen_e_acsl_literal_string_30 = "tests/builtin/strcmp.c:86";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_30,
- sizeof("tests/builtin/strcmp.c:84"));
+ sizeof("tests/builtin/strcmp.c:86"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_30);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_30);
- __gen_e_acsl_literal_string_29 = "tests/builtin/strcmp.c:81";
+ __gen_e_acsl_literal_string_29 = "tests/builtin/strcmp.c:83";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_29,
- sizeof("tests/builtin/strcmp.c:81"));
+ sizeof("tests/builtin/strcmp.c:83"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_29);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_29);
- __gen_e_acsl_literal_string_28 = "tests/builtin/strcmp.c:78";
+ __gen_e_acsl_literal_string_28 = "tests/builtin/strcmp.c:80";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_28,
- sizeof("tests/builtin/strcmp.c:78"));
+ sizeof("tests/builtin/strcmp.c:80"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_28);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_28);
- __gen_e_acsl_literal_string_27 = "tests/builtin/strcmp.c:75";
+ __gen_e_acsl_literal_string_27 = "tests/builtin/strcmp.c:77";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_27,
- sizeof("tests/builtin/strcmp.c:75"));
+ sizeof("tests/builtin/strcmp.c:77"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_27);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_27);
- __gen_e_acsl_literal_string_26 = "tests/builtin/strcmp.c:73";
+ __gen_e_acsl_literal_string_26 = "tests/builtin/strcmp.c:75";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_26,
- sizeof("tests/builtin/strcmp.c:73"));
+ sizeof("tests/builtin/strcmp.c:75"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_26);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_26);
- __gen_e_acsl_literal_string_25 = "tests/builtin/strcmp.c:70";
+ __gen_e_acsl_literal_string_25 = "tests/builtin/strcmp.c:72";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_25,
- sizeof("tests/builtin/strcmp.c:70"));
+ sizeof("tests/builtin/strcmp.c:72"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_25);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_25);
- __gen_e_acsl_literal_string_23 = "tests/builtin/strcmp.c:66";
+ __gen_e_acsl_literal_string_23 = "tests/builtin/strcmp.c:68";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_23,
- sizeof("tests/builtin/strcmp.c:66"));
+ sizeof("tests/builtin/strcmp.c:68"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_23);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_23);
- __gen_e_acsl_literal_string_22 = "tests/builtin/strcmp.c:65";
+ __gen_e_acsl_literal_string_22 = "tests/builtin/strcmp.c:67";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_22,
- sizeof("tests/builtin/strcmp.c:65"));
+ sizeof("tests/builtin/strcmp.c:67"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_22);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_22);
- __gen_e_acsl_literal_string_21 = "tests/builtin/strcmp.c:63";
+ __gen_e_acsl_literal_string_21 = "tests/builtin/strcmp.c:65";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_21,
- sizeof("tests/builtin/strcmp.c:63"));
+ sizeof("tests/builtin/strcmp.c:65"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_21);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_21);
- __gen_e_acsl_literal_string_20 = "tests/builtin/strcmp.c:62";
+ __gen_e_acsl_literal_string_20 = "tests/builtin/strcmp.c:64";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_20,
- sizeof("tests/builtin/strcmp.c:62"));
+ sizeof("tests/builtin/strcmp.c:64"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_20);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_20);
- __gen_e_acsl_literal_string_19 = "tests/builtin/strcmp.c:61";
+ __gen_e_acsl_literal_string_19 = "tests/builtin/strcmp.c:63";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_19,
- sizeof("tests/builtin/strcmp.c:61"));
+ sizeof("tests/builtin/strcmp.c:63"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_19);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_19);
- __gen_e_acsl_literal_string_18 = "tests/builtin/strcmp.c:51";
+ __gen_e_acsl_literal_string_18 = "tests/builtin/strcmp.c:53";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_18,
- sizeof("tests/builtin/strcmp.c:51"));
+ sizeof("tests/builtin/strcmp.c:53"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_18);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_18);
- __gen_e_acsl_literal_string_17 = "tests/builtin/strcmp.c:50";
+ __gen_e_acsl_literal_string_17 = "tests/builtin/strcmp.c:52";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_17,
- sizeof("tests/builtin/strcmp.c:50"));
+ sizeof("tests/builtin/strcmp.c:52"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_17);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_17);
- __gen_e_acsl_literal_string_16 = "tests/builtin/strcmp.c:45";
+ __gen_e_acsl_literal_string_16 = "tests/builtin/strcmp.c:47";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_16,
- sizeof("tests/builtin/strcmp.c:45"));
+ sizeof("tests/builtin/strcmp.c:47"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_16);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_16);
- __gen_e_acsl_literal_string_15 = "tests/builtin/strcmp.c:44";
+ __gen_e_acsl_literal_string_15 = "tests/builtin/strcmp.c:46";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_15,
- sizeof("tests/builtin/strcmp.c:44"));
+ sizeof("tests/builtin/strcmp.c:46"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_15);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_15);
- __gen_e_acsl_literal_string_14 = "tests/builtin/strcmp.c:42";
+ __gen_e_acsl_literal_string_14 = "tests/builtin/strcmp.c:44";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_14,
- sizeof("tests/builtin/strcmp.c:42"));
+ sizeof("tests/builtin/strcmp.c:44"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_14);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_14);
- __gen_e_acsl_literal_string_13 = "tests/builtin/strcmp.c:39";
+ __gen_e_acsl_literal_string_13 = "tests/builtin/strcmp.c:41";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_13,
- sizeof("tests/builtin/strcmp.c:39"));
+ sizeof("tests/builtin/strcmp.c:41"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_13);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_13);
- __gen_e_acsl_literal_string_12 = "tests/builtin/strcmp.c:37";
+ __gen_e_acsl_literal_string_12 = "tests/builtin/strcmp.c:39";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_12,
- sizeof("tests/builtin/strcmp.c:37"));
+ sizeof("tests/builtin/strcmp.c:39"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_12);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_12);
- __gen_e_acsl_literal_string_11 = "tests/builtin/strcmp.c:34";
+ __gen_e_acsl_literal_string_11 = "tests/builtin/strcmp.c:36";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_11,
- sizeof("tests/builtin/strcmp.c:34"));
+ sizeof("tests/builtin/strcmp.c:36"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_11);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_11);
- __gen_e_acsl_literal_string_10 = "tests/builtin/strcmp.c:31";
+ __gen_e_acsl_literal_string_10 = "tests/builtin/strcmp.c:33";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_10,
- sizeof("tests/builtin/strcmp.c:31"));
+ sizeof("tests/builtin/strcmp.c:33"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_10);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_10);
- __gen_e_acsl_literal_string_9 = "tests/builtin/strcmp.c:30";
+ __gen_e_acsl_literal_string_9 = "tests/builtin/strcmp.c:32";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_9,
- sizeof("tests/builtin/strcmp.c:30"));
+ sizeof("tests/builtin/strcmp.c:32"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_9);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_9);
- __gen_e_acsl_literal_string_8 = "tests/builtin/strcmp.c:29";
+ __gen_e_acsl_literal_string_8 = "tests/builtin/strcmp.c:31";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_8,
- sizeof("tests/builtin/strcmp.c:29"));
+ sizeof("tests/builtin/strcmp.c:31"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_8);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_8);
__gen_e_acsl_literal_string_7 = "comparison failure: %d == %d\n";
diff --git a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcpy.c b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcpy.c
index 41d960dd3f800c5cf02b351fdbe1e0e759cafbdb..b31343f27bfac7786ed28794aae856386abc254a 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle/gen_strcpy.c
+++ b/src/plugins/e-acsl/tests/builtin/oracle/gen_strcpy.c
@@ -137,7 +137,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data.pred_txt = "!\\initialized(&dest[0 .. 3])";
__gen_e_acsl_assert_data.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data.line = 13;
+ __gen_e_acsl_assert_data.line = 15;
__e_acsl_assert(! __gen_e_acsl_initialized,& __gen_e_acsl_assert_data);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data);
}
@@ -173,7 +173,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_2.pred_txt = "\\initialized(&src[0 .. 1])";
__gen_e_acsl_assert_data_2.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_2.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_2.line = 14;
+ __gen_e_acsl_assert_data_2.line = 16;
__e_acsl_assert(__gen_e_acsl_initialized_2,
& __gen_e_acsl_assert_data_2);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_2);
@@ -211,7 +211,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_3.pred_txt = "\\initialized(&dest[0 .. 1])";
__gen_e_acsl_assert_data_3.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_3.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_3.line = 17;
+ __gen_e_acsl_assert_data_3.line = 19;
__e_acsl_assert(__gen_e_acsl_initialized_3,
& __gen_e_acsl_assert_data_3);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_3);
@@ -248,7 +248,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_4.pred_txt = "!\\initialized(&dest[2 .. 3])";
__gen_e_acsl_assert_data_4.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_4.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_4.line = 18;
+ __gen_e_acsl_assert_data_4.line = 20;
__e_acsl_assert(! __gen_e_acsl_initialized_4,
& __gen_e_acsl_assert_data_4);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_4);
@@ -295,7 +295,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_5.pred_txt = "!\\initialized(&dest_0[0 .. 3])";
__gen_e_acsl_assert_data_5.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_5.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_5.line = 23;
+ __gen_e_acsl_assert_data_5.line = 25;
__e_acsl_assert(! __gen_e_acsl_initialized_5,
& __gen_e_acsl_assert_data_5);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_5);
@@ -333,7 +333,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_6.pred_txt = "\\initialized(&src_0[0 .. 3])";
__gen_e_acsl_assert_data_6.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_6.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_6.line = 24;
+ __gen_e_acsl_assert_data_6.line = 26;
__e_acsl_assert(__gen_e_acsl_initialized_6,
& __gen_e_acsl_assert_data_6);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_6);
@@ -358,7 +358,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_7.pred_txt = "\\initialized((char *)dest_0)";
__gen_e_acsl_assert_data_7.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_7.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_7.line = 27;
+ __gen_e_acsl_assert_data_7.line = 29;
__e_acsl_assert(__gen_e_acsl_initialized_7,
& __gen_e_acsl_assert_data_7);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_7);
@@ -396,7 +396,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_8.pred_txt = "!\\initialized(&dest_0[1 .. 3])";
__gen_e_acsl_assert_data_8.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_8.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_8.line = 28;
+ __gen_e_acsl_assert_data_8.line = 30;
__e_acsl_assert(! __gen_e_acsl_initialized_8,
& __gen_e_acsl_assert_data_8);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_8);
@@ -443,7 +443,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_9.pred_txt = "!\\initialized(&dest_1[0 .. 3])";
__gen_e_acsl_assert_data_9.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_9.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_9.line = 33;
+ __gen_e_acsl_assert_data_9.line = 35;
__e_acsl_assert(! __gen_e_acsl_initialized_9,
& __gen_e_acsl_assert_data_9);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_9);
@@ -481,7 +481,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_10.pred_txt = "\\initialized(&src_1[0 .. 3])";
__gen_e_acsl_assert_data_10.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_10.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_10.line = 34;
+ __gen_e_acsl_assert_data_10.line = 36;
__e_acsl_assert(__gen_e_acsl_initialized_10,
& __gen_e_acsl_assert_data_10);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_10);
@@ -520,7 +520,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_11.pred_txt = "\\initialized(&dest_1[0 .. 2])";
__gen_e_acsl_assert_data_11.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_11.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_11.line = 37;
+ __gen_e_acsl_assert_data_11.line = 39;
__e_acsl_assert(__gen_e_acsl_initialized_11,
& __gen_e_acsl_assert_data_11);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_11);
@@ -544,7 +544,7 @@ void test_memory_tracking(void)
__gen_e_acsl_assert_data_12.pred_txt = "!\\initialized(&dest_1[3])";
__gen_e_acsl_assert_data_12.file = "tests/builtin/strcpy.c";
__gen_e_acsl_assert_data_12.fct = "test_memory_tracking";
- __gen_e_acsl_assert_data_12.line = 38;
+ __gen_e_acsl_assert_data_12.line = 40;
__e_acsl_assert(! __gen_e_acsl_initialized_12,
& __gen_e_acsl_assert_data_12);
__e_acsl_assert_clean(& __gen_e_acsl_assert_data_12);
@@ -797,89 +797,89 @@ void __e_acsl_globals_init(void)
static char __e_acsl_already_run = 0;
if (! __e_acsl_already_run) {
__e_acsl_already_run = 1;
- __gen_e_acsl_literal_string_24 = "tests/builtin/strcpy.c:74";
+ __gen_e_acsl_literal_string_24 = "tests/builtin/strcpy.c:76";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_24,
- sizeof("tests/builtin/strcpy.c:74"));
+ sizeof("tests/builtin/strcpy.c:76"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_24);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_24);
- __gen_e_acsl_literal_string_23 = "tests/builtin/strcpy.c:73";
+ __gen_e_acsl_literal_string_23 = "tests/builtin/strcpy.c:75";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_23,
- sizeof("tests/builtin/strcpy.c:73"));
+ sizeof("tests/builtin/strcpy.c:75"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_23);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_23);
- __gen_e_acsl_literal_string_22 = "tests/builtin/strcpy.c:72";
+ __gen_e_acsl_literal_string_22 = "tests/builtin/strcpy.c:74";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_22,
- sizeof("tests/builtin/strcpy.c:72"));
+ sizeof("tests/builtin/strcpy.c:74"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_22);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_22);
- __gen_e_acsl_literal_string_21 = "tests/builtin/strcpy.c:71";
+ __gen_e_acsl_literal_string_21 = "tests/builtin/strcpy.c:73";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_21,
- sizeof("tests/builtin/strcpy.c:71"));
+ sizeof("tests/builtin/strcpy.c:73"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_21);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_21);
- __gen_e_acsl_literal_string_20 = "tests/builtin/strcpy.c:70";
+ __gen_e_acsl_literal_string_20 = "tests/builtin/strcpy.c:72";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_20,
- sizeof("tests/builtin/strcpy.c:70"));
+ sizeof("tests/builtin/strcpy.c:72"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_20);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_20);
- __gen_e_acsl_literal_string_19 = "tests/builtin/strcpy.c:69";
+ __gen_e_acsl_literal_string_19 = "tests/builtin/strcpy.c:71";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_19,
- sizeof("tests/builtin/strcpy.c:69"));
+ sizeof("tests/builtin/strcpy.c:71"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_19);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_19);
- __gen_e_acsl_literal_string_18 = "tests/builtin/strcpy.c:68";
+ __gen_e_acsl_literal_string_18 = "tests/builtin/strcpy.c:70";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_18,
- sizeof("tests/builtin/strcpy.c:68"));
+ sizeof("tests/builtin/strcpy.c:70"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_18);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_18);
- __gen_e_acsl_literal_string_17 = "tests/builtin/strcpy.c:67";
+ __gen_e_acsl_literal_string_17 = "tests/builtin/strcpy.c:69";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_17,
- sizeof("tests/builtin/strcpy.c:67"));
+ sizeof("tests/builtin/strcpy.c:69"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_17);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_17);
- __gen_e_acsl_literal_string_16 = "tests/builtin/strcpy.c:64";
+ __gen_e_acsl_literal_string_16 = "tests/builtin/strcpy.c:66";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_16,
- sizeof("tests/builtin/strcpy.c:64"));
+ sizeof("tests/builtin/strcpy.c:66"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_16);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_16);
- __gen_e_acsl_literal_string_15 = "tests/builtin/strcpy.c:63";
+ __gen_e_acsl_literal_string_15 = "tests/builtin/strcpy.c:65";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_15,
- sizeof("tests/builtin/strcpy.c:63"));
+ sizeof("tests/builtin/strcpy.c:65"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_15);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_15);
- __gen_e_acsl_literal_string_14 = "tests/builtin/strcpy.c:62";
+ __gen_e_acsl_literal_string_14 = "tests/builtin/strcpy.c:64";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_14,
- sizeof("tests/builtin/strcpy.c:62"));
+ sizeof("tests/builtin/strcpy.c:64"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_14);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_14);
- __gen_e_acsl_literal_string_13 = "tests/builtin/strcpy.c:61";
+ __gen_e_acsl_literal_string_13 = "tests/builtin/strcpy.c:63";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_13,
- sizeof("tests/builtin/strcpy.c:61"));
+ sizeof("tests/builtin/strcpy.c:63"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_13);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_13);
- __gen_e_acsl_literal_string_12 = "tests/builtin/strcpy.c:60";
+ __gen_e_acsl_literal_string_12 = "tests/builtin/strcpy.c:62";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_12,
- sizeof("tests/builtin/strcpy.c:60"));
+ sizeof("tests/builtin/strcpy.c:62"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_12);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_12);
- __gen_e_acsl_literal_string_11 = "tests/builtin/strcpy.c:59";
+ __gen_e_acsl_literal_string_11 = "tests/builtin/strcpy.c:61";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_11,
- sizeof("tests/builtin/strcpy.c:59"));
+ sizeof("tests/builtin/strcpy.c:61"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_11);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_11);
- __gen_e_acsl_literal_string_10 = "tests/builtin/strcpy.c:58";
+ __gen_e_acsl_literal_string_10 = "tests/builtin/strcpy.c:60";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_10,
- sizeof("tests/builtin/strcpy.c:58"));
+ sizeof("tests/builtin/strcpy.c:60"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_10);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_10);
- __gen_e_acsl_literal_string_9 = "tests/builtin/strcpy.c:57";
+ __gen_e_acsl_literal_string_9 = "tests/builtin/strcpy.c:59";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_9,
- sizeof("tests/builtin/strcpy.c:57"));
+ sizeof("tests/builtin/strcpy.c:59"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_9);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_9);
- __gen_e_acsl_literal_string_7 = "tests/builtin/strcpy.c:56";
+ __gen_e_acsl_literal_string_7 = "tests/builtin/strcpy.c:58";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_7,
- sizeof("tests/builtin/strcpy.c:56"));
+ sizeof("tests/builtin/strcpy.c:58"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_7);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_7);
__gen_e_acsl_literal_string_6 = "abcd";
diff --git a/src/plugins/e-acsl/tests/builtin/oracle/gen_strlen.c b/src/plugins/e-acsl/tests/builtin/oracle/gen_strlen.c
index 836035907163c2fae009d5aefc28a64ad03f4b57..0f7fe7a05daf5c9cd89a9faa6e02b782de0b0b91 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle/gen_strlen.c
+++ b/src/plugins/e-acsl/tests/builtin/oracle/gen_strlen.c
@@ -368,39 +368,39 @@ void __e_acsl_globals_init(void)
sizeof("the cat"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_7);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_7);
- __gen_e_acsl_literal_string_15 = "tests/builtin/strlen.c:33";
+ __gen_e_acsl_literal_string_15 = "tests/builtin/strlen.c:35";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_15,
- sizeof("tests/builtin/strlen.c:33"));
+ sizeof("tests/builtin/strlen.c:35"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_15);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_15);
- __gen_e_acsl_literal_string_14 = "tests/builtin/strlen.c:31";
+ __gen_e_acsl_literal_string_14 = "tests/builtin/strlen.c:33";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_14,
- sizeof("tests/builtin/strlen.c:31"));
+ sizeof("tests/builtin/strlen.c:33"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_14);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_14);
- __gen_e_acsl_literal_string_13 = "tests/builtin/strlen.c:29";
+ __gen_e_acsl_literal_string_13 = "tests/builtin/strlen.c:31";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_13,
- sizeof("tests/builtin/strlen.c:29"));
+ sizeof("tests/builtin/strlen.c:31"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_13);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_13);
- __gen_e_acsl_literal_string_12 = "tests/builtin/strlen.c:24";
+ __gen_e_acsl_literal_string_12 = "tests/builtin/strlen.c:26";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_12,
- sizeof("tests/builtin/strlen.c:24"));
+ sizeof("tests/builtin/strlen.c:26"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_12);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_12);
- __gen_e_acsl_literal_string_11 = "tests/builtin/strlen.c:23";
+ __gen_e_acsl_literal_string_11 = "tests/builtin/strlen.c:25";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_11,
- sizeof("tests/builtin/strlen.c:23"));
+ sizeof("tests/builtin/strlen.c:25"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_11);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_11);
- __gen_e_acsl_literal_string_10 = "tests/builtin/strlen.c:22";
+ __gen_e_acsl_literal_string_10 = "tests/builtin/strlen.c:24";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_10,
- sizeof("tests/builtin/strlen.c:22"));
+ sizeof("tests/builtin/strlen.c:24"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_10);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_10);
- __gen_e_acsl_literal_string_9 = "tests/builtin/strlen.c:21";
+ __gen_e_acsl_literal_string_9 = "tests/builtin/strlen.c:23";
__e_acsl_store_block((void *)__gen_e_acsl_literal_string_9,
- sizeof("tests/builtin/strlen.c:21"));
+ sizeof("tests/builtin/strlen.c:23"));
__e_acsl_full_init((void *)__gen_e_acsl_literal_string_9);
__e_acsl_mark_readonly((void *)__gen_e_acsl_literal_string_9);
__gen_e_acsl_literal_string = "TEST %d: ";
diff --git a/src/plugins/e-acsl/tests/builtin/oracle/strcmp.res.oracle b/src/plugins/e-acsl/tests/builtin/oracle/strcmp.res.oracle
index 455bfd43413ff0193be76f0b37f94cdfa2afc6f3..1073ab7cbaafbde2ee5da972c14336c0712b791d 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle/strcmp.res.oracle
+++ b/src/plugins/e-acsl/tests/builtin/oracle/strcmp.res.oracle
@@ -1,4 +1,4 @@
-[variadic] tests/builtin/strcmp.c:11: Warning:
+[variadic] tests/builtin/strcmp.c:13: Warning:
Call to function fprintf with non-static format argument: assuming that parameters are coherent with the format, and that no %n specifiers are present in the actual string.
[e-acsl] beginning translation.
[e-acsl] Warning: annotating undefined function `abort':
diff --git a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcat.e-acsl.err.log b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcat.e-acsl.err.log
index ba266124594f7cb22a17928de0f6f61f45e81758..a6ba088466b843d16e4513543a9d1bd3e068886c 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcat.e-acsl.err.log
+++ b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcat.e-acsl.err.log
@@ -1,40 +1,40 @@
-TEST 1: OK: Expected execution at tests/builtin/strcat.c:67
-TEST 2: OK: Expected execution at tests/builtin/strcat.c:69
+TEST 1: OK: Expected execution at tests/builtin/strcat.c:68
+TEST 2: OK: Expected execution at tests/builtin/strcat.c:70
strcat: insufficient space in destination string, available: 8 bytes, requires at least 9 bytes
-TEST 3: OK: Expected signal at tests/builtin/strcat.c:70
+TEST 3: OK: Expected signal at tests/builtin/strcat.c:71
strcat: destination string string unallocated
-TEST 4: OK: Expected signal at tests/builtin/strcat.c:71
+TEST 4: OK: Expected signal at tests/builtin/strcat.c:72
strcat: source string string unallocated
-TEST 5: OK: Expected signal at tests/builtin/strcat.c:72
+TEST 5: OK: Expected signal at tests/builtin/strcat.c:73
strcat: destination string string unallocated
-TEST 6: OK: Expected signal at tests/builtin/strcat.c:73
+TEST 6: OK: Expected signal at tests/builtin/strcat.c:74
strcat: source string string unallocated
-TEST 7: OK: Expected signal at tests/builtin/strcat.c:74
+TEST 7: OK: Expected signal at tests/builtin/strcat.c:75
strcat: destination string string is not writable
-TEST 8: OK: Expected signal at tests/builtin/strcat.c:75
+TEST 8: OK: Expected signal at tests/builtin/strcat.c:76
strcat: overlapping memory areas
-TEST 9: OK: Expected signal at tests/builtin/strcat.c:76
+TEST 9: OK: Expected signal at tests/builtin/strcat.c:77
strcat: overlapping memory areas
-TEST 10: OK: Expected signal at tests/builtin/strcat.c:77
+TEST 10: OK: Expected signal at tests/builtin/strcat.c:78
strcat: overlapping memory areas
-TEST 11: OK: Expected signal at tests/builtin/strcat.c:78
-TEST 12: OK: Expected execution at tests/builtin/strcat.c:79
-TEST 13: OK: Expected execution at tests/builtin/strcat.c:92
+TEST 11: OK: Expected signal at tests/builtin/strcat.c:79
+TEST 12: OK: Expected execution at tests/builtin/strcat.c:80
+TEST 13: OK: Expected execution at tests/builtin/strcat.c:93
strncat: insufficient space in destination string, available: 8 bytes, requires at least 9 bytes
-TEST 14: OK: Expected signal at tests/builtin/strcat.c:93
+TEST 14: OK: Expected signal at tests/builtin/strcat.c:94
strcat: destination string string unallocated
-TEST 15: OK: Expected signal at tests/builtin/strcat.c:94
+TEST 15: OK: Expected signal at tests/builtin/strcat.c:95
strncat: source string string unallocated
-TEST 16: OK: Expected signal at tests/builtin/strcat.c:95
+TEST 16: OK: Expected signal at tests/builtin/strcat.c:96
strcat: destination string string unallocated
-TEST 17: OK: Expected signal at tests/builtin/strcat.c:96
+TEST 17: OK: Expected signal at tests/builtin/strcat.c:97
strncat: source string string unallocated
-TEST 18: OK: Expected signal at tests/builtin/strcat.c:97
+TEST 18: OK: Expected signal at tests/builtin/strcat.c:98
strcat: destination string string is not writable
-TEST 19: OK: Expected signal at tests/builtin/strcat.c:98
+TEST 19: OK: Expected signal at tests/builtin/strcat.c:99
strcat: overlapping memory areas
-TEST 20: OK: Expected signal at tests/builtin/strcat.c:100
+TEST 20: OK: Expected signal at tests/builtin/strcat.c:101
strncat: insufficient space in destination string, available: 6 bytes, requires at least 7 bytes
-TEST 21: OK: Expected signal at tests/builtin/strcat.c:101
+TEST 21: OK: Expected signal at tests/builtin/strcat.c:102
strcat: overlapping memory areas
-TEST 22: OK: Expected signal at tests/builtin/strcat.c:102
+TEST 22: OK: Expected signal at tests/builtin/strcat.c:103
diff --git a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcmp.e-acsl.err.log b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcmp.e-acsl.err.log
index 82deb8dc09ef4a5467c9f9ee838ddab9048c16aa..104a9c03779e69c077a4761cc48a336e37f97f30 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcmp.e-acsl.err.log
+++ b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcmp.e-acsl.err.log
@@ -1,36 +1,36 @@
-TEST 1: OK: Expected execution at tests/builtin/strcmp.c:29
-TEST 2: OK: Expected execution at tests/builtin/strcmp.c:30
-TEST 3: OK: Expected execution at tests/builtin/strcmp.c:31
+TEST 1: OK: Expected execution at tests/builtin/strcmp.c:31
+TEST 2: OK: Expected execution at tests/builtin/strcmp.c:32
+TEST 3: OK: Expected execution at tests/builtin/strcmp.c:33
strcmp: string 1 string not NUL-terminated
-TEST 4: OK: Expected signal at tests/builtin/strcmp.c:34
+TEST 4: OK: Expected signal at tests/builtin/strcmp.c:36
strcmp: string 2 string not NUL-terminated
-TEST 5: OK: Expected signal at tests/builtin/strcmp.c:37
+TEST 5: OK: Expected signal at tests/builtin/strcmp.c:39
strcmp: string 1 string not NUL-terminated
-TEST 6: OK: Expected signal at tests/builtin/strcmp.c:39
+TEST 6: OK: Expected signal at tests/builtin/strcmp.c:41
strcmp: string 2 string not NUL-terminated
-TEST 7: OK: Expected signal at tests/builtin/strcmp.c:42
+TEST 7: OK: Expected signal at tests/builtin/strcmp.c:44
strcmp: string 2 string unallocated
-TEST 8: OK: Expected signal at tests/builtin/strcmp.c:44
+TEST 8: OK: Expected signal at tests/builtin/strcmp.c:46
strcmp: string 1 string unallocated
-TEST 9: OK: Expected signal at tests/builtin/strcmp.c:45
+TEST 9: OK: Expected signal at tests/builtin/strcmp.c:47
strcmp: string 1 string unallocated
-TEST 10: OK: Expected signal at tests/builtin/strcmp.c:50
+TEST 10: OK: Expected signal at tests/builtin/strcmp.c:52
strcmp: string 2 string unallocated
-TEST 11: OK: Expected signal at tests/builtin/strcmp.c:51
-TEST 12: OK: Expected execution at tests/builtin/strcmp.c:61
-TEST 13: OK: Expected execution at tests/builtin/strcmp.c:62
-TEST 14: OK: Expected execution at tests/builtin/strcmp.c:63
-TEST 15: OK: Expected execution at tests/builtin/strcmp.c:65
-TEST 16: OK: Expected execution at tests/builtin/strcmp.c:66
-TEST 17: OK: Expected execution at tests/builtin/strcmp.c:70
-TEST 18: OK: Expected execution at tests/builtin/strcmp.c:73
-TEST 19: OK: Expected execution at tests/builtin/strcmp.c:75
-TEST 20: OK: Expected execution at tests/builtin/strcmp.c:78
+TEST 11: OK: Expected signal at tests/builtin/strcmp.c:53
+TEST 12: OK: Expected execution at tests/builtin/strcmp.c:63
+TEST 13: OK: Expected execution at tests/builtin/strcmp.c:64
+TEST 14: OK: Expected execution at tests/builtin/strcmp.c:65
+TEST 15: OK: Expected execution at tests/builtin/strcmp.c:67
+TEST 16: OK: Expected execution at tests/builtin/strcmp.c:68
+TEST 17: OK: Expected execution at tests/builtin/strcmp.c:72
+TEST 18: OK: Expected execution at tests/builtin/strcmp.c:75
+TEST 19: OK: Expected execution at tests/builtin/strcmp.c:77
+TEST 20: OK: Expected execution at tests/builtin/strcmp.c:80
strncmp: string 2 string has insufficient length
-TEST 21: OK: Expected signal at tests/builtin/strcmp.c:81
+TEST 21: OK: Expected signal at tests/builtin/strcmp.c:83
strncmp: string 2 string has insufficient length
-TEST 22: OK: Expected signal at tests/builtin/strcmp.c:84
+TEST 22: OK: Expected signal at tests/builtin/strcmp.c:86
strncmp: string 2 string has insufficient length
-TEST 23: OK: Expected signal at tests/builtin/strcmp.c:85
+TEST 23: OK: Expected signal at tests/builtin/strcmp.c:87
strncmp: string 1 string has insufficient length
-TEST 24: OK: Expected signal at tests/builtin/strcmp.c:88
+TEST 24: OK: Expected signal at tests/builtin/strcmp.c:90
diff --git a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcpy.e-acsl.err.log b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcpy.e-acsl.err.log
index cd7ff4907a56d31da2a7b2cefc26b45b92bbb3f3..41e9c691476a0fbb2a792a366d1144c2fd9abcb2 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle_dev/strcpy.e-acsl.err.log
+++ b/src/plugins/e-acsl/tests/builtin/oracle_dev/strcpy.e-acsl.err.log
@@ -1,27 +1,27 @@
-TEST 1: OK: Expected execution at tests/builtin/strcpy.c:56
-TEST 2: OK: Expected execution at tests/builtin/strcpy.c:57
+TEST 1: OK: Expected execution at tests/builtin/strcpy.c:58
+TEST 2: OK: Expected execution at tests/builtin/strcpy.c:59
strlen: insufficient space in destination string, at least 5 bytes required
-TEST 3: OK: Expected signal at tests/builtin/strcpy.c:58
+TEST 3: OK: Expected signal at tests/builtin/strcpy.c:60
strlen: destination string space unallocated or cannot be written
-TEST 4: OK: Expected signal at tests/builtin/strcpy.c:59
+TEST 4: OK: Expected signal at tests/builtin/strcpy.c:61
strlen: destination string space unallocated or cannot be written
-TEST 5: OK: Expected signal at tests/builtin/strcpy.c:60
-TEST 6: OK: Expected execution at tests/builtin/strcpy.c:61
+TEST 5: OK: Expected signal at tests/builtin/strcpy.c:62
+TEST 6: OK: Expected execution at tests/builtin/strcpy.c:63
strcpy: overlapping memory areas
-TEST 7: OK: Expected signal at tests/builtin/strcpy.c:62
-TEST 8: OK: Expected execution at tests/builtin/strcpy.c:63
+TEST 7: OK: Expected signal at tests/builtin/strcpy.c:64
+TEST 8: OK: Expected execution at tests/builtin/strcpy.c:65
strcpy: overlapping memory areas
-TEST 9: OK: Expected signal at tests/builtin/strcpy.c:64
-TEST 10: OK: Expected execution at tests/builtin/strcpy.c:67
+TEST 9: OK: Expected signal at tests/builtin/strcpy.c:66
+TEST 10: OK: Expected execution at tests/builtin/strcpy.c:69
strncpy: insufficient space in destination string , at least 6 bytes required
-TEST 11: OK: Expected signal at tests/builtin/strcpy.c:68
+TEST 11: OK: Expected signal at tests/builtin/strcpy.c:70
strncpy: destination string space unallocated or cannot be written
-TEST 12: OK: Expected signal at tests/builtin/strcpy.c:69
+TEST 12: OK: Expected signal at tests/builtin/strcpy.c:71
strncpy: destination string space unallocated or cannot be written
-TEST 13: OK: Expected signal at tests/builtin/strcpy.c:70
-TEST 14: OK: Expected execution at tests/builtin/strcpy.c:71
+TEST 13: OK: Expected signal at tests/builtin/strcpy.c:72
+TEST 14: OK: Expected execution at tests/builtin/strcpy.c:73
strncpy: overlapping memory areas
-TEST 15: OK: Expected signal at tests/builtin/strcpy.c:72
-TEST 16: OK: Expected execution at tests/builtin/strcpy.c:73
+TEST 15: OK: Expected signal at tests/builtin/strcpy.c:74
+TEST 16: OK: Expected execution at tests/builtin/strcpy.c:75
strncpy: overlapping memory areas
-TEST 17: OK: Expected signal at tests/builtin/strcpy.c:74
+TEST 17: OK: Expected signal at tests/builtin/strcpy.c:76
diff --git a/src/plugins/e-acsl/tests/builtin/oracle_dev/strlen.e-acsl.err.log b/src/plugins/e-acsl/tests/builtin/oracle_dev/strlen.e-acsl.err.log
index 12fc549bbd1f81e6d55a9ff66150154bf9fcbc34..14e39ec1624fd245220305b5ae9bb3445a220c38 100644
--- a/src/plugins/e-acsl/tests/builtin/oracle_dev/strlen.e-acsl.err.log
+++ b/src/plugins/e-acsl/tests/builtin/oracle_dev/strlen.e-acsl.err.log
@@ -1,10 +1,10 @@
-TEST 1: OK: Expected execution at tests/builtin/strlen.c:21
-TEST 2: OK: Expected execution at tests/builtin/strlen.c:22
-TEST 3: OK: Expected execution at tests/builtin/strlen.c:23
-TEST 4: OK: Expected execution at tests/builtin/strlen.c:24
+TEST 1: OK: Expected execution at tests/builtin/strlen.c:23
+TEST 2: OK: Expected execution at tests/builtin/strlen.c:24
+TEST 3: OK: Expected execution at tests/builtin/strlen.c:25
+TEST 4: OK: Expected execution at tests/builtin/strlen.c:26
strlen: input string not NUL-terminated
-TEST 5: OK: Expected signal at tests/builtin/strlen.c:29
+TEST 5: OK: Expected signal at tests/builtin/strlen.c:31
strlen: input string not NUL-terminated
-TEST 6: OK: Expected signal at tests/builtin/strlen.c:31
+TEST 6: OK: Expected signal at tests/builtin/strlen.c:33
strlen: input string unallocated
-TEST 7: OK: Expected signal at tests/builtin/strlen.c:33
+TEST 7: OK: Expected signal at tests/builtin/strlen.c:35
diff --git a/src/plugins/e-acsl/tests/builtin/strcat.c b/src/plugins/e-acsl/tests/builtin/strcat.c
index 1e9c506bcc3a393d79f8112fe2b0abc559b44031..d8bd751af84661e01e3ff675eddba729d9fa622a 100644
--- a/src/plugins/e-acsl/tests/builtin/strcat.c
+++ b/src/plugins/e-acsl/tests/builtin/strcat.c
@@ -1,9 +1,10 @@
/* run.config
- COMMENT: Test `strcat` and `strncat` E-ACSL built-ins
+ COMMENT: Test `strcat` and `strncat` E-ACSL built-ins
+ DEPS: @PTESTS_DEPS@ utils/signalled.h
STDOPT: +"-eva-precision=1"
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <stdlib.h>
#include <string.h>
diff --git a/src/plugins/e-acsl/tests/builtin/strcmp.c b/src/plugins/e-acsl/tests/builtin/strcmp.c
index add8cc87f8972b6ee3aec792ec31c91878021d23..e90d1b7f2ea4613ea6d98a8654bf78d02f1ff586 100644
--- a/src/plugins/e-acsl/tests/builtin/strcmp.c
+++ b/src/plugins/e-acsl/tests/builtin/strcmp.c
@@ -1,8 +1,10 @@
/* run.config
- COMMENT: Test `strcmp` and `strncmp` E-ACSL built-ins
+ COMMENT: Test `strcmp` and `strncmp` E-ACSL built-ins
+ DEPS: @PTESTS_DEPS@ utils/signalled.h
+ STDOPT:
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <stdlib.h>
#include <string.h>
diff --git a/src/plugins/e-acsl/tests/builtin/strcpy.c b/src/plugins/e-acsl/tests/builtin/strcpy.c
index 64a0571c23ad5177247836e1cbd210196447f9a5..44e8b5f81106f3025f08100ba72c70c8987ed65e 100644
--- a/src/plugins/e-acsl/tests/builtin/strcpy.c
+++ b/src/plugins/e-acsl/tests/builtin/strcpy.c
@@ -1,8 +1,10 @@
/* run.config
- COMMENT: Test `strcpy` and `strncpy` E-ACSL built-ins
+ COMMENT: Test `strcpy` and `strncpy` E-ACSL built-ins
+ DEPS: @PTESTS_DEPS@ utils/signalled.h
+ STDOPT:
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <stdlib.h>
#include <string.h>
diff --git a/src/plugins/e-acsl/tests/builtin/strlen.c b/src/plugins/e-acsl/tests/builtin/strlen.c
index b7ef400329cd543aedbe5277f2db0e6cb1b1b791..556734a33c04696ac9b9262f3ae248a1c64df366 100644
--- a/src/plugins/e-acsl/tests/builtin/strlen.c
+++ b/src/plugins/e-acsl/tests/builtin/strlen.c
@@ -1,8 +1,10 @@
/* run.config
- COMMENT: Test `strlen` E-ACSL built-ins
+ COMMENT: Test `strlen` E-ACSL built-ins
+ DEPS: @PTESTS_DEPS@ utils/signalled.h
+ STDOPT:
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <stdlib.h>
#include <string.h>
diff --git a/src/plugins/e-acsl/tests/builtin/utils b/src/plugins/e-acsl/tests/builtin/utils
new file mode 120000
index 0000000000000000000000000000000000000000..19985ba50b51e1b7741a400a0b24ee16739553af
--- /dev/null
+++ b/src/plugins/e-acsl/tests/builtin/utils
@@ -0,0 +1 @@
+../utils/
\ No newline at end of file
diff --git a/src/plugins/e-acsl/tests/format/fprintf.c b/src/plugins/e-acsl/tests/format/fprintf.c
index 41f91017210623d6199c28c04a5db79b2be7f384..0ad4326e664141bc2d524b21c0550f16b16ef10c 100644
--- a/src/plugins/e-acsl/tests/format/fprintf.c
+++ b/src/plugins/e-acsl/tests/format/fprintf.c
@@ -3,7 +3,7 @@
STDOPT: +"-eva-precision=1"
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <stdio.h>
#include <stdlib.h>
diff --git a/src/plugins/e-acsl/tests/format/printf.c b/src/plugins/e-acsl/tests/format/printf.c
index 4b4c505ef0766a749f193a70695e519cff1b3fa0..c1ddba8d5eabf8e0a8db97d538cef13a6ba71859 100644
--- a/src/plugins/e-acsl/tests/format/printf.c
+++ b/src/plugins/e-acsl/tests/format/printf.c
@@ -6,7 +6,7 @@
MACRO: ROOT_EACSL_GCC_OPTS_EXT @ROOT_EACSL_GCC_OPTS_EXT@ -e "-Wno-maybe-uninitialized"
*/
-#include "../utils/signalled.h"
+#include "utils/signalled.h"
#include <limits.h>
#include <signal.h>
#include <stddef.h>
diff --git a/src/plugins/e-acsl/tests/format/utils b/src/plugins/e-acsl/tests/format/utils
new file mode 120000
index 0000000000000000000000000000000000000000..19985ba50b51e1b7741a400a0b24ee16739553af
--- /dev/null
+++ b/src/plugins/e-acsl/tests/format/utils
@@ -0,0 +1 @@
+../utils/
\ No newline at end of file
diff --git a/src/plugins/e-acsl/tests/special/e-acsl-no-assert-print-data.c b/src/plugins/e-acsl/tests/special/e-acsl-no-assert-print-data.c
index fea3dee8c454c325388a8d59f192f4e42e6f5773..33a928aa5023fbcb6a0f1c95b7483a1e2f4e5580 100644
--- a/src/plugins/e-acsl/tests/special/e-acsl-no-assert-print-data.c
+++ b/src/plugins/e-acsl/tests/special/e-acsl-no-assert-print-data.c
@@ -1,6 +1,6 @@
/* run.config
COMMENT: test assertion failure without printing assertion data
- LOG: gen_@PTEST_NAME@.c
+
STDOPT: #"-e-acsl-no-assert-print-data"
*/
/* run.config_dev
diff --git a/src/plugins/e-acsl/tests/test_config.in b/src/plugins/e-acsl/tests/test_config.in
index 55b9f357b3475c0e31946b0b09f162c70913b614..9ea7fff16b9e76eaf6059d66e8481b0c6df3d8bc 100644
--- a/src/plugins/e-acsl/tests/test_config.in
+++ b/src/plugins/e-acsl/tests/test_config.in
@@ -2,17 +2,22 @@ MACRO: DEST @PTEST_RESULT@/gen_@PTEST_NAME@
MACRO: MACHDEP -machdep gcc_x86_64
MACRO: GLOBAL @MACHDEP@ -remove-unused-specified-functions -verbose 0 -no-unicode
-MACRO: EACSL -e-acsl -e-acsl-share ./share/e-acsl -e-acsl-verbose 1
+MACRO: EACSL -e-acsl -e-acsl-share @PTEST_SHARE_DIR@/e-acsl -e-acsl-verbose 1
MACRO: EVA -eva -eva-no-alloc-returns-null -eva-no-results -eva-no-print -eva-warn-key libc:unsupported-spec=inactive -eva-warn-key loop-unroll:auto=inactive
MACRO: EVENTUALLY -print -ocode @DEST@.c
PLUGIN: E_ACSL eva,scope,variadic rtegen
-LIBS: ../E_ACSL_test
+LIBS: @PTEST_SUITE_DIR@/../E_ACSL_test
LOG: gen_@PTEST_NAME@.c
-OPT: @GLOBAL@ @EACSL@ -then-last @EVA@ @EVENTUALLY@
-FILTER:@SEDCMD@ -e "s|[a-zA-Z/\\]\+frama_c_project_e-acsl_[a-z0-9]*|PROJECT_FILE|" -e "s|$FRAMAC_SHARE|FRAMAC_SHARE|g" -e "s|../../share|FRAMAC_SHARE|g" -e "s|./share/e-acsl|FRAMAC_SHARE/e-acsl|g" -e "s|share/e-acsl|FRAMAC_SHARE/e-acsl|g"
+
COMMENT: This regex works around the tendency of Frama-C to transform
COMMENT: absolute path into relative ones whenever the file is not too far
COMMENT: away from cwd.
+FILTER:@SEDCMD@ -e "s|[a-zA-Z/\\]\+frama_c_project_e-acsl_[a-z0-9]*|PROJECT_FILE|" -e "s|$FRAMAC_SHARE|FRAMAC_SHARE|g" -e "s|../../share|FRAMAC_SHARE|g" -e "s|@PTEST_SHARE_DIR@/e-acsl|FRAMAC_SHARE/e-acsl|g" -e "s|share/e-acsl|FRAMAC_SHARE/e-acsl|g"
+
+COMMENT: The dependency to the plugin share directory has not to be explicited
+DEPS:
+
+OPT: @GLOBAL@ @EACSL@ -then-last @EVA@ @EVENTUALLY@
diff --git a/src/plugins/e-acsl/tests/test_config_dev.in b/src/plugins/e-acsl/tests/test_config_dev.in
index eefa60c7fb94b292a05dcf9d11fc8ace5e8f7706..ca8f3b14da0cd423cf8f14b321c2d59eaf29a3cb 100644
--- a/src/plugins/e-acsl/tests/test_config_dev.in
+++ b/src/plugins/e-acsl/tests/test_config_dev.in
@@ -4,18 +4,25 @@ MACRO: EACSL_ERR @PTEST_NAME@.e-acsl.err.log
COMMENT: Default options for `e-acsl-gcc.sh`
MACRO: ROOT_EACSL_GCC_MISC_OPTS -q -X --no-assert-print-data
+
COMMENT: Default options for the frama-c invocation
MACRO: ROOT_EACSL_GCC_FC_EXTRA -journal-disable -verbose 0
PLUGIN: E_ACSL eva,scope,variadic rtegen
-EXEC: LOG @EACSL_ERR@ ./tests/wrapper.sh "@frama-c-exe@" "@PTEST_RESULT@" "@PTEST_NAME@" "@PTEST_FILE@" "@EACSL_ERR@" "@ROOT_EACSL_GCC_MISC_OPTS@ @ROOT_EACSL_GCC_OPTS_EXT@" "@PTEST_DEFAULT_OPTIONS@ @PTEST_LOAD_OPTIONS@ @ROOT_EACSL_GCC_FC_EXTRA@ @ROOT_EACSL_GCC_FC_EXTRA_EXT@" "@ROOT_EACSL_EXEC_FILTER@"
+COMMENT: The dependency to the plugin share directory has not to be explicited
+DEPS: @PTEST_SUITE_DIR@/../wrapper.sh
+
+EXEC: LOG @EACSL_ERR@ @PTEST_SUITE_DIR@/../wrapper.sh "@frama-c-exe@" "@PTEST_RESULT@" "@PTEST_NAME@" "@PTEST_FILE@" "@EACSL_ERR@" "@ROOT_EACSL_GCC_MISC_OPTS@ @ROOT_EACSL_GCC_OPTS_EXT@" "@PTEST_DEFAULT_OPTIONS@ @PTEST_LOAD_OPTIONS@ @ROOT_EACSL_GCC_FC_EXTRA@ @ROOT_EACSL_GCC_FC_EXTRA_EXT@" "@ROOT_EACSL_EXEC_FILTER@"
COMMENT: These next macros can be redefined in a test file
+
COMMENT: Define the following macro in a test to pass extra options to the frama-c invocation
MACRO: ROOT_EACSL_GCC_FC_EXTRA_EXT
+
COMMENT: Define the following macro in a test to pass extra options to `e-acsl-gcc.sh`
MACRO: ROOT_EACSL_GCC_OPTS_EXT
+
COMMENT: Define the following macro in a test to filter the output of the test execution
COMMENT: You can chain several filters by separating commands with |. However sed cannot
COMMENT: use | as a delimiter, please use / or another character instead.
diff --git a/src/plugins/wp/Changelog b/src/plugins/wp/Changelog
index a331ea9f31b98427e2b0b62ef51d134fefe84c43..0da478f24ee96dd84251cc6b669007284fdcad64 100644
--- a/src/plugins/wp/Changelog
+++ b/src/plugins/wp/Changelog
@@ -24,6 +24,12 @@
Plugin WP <next-release>
########################
+- TIP [2022-01-05] New tactic Clear: remove hypothesis
+-* WP [2022-01-05] Fix loop invariant order
+- WP [2022-01-05] Weaken check loop invariant
+- TIP [2021-11-30] Extended Split tactic: can split in hypotheses, can
+ split conjunctions into multiple hypotheses.
+- WP [2021-11-08] Removed legacy WP engine and option -wp-legacy
#########################
Plugin WP 24.0 (Chromium)
diff --git a/src/plugins/wp/Makefile.in b/src/plugins/wp/Makefile.in
index afc9ef27123cc365fa69e9ac81b39ccb9a6b8468..72ad09daf3b043ff114ba3ab2f89fdfc1681c145 100644
--- a/src/plugins/wp/Makefile.in
+++ b/src/plugins/wp/Makefile.in
@@ -86,7 +86,7 @@ PLUGIN_CMO:= \
CfgCompiler StmtSemantics \
VCS script proof wpo wpReport \
Footprint Tactical Strategy \
- TacSplit TacChoice TacRange TacInduction \
+ TacClear TacSplit TacChoice TacRange TacInduction \
TacArray TacCompound TacUnfold \
TacHavoc TacInstance TacLemma \
TacFilter TacCut WpTac TacNormalForm \
diff --git a/src/plugins/wp/TacClear.ml b/src/plugins/wp/TacClear.ml
new file mode 100644
index 0000000000000000000000000000000000000000..62492909112d90a938b3be35e092e682a0a44e40
--- /dev/null
+++ b/src/plugins/wp/TacClear.ml
@@ -0,0 +1,41 @@
+(**************************************************************************)
+(* *)
+(* This file is part of WP plug-in of Frama-C. *)
+(* *)
+(* Copyright (C) 2007-2021 *)
+(* CEA (Commissariat a l'energie atomique et aux energies *)
+(* alternatives) *)
+(* *)
+(* you can redistribute it and/or modify it under the terms of the GNU *)
+(* Lesser General Public License as published by the Free Software *)
+(* Foundation, version 2.1. *)
+(* *)
+(* It is distributed in the hope that it will be useful, *)
+(* but WITHOUT ANY WARRANTY; without even the implied warranty of *)
+(* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *)
+(* GNU Lesser General Public License for more details. *)
+(* *)
+(* See the GNU Lesser General Public License version 2.1 *)
+(* for more details (enclosed in the file licenses/LGPLv2.1). *)
+(* *)
+(**************************************************************************)
+
+open Tactical
+
+class clear =
+ object(_)
+ inherit Tactical.make ~id:"Wp.clear"
+ ~title:"Clear"
+ ~descr:"Remove Hypothesis"
+ ~params:[]
+
+ method select _feedback sel =
+ match sel with
+ | Clause(Step step) ->
+ let removed = [ "Cleared hypothesis", Conditions.Have Lang.F.p_true] in
+ Applicable (Tactical.replace ~at:step.id removed)
+ | _ ->
+ Not_applicable
+ end
+
+let tactical = Tactical.export (new clear)
diff --git a/src/plugins/wp/TacClear.mli b/src/plugins/wp/TacClear.mli
new file mode 100644
index 0000000000000000000000000000000000000000..acb995cfacab566b1dc65c462e712aaf119d6590
--- /dev/null
+++ b/src/plugins/wp/TacClear.mli
@@ -0,0 +1,29 @@
+(**************************************************************************)
+(* *)
+(* This file is part of WP plug-in of Frama-C. *)
+(* *)
+(* Copyright (C) 2007-2021 *)
+(* CEA (Commissariat a l'energie atomique et aux energies *)
+(* alternatives) *)
+(* *)
+(* you can redistribute it and/or modify it under the terms of the GNU *)
+(* Lesser General Public License as published by the Free Software *)
+(* Foundation, version 2.1. *)
+(* *)
+(* It is distributed in the hope that it will be useful, *)
+(* but WITHOUT ANY WARRANTY; without even the implied warranty of *)
+(* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *)
+(* GNU Lesser General Public License for more details. *)
+(* *)
+(* See the GNU Lesser General Public License version 2.1 *)
+(* for more details (enclosed in the file licenses/LGPLv2.1). *)
+(* *)
+(**************************************************************************)
+
+(** Built-in Range Tactical (auto-registered) *)
+
+open Tactical
+
+val tactical : tactical
+
+(**************************************************************************)
diff --git a/src/plugins/wp/TacFilter.ml b/src/plugins/wp/TacFilter.ml
index bf7340bc36ceddd0e43d346dc84dc74704060c5d..8d356dbe149835105e1b369841af681c4f511a0a 100644
--- a/src/plugins/wp/TacFilter.ml
+++ b/src/plugins/wp/TacFilter.ml
@@ -36,7 +36,7 @@ class filter =
object(self)
inherit Tactical.make ~id:"Wp.filter"
~title:"Filter"
- ~descr:"Erase Hypotheses"
+ ~descr:"Dependent Erasure of Hypotheses"
~params:[panti]
method select feedback _sel =
diff --git a/src/plugins/wp/cfgAnnot.ml b/src/plugins/wp/cfgAnnot.ml
index 0f78e501ffe8a0f7d23cf8ef0ade268282a85eea..6e114cdf7e7e3c43ddc2711387d58f28241c2a5a 100644
--- a/src/plugins/wp/cfgAnnot.ml
+++ b/src/plugins/wp/cfgAnnot.ml
@@ -468,29 +468,27 @@ let mk_variant_properties kf s ca v =
let vdecr = Logic_const.prel ~loc (Rlt, v, vcurr) in
(vpos_id, vpos), (vdecr_id, vdecr)
+type loop_hypothesis =
+ | NoHyp
+ | Check of WpPropId.prop_id
+ | Always of WpPropId.prop_id
+
+type loop_invariant = {
+ loop_hyp : loop_hypothesis ;
+ loop_est : WpPropId.prop_id option ;
+ loop_ind : WpPropId.prop_id option ;
+ loop_pred : Cil_types.predicate ;
+}
+
type loop_contract = {
loop_terminates: predicate option;
- (* to be verified at loop entry *)
- loop_established: WpPropId.pred_info list;
- (* to be assumed for loop current *)
- loop_invariants: WpPropId.pred_info list;
+ loop_invariants : loop_invariant list ;
(* to be proved after loop invariants *)
loop_smoke: WpPropId.pred_info list;
- (* to be verified after loop body *)
- loop_preserved: WpPropId.pred_info list;
(* assigned by loop body *)
loop_assigns: WpPropId.assigns_full_info list;
}
-let reverse_loop_contract l = {
- loop_terminates = l.loop_terminates ;
- loop_established = List.rev l.loop_established ;
- loop_invariants = List.rev l.loop_invariants ;
- loop_preserved = List.rev l.loop_preserved ;
- loop_assigns = List.rev l.loop_assigns ;
- loop_smoke = List.rev l.loop_smoke ;
-}
-
let default_assigns stmt l =
{ l with
loop_assigns =
@@ -508,22 +506,24 @@ module LoopContract = WpContext.StaticGenerator(CodeKey)
let normalize_annot (i,p) = i, normalize_pred p in
let normalize_assigns w = NormAtLabels.preproc_assigns labels w in
default_assigns stmt @@
- reverse_loop_contract @@
Annotations.fold_code_annot
begin fun _emitter ca l ->
match ca.annot_content with
| AInvariant(_,true,inv) ->
- let p = normalize_pred inv.tp_statement in
let g_hyp = WpPropId.mk_inv_hyp_id kf stmt ca in
let g_est, g_ind = WpPropId.mk_loop_inv kf stmt ca in
let admit = Logic_utils.use_predicate inv.tp_kind in
let verif = Logic_utils.verify_predicate inv.tp_kind in
- let use flag id p ps = if flag then (id,p) :: ps else ps in
+ let loop_hyp = if admit then Always g_hyp else Check g_hyp in
+ let use flag id = if flag then Some id else None in
+ let inv =
+ { loop_pred = normalize_pred inv.tp_statement ;
+ loop_hyp ;
+ loop_est = use verif g_est ;
+ loop_ind = use verif g_ind ; }
+ in
{ l with
- loop_established = use verif g_est p l.loop_established ;
- loop_invariants = use admit g_hyp p l.loop_invariants ;
- loop_preserved = use verif g_ind p l.loop_preserved ;
- }
+ loop_invariants = inv :: l.loop_invariants ; }
| AVariant(term, None) ->
let vpos , vdec =
mk_variant_properties kf stmt ca term in
@@ -539,11 +539,14 @@ module LoopContract = WpContext.StaticGenerator(CodeKey)
Logic_const.pimplies (t, v)
end else v
in
+ let mk_inv (i, p) =
+ let i, p = intro_terminates @@ normalize_annot (i, p) in
+ { loop_pred = p ;
+ loop_hyp = NoHyp ; loop_est = None ; loop_ind = Some i }
+ in
{ l with loop_terminates = None ;
- loop_preserved =
- intro_terminates (normalize_annot vdec) ::
- intro_terminates (normalize_annot vpos) ::
- l.loop_preserved }
+ loop_invariants =
+ mk_inv vdec :: mk_inv vpos :: l.loop_invariants }
| AAssigns(_,WritesAny) ->
let asgn = WpPropId.mk_loop_any_assigns_info stmt in
{ l with loop_assigns = asgn :: l.loop_assigns }
@@ -559,9 +562,7 @@ module LoopContract = WpContext.StaticGenerator(CodeKey)
| _ -> l
end stmt {
loop_terminates = Some Logic_const.pfalse ;
- loop_established = [] ;
loop_invariants = [] ;
- loop_preserved = [] ;
loop_smoke = [] ;
loop_assigns = [] ;
}
diff --git a/src/plugins/wp/cfgAnnot.mli b/src/plugins/wp/cfgAnnot.mli
index 4d246683c330953432587370ff67cf0f8025ddd1..53c1c4659e4eee89d24c38360ef7b054af202a9d 100644
--- a/src/plugins/wp/cfgAnnot.mli
+++ b/src/plugins/wp/cfgAnnot.mli
@@ -78,16 +78,23 @@ val get_stmt_assigns : kernel_function -> stmt -> assigns_full_info list
(* --- Property Accessors : Loop Contracts --- *)
(* -------------------------------------------------------------------------- *)
+type loop_hypothesis =
+ | NoHyp
+ | Check of WpPropId.prop_id
+ | Always of WpPropId.prop_id
+
+type loop_invariant = {
+ loop_hyp : loop_hypothesis ;
+ loop_est : WpPropId.prop_id option ;
+ loop_ind : WpPropId.prop_id option ;
+ loop_pred : Cil_types.predicate ;
+}
+
type loop_contract = {
loop_terminates: predicate option;
- (** to be verified at loop entry *)
- loop_established: pred_info list;
- (** to be assumed for loop current *)
- loop_invariants: pred_info list;
+ loop_invariants: loop_invariant list;
(** to be proved after loop invariants *)
loop_smoke: pred_info list;
- (** to be verified after loop body *)
- loop_preserved: pred_info list;
(** assigned by loop body *)
loop_assigns: assigns_full_info list;
}
diff --git a/src/plugins/wp/cfgCalculus.ml b/src/plugins/wp/cfgCalculus.ml
index 1d86603585d87124ecca7353fe0ff08ca1f6736f..4fba7b07405c29adbe274cefd5e4695299d724c2 100644
--- a/src/plugins/wp/cfgCalculus.ml
+++ b/src/plugins/wp/cfgCalculus.ml
@@ -182,8 +182,8 @@ struct
then W.add_assigns env.we ai w
else w
- let use_property env (p : WpPropId.pred_info) w =
- if is_selected ~goal:false env p then W.add_hyp env.we p w else w
+ let use_property ?for_pid env (p : WpPropId.pred_info) w =
+ if is_selected ~goal:false env p then W.add_hyp ?for_pid env.we p w else w
let prove_property env (p : WpPropId.pred_info) w =
if is_selected ~goal:true env p then W.add_goal env.we p w else w
@@ -259,14 +259,37 @@ struct
| None, _ | _, None -> w (* no terminates goal or nothing to prove *)
| Some t, Some prop -> prove_subproperty env t prop s FromCode w
in
+ let prove_invariant env pid pred w =
+ match pid with None -> w | Some pid -> prove_property env (pid, pred) w
+ in
+ let assume_invariant env (hyp: CfgAnnot.loop_hypothesis) pred ind w =
+ match hyp with
+ | NoHyp -> w
+ | Check pid -> use_property ?for_pid:ind env (pid, pred) w
+ | Always pid -> use_property env (pid, pred) w
+ in
+ let established env CfgAnnot.{ loop_hyp; loop_ind; loop_est; loop_pred } w =
+ prove_invariant env loop_est loop_pred @@
+ assume_invariant env loop_hyp loop_pred loop_ind w
+ in
+ let loop_current_hyp env CfgAnnot.{ loop_hyp ; loop_ind ; loop_pred } w =
+ assume_invariant env loop_hyp loop_pred loop_ind w
+ in
+ let preserved env CfgAnnot.{ loop_hyp ; loop_ind ; loop_pred } w =
+ prove_invariant env loop_ind loop_pred @@
+ begin match loop_hyp with
+ | CfgAnnot.Always pid -> use_property env (pid, loop_pred)
+ | _ -> Extlib.id (* we never assume this one for checks *)
+ end w
+ in
insert_terminates @@
- List.fold_right (prove_property env) lc.loop_established @@
+ List.fold_right (established env) lc.loop_invariants @@
List.fold_right (use_assigns env) lc.loop_assigns @@
W.label env.we None (Clabels.loop_current s) @@
- List.fold_right (use_property env) lc.loop_invariants @@
+ List.fold_right (loop_current_hyp env) lc.loop_invariants @@
List.fold_right (prove_property env) lc.loop_smoke @@
let q =
- List.fold_right (prove_property env) lc.loop_preserved @@
+ List.fold_right (preserved env) lc.loop_invariants @@
List.fold_right (prove_assigns env) lc.loop_assigns @@
W.empty in
( Vhash.replace env.wp a (Some q) ; successors env a )
diff --git a/src/plugins/wp/cfgDump.ml b/src/plugins/wp/cfgDump.ml
index c15ac2a858f54f23f3ab69d5e3649e0dbf8c49ab..c38b30c4127d6bf3949afa58487cfdeaaab2c9c4 100644
--- a/src/plugins/wp/cfgDump.ml
+++ b/src/plugins/wp/cfgDump.ml
@@ -89,12 +89,17 @@ let new_env ?lvars kf : t_env = ignore lvars ; kf
let add_axiom _p _l = ()
-let add_hyp _env (pid,pred) k =
+let add_hyp ?for_pid _env (pid,pred) k =
+ ignore(for_pid);
let u = node () in
if Wp_parameters.debug_atleast 1 then
- Format.fprintf !out " %a [ color=green , label=\"Assume %a\" ] ;@." pretty u Printer.pp_predicate pred
+ Format.fprintf !out " %a [ color=green , label=\"Assume %a%a\"] ;@."
+ pretty u Printer.pp_predicate pred
+ (Pretty_utils.pp_opt ~pre:" for" WpPropId.pretty) for_pid
else
- Format.fprintf !out " %a [ color=green , label=\"Assume %a\" ] ;@." pretty u WpPropId.pp_propid pid ;
+ Format.fprintf !out " %a [ color=green , label=\"Assume %a%a\"] ;@."
+ pretty u WpPropId.pp_propid pid
+ (Pretty_utils.pp_opt ~pre:" for" WpPropId.pretty) for_pid ;
link u k ; u
let add_goal env (pid,pred) k =
diff --git a/src/plugins/wp/cfgInfos.ml b/src/plugins/wp/cfgInfos.ml
index 1ff5c4f7a9b5e692fb3b65ff1cc72244eb49ceea..c3fa404c7e5b3c500ed9b1893c1f0c304c660950 100644
--- a/src/plugins/wp/cfgInfos.ml
+++ b/src/plugins/wp/cfgInfos.ml
@@ -400,8 +400,11 @@ let loop_contract_pids kf stmt =
| WpPropId.NoAssignsInfo | AssignsAny _ -> l
| AssignsLocations (pid, _) -> pid :: l
in
- List.fold_right (fun (pid,_) l -> pid :: l) invs.loop_established @@
- List.fold_right (fun (pid,_) l -> pid :: l) invs.loop_preserved @@
+ let verif_fold CfgAnnot.{ loop_est ; loop_ind } l =
+ let l = Option.fold ~none:l ~some:(fun i -> i :: l) loop_est in
+ Option.fold ~none:l ~some:(fun i -> i :: l) loop_ind
+ in
+ List.fold_right verif_fold invs.loop_invariants @@
List.fold_right add_assigns invs.loop_assigns []
| _ -> []
diff --git a/src/plugins/wp/cfgWP.ml b/src/plugins/wp/cfgWP.ml
index 7c5edf076e143af3de5c65afa06401a88a5fa86b..97c136c1d4f285c2cc0117b7d9dd115951496e90 100644
--- a/src/plugins/wp/cfgWP.ml
+++ b/src/plugins/wp/cfgWP.ml
@@ -484,7 +484,7 @@ struct
let add_axiom _id _l = ()
- let add_hyp wenv (hpid,predicate) wp = in_wenv wenv wp
+ let add_hyp ?for_pid wenv (hpid,predicate) wp = in_wenv wenv wp
(fun env wp ->
let outcome = Warning.catch
~severe:false ~effect:"Skip hypothesis"
@@ -493,7 +493,11 @@ struct
| Warning.Result(warn,p) -> warn , [p]
| Warning.Failed warn -> warn , []
in
- let vcs = gmap (assume_vc ~hpid ~warn hs) wp.vcs in
+ let assume_vc target vcs = match for_pid with
+ | Some id when not @@ PropId.equal id (TARGET.prop_id target) -> vcs
+ | _ -> Splitter.map (assume_vc ~hpid ~warn hs) vcs
+ in
+ let vcs = Gmap.mapi assume_vc wp.vcs in
{ wp with vcs = vcs })
let add_goal wenv (gpid,predicate) wp = in_wenv wenv wp
diff --git a/src/plugins/wp/doc/manual/wp_plugin.tex b/src/plugins/wp/doc/manual/wp_plugin.tex
index bd11618cab799e9a36358a40b27274bc1eaad2db..c79c2da273021c4edd4880c5f0d4036010e71e3c 100644
--- a/src/plugins/wp/doc/manual/wp_plugin.tex
+++ b/src/plugins/wp/doc/manual/wp_plugin.tex
@@ -288,6 +288,11 @@ The user can select a hypothesis $H$, and change the goal to $\neg H$:
$$ \TACTIC{\Delta,H\models\,G}{\Delta\models\,\neg H} $$
+\paragraph{Clear} Remove Hypothesis\\
+The user can select a hypothesis $H$, and remove it from the context:
+
+$$ \TACTIC{\Delta,H\models\,G}{\Delta\models\,G} $$
+
\paragraph{Choice} Select a Goal Alternative\\
When the goal is a disjunction, the user select one alternative and discard the others:
$$ \TACTIC{\Delta\models\,\Gamma,G}{\Delta\models\,G} $$
@@ -301,7 +306,7 @@ $$ \TACTIC{ a = b }{ \bigwedge a.f_i = b.f_i } $$
The user select a hypothesis (typically, a negation) and swap it with the goal.
$$ \TACTIC{\Delta,H\models\,G}{\Delta,\neg G\models\,\neg H} $$
-\paragraph{Cut} Use Intermerdiate Hypothesis
+\paragraph{Cut} Use Intermediate Hypothesis
The user introduce a new clause $C$ with the composer to prove the goal. There two variants of the tactic, made available by a menu in the tactic panel.
The \textsf{Modus-Ponens} variant where the clause $C$ is used as an intermediate proof step:
@@ -322,10 +327,16 @@ $$\TACTIC{\Delta\models\,G}{%
\paragraph{Definition} Unfold predicate and logic function definition\\
The user simply select a term $f(e_1,\ldots,e_n)$ or a predicate $P(e_1,\ldots,e_n)$ which is replaced by its definition, when available.
-\paragraph{Filter} Erase Hypotheses \\
-The tactic is always applicable. It removes hypotheses from the goal on a variable used basis. When variables are compounds (record and arrays) a finer heuristics is used to detect which parts of the variable is relevant. A transitive closure of dependencies is also used. However, it is always possible that too many hypotheses are removed.
+\paragraph{Filter} Dependent Erasure of Hypotheses \\
+The tactic is always applicable. It removes hypotheses from the goal on a
+variable used basis. When variables are compounds (record and arrays) a finer
+heuristic is used to detect which parts of the variable is relevant. A
+transitive closure of dependencies is also used. However, it is always
+possible that too many hypotheses are removed.
-The tactic also have a variant where only hypotheses \emph{not relevant} to the goal are retained. This is useful to find absurd hypotheses that are completely disjoint from the goal.
+The tactic also have a variant where only hypotheses \emph{not relevant} to the
+goal are retained. This is useful to find absurd hypotheses that are completely
+disjoint from the goal.
\paragraph{Instance} Instantiate properties\\
The user selects a hypothesis with one or several $\forall$ quantifiers, or an $\exists$ quantified goal. Then, with the composer, the use choose to instantiate one or several of the quantified parameters. In case of $\forall$ quantifier over integer, a range of values can be instantiated instead.
diff --git a/src/plugins/wp/mcfg.mli b/src/plugins/wp/mcfg.mli
index 3ecd5a5f9a2ae8fe6549d4ba40fd9eaec575d988..3afad69feed2e4d4e6fcd96525a437f27dfd6306 100644
--- a/src/plugins/wp/mcfg.mli
+++ b/src/plugins/wp/mcfg.mli
@@ -65,7 +65,8 @@ module type S = sig
val new_env : ?lvars:Cil_types.logic_var list -> kernel_function -> t_env
val add_axiom : WpPropId.prop_id -> LogicUsage.logic_lemma -> unit
- val add_hyp : t_env -> WpPropId.pred_info -> t_prop -> t_prop
+ val add_hyp :
+ ?for_pid:WpPropId.prop_id -> t_env -> WpPropId.pred_info -> t_prop -> t_prop
val add_goal : t_env -> WpPropId.pred_info -> t_prop -> t_prop
val add_subgoal : t_env -> WpPropId.pred_info -> ?deps:Property.Set.t ->
predicate -> stmt -> WpPropId.effect_source -> t_prop -> t_prop
diff --git a/src/plugins/wp/tests/test_config b/src/plugins/wp/tests/test_config
index 122bc50aadc0af5e1a21b2b2baf4703d6955ef59..da153c620d01ac5748f1fb26e4d9998e24888f3a 100644
--- a/src/plugins/wp/tests/test_config
+++ b/src/plugins/wp/tests/test_config
@@ -1,3 +1,3 @@
PLUGIN: wp
-CMD: @frama-c@ -wp -wp-prover none -wp-print -wp-share ./share -wp-msg-key shell -wp-warn-key "pedantic-assigns=inactive"
+CMD: @frama-c@ -wp -wp-prover none -wp-print -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-warn-key "pedantic-assigns=inactive"
OPT:
diff --git a/src/plugins/wp/tests/test_config_qualif b/src/plugins/wp/tests/test_config_qualif
index f0225eb3f9a0c31d90b77761394778c3a2268793..e92f71e312cedfa7a4d3d316991f7904c32d185d 100644
--- a/src/plugins/wp/tests/test_config_qualif
+++ b/src/plugins/wp/tests/test_config_qualif
@@ -1,3 +1,3 @@
PLUGIN: wp
-CMD: @frama-c@ -wp -wp-par 1 -wp-share ./share -wp-msg-key shell -wp-warn-key pedantic-assigns=inactive -wp-report tests/qualif.report -wp-session @PTEST_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@ -wp-coq-timeout 120
+CMD: @frama-c@ -wp -wp-par 1 -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-warn-key pedantic-assigns=inactive -wp-report @PTEST_SUITE_DIR@/../qualif.report -wp-session @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@ -wp-coq-timeout 120
OPT:
diff --git a/src/plugins/wp/tests/why3/test_config_qualif b/src/plugins/wp/tests/why3/test_config_qualif
index 48852719d4ee76c5006f7ed9ac20a998041f34f0..40a46bc821a47c59715d800508aabd855a13f2e1 100644
--- a/src/plugins/wp/tests/why3/test_config_qualif
+++ b/src/plugins/wp/tests/why3/test_config_qualif
@@ -1,4 +1,5 @@
FILEREG: .*\.why
-CMD: why3 -L ./share/why3 prove -P alt-ergo
+CMD: why3 -L @PTEST_SHARE_DIR@/why3 prove -P alt-ergo
OPT:
+COMMENT: the filter remove the information about time and steps
FILTER: sed -e 's|\(.*\)\( (.*)\)|\1|'
diff --git a/src/plugins/wp/tests/wp/cfg_loop_deps.i b/src/plugins/wp/tests/wp/cfg_loop_deps.i
new file mode 100644
index 0000000000000000000000000000000000000000..537e37e06e6d4fc08b01e368e69f20c03fd01fe0
--- /dev/null
+++ b/src/plugins/wp/tests/wp/cfg_loop_deps.i
@@ -0,0 +1,26 @@
+/* run.config_qualif
+ DONTRUN:
+*/
+
+/*@ axiomatic Ax {
+ predicate P(integer i);
+ predicate Q(integer i);
+ predicate R(integer i);
+ predicate S(integer i);
+ predicate W(integer i);
+ }
+*/
+
+int x ;
+
+void function(void){
+ int i = 0;
+ /*@ loop invariant Inv_P : P(i) ;
+ @ check loop invariant Check_Q: Q(i);
+ @ admit loop invariant Admit_R: R(i);
+ @ loop invariant Inv_S : S(i);
+ @ loop assigns i ; */
+ while(i < 10) i++ ;
+
+ //@ check W(i);
+}
diff --git a/src/plugins/wp/tests/wp/oracle/cfg_loop_deps.res.oracle b/src/plugins/wp/tests/wp/oracle/cfg_loop_deps.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..eaea88097a769e4b15c6e6f1d7153f52f137b0c9
--- /dev/null
+++ b/src/plugins/wp/tests/wp/oracle/cfg_loop_deps.res.oracle
@@ -0,0 +1,135 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp/cfg_loop_deps.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function function
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'Check_Q' (file tests/wp/cfg_loop_deps.i, line 19):
+Let x = 1 + i.
+Assume {
+ Type: is_sint32(i) /\ is_sint32(x).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(0).
+ (* Invariant 'Check_Q' *)
+ Have: P_Q(0).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(0).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(0).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(i).
+ (* Invariant 'Check_Q' *)
+ Have: P_Q(i).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(i).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(i).
+ (* Then *)
+ Have: i <= 9.
+ (* Invariant 'Inv_P' *)
+ Have: P_P(x).
+}
+Prove: P_Q(x).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'Check_Q' (file tests/wp/cfg_loop_deps.i, line 19):
+Assume { (* Invariant 'Inv_P' *) Have: P_P(0). }
+Prove: P_Q(0).
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'Inv_P' (file tests/wp/cfg_loop_deps.i, line 18):
+Let x = 1 + i.
+Assume {
+ Type: is_sint32(i) /\ is_sint32(x).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(0).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(0).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(0).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(i).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(i).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(i).
+ (* Then *)
+ Have: i <= 9.
+}
+Prove: P_P(x).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'Inv_P' (file tests/wp/cfg_loop_deps.i, line 18):
+Prove: P_P(0).
+
+------------------------------------------------------------
+
+Goal Preservation of Invariant 'Inv_S' (file tests/wp/cfg_loop_deps.i, line 21):
+Let x = 1 + i.
+Assume {
+ Type: is_sint32(i) /\ is_sint32(x).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(0).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(0).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(0).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(i).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(i).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(i).
+ (* Then *)
+ Have: i <= 9.
+ (* Invariant 'Inv_P' *)
+ Have: P_P(x).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(x).
+}
+Prove: P_S(x).
+
+------------------------------------------------------------
+
+Goal Establishment of Invariant 'Inv_S' (file tests/wp/cfg_loop_deps.i, line 21):
+Assume {
+ (* Invariant 'Inv_P' *)
+ Have: P_P(0).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(0).
+}
+Prove: P_S(0).
+
+------------------------------------------------------------
+
+Goal Check (file tests/wp/cfg_loop_deps.i, line 25):
+Assume {
+ Type: is_sint32(i).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(0).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(0).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(0).
+ (* Invariant 'Inv_P' *)
+ Have: P_P(i).
+ (* Invariant 'Admit_R' *)
+ Have: P_R(i).
+ (* Invariant 'Inv_S' *)
+ Have: P_S(i).
+ (* Else *)
+ Have: 10 <= i.
+}
+Prove: P_W(i).
+
+------------------------------------------------------------
+
+Goal Loop assigns (file tests/wp/cfg_loop_deps.i, line 22):
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memtyped.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memtyped.res.oracle
index 0b80f09a455e7c134e68840a4d7978c549798dce..5df442f16465ad9fdeec361d5332edca31bb4662 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memtyped.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memtyped.res.oracle
@@ -178,23 +178,7 @@ Prove: true.
Goal Loop assigns 'CHECK' (3/3):
Effect at line 139
-Assume {
- Type: is_sint32(i_1) /\ is_sint32(i).
- (* Heap *)
- Type: (region(G_glob_82) <= 0) /\ (region(pg_0.base) <= 0) /\
- linked(Malloc_0).
- (* Goal *)
- When: !invalid(Malloc_0, shift_sint32(shiftfield_F1_S_a(pg_0), i), 1).
- (* Invariant 'CHECK' *)
- Have: (0 <= i_1) /\ (i_1 <= 10).
- (* Else *)
- Have: 10 <= i_1.
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
- (* Then *)
- Have: i <= 9.
-}
-Prove: (-1) <= i.
+Prove: true.
------------------------------------------------------------
------------------------------------------------------------
@@ -242,22 +226,7 @@ Prove: true.
Goal Loop assigns 'CHECK' (3/3):
Effect at line 115
-Assume {
- Type: is_sint32(i_1) /\ is_sint32(i).
- (* Heap *)
- Type: (region(s.base) <= 0) /\ linked(Malloc_0).
- (* Goal *)
- When: !invalid(Malloc_0, shift_sint32(shiftfield_F1_S_a(s), i), 1).
- (* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= 10).
- (* Else *)
- Have: 10 <= i_1.
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
- (* Then *)
- Have: i <= 9.
-}
-Prove: (-1) <= i.
+Prove: true.
------------------------------------------------------------
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memvar.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memvar.res.oracle
index 4de0de53912a6e0648a9b3c96317d751d6de734d..1a36e609928f6a30e364d1ed25e3b2c652edf8fd 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memvar.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/assigned_initialized_memvar.res.oracle
@@ -71,6 +71,8 @@ Assume {
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) -> (v[i_2]=true)))))).
(* Else *)
Have: 10 <= i.
+ (* Invariant 'CHECK' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 9) -> (v[i_2]=true))).
(* Loop assigns 'CHECK' *)
Have: ((s.F1_S_i) = 0) /\
(forall i_2 : Z. ((i_2 != 0) -> ((i_2 != 2) -> ((i_2 != 4) ->
@@ -153,12 +155,21 @@ Assume {
(forall i_5 : Z. ((0 <= i_5) -> ((i_5 < i_2) -> (v[i_5]=true)))))).
(* Else *)
Have: 10 <= i_2.
+ (* Invariant 'CHECK' *)
+ Have: forall i_5 : Z. ((0 <= i_5) -> ((i_5 <= 9) -> (v[i_5]=true))).
(* Loop assigns 'CHECK' *)
Have: ((s.F1_S_i) = 0) /\
(forall i_5 : Z. ((i_5 != 0) -> ((i_5 != 2) -> ((i_5 != 4) ->
((0 <= i_5) -> ((i_5 <= 9) -> ((s.F1_S_a)[i_5] = v_1[i_5]))))))).
(* Then *)
Have: i_3 <= 9.
+ If i_3 = 0
+ Else {
+ Have: s = s_1.
+ If i_3 = 2
+ Then { Have: s_1 = s_2. }
+ Else { Have: s_1 = s_3. }
+ }
}
Prove: ((i != 0) /\ (i != 2) /\ (i != 4)) \/
(exists i_5 : Z. (i_5 <= i_1) /\ (i_1 <= i_5) /\
@@ -304,6 +315,8 @@ Assume {
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) -> (v[i_2]=true)))))).
(* Else *)
Have: 10 <= i_1.
+ (* Invariant 'CHECK' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 9) -> (v[i_2]=true))).
(* Loop assigns 'CHECK' *)
Have: ((s.F1_S_i) = 0) /\
(forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 9) ->
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
index c9a28cfb2ae210a0e5e3161fef820e7c1f8ff088..aeadb33fdec257c54d7d16ee7da53541f3edca10 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/assigns_path.res.oracle
@@ -19,12 +19,14 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i < n).
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (Mint_0[shift_sint32(b, i_2)] = v[i_2]))).
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i_1) /\ (i_1 <= n).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
+ (Mint_0[shift_sint32(b, i_2)] = v[i_2]))).
(* Else *)
Have: n <= i_1.
}
@@ -38,12 +40,14 @@ Assume {
(* Heap *)
Type: region(b.base) <= 0.
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (Mint_0[shift_sint32(b, i_1)] = v[i_1]))).
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (Mint_0[shift_sint32(b, i_1)] = v[i_1]))).
(* Then *)
Have: i < n.
}
@@ -64,14 +68,18 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (Mint_0[shift_sint32(b, i_2)] = v[i_2]))).
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (Mint_0[shift_sint32(b, i_2)] = v[i_2]))).
(* Then *)
Have: i < n.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: v[i <- Mint_0[shift_sint32(b, i)]][i_1] = Mint_0[shift_sint32(b, i_1)].
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
index 0c033d5c37fae577aebb1c8b28c0890fd146820a..5fd1352b896d217838ce2c61aeb0cc57101a7141 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
@@ -10,6 +10,7 @@ Goal Post-condition 'P,todo' in 'f':
Let a_1 = shift_sint32(t, a).
Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let x_1 = 1 + b.
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
@@ -18,11 +19,13 @@ Assume {
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_1.
+ (* Invariant 'Index' *)
+ Have: (a <= i) /\ (i <= x_1).
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < a_2[shift_sint32(t, i_1)]))).
- (* Invariant 'Index' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Else *)
Have: b < i.
}
@@ -34,6 +37,7 @@ Goal Post-condition 'Q' in 'f':
Let a_1 = shift_sint32(t, a).
Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let x_1 = 1 + b.
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
@@ -42,11 +46,13 @@ Assume {
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_1.
+ (* Invariant 'Index' *)
+ Have: (a <= i) /\ (i <= x_1).
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < a_2[shift_sint32(t, i_1)]))).
- (* Invariant 'Index' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Else *)
Have: b < i.
}
@@ -57,24 +63,27 @@ Prove: P_Q(Malloc_0, a_2, t, a, b).
Goal Preservation of Invariant 'Index' (file tests/wp_acsl/axioms.i, line 30):
Let a_1 = shift_sint32(t, a).
Let x = -a.
-Let x_1 = 1 + i.
+Let x_1 = 1 + b.
+Let x_2 = 1 + i.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_2).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_1.
+ (* Invariant 'Index' *)
+ Have: (a <= i) /\ (i <= x_1).
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)]))).
- (* Invariant 'Index' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Then *)
Have: i <= b.
}
-Prove: a <= x_1.
+Prove: a <= x_2.
------------------------------------------------------------
@@ -93,11 +102,13 @@ Prove: a <= (1 + b).
------------------------------------------------------------
Goal Preservation of Invariant 'Positive' (file tests/wp_acsl/axioms.i, line 31):
+Let x = 1 + i.
Let a_1 = shift_sint32(t, a).
-Let x = -a.
+Let x_1 = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let x_2 = 1 + b.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
@@ -106,13 +117,17 @@ Assume {
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_2.
+ (* Invariant 'Index' *)
+ Have: (a <= i) /\ (i <= x_2).
(* Invariant 'Positive' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(0 < a_2[shift_sint32(t, i_2)]))).
- (* Invariant 'Index' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Then *)
Have: i <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x.
}
Prove: 0 < a_2[shift_sint32(t, i) <- 1][shift_sint32(t, i_1)].
@@ -138,33 +153,44 @@ Goal Loop assigns (file tests/wp_acsl/axioms.i, line 32) (3/3):
Effect at line 34
Let a_1 = shift_sint32(t, a).
Let x = -a.
-Let a_2 = shift_sint32(t, i).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let a_3 = shift_sint32(t, i).
+Let x_1 = 1 + i.
+Let x_2 = 1 + b.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: !invalid(Malloc_0, a_2, 1).
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_2.
+ (* Invariant 'Index' *)
+ Have: (a <= i) /\ (i <= x_2).
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
- (0 < havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)]))).
- (* Invariant 'Index' *)
- Have: (a <= i) /\ (i <= (1 + b)).
+ (0 < a_2[shift_sint32(t, i_1)]))).
(* Then *)
Have: i <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x_1.
+ (* Invariant 'Positive' *)
+ Have: forall i_1 : Z. ((i_1 <= i) -> ((a <= i_1) ->
+ (0 < a_2[a_3 <- 1][shift_sint32(t, i_1)]))).
}
-Prove: included(a_2, 1, a_1, 1 + i - a).
+Prove: included(a_3, 1, a_1, 1 + i - a).
------------------------------------------------------------
Goal Assigns 'todo' in 'f':
Effect at line 34
+Let x = 1 + b.
Let a_1 = shift_sint32(t, a).
-Let x = -a.
+Let x_1 = -a.
Assume {
Have: a < i.
Have: !invalid(Malloc_0, a_1, i - a).
@@ -175,7 +201,9 @@ Assume {
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'Index' *)
+ Have: a <= x.
}
-Prove: i <= (1 + b).
+Prove: i <= x.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/chunk_typing.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/chunk_typing.res.oracle
index 9455596589a8251499921bc9d809de03f2277ff9..4a107de7f65b85f4e0234c466cff9d0d699d5508 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/chunk_typing.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/chunk_typing.res.oracle
@@ -7,38 +7,38 @@
------------------------------------------------------------
Goal Post-condition (file tests/wp_acsl/chunk_typing.i, line 15) in 'function':
-Let a = shift_sint8(i8_0, 0).
-Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, 10).
-Let a_2 = shift_uint8(u8_0, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, 10).
-Let a_4 = shift_sint16(i16_0, 0).
-Let a_5 = havoc(Mint_undef_1, Mint_1, a_4, 10).
-Let a_6 = shift_uint16(u16_0, 0).
-Let a_7 = havoc(Mint_undef_2, Mint_2, a_6, 10).
-Let a_8 = shift_sint32(i32_0, 0).
-Let a_9 = havoc(Mint_undef_3, Mint_3, a_8, 10).
-Let a_10 = shift_uint32(u32_0, 0).
-Let a_11 = havoc(Mint_undef_4, Mint_4, a_10, 10).
-Let a_12 = shift_sint64(i64_0, 0).
-Let a_13 = havoc(Mint_undef_5, Mint_5, a_12, 10).
-Let a_14 = shift_uint64(u64_0, 0).
-Let a_15 = havoc(Mint_undef_6, Mint_6, a_14, 10).
-Let a_16 = a_1[shift_sint8(i8_0, i)].
-Let a_17 = a_3[shift_uint8(u8_0, i)].
-Let a_18 = a_5[shift_sint16(i16_0, i)].
-Let a_19 = a_7[shift_uint16(u16_0, i)].
-Let a_20 = a_9[shift_sint32(i32_0, i)].
-Let a_21 = a_11[shift_uint32(u32_0, i)].
-Let a_22 = a_13[shift_sint64(i64_0, i)].
+Let a = shift_uint64(u64_0, 0).
+Let a_1 = havoc(Mint_undef_6, Mint_6, a, 10).
+Let a_2 = shift_sint64(i64_0, 0).
+Let a_3 = havoc(Mint_undef_5, Mint_5, a_2, 10).
+Let a_4 = shift_uint32(u32_0, 0).
+Let a_5 = havoc(Mint_undef_4, Mint_4, a_4, 10).
+Let a_6 = shift_sint32(i32_0, 0).
+Let a_7 = havoc(Mint_undef_3, Mint_3, a_6, 10).
+Let a_8 = shift_uint16(u16_0, 0).
+Let a_9 = havoc(Mint_undef_2, Mint_2, a_8, 10).
+Let a_10 = shift_sint16(i16_0, 0).
+Let a_11 = havoc(Mint_undef_1, Mint_1, a_10, 10).
+Let a_12 = shift_uint8(u8_0, 0).
+Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
+Let a_14 = shift_sint8(i8_0, 0).
+Let a_15 = havoc(Mchar_undef_0, Mchar_0, a_14, 10).
+Let a_16 = a_15[shift_sint8(i8_0, i)].
+Let a_17 = a_13[shift_uint8(u8_0, i)].
+Let a_18 = a_11[shift_sint16(i16_0, i)].
+Let a_19 = a_9[shift_uint16(u16_0, i)].
+Let a_20 = a_7[shift_sint32(i32_0, i)].
+Let a_21 = a_5[shift_uint32(u32_0, i)].
+Let a_22 = a_3[shift_sint64(i64_0, i)].
Assume {
Type: IsArray_sint8(x) /\ is_sint16_chunk(Mint_1) /\
is_sint32_chunk(Mint_3) /\ is_sint64_chunk(Mint_5) /\
is_sint8_chunk(Mchar_0) /\ is_uint16_chunk(Mint_2) /\
is_uint32_chunk(Mint_4) /\ is_uint64_chunk(Mint_6) /\
- is_uint8_chunk(Mint_0) /\ is_sint32(i_1) /\ is_sint16_chunk(a_5) /\
- is_sint32_chunk(a_9) /\ is_sint64_chunk(a_13) /\ is_sint8_chunk(a_1) /\
- is_uint16_chunk(a_7) /\ is_uint32_chunk(a_11) /\
- is_uint64_chunk(a_15) /\ is_uint8_chunk(a_3).
+ is_uint8_chunk(Mint_0) /\ is_sint32(i_1) /\ is_sint16_chunk(a_11) /\
+ is_sint32_chunk(a_7) /\ is_sint64_chunk(a_3) /\ is_sint8_chunk(a_15) /\
+ is_uint16_chunk(a_9) /\ is_uint32_chunk(a_5) /\ is_uint64_chunk(a_1) /\
+ is_uint8_chunk(a_13).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -50,42 +50,42 @@ Assume {
(* Initializer *)
Init: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 9) -> (x[i_2] = 0))).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a, 10) /\
- valid_rw(Malloc_0, a_6, 10) /\ valid_rw(Malloc_0, a_10, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_2, 10).
+ Have: valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_6, 10) /\
+ valid_rw(Malloc_0, a_2, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
+ valid_rw(Malloc_0, a, 10) /\ valid_rw(Malloc_0, a_12, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_15[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i_1) /\ (i_1 <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_13[shift_sint64(i64_0, i_2)] = 7))).
+ (a_15[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_11[shift_uint32(u32_0, i_2)] = 6))).
+ (a_13[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_9[shift_sint32(i32_0, i_2)] = 5))).
+ (a_11[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_7[shift_uint16(u16_0, i_2)] = 4))).
+ (a_9[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_5[shift_sint16(i16_0, i_2)] = 3))).
+ (a_7[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_3[shift_uint8(u8_0, i_2)] = 2))).
+ (a_5[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_1[shift_sint8(i8_0, i_2)] = 1))).
+ (a_3[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
+ (a_1[shift_uint64(u64_0, i_2)] = 8))).
(* Else *)
Have: 10 <= i_1.
}
Prove: (a_16 = (1 + x[i])) /\ (a_17 = (1 + a_16)) /\ (a_18 = (1 + a_17)) /\
(a_19 = (1 + a_18)) /\ (a_20 = (1 + a_19)) /\ (a_21 = (1 + a_20)) /\
- (a_22 = (1 + a_21)) /\ (a_15[shift_uint64(u64_0, i)] = (1 + a_22)).
+ (a_22 = (1 + a_21)) /\ (a_1[shift_uint64(u64_0, i)] = (1 + a_22)).
------------------------------------------------------------
@@ -98,35 +98,35 @@ Let a_4 = shift_uint16(u16_0, i).
Let a_5 = shift_sint16(i16_0, i).
Let a_6 = shift_uint8(u8_0, i).
Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_1, Mint_1, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_2, Mint_2, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
+Let a_8 = shift_uint64(u64_0, 0).
+Let a_9 = havoc(Mint_undef_5, Mint_5, a_8, 10).
+Let a_10 = shift_sint64(i64_0, 0).
+Let a_11 = havoc(Mint_undef_2, Mint_2, a_10, 10).
+Let a_12 = shift_uint32(u32_0, 0).
+Let a_13 = havoc(Mint_undef_4, Mint_4, a_12, 10).
+Let a_14 = shift_sint32(i32_0, 0).
+Let a_15 = havoc(Mint_undef_1, Mint_1, a_14, 10).
+Let a_16 = shift_uint16(u16_0, 0).
+Let a_17 = havoc(Mint_undef_3, Mint_3, a_16, 10).
+Let a_18 = shift_sint16(i16_0, 0).
+Let a_19 = havoc(Mint_undef_0, Mint_0, a_18, 10).
+Let a_20 = shift_uint8(u8_0, 0).
+Let a_21 = havoc(Mint_undef_6, Mint_6, a_20, 10).
+Let a_22 = shift_sint8(i8_0, 0).
+Let a_23 = havoc(Mchar_undef_0, Mchar_0, a_22, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_19) /\ is_sint32_chunk(a_15) /\
+ is_sint64_chunk(a_11) /\ is_sint8_chunk(a_23) /\
+ is_uint16_chunk(a_17) /\ is_uint32_chunk(a_13) /\
+ is_uint64_chunk(a_9) /\ is_uint8_chunk(a_21) /\
+ is_sint16_chunk(a_19[a_5 <- 3]) /\ is_sint32_chunk(a_15[a_3 <- 5]) /\
+ is_sint64_chunk(a_11[a_1 <- 7]) /\ is_sint8_chunk(a_23[a_7 <- 1]) /\
+ is_uint16_chunk(a_17[a_4 <- 4]) /\ is_uint32_chunk(a_13[a_2 <- 6]) /\
+ is_uint64_chunk(a_9[a <- 8]) /\ is_uint8_chunk(a_21[a_6 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -134,36 +134,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_18, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
+ valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_22, 10) /\
+ valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_20, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_23[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_21[shift_sint64(i64_0, i_1)] = 7))).
+ (a_23[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_19[shift_uint32(u32_0, i_1)] = 6))).
+ (a_21[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_17[shift_sint32(i32_0, i_1)] = 5))).
+ (a_19[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_uint16(u16_0, i_1)] = 4))).
+ (a_17[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_sint16(i16_0, i_1)] = 3))).
+ (a_15[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_uint8(u8_0, i_1)] = 2))).
+ (a_13[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_sint8(i8_0, i_1)] = 1))).
+ (a_11[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_9[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -203,36 +203,36 @@ Let a_4 = shift_uint16(u16_0, i).
Let a_5 = shift_sint16(i16_0, i).
Let a_6 = shift_uint8(u8_0, i).
Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_1, Mint_1, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_2, Mint_2, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_9[a_7 <- 1].
+Let a_8 = shift_uint64(u64_0, 0).
+Let a_9 = havoc(Mint_undef_5, Mint_5, a_8, 10).
+Let a_10 = shift_sint64(i64_0, 0).
+Let a_11 = havoc(Mint_undef_2, Mint_2, a_10, 10).
+Let a_12 = shift_uint32(u32_0, 0).
+Let a_13 = havoc(Mint_undef_4, Mint_4, a_12, 10).
+Let a_14 = shift_sint32(i32_0, 0).
+Let a_15 = havoc(Mint_undef_1, Mint_1, a_14, 10).
+Let a_16 = shift_uint16(u16_0, 0).
+Let a_17 = havoc(Mint_undef_3, Mint_3, a_16, 10).
+Let a_18 = shift_sint16(i16_0, 0).
+Let a_19 = havoc(Mint_undef_0, Mint_0, a_18, 10).
+Let a_20 = shift_uint8(u8_0, 0).
+Let a_21 = havoc(Mint_undef_6, Mint_6, a_20, 10).
+Let a_22 = shift_sint8(i8_0, 0).
+Let a_23 = havoc(Mchar_undef_0, Mchar_0, a_22, 10).
+Let a_24 = a_23[a_7 <- 1].
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_24) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_19) /\ is_sint32_chunk(a_15) /\
+ is_sint64_chunk(a_11) /\ is_sint8_chunk(a_23) /\
+ is_uint16_chunk(a_17) /\ is_uint32_chunk(a_13) /\
+ is_uint64_chunk(a_9) /\ is_uint8_chunk(a_21) /\
+ is_sint16_chunk(a_19[a_5 <- 3]) /\ is_sint32_chunk(a_15[a_3 <- 5]) /\
+ is_sint64_chunk(a_11[a_1 <- 7]) /\ is_sint8_chunk(a_24) /\
+ is_uint16_chunk(a_17[a_4 <- 4]) /\ is_uint32_chunk(a_13[a_2 <- 6]) /\
+ is_uint64_chunk(a_9[a <- 8]) /\ is_uint8_chunk(a_21[a_6 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -240,38 +240,38 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_18, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
+ valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_22, 10) /\
+ valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_20, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_23[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_21[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_19[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_17[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_15[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_13[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_11[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_9[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -292,6 +292,8 @@ Assume {
Have: valid_rw(Malloc_0, a, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: a_24[shift_sint8(i8_0, i_1)] = 1.
@@ -303,44 +305,45 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 33):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_0, Mint_0, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_4, Mint_4, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_5, Mint_5, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_3, Mint_3, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_6, Mint_6, a_22, 10).
-Let a_24 = a_11[a_6 <- 2].
+Let a = shift_sint8(i8_0, 0).
+Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, 10).
+Let a_2 = shift_sint8(i8_0, i).
+Let a_3 = a_1[a_2 <- 1].
+Let a_4 = shift_uint64(u64_0, i).
+Let a_5 = shift_sint64(i64_0, i).
+Let a_6 = shift_uint32(u32_0, i).
+Let a_7 = shift_sint32(i32_0, i).
+Let a_8 = shift_uint16(u16_0, i).
+Let a_9 = shift_sint16(i16_0, i).
+Let a_10 = shift_uint8(u8_0, i).
+Let a_11 = shift_uint64(u64_0, 0).
+Let a_12 = havoc(Mint_undef_6, Mint_6, a_11, 10).
+Let a_13 = shift_sint64(i64_0, 0).
+Let a_14 = havoc(Mint_undef_3, Mint_3, a_13, 10).
+Let a_15 = shift_uint32(u32_0, 0).
+Let a_16 = havoc(Mint_undef_5, Mint_5, a_15, 10).
+Let a_17 = shift_sint32(i32_0, 0).
+Let a_18 = havoc(Mint_undef_2, Mint_2, a_17, 10).
+Let a_19 = shift_uint16(u16_0, 0).
+Let a_20 = havoc(Mint_undef_4, Mint_4, a_19, 10).
+Let a_21 = shift_sint16(i16_0, 0).
+Let a_22 = havoc(Mint_undef_1, Mint_1, a_21, 10).
+Let a_23 = shift_uint8(u8_0, 0).
+Let a_24 = havoc(Mint_undef_0, Mint_0, a_23, 10).
+Let a_25 = a_24[a_10 <- 2].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_2) /\
is_sint64_chunk(Mint_3) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_4) /\ is_uint32_chunk(Mint_5) /\
is_uint64_chunk(Mint_6) /\ is_uint8_chunk(Mint_0) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_24).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_22) /\ is_sint32_chunk(a_18) /\
+ is_sint64_chunk(a_14) /\ is_sint8_chunk(a_1) /\
+ is_uint16_chunk(a_20) /\ is_uint32_chunk(a_16) /\
+ is_uint64_chunk(a_12) /\ is_uint8_chunk(a_24) /\
+ is_sint16_chunk(a_22[a_9 <- 3]) /\ is_sint32_chunk(a_18[a_7 <- 5]) /\
+ is_sint64_chunk(a_14[a_5 <- 7]) /\ is_sint8_chunk(a_3) /\
+ is_uint16_chunk(a_20[a_8 <- 4]) /\ is_uint32_chunk(a_16[a_6 <- 6]) /\
+ is_uint64_chunk(a_12[a_4 <- 8]) /\ is_uint8_chunk(a_25).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -348,60 +351,65 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_21, 10) /\ valid_rw(Malloc_0, a_17, 10) /\
+ valid_rw(Malloc_0, a_13, 10) /\ valid_rw(Malloc_0, a, 10) /\
+ valid_rw(Malloc_0, a_19, 10) /\ valid_rw(Malloc_0, a_15, 10) /\
+ valid_rw(Malloc_0, a_11, 10) /\ valid_rw(Malloc_0, a_23, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_1[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_24[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_22[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_20[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_18[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_16[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_14[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_12[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_6, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_9, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_8, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_7, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_2, 1).
+ Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_5, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_4, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_sint8(i8_0, i_2)] = 1))).
}
-Prove: a_24[shift_uint8(u8_0, i_1)] = 2.
+Prove: a_25[shift_uint8(u8_0, i_1)] = 2.
------------------------------------------------------------
@@ -411,44 +419,46 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 34):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_1, Mint_1, a_16, 10).
+Let a = shift_uint8(u8_0, 0).
+Let a_1 = havoc(Mint_undef_6, Mint_6, a, 10).
+Let a_2 = shift_uint8(u8_0, i).
+Let a_3 = a_1[a_2 <- 2].
+Let a_4 = shift_sint8(i8_0, 0).
+Let a_5 = havoc(Mchar_undef_0, Mchar_0, a_4, 10).
+Let a_6 = shift_sint8(i8_0, i).
+Let a_7 = a_5[a_6 <- 1].
+Let a_8 = shift_uint64(u64_0, i).
+Let a_9 = shift_sint64(i64_0, i).
+Let a_10 = shift_uint32(u32_0, i).
+Let a_11 = shift_sint32(i32_0, i).
+Let a_12 = shift_uint16(u16_0, i).
+Let a_13 = shift_sint16(i16_0, i).
+Let a_14 = shift_uint64(u64_0, 0).
+Let a_15 = havoc(Mint_undef_5, Mint_5, a_14, 10).
+Let a_16 = shift_sint64(i64_0, 0).
+Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
Let a_18 = shift_uint32(u32_0, 0).
Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_2, Mint_2, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_13[a_5 <- 3].
+Let a_20 = shift_sint32(i32_0, 0).
+Let a_21 = havoc(Mint_undef_1, Mint_1, a_20, 10).
+Let a_22 = shift_uint16(u16_0, 0).
+Let a_23 = havoc(Mint_undef_3, Mint_3, a_22, 10).
+Let a_24 = shift_sint16(i16_0, 0).
+Let a_25 = havoc(Mint_undef_0, Mint_0, a_24, 10).
+Let a_26 = a_25[a_13 <- 3].
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_24) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_25) /\ is_sint32_chunk(a_21) /\
+ is_sint64_chunk(a_17) /\ is_sint8_chunk(a_5) /\
+ is_uint16_chunk(a_23) /\ is_uint32_chunk(a_19) /\
+ is_uint64_chunk(a_15) /\ is_uint8_chunk(a_1) /\
+ is_sint16_chunk(a_26) /\ is_sint32_chunk(a_21[a_11 <- 5]) /\
+ is_sint64_chunk(a_17[a_9 <- 7]) /\ is_sint8_chunk(a_7) /\
+ is_uint16_chunk(a_23[a_12 <- 4]) /\ is_uint32_chunk(a_19[a_10 <- 6]) /\
+ is_uint64_chunk(a_15[a_8 <- 8]) /\ is_uint8_chunk(a_3).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -456,60 +466,68 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_24, 10) /\ valid_rw(Malloc_0, a_20, 10) /\
+ valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
+ valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
+ valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_5[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_1[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_25[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_23[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_21[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_19[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_17[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_15[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
- (* Assertion 'rte,mem_access' *)
Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_13, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_12, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_2, 1).
+ Have: valid_rw(Malloc_0, a_11, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_9, 1).
+ (* Assertion 'rte,mem_access' *)
+ Have: valid_rw(Malloc_0, a_8, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_uint8(u8_0, i_2)] = 2))).
}
-Prove: a_24[shift_sint16(i16_0, i_1)] = 3.
+Prove: a_26[shift_sint16(i16_0, i_1)] = 3.
------------------------------------------------------------
@@ -519,44 +537,47 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 35):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
+Let a = shift_sint16(i16_0, 0).
+Let a_1 = havoc(Mint_undef_1, Mint_1, a, 10).
+Let a_2 = shift_sint16(i16_0, i).
+Let a_3 = a_1[a_2 <- 3].
+Let a_4 = shift_uint8(u8_0, 0).
+Let a_5 = havoc(Mint_undef_6, Mint_6, a_4, 10).
Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
+Let a_7 = a_5[a_6 <- 2].
Let a_8 = shift_sint8(i8_0, 0).
Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_0, Mint_0, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_3, Mint_3, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_15[a_4 <- 4].
+Let a_10 = shift_sint8(i8_0, i).
+Let a_11 = a_9[a_10 <- 1].
+Let a_12 = shift_uint64(u64_0, i).
+Let a_13 = shift_sint64(i64_0, i).
+Let a_14 = shift_uint32(u32_0, i).
+Let a_15 = shift_sint32(i32_0, i).
+Let a_16 = shift_uint16(u16_0, i).
+Let a_17 = shift_uint64(u64_0, 0).
+Let a_18 = havoc(Mint_undef_5, Mint_5, a_17, 10).
+Let a_19 = shift_sint64(i64_0, 0).
+Let a_20 = havoc(Mint_undef_3, Mint_3, a_19, 10).
+Let a_21 = shift_uint32(u32_0, 0).
+Let a_22 = havoc(Mint_undef_4, Mint_4, a_21, 10).
+Let a_23 = shift_sint32(i32_0, 0).
+Let a_24 = havoc(Mint_undef_2, Mint_2, a_23, 10).
+Let a_25 = shift_uint16(u16_0, 0).
+Let a_26 = havoc(Mint_undef_0, Mint_0, a_25, 10).
+Let a_27 = a_26[a_16 <- 4].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_2) /\
is_sint64_chunk(Mint_3) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_0) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_24) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_1) /\ is_sint32_chunk(a_24) /\
+ is_sint64_chunk(a_20) /\ is_sint8_chunk(a_9) /\
+ is_uint16_chunk(a_26) /\ is_uint32_chunk(a_22) /\
+ is_uint64_chunk(a_18) /\ is_uint8_chunk(a_5) /\ is_sint16_chunk(a_3) /\
+ is_sint32_chunk(a_24[a_15 <- 5]) /\ is_sint64_chunk(a_20[a_13 <- 7]) /\
+ is_sint8_chunk(a_11) /\ is_uint16_chunk(a_27) /\
+ is_uint32_chunk(a_22[a_14 <- 6]) /\ is_uint64_chunk(a_18[a_12 <- 8]) /\
+ is_uint8_chunk(a_7).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -564,60 +585,71 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a, 10) /\ valid_rw(Malloc_0, a_23, 10) /\
+ valid_rw(Malloc_0, a_19, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
+ valid_rw(Malloc_0, a_25, 10) /\ valid_rw(Malloc_0, a_21, 10) /\
+ valid_rw(Malloc_0, a_17, 10) /\ valid_rw(Malloc_0, a_4, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_9[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_5[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_1[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_26[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_24[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_22[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_20[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_18[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_16, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_15, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_2, 1).
+ Have: valid_rw(Malloc_0, a_14, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_13, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_12, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_11[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_uint8(u8_0, i_2)] = 2))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_sint16(i16_0, i_2)] = 3))).
}
-Prove: a_24[shift_uint16(u16_0, i_1)] = 4.
+Prove: a_27[shift_uint16(u16_0, i_1)] = 4.
------------------------------------------------------------
@@ -627,44 +659,48 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 36):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_0, Mint_0, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_2, Mint_2, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_17[a_3 <- 5].
+Let a = shift_uint16(u16_0, 0).
+Let a_1 = havoc(Mint_undef_3, Mint_3, a, 10).
+Let a_2 = shift_uint16(u16_0, i).
+Let a_3 = a_1[a_2 <- 4].
+Let a_4 = shift_sint16(i16_0, 0).
+Let a_5 = havoc(Mint_undef_1, Mint_1, a_4, 10).
+Let a_6 = shift_sint16(i16_0, i).
+Let a_7 = a_5[a_6 <- 3].
+Let a_8 = shift_uint8(u8_0, 0).
+Let a_9 = havoc(Mint_undef_6, Mint_6, a_8, 10).
+Let a_10 = shift_uint8(u8_0, i).
+Let a_11 = a_9[a_10 <- 2].
+Let a_12 = shift_sint8(i8_0, 0).
+Let a_13 = havoc(Mchar_undef_0, Mchar_0, a_12, 10).
+Let a_14 = shift_sint8(i8_0, i).
+Let a_15 = a_13[a_14 <- 1].
+Let a_16 = shift_uint64(u64_0, i).
+Let a_17 = shift_sint64(i64_0, i).
+Let a_18 = shift_uint32(u32_0, i).
+Let a_19 = shift_sint32(i32_0, i).
+Let a_20 = shift_uint64(u64_0, 0).
+Let a_21 = havoc(Mint_undef_5, Mint_5, a_20, 10).
+Let a_22 = shift_sint64(i64_0, 0).
+Let a_23 = havoc(Mint_undef_2, Mint_2, a_22, 10).
+Let a_24 = shift_uint32(u32_0, 0).
+Let a_25 = havoc(Mint_undef_4, Mint_4, a_24, 10).
+Let a_26 = shift_sint32(i32_0, 0).
+Let a_27 = havoc(Mint_undef_0, Mint_0, a_26, 10).
+Let a_28 = a_27[a_19 <- 5].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_0) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_24) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_5) /\ is_sint32_chunk(a_27) /\
+ is_sint64_chunk(a_23) /\ is_sint8_chunk(a_13) /\
+ is_uint16_chunk(a_1) /\ is_uint32_chunk(a_25) /\
+ is_uint64_chunk(a_21) /\ is_uint8_chunk(a_9) /\ is_sint16_chunk(a_7) /\
+ is_sint32_chunk(a_28) /\ is_sint64_chunk(a_23[a_17 <- 7]) /\
+ is_sint8_chunk(a_15) /\ is_uint16_chunk(a_3) /\
+ is_uint32_chunk(a_25[a_18 <- 6]) /\ is_uint64_chunk(a_21[a_16 <- 8]) /\
+ is_uint8_chunk(a_11).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -672,60 +708,74 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_26, 10) /\
+ valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
+ valid_rw(Malloc_0, a, 10) /\ valid_rw(Malloc_0, a_24, 10) /\
+ valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_13[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_9[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_5[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_1[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_27[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_25[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_23[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_21[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_14, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_6, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_19, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_2, 1).
+ Have: valid_rw(Malloc_0, a_18, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_17, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_16, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_15[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_sint16(i16_0, i_2)] = 3))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_uint16(u16_0, i_2)] = 4))).
}
-Prove: a_24[shift_sint32(i32_0, i_1)] = 5.
+Prove: a_28[shift_sint32(i32_0, i_1)] = 5.
------------------------------------------------------------
@@ -735,44 +785,49 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 37):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_4, Mint_4, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_0, Mint_0, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_3, Mint_3, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_19[a_2 <- 6].
+Let a = shift_sint32(i32_0, 0).
+Let a_1 = havoc(Mint_undef_2, Mint_2, a, 10).
+Let a_2 = shift_sint32(i32_0, i).
+Let a_3 = a_1[a_2 <- 5].
+Let a_4 = shift_uint16(u16_0, 0).
+Let a_5 = havoc(Mint_undef_4, Mint_4, a_4, 10).
+Let a_6 = shift_uint16(u16_0, i).
+Let a_7 = a_5[a_6 <- 4].
+Let a_8 = shift_sint16(i16_0, 0).
+Let a_9 = havoc(Mint_undef_1, Mint_1, a_8, 10).
+Let a_10 = shift_sint16(i16_0, i).
+Let a_11 = a_9[a_10 <- 3].
+Let a_12 = shift_uint8(u8_0, 0).
+Let a_13 = havoc(Mint_undef_6, Mint_6, a_12, 10).
+Let a_14 = shift_uint8(u8_0, i).
+Let a_15 = a_13[a_14 <- 2].
+Let a_16 = shift_sint8(i8_0, 0).
+Let a_17 = havoc(Mchar_undef_0, Mchar_0, a_16, 10).
+Let a_18 = shift_sint8(i8_0, i).
+Let a_19 = a_17[a_18 <- 1].
+Let a_20 = shift_uint64(u64_0, i).
+Let a_21 = shift_sint64(i64_0, i).
+Let a_22 = shift_uint32(u32_0, i).
+Let a_23 = shift_uint64(u64_0, 0).
+Let a_24 = havoc(Mint_undef_5, Mint_5, a_23, 10).
+Let a_25 = shift_sint64(i64_0, 0).
+Let a_26 = havoc(Mint_undef_3, Mint_3, a_25, 10).
+Let a_27 = shift_uint32(u32_0, 0).
+Let a_28 = havoc(Mint_undef_0, Mint_0, a_27, 10).
+Let a_29 = a_28[a_22 <- 6].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_2) /\
is_sint64_chunk(Mint_3) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_4) /\ is_uint32_chunk(Mint_0) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_24) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_9) /\ is_sint32_chunk(a_1) /\
+ is_sint64_chunk(a_26) /\ is_sint8_chunk(a_17) /\
+ is_uint16_chunk(a_5) /\ is_uint32_chunk(a_28) /\
+ is_uint64_chunk(a_24) /\ is_uint8_chunk(a_13) /\
+ is_sint16_chunk(a_11) /\ is_sint32_chunk(a_3) /\
+ is_sint64_chunk(a_26[a_21 <- 7]) /\ is_sint8_chunk(a_19) /\
+ is_uint16_chunk(a_7) /\ is_uint32_chunk(a_29) /\
+ is_uint64_chunk(a_24[a_20 <- 8]) /\ is_uint8_chunk(a_15).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -780,60 +835,77 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a, 10) /\
+ valid_rw(Malloc_0, a_25, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
+ valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_27, 10) /\
+ valid_rw(Malloc_0, a_23, 10) /\ valid_rw(Malloc_0, a_12, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_17[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_13[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_9[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_5[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_1[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_28[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_26[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_24[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_18, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_6, 1).
+ Have: valid_rw(Malloc_0, a_14, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
- (* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_22, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_21, 1).
+ (* Assertion 'rte,mem_access' *)
+ Have: valid_rw(Malloc_0, a_20, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_19[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_15[shift_uint8(u8_0, i_2)] = 2))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_11[shift_sint16(i16_0, i_2)] = 3))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_uint16(u16_0, i_2)] = 4))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_sint32(i32_0, i_2)] = 5))).
}
-Prove: a_24[shift_uint32(u32_0, i_1)] = 6.
+Prove: a_29[shift_uint32(u32_0, i_1)] = 6.
------------------------------------------------------------
@@ -843,44 +915,50 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 38):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
+Let a = shift_uint32(u32_0, 0).
+Let a_1 = havoc(Mint_undef_4, Mint_4, a, 10).
Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
+Let a_3 = a_1[a_2 <- 6].
+Let a_4 = shift_sint32(i32_0, 0).
+Let a_5 = havoc(Mint_undef_2, Mint_2, a_4, 10).
+Let a_6 = shift_sint32(i32_0, i).
+Let a_7 = a_5[a_6 <- 5].
+Let a_8 = shift_uint16(u16_0, 0).
+Let a_9 = havoc(Mint_undef_3, Mint_3, a_8, 10).
+Let a_10 = shift_uint16(u16_0, i).
+Let a_11 = a_9[a_10 <- 4].
Let a_12 = shift_sint16(i16_0, 0).
Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_0, Mint_0, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
-Let a_24 = a_21[a_1 <- 7].
+Let a_14 = shift_sint16(i16_0, i).
+Let a_15 = a_13[a_14 <- 3].
+Let a_16 = shift_uint8(u8_0, 0).
+Let a_17 = havoc(Mint_undef_6, Mint_6, a_16, 10).
+Let a_18 = shift_uint8(u8_0, i).
+Let a_19 = a_17[a_18 <- 2].
+Let a_20 = shift_sint8(i8_0, 0).
+Let a_21 = havoc(Mchar_undef_0, Mchar_0, a_20, 10).
+Let a_22 = shift_sint8(i8_0, i).
+Let a_23 = a_21[a_22 <- 1].
+Let a_24 = shift_uint64(u64_0, i).
+Let a_25 = shift_sint64(i64_0, i).
+Let a_26 = shift_uint64(u64_0, 0).
+Let a_27 = havoc(Mint_undef_5, Mint_5, a_26, 10).
+Let a_28 = shift_sint64(i64_0, 0).
+Let a_29 = havoc(Mint_undef_0, Mint_0, a_28, 10).
+Let a_30 = a_29[a_25 <- 7].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_2) /\
is_sint64_chunk(Mint_0) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_24) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_5) /\
+ is_sint64_chunk(a_29) /\ is_sint8_chunk(a_21) /\
+ is_uint16_chunk(a_9) /\ is_uint32_chunk(a_1) /\
+ is_uint64_chunk(a_27) /\ is_uint8_chunk(a_17) /\
+ is_sint16_chunk(a_15) /\ is_sint32_chunk(a_7) /\
+ is_sint64_chunk(a_30) /\ is_sint8_chunk(a_23) /\
+ is_uint16_chunk(a_11) /\ is_uint32_chunk(a_3) /\
+ is_uint64_chunk(a_27[a_24 <- 8]) /\ is_uint8_chunk(a_19).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -888,60 +966,80 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
+ valid_rw(Malloc_0, a_28, 10) /\ valid_rw(Malloc_0, a_20, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a, 10) /\
+ valid_rw(Malloc_0, a_26, 10) /\ valid_rw(Malloc_0, a_16, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_21[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_17[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_13[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_9[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_5[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_1[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_29[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_27[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_22, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_6, 1).
+ Have: valid_rw(Malloc_0, a_18, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_14, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_25, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_24, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_23[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_19[shift_uint8(u8_0, i_2)] = 2))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_15[shift_sint16(i16_0, i_2)] = 3))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_11[shift_uint16(u16_0, i_2)] = 4))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_sint32(i32_0, i_2)] = 5))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_uint32(u32_0, i_2)] = 6))).
}
-Prove: a_24[shift_sint64(i64_0, i_1)] = 7.
+Prove: a_30[shift_sint64(i64_0, i_1)] = 7.
------------------------------------------------------------
@@ -951,44 +1049,51 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_acsl/chunk_typing.i, line 39):
-Let a = shift_uint64(u64_0, i).
-Let a_1 = shift_sint64(i64_0, i).
-Let a_2 = shift_uint32(u32_0, i).
-Let a_3 = shift_sint32(i32_0, i).
-Let a_4 = shift_uint16(u16_0, i).
-Let a_5 = shift_sint16(i16_0, i).
-Let a_6 = shift_uint8(u8_0, i).
-Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_4, Mint_4, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_5, Mint_5, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_3, Mint_3, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_0, Mint_0, a_22, 10).
-Let a_24 = a_23[a <- 8].
+Let a = shift_sint64(i64_0, 0).
+Let a_1 = havoc(Mint_undef_3, Mint_3, a, 10).
+Let a_2 = shift_sint64(i64_0, i).
+Let a_3 = a_1[a_2 <- 7].
+Let a_4 = shift_uint32(u32_0, 0).
+Let a_5 = havoc(Mint_undef_5, Mint_5, a_4, 10).
+Let a_6 = shift_uint32(u32_0, i).
+Let a_7 = a_5[a_6 <- 6].
+Let a_8 = shift_sint32(i32_0, 0).
+Let a_9 = havoc(Mint_undef_2, Mint_2, a_8, 10).
+Let a_10 = shift_sint32(i32_0, i).
+Let a_11 = a_9[a_10 <- 5].
+Let a_12 = shift_uint16(u16_0, 0).
+Let a_13 = havoc(Mint_undef_4, Mint_4, a_12, 10).
+Let a_14 = shift_uint16(u16_0, i).
+Let a_15 = a_13[a_14 <- 4].
+Let a_16 = shift_sint16(i16_0, 0).
+Let a_17 = havoc(Mint_undef_1, Mint_1, a_16, 10).
+Let a_18 = shift_sint16(i16_0, i).
+Let a_19 = a_17[a_18 <- 3].
+Let a_20 = shift_uint8(u8_0, 0).
+Let a_21 = havoc(Mint_undef_6, Mint_6, a_20, 10).
+Let a_22 = shift_uint8(u8_0, i).
+Let a_23 = a_21[a_22 <- 2].
+Let a_24 = shift_sint8(i8_0, 0).
+Let a_25 = havoc(Mchar_undef_0, Mchar_0, a_24, 10).
+Let a_26 = shift_sint8(i8_0, i).
+Let a_27 = a_25[a_26 <- 1].
+Let a_28 = shift_uint64(u64_0, i).
+Let a_29 = shift_uint64(u64_0, 0).
+Let a_30 = havoc(Mint_undef_0, Mint_0, a_29, 10).
+Let a_31 = a_30[a_28 <- 8].
Assume {
Type: is_sint16_chunk(Mint_1) /\ is_sint32_chunk(Mint_2) /\
is_sint64_chunk(Mint_3) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_4) /\ is_uint32_chunk(Mint_5) /\
is_uint64_chunk(Mint_0) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint32(1 + i) /\ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_24) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint32(1 + i) /\ is_sint16_chunk(a_17) /\ is_sint32_chunk(a_9) /\
+ is_sint64_chunk(a_1) /\ is_sint8_chunk(a_25) /\
+ is_uint16_chunk(a_13) /\ is_uint32_chunk(a_5) /\
+ is_uint64_chunk(a_30) /\ is_uint8_chunk(a_21) /\
+ is_sint16_chunk(a_19) /\ is_sint32_chunk(a_11) /\
+ is_sint64_chunk(a_3) /\ is_sint8_chunk(a_27) /\
+ is_uint16_chunk(a_15) /\ is_uint32_chunk(a_7) /\
+ is_uint64_chunk(a_31) /\ is_uint8_chunk(a_23).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -996,60 +1101,83 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i).
+ When: (i_1 <= i) /\ (0 <= i_1).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
+ valid_rw(Malloc_0, a, 10) /\ valid_rw(Malloc_0, a_24, 10) /\
+ valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
+ valid_rw(Malloc_0, a_29, 10) /\ valid_rw(Malloc_0, a_20, 10).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_23[shift_uint64(u64_0, i_2)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_21[shift_sint64(i64_0, i_2)] = 7))).
+ (a_25[shift_sint8(i8_0, i_2)] = 1))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_19[shift_uint32(u32_0, i_2)] = 6))).
+ (a_21[shift_uint8(u8_0, i_2)] = 2))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_17[shift_sint32(i32_0, i_2)] = 5))).
+ (a_17[shift_sint16(i16_0, i_2)] = 3))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (a_13[shift_uint16(u16_0, i_2)] = 4))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_13[shift_sint16(i16_0, i_2)] = 3))).
+ (a_9[shift_sint32(i32_0, i_2)] = 5))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_11[shift_uint8(u8_0, i_2)] = 2))).
+ (a_5[shift_uint32(u32_0, i_2)] = 6))).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_9[shift_sint8(i8_0, i_2)] = 1))).
+ (a_1[shift_sint64(i64_0, i_2)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_30[shift_uint64(u64_0, i_2)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_7, 1).
+ Have: valid_rw(Malloc_0, a_26, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_6, 1).
+ Have: valid_rw(Malloc_0, a_22, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_5, 1).
+ Have: valid_rw(Malloc_0, a_18, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_4, 1).
+ Have: valid_rw(Malloc_0, a_14, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_3, 1).
+ Have: valid_rw(Malloc_0, a_10, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_2, 1).
+ Have: valid_rw(Malloc_0, a_6, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a_1, 1).
+ Have: valid_rw(Malloc_0, a_2, 1).
(* Assertion 'rte,mem_access' *)
- Have: valid_rw(Malloc_0, a, 1).
+ Have: valid_rw(Malloc_0, a_28, 1).
(* Assertion 'rte,signed_overflow' *)
Have: i <= 2147483646.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_27[shift_sint8(i8_0, i_2)] = 1))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_23[shift_uint8(u8_0, i_2)] = 2))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_19[shift_sint16(i16_0, i_2)] = 3))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_15[shift_uint16(u16_0, i_2)] = 4))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_11[shift_sint32(i32_0, i_2)] = 5))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_7[shift_uint32(u32_0, i_2)] = 6))).
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shift_sint64(i64_0, i_2)] = 7))).
}
-Prove: a_24[shift_uint64(u64_0, i_1)] = 8.
+Prove: a_31[shift_uint64(u64_0, i_1)] = 8.
------------------------------------------------------------
@@ -1059,30 +1187,30 @@ Prove: true.
------------------------------------------------------------
Goal Assertion 'rte,mem_access' (file tests/wp_acsl/chunk_typing.i, line 45):
-Let a = shift_sint8(i8_0, 0).
-Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, 10).
-Let a_2 = shift_uint8(u8_0, 0).
-Let a_3 = havoc(Mint_undef_6, Mint_6, a_2, 10).
-Let a_4 = shift_sint16(i16_0, 0).
-Let a_5 = havoc(Mint_undef_0, Mint_0, a_4, 10).
-Let a_6 = shift_uint16(u16_0, 0).
-Let a_7 = havoc(Mint_undef_3, Mint_3, a_6, 10).
-Let a_8 = shift_sint32(i32_0, 0).
-Let a_9 = havoc(Mint_undef_1, Mint_1, a_8, 10).
-Let a_10 = shift_uint32(u32_0, 0).
-Let a_11 = havoc(Mint_undef_4, Mint_4, a_10, 10).
-Let a_12 = shift_sint64(i64_0, 0).
-Let a_13 = havoc(Mint_undef_2, Mint_2, a_12, 10).
-Let a_14 = shift_uint64(u64_0, 0).
-Let a_15 = havoc(Mint_undef_5, Mint_5, a_14, 10).
+Let a = shift_uint64(u64_0, 0).
+Let a_1 = havoc(Mint_undef_5, Mint_5, a, 10).
+Let a_2 = shift_sint64(i64_0, 0).
+Let a_3 = havoc(Mint_undef_2, Mint_2, a_2, 10).
+Let a_4 = shift_uint32(u32_0, 0).
+Let a_5 = havoc(Mint_undef_4, Mint_4, a_4, 10).
+Let a_6 = shift_sint32(i32_0, 0).
+Let a_7 = havoc(Mint_undef_1, Mint_1, a_6, 10).
+Let a_8 = shift_uint16(u16_0, 0).
+Let a_9 = havoc(Mint_undef_3, Mint_3, a_8, 10).
+Let a_10 = shift_sint16(i16_0, 0).
+Let a_11 = havoc(Mint_undef_0, Mint_0, a_10, 10).
+Let a_12 = shift_uint8(u8_0, 0).
+Let a_13 = havoc(Mint_undef_6, Mint_6, a_12, 10).
+Let a_14 = shift_sint8(i8_0, 0).
+Let a_15 = havoc(Mchar_undef_0, Mchar_0, a_14, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_5) /\ is_sint32_chunk(a_9) /\
- is_sint64_chunk(a_13) /\ is_sint8_chunk(a_1) /\ is_uint16_chunk(a_7) /\
- is_uint32_chunk(a_11) /\ is_uint64_chunk(a_15) /\ is_uint8_chunk(a_3).
+ is_sint16_chunk(a_11) /\ is_sint32_chunk(a_7) /\
+ is_sint64_chunk(a_3) /\ is_sint8_chunk(a_15) /\ is_uint16_chunk(a_9) /\
+ is_uint32_chunk(a_5) /\ is_uint64_chunk(a_1) /\ is_uint8_chunk(a_13).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1090,36 +1218,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a, 10) /\
- valid_rw(Malloc_0, a_6, 10) /\ valid_rw(Malloc_0, a_10, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_2, 10).
+ Have: valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_6, 10) /\
+ valid_rw(Malloc_0, a_2, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
+ valid_rw(Malloc_0, a, 10) /\ valid_rw(Malloc_0, a_12, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_sint64(i64_0, i_1)] = 7))).
+ (a_15[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_uint32(u32_0, i_1)] = 6))).
+ (a_13[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_sint32(i32_0, i_1)] = 5))).
+ (a_11[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_7[shift_uint16(u16_0, i_1)] = 4))).
+ (a_9[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_5[shift_sint16(i16_0, i_1)] = 3))).
+ (a_7[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_3[shift_uint8(u8_0, i_1)] = 2))).
+ (a_5[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(i8_0, i_1)] = 1))).
+ (a_3[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
}
@@ -1129,31 +1257,32 @@ Prove: valid_rw(Malloc_0, shift_sint8(i8_0, i), 1).
Goal Assertion 'rte,mem_access' (file tests/wp_acsl/chunk_typing.i, line 46):
Let a = shift_sint8(i8_0, i).
-Let a_1 = shift_sint8(i8_0, 0).
-Let a_2 = havoc(Mchar_undef_0, Mchar_0, a_1, 10).
-Let a_3 = shift_uint8(u8_0, 0).
-Let a_4 = havoc(Mint_undef_6, Mint_6, a_3, 10).
-Let a_5 = shift_sint16(i16_0, 0).
-Let a_6 = havoc(Mint_undef_0, Mint_0, a_5, 10).
-Let a_7 = shift_uint16(u16_0, 0).
-Let a_8 = havoc(Mint_undef_3, Mint_3, a_7, 10).
-Let a_9 = shift_sint32(i32_0, 0).
-Let a_10 = havoc(Mint_undef_1, Mint_1, a_9, 10).
-Let a_11 = shift_uint32(u32_0, 0).
-Let a_12 = havoc(Mint_undef_4, Mint_4, a_11, 10).
-Let a_13 = shift_sint64(i64_0, 0).
-Let a_14 = havoc(Mint_undef_2, Mint_2, a_13, 10).
-Let a_15 = shift_uint64(u64_0, 0).
-Let a_16 = havoc(Mint_undef_5, Mint_5, a_15, 10).
+Let a_1 = shift_uint64(u64_0, 0).
+Let a_2 = havoc(Mint_undef_5, Mint_5, a_1, 10).
+Let a_3 = shift_sint64(i64_0, 0).
+Let a_4 = havoc(Mint_undef_2, Mint_2, a_3, 10).
+Let a_5 = shift_uint32(u32_0, 0).
+Let a_6 = havoc(Mint_undef_4, Mint_4, a_5, 10).
+Let a_7 = shift_sint32(i32_0, 0).
+Let a_8 = havoc(Mint_undef_1, Mint_1, a_7, 10).
+Let a_9 = shift_uint16(u16_0, 0).
+Let a_10 = havoc(Mint_undef_3, Mint_3, a_9, 10).
+Let a_11 = shift_sint16(i16_0, 0).
+Let a_12 = havoc(Mint_undef_0, Mint_0, a_11, 10).
+Let a_13 = shift_uint8(u8_0, 0).
+Let a_14 = havoc(Mint_undef_6, Mint_6, a_13, 10).
+Let a_15 = shift_sint8(i8_0, 0).
+Let a_16 = havoc(Mchar_undef_0, Mchar_0, a_15, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_6) /\ is_sint32_chunk(a_10) /\
- is_sint64_chunk(a_14) /\ is_sint8_chunk(a_2) /\ is_uint16_chunk(a_8) /\
- is_uint32_chunk(a_12) /\ is_uint64_chunk(a_16) /\
- is_uint8_chunk(a_4) /\ is_sint8_chunk(a_2[a <- 1]).
+ is_sint16_chunk(a_12) /\ is_sint32_chunk(a_8) /\
+ is_sint64_chunk(a_4) /\ is_sint8_chunk(a_16) /\
+ is_uint16_chunk(a_10) /\ is_uint32_chunk(a_6) /\
+ is_uint64_chunk(a_2) /\ is_uint8_chunk(a_14) /\
+ is_sint8_chunk(a_16[a <- 1]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1161,36 +1290,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_5, 10) /\ valid_rw(Malloc_0, a_9, 10) /\
- valid_rw(Malloc_0, a_13, 10) /\ valid_rw(Malloc_0, a_1, 10) /\
- valid_rw(Malloc_0, a_7, 10) /\ valid_rw(Malloc_0, a_11, 10) /\
- valid_rw(Malloc_0, a_15, 10) /\ valid_rw(Malloc_0, a_3, 10).
+ Have: valid_rw(Malloc_0, a_11, 10) /\ valid_rw(Malloc_0, a_7, 10) /\
+ valid_rw(Malloc_0, a_3, 10) /\ valid_rw(Malloc_0, a_15, 10) /\
+ valid_rw(Malloc_0, a_9, 10) /\ valid_rw(Malloc_0, a_5, 10) /\
+ valid_rw(Malloc_0, a_1, 10) /\ valid_rw(Malloc_0, a_13, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_16[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_14[shift_sint64(i64_0, i_1)] = 7))).
+ (a_16[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_12[shift_uint32(u32_0, i_1)] = 6))).
+ (a_14[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_10[shift_sint32(i32_0, i_1)] = 5))).
+ (a_12[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_8[shift_uint16(u16_0, i_1)] = 4))).
+ (a_10[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_6[shift_sint16(i16_0, i_1)] = 3))).
+ (a_8[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_4[shift_uint8(u8_0, i_1)] = 2))).
+ (a_6[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_2[shift_sint8(i8_0, i_1)] = 1))).
+ (a_4[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_2[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1203,32 +1332,32 @@ Prove: valid_rw(Malloc_0, shift_uint8(u8_0, i), 1).
Goal Assertion 'rte,mem_access' (file tests/wp_acsl/chunk_typing.i, line 47):
Let a = shift_uint8(u8_0, i).
Let a_1 = shift_sint8(i8_0, i).
-Let a_2 = shift_sint8(i8_0, 0).
-Let a_3 = havoc(Mchar_undef_0, Mchar_0, a_2, 10).
-Let a_4 = shift_uint8(u8_0, 0).
-Let a_5 = havoc(Mint_undef_6, Mint_6, a_4, 10).
-Let a_6 = shift_sint16(i16_0, 0).
-Let a_7 = havoc(Mint_undef_0, Mint_0, a_6, 10).
-Let a_8 = shift_uint16(u16_0, 0).
-Let a_9 = havoc(Mint_undef_3, Mint_3, a_8, 10).
-Let a_10 = shift_sint32(i32_0, 0).
-Let a_11 = havoc(Mint_undef_1, Mint_1, a_10, 10).
-Let a_12 = shift_uint32(u32_0, 0).
-Let a_13 = havoc(Mint_undef_4, Mint_4, a_12, 10).
-Let a_14 = shift_sint64(i64_0, 0).
-Let a_15 = havoc(Mint_undef_2, Mint_2, a_14, 10).
-Let a_16 = shift_uint64(u64_0, 0).
-Let a_17 = havoc(Mint_undef_5, Mint_5, a_16, 10).
+Let a_2 = shift_uint64(u64_0, 0).
+Let a_3 = havoc(Mint_undef_5, Mint_5, a_2, 10).
+Let a_4 = shift_sint64(i64_0, 0).
+Let a_5 = havoc(Mint_undef_2, Mint_2, a_4, 10).
+Let a_6 = shift_uint32(u32_0, 0).
+Let a_7 = havoc(Mint_undef_4, Mint_4, a_6, 10).
+Let a_8 = shift_sint32(i32_0, 0).
+Let a_9 = havoc(Mint_undef_1, Mint_1, a_8, 10).
+Let a_10 = shift_uint16(u16_0, 0).
+Let a_11 = havoc(Mint_undef_3, Mint_3, a_10, 10).
+Let a_12 = shift_sint16(i16_0, 0).
+Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
+Let a_14 = shift_uint8(u8_0, 0).
+Let a_15 = havoc(Mint_undef_6, Mint_6, a_14, 10).
+Let a_16 = shift_sint8(i8_0, 0).
+Let a_17 = havoc(Mchar_undef_0, Mchar_0, a_16, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_7) /\ is_sint32_chunk(a_11) /\
- is_sint64_chunk(a_15) /\ is_sint8_chunk(a_3) /\ is_uint16_chunk(a_9) /\
- is_uint32_chunk(a_13) /\ is_uint64_chunk(a_17) /\
- is_uint8_chunk(a_5) /\ is_sint8_chunk(a_3[a_1 <- 1]) /\
- is_uint8_chunk(a_5[a <- 2]).
+ is_sint16_chunk(a_13) /\ is_sint32_chunk(a_9) /\
+ is_sint64_chunk(a_5) /\ is_sint8_chunk(a_17) /\
+ is_uint16_chunk(a_11) /\ is_uint32_chunk(a_7) /\
+ is_uint64_chunk(a_3) /\ is_uint8_chunk(a_15) /\
+ is_sint8_chunk(a_17[a_1 <- 1]) /\ is_uint8_chunk(a_15[a <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1236,36 +1365,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_6, 10) /\ valid_rw(Malloc_0, a_10, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_2, 10) /\
- valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
- valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_4, 10).
+ Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
+ valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
+ valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_6, 10) /\
+ valid_rw(Malloc_0, a_2, 10) /\ valid_rw(Malloc_0, a_14, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_17[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_sint64(i64_0, i_1)] = 7))).
+ (a_17[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_uint32(u32_0, i_1)] = 6))).
+ (a_15[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_sint32(i32_0, i_1)] = 5))).
+ (a_13[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_uint16(u16_0, i_1)] = 4))).
+ (a_11[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_7[shift_sint16(i16_0, i_1)] = 3))).
+ (a_9[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_5[shift_uint8(u8_0, i_1)] = 2))).
+ (a_7[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_3[shift_sint8(i8_0, i_1)] = 1))).
+ (a_5[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_3[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1281,33 +1410,33 @@ Goal Assertion 'rte,mem_access' (file tests/wp_acsl/chunk_typing.i, line 48):
Let a = shift_sint16(i16_0, i).
Let a_1 = shift_uint8(u8_0, i).
Let a_2 = shift_sint8(i8_0, i).
-Let a_3 = shift_sint8(i8_0, 0).
-Let a_4 = havoc(Mchar_undef_0, Mchar_0, a_3, 10).
-Let a_5 = shift_uint8(u8_0, 0).
-Let a_6 = havoc(Mint_undef_6, Mint_6, a_5, 10).
-Let a_7 = shift_sint16(i16_0, 0).
-Let a_8 = havoc(Mint_undef_0, Mint_0, a_7, 10).
-Let a_9 = shift_uint16(u16_0, 0).
-Let a_10 = havoc(Mint_undef_3, Mint_3, a_9, 10).
-Let a_11 = shift_sint32(i32_0, 0).
-Let a_12 = havoc(Mint_undef_1, Mint_1, a_11, 10).
-Let a_13 = shift_uint32(u32_0, 0).
-Let a_14 = havoc(Mint_undef_4, Mint_4, a_13, 10).
-Let a_15 = shift_sint64(i64_0, 0).
-Let a_16 = havoc(Mint_undef_2, Mint_2, a_15, 10).
-Let a_17 = shift_uint64(u64_0, 0).
-Let a_18 = havoc(Mint_undef_5, Mint_5, a_17, 10).
+Let a_3 = shift_uint64(u64_0, 0).
+Let a_4 = havoc(Mint_undef_5, Mint_5, a_3, 10).
+Let a_5 = shift_sint64(i64_0, 0).
+Let a_6 = havoc(Mint_undef_2, Mint_2, a_5, 10).
+Let a_7 = shift_uint32(u32_0, 0).
+Let a_8 = havoc(Mint_undef_4, Mint_4, a_7, 10).
+Let a_9 = shift_sint32(i32_0, 0).
+Let a_10 = havoc(Mint_undef_1, Mint_1, a_9, 10).
+Let a_11 = shift_uint16(u16_0, 0).
+Let a_12 = havoc(Mint_undef_3, Mint_3, a_11, 10).
+Let a_13 = shift_sint16(i16_0, 0).
+Let a_14 = havoc(Mint_undef_0, Mint_0, a_13, 10).
+Let a_15 = shift_uint8(u8_0, 0).
+Let a_16 = havoc(Mint_undef_6, Mint_6, a_15, 10).
+Let a_17 = shift_sint8(i8_0, 0).
+Let a_18 = havoc(Mchar_undef_0, Mchar_0, a_17, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_8) /\ is_sint32_chunk(a_12) /\
- is_sint64_chunk(a_16) /\ is_sint8_chunk(a_4) /\
- is_uint16_chunk(a_10) /\ is_uint32_chunk(a_14) /\
- is_uint64_chunk(a_18) /\ is_uint8_chunk(a_6) /\
- is_sint16_chunk(a_8[a <- 3]) /\ is_sint8_chunk(a_4[a_2 <- 1]) /\
- is_uint8_chunk(a_6[a_1 <- 2]).
+ is_sint16_chunk(a_14) /\ is_sint32_chunk(a_10) /\
+ is_sint64_chunk(a_6) /\ is_sint8_chunk(a_18) /\
+ is_uint16_chunk(a_12) /\ is_uint32_chunk(a_8) /\
+ is_uint64_chunk(a_4) /\ is_uint8_chunk(a_16) /\
+ is_sint16_chunk(a_14[a <- 3]) /\ is_sint8_chunk(a_18[a_2 <- 1]) /\
+ is_uint8_chunk(a_16[a_1 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1315,36 +1444,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_7, 10) /\ valid_rw(Malloc_0, a_11, 10) /\
- valid_rw(Malloc_0, a_15, 10) /\ valid_rw(Malloc_0, a_3, 10) /\
- valid_rw(Malloc_0, a_9, 10) /\ valid_rw(Malloc_0, a_13, 10) /\
- valid_rw(Malloc_0, a_17, 10) /\ valid_rw(Malloc_0, a_5, 10).
+ Have: valid_rw(Malloc_0, a_13, 10) /\ valid_rw(Malloc_0, a_9, 10) /\
+ valid_rw(Malloc_0, a_5, 10) /\ valid_rw(Malloc_0, a_17, 10) /\
+ valid_rw(Malloc_0, a_11, 10) /\ valid_rw(Malloc_0, a_7, 10) /\
+ valid_rw(Malloc_0, a_3, 10) /\ valid_rw(Malloc_0, a_15, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_18[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_16[shift_sint64(i64_0, i_1)] = 7))).
+ (a_18[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_14[shift_uint32(u32_0, i_1)] = 6))).
+ (a_16[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_12[shift_sint32(i32_0, i_1)] = 5))).
+ (a_14[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_10[shift_uint16(u16_0, i_1)] = 4))).
+ (a_12[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_8[shift_sint16(i16_0, i_1)] = 3))).
+ (a_10[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_6[shift_uint8(u8_0, i_1)] = 2))).
+ (a_8[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_4[shift_sint8(i8_0, i_1)] = 1))).
+ (a_6[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_4[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1363,33 +1492,33 @@ Let a = shift_uint16(u16_0, i).
Let a_1 = shift_sint16(i16_0, i).
Let a_2 = shift_uint8(u8_0, i).
Let a_3 = shift_sint8(i8_0, i).
-Let a_4 = shift_sint8(i8_0, 0).
-Let a_5 = havoc(Mchar_undef_0, Mchar_0, a_4, 10).
-Let a_6 = shift_uint8(u8_0, 0).
-Let a_7 = havoc(Mint_undef_6, Mint_6, a_6, 10).
-Let a_8 = shift_sint16(i16_0, 0).
-Let a_9 = havoc(Mint_undef_0, Mint_0, a_8, 10).
-Let a_10 = shift_uint16(u16_0, 0).
-Let a_11 = havoc(Mint_undef_3, Mint_3, a_10, 10).
-Let a_12 = shift_sint32(i32_0, 0).
-Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
-Let a_14 = shift_uint32(u32_0, 0).
-Let a_15 = havoc(Mint_undef_4, Mint_4, a_14, 10).
-Let a_16 = shift_sint64(i64_0, 0).
-Let a_17 = havoc(Mint_undef_2, Mint_2, a_16, 10).
-Let a_18 = shift_uint64(u64_0, 0).
-Let a_19 = havoc(Mint_undef_5, Mint_5, a_18, 10).
+Let a_4 = shift_uint64(u64_0, 0).
+Let a_5 = havoc(Mint_undef_5, Mint_5, a_4, 10).
+Let a_6 = shift_sint64(i64_0, 0).
+Let a_7 = havoc(Mint_undef_2, Mint_2, a_6, 10).
+Let a_8 = shift_uint32(u32_0, 0).
+Let a_9 = havoc(Mint_undef_4, Mint_4, a_8, 10).
+Let a_10 = shift_sint32(i32_0, 0).
+Let a_11 = havoc(Mint_undef_1, Mint_1, a_10, 10).
+Let a_12 = shift_uint16(u16_0, 0).
+Let a_13 = havoc(Mint_undef_3, Mint_3, a_12, 10).
+Let a_14 = shift_sint16(i16_0, 0).
+Let a_15 = havoc(Mint_undef_0, Mint_0, a_14, 10).
+Let a_16 = shift_uint8(u8_0, 0).
+Let a_17 = havoc(Mint_undef_6, Mint_6, a_16, 10).
+Let a_18 = shift_sint8(i8_0, 0).
+Let a_19 = havoc(Mchar_undef_0, Mchar_0, a_18, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_9) /\ is_sint32_chunk(a_13) /\
- is_sint64_chunk(a_17) /\ is_sint8_chunk(a_5) /\
- is_uint16_chunk(a_11) /\ is_uint32_chunk(a_15) /\
- is_uint64_chunk(a_19) /\ is_uint8_chunk(a_7) /\
- is_sint16_chunk(a_9[a_1 <- 3]) /\ is_sint8_chunk(a_5[a_3 <- 1]) /\
- is_uint16_chunk(a_11[a <- 4]) /\ is_uint8_chunk(a_7[a_2 <- 2]).
+ is_sint16_chunk(a_15) /\ is_sint32_chunk(a_11) /\
+ is_sint64_chunk(a_7) /\ is_sint8_chunk(a_19) /\
+ is_uint16_chunk(a_13) /\ is_uint32_chunk(a_9) /\
+ is_uint64_chunk(a_5) /\ is_uint8_chunk(a_17) /\
+ is_sint16_chunk(a_15[a_1 <- 3]) /\ is_sint8_chunk(a_19[a_3 <- 1]) /\
+ is_uint16_chunk(a_13[a <- 4]) /\ is_uint8_chunk(a_17[a_2 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1397,36 +1526,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
- valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_4, 10) /\
- valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
- valid_rw(Malloc_0, a_18, 10) /\ valid_rw(Malloc_0, a_6, 10).
+ Have: valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_10, 10) /\
+ valid_rw(Malloc_0, a_6, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
+ valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
+ valid_rw(Malloc_0, a_4, 10) /\ valid_rw(Malloc_0, a_16, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_19[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_17[shift_sint64(i64_0, i_1)] = 7))).
+ (a_19[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_uint32(u32_0, i_1)] = 6))).
+ (a_17[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_sint32(i32_0, i_1)] = 5))).
+ (a_15[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_uint16(u16_0, i_1)] = 4))).
+ (a_13[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_sint16(i16_0, i_1)] = 3))).
+ (a_11[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_7[shift_uint8(u8_0, i_1)] = 2))).
+ (a_9[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_5[shift_sint8(i8_0, i_1)] = 1))).
+ (a_7[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_5[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1448,34 +1577,34 @@ Let a_1 = shift_uint16(u16_0, i).
Let a_2 = shift_sint16(i16_0, i).
Let a_3 = shift_uint8(u8_0, i).
Let a_4 = shift_sint8(i8_0, i).
-Let a_5 = shift_sint8(i8_0, 0).
-Let a_6 = havoc(Mchar_undef_0, Mchar_0, a_5, 10).
-Let a_7 = shift_uint8(u8_0, 0).
-Let a_8 = havoc(Mint_undef_6, Mint_6, a_7, 10).
-Let a_9 = shift_sint16(i16_0, 0).
-Let a_10 = havoc(Mint_undef_0, Mint_0, a_9, 10).
-Let a_11 = shift_uint16(u16_0, 0).
-Let a_12 = havoc(Mint_undef_3, Mint_3, a_11, 10).
-Let a_13 = shift_sint32(i32_0, 0).
-Let a_14 = havoc(Mint_undef_1, Mint_1, a_13, 10).
-Let a_15 = shift_uint32(u32_0, 0).
-Let a_16 = havoc(Mint_undef_4, Mint_4, a_15, 10).
-Let a_17 = shift_sint64(i64_0, 0).
-Let a_18 = havoc(Mint_undef_2, Mint_2, a_17, 10).
-Let a_19 = shift_uint64(u64_0, 0).
-Let a_20 = havoc(Mint_undef_5, Mint_5, a_19, 10).
+Let a_5 = shift_uint64(u64_0, 0).
+Let a_6 = havoc(Mint_undef_5, Mint_5, a_5, 10).
+Let a_7 = shift_sint64(i64_0, 0).
+Let a_8 = havoc(Mint_undef_2, Mint_2, a_7, 10).
+Let a_9 = shift_uint32(u32_0, 0).
+Let a_10 = havoc(Mint_undef_4, Mint_4, a_9, 10).
+Let a_11 = shift_sint32(i32_0, 0).
+Let a_12 = havoc(Mint_undef_1, Mint_1, a_11, 10).
+Let a_13 = shift_uint16(u16_0, 0).
+Let a_14 = havoc(Mint_undef_3, Mint_3, a_13, 10).
+Let a_15 = shift_sint16(i16_0, 0).
+Let a_16 = havoc(Mint_undef_0, Mint_0, a_15, 10).
+Let a_17 = shift_uint8(u8_0, 0).
+Let a_18 = havoc(Mint_undef_6, Mint_6, a_17, 10).
+Let a_19 = shift_sint8(i8_0, 0).
+Let a_20 = havoc(Mchar_undef_0, Mchar_0, a_19, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_10) /\ is_sint32_chunk(a_14) /\
- is_sint64_chunk(a_18) /\ is_sint8_chunk(a_6) /\
- is_uint16_chunk(a_12) /\ is_uint32_chunk(a_16) /\
- is_uint64_chunk(a_20) /\ is_uint8_chunk(a_8) /\
- is_sint16_chunk(a_10[a_2 <- 3]) /\ is_sint32_chunk(a_14[a <- 5]) /\
- is_sint8_chunk(a_6[a_4 <- 1]) /\ is_uint16_chunk(a_12[a_1 <- 4]) /\
- is_uint8_chunk(a_8[a_3 <- 2]).
+ is_sint16_chunk(a_16) /\ is_sint32_chunk(a_12) /\
+ is_sint64_chunk(a_8) /\ is_sint8_chunk(a_20) /\
+ is_uint16_chunk(a_14) /\ is_uint32_chunk(a_10) /\
+ is_uint64_chunk(a_6) /\ is_uint8_chunk(a_18) /\
+ is_sint16_chunk(a_16[a_2 <- 3]) /\ is_sint32_chunk(a_12[a <- 5]) /\
+ is_sint8_chunk(a_20[a_4 <- 1]) /\ is_uint16_chunk(a_14[a_1 <- 4]) /\
+ is_uint8_chunk(a_18[a_3 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1483,36 +1612,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_9, 10) /\ valid_rw(Malloc_0, a_13, 10) /\
- valid_rw(Malloc_0, a_17, 10) /\ valid_rw(Malloc_0, a_5, 10) /\
- valid_rw(Malloc_0, a_11, 10) /\ valid_rw(Malloc_0, a_15, 10) /\
- valid_rw(Malloc_0, a_19, 10) /\ valid_rw(Malloc_0, a_7, 10).
+ Have: valid_rw(Malloc_0, a_15, 10) /\ valid_rw(Malloc_0, a_11, 10) /\
+ valid_rw(Malloc_0, a_7, 10) /\ valid_rw(Malloc_0, a_19, 10) /\
+ valid_rw(Malloc_0, a_13, 10) /\ valid_rw(Malloc_0, a_9, 10) /\
+ valid_rw(Malloc_0, a_5, 10) /\ valid_rw(Malloc_0, a_17, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_20[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_18[shift_sint64(i64_0, i_1)] = 7))).
+ (a_20[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_16[shift_uint32(u32_0, i_1)] = 6))).
+ (a_18[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_14[shift_sint32(i32_0, i_1)] = 5))).
+ (a_16[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_12[shift_uint16(u16_0, i_1)] = 4))).
+ (a_14[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_10[shift_sint16(i16_0, i_1)] = 3))).
+ (a_12[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_8[shift_uint8(u8_0, i_1)] = 2))).
+ (a_10[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_6[shift_sint8(i8_0, i_1)] = 1))).
+ (a_8[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_6[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1537,34 +1666,34 @@ Let a_2 = shift_uint16(u16_0, i).
Let a_3 = shift_sint16(i16_0, i).
Let a_4 = shift_uint8(u8_0, i).
Let a_5 = shift_sint8(i8_0, i).
-Let a_6 = shift_sint8(i8_0, 0).
-Let a_7 = havoc(Mchar_undef_0, Mchar_0, a_6, 10).
-Let a_8 = shift_uint8(u8_0, 0).
-Let a_9 = havoc(Mint_undef_6, Mint_6, a_8, 10).
-Let a_10 = shift_sint16(i16_0, 0).
-Let a_11 = havoc(Mint_undef_0, Mint_0, a_10, 10).
-Let a_12 = shift_uint16(u16_0, 0).
-Let a_13 = havoc(Mint_undef_3, Mint_3, a_12, 10).
-Let a_14 = shift_sint32(i32_0, 0).
-Let a_15 = havoc(Mint_undef_1, Mint_1, a_14, 10).
-Let a_16 = shift_uint32(u32_0, 0).
-Let a_17 = havoc(Mint_undef_4, Mint_4, a_16, 10).
-Let a_18 = shift_sint64(i64_0, 0).
-Let a_19 = havoc(Mint_undef_2, Mint_2, a_18, 10).
-Let a_20 = shift_uint64(u64_0, 0).
-Let a_21 = havoc(Mint_undef_5, Mint_5, a_20, 10).
+Let a_6 = shift_uint64(u64_0, 0).
+Let a_7 = havoc(Mint_undef_5, Mint_5, a_6, 10).
+Let a_8 = shift_sint64(i64_0, 0).
+Let a_9 = havoc(Mint_undef_2, Mint_2, a_8, 10).
+Let a_10 = shift_uint32(u32_0, 0).
+Let a_11 = havoc(Mint_undef_4, Mint_4, a_10, 10).
+Let a_12 = shift_sint32(i32_0, 0).
+Let a_13 = havoc(Mint_undef_1, Mint_1, a_12, 10).
+Let a_14 = shift_uint16(u16_0, 0).
+Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
+Let a_16 = shift_sint16(i16_0, 0).
+Let a_17 = havoc(Mint_undef_0, Mint_0, a_16, 10).
+Let a_18 = shift_uint8(u8_0, 0).
+Let a_19 = havoc(Mint_undef_6, Mint_6, a_18, 10).
+Let a_20 = shift_sint8(i8_0, 0).
+Let a_21 = havoc(Mchar_undef_0, Mchar_0, a_20, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_11) /\ is_sint32_chunk(a_15) /\
- is_sint64_chunk(a_19) /\ is_sint8_chunk(a_7) /\
- is_uint16_chunk(a_13) /\ is_uint32_chunk(a_17) /\
- is_uint64_chunk(a_21) /\ is_uint8_chunk(a_9) /\
- is_sint16_chunk(a_11[a_3 <- 3]) /\ is_sint32_chunk(a_15[a_1 <- 5]) /\
- is_sint8_chunk(a_7[a_5 <- 1]) /\ is_uint16_chunk(a_13[a_2 <- 4]) /\
- is_uint32_chunk(a_17[a <- 6]) /\ is_uint8_chunk(a_9[a_4 <- 2]).
+ is_sint16_chunk(a_17) /\ is_sint32_chunk(a_13) /\
+ is_sint64_chunk(a_9) /\ is_sint8_chunk(a_21) /\
+ is_uint16_chunk(a_15) /\ is_uint32_chunk(a_11) /\
+ is_uint64_chunk(a_7) /\ is_uint8_chunk(a_19) /\
+ is_sint16_chunk(a_17[a_3 <- 3]) /\ is_sint32_chunk(a_13[a_1 <- 5]) /\
+ is_sint8_chunk(a_21[a_5 <- 1]) /\ is_uint16_chunk(a_15[a_2 <- 4]) /\
+ is_uint32_chunk(a_11[a <- 6]) /\ is_uint8_chunk(a_19[a_4 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1572,36 +1701,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
- valid_rw(Malloc_0, a_18, 10) /\ valid_rw(Malloc_0, a_6, 10) /\
- valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10).
+ Have: valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_20, 10) /\
+ valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_10, 10) /\
+ valid_rw(Malloc_0, a_6, 10) /\ valid_rw(Malloc_0, a_18, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_21[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_19[shift_sint64(i64_0, i_1)] = 7))).
+ (a_21[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_17[shift_uint32(u32_0, i_1)] = 6))).
+ (a_19[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_sint32(i32_0, i_1)] = 5))).
+ (a_17[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_uint16(u16_0, i_1)] = 4))).
+ (a_15[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_sint16(i16_0, i_1)] = 3))).
+ (a_13[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_uint8(u8_0, i_1)] = 2))).
+ (a_11[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_7[shift_sint8(i8_0, i_1)] = 1))).
+ (a_9[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_7[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1629,35 +1758,35 @@ Let a_3 = shift_uint16(u16_0, i).
Let a_4 = shift_sint16(i16_0, i).
Let a_5 = shift_uint8(u8_0, i).
Let a_6 = shift_sint8(i8_0, i).
-Let a_7 = shift_sint8(i8_0, 0).
-Let a_8 = havoc(Mchar_undef_0, Mchar_0, a_7, 10).
-Let a_9 = shift_uint8(u8_0, 0).
-Let a_10 = havoc(Mint_undef_6, Mint_6, a_9, 10).
-Let a_11 = shift_sint16(i16_0, 0).
-Let a_12 = havoc(Mint_undef_0, Mint_0, a_11, 10).
-Let a_13 = shift_uint16(u16_0, 0).
-Let a_14 = havoc(Mint_undef_3, Mint_3, a_13, 10).
-Let a_15 = shift_sint32(i32_0, 0).
-Let a_16 = havoc(Mint_undef_1, Mint_1, a_15, 10).
-Let a_17 = shift_uint32(u32_0, 0).
-Let a_18 = havoc(Mint_undef_4, Mint_4, a_17, 10).
-Let a_19 = shift_sint64(i64_0, 0).
-Let a_20 = havoc(Mint_undef_2, Mint_2, a_19, 10).
-Let a_21 = shift_uint64(u64_0, 0).
-Let a_22 = havoc(Mint_undef_5, Mint_5, a_21, 10).
+Let a_7 = shift_uint64(u64_0, 0).
+Let a_8 = havoc(Mint_undef_5, Mint_5, a_7, 10).
+Let a_9 = shift_sint64(i64_0, 0).
+Let a_10 = havoc(Mint_undef_2, Mint_2, a_9, 10).
+Let a_11 = shift_uint32(u32_0, 0).
+Let a_12 = havoc(Mint_undef_4, Mint_4, a_11, 10).
+Let a_13 = shift_sint32(i32_0, 0).
+Let a_14 = havoc(Mint_undef_1, Mint_1, a_13, 10).
+Let a_15 = shift_uint16(u16_0, 0).
+Let a_16 = havoc(Mint_undef_3, Mint_3, a_15, 10).
+Let a_17 = shift_sint16(i16_0, 0).
+Let a_18 = havoc(Mint_undef_0, Mint_0, a_17, 10).
+Let a_19 = shift_uint8(u8_0, 0).
+Let a_20 = havoc(Mint_undef_6, Mint_6, a_19, 10).
+Let a_21 = shift_sint8(i8_0, 0).
+Let a_22 = havoc(Mchar_undef_0, Mchar_0, a_21, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_12) /\ is_sint32_chunk(a_16) /\
- is_sint64_chunk(a_20) /\ is_sint8_chunk(a_8) /\
- is_uint16_chunk(a_14) /\ is_uint32_chunk(a_18) /\
- is_uint64_chunk(a_22) /\ is_uint8_chunk(a_10) /\
- is_sint16_chunk(a_12[a_4 <- 3]) /\ is_sint32_chunk(a_16[a_2 <- 5]) /\
- is_sint64_chunk(a_20[a <- 7]) /\ is_sint8_chunk(a_8[a_6 <- 1]) /\
- is_uint16_chunk(a_14[a_3 <- 4]) /\ is_uint32_chunk(a_18[a_1 <- 6]) /\
- is_uint8_chunk(a_10[a_5 <- 2]).
+ is_sint16_chunk(a_18) /\ is_sint32_chunk(a_14) /\
+ is_sint64_chunk(a_10) /\ is_sint8_chunk(a_22) /\
+ is_uint16_chunk(a_16) /\ is_uint32_chunk(a_12) /\
+ is_uint64_chunk(a_8) /\ is_uint8_chunk(a_20) /\
+ is_sint16_chunk(a_18[a_4 <- 3]) /\ is_sint32_chunk(a_14[a_2 <- 5]) /\
+ is_sint64_chunk(a_10[a <- 7]) /\ is_sint8_chunk(a_22[a_6 <- 1]) /\
+ is_uint16_chunk(a_16[a_3 <- 4]) /\ is_uint32_chunk(a_12[a_1 <- 6]) /\
+ is_uint8_chunk(a_20[a_5 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1665,36 +1794,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_11, 10) /\ valid_rw(Malloc_0, a_15, 10) /\
- valid_rw(Malloc_0, a_19, 10) /\ valid_rw(Malloc_0, a_7, 10) /\
- valid_rw(Malloc_0, a_13, 10) /\ valid_rw(Malloc_0, a_17, 10) /\
- valid_rw(Malloc_0, a_21, 10) /\ valid_rw(Malloc_0, a_9, 10).
+ Have: valid_rw(Malloc_0, a_17, 10) /\ valid_rw(Malloc_0, a_13, 10) /\
+ valid_rw(Malloc_0, a_9, 10) /\ valid_rw(Malloc_0, a_21, 10) /\
+ valid_rw(Malloc_0, a_15, 10) /\ valid_rw(Malloc_0, a_11, 10) /\
+ valid_rw(Malloc_0, a_7, 10) /\ valid_rw(Malloc_0, a_19, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_22[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_20[shift_sint64(i64_0, i_1)] = 7))).
+ (a_22[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_18[shift_uint32(u32_0, i_1)] = 6))).
+ (a_20[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_16[shift_sint32(i32_0, i_1)] = 5))).
+ (a_18[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_14[shift_uint16(u16_0, i_1)] = 4))).
+ (a_16[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_12[shift_sint16(i16_0, i_1)] = 3))).
+ (a_14[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_10[shift_uint8(u8_0, i_1)] = 2))).
+ (a_12[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_8[shift_sint8(i8_0, i_1)] = 1))).
+ (a_10[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_8[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
@@ -1725,35 +1854,35 @@ Let a_4 = shift_uint16(u16_0, i).
Let a_5 = shift_sint16(i16_0, i).
Let a_6 = shift_uint8(u8_0, i).
Let a_7 = shift_sint8(i8_0, i).
-Let a_8 = shift_sint8(i8_0, 0).
-Let a_9 = havoc(Mchar_undef_0, Mchar_0, a_8, 10).
-Let a_10 = shift_uint8(u8_0, 0).
-Let a_11 = havoc(Mint_undef_6, Mint_6, a_10, 10).
-Let a_12 = shift_sint16(i16_0, 0).
-Let a_13 = havoc(Mint_undef_0, Mint_0, a_12, 10).
-Let a_14 = shift_uint16(u16_0, 0).
-Let a_15 = havoc(Mint_undef_3, Mint_3, a_14, 10).
-Let a_16 = shift_sint32(i32_0, 0).
-Let a_17 = havoc(Mint_undef_1, Mint_1, a_16, 10).
-Let a_18 = shift_uint32(u32_0, 0).
-Let a_19 = havoc(Mint_undef_4, Mint_4, a_18, 10).
-Let a_20 = shift_sint64(i64_0, 0).
-Let a_21 = havoc(Mint_undef_2, Mint_2, a_20, 10).
-Let a_22 = shift_uint64(u64_0, 0).
-Let a_23 = havoc(Mint_undef_5, Mint_5, a_22, 10).
+Let a_8 = shift_uint64(u64_0, 0).
+Let a_9 = havoc(Mint_undef_5, Mint_5, a_8, 10).
+Let a_10 = shift_sint64(i64_0, 0).
+Let a_11 = havoc(Mint_undef_2, Mint_2, a_10, 10).
+Let a_12 = shift_uint32(u32_0, 0).
+Let a_13 = havoc(Mint_undef_4, Mint_4, a_12, 10).
+Let a_14 = shift_sint32(i32_0, 0).
+Let a_15 = havoc(Mint_undef_1, Mint_1, a_14, 10).
+Let a_16 = shift_uint16(u16_0, 0).
+Let a_17 = havoc(Mint_undef_3, Mint_3, a_16, 10).
+Let a_18 = shift_sint16(i16_0, 0).
+Let a_19 = havoc(Mint_undef_0, Mint_0, a_18, 10).
+Let a_20 = shift_uint8(u8_0, 0).
+Let a_21 = havoc(Mint_undef_6, Mint_6, a_20, 10).
+Let a_22 = shift_sint8(i8_0, 0).
+Let a_23 = havoc(Mchar_undef_0, Mchar_0, a_22, 10).
Assume {
Type: is_sint16_chunk(Mint_0) /\ is_sint32_chunk(Mint_1) /\
is_sint64_chunk(Mint_2) /\ is_sint8_chunk(Mchar_0) /\
is_uint16_chunk(Mint_3) /\ is_uint32_chunk(Mint_4) /\
is_uint64_chunk(Mint_5) /\ is_uint8_chunk(Mint_6) /\ is_sint32(i) /\
- is_sint16_chunk(a_13) /\ is_sint32_chunk(a_17) /\
- is_sint64_chunk(a_21) /\ is_sint8_chunk(a_9) /\
- is_uint16_chunk(a_15) /\ is_uint32_chunk(a_19) /\
- is_uint64_chunk(a_23) /\ is_uint8_chunk(a_11) /\
- is_sint16_chunk(a_13[a_5 <- 3]) /\ is_sint32_chunk(a_17[a_3 <- 5]) /\
- is_sint64_chunk(a_21[a_1 <- 7]) /\ is_sint8_chunk(a_9[a_7 <- 1]) /\
- is_uint16_chunk(a_15[a_4 <- 4]) /\ is_uint32_chunk(a_19[a_2 <- 6]) /\
- is_uint64_chunk(a_23[a <- 8]) /\ is_uint8_chunk(a_11[a_6 <- 2]).
+ is_sint16_chunk(a_19) /\ is_sint32_chunk(a_15) /\
+ is_sint64_chunk(a_11) /\ is_sint8_chunk(a_23) /\
+ is_uint16_chunk(a_17) /\ is_uint32_chunk(a_13) /\
+ is_uint64_chunk(a_9) /\ is_uint8_chunk(a_21) /\
+ is_sint16_chunk(a_19[a_5 <- 3]) /\ is_sint32_chunk(a_15[a_3 <- 5]) /\
+ is_sint64_chunk(a_11[a_1 <- 7]) /\ is_sint8_chunk(a_23[a_7 <- 1]) /\
+ is_uint16_chunk(a_17[a_4 <- 4]) /\ is_uint32_chunk(a_13[a_2 <- 6]) /\
+ is_uint64_chunk(a_9[a <- 8]) /\ is_uint8_chunk(a_21[a_6 <- 2]).
(* Heap *)
Type: (region(i16_0.base) <= 0) /\ (region(i32_0.base) <= 0) /\
(region(i64_0.base) <= 0) /\ (region(i8_0.base) <= 0) /\
@@ -1761,36 +1890,36 @@ Assume {
(region(u64_0.base) <= 0) /\ (region(u8_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_12, 10) /\ valid_rw(Malloc_0, a_16, 10) /\
- valid_rw(Malloc_0, a_20, 10) /\ valid_rw(Malloc_0, a_8, 10) /\
- valid_rw(Malloc_0, a_14, 10) /\ valid_rw(Malloc_0, a_18, 10) /\
- valid_rw(Malloc_0, a_22, 10) /\ valid_rw(Malloc_0, a_10, 10).
+ Have: valid_rw(Malloc_0, a_18, 10) /\ valid_rw(Malloc_0, a_14, 10) /\
+ valid_rw(Malloc_0, a_10, 10) /\ valid_rw(Malloc_0, a_22, 10) /\
+ valid_rw(Malloc_0, a_16, 10) /\ valid_rw(Malloc_0, a_12, 10) /\
+ valid_rw(Malloc_0, a_8, 10) /\ valid_rw(Malloc_0, a_20, 10).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_23[shift_uint64(u64_0, i_1)] = 8))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_21[shift_sint64(i64_0, i_1)] = 7))).
+ (a_23[shift_sint8(i8_0, i_1)] = 1))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_19[shift_uint32(u32_0, i_1)] = 6))).
+ (a_21[shift_uint8(u8_0, i_1)] = 2))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_17[shift_sint32(i32_0, i_1)] = 5))).
+ (a_19[shift_sint16(i16_0, i_1)] = 3))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_15[shift_uint16(u16_0, i_1)] = 4))).
+ (a_17[shift_uint16(u16_0, i_1)] = 4))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_13[shift_sint16(i16_0, i_1)] = 3))).
+ (a_15[shift_sint32(i32_0, i_1)] = 5))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_11[shift_uint8(u8_0, i_1)] = 2))).
+ (a_13[shift_uint32(u32_0, i_1)] = 6))).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_9[shift_sint8(i8_0, i_1)] = 1))).
+ (a_11[shift_sint64(i64_0, i_1)] = 7))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_9[shift_uint64(u64_0, i_1)] = 8))).
(* Then *)
Have: i <= 9.
(* Assertion 'rte,mem_access' *)
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
index 65a87c92522e55733522c0af3f53df5f0ad1680f..8320e268cf490ce50ebe5c8ba830a1d022f18d59 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
@@ -151,8 +151,7 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'false_but_preserved' (file tests/wp_acsl/generalized_checks.i, line 70):
-Assume { Type: is_sint32(i). (* Then *) Have: i <= 9. }
-Prove: false.
+Prove: true.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
index 68d943f582170a3d187c3cb44229cd352dd0d7f1..3186bf3c7ec1ad310419341cf425e0a7d96c8aba 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
@@ -22,9 +22,11 @@ Assume {
(* Pre-condition *)
Have: separated(a_2, n, a_1, n).
(* Invariant *)
- Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
+ Have: P_IsEqual(Mint_0, a, b, 0).
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
(* Else *)
Have: n <= i.
}
@@ -48,9 +50,11 @@ Assume {
(* Pre-condition *)
Have: separated(a_2, n, a_1, n).
(* Invariant *)
- Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
+ Have: P_IsEqual(Mint_0, a, b, 0).
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
(* Then *)
Have: i < n.
}
@@ -81,11 +85,15 @@ Assume {
(* Pre-condition *)
Have: separated(a_3, n, a_1, n).
(* Invariant *)
- Have: P_IsEqual(a_2, a, b, i).
+ Have: P_IsEqual(Mint_0, a, b, 0).
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: P_IsEqual(a_2, a, b, i).
(* Then *)
Have: i < n.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: P_IsEqual(a_2[shift_sint32(b, i) <- a_2[shift_sint32(a, i)]], a, b, x).
@@ -119,10 +127,12 @@ Prove: true.
Goal Loop assigns (file tests/wp_acsl/looplabels.i, line 20) (2/2):
Effect at line 23
Let a_1 = shift_sint32(b, 0).
-Let a_2 = shift_sint32(a, 0).
-Let a_3 = shift_sint32(b, i).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
+Let x = i - 1.
+Let a_3 = shift_sint32(b, x).
+Let a_4 = shift_sint32(a, 0).
Assume {
- Type: is_sint32(i) /\ is_sint32(n).
+ Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
@@ -130,17 +140,21 @@ Assume {
(* Pre-condition *)
Have: 0 < n.
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a_2, n).
+ Have: valid_rw(Malloc_0, a_4, n).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
(* Pre-condition *)
- Have: separated(a_2, n, a_1, n).
+ Have: separated(a_4, n, a_1, n).
(* Invariant *)
- Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
+ Have: P_IsEqual(Mint_0, a, b, 0).
(* Invariant *)
- Have: (0 <= i) /\ (i <= n).
+ Have: (0 < i) /\ (i <= (1 + n)).
+ (* Invariant *)
+ Have: P_IsEqual(a_2, a, b, x).
(* Then *)
- Have: i < n.
+ Have: i <= n.
+ (* Invariant *)
+ Have: P_IsEqual(a_2[a_3 <- a_2[shift_sint32(a, x)]], a, b, i).
}
Prove: included(a_3, 1, a_1, n).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/postassigns.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/postassigns.res.oracle
index 8abc928d33f1abe77a4033024acc964ece36ba7c..22136a0a98d21d69bd4b70b9cdba4f82276ec267 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/postassigns.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/postassigns.res.oracle
@@ -147,7 +147,7 @@ Prove: true.
Goal Preservation of Invariant (file tests/wp_acsl/postassigns.c, line 38):
Assume {
Type: is_sint32(N) /\ is_sint32(i) /\ is_sint32(1 + i).
- (* Pre-condition *)
+ (* Invariant *)
Have: 0 <= N.
(* Invariant *)
Have: (i <= N) /\ (0 <= i).
@@ -176,19 +176,20 @@ Prove: true.
Goal Loop assigns (file tests/wp_acsl/postassigns.c, line 39) (3/3):
Effect at line 42
-Let a = shift_sint32(p, i).
+Let x = i - 1.
+Let a = shift_sint32(p, x).
Assume {
- Type: is_sint32(N) /\ is_sint32(i).
+ Type: is_sint32(N) /\ is_sint32(i) /\ is_sint32(x).
(* Heap *)
Type: (region(p.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a, 1).
- (* Pre-condition *)
+ (* Invariant *)
Have: 0 <= N.
(* Invariant *)
- Have: (i <= N) /\ (0 <= i).
+ Have: (0 < i) /\ (i <= (1 + N)).
(* Then *)
- Have: i < N.
+ Have: i <= N.
}
Prove: included(a, 1, shift_sint32(p, 0), N).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
index 178e47f5501761f3b9f4e8f5cb9e23eaee7df9cb..ff14db8d7f6b7063fdfc15f4a7c1e9b2b0b61d97 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
@@ -209,18 +209,18 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < size_0) /\ is_sint32(i_1).
(* Pre-condition *)
+ Have: 0 < size_0.
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
(Mint_0[shift_sint32(t, i_2)] < 0))).
- (* Pre-condition *)
- Have: 0 < size_0.
(* Invariant *)
- Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
- (a_1[shift_sint32(t, i_2)] < 0))).
+ Have: (0 <= i) /\ (i <= size_0).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(0 < a_1[shift_sint32(t, i_2)]))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
+ Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
+ (a_1[shift_sint32(t, i_2)] < 0))).
(* Else *)
Have: size_0 <= i.
}
@@ -235,18 +235,18 @@ Assume {
(* Heap *)
Type: region(t.base) <= 0.
(* Pre-condition *)
+ Have: 0 < size_0.
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
(Mint_0[shift_sint32(t, i_1)] < 0))).
- (* Pre-condition *)
- Have: 0 < size_0.
(* Invariant *)
- Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
- (a[shift_sint32(t, i_1)] < 0))).
+ Have: (0 <= i) /\ (i <= size_0).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(0 < a[shift_sint32(t, i_1)]))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
+ Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
+ (a[shift_sint32(t, i_1)] < 0))).
(* Then *)
Have: i < size_0.
}
@@ -271,20 +271,22 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
+ Have: 0 < size_0.
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
(Mint_0[shift_sint32(t, i_2)] < 0))).
- (* Pre-condition *)
- Have: 0 < size_0.
(* Invariant *)
- Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
- (a[shift_sint32(t, i_2)] < 0))).
+ Have: (0 <= i) /\ (i <= size_0).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(0 < a[shift_sint32(t, i_2)]))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
+ Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
+ (a[shift_sint32(t, i_2)] < 0))).
(* Then *)
Have: i < size_0.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: 0 < a[a_1 <- -a_2][shift_sint32(t, i_1)].
@@ -299,6 +301,7 @@ Goal Preservation of Invariant (file tests/wp_acsl/simpl_is_type.i, line 24):
Let a = havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), size_0).
Let a_1 = shift_sint32(t, i).
Let a_2 = a[a_1].
+Let a_3 = a[a_1 <- -a_2].
Assume {
Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(1 + i) /\
is_sint32(a_2).
@@ -307,22 +310,27 @@ Assume {
(* Goal *)
When: (i_1 < size_0) /\ (i < i_1) /\ is_sint32(i_1).
(* Pre-condition *)
+ Have: 0 < size_0.
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
(Mint_0[shift_sint32(t, i_2)] < 0))).
- (* Pre-condition *)
- Have: 0 < size_0.
(* Invariant *)
- Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
- (a[shift_sint32(t, i_2)] < 0))).
+ Have: (0 <= i) /\ (i <= size_0).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(0 < a[shift_sint32(t, i_2)]))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
+ Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
+ (a[shift_sint32(t, i_2)] < 0))).
(* Then *)
Have: i < size_0.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (0 < a_3[shift_sint32(t, i_2)]))).
}
-Prove: a[a_1 <- -a_2][shift_sint32(t, i_1)] < 0.
+Prove: a_3[shift_sint32(t, i_1)] < 0.
------------------------------------------------------------
@@ -352,28 +360,37 @@ Goal Loop assigns (file tests/wp_acsl/simpl_is_type.i, line 25) (2/2):
Effect at line 28
Let a = shift_sint32(t, 0).
Let a_1 = havoc(Mint_undef_0, Mint_0, a, size_0).
-Let a_2 = shift_sint32(t, i).
+Let x = i - 1.
+Let a_2 = shift_sint32(t, x).
+Let a_3 = a_1[a_2].
+Let a_4 = a_1[a_2 <- -a_3].
Assume {
- Type: is_sint32(i) /\ is_sint32(size_0).
+ Type: is_sint32(i) /\ is_sint32(size_0) /\ is_sint32(x) /\ is_sint32(a_3).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
+ Have: 0 < size_0.
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
(Mint_0[shift_sint32(t, i_1)] < 0))).
- (* Pre-condition *)
- Have: 0 < size_0.
(* Invariant *)
- Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
- (a_1[shift_sint32(t, i_1)] < 0))).
+ Have: (0 < i) /\ (i <= (1 + size_0)).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (0 < a_1[shift_sint32(t, i_1)]))).
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((2 + i_1) <= i) ->
+ (is_sint32(i_1) -> (0 < a_1[shift_sint32(t, i_1)])))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
+ Have: forall i_1 : Z. ((i_1 < size_0) -> ((i <= (1 + i_1)) ->
+ (is_sint32(i_1) -> (a_1[shift_sint32(t, i_1)] < 0)))).
(* Then *)
- Have: i < size_0.
+ Have: i <= size_0.
+ (* Invariant *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (0 < a_4[shift_sint32(t, i_1)]))).
+ (* Invariant *)
+ Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
+ (a_4[shift_sint32(t, i_1)] < 0))).
}
Prove: included(a_2, 1, a, size_0).
@@ -391,10 +408,10 @@ Assume {
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
+ Have: (0 <= i) /\ (i <= size_0).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(Mint_0[shift_sint32(t, i_1)] != x))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
Have: i < size_0.
}
Prove: exists i_1 : Z. (Mint_0[shift_sint32(t, i_1)] = x) /\ (0 <= i_1) /\
@@ -414,10 +431,10 @@ Assume {
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
+ Have: (0 <= i) /\ (i <= size_0).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(Mint_0[shift_sint32(t, i_1)] != x))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= size_0).
(* Then *)
Have: i < size_0.
(* Else *)
@@ -444,14 +461,16 @@ Assume {
(* Pre-condition *)
Have: 0 < size_0.
(* Invariant *)
+ Have: (0 <= i_1) /\ (i_1 <= size_0).
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
(Mint_0[shift_sint32(t, i_2)] != x))).
- (* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= size_0).
(* Then *)
Have: i_1 < size_0.
(* Else *)
Have: x_1 != x.
+ (* Invariant *)
+ Have: (-1) <= i_1.
}
Prove: Mint_0[shift_sint32(t, i)] != x.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.0.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.0.res.oracle
index 1d76571f54f0b012c92a2247df2716515527d399..1418f3fcdd8197ba7a5fa96a9bab9b485c9680b1 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.0.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.0.res.oracle
@@ -55,6 +55,8 @@ Assume {
Have: ((0 <= c1_0) -> ((cpt_0 <= c1_0) /\ (0 <= cpt_0))).
(* Else *)
Have: 2 <= cpt_0.
+ (* Invariant *)
+ Have: ((0 <= c1_0) -> (cpt_0 <= (1 + c1_0))).
}
Prove: 0 <= cpt_0.
@@ -130,13 +132,15 @@ Prove: true.
Goal Positivity of Loop variant at loop (file tests/wp_acsl/terminates_variant_option.i, line 19):
Let x = Mint_0[p].
Assume {
- Type: is_sint32(v) /\ is_sint32(x).
+ Type: is_sint32(v) /\ is_sint32(x) /\ is_sint32(v - 1).
(* Heap *)
Type: region(p.base) <= 0.
(* Invariant *)
Have: ((0 <= x) -> ((0 <= v) /\ (v <= x))).
(* Then *)
Have: v != 0.
+ (* Invariant *)
+ Have: ((0 <= x) -> ((0 < v) /\ (v <= (1 + x)))).
}
Prove: 0 <= v.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.1.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.1.res.oracle
index 09103afc39da2717b28b4744b2012e293889b894..5625b7ca4446516a76a0f92b1bf660d2b2e02d21 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.1.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/terminates_variant_option.1.res.oracle
@@ -54,6 +54,8 @@ Assume {
Have: ((0 <= c1_0) -> ((cpt_0 <= c1_0) /\ (0 <= cpt_0))).
(* Else *)
Have: 2 <= cpt_0.
+ (* Invariant *)
+ Have: ((0 <= c1_0) -> (cpt_0 <= (1 + c1_0))).
}
Prove: 0 <= cpt_0.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/assigned_initialized_memtyped.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/assigned_initialized_memtyped.res.oracle
index db28901d4032a8c3cce0c255267c3c9c147c1a84..3a3c7b36d62b7a0852a23b62c1736adbbd3feab9 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/assigned_initialized_memtyped.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/assigned_initialized_memtyped.res.oracle
@@ -33,7 +33,7 @@
[wp] [Alt-Ergo] Goal typed_comp_check_FAILS : Unsuccess
[wp] [Qed] Goal typed_comp_loop_assigns_part1 : Valid
[wp] [Qed] Goal typed_comp_loop_assigns_part2 : Valid
-[wp] [Alt-Ergo] Goal typed_comp_loop_assigns_part3 : Valid
+[wp] [Qed] Goal typed_comp_loop_assigns_part3 : Valid
[wp] [Alt-Ergo] Goal typed_assigned_glob_check_FAILS : Unsuccess
[wp] [Alt-Ergo] Goal typed_assigned_glob_loop_invariant_CHECK_preserved : Valid
[wp] [Qed] Goal typed_assigned_glob_loop_invariant_CHECK_established : Valid
@@ -44,10 +44,10 @@
[wp] [Qed] Goal typed_assigned_glob_loop_assigns_part3 : Valid
[wp] [Qed] Goal typed_assigned_glob_loop_assigns_2_part1 : Valid
[wp] [Qed] Goal typed_assigned_glob_loop_assigns_2_part2 : Valid
-[wp] [Alt-Ergo] Goal typed_assigned_glob_loop_assigns_2_part3 : Valid
+[wp] [Qed] Goal typed_assigned_glob_loop_assigns_2_part3 : Valid
[wp] Proved goals: 33 / 42
- Qed: 27
- Alt-Ergo: 6 (unsuccess: 9)
+ Qed: 29
+ Alt-Ergo: 4 (unsuccess: 9)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
initialize 4 2 6 100%
@@ -56,6 +56,6 @@
array 3 - 4 75.0%
index 3 - 4 75.0%
descr 4 1 6 83.3%
- comp 2 1 4 75.0%
- assigned_glob 6 2 11 72.7%
+ comp 3 - 4 75.0%
+ assigned_glob 7 1 11 72.7%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
index 99a33fee77212dd66f117cf324e5a8a81eb05983..22b1cace818e97885d132b6fa678cee972fd99fa 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
@@ -20,13 +20,13 @@
[wp] [Qed] Goal typed_caller_call_job_requires_A : Valid
[wp] [Qed] Goal typed_caller_call_job_check_requires_CA1 : Valid
[wp] [Alt-Ergo] Goal typed_caller_call_job_check_requires_CA2_ko : Unsuccess
-[wp] [Alt-Ergo] Goal typed_loop_check_loop_invariant_false_but_preserved_preserved : Unsuccess
+[wp] [Qed] Goal typed_loop_check_loop_invariant_false_but_preserved_preserved : Valid
[wp] [Alt-Ergo] Goal typed_loop_check_loop_invariant_false_but_preserved_established : Unsuccess
[wp] [Alt-Ergo] Goal typed_loop_check_implied_by_false_invariant : Unsuccess
[wp] [Qed] Goal typed_loop_loop_assigns : Valid
-[wp] Proved goals: 12 / 21
- Qed: 10
- Alt-Ergo: 2 (unsuccess: 9)
+[wp] Proved goals: 13 / 21
+ Qed: 11
+ Alt-Ergo: 2 (unsuccess: 8)
------------------------------------------------------------
Axiomatics WP Alt-Ergo Total Success
Axiomatic Th - - 2 0.0%
@@ -34,5 +34,5 @@
Functions WP Alt-Ergo Total Success
job 3 2 6 83.3%
caller 6 - 9 66.7%
- loop 1 - 4 25.0%
+ loop 2 - 4 50.0%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/bts_2110.i b/src/plugins/wp/tests/wp_bts/bts_2110.i
index c3e92f41a345f65ee05065f318116fe741cf69c1..2b30f0a37265c6096a082ec72db3c61e46fa31a7 100644
--- a/src/plugins/wp/tests/wp_bts/bts_2110.i
+++ b/src/plugins/wp/tests/wp_bts/bts_2110.i
@@ -1,5 +1,5 @@
/* run.config
- CMD: @frama-c@ -wp -wp-msg-key shell,cluster,print-generated -wp-prover why3 -wp-gen -wp-share ./share -wp-warn-key "pedantic-assigns=inactive"
+ CMD: @frama-c@ -wp -wp-msg-key shell,cluster,print-generated -wp-prover why3 -wp-gen -wp-share @PTEST_SHARE_DIR@ -wp-warn-key "pedantic-assigns=inactive"
OPT:
*/
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1462.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1462.res.oracle
index aa5c4e320017bf051c70668612f5c91e0cea0fe1..48496dc5697b4e27f98576cc40680ad056f49b6c 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1462.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1462.res.oracle
@@ -45,10 +45,10 @@ Assume {
(* Assertion 'for_value' *)
Have: (c = 1) \/ (c <= 0) \/ (2 <= c).
Have: c != 2.
- (* Invariant 'C' *)
- Have: ((c = 0) -> ((i = 0) -> (x = 0))).
(* Invariant 'A_KO' *)
Have: ((i != 0) -> (y_1 = 0)).
+ (* Invariant 'C' *)
+ Have: ((c = 0) -> ((i = 0) -> (x = 0))).
(* Then *)
Have: i <= 9.
If c = 1
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
index 14535c7cf0c072d0d5733260c788e4cb80ebb297..79f9827f49f3dc948c36db84ef95aabee8201804 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_751.res.oracle
@@ -36,21 +36,22 @@ Prove: true.
Goal Loop assigns (file tests/wp_bts/issue_751.i, line 8) (2/2):
Effect at line 11
Let x = land(3840, R).
-Let x_1 = x / 256.
+Let x_1 = lsr(x, 8).
+Let x_2 = j - 1.
Assume {
- Type: is_sint32(R) /\ is_sint32(j) /\ is_sint32(lsr(x, 8)).
+ Type: is_sint32(R) /\ is_sint32(j) /\ is_sint32(x_2) /\ is_sint32(x_1).
(* Heap *)
Type: (region(Data_0.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: !invalid(Malloc_0, shift_sint32(Data_0, j), 1).
+ When: !invalid(Malloc_0, shift_sint32(Data_0, x_2), 1).
(* Pre-condition *)
Have: (0 < x) /\ (x <= 2303).
(* Invariant 'RANGE' *)
- Have: (0 <= j) /\ (j <= x_1).
+ Have: (0 < j) /\ (j <= (1 + x_1)).
(* Then *)
- Have: j < x_1.
+ Have: j <= (x / 256).
}
-Prove: j <= 7.
+Prove: j <= 8.
------------------------------------------------------------
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_801.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_801.res.oracle
index 0021dc1ad13f35291453f98e675313a297afc67c..4c29b8c3fe1446b6cd46f6cd39cf694bac3c61a6 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_801.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_801.res.oracle
@@ -33,7 +33,6 @@ Prove: true.
------------------------------------------------------------
Goal Positivity of Loop variant at loop (file tests/wp_bts/issue_801.i, line 14):
-Assume { Type: is_sint32(s). (* Then *) Have: s <= 9. }
-Prove: s <= 10.
+Prove: true.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_801.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_801.res.oracle
index 455278246bd518ab7843f951f86963da8d6c9ae1..7e3f976defe0c7ff66d631e42588c4fd7d6c1be7 100644
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_801.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_801.res.oracle
@@ -8,11 +8,11 @@
[wp] [Qed] Goal typed_LoopCurrent_loop_invariant_A_established : Valid
[wp] [Qed] Goal typed_LoopCurrent_loop_assigns : Valid
[wp] [Qed] Goal typed_LoopCurrent_loop_variant_decrease : Valid
-[wp] [Alt-Ergo] Goal typed_LoopCurrent_loop_variant_positive : Valid
+[wp] [Qed] Goal typed_LoopCurrent_loop_variant_positive : Valid
[wp] Proved goals: 5 / 6
- Qed: 4
- Alt-Ergo: 1 (unsuccess: 1)
+ Qed: 5
+ Alt-Ergo: 0 (unsuccess: 1)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- LoopCurrent 4 1 6 83.3%
+ LoopCurrent 5 - 6 83.3%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_eva/test_config b/src/plugins/wp/tests/wp_eva/test_config
index 8b6102546cc5b9169aa4d10d195b2ef2f5bab0b3..b17ba9c087756386fee7b149e7f598e0ebbad315 100644
--- a/src/plugins/wp/tests/wp_eva/test_config
+++ b/src/plugins/wp/tests/wp_eva/test_config
@@ -1 +1 @@
-CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -wp -wp-print -wp-prover none -wp-share ./share -wp-msg-key shell
+CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -wp -wp-print -wp-prover none -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell
diff --git a/src/plugins/wp/tests/wp_eva/test_config_qualif b/src/plugins/wp/tests/wp_eva/test_config_qualif
index 153e5ddde393c7008e0ff327852ba9b948a25e54..8f8c6e5c791fd649d5d9a45b234bbf850e2b3ce6 100644
--- a/src/plugins/wp/tests/wp_eva/test_config_qualif
+++ b/src/plugins/wp/tests/wp_eva/test_config_qualif
@@ -1,2 +1,2 @@
-CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -then -wp -wp-par 1 -wp-share ./share -wp-msg-key shell -wp-report tests/qualif.report -wp-session @PTEST_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@ -wp-coq-timeout 120
+CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -then -wp -wp-par 1 -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-report tests/qualif.report -wp-session @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@ -wp-coq-timeout 120
OPT:
diff --git a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo2_solved.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo2_solved.res.oracle
index 1780ec5c89a9b45027afa30b5a132043047e4271..879b80915f96682876824638ae66f50de1d06e7e 100644
--- a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo2_solved.res.oracle
+++ b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo2_solved.res.oracle
@@ -15,10 +15,10 @@
[wp] [Qed] Goal typed_max_subarray_loop_invariant_4_established : Valid
[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_5_preserved : Valid
[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_5_established : Valid
-[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_6_preserved : Valid
-[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_6_established : Valid
+[wp] [Qed] Goal typed_max_subarray_loop_invariant_6_preserved : Valid
+[wp] [Qed] Goal typed_max_subarray_loop_invariant_6_established : Valid
[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_7_preserved : Valid
-[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_7_established : Valid
+[wp] [Qed] Goal typed_max_subarray_loop_invariant_7_established : Valid
[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_8_preserved : Valid
[wp] [Alt-Ergo] Goal typed_max_subarray_loop_invariant_8_established : Valid
[wp] [Qed] Goal typed_max_subarray_loop_assigns : Valid
@@ -26,11 +26,11 @@
[wp] [Qed] Goal typed_max_subarray_loop_variant_decrease : Valid
[wp] [Qed] Goal typed_max_subarray_loop_variant_positive : Valid
[wp] Proved goals: 22 / 22
- Qed: 9
- Alt-Ergo: 13
+ Qed: 12
+ Alt-Ergo: 10
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- max_subarray 9 13 22 100%
+ max_subarray 12 10 22 100%
------------------------------------------------------------
[wp] Running WP plugin...
[rte] annotating function max_subarray
@@ -41,5 +41,5 @@
Alt-Ergo: 1
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- max_subarray 9 14 23 100%
+ max_subarray 12 11 23 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.res.oracle
index 174cfa7521504fd213dc75ca4404ea89dddb4faa..b2a42b7d1cd35ff736ed1a09c2d58a256a6c89ee 100644
--- a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.res.oracle
+++ b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.res.oracle
@@ -18,7 +18,7 @@
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_5_established : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_6_preserved : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_6_established : Valid
-[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_7_preserved : Valid
+[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_7_preserved : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_7_established : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_8_preserved : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_8_established : Valid
@@ -38,11 +38,11 @@
[wp] [Qed] Goal typed_ref_equal_elements_loop_variant_2_decrease : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_variant_2_positive : Valid
[wp] Proved goals: 34 / 34
- Qed: 18
- Alt-Ergo: 16
+ Qed: 19
+ Alt-Ergo: 15
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- equal_elements 18 16 34 100%
+ equal_elements 19 15 34 100%
------------------------------------------------------------
[wp] tests/wp_gallery/frama_c_exo3_solved.old.c:73: Warning:
Memory model hypotheses for function 'equal_elements':
@@ -77,5 +77,5 @@
Alt-Ergo: 5
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- equal_elements 29 21 50 100%
+ equal_elements 30 20 50 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.v2.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.v2.res.oracle
index cfbc31146758fcdad382bd59ca15be2c53d18327..4a5d3b149207981d5161ab0d99a0760e0e79a0bb 100644
--- a/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.v2.res.oracle
+++ b/src/plugins/wp/tests/wp_gallery/oracle_qualif/frama_c_exo3_solved.old.v2.res.oracle
@@ -23,7 +23,7 @@
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_v1_sound1_established : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_v1_sound2_preserved : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_v1_sound2_established : Valid
-[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_v1_v2_diff_preserved : Valid
+[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_v1_v2_diff_preserved : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_v1_v2_diff_established : Valid
[wp] [Alt-Ergo] Goal typed_ref_equal_elements_loop_invariant_v2_sound1_preserved : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_invariant_v2_sound1_established : Valid
@@ -39,11 +39,11 @@
[wp] [Qed] Goal typed_ref_equal_elements_loop_variant_2_decrease : Valid
[wp] [Qed] Goal typed_ref_equal_elements_loop_variant_2_positive : Valid
[wp] Proved goals: 35 / 35
- Qed: 17
- Alt-Ergo: 18
+ Qed: 18
+ Alt-Ergo: 17
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- equal_elements 17 18 35 100%
+ equal_elements 18 17 35 100%
------------------------------------------------------------
[wp] tests/wp_gallery/frama_c_exo3_solved.old.v2.c:56: Warning:
Memory model hypotheses for function 'equal_elements':
@@ -78,5 +78,5 @@
Alt-Ergo: 5
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- equal_elements 28 23 51 100%
+ equal_elements 29 22 51 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/convert.i b/src/plugins/wp/tests/wp_plugin/convert.i
index c09396fdda418ae62ac373fc6ebe4703b1560750..2dce3a4622568c9e1a54a0b8e00ecf5d4b4301a6 100644
--- a/src/plugins/wp/tests/wp_plugin/convert.i
+++ b/src/plugins/wp/tests/wp_plugin/convert.i
@@ -4,7 +4,7 @@
/* run.config_qualif
OPT:
- OPT: -wp-prover native:alt-ergo -wp-report=%{dep:tests/native.report}
+ OPT: -wp-prover native:alt-ergo -wp-report=%{dep:@PTEST_SUITE_DIR@/../native.report}
*/
// --------------------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/math.i b/src/plugins/wp/tests/wp_plugin/math.i
index 4a3905a7a75094fb219220189bb6b1fdfd180621..d2a3d2ce303de8ef3b5c4f48ce0bcfa4b426570a 100644
--- a/src/plugins/wp/tests/wp_plugin/math.i
+++ b/src/plugins/wp/tests/wp_plugin/math.i
@@ -4,9 +4,9 @@
/* run.config_qualif
OPT: -wp-prover alt-ergo -wp-prop=-ko -wp-timeout 100 -wp-steps 1500
- OPT: -wp-prover native:alt-ergo -wp-report=%{dep:tests/native.report} -wp-prop=-ko -wp-timeout 100 -wp-steps 1500
+ OPT: -wp-prover native:alt-ergo -wp-report=%{dep:@PTEST_SUITE_DIR@/../native.report} -wp-prop=-ko -wp-timeout 100 -wp-steps 1500
OPT: -wp-prover alt-ergo -wp-prop=ko -wp-timeout 100 -wp-steps 10
- OPT: -wp-prover native:alt-ergo -wp-report=%{dep:tests/native.report} -wp-prop=ko -wp-timeout 100 -wp-steps 10
+ OPT: -wp-prover native:alt-ergo -wp-report=%{dep:@PTEST_SUITE_DIR@/../native.report} -wp-prop=ko -wp-timeout 100 -wp-steps 10
*/
// --------------------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/model.i b/src/plugins/wp/tests/wp_plugin/model.i
index fd0dd051a717b1544e9f13d4c0be5d06f2c410fa..07e59f63a7ddb17bc624dde14525f1dd14bcdee8 100644
--- a/src/plugins/wp/tests/wp_plugin/model.i
+++ b/src/plugins/wp/tests/wp_plugin/model.i
@@ -1,5 +1,5 @@
/* run.config
- CMD: @frama-c@ -wp-share ./share -wp-msg-key cluster,shell,print-generated -wp-prover why3 -wp-warn-key "pedantic-assigns=inactive"
+ CMD: @frama-c@ -wp-share @PTEST_SHARE_DIR@ -wp-msg-key cluster,shell,print-generated -wp-prover why3 -wp-warn-key "pedantic-assigns=inactive"
OPT: -wp-model Typed -wp -wp-gen -wp-print -then -wp-model Typed+ref -wp -wp-gen -wp-print
*/
diff --git a/src/plugins/wp/tests/wp_plugin/nosession.i b/src/plugins/wp/tests/wp_plugin/nosession.i
index d1873a1222997221ed75c281b72bb3663ce61eeb..96ab1cfb2102e424756980add80ab024daeb06ff 100644
--- a/src/plugins/wp/tests/wp_plugin/nosession.i
+++ b/src/plugins/wp/tests/wp_plugin/nosession.i
@@ -2,7 +2,7 @@
DONTRUN:
*/
/* run.config_qualif
- CMD: @frama-c@ -wp-share ./share -wp-msg-key shell -wp-warn-key pedantic-assigns=inactive
+ CMD: @frama-c@ -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-warn-key pedantic-assigns=inactive
PLUGIN: wp,rtegen
OPT: -wp -wp-prover alt-ergo -wp-session shall_not_exists_dir -wp-cache offline -wp-no-cache-env
COMMENT: The session directory shall not be created
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
index 232d0259c30a3aec71ca0610cdc0af2b68750042..5fcfd8e1850e59b359e32f7ae2784bf0c86cb183 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/combined.res.oracle
@@ -20,11 +20,11 @@ Assume {
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
+ Have: (0 <= i) /\ (i <= 50).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_P(havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), 50)
[shift_sint32(t, i_1)]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 50).
(* Then *)
Have: i <= 49.
(* Call 'f' *)
@@ -50,14 +50,16 @@ Assume {
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
+ Have: (0 <= i) /\ (i <= 50).
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
P_P(a[shift_sint32(t, i_2)]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 50).
(* Then *)
Have: i <= 49.
(* Call 'f' *)
Have: P_P(v).
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: P_P(a[shift_sint32(t, i) <- v][shift_sint32(t, i_1)]).
@@ -77,11 +79,11 @@ Assume {
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
+ Have: (0 <= i) /\ (i <= 50).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_P(havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), 50)
[shift_sint32(t, i_1)]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 50).
(* Else *)
Have: 50 <= i.
(* Invariant *)
@@ -109,10 +111,10 @@ Assume {
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
+ Have: (0 <= i_1) /\ (i_1 <= 50).
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
P_P(a[shift_sint32(t, i_2)]))).
- (* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= 50).
(* Else *)
Have: 50 <= i_1.
(* Invariant *)
@@ -155,9 +157,10 @@ Prove: true.
Goal Loop assigns (file tests/wp_plugin/combined.c, line 36) (3/3):
Call Result at line 38
-Let a = shift_sint32(t, j).
+Let x = j - 1.
+Let a = shift_sint32(t, x).
Assume {
- Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(j).
+ Type: is_sint32(A) /\ is_sint32(i) /\ is_sint32(j) /\ is_sint32(x).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
@@ -165,17 +168,17 @@ Assume {
(* Assertion *)
Have: (50 <= A) /\ (A <= 100).
(* Invariant *)
+ Have: (0 <= i) /\ (i <= 50).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_P(havoc(Mint_undef_0, Mint_0, shift_sint32(t, 0), 50)
[shift_sint32(t, i_1)]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= 50).
(* Else *)
Have: 50 <= i.
(* Invariant *)
- Have: (A <= j) /\ (j <= 100).
+ Have: (A < j) /\ (j <= 101).
(* Then *)
- Have: j <= 99.
+ Have: j <= 100.
}
Prove: included(a, 1, shift_sint32(t, A), 100 - A).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
index 0198e43bea60c3a8a1a53b753ea78da52ce375da..f72087e75317557233ac0e847631bf9a6c751344 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
@@ -17,14 +17,14 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Else *)
Have: n <= i.
}
@@ -43,14 +43,14 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
(* Assertion 'A' *)
@@ -59,6 +59,8 @@ Assume {
(* Assertion 'B' *)
Have: forall i_2 : Z. let a_4 = shift_sint32(b, i_2) in ((0 <= i_2) ->
((i_2 < i) -> (a_3[a_4] = a_2[a_4]))).
+ (* Invariant 'Range' *)
+ Have: (-1) <= i.
}
Prove: a_3[shift_sint32(b, i_1)] = a_3[shift_sint32(a, i_1)].
@@ -78,14 +80,14 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Copy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_2[shift_sint32(b, i_1)] = a_2[shift_sint32(a, i_1)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
(* Assertion 'A' *)
@@ -115,14 +117,14 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
}
@@ -142,14 +144,14 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
(* Assertion 'A' *)
@@ -175,31 +177,35 @@ Goal Loop assigns (file tests/wp_plugin/copy.i, line 12) (3/3):
Effect at line 16
Let a_1 = shift_sint32(a, 0).
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
-Let a_3 = shift_sint32(a, i).
-Let a_4 = a_2[a_3 <- a_2[shift_sint32(b, i)]].
+Let x = i - 1.
+Let a_3 = shift_sint32(a, x).
+Let a_4 = a_2[a_3 <- a_2[shift_sint32(b, x)]].
Assume {
- Type: is_sint32(i) /\ is_sint32(n).
+ Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: separated(a_1, n, shift_sint32(b, 0), n).
+ (* Invariant 'Range' *)
+ Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 < i) /\ (i <= (1 + n)).
(* Invariant 'Copy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((2 + i_1) <= i) ->
(a_2[shift_sint32(b, i_1)] = a_2[shift_sint32(a, i_1)]))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
- Have: i < n.
+ Have: i <= n.
(* Assertion 'A' *)
Have: forall i_1 : Z. let a_5 = shift_sint32(a, i_1) in ((0 <= i_1) ->
- ((i_1 < i) -> (a_4[a_5] = a_2[a_5]))).
+ (((2 + i_1) <= i) -> (a_4[a_5] = a_2[a_5]))).
(* Assertion 'B' *)
Have: forall i_1 : Z. let a_5 = shift_sint32(b, i_1) in ((0 <= i_1) ->
- ((i_1 < i) -> (a_4[a_5] = a_2[a_5]))).
+ (((2 + i_1) <= i) -> (a_4[a_5] = a_2[a_5]))).
+ (* Invariant 'Copy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_4[shift_sint32(b, i_1)] = a_4[shift_sint32(a, i_1)]))).
}
Prove: included(a_3, 1, a_1, n).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle
index da669bd36ebf0b30082de682bb0d52b17a6faec3..fed4301277c6759030f49714996ddff47765ad18 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed_axioms.res.oracle
@@ -9,12 +9,18 @@
Goal Wp_smoke_dead_loop in 'foo' at loop (file tests/wp_plugin/doomed_axioms.i, line 29):
Assume {
Type: is_sint32(n).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
}
Prove: false.
@@ -23,12 +29,18 @@ Prove: false.
Goal Wp_smoke_dead_code in 'foo' at instruction (file tests/wp_plugin/doomed_axioms.i, line 30):
Assume {
Type: is_sint32(n) /\ is_sint32(x).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
(* Then *)
Have: 0 < x.
}
@@ -39,12 +51,18 @@ Prove: false.
Goal Wp_smoke_dead_code in 'foo' at return (file tests/wp_plugin/doomed_axioms.i, line 32):
Assume {
Type: is_sint32(n) /\ is_sint32(x).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
(* Else *)
Have: x <= 0.
}
@@ -56,12 +74,18 @@ Goal Preservation of Invariant 'A' (file tests/wp_plugin/doomed_axioms.i, line 2
Let x_1 = 1 + n.
Assume {
Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
(* Then *)
Have: 0 < x.
}
@@ -78,20 +102,29 @@ Goal Preservation of Invariant 'B' (file tests/wp_plugin/doomed_axioms.i, line 2
Let x_1 = 1 + n.
Assume {
Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
(* Then *)
Have: 0 < x.
+ (* Invariant 'A' *)
+ Have: P_P(x_1).
}
Prove: P_Q(x_1).
------------------------------------------------------------
Goal Establishment of Invariant 'B' (file tests/wp_plugin/doomed_axioms.i, line 25):
+Assume { (* Invariant 'A' *) Have: P_P(0). }
Prove: P_Q(0).
------------------------------------------------------------
@@ -100,20 +133,32 @@ Goal Preservation of Invariant 'C' (file tests/wp_plugin/doomed_axioms.i, line 2
Let x_1 = 1 + n.
Assume {
Type: is_sint32(n) /\ is_sint32(x) /\ is_sint32(x_1).
- (* Invariant 'C' *)
- Have: P_R(n).
+ (* Invariant 'A' *)
+ Have: P_P(0).
(* Invariant 'B' *)
- Have: P_Q(n).
+ Have: P_Q(0).
+ (* Invariant 'C' *)
+ Have: P_R(0).
(* Invariant 'A' *)
Have: P_P(n).
+ (* Invariant 'B' *)
+ Have: P_Q(n).
+ (* Invariant 'C' *)
+ Have: P_R(n).
(* Then *)
Have: 0 < x.
+ (* Invariant 'A' *)
+ Have: P_P(x_1).
+ (* Invariant 'B' *)
+ Have: P_Q(x_1).
}
Prove: P_R(x_1).
------------------------------------------------------------
Goal Establishment of Invariant 'C' (file tests/wp_plugin/doomed_axioms.i, line 26):
+Assume { (* Invariant 'A' *) Have: P_P(0). (* Invariant 'B' *) Have: P_Q(0).
+}
Prove: P_R(0).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle
index 97103136af1d61d0f9dc62a842e18b5184bc026c..d942b94bb256c930f5dc7f08ca65ec2dabc645bb 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed_loop.res.oracle
@@ -37,7 +37,8 @@ Prove: true.
------------------------------------------------------------
Goal Establishment of Invariant 'B' (file tests/wp_plugin/doomed_loop.i, line 19):
-Prove: !P_P(0).
+Assume { (* Invariant 'A' *) Have: P_P(0). }
+Prove: false.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
index 3c8dd80d4597e2df725575fe65b6684863573335..f7e116db708a6361c596652f4a5ddc21b475d91a 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
@@ -10,6 +10,7 @@ Goal Post-condition 'qed_ok' in 'init':
Let a_1 = shift_sint32(t, a).
Let x = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let x_1 = 1 + b.
Assume {
Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i).
(* Heap *)
@@ -21,10 +22,12 @@ Assume {
(* Pre-condition *)
Have: a <= b.
(* Invariant 'qed_ok' *)
+ Have: a <= x_1.
+ (* Invariant 'qed_ok' *)
+ Have: (a <= i) /\ (i <= x_1).
+ (* Invariant 'qed_ok' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(t, i_2)] = e))).
- (* Invariant 'qed_ok' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Else *)
Have: b < i.
}
@@ -35,9 +38,10 @@ Prove: a_2[shift_sint32(t, i_1)] = e.
Goal Preservation of Invariant 'qed_ok' (file tests/wp_plugin/loop.i, line 12):
Let a_1 = shift_sint32(t, a).
Let x = -a.
-Let x_1 = 1 + i.
+Let x_1 = 1 + b.
+Let x_2 = 1 + i.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_2).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
@@ -45,14 +49,16 @@ Assume {
(* Pre-condition *)
Have: a <= b.
(* Invariant 'qed_ok' *)
+ Have: a <= x_1.
+ (* Invariant 'qed_ok' *)
+ Have: (a <= i) /\ (i <= x_1).
+ (* Invariant 'qed_ok' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)] = e))).
- (* Invariant 'qed_ok' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Then *)
Have: i <= b.
}
-Prove: a <= x_1.
+Prove: a <= x_2.
------------------------------------------------------------
@@ -71,11 +77,13 @@ Prove: a <= (1 + b).
------------------------------------------------------------
Goal Preservation of Invariant 'qed_ok' (file tests/wp_plugin/loop.i, line 13):
+Let x = 1 + i.
Let a_1 = shift_sint32(t, a).
-Let x = -a.
+Let x_1 = -a.
Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let x_2 = 1 + b.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
@@ -85,12 +93,16 @@ Assume {
(* Pre-condition *)
Have: a <= b.
(* Invariant 'qed_ok' *)
+ Have: a <= x_2.
+ (* Invariant 'qed_ok' *)
+ Have: (a <= i) /\ (i <= x_2).
+ (* Invariant 'qed_ok' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(t, i_2)] = e))).
- (* Invariant 'qed_ok' *)
- Have: (a <= i) /\ (i <= (1 + b)).
(* Then *)
Have: i <= b.
+ (* Invariant 'qed_ok' *)
+ Have: a <= x.
}
Prove: a_2[shift_sint32(t, i) <- e][shift_sint32(t, i_1)] = e.
@@ -116,33 +128,44 @@ Goal Loop assigns 'qed_ok' (3/3):
Effect at line 16
Let a_1 = shift_sint32(t, a).
Let x = -a.
-Let a_2 = shift_sint32(t, i).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, i - a).
+Let a_3 = shift_sint32(t, i).
+Let x_1 = 1 + i.
+Let x_2 = 1 + b.
Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(1 + i).
+ Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(i) /\ is_sint32(x_1).
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: !invalid(Malloc_0, a_2, 1).
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
(* Invariant 'qed_ok' *)
- Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
- (havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)] = e))).
+ Have: a <= x_2.
(* Invariant 'qed_ok' *)
- Have: (a <= i) /\ (i <= (1 + b)).
+ Have: (a <= i) /\ (i <= x_2).
+ (* Invariant 'qed_ok' *)
+ Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
+ (a_2[shift_sint32(t, i_1)] = e))).
(* Then *)
Have: i <= b.
+ (* Invariant 'qed_ok' *)
+ Have: a <= x_1.
+ (* Invariant 'qed_ok' *)
+ Have: forall i_1 : Z. ((i_1 <= i) -> ((a <= i_1) ->
+ (a_2[a_3 <- e][shift_sint32(t, i_1)] = e))).
}
-Prove: included(a_2, 1, a_1, 1 + i - a).
+Prove: included(a_3, 1, a_1, 1 + i - a).
------------------------------------------------------------
Goal Assigns 'qed_ok' in 'init':
Effect at line 15
+Let x = 1 + b.
Let a_1 = shift_sint32(t, a).
-Let x = -a.
+Let x_1 = -a.
Assume {
Have: a < i.
Have: !invalid(Malloc_0, a_1, i - a).
@@ -153,7 +176,9 @@ Assume {
Have: valid_rw(Malloc_0, a_1, 1 + b - a).
(* Pre-condition *)
Have: a <= b.
+ (* Invariant 'qed_ok' *)
+ Have: a <= x.
}
-Prove: i <= (1 + b).
+Prove: i <= x.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
index f921ae4ce125d33e1ffdf74c9a30509986096d67..a2177f40d653e5f30547bfc250018cf79c4c837d 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
@@ -13,22 +13,24 @@ Assume {
(* Heap *)
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Pre-condition *)
- Have: (0 <= m) /\ (0 <= n).
+ Have: 0 <= m.
+ (* Invariant 'I' *)
+ Have: 0 <= n.
+ (* Invariant 'I' *)
+ Have: (0 <= i_1) /\ (i_1 <= n).
(* Invariant 'PI' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i_1) -> ((0 <= i_2) ->
((i_2 < m) ->
(Mint_0[shift_sint32(p, i_3)] < Mint_0[shift_sint32(q, i_2)]))))).
- (* Invariant 'I' *)
- Have: (0 <= i_1) /\ (i_1 <= n).
If i_1 < n
Then {
Let x = Mint_0[shift_sint32(p, i)].
Have: (ta_j_0=false).
+ (* Invariant 'J' *)
+ Have: (0 <= j) /\ (j <= m).
(* Invariant 'PJ' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) ->
(x < Mint_0[shift_sint32(q, i_2)]))).
- (* Invariant 'J' *)
- Have: (0 <= j) /\ (j <= m).
(* Then *)
Have: j < m.
Have: i_1 = i.
@@ -51,21 +53,23 @@ Assume {
is_sint32(1 + i).
(* Heap *)
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
- (* Pre-condition *)
- Have: (0 <= m) /\ (0 <= n).
+ (* Invariant 'I' *)
+ Have: 0 <= n.
+ (* Invariant 'I' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'PI' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 < m) ->
(Mint_0[shift_sint32(p, i_2)] < Mint_0[shift_sint32(q, i_1)]))))).
- (* Invariant 'I' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant 'J' *)
+ Have: 0 <= m.
+ (* Invariant 'J' *)
+ Have: (0 <= j) /\ (j <= m).
(* Invariant 'PJ' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) ->
(Mint_0[shift_sint32(p, i)] < Mint_0[shift_sint32(q, i_1)]))).
- (* Invariant 'J' *)
- Have: (0 <= j) /\ (j <= m).
(* Else *)
Have: m <= j.
}
@@ -86,23 +90,27 @@ Assume {
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i_1 < m) /\ (i <= i_2).
- (* Pre-condition *)
- Have: (0 <= m) /\ (0 <= n).
+ (* Invariant 'I' *)
+ Have: 0 <= n.
+ (* Invariant 'I' *)
+ Have: (0 <= i_2) /\ (i_2 <= n).
(* Invariant 'PI' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i_2) -> ((0 <= i_3) ->
((i_3 < m) ->
(Mint_0[shift_sint32(p, i_4)] < Mint_0[shift_sint32(q, i_3)]))))).
- (* Invariant 'I' *)
- Have: (0 <= i_2) /\ (i_2 <= n).
(* Then *)
Have: i_2 < n.
+ (* Invariant 'J' *)
+ Have: 0 <= m.
+ (* Invariant 'J' *)
+ Have: (0 <= j) /\ (j <= m).
(* Invariant 'PJ' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) ->
(Mint_0[shift_sint32(p, i_2)] < Mint_0[shift_sint32(q, i_3)]))).
- (* Invariant 'J' *)
- Have: (0 <= j) /\ (j <= m).
(* Else *)
Have: m <= j.
+ (* Invariant 'I' *)
+ Have: (-1) <= i_2.
}
Prove: Mint_0[shift_sint32(p, i)] < Mint_0[shift_sint32(q, i_1)].
@@ -121,21 +129,23 @@ Assume {
is_sint32(1 + j) /\ is_sint32(x) /\ is_sint32(x_1).
(* Heap *)
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
- (* Pre-condition *)
- Have: (0 <= m) /\ (0 <= n).
+ (* Invariant 'I' *)
+ Have: 0 <= n.
+ (* Invariant 'I' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'PI' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 < m) ->
(Mint_0[shift_sint32(p, i_2)] < Mint_0[shift_sint32(q, i_1)]))))).
- (* Invariant 'I' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant 'J' *)
+ Have: 0 <= m.
+ (* Invariant 'J' *)
+ Have: (0 <= j) /\ (j <= m).
(* Invariant 'PJ' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) ->
(x < Mint_0[shift_sint32(q, i_1)]))).
- (* Invariant 'J' *)
- Have: (0 <= j) /\ (j <= m).
(* Then *)
Have: j < m.
(* Else *)
@@ -160,25 +170,29 @@ Assume {
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= j).
- (* Pre-condition *)
- Have: (0 <= m) /\ (0 <= n).
+ (* Invariant 'I' *)
+ Have: 0 <= n.
+ (* Invariant 'I' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'PI' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 < m) ->
(Mint_0[shift_sint32(p, i_3)] < Mint_0[shift_sint32(q, i_2)]))))).
- (* Invariant 'I' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant 'J' *)
+ Have: 0 <= m.
+ (* Invariant 'J' *)
+ Have: (0 <= j) /\ (j <= m).
(* Invariant 'PJ' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) ->
(x < Mint_0[shift_sint32(q, i_2)]))).
- (* Invariant 'J' *)
- Have: (0 <= j) /\ (j <= m).
(* Then *)
Have: j < m.
(* Else *)
Have: x < x_1.
+ (* Invariant 'J' *)
+ Have: (-1) <= j.
}
Prove: x < Mint_0[shift_sint32(q, i_1)].
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
index c7250d7a7f3ae9c3f49932ff276435874024b1c0..5ef0fd177d7a00356e6ac6144bd2cda59986de57 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
@@ -20,13 +20,13 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: L_sequence(calls_0) = nil.
(* Invariant *)
- Have: ([ 1, 2 ] *^ i) = a.
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: ([ 1, 2 ] *^ i) = a.
(* Then *)
Have: i < n.
(* Call 'f' *)
@@ -53,19 +53,21 @@ Assume {
(* Heap *)
Type: is_sint32(calls_1).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: L_sequence(calls_1) = nil.
(* Invariant *)
- Have: (a_2 *^ i) = a.
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: (a_2 *^ i) = a.
(* Then *)
Have: i < n.
(* Call 'f' *)
Have: L_sequence(calls_2) = a ^ [ 1 ].
(* Call 'g' *)
Have: L_sequence(calls_3) = a_1.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: (a_2 *^ x) = a_1.
@@ -128,15 +130,15 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
- Have: L_sequence(calls_2) = a_1 ^ [ 1 ].
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: L_sequence(calls_2) = a_1 ^ [ 1 ].
(* Else *)
Have: n <= i.
(* Call 'g' *)
@@ -153,15 +155,15 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
- Have: L_sequence(calls_2) = a ^ [ 1 ].
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: L_sequence(calls_2) = a ^ [ 1 ].
(* Then *)
Have: i < n.
(* Call 'g' *)
@@ -188,21 +190,23 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: 0 <= n.
- (* Pre-condition *)
Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
- Have: L_sequence(calls_2) = a_1 ^ [ 1 ].
+ Have: 0 <= n.
(* Invariant *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
+ Have: L_sequence(calls_2) = a_1 ^ [ 1 ].
(* Then *)
Have: i < n.
(* Call 'g' *)
Have: L_sequence(calls_3) = a_2.
(* Call 'f' *)
Have: L_sequence(calls_4) = a_1 ^ [ 1, 2, 1 ].
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: (a *^ x) = a_2.
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
index 1fd2d32b881e58611c6a586443b88e5c4c5206ba..46d5f7b06e4bd3aa1389809c6b8a1ca722cac760 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
@@ -23,12 +23,12 @@ Assume {
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: if (0 <= n) then (i <= n) else (i <= 0).
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Else *)
Have: n <= i.
(* Call 'f' *)
@@ -49,16 +49,18 @@ Assume {
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: if (0 <= n) then (i <= n) else (i <= 0).
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Then *)
Have: i < n.
(* Call 'g' *)
Have: L_call_obs(call_seq_3) = [ x ] ^ a ^ [ y ].
+ (* Invariant 'ok,id_min' *)
+ Have: (-1) <= i.
}
Prove: 0 <= n.
@@ -80,12 +82,12 @@ Assume {
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: if (0 <= n) then (i <= n) else (i <= 0).
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Then *)
Have: i < n.
(* Call 'g' *)
@@ -112,16 +114,20 @@ Assume {
Have: L_call_obs(call_seq_0) = nil.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: i <= n.
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Then *)
Have: i < n.
(* Call 'g' *)
Have: L_call_obs(call_seq_3) = [ x ] ^ a ^ [ y ].
+ (* Invariant 'ok,id_min' *)
+ Have: (-1) <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: 0 <= n.
}
Prove: ([ y ] *^ x_1) = a ^ [ y ].
@@ -187,12 +193,12 @@ Assume {
Have: 0 < n.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: i <= n.
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: i <= n.
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Else *)
Have: n <= i.
(* Call 'f' *)
@@ -223,12 +229,12 @@ Assume {
Have: n <= 0.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: if (0 <= n) then (i <= n) else (i <= 0).
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Else *)
Have: n <= i.
(* Call 'f' *)
@@ -251,12 +257,12 @@ Assume {
Have: n <= 0.
(* Call 'f' *)
Have: L_call_obs(call_seq_1) = [ x ].
- (* Invariant 'ok,inv' *)
- Have: L_call_obs(call_seq_2) = [ x ] ^ a.
- (* Invariant 'ok,id_max' *)
- Have: if (0 <= n) then (i <= n) else (i <= 0).
(* Invariant 'ok,id_min' *)
Have: 0 <= i.
+ (* Invariant 'ok,id_max' *)
+ Have: if (0 <= n) then (i <= n) else (i <= 0).
+ (* Invariant 'ok,inv' *)
+ Have: L_call_obs(call_seq_2) = [ x ] ^ a.
(* Else *)
Have: n <= i.
(* Call 'f' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
index 01d8890819150fb8ee3f468e78405a38095a941d..d52d8d297fbc9bc51701761979118292eefad810 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
@@ -18,10 +18,12 @@ Assume {
(* Pre-condition 'separation' *)
Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
+ Have: 0 <= n.
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
(* Else *)
Have: n <= i.
}
@@ -50,10 +52,12 @@ Assume {
(* Pre-condition 'separation' *)
Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
+ Have: 0 <= n.
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
(* Then *)
Have: i < n.
}
@@ -79,6 +83,7 @@ Prove: 0 <= n.
------------------------------------------------------------
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 34):
+Let x = to_uint64(1 + i).
Let a = shift_sint8(dest_0, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = a_1[shift_sint8(dest_0, i) <- a_1[shift_sint8(src_0, i)]].
@@ -88,7 +93,7 @@ Assume {
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint64(1 + i)).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, dest_0, n).
(* Pre-condition 'valid_src' *)
@@ -96,12 +101,16 @@ Assume {
(* Pre-condition 'separation' *)
Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_1[shift_sint8(src_0, i_2)] = a_1[shift_sint8(dest_0, i_2)]))).
+ Have: 0 <= n.
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_1[shift_sint8(src_0, i_2)] = a_1[shift_sint8(dest_0, i_2)]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
}
Prove: a_2[shift_sint8(src_0, i_1)] = a_2[shift_sint8(dest_0, i_1)].
@@ -125,9 +134,11 @@ Prove: true.
Goal Loop assigns (file FRAMAC_SHARE/libc/string.c, line 35) (3/3):
Effect at line 39
+Let x = to_uint64(1 + i).
Let a = shift_sint8(dest_0, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(dest_0, i).
+Let a_3 = a_1[a_2 <- a_1[shift_sint8(src_0, i)]].
Assume {
Type: is_uint64(i) /\ is_uint64(n).
(* Heap *)
@@ -142,12 +153,19 @@ Assume {
(* Pre-condition 'separation' *)
Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
+ Have: 0 <= n.
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (a_3[shift_sint8(src_0, i_1)] = a_3[shift_sint8(dest_0, i_1)]))).
}
Prove: included(a_2, 1, a, n).
@@ -160,8 +178,10 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file FRAMAC_SHARE/libc/string.c, line 38):
+Let x = to_uint64(1 + i).
Let a = shift_sint8(dest_0, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
+Let a_2 = a_1[shift_sint8(dest_0, i) <- a_1[shift_sint8(src_0, i)]].
Assume {
Type: is_uint64(i) /\ is_uint64(n).
(* Heap *)
@@ -174,14 +194,21 @@ Assume {
(* Pre-condition 'separation' *)
Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
+ Have: 0 <= n.
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i <= n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (a_2[shift_sint8(src_0, i_1)] = a_2[shift_sint8(dest_0, i_1)]))).
}
-Prove: i < to_uint64(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -193,7 +220,7 @@ Prove: true.
Goal Post-condition 'copied_contents' in 'memmove':
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(i_1) /\
- is_uint64(n).
+ is_uint64(i_2) /\ is_uint64(n).
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
@@ -217,34 +244,44 @@ Assume {
If memoverlap_0 <= 0
Then {
Have: (ta_i_0=false).
+ (* Invariant 'no_eva' *)
+ Have: 0 <= n.
(* Loop assigns ... *)
Have: havoc(Mchar_undef_0, Mchar_0, a, n) = Mchar_1.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_2 = shift_sint8(src_0, i_2) in
- ((i <= i_2) -> ((i_2 < n) -> (Mchar_1[a_2] = Mchar_0[a_2]))).
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (Mchar_1[shift_sint8(dest_0, i_2)]
- = Mchar_0[shift_sint8(src_0, i_2)]))).
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < i) ->
+ (Mchar_1[shift_sint8(dest_0, i_3)]
+ = Mchar_0[shift_sint8(src_0, i_3)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_3 : Z. let a_2 = shift_sint8(src_0, i_3) in
+ ((i <= i_3) -> ((i_3 < n) -> (Mchar_1[a_2] = Mchar_0[a_2]))).
(* Else *)
Have: n <= i.
}
Else {
(* Block In *)
Have: (ta_i_1=false).
+ (* Initializer *)
+ Init: to_uint64(n - 1) = i_2.
+ (* Invariant 'no_eva' *)
+ Have: i_2 < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_3 : Z. ((i_2 < i_3) -> ((i_3 < n) ->
+ (Mchar_0[shift_sint8(src_0, i_3)]
+ = Mchar_0[shift_sint8(dest_0, i_3)]))).
(* Loop assigns ... *)
Have: havoc(Mchar_undef_1, Mchar_0, a, n) = Mchar_2.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_2 = shift_sint8(src_0, i_2) in
- ((i_2 <= i_1) -> ((0 <= i_2) -> (Mchar_2[a_2] = Mchar_0[a_2]))).
+ Have: (0 <= i_1) /\ (i_1 < n).
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. ((i_1 < i_2) -> ((i_2 < n) ->
- (Mchar_2[shift_sint8(dest_0, i_2)]
- = Mchar_0[shift_sint8(src_0, i_2)]))).
+ Have: forall i_3 : Z. ((i_1 < i_3) -> ((i_3 < n) ->
+ (Mchar_2[shift_sint8(dest_0, i_3)]
+ = Mchar_0[shift_sint8(src_0, i_3)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i_1) /\ (i_1 < n).
+ Have: forall i_3 : Z. let a_2 = shift_sint8(src_0, i_3) in
+ ((i_3 <= i_1) -> ((0 <= i_3) -> (Mchar_2[a_2] = Mchar_0[a_2]))).
(* Else *)
Have: i_1 <= 0.
Have: Mchar_2[a <- Mchar_2[a_1]] = Mchar_1.
@@ -284,13 +321,15 @@ Assume {
(* Then *)
Have: memoverlap_0 <= 0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i <= i_1) ->
- ((i_1 < n) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: 0 <= n.
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shift_sint8(dest_0, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i <= i_1) ->
+ ((i_1 < n) -> (a_1[a_3] = Mchar_0[a_3]))).
(* Then *)
Have: i < n.
}
@@ -325,6 +364,7 @@ Prove: 0 <= n.
------------------------------------------------------------
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 96):
+Let x = to_uint64(1 + i).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
Let a_2 = shift_sint8(s, 0).
@@ -334,7 +374,7 @@ Assume {
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint64(1 + i)).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
@@ -350,15 +390,19 @@ Assume {
(* Then *)
Have: memoverlap_0 <= 0.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_3 = shift_sint8(s, i_2) in ((i <= i_2) ->
- ((i_2 < n) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: 0 <= n.
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_1[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_2 : Z. let a_3 = shift_sint8(s, i_2) in ((i <= i_2) ->
+ ((i_2 < n) -> (a_1[a_3] = Mchar_0[a_3]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
}
Prove: a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]][shift_sint8(d, i_1)] =
Mchar_0[shift_sint8(s, i_1)].
@@ -371,17 +415,19 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 97):
+Let x = to_uint64(1 + i).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(s, 0).
-Let a_3 = shift_sint8(s, i_1).
+Let a_2 = a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]].
+Let a_3 = shift_sint8(s, 0).
+Let a_4 = shift_sint8(s, i_1).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
(* Goal *)
- When: (i_1 < n) /\ (to_uint64(1 + i) <= i_1).
+ When: (i_1 < n) /\ (x <= i_1).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
@@ -389,25 +435,32 @@ Assume {
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
+ Have: ((separated(a, n, a_3, n) -> (memoverlap_0 = 0))) /\
((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = (-1)))))) /\
((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = 1))))).
(* Then *)
Have: memoverlap_0 <= 0.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_4 = shift_sint8(s, i_2) in ((i <= i_2) ->
- ((i_2 < n) -> (a_1[a_4] = Mchar_0[a_4]))).
+ Have: 0 <= n.
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_1[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_2 : Z. let a_5 = shift_sint8(s, i_2) in ((i <= i_2) ->
+ ((i_2 < n) -> (a_1[a_5] = Mchar_0[a_5]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < x) ->
+ (a_2[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
}
-Prove: a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]][a_3] = Mchar_0[a_3].
+Prove: a_2[a_4] = Mchar_0[a_4].
------------------------------------------------------------
@@ -419,6 +472,7 @@ Prove: true.
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 107):
Let a = shift_sint8(dest_0, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
+Let x = to_uint64(n - 1).
Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
@@ -440,13 +494,18 @@ Assume {
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
- ((0 <= i_1) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: x < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x < i_1) ->
+ (Mchar_0[shift_sint8(src_0, i_1)] = Mchar_0[shift_sint8(dest_0, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i < n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
(a_1[shift_sint8(dest_0, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i < n).
+ Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
+ ((0 <= i_1) -> (a_1[a_3] = Mchar_0[a_3]))).
(* Then *)
Have: 0 < i.
}
@@ -481,8 +540,10 @@ Prove: to_uint64(n - 1) < n.
------------------------------------------------------------
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 108):
+Let x = to_uint64(i - 1).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
+Let x_1 = to_uint64(n - 1).
Let a_2 = shift_sint8(s, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
@@ -490,7 +551,7 @@ Assume {
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
(* Goal *)
- When: (i_1 < n) /\ (to_uint64(i - 1) < i_1).
+ When: (i_1 < n) /\ (x < i_1).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
@@ -506,15 +567,22 @@ Assume {
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_3 = shift_sint8(s, i_2) in ((i_2 <= i) ->
- ((0 <= i_2) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: x_1 < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_2 : Z. ((i_2 < n) -> ((x_1 < i_2) ->
+ (Mchar_0[shift_sint8(s, i_2)] = Mchar_0[shift_sint8(d, i_2)]))).
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i < n).
(* Invariant 'no_eva' *)
Have: forall i_2 : Z. ((i < i_2) -> ((i_2 < n) ->
(a_1[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i < n).
+ Have: forall i_2 : Z. let a_3 = shift_sint8(s, i_2) in ((i_2 <= i) ->
+ ((0 <= i_2) -> (a_1[a_3] = Mchar_0[a_3]))).
(* Then *)
Have: 0 < i.
+ (* Invariant 'no_eva' *)
+ Have: x < n.
}
Prove: a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]][shift_sint8(d, i_1)] =
Mchar_0[shift_sint8(s, i_1)].
@@ -522,6 +590,7 @@ Prove: a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]][shift_sint8(d, i_1)] =
------------------------------------------------------------
Goal Establishment of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 108):
+Let x = to_uint64(n - 1).
Let a = shift_sint8(dest_0, 0).
Let a_1 = shift_sint8(src_0, 0).
Assume {
@@ -530,7 +599,7 @@ Assume {
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (i < n) /\ (to_uint64(n - 1) < i).
+ When: (i < n) /\ (x < i).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, dest_0, n).
(* Pre-condition 'valid_src' *)
@@ -545,23 +614,28 @@ Assume {
((!separated(a, n, a_1, n)) -> (memoverlap_0 = 1))))).
(* Else *)
Have: 0 < memoverlap_0.
+ (* Invariant 'no_eva' *)
+ Have: x < n.
}
Prove: Mchar_0[shift_sint8(src_0, i)] = Mchar_0[shift_sint8(dest_0, i)].
------------------------------------------------------------
Goal Preservation of Invariant 'no_eva' (file FRAMAC_SHARE/libc/string.c, line 109):
+Let x = to_uint64(i - 1).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(s, 0).
-Let a_3 = shift_sint8(s, i_1).
+Let a_2 = a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]].
+Let x_1 = to_uint64(n - 1).
+Let a_3 = shift_sint8(s, 0).
+Let a_4 = shift_sint8(s, i_1).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
sconst(Mchar_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= to_uint64(i - 1)).
+ When: (0 <= i_1) /\ (i_1 <= x).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
@@ -569,25 +643,35 @@ Assume {
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
+ Have: ((separated(a, n, a_3, n) -> (memoverlap_0 = 0))) /\
((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = (-1)))))) /\
((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = 1))))).
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_2 : Z. let a_4 = shift_sint8(s, i_2) in ((i_2 <= i) ->
- ((0 <= i_2) -> (a_1[a_4] = Mchar_0[a_4]))).
+ Have: x_1 < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_2 : Z. ((i_2 < n) -> ((x_1 < i_2) ->
+ (Mchar_0[shift_sint8(s, i_2)] = Mchar_0[shift_sint8(d, i_2)]))).
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i < n).
(* Invariant 'no_eva' *)
Have: forall i_2 : Z. ((i < i_2) -> ((i_2 < n) ->
(a_1[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i < n).
+ Have: forall i_2 : Z. let a_5 = shift_sint8(s, i_2) in ((i_2 <= i) ->
+ ((0 <= i_2) -> (a_1[a_5] = Mchar_0[a_5]))).
(* Then *)
Have: 0 < i.
+ (* Invariant 'no_eva' *)
+ Have: x < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_2 : Z. ((i_2 < n) -> ((x < i_2) ->
+ (a_2[shift_sint8(d, i_2)] = Mchar_0[shift_sint8(s, i_2)]))).
}
-Prove: a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]][a_3] = Mchar_0[a_3].
+Prove: a_2[a_4] = Mchar_0[a_4].
------------------------------------------------------------
@@ -609,43 +693,55 @@ Prove: true.
Goal Loop assigns (file FRAMAC_SHARE/libc/string.c, line 98) (3/3):
Effect at line 102
+Let x = to_uint64(1 + i).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(src_0, 0).
-Let a_3 = shift_sint8(d, i).
+Let a_2 = shift_sint8(d, i).
+Let a_3 = a_1[a_2 <- a_1[shift_sint8(s, i)]].
+Let a_4 = shift_sint8(s, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
- Type: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
- linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ sconst(Mchar_0).
(* Goal *)
- When: !invalid(Malloc_0, a_3, 1).
+ When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
- Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
- ((addr_le(d, src_0) -> (addr_lt(src_0, shift_sint8(d, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
- ((addr_lt(src_0, d) -> (addr_le(d, shift_sint8(src_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ Have: ((separated(a, n, a_4, n) -> (memoverlap_0 = 0))) /\
+ ((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
+ ((!separated(a, n, a_4, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
+ ((!separated(a, n, a_4, n)) -> (memoverlap_0 = 1))))).
(* Then *)
Have: memoverlap_0 <= 0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_4 = shift_sint8(src_0, i_1) in ((i <= i_1) ->
- ((i_1 < n) -> (a_1[a_4] = Mchar_0[a_4]))).
+ Have: 0 <= n.
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
+ (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_1 : Z. let a_5 = shift_sint8(s, i_1) in ((i <= i_1) ->
+ ((i_1 < n) -> (a_1[a_5] = Mchar_0[a_5]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (a_3[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_5 = shift_sint8(s, i_1) in ((i_1 < n) ->
+ ((x <= i_1) -> (a_3[a_5] = Mchar_0[a_5]))).
}
-Prove: included(a_3, 1, a, n).
+Prove: included(a_2, 1, a, n).
------------------------------------------------------------
@@ -662,43 +758,59 @@ Prove: true.
Goal Loop assigns (file FRAMAC_SHARE/libc/string.c, line 110) (3/3):
Effect at line 114
+Let x = to_uint64(i - 1).
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(src_0, 0).
-Let a_3 = shift_sint8(d, i).
+Let a_2 = shift_sint8(d, i).
+Let a_3 = a_1[a_2 <- a_1[shift_sint8(s, i)]].
+Let x_1 = to_uint64(n - 1).
+Let a_4 = shift_sint8(s, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
- Type: (region(d.base) <= 0) /\ (region(src_0.base) <= 0) /\
- linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ sconst(Mchar_0).
(* Goal *)
- When: !invalid(Malloc_0, a_3, 1).
+ When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition 'valid_dest' *)
Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
- Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
- ((addr_le(d, src_0) -> (addr_lt(src_0, shift_sint8(d, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
- ((addr_lt(src_0, d) -> (addr_le(d, shift_sint8(src_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ Have: ((separated(a, n, a_4, n) -> (memoverlap_0 = 0))) /\
+ ((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
+ ((!separated(a, n, a_4, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
+ ((!separated(a, n, a_4, n)) -> (memoverlap_0 = 1))))).
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_4 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
- ((0 <= i_1) -> (a_1[a_4] = Mchar_0[a_4]))).
+ Have: x_1 < n.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
- (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x_1 < i_1) ->
+ (Mchar_0[shift_sint8(s, i_1)] = Mchar_0[shift_sint8(d, i_1)]))).
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i < n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
+ (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_5 = shift_sint8(s, i_1) in ((i_1 <= i) ->
+ ((0 <= i_1) -> (a_1[a_5] = Mchar_0[a_5]))).
(* Then *)
Have: 0 < i.
+ (* Invariant 'no_eva' *)
+ Have: x < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x < i_1) ->
+ (a_3[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_5 = shift_sint8(s, i_1) in ((0 <= i_1) ->
+ ((i_1 <= x) -> (a_3[a_5] = Mchar_0[a_5]))).
}
-Prove: included(a_3, 1, a, n).
+Prove: included(a_2, 1, a, n).
------------------------------------------------------------
@@ -740,6 +852,7 @@ Goal Assigns (file FRAMAC_SHARE/libc/string.h, line 122) in 'memmove' (6/7):
Effect at line 115
Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
+Let x = to_uint64(n - 1).
Let a_2 = shift_sint8(src_0, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
@@ -763,13 +876,18 @@ Assume {
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
- ((0 <= i_1) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: x < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x < i_1) ->
+ (Mchar_0[shift_sint8(src_0, i_1)] = Mchar_0[shift_sint8(d, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i < n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
(a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i < n).
+ Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
+ ((0 <= i_1) -> (a_1[a_3] = Mchar_0[a_3]))).
(* Else *)
Have: i <= 0.
}
@@ -784,40 +902,52 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file FRAMAC_SHARE/libc/string.c, line 101):
-Let a = shift_sint8(dest_0, 0).
+Let x = to_uint64(1 + i).
+Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(src_0, 0).
+Let a_2 = a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]].
+Let a_3 = shift_sint8(s, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
- Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
- linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ sconst(Mchar_0).
(* Pre-condition 'valid_dest' *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
- Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
- ((addr_le(dest_0, src_0) -> (addr_lt(src_0, shift_sint8(dest_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
- ((addr_lt(src_0, dest_0) -> (addr_le(dest_0, shift_sint8(src_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ Have: ((separated(a, n, a_3, n) -> (memoverlap_0 = 0))) /\
+ ((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = 1))))).
(* Then *)
Have: memoverlap_0 <= 0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i <= i_1) ->
- ((i_1 < n) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: 0 <= n.
+ (* Invariant 'no_eva' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shift_sint8(dest_0, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
+ (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
(* Invariant 'no_eva' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: forall i_1 : Z. let a_4 = shift_sint8(s, i_1) in ((i <= i_1) ->
+ ((i_1 < n) -> (a_1[a_4] = Mchar_0[a_4]))).
(* Then *)
Have: i < n.
+ (* Invariant 'no_eva' *)
+ Have: x <= n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (a_2[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_4 = shift_sint8(s, i_1) in ((i_1 < n) ->
+ ((x <= i_1) -> (a_2[a_4] = Mchar_0[a_4]))).
}
-Prove: i < to_uint64(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -827,40 +957,56 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file FRAMAC_SHARE/libc/string.c, line 113):
-Let a = shift_sint8(dest_0, 0).
+Let x = to_uint64(i - 1).
+Let a = shift_sint8(d, 0).
Let a_1 = havoc(Mchar_undef_0, Mchar_0, a, n).
-Let a_2 = shift_sint8(src_0, 0).
+Let a_2 = a_1[shift_sint8(d, i) <- a_1[shift_sint8(s, i)]].
+Let x_1 = to_uint64(n - 1).
+Let a_3 = shift_sint8(s, 0).
Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(i) /\ is_uint64(n).
(* Heap *)
- Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
- linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0) /\
+ sconst(Mchar_0).
(* Pre-condition 'valid_dest' *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ Have: P_valid_or_empty(Malloc_0, d, n).
(* Pre-condition 'valid_src' *)
- Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
- Have: ((separated(a, n, a_2, n) -> (memoverlap_0 = 0))) /\
- ((addr_le(dest_0, src_0) -> (addr_lt(src_0, shift_sint8(dest_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = (-1)))))) /\
- ((addr_lt(src_0, dest_0) -> (addr_le(dest_0, shift_sint8(src_0, n)) ->
- ((!separated(a, n, a_2, n)) -> (memoverlap_0 = 1))))).
+ Have: ((separated(a, n, a_3, n) -> (memoverlap_0 = 0))) /\
+ ((addr_le(d, s) -> (addr_lt(s, shift_sint8(d, n)) ->
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = (-1)))))) /\
+ ((addr_lt(s, d) -> (addr_le(d, shift_sint8(s, n)) ->
+ ((!separated(a, n, a_3, n)) -> (memoverlap_0 = 1))))).
(* Else *)
Have: 0 < memoverlap_0.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. let a_3 = shift_sint8(src_0, i_1) in ((i_1 <= i) ->
- ((0 <= i_1) -> (a_1[a_3] = Mchar_0[a_3]))).
+ Have: x_1 < n.
(* Invariant 'no_eva' *)
- Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
- (a_1[shift_sint8(dest_0, i_1)] = Mchar_0[shift_sint8(src_0, i_1)]))).
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x_1 < i_1) ->
+ (Mchar_0[shift_sint8(s, i_1)] = Mchar_0[shift_sint8(d, i_1)]))).
(* Invariant 'no_eva' *)
Have: (0 <= i) /\ (i < n).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i < i_1) -> ((i_1 < n) ->
+ (a_1[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_4 = shift_sint8(s, i_1) in ((i_1 <= i) ->
+ ((0 <= i_1) -> (a_1[a_4] = Mchar_0[a_4]))).
(* Then *)
Have: 0 < i.
+ (* Invariant 'no_eva' *)
+ Have: x < n.
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. ((i_1 < n) -> ((x < i_1) ->
+ (a_2[shift_sint8(d, i_1)] = Mchar_0[shift_sint8(s, i_1)]))).
+ (* Invariant 'no_eva' *)
+ Have: forall i_1 : Z. let a_4 = shift_sint8(s, i_1) in ((0 <= i_1) ->
+ ((i_1 <= x) -> (a_2[a_4] = Mchar_0[a_4]))).
}
-Prove: to_uint64(i - 1) < i.
+Prove: x < i.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/region_to_coq.script b/src/plugins/wp/tests/wp_plugin/region_to_coq.script
index 975ea9f72afde75a92fee1218e0788e4e3c6c0cc..ec805f70b549129917db4df73cf1b8a5a297c2f2 100644
--- a/src/plugins/wp/tests/wp_plugin/region_to_coq.script
+++ b/src/plugins/wp/tests/wp_plugin/region_to_coq.script
@@ -18,19 +18,19 @@ Qed.
Goal typed_copy_loop_invariant_preserved.
Hint copy,preserved.
Proof.
- intros.
- assert (Hi_1: (1+i_1 <= i)%Z) by omega.
+ intros i n Li Ui Ln _ Hi Hn.
+ Require Import Lia.
+ assert (Hi_1: (1+i <= n)%Z) by lia.
unfold is_uint32, to_uint32.
unfold to_range.
- intros.
rewrite Z.add_0_l.
repeat rewrite Z.sub_0_r.
- unfold is_uint32 in H2.
- assert (Bs: (1 + i_1 = 4294967296)%Z \/ (1 + i_1 < 4294967296)%Z) by omega.
- inversion Bs.
- - rewrite <- H4.
- rewrite Z_mod_same ; omega.
- - rewrite Z.mod_small ; omega.
+ unfold is_uint32 in Hi.
+ assert (Bs: (1 + i = 4294967296)%Z \/ (1 + i < 4294967296)%Z) by lia.
+ inversion_clear Bs as [ Eq | Lower ].
+ - rewrite <- Eq.
+ rewrite Z_mod_same ; lia.
+ - rewrite Z.mod_small ; lia.
Qed.
diff --git a/src/plugins/wp/tests/wp_plugin/rte.i b/src/plugins/wp/tests/wp_plugin/rte.i
index f41d80662719bdfed9a22dd9405c62bee91a106a..026a1b040b06dfd07105fa177094d0693c399abd 100644
--- a/src/plugins/wp/tests/wp_plugin/rte.i
+++ b/src/plugins/wp/tests/wp_plugin/rte.i
@@ -1,5 +1,5 @@
/* run.config
- CMD: @frama-c@ -wp -wp-prover none -wp-share ./share -wp-msg-key shell,rte -wp-warn-key "pedantic-assigns=inactive"
+ CMD: @frama-c@ -wp -wp-prover none -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell,rte -wp-warn-key "pedantic-assigns=inactive"
OPT: -wp-rte -no-warn-invalid-bool -then -print -no-unicode
OPT: -wp-rte -no-warn-signed-overflow -then -print -no-unicode
OPT: -wp-rte -warn-unsigned-overflow -then -print -no-unicode
diff --git a/src/plugins/wp/tests/wp_tip/clear.i b/src/plugins/wp/tests/wp_tip/clear.i
new file mode 100644
index 0000000000000000000000000000000000000000..6abddf24da825c3c378e921cb3f540f9b7b18a78
--- /dev/null
+++ b/src/plugins/wp/tests/wp_tip/clear.i
@@ -0,0 +1,28 @@
+/* run.config
+ OPT: -wp-par 1 -wp-no-print -wp-prover qed,tip -wp-msg-key script -wp-session @PTEST_DIR@/oracle/@PTEST_NAME@.session
+*/
+/* run.config_qualif
+ DONTRUN:
+*/
+
+/*@ axiomatic X {
+ predicate P ;
+ predicate Q ;
+ predicate R ;
+ predicate S(integer i) ;
+ }
+*/
+
+int a = 42, b;
+
+/*@ requires P;
+ @ requires Q;
+ @ requires R;
+ @ ensures S(a+b); */
+void clear(void) {
+ if (a < b) {
+ a++;
+ } else {
+ b--;
+ }
+}
diff --git a/src/plugins/wp/tests/wp_tip/oracle/clear.res.oracle b/src/plugins/wp/tests/wp_tip/oracle/clear.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..08dbe46f1e28c74761624ee2a5425cf4f087a582
--- /dev/null
+++ b/src/plugins/wp/tests/wp_tip/oracle/clear.res.oracle
@@ -0,0 +1,118 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_tip/clear.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+[wp] 1 goal scheduled
+[wp:script:allgoals]
+ Goal Post-condition (file tests/wp_tip/clear.i, line 21) in 'clear':
+ Assume {
+ Type: is_sint32(a) /\ is_sint32(a_1) /\ is_sint32(a_2) /\ is_sint32(b) /\
+ is_sint32(b_1) /\ is_sint32(b_2).
+ (* Pre-condition *)
+ Have: P_P.
+ (* Pre-condition *)
+ Have: P_Q.
+ (* Pre-condition *)
+ Have: P_R.
+ If a_2 < b_2
+ Then { Have: (a_2 = a_1) /\ (b_2 = b). Have: (1 + a_1) = a. }
+ Else { Have: (a_2 = a) /\ (b_2 = b_1). Have: (1 + b) = b_1. }
+ }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-0 (generated):
+ Assume {
+ Type: is_sint32(a) /\ is_sint32(a_1) /\ is_sint32(a_2) /\ is_sint32(b) /\
+ is_sint32(b_1) /\ is_sint32(b_2).
+ (* Pre-condition *)
+ Have: P_P.
+ (* Pre-condition *)
+ Have: P_Q.
+ (* Pre-condition *)
+ Have: P_R.
+ If a_2 < b_2
+ Then { Have: (a_2 = a_1) /\ (b_2 = b). }
+ Else { Have: (a_2 = a) /\ (b_2 = b_1). Have: (1 + b) = b_1. }
+ }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-1 (generated):
+ Assume {
+ Type: is_sint32(a) /\ is_sint32(a_1) /\ is_sint32(a_2) /\ is_sint32(b) /\
+ is_sint32(b_1) /\ is_sint32(b_2).
+ (* Pre-condition *)
+ Have: P_P.
+ (* Pre-condition *)
+ Have: P_Q.
+ If a_2 < b_2
+ Then { Have: (a_2 = a_1) /\ (b_2 = b). }
+ Else { Have: (a_2 = a) /\ (b_2 = b_1). Have: (1 + b) = b_1. }
+ }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-2 (generated):
+ Assume {
+ Type: is_sint32(a) /\ is_sint32(a_1) /\ is_sint32(a_2) /\ is_sint32(b) /\
+ is_sint32(b_1).
+ (* Pre-condition *)
+ Have: P_P.
+ (* Pre-condition *)
+ Have: P_Q.
+ If a_2 < b_1
+ Then { Have: (a_2 = a_1) /\ (b_1 = b). }
+ }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-3 (generated):
+ Assume {
+ Type: is_sint32(a) /\ is_sint32(b).
+ (* Pre-condition *)
+ Have: P_P.
+ (* Pre-condition *)
+ Have: P_Q.
+ }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-4 (generated):
+ Assume { Type: is_sint32(a) /\ is_sint32(b). (* Pre-condition *) Have: P_P. }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-5 (generated):
+ Assume { (* Pre-condition *) Have: P_P. }
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp:script:allgoals]
+ typed_clear_ensures subgoal:
+
+ Goal Wp.Tactical.typed_clear_ensures-6 (generated):
+ Prove: P_S(a + b).
+
+ ------------------------------------------------------------
+[wp] [Script] Goal typed_clear_ensures : Unsuccess
+[wp] Proved goals: 0 / 1
+[wp] No updated script.
diff --git a/src/plugins/wp/tests/wp_tip/oracle/clear.session/script/clear_ensures.json b/src/plugins/wp/tests/wp_tip/oracle/clear.session/script/clear_ensures.json
new file mode 100644
index 0000000000000000000000000000000000000000..64fc7f20266a326aa4eb3d30f70c61d94343fedc
--- /dev/null
+++ b/src/plugins/wp/tests/wp_tip/oracle/clear.session/script/clear_ensures.json
@@ -0,0 +1,67 @@
+[ { "header": "Clear", "tactic": "Wp.clear", "params": {},
+ "select": { "select": "clause-step", "at": 9, "kind": "have",
+ "target": "(1+a_1)=a_0", "pattern": "=+$a1$a" },
+ "children": { "Cleared hypothesis": [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select": { "select": "clause-step",
+ "at": 4,
+ "kind": "have",
+ "target": "P_R",
+ "pattern": "P_R" },
+ "children": { "Cleared hypothesis":
+ [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select":
+ { "select": "clause-step",
+ "at": 9,
+ "kind": "have",
+ "target": "(a_2=a_0) /\\ (b_2=b_1)",
+ "pattern": "&==$a$a$b$b" },
+ "children":
+ { "Cleared hypothesis":
+ [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select":
+ { "select": "clause-step",
+ "at": 5,
+ "kind": "branch",
+ "target": "a_2<b_2",
+ "pattern": "<$a$b" },
+ "children":
+ { "Cleared hypothesis":
+ [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select":
+ { "select": "clause-step",
+ "at": 3,
+ "kind": "have",
+ "target": "P_Q",
+ "pattern": "P_Q" },
+ "children":
+ { "Cleared hypothesis":
+ [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select":
+ { "select": "clause-step",
+ "at": 0,
+ "kind": "type",
+ "target": "(is_sint32 a_0) /\\ (is_sint32 b_0)",
+ "pattern": "&is_sint32is_sint32$a$b" },
+ "children":
+ { "Cleared hypothesis":
+ [ { "header": "Clear",
+ "tactic": "Wp.clear",
+ "params": {},
+ "select":
+ { "select": "clause-step",
+ "at": 1,
+ "kind": "have",
+ "target": "P_P",
+ "pattern": "P_P" },
+ "children":
+ { "Cleared hypothesis": [] } } ] } } ] } } ] } } ] } } ] } } ] } } ]
diff --git a/src/plugins/wp/tests/wp_tip/split.i b/src/plugins/wp/tests/wp_tip/split.i
index 6aff2d20b8542b319d535c902053171c3ad83ed6..984bb90f40213dcc5bb5bdeaf54829475dc67f5e 100644
--- a/src/plugins/wp/tests/wp_tip/split.i
+++ b/src/plugins/wp/tests/wp_tip/split.i
@@ -1,5 +1,5 @@
/* run.config
- OPT: -wp-par 1 -wp-no-print -wp-prover qed,tip -wp-msg-key script -wp-session @PTEST_DIR@/oracle/@PTEST_NAME@.session
+ OPT: -wp-par 1 -wp-no-print -wp-prover qed,tip -wp-msg-key script -wp-session @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.session
*/
/* run.config_qualif
DONTRUN:
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
index 22ca444e6a537298516bfc57f628ad0aaa4ab32c..3a2d8b0e8f0645ba40be2de76a0807021175621c 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
@@ -21,13 +21,13 @@ Assume {
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_2)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Else *)
Have: n <= i.
}
@@ -43,18 +43,20 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
+ When: (i_1 <= i) /\ (0 <= i_1) /\ is_sint32(i_1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(a, i_2)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant 'Range' *)
+ Have: (-1) <= i.
}
Prove: a_2[shift_sint32(a, i) <- v][shift_sint32(a, i_1)] = v.
@@ -73,13 +75,13 @@ Assume {
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
}
@@ -106,26 +108,31 @@ Prove: true.
Goal Loop assigns 'Zone' (3/3):
Effect at line 20
Let a_1 = shift_sint32(a, 0).
-Let a_2 = shift_sint32(a, i).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
+Let x = i - 1.
+Let a_3 = shift_sint32(a, x).
Assume {
- Type: is_sint32(i) /\ is_sint32(n).
+ Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: !invalid(Malloc_0, a_2, 1).
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
(* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: (0 < i) /\ (i <= (1 + n)).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((2 + i_1) <= i) ->
+ (is_sint32(i_1) -> (a_2[shift_sint32(a, i_1)] = v)))).
(* Then *)
- Have: i < n.
+ Have: i <= n.
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_2[a_3 <- v][shift_sint32(a, i_1)] = v))).
}
-Prove: included(a_2, 1, a_1, n).
+Prove: included(a_3, 1, a_1, n).
------------------------------------------------------------
@@ -153,10 +160,10 @@ Assume {
Type: is_uint32(i_1).
(* Goal *)
When: (0 <= i) /\ (i <= 9).
- (* Invariant 'Partial' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) -> (t1_0[i_2] = v))).
(* Invariant 'Range' *)
Have: (0 <= i_1) /\ (i_1 <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) -> (t1_0[i_2] = v))).
(* Else *)
Have: 10 <= i_1.
}
@@ -165,16 +172,19 @@ Prove: t1_0[i] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 32):
+Let x = to_uint32(1 + i).
Assume {
Type: is_uint32(i).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
- (* Invariant 'Partial' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) -> (t1_0[i_2] = v))).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) -> (t1_0[i_2] = v))).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: t1_0[i <- v][i_1] = v.
@@ -188,10 +198,10 @@ Prove: true.
Goal Preservation of Invariant 'Range' (file tests/wp_typed/user_init.i, line 31):
Assume {
Type: is_uint32(i).
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Then *)
Have: i <= 9.
}
@@ -222,16 +232,22 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 35):
+Let x = to_uint32(1 + i).
Assume {
Type: is_uint32(i).
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (t1_0[i <- v][i_1] = v))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -255,12 +271,12 @@ Assume {
((i_3 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_1)))))) ->
(Mint_1[a_1] = Mint_0[a_1])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i_2) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Else *)
Have: 10 <= i_2.
}
@@ -274,6 +290,7 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 136):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
Let a_2 = shift_sint32(a_1, 0).
@@ -281,24 +298,26 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone' *)
Have: forall a_4 : addr.
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_4)))))) ->
(Mint_1[a_4] = Mint_0[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) ->
(a_3[shift_sint32(a_1, i_3)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: a_3[shift_sint32(shift_A20_sint32(a, i_1), i_2)] = Mint_undef_0[a_2].
@@ -320,12 +339,12 @@ Assume {
((i_1 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))))) ->
(Mint_0[a_2] = Mint_1[a_2])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
@@ -354,8 +373,11 @@ Prove: true.
Goal Loop assigns 'lack,Zone' (2/3):
Effect at line 139
+Let x = to_uint32(1 + i_2).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i_2).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i_2) /\ is_sint32(v).
(* Goal *)
@@ -363,23 +385,28 @@ Assume {
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
(i_6 <= 19) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_8), i_7) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_8), i_7) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_8), i_7)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Call 'init' *)
Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_7)] = v))).
+ (a_3[shift_sint32(a_1, i_7)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_8), i_7)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -388,28 +415,36 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone' (3/3):
Call Effect at line 140
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 <= 9) ->
((i_2 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: i <= 10.
(* Invariant 'Partial' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = v))))).
- (* Invariant 'Range' *)
- Have: i <= 10.
(* Call 'init' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_2)] = v))).
+ (a_3[shift_sint32(a_1, i_2)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 < x) ->
+ ((i_2 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (0 <= i_2) /\ (i_1 <= i_2) /\ (i_3 <= 9) /\ (i_2 <= 19).
@@ -483,30 +518,38 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 139):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_1)] = v))).
+ (a_3[shift_sint32(a_1, i_1)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = Mint_undef_0[a_2]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -541,12 +584,12 @@ Assume {
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_1)))) ->
(Mint_1[a_1] = Mint_0[a_1])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i_2) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Else *)
Have: 10 <= i_2.
}
@@ -560,6 +603,7 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 154):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
Let a_2 = shift_sint32(a_1, 0).
@@ -567,23 +611,25 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'tactic,Zone' *)
Have: forall a_4 : addr.
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_4)))) ->
(Mint_1[a_4] = Mint_0[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) ->
(a_3[shift_sint32(a_1, i_3)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: a_3[shift_sint32(shift_A20_sint32(a, i_1), i_2)] = Mint_undef_0[a_2].
@@ -604,12 +650,12 @@ Assume {
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))) ->
(Mint_0[a_2] = Mint_1[a_2])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
@@ -638,30 +684,38 @@ Prove: true.
Goal Loop assigns 'tactic,Zone' (2/3):
Effect at line 157
+Let x = to_uint32(1 + i_2).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i_2).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i_2) /\ is_sint32(v).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_7), i_6) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_7), i_6) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_7), i_6)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Call 'init' *)
Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_6)] = v))).
+ (a_3[shift_sint32(a_1, i_6)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_7), i_6)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -670,27 +724,35 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone' (3/3):
Call Effect at line 158
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: i <= 10.
(* Invariant 'Partial' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = v))))).
- (* Invariant 'Range' *)
- Have: i <= 10.
(* Call 'init' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_2)] = v))).
+ (a_3[shift_sint32(a_1, i_2)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 < x) ->
+ ((i_2 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (i_1 <= i_2) /\ (i_3 <= 9).
@@ -758,29 +820,37 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 157):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_1)] = v))).
+ (a_3[shift_sint32(a_1, i_1)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = Mint_undef_0[a_2]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -824,23 +894,24 @@ Prove: t2_0[i][i_1] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 48):
+Let x = to_uint32(1 + i).
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
(* Heap *)
Type: IsArray_d2_sint32(t2_1).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_1[i_4][i_3] = t2_2[i_4][i_3])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_2[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -848,11 +919,13 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_2[i_4][i_3] = t2_0[i_4][i_3])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_2[i_4][i_3] = t2_0[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: m[0] = t2_0[i_1][i_2].
@@ -873,11 +946,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -885,11 +958,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
}
Prove: to_uint32(1 + i) <= 10.
@@ -901,23 +974,24 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 54):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
Type: IsArray_d2_sint32(t2_1).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 <= 9) ->
((i_2 <= 19) ->
(((i_3 < 0) \/ (i_2 < 0) \/ (10 <= i_3) \/ (20 <= i_2)) ->
(t2_1[i_3][i_2] = t2_2[i_3][i_2])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_2[i_3][i_2] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -925,15 +999,17 @@ Assume {
((i_2 <= 19) ->
(((i_3 < 0) \/ (i_2 < 0) \/ (10 <= i_3) \/ (20 <= i_2)) ->
(t2_0[i_3][i_2] = t2_2[i_3][i_2])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_0[i_3][i_2] = t2_2[i_3][i_2]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
Prove: m[j <- v][i_1] = v.
@@ -945,7 +1021,9 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, line 55):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
+Let m_1 = m[j <- v].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -957,11 +1035,11 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_2[i_4][i_3] = t2_1[i_4][i_3])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -969,17 +1047,21 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_0[i_4][i_3] = t2_1[i_4][i_3])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < x) -> (m_1[i_3] = v))).
}
-Prove: t2_0[i <- m[j <- v]][i_1][i_2] = t2_1[i_1][i_2].
+Prove: t2_0[i <- m_1][i_1][i_2] = t2_1[i_1][i_2].
------------------------------------------------------------
@@ -998,11 +1080,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1010,13 +1092,13 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
}
@@ -1046,6 +1128,8 @@ Prove: true.
Goal Loop assigns 'lack,Zone_i' (2/3):
Effect at line 51
+Let x = to_uint32(1 + i_2).
+Let m = t2_2[i_2].
Assume {
Type: is_uint32(i_2).
(* Heap *)
@@ -1059,24 +1143,28 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
- (t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (t2_1[i_8][i_7] = t2_2[i_8][i_7])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
- ((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (t2_2[i_2][i_7] = v))).
+ ((i_7 <= 19) -> (t2_1[i_8][i_7] = t2_2[i_8][i_7]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) -> (t2_2[i_8][i_7] = m[0]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1085,6 +1173,8 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone_i' (3/3):
Effect at line 58
+Let x = to_uint32(1 + i_2).
+Let m = t2_2[i_2].
Assume {
Type: is_uint32(i_2).
(* Heap *)
@@ -1098,24 +1188,28 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
- (t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (t2_1[i_8][i_7] = t2_2[i_8][i_7])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
- ((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (t2_2[i_2][i_7] = v))).
+ ((i_7 <= 19) -> (t2_1[i_8][i_7] = t2_2[i_8][i_7]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) -> (t2_2[i_8][i_7] = m[0]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1129,6 +1223,9 @@ Prove: true.
Goal Loop assigns 'lack,Zone_j' (2/3):
Effect at line 58
+Let m = t2_2[i_2].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
(* Heap *)
@@ -1142,11 +1239,11 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1154,15 +1251,22 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < j) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < j) -> (t2_2[i_2][i_7] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < x) -> (m_1[i_7] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
+ ((i_7 <= 19) -> (t2_2[i_2 <- m_1][i_8][i_7] = t2_1[i_8][i_7]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1171,6 +1275,9 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone_j' (3/3):
Effect at line 59
+Let m = t2_2[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -1182,23 +1289,30 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: j <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
(* Invariant 'Range_j' *)
- Have: j <= 20.
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_2[i <- m_1][i_2][i_1] = t2_1[i_2][i_1]))))).
}
Prove: exists i_2,i_1 : Z. (i_2 <= i) /\ (0 <= i_2) /\ (i <= i_2) /\
(0 <= i_1) /\ (j <= i_1) /\ (i_1 <= j) /\ (i_2 <= 9) /\ (i_1 <= 19).
@@ -1236,6 +1350,8 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 51):
+Let x = to_uint32(1 + i).
+Let m = t2_2[i].
Assume {
Type: is_uint32(i).
(* Heap *)
@@ -1245,25 +1361,30 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
- (t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (t2_1[i_2][i_1] = t2_2[i_2][i_1])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
- ((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
+ ((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_2[i_2][i_1]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) -> (t2_2[i_2][i_1] = m[0]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1273,6 +1394,9 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 58):
+Let m = t2_2[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -1282,11 +1406,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1294,17 +1418,24 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_2[i <- m_1][i_2][i_1] = t2_1[i_2][i_1]))))).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
@@ -1329,23 +1460,26 @@ Prove: t2_0[i][i_1] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 77):
+Let x = to_uint32(1 + i).
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = t2_0[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: m[0] = t2_0[i_1][i_2].
@@ -1359,18 +1493,18 @@ Prove: true.
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 76):
Assume {
Type: is_uint32(i).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
}
Prove: to_uint32(1 + i) <= 10.
@@ -1382,27 +1516,30 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 83):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
+ When: (0 <= i_1) /\ (i_1 < x).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_1[i_3][i_2] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_0[i_3][i_2] = t2_1[i_3][i_2]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
Prove: m[j <- v][i_1] = v.
@@ -1414,29 +1551,35 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, line 84):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
+Let m_1 = m[j <- v].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i) /\ (0 <= i_2) /\ (i_2 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < x) -> (m_1[i_3] = v))).
}
-Prove: t2_0[i <- m[j <- v]][i_1][i_2] = t2_1[i_1][i_2].
+Prove: t2_0[i <- m_1][i_1][i_2] = t2_1[i_1][i_2].
------------------------------------------------------------
@@ -1448,20 +1591,20 @@ Prove: true.
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 82):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
}
@@ -1491,24 +1634,30 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_i' (2/3):
Effect at line 80
+Let x = to_uint32(1 + i_2).
+Let m = t2_1[i_2].
Assume {
Type: is_uint32(i_2).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
- ((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (t2_1[i_2][i_6] = v))).
+ ((i_6 <= 19) -> (t2_0[i_7][i_6] = t2_1[i_7][i_6]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) -> (t2_1[i_7][i_6] = m[0]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1517,24 +1666,30 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_i' (3/3):
Effect at line 87
+Let x = to_uint32(1 + i_2).
+Let m = t2_1[i_2].
Assume {
Type: is_uint32(i_2).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
- ((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (t2_1[i_2][i_6] = v))).
+ ((i_6 <= 19) -> (t2_0[i_7][i_6] = t2_1[i_7][i_6]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) -> (t2_1[i_7][i_6] = m[0]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1548,27 +1703,37 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_j' (2/3):
Effect at line 87
+Let m = t2_1[i_2].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < j) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < j) -> (t2_1[i_2][i_6] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < x) -> (m_1[i_6] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
+ ((i_6 <= 19) -> (t2_1[i_2 <- m_1][i_7][i_6] = t2_0[i_7][i_6]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1577,22 +1742,32 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_j' (3/3):
Effect at line 88
+Let m = t2_1[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
When: (0 <= i) /\ (0 <= j) /\ (i <= 9) /\ (j <= 19).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
+ (* Invariant 'Range_j' *)
+ Have: j <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
(* Invariant 'Range_j' *)
- Have: j <= 20.
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_1[i <- m_1][i_2][i_1] = t2_0[i_2][i_1]))))).
}
Prove: exists i_2,i_1 : Z. (i_2 <= i) /\ (0 <= i_2) /\ (i <= i_2) /\
(j <= i_1) /\ (i_1 <= j) /\ (i_2 <= 9).
@@ -1621,22 +1796,29 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 80):
+Let x = to_uint32(1 + i).
+Let m = t2_1[i].
Assume {
Type: is_uint32(i).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
- ((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
+ ((i_1 <= 19) -> (t2_0[i_2][i_1] = t2_1[i_2][i_1]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) -> (t2_1[i_2][i_1] = m[0]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1646,26 +1828,36 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 87):
+Let m = t2_1[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_1[i <- m_1][i_2][i_1] = t2_0[i_2][i_1]))))).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
@@ -1691,20 +1883,26 @@ Prove: P_MemSet20(t2_0[i], 20, v).
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 108):
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
+ When: (0 <= i_1) /\ (i_1 < x).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
P_MemSet20(t2_0[i_2], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: P_MemSet20(t2_0[i <- v][i_1], 20, v_1).
@@ -1716,17 +1914,20 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 107):
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
}
Prove: to_uint32(1 + i) <= 10.
@@ -1739,25 +1940,31 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 114):
-Let m = v[j <- v_1].
+Let x = to_uint32(1 + j).
+Let m = t2_0[i].
+Let m_1 = v[j <- v_1].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]) /\ IsArray_sint32(m).
+ is_sint32(v_1) /\ IsArray_sint32(m) /\ IsArray_sint32(m_1).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
-Prove: P_MemSet20(m, to_uint32(1 + j), v_1).
+Prove: P_MemSet20(m_1, x, v_1).
------------------------------------------------------------
@@ -1765,11 +1972,11 @@ Goal Establishment of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, li
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_sint32(v) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
}
@@ -1778,20 +1985,23 @@ Prove: P_MemSet20(m, 0, v).
------------------------------------------------------------
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 113):
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]).
+ is_sint32(v_1) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
}
@@ -1821,21 +2031,30 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_i' (2/3):
Effect at line 111
+Let x = to_uint32(1 + i_2).
+Let m = t2_0[i_2].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i_2) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i_2]).
+ IsArray_sint32(m).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < i_2) ->
P_MemSet20(t2_0[i_6], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < x) ->
+ P_MemSet20(t2_0[i_2 <- v][i_6], 20, v_1))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1844,18 +2063,27 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_i' (3/3):
Effect at line 117
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
P_MemSet20(t2_0[i_2], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < x) ->
+ P_MemSet20(t2_0[i <- v][i_2], 20, v_1))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (i_1 <= i_2) /\ (i_3 <= 9).
@@ -1895,20 +2123,29 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 111):
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ P_MemSet20(t2_0[i <- v][i_1], 20, v_1))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1918,24 +2155,33 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 117):
+Let m = v[j <- v_1].
+Let x = to_uint32(1 + j).
+Let m_1 = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]).
+ is_sint32(v_1) /\ IsArray_sint32(m_1) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m_1, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, x, v_1).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
index e1a3e723628fe25622cc96dc7c7b8c5d6a5e0cfb..20aaf5bdedf2232ff1e19edbf757434971402be0 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
@@ -21,13 +21,13 @@ Assume {
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_2)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Else *)
Have: n <= i.
}
@@ -43,18 +43,20 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
+ When: (i_1 <= i) /\ (0 <= i_1) /\ is_sint32(i_1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(a, i_2)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant 'Range' *)
+ Have: (-1) <= i.
}
Prove: a_2[shift_sint32(a, i) <- v][shift_sint32(a, i_1)] = v.
@@ -73,13 +75,13 @@ Assume {
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= n).
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
}
@@ -106,26 +108,31 @@ Prove: true.
Goal Loop assigns 'Zone' (3/3):
Effect at line 20
Let a_1 = shift_sint32(a, 0).
-Let a_2 = shift_sint32(a, i).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, n).
+Let x = i - 1.
+Let a_3 = shift_sint32(a, x).
Assume {
- Type: is_sint32(i) /\ is_sint32(n).
+ Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(x).
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Goal *)
- When: !invalid(Malloc_0, a_2, 1).
+ When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
Have: valid_rw(Malloc_0, a_1, n).
- (* Pre-condition *)
+ (* Invariant 'Range' *)
Have: 0 <= n.
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
(* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= n).
+ Have: (0 < i) /\ (i <= (1 + n)).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((2 + i_1) <= i) ->
+ (is_sint32(i_1) -> (a_2[shift_sint32(a, i_1)] = v)))).
(* Then *)
- Have: i < n.
+ Have: i <= n.
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_2[a_3 <- v][shift_sint32(a, i_1)] = v))).
}
-Prove: included(a_2, 1, a_1, n).
+Prove: included(a_3, 1, a_1, n).
------------------------------------------------------------
@@ -153,10 +160,10 @@ Assume {
Type: is_uint32(i_1).
(* Goal *)
When: (0 <= i) /\ (i <= 9).
- (* Invariant 'Partial' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) -> (t1_0[i_2] = v))).
(* Invariant 'Range' *)
Have: (0 <= i_1) /\ (i_1 <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) -> (t1_0[i_2] = v))).
(* Else *)
Have: 10 <= i_1.
}
@@ -165,16 +172,19 @@ Prove: t1_0[i] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 32):
+Let x = to_uint32(1 + i).
Assume {
Type: is_uint32(i).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
- (* Invariant 'Partial' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) -> (t1_0[i_2] = v))).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) -> (t1_0[i_2] = v))).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: t1_0[i <- v][i_1] = v.
@@ -188,10 +198,10 @@ Prove: true.
Goal Preservation of Invariant 'Range' (file tests/wp_typed/user_init.i, line 31):
Assume {
Type: is_uint32(i).
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Then *)
Have: i <= 9.
}
@@ -222,16 +232,22 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 35):
+Let x = to_uint32(1 + i).
Assume {
Type: is_uint32(i).
- (* Invariant 'Partial' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Invariant 'Range' *)
Have: (0 <= i) /\ (i <= 10).
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) -> (t1_0[i_1] = v))).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ (t1_0[i <- v][i_1] = v))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -255,12 +271,12 @@ Assume {
((i_3 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_1)))))) ->
(Mint_1[a_1] = Mint_0[a_1])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i_2) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Else *)
Have: 10 <= i_2.
}
@@ -274,6 +290,7 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 136):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
Let a_2 = shift_sint32(a_1, 0).
@@ -281,24 +298,26 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone' *)
Have: forall a_4 : addr.
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_4)))))) ->
(Mint_1[a_4] = Mint_0[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) ->
(a_3[shift_sint32(a_1, i_3)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: a_3[shift_sint32(shift_A20_sint32(a, i_1), i_2)] = Mint_undef_0[a_2].
@@ -320,12 +339,12 @@ Assume {
((i_1 <= 19) ->
(shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))))) ->
(Mint_0[a_2] = Mint_1[a_2])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
@@ -354,8 +373,11 @@ Prove: true.
Goal Loop assigns 'lack,Zone' (2/3):
Effect at line 139
+Let x = to_uint32(1 + i_2).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i_2).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i_2) /\ is_sint32(v).
(* Goal *)
@@ -363,23 +385,28 @@ Assume {
(0 <= i_1) /\ (i_3 <= 9) /\ (i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19) /\
(i_6 <= 19) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_8), i_7) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_8), i_7) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_8), i_7)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Call 'init' *)
Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_7)] = v))).
+ (a_3[shift_sint32(a_1, i_7)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_8), i_7)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -388,28 +415,36 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone' (3/3):
Call Effect at line 140
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 <= 9) ->
((i_2 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: i <= 10.
(* Invariant 'Partial' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = v))))).
- (* Invariant 'Range' *)
- Have: i <= 10.
(* Call 'init' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_2)] = v))).
+ (a_3[shift_sint32(a_1, i_2)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 < x) ->
+ ((i_2 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (0 <= i_2) /\ (i_1 <= i_2) /\ (i_3 <= 9) /\ (i_2 <= 19).
@@ -483,30 +518,38 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 139):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Loop assigns 'lack,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
- (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_4)))))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_1)] = v))).
+ (a_3[shift_sint32(a_1, i_1)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = Mint_undef_0[a_2]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -541,12 +584,12 @@ Assume {
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_1)))) ->
(Mint_1[a_1] = Mint_0[a_1])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i_2) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Else *)
Have: 10 <= i_2.
}
@@ -560,6 +603,7 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial' (file tests/wp_typed/user_init.i, line 154):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
Let a_2 = shift_sint32(a_1, 0).
@@ -567,23 +611,25 @@ Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'tactic,Zone' *)
Have: forall a_4 : addr.
((forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_4), i_3) != a_4)))) ->
(Mint_1[a_4] = Mint_0[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) ->
(Mint_0[shift_sint32(shift_A20_sint32(a, i_4), i_3)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) ->
(a_3[shift_sint32(a_1, i_3)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
}
Prove: a_3[shift_sint32(shift_A20_sint32(a, i_1), i_2)] = Mint_undef_0[a_2].
@@ -604,12 +650,12 @@ Assume {
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 <= 9) ->
(shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))) ->
(Mint_0[a_2] = Mint_1[a_2])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
@@ -638,30 +684,38 @@ Prove: true.
Goal Loop assigns 'tactic,Zone' (2/3):
Effect at line 157
+Let x = to_uint32(1 + i_2).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i_2).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i_2) /\ is_sint32(v).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_7), i_6) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_7), i_6) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_7), i_6)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Call 'init' *)
Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_6)] = v))).
+ (a_3[shift_sint32(a_1, i_6)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_7), i_6)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -670,27 +724,35 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone' (3/3):
Call Effect at line 158
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_3), i_2) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: i <= 10.
(* Invariant 'Partial' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = v))))).
- (* Invariant 'Range' *)
- Have: i <= 10.
(* Call 'init' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_2)] = v))).
+ (a_3[shift_sint32(a_1, i_2)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 < x) ->
+ ((i_2 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_3), i_2)] = Mint_undef_0[a_2]))))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (i_1 <= i_2) /\ (i_3 <= 9).
@@ -758,29 +820,37 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 157):
+Let x = to_uint32(1 + i).
Let a = global(G_t2_52).
Let a_1 = shift_A20_sint32(a, i).
+Let a_2 = shift_sint32(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_1, a_2, 20).
Assume {
Type: is_uint32(i) /\ is_sint32(v).
(* Loop assigns 'tactic,Zone' *)
- Have: forall a_2 : addr.
+ Have: forall a_4 : addr.
((forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 <= 9) ->
- (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_2)))) ->
- (Mint_0[a_2] = Mint_1[a_2])).
+ (shift_sint32(shift_A20_sint32(a, i_2), i_1) != a_4)))) ->
+ (Mint_0[a_4] = Mint_1[a_4])).
+ (* Invariant 'Range' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) ->
(Mint_1[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = v))))).
- (* Invariant 'Range' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Call 'init' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) ->
- (havoc(Mint_undef_0, Mint_1, shift_sint32(a_1, 0), 20)
- [shift_sint32(a_1, i_1)] = v))).
+ (a_3[shift_sint32(a_1, i_1)] = v))).
+ (* Invariant 'Range' *)
+ Have: x <= 10.
+ (* Invariant 'Partial' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) ->
+ (a_3[shift_sint32(shift_A20_sint32(a, i_2), i_1)] = Mint_undef_0[a_2]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -824,23 +894,24 @@ Prove: t2_0[i][i_1] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 48):
+Let x = to_uint32(1 + i).
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
(* Heap *)
Type: IsArray_d2_sint32(t2_1).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_1[i_4][i_3] = t2_2[i_4][i_3])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_2[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -848,11 +919,13 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_2[i_4][i_3] = t2_0[i_4][i_3])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_2[i_4][i_3] = t2_0[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: m[0] = t2_0[i_1][i_2].
@@ -873,11 +946,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -885,11 +958,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
}
Prove: to_uint32(1 + i) <= 10.
@@ -901,23 +974,24 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 54):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
Type: IsArray_d2_sint32(t2_1).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
+ When: (0 <= i_1) /\ (i_1 < x).
(* Loop assigns 'lack,Zone_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((0 <= i_2) -> ((i_3 <= 9) ->
((i_2 <= 19) ->
(((i_3 < 0) \/ (i_2 < 0) \/ (10 <= i_3) \/ (20 <= i_2)) ->
(t2_1[i_3][i_2] = t2_2[i_3][i_2])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_2[i_3][i_2] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -925,15 +999,17 @@ Assume {
((i_2 <= 19) ->
(((i_3 < 0) \/ (i_2 < 0) \/ (10 <= i_3) \/ (20 <= i_2)) ->
(t2_0[i_3][i_2] = t2_2[i_3][i_2])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_0[i_3][i_2] = t2_2[i_3][i_2]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
Prove: m[j <- v][i_1] = v.
@@ -945,7 +1021,9 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, line 55):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
+Let m_1 = m[j <- v].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -957,11 +1035,11 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_2[i_4][i_3] = t2_1[i_4][i_3])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -969,17 +1047,21 @@ Assume {
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
(t2_0[i_4][i_3] = t2_1[i_4][i_3])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < x) -> (m_1[i_3] = v))).
}
-Prove: t2_0[i <- m[j <- v]][i_1][i_2] = t2_1[i_1][i_2].
+Prove: t2_0[i <- m_1][i_1][i_2] = t2_1[i_1][i_2].
------------------------------------------------------------
@@ -998,11 +1080,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1010,13 +1092,13 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
}
@@ -1046,6 +1128,8 @@ Prove: true.
Goal Loop assigns 'lack,Zone_i' (2/3):
Effect at line 51
+Let x = to_uint32(1 + i_2).
+Let m = t2_2[i_2].
Assume {
Type: is_uint32(i_2).
(* Heap *)
@@ -1059,24 +1143,28 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
- (t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (t2_1[i_8][i_7] = t2_2[i_8][i_7])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
- ((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (t2_2[i_2][i_7] = v))).
+ ((i_7 <= 19) -> (t2_1[i_8][i_7] = t2_2[i_8][i_7]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) -> (t2_2[i_8][i_7] = m[0]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1085,6 +1173,8 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone_i' (3/3):
Effect at line 58
+Let x = to_uint32(1 + i_2).
+Let m = t2_2[i_2].
Assume {
Type: is_uint32(i_2).
(* Heap *)
@@ -1098,24 +1188,28 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 <= 9) ->
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
- (t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (t2_1[i_8][i_7] = t2_2[i_8][i_7])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
- ((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 <= 19) ->
- (t2_2[i_2][i_7] = v))).
+ ((i_7 <= 19) -> (t2_1[i_8][i_7] = t2_2[i_8][i_7]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((0 <= i_7) -> ((i_8 < x) ->
+ ((i_7 <= 19) -> (t2_2[i_8][i_7] = m[0]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1129,6 +1223,9 @@ Prove: true.
Goal Loop assigns 'lack,Zone_j' (2/3):
Effect at line 58
+Let m = t2_2[i_2].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
(* Heap *)
@@ -1142,11 +1239,11 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_0[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_1[i_8][i_7] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1154,15 +1251,22 @@ Assume {
((i_7 <= 19) ->
(((i_8 < 0) \/ (i_7 < 0) \/ (10 <= i_8) \/ (20 <= i_7)) ->
(t2_2[i_8][i_7] = t2_1[i_8][i_7])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < j) -> (m[i_7] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
((i_7 <= 19) -> (t2_2[i_8][i_7] = t2_1[i_8][i_7]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < j) -> (t2_2[i_2][i_7] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_7 : Z. ((0 <= i_7) -> ((i_7 < x) -> (m_1[i_7] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_8,i_7 : Z. ((0 <= i_8) -> ((i_8 < i_2) -> ((0 <= i_7) ->
+ ((i_7 <= 19) -> (t2_2[i_2 <- m_1][i_8][i_7] = t2_1[i_8][i_7]))))).
}
Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
(i <= i_8) /\ (0 <= i_7) /\ (i_1 <= i_7) /\ (i_8 <= 9) /\ (i_7 <= 19).
@@ -1171,6 +1275,9 @@ Prove: exists i_8,i_7 : Z. (i_8 <= i) /\ (i_7 <= i_1) /\ (0 <= i_8) /\
Goal Loop assigns 'lack,Zone_j' (3/3):
Effect at line 59
+Let m = t2_2[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -1182,23 +1289,30 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: j <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
(* Invariant 'Range_j' *)
- Have: j <= 20.
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_2[i <- m_1][i_2][i_1] = t2_1[i_2][i_1]))))).
}
Prove: exists i_2,i_1 : Z. (i_2 <= i) /\ (0 <= i_2) /\ (i <= i_2) /\
(0 <= i_1) /\ (j <= i_1) /\ (i_1 <= j) /\ (i_2 <= 9) /\ (i_1 <= 19).
@@ -1236,6 +1350,8 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 51):
+Let x = to_uint32(1 + i).
+Let m = t2_2[i].
Assume {
Type: is_uint32(i).
(* Heap *)
@@ -1245,25 +1361,30 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 <= 9) ->
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
- (t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (t2_1[i_2][i_1] = t2_2[i_2][i_1])))))).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
- ((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_2[i][i_1] = v))).
+ ((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_2[i_2][i_1]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) -> (t2_2[i_2][i_1] = m[0]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1273,6 +1394,9 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 58):
+Let m = t2_2[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Heap *)
@@ -1282,11 +1406,11 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_0[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Loop assigns 'lack,Zone_j' *)
@@ -1294,17 +1418,24 @@ Assume {
((i_1 <= 19) ->
(((i_2 < 0) \/ (i_1 < 0) \/ (10 <= i_2) \/ (20 <= i_1)) ->
(t2_2[i_2][i_1] = t2_1[i_2][i_1])))))).
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_2[i_2][i_1] = t2_1[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_2[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_2[i <- m_1][i_2][i_1] = t2_1[i_2][i_1]))))).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
@@ -1329,23 +1460,26 @@ Prove: t2_0[i][i_1] = v.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 77):
+Let x = to_uint32(1 + i).
Let m = t2_0[i].
Assume {
Type: is_uint32(i).
(* Goal *)
- When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < to_uint32(1 + i)) /\ (i_2 <= 19).
+ When: (0 <= i_1) /\ (0 <= i_2) /\ (i_1 < x) /\ (i_2 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = t2_0[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: m[0] = t2_0[i_1][i_2].
@@ -1359,18 +1493,18 @@ Prove: true.
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 76):
Assume {
Type: is_uint32(i).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
}
Prove: to_uint32(1 + i) <= 10.
@@ -1382,27 +1516,30 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 83):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + j)).
+ When: (0 <= i_1) /\ (i_1 < x).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_1[i_3][i_2] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_3,i_2 : Z. ((0 <= i_3) -> ((i_3 < i) -> ((0 <= i_2) ->
((i_2 <= 19) -> (t2_0[i_3][i_2] = t2_1[i_3][i_2]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < j) -> (m[i_2] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
Prove: m[j <- v][i_1] = v.
@@ -1414,29 +1551,35 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Previous_i' (file tests/wp_typed/user_init.i, line 84):
+Let x = to_uint32(1 + j).
Let m = t2_0[i].
+Let m_1 = m[j <- v].
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i) /\ (0 <= i_2) /\ (i_2 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_1[i_4][i_3] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < j) -> (m[i_3] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 < x) -> (m_1[i_3] = v))).
}
-Prove: t2_0[i <- m[j <- v]][i_1][i_2] = t2_1[i_1][i_2].
+Prove: t2_0[i <- m_1][i_1][i_2] = t2_1[i_1][i_2].
------------------------------------------------------------
@@ -1448,20 +1591,20 @@ Prove: true.
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 82):
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
}
@@ -1491,24 +1634,30 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_i' (2/3):
Effect at line 80
+Let x = to_uint32(1 + i_2).
+Let m = t2_1[i_2].
Assume {
Type: is_uint32(i_2).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
- ((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (t2_1[i_2][i_6] = v))).
+ ((i_6 <= 19) -> (t2_0[i_7][i_6] = t2_1[i_7][i_6]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) -> (t2_1[i_7][i_6] = m[0]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1517,24 +1666,30 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_i' (3/3):
Effect at line 87
+Let x = to_uint32(1 + i_2).
+Let m = t2_1[i_2].
Assume {
Type: is_uint32(i_2).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
- ((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 <= 19) ->
- (t2_1[i_2][i_6] = v))).
+ ((i_6 <= 19) -> (t2_0[i_7][i_6] = t2_1[i_7][i_6]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((0 <= i_6) -> ((i_7 < x) ->
+ ((i_6 <= 19) -> (t2_1[i_7][i_6] = m[0]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1548,27 +1703,37 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_j' (2/3):
Effect at line 87
+Let m = t2_1[i_2].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i_2) /\ is_uint32(j).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_0[i_7][i_6] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < j) -> (m[i_6] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
((i_6 <= 19) -> (t2_1[i_7][i_6] = t2_0[i_7][i_6]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < j) -> (t2_1[i_2][i_6] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < x) -> (m_1[i_6] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_7,i_6 : Z. ((0 <= i_7) -> ((i_7 < i_2) -> ((0 <= i_6) ->
+ ((i_6 <= 19) -> (t2_1[i_2 <- m_1][i_7][i_6] = t2_0[i_7][i_6]))))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1577,22 +1742,32 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_j' (3/3):
Effect at line 88
+Let m = t2_1[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
(* Goal *)
When: (0 <= i) /\ (0 <= j) /\ (i <= 9) /\ (j <= 19).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
+ (* Invariant 'Range_j' *)
+ Have: j <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
(* Invariant 'Range_j' *)
- Have: j <= 20.
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_1[i <- m_1][i_2][i_1] = t2_0[i_2][i_1]))))).
}
Prove: exists i_2,i_1 : Z. (i_2 <= i) /\ (0 <= i_2) /\ (i <= i_2) /\
(j <= i_1) /\ (i_1 <= j) /\ (i_2 <= 9).
@@ -1621,22 +1796,29 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 80):
+Let x = to_uint32(1 + i).
+Let m = t2_1[i].
Assume {
Type: is_uint32(i).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
- ((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 19) -> (t2_1[i][i_1] = v))).
+ ((i_1 <= 19) -> (t2_0[i_2][i_1] = t2_1[i_2][i_1]))))).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((0 <= i_1) -> ((i_2 < x) ->
+ ((i_1 <= 19) -> (t2_1[i_2][i_1] = m[0]))))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1646,26 +1828,36 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 87):
+Let m = t2_1[i].
+Let m_1 = m[j <- v].
+Let x = to_uint32(1 + j).
Assume {
Type: is_uint32(i) /\ is_uint32(j).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_0[i_2][i_1] = v))))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
+ (* Invariant 'Range_j' *)
+ Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (m[i_1] = v))).
(* Invariant 'Previous_i' *)
Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
((i_1 <= 19) -> (t2_1[i_2][i_1] = t2_0[i_2][i_1]))))).
- (* Invariant 'Partial_j' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < j) -> (t2_1[i][i_1] = v))).
- (* Invariant 'Range_j' *)
- Have: (0 <= j) /\ (j <= 20).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) -> (m_1[i_1] = v))).
+ (* Invariant 'Previous_i' *)
+ Have: forall i_2,i_1 : Z. ((0 <= i_2) -> ((i_2 < i) -> ((0 <= i_1) ->
+ ((i_1 <= 19) -> (t2_1[i <- m_1][i_2][i_1] = t2_0[i_2][i_1]))))).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
@@ -1691,20 +1883,26 @@ Prove: P_MemSet20(t2_0[i], 20, v).
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_i' (file tests/wp_typed/user_init.i, line 108):
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
(* Goal *)
- When: (0 <= i_1) /\ (i_1 < to_uint32(1 + i)).
+ When: (0 <= i_1) /\ (i_1 < x).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
P_MemSet20(t2_0[i_2], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
}
Prove: P_MemSet20(t2_0[i <- v][i_1], 20, v_1).
@@ -1716,17 +1914,20 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Range_i' (file tests/wp_typed/user_init.i, line 107):
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
}
Prove: to_uint32(1 + i) <= 10.
@@ -1739,25 +1940,31 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, line 114):
-Let m = v[j <- v_1].
+Let x = to_uint32(1 + j).
+Let m = t2_0[i].
+Let m_1 = v[j <- v_1].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]) /\ IsArray_sint32(m).
+ is_sint32(v_1) /\ IsArray_sint32(m) /\ IsArray_sint32(m_1).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
}
-Prove: P_MemSet20(m, to_uint32(1 + j), v_1).
+Prove: P_MemSet20(m_1, x, v_1).
------------------------------------------------------------
@@ -1765,11 +1972,11 @@ Goal Establishment of Invariant 'Partial_j' (file tests/wp_typed/user_init.i, li
Let m = t2_0[i].
Assume {
Type: is_uint32(i) /\ is_sint32(v) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
}
@@ -1778,20 +1985,23 @@ Prove: P_MemSet20(m, 0, v).
------------------------------------------------------------
Goal Preservation of Invariant 'Range_j' (file tests/wp_typed/user_init.i, line 113):
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]).
+ is_sint32(v_1) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
}
@@ -1821,21 +2031,30 @@ Prove: true.
Goal Loop assigns 'tactic,Zone_i' (2/3):
Effect at line 111
+Let x = to_uint32(1 + i_2).
+Let m = t2_0[i_2].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i_2) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i_2]).
+ IsArray_sint32(m).
(* Goal *)
When: (0 <= i_3) /\ (0 <= i_4) /\ (0 <= i_5) /\ (0 <= i) /\ (i_3 <= 9) /\
(i_5 <= 9) /\ (i <= 9) /\ (i_4 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i_2) /\ (i_2 <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < i_2) ->
P_MemSet20(t2_0[i_6], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i_2) /\ (i_2 <= 10).
(* Then *)
Have: i_2 <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_6 : Z. ((0 <= i_6) -> ((i_6 < x) ->
+ P_MemSet20(t2_0[i_2 <- v][i_6], 20, v_1))).
}
Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
(i <= i_7) /\ (i_1 <= i_6) /\ (i_7 <= 9).
@@ -1844,18 +2063,27 @@ Prove: exists i_7,i_6 : Z. (i_7 <= i) /\ (i_6 <= i_1) /\ (0 <= i_7) /\
Goal Loop assigns 'tactic,Zone_i' (3/3):
Effect at line 117
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
(* Goal *)
When: (0 <= i) /\ (0 <= i_1) /\ (i <= 9) /\ (i_1 <= 19).
+ (* Invariant 'Range_i' *)
+ Have: i <= 10.
(* Invariant 'Partial_i' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
P_MemSet20(t2_0[i_2], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: i <= 10.
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
(* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < x) ->
+ P_MemSet20(t2_0[i <- v][i_2], 20, v_1))).
}
Prove: exists i_3,i_2 : Z. (i_3 <= i) /\ (i_2 <= i_1) /\ (0 <= i_3) /\
(i <= i_3) /\ (i_1 <= i_2) /\ (i_3 <= 9).
@@ -1895,20 +2123,29 @@ Prove: exists i_5,i_4 : Z. (i_5 <= i) /\ (i_4 <= i_1) /\ (0 <= i_5) /\
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 111):
+Let x = to_uint32(1 + i).
+Let m = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_sint32(v_1) /\
- IsArray_sint32(t2_0[i]).
+ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, 0, v_1).
+ (* Invariant 'Partial_j' *)
Have: P_MemSet20(v, 20, v_1).
+ (* Invariant 'Range_i' *)
+ Have: x <= 10.
+ (* Invariant 'Partial_i' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < x) ->
+ P_MemSet20(t2_0[i <- v][i_1], 20, v_1))).
}
-Prove: i < to_uint32(1 + i).
+Prove: i < x.
------------------------------------------------------------
@@ -1918,24 +2155,33 @@ Prove: true.
------------------------------------------------------------
Goal Decreasing of Loop variant at loop (file tests/wp_typed/user_init.i, line 117):
+Let m = v[j <- v_1].
+Let x = to_uint32(1 + j).
+Let m_1 = t2_0[i].
Assume {
Type: IsArray_sint32(v) /\ is_uint32(i) /\ is_uint32(j) /\
- is_sint32(v_1) /\ IsArray_sint32(t2_0[i]).
+ is_sint32(v_1) /\ IsArray_sint32(m_1) /\ IsArray_sint32(m).
+ (* Invariant 'Range_i' *)
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant 'Partial_i' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
P_MemSet20(t2_0[i_1], 20, v_1))).
- (* Invariant 'Range_i' *)
- Have: (0 <= i) /\ (i <= 10).
(* Then *)
Have: i <= 9.
(* Invariant 'Partial_j' *)
- Have: P_MemSet20(v, j, v_1).
+ Have: P_MemSet20(m_1, 0, v_1).
(* Invariant 'Range_j' *)
Have: (0 <= j) /\ (j <= 20).
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(v, j, v_1).
(* Then *)
Have: j <= 19.
+ (* Invariant 'Range_j' *)
+ Have: x <= 20.
+ (* Invariant 'Partial_j' *)
+ Have: P_MemSet20(m, x, v_1).
}
-Prove: j < to_uint32(1 + j).
+Prove: j < x.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
index 48d804d0c823fef23c125984780eaed6cc1ce3b8..13654bda662e5cff82b8d1969988bfad67631339 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
@@ -29,9 +29,13 @@ Assume {
Then { Have: F1_0 = 1. }
Else {
(* Invariant *)
- Have: L_fact(i - 1) = F1_0.
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
(* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
+ (* Invariant *)
+ Have: L_fact(i - 1) = F1_0.
(* Else *)
Have: n < i.
}
@@ -47,6 +51,10 @@ Assume {
(* Else *)
Have: 2 <= n.
(* Invariant *)
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
+ (* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
(* Then *)
Have: i <= n.
@@ -70,16 +78,28 @@ Assume {
(* Else *)
Have: 2 <= n.
(* Invariant *)
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
+ (* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
(* Then *)
Have: i <= n.
+ (* Invariant *)
+ Have: 0 < i.
}
Prove: x_1 = L_fact(i).
------------------------------------------------------------
Goal Establishment of Invariant (file tests/wp_typed/user_rec.i, line 16):
-Assume { Type: is_sint32(n). (* Else *) Have: 2 <= n. }
+Assume {
+ Type: is_sint32(n).
+ (* Else *)
+ Have: 2 <= n.
+ (* Invariant *)
+ Have: 0 < n.
+}
Prove: L_fact(1) = 1.
------------------------------------------------------------
@@ -95,10 +115,14 @@ Prove: true.
Goal Post-condition (file tests/wp_typed/user_rec.i, line 23) in 'F2':
Assume {
Type: is_sint32(F2_0) /\ is_sint32(i) /\ is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (F2_0 = 1) else (L_fact(i - 1) = F2_0).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (F2_0 = 1) else (L_fact(i - 1) = F2_0).
(* Else *)
Have: n < i.
}
@@ -111,19 +135,29 @@ Let x = i * p.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(p) /\ is_sint32(1 + i) /\
is_sint32(x).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
(* Then *)
Have: i <= n.
+ (* Invariant 'RANGE' *)
+ Have: if (n <= 1) then (i = 1) else (0 < i).
}
Prove: if (n <= 1) then (x = 1) else (x = L_fact(i)).
------------------------------------------------------------
Goal Establishment of Invariant 'PART' (file tests/wp_typed/user_rec.i, line 29):
-Assume { Type: is_sint32(n). }
+Assume {
+ Type: is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
+}
Prove: (L_fact(1) = 1) \/ (n <= 1).
------------------------------------------------------------
@@ -131,10 +165,14 @@ Prove: (L_fact(1) = 1) \/ (n <= 1).
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_rec.i, line 28):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(p) /\ is_sint32(1 + i).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
(* Then *)
Have: i <= n.
}
@@ -160,10 +198,14 @@ Goal Post-condition (file tests/wp_typed/user_rec.i, line 36) in 'F4':
Let x = L_fact(n).
Assume {
Type: is_sint32(F4_0) /\ is_sint32(n) /\ is_sint32(n_1).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (F4_0 = 1) else ((x / L_fact(n_1)) = F4_0).
+ Have: ((x / x) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (F4_0 = 1) else ((x / L_fact(n_1)) = F4_0).
(* Else *)
Have: n_1 <= 1.
}
@@ -172,41 +214,58 @@ Prove: x = F4_0.
------------------------------------------------------------
Goal Preservation of Invariant 'NEVER' (file tests/wp_typed/user_rec.i, line 42):
-Let x = L_fact(n).
-Let x_1 = n_1 - 1.
-Let x_2 = n_1 * p.
+Let x = 1 + n.
+Let x_1 = L_fact(n).
+Let x_2 = n_1 - 1.
+Let x_3 = n_1 * p.
Assume {
- Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(x_1) /\
- is_sint32(x_2).
+ Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(x_2) /\
+ is_sint32(x_3).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (p = 1) else ((x / L_fact(n_1)) = p).
+ Have: ((x_1 / x_1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (p = 1) else ((x_1 / L_fact(n_1)) = p).
(* Then *)
Have: 2 <= n_1.
+ (* Invariant 'RANGE' *)
+ Have: if (n <= 1) then (x = n_1) else (n_1 <= x).
}
-Prove: if (n <= 1) then (x_2 = 1) else ((x / L_fact(x_1)) = x_2).
+Prove: if (n <= 1) then (x_3 = 1) else ((x_1 / L_fact(x_2)) = x_3).
------------------------------------------------------------
Goal Establishment of Invariant 'NEVER' (file tests/wp_typed/user_rec.i, line 42):
-Let x = L_fact(n). Assume { Type: is_sint32(n). }
+Let x = L_fact(n).
+Assume {
+ Type: is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
+}
Prove: ((x / x) = 1) \/ (n <= 1).
------------------------------------------------------------
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_rec.i, line 41):
-Let x = 1 + n.
+Let x = L_fact(n).
+Let x_1 = 1 + n.
Assume {
Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(n_1 - 1).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (p = 1) else ((L_fact(n) / L_fact(n_1)) = p).
+ Have: ((x / x) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (p = 1) else ((x / L_fact(n_1)) = p).
(* Then *)
Have: 2 <= n_1.
}
-Prove: if (n <= 1) then (x = n_1) else (n_1 <= x).
+Prove: if (n <= 1) then (x_1 = n_1) else (n_1 <= x_1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
index 7ee8668e53c9d73b825da70fa28b6ab9fe06994d..f9941a0cd6fe3a766c5334ff77b0992b3bf8e800 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
@@ -29,9 +29,13 @@ Assume {
Then { Have: F1_0 = 1. }
Else {
(* Invariant *)
- Have: L_fact(i - 1) = F1_0.
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
(* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
+ (* Invariant *)
+ Have: L_fact(i - 1) = F1_0.
(* Else *)
Have: n < i.
}
@@ -47,6 +51,10 @@ Assume {
(* Else *)
Have: 2 <= n.
(* Invariant *)
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
+ (* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
(* Then *)
Have: i <= n.
@@ -70,16 +78,28 @@ Assume {
(* Else *)
Have: 2 <= n.
(* Invariant *)
+ Have: 0 < n.
+ (* Invariant *)
+ Have: L_fact(1) = 1.
+ (* Invariant *)
Have: (2 <= i) /\ (i <= (1 + n)).
(* Then *)
Have: i <= n.
+ (* Invariant *)
+ Have: 0 < i.
}
Prove: x_1 = L_fact(i).
------------------------------------------------------------
Goal Establishment of Invariant (file tests/wp_typed/user_rec.i, line 16):
-Assume { Type: is_sint32(n). (* Else *) Have: 2 <= n. }
+Assume {
+ Type: is_sint32(n).
+ (* Else *)
+ Have: 2 <= n.
+ (* Invariant *)
+ Have: 0 < n.
+}
Prove: L_fact(1) = 1.
------------------------------------------------------------
@@ -95,10 +115,14 @@ Prove: true.
Goal Post-condition (file tests/wp_typed/user_rec.i, line 23) in 'F2':
Assume {
Type: is_sint32(F2_0) /\ is_sint32(i) /\ is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (F2_0 = 1) else (L_fact(i - 1) = F2_0).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (F2_0 = 1) else (L_fact(i - 1) = F2_0).
(* Else *)
Have: n < i.
}
@@ -111,19 +135,29 @@ Let x = i * p.
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(p) /\ is_sint32(1 + i) /\
is_sint32(x).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
(* Then *)
Have: i <= n.
+ (* Invariant 'RANGE' *)
+ Have: if (n <= 1) then (i = 1) else (0 < i).
}
Prove: if (n <= 1) then (x = 1) else (x = L_fact(i)).
------------------------------------------------------------
Goal Establishment of Invariant 'PART' (file tests/wp_typed/user_rec.i, line 29):
-Assume { Type: is_sint32(n). }
+Assume {
+ Type: is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
+}
Prove: (L_fact(1) = 1) \/ (n <= 1).
------------------------------------------------------------
@@ -131,10 +165,14 @@ Prove: (L_fact(1) = 1) \/ (n <= 1).
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_rec.i, line 28):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(p) /\ is_sint32(1 + i).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'PART' *)
- Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
+ Have: (L_fact(1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (i = 2) else ((2 <= i) /\ (i <= (1 + n))).
+ (* Invariant 'PART' *)
+ Have: if (n <= 1) then (p = 1) else (L_fact(i - 1) = p).
(* Then *)
Have: i <= n.
}
@@ -160,10 +198,14 @@ Goal Post-condition (file tests/wp_typed/user_rec.i, line 36) in 'F4':
Let x = L_fact(n).
Assume {
Type: is_sint32(F4_0) /\ is_sint32(n) /\ is_sint32(n_1).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (F4_0 = 1) else ((x / L_fact(n_1)) = F4_0).
+ Have: ((x / x) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (F4_0 = 1) else ((x / L_fact(n_1)) = F4_0).
(* Else *)
Have: n_1 <= 1.
}
@@ -172,41 +214,58 @@ Prove: x = F4_0.
------------------------------------------------------------
Goal Preservation of Invariant 'NEVER' (file tests/wp_typed/user_rec.i, line 42):
-Let x = L_fact(n).
-Let x_1 = n_1 - 1.
-Let x_2 = n_1 * p.
+Let x = 1 + n.
+Let x_1 = L_fact(n).
+Let x_2 = n_1 - 1.
+Let x_3 = n_1 * p.
Assume {
- Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(x_1) /\
- is_sint32(x_2).
+ Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(x_2) /\
+ is_sint32(x_3).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (p = 1) else ((x / L_fact(n_1)) = p).
+ Have: ((x_1 / x_1) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (p = 1) else ((x_1 / L_fact(n_1)) = p).
(* Then *)
Have: 2 <= n_1.
+ (* Invariant 'RANGE' *)
+ Have: if (n <= 1) then (x = n_1) else (n_1 <= x).
}
-Prove: if (n <= 1) then (x_2 = 1) else ((x / L_fact(x_1)) = x_2).
+Prove: if (n <= 1) then (x_3 = 1) else ((x_1 / L_fact(x_2)) = x_3).
------------------------------------------------------------
Goal Establishment of Invariant 'NEVER' (file tests/wp_typed/user_rec.i, line 42):
-Let x = L_fact(n). Assume { Type: is_sint32(n). }
+Let x = L_fact(n).
+Assume {
+ Type: is_sint32(n).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
+}
Prove: ((x / x) = 1) \/ (n <= 1).
------------------------------------------------------------
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_rec.i, line 41):
-Let x = 1 + n.
+Let x = L_fact(n).
+Let x_1 = 1 + n.
Assume {
Type: is_sint32(n) /\ is_sint32(n_1) /\ is_sint32(p) /\ is_sint32(n_1 - 1).
+ (* Invariant 'RANGE' *)
+ Have: (0 < n) \/ (n <= 1).
(* Invariant 'NEVER' *)
- Have: if (n <= 1) then (p = 1) else ((L_fact(n) / L_fact(n_1)) = p).
+ Have: ((x / x) = 1) \/ (n <= 1).
(* Invariant 'RANGE' *)
Have: if (n <= 1) then (n_1 = n) else ((0 < n_1) /\ (n_1 <= n)).
+ (* Invariant 'NEVER' *)
+ Have: if (n <= 1) then (p = 1) else ((x / L_fact(n_1)) = p).
(* Then *)
Have: 2 <= n_1.
}
-Prove: if (n <= 1) then (x = n_1) else (n_1 <= x).
+Prove: if (n <= 1) then (x_1 = n_1) else (n_1 <= x_1).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
index f6ac9a650aea8ed15b1ca16eb05f2209f1930beb..b4064b7e456bf12587e7955b68599430469ffddc 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_string.0.res.oracle
@@ -23,8 +23,8 @@ Prove: true.
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_string.i, line 29):
Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
Let a = shift_sint8(s, L_Length(Mchar_0, s)).
+Let x_1 = s.base.
Let a_1 = shift_sint8(ss_0, 1).
Assume {
Type: is_sint8(x).
@@ -34,13 +34,15 @@ Assume {
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + s.offset) < ss_0.offset) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ Have: addr_le(s, s) /\ addr_le(s, a).
(* Invariant 'BASE' *)
Have: ss_0.base = x_1.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + s.offset) < ss_0.offset) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Then *)
Have: x != 0.
}
@@ -62,30 +64,35 @@ Prove: addr_le(s, s) /\ addr_le(s, shift_sint8(s, L_Length(Mchar_0, s))).
------------------------------------------------------------
Goal Preservation of Invariant 'ZERO' (file tests/wp_typed/user_string.i, line 30):
+Let a = shift_sint8(ss_0, 1).
+Let a_1 = shift_sint8(s, L_Length(Mchar_0, s)).
Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
-Let x_2 = s.offset.
-Let x_3 = ss_0.offset.
+Let x_1 = s.offset.
+Let x_2 = ss_0.offset.
+Let x_3 = s.base.
Assume {
Type: is_sint8(x).
(* Heap *)
- Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_3) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i) /\ ((i + x_2) <= x_3).
+ When: (0 <= i) /\ ((i + x_1) <= x_2).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_2).
- (* Invariant 'ZERO' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> (((i_3 + x_2) < x_3) ->
- (Mchar_0[shift_sint8(s, i_3)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\
- addr_le(ss_0, shift_sint8(s, L_Length(Mchar_0, s))).
+ Have: addr_le(s, s) /\ addr_le(s, a_1).
(* Invariant 'BASE' *)
- Have: ss_0.base = x_1.
+ Have: ss_0.base = x_3.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> (((i_3 + x_1) < x_2) ->
+ (Mchar_0[shift_sint8(s, i_3)] != 0))).
(* Then *)
Have: x != 0.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, a) /\ addr_le(a, a_1).
}
Prove: Mchar_0[shift_sint8(s, i)] != 0.
@@ -97,28 +104,30 @@ Prove: true.
------------------------------------------------------------
Goal Assertion 'END' (file tests/wp_typed/user_string.i, line 37):
-Let x = s.base.
-Let x_1 = s.offset.
-Let x_2 = ss_0.offset.
+Let x = s.offset.
+Let x_1 = ss_0.offset.
+Let a = shift_sint8(s, L_Length(Mchar_0, s)).
+Let x_2 = s.base.
Assume {
(* Heap *)
- Type: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_2) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x_1) < x_2) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\
- addr_le(ss_0, shift_sint8(s, L_Length(Mchar_0, s))).
+ Have: addr_le(s, s) /\ addr_le(s, a).
(* Invariant 'BASE' *)
- Have: ss_0.base = x.
+ Have: ss_0.base = x_2.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) < x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Else *)
Have: Mchar_0[ss_0] = 0.
}
-Prove: P_Length_of_str_is(Malloc_0, Mchar_0, s, x_2 - x_1).
+Prove: P_Length_of_str_is(Malloc_0, Mchar_0, s, x_1 - x).
------------------------------------------------------------
@@ -145,29 +154,38 @@ Prove: true.
------------------------------------------------------------
Goal Positivity of Loop variant at loop (file tests/wp_typed/user_string.i, line 34):
-Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
+Let x = s.offset.
+Let x_1 = ss_0.offset.
+Let a = shift_sint8(ss_0, 1).
Let x_2 = L_Length(Mchar_0, s).
-Let x_3 = s.offset.
-Let x_4 = ss_0.offset.
+Let a_1 = shift_sint8(s, x_2).
+Let x_3 = Mchar_0[ss_0].
+Let x_4 = s.base.
Assume {
- Type: is_sint8(x).
+ Type: is_sint8(x_3).
(* Heap *)
- Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_4) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x_3) < x_4) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\ addr_le(ss_0, shift_sint8(s, x_2)).
+ Have: addr_le(s, s) /\ addr_le(s, a_1).
(* Invariant 'BASE' *)
- Have: ss_0.base = x_1.
+ Have: ss_0.base = x_4.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) < x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Then *)
- Have: x != 0.
+ Have: x_3 != 0.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, a) /\ addr_le(a, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) <= x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
}
-Prove: x_4 <= (x_3 + x_2).
+Prove: x_1 <= (x + x_2).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
index b0256f00b0c4d77b72ad77ee1e2fd7ab3bb14df3..eebd87021afbb6c20969ed937a9d851eae92ae54 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_string.1.res.oracle
@@ -23,8 +23,8 @@ Prove: true.
Goal Preservation of Invariant 'RANGE' (file tests/wp_typed/user_string.i, line 29):
Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
Let a = shift_sint8(s, L_Length(Mchar_0, s)).
+Let x_1 = s.base.
Let a_1 = shift_sint8(ss_0, 1).
Assume {
Type: is_sint8(x).
@@ -34,13 +34,15 @@ Assume {
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + s.offset) < ss_0.offset) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ Have: addr_le(s, s) /\ addr_le(s, a).
(* Invariant 'BASE' *)
Have: ss_0.base = x_1.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + s.offset) < ss_0.offset) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Then *)
Have: x != 0.
}
@@ -62,30 +64,35 @@ Prove: addr_le(s, s) /\ addr_le(s, shift_sint8(s, L_Length(Mchar_0, s))).
------------------------------------------------------------
Goal Preservation of Invariant 'ZERO' (file tests/wp_typed/user_string.i, line 30):
+Let a = shift_sint8(ss_0, 1).
+Let a_1 = shift_sint8(s, L_Length(Mchar_0, s)).
Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
-Let x_2 = s.offset.
-Let x_3 = ss_0.offset.
+Let x_1 = s.offset.
+Let x_2 = ss_0.offset.
+Let x_3 = s.base.
Assume {
Type: is_sint8(x).
(* Heap *)
- Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_3) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
- When: (0 <= i) /\ ((i + x_2) <= x_3).
+ When: (0 <= i) /\ ((i + x_1) <= x_2).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_2).
- (* Invariant 'ZERO' *)
- Have: forall i_3 : Z. ((0 <= i_3) -> (((i_3 + x_2) < x_3) ->
- (Mchar_0[shift_sint8(s, i_3)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\
- addr_le(ss_0, shift_sint8(s, L_Length(Mchar_0, s))).
+ Have: addr_le(s, s) /\ addr_le(s, a_1).
(* Invariant 'BASE' *)
- Have: ss_0.base = x_1.
+ Have: ss_0.base = x_3.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_3 : Z. ((0 <= i_3) -> (((i_3 + x_1) < x_2) ->
+ (Mchar_0[shift_sint8(s, i_3)] != 0))).
(* Then *)
Have: x != 0.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, a) /\ addr_le(a, a_1).
}
Prove: Mchar_0[shift_sint8(s, i)] != 0.
@@ -97,28 +104,30 @@ Prove: true.
------------------------------------------------------------
Goal Assertion 'END' (file tests/wp_typed/user_string.i, line 37):
-Let x = s.base.
-Let x_1 = s.offset.
-Let x_2 = ss_0.offset.
+Let x = s.offset.
+Let x_1 = ss_0.offset.
+Let a = shift_sint8(s, L_Length(Mchar_0, s)).
+Let x_2 = s.base.
Assume {
(* Heap *)
- Type: (region(x) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_2) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x_1) < x_2) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\
- addr_le(ss_0, shift_sint8(s, L_Length(Mchar_0, s))).
+ Have: addr_le(s, s) /\ addr_le(s, a).
(* Invariant 'BASE' *)
- Have: ss_0.base = x.
+ Have: ss_0.base = x_2.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) < x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Else *)
Have: Mchar_0[ss_0] = 0.
}
-Prove: P_Length_of_str_is(Malloc_0, Mchar_0, s, x_2 - x_1).
+Prove: P_Length_of_str_is(Malloc_0, Mchar_0, s, x_1 - x).
------------------------------------------------------------
@@ -145,29 +154,38 @@ Prove: true.
------------------------------------------------------------
Goal Positivity of Loop variant at loop (file tests/wp_typed/user_string.i, line 34):
-Let x = Mchar_0[ss_0].
-Let x_1 = s.base.
+Let x = s.offset.
+Let x_1 = ss_0.offset.
+Let a = shift_sint8(ss_0, 1).
Let x_2 = L_Length(Mchar_0, s).
-Let x_3 = s.offset.
-Let x_4 = ss_0.offset.
+Let a_1 = shift_sint8(s, x_2).
+Let x_3 = Mchar_0[ss_0].
+Let x_4 = s.base.
Assume {
- Type: is_sint8(x).
+ Type: is_sint8(x_3).
(* Heap *)
- Type: (region(x_1) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
+ Type: (region(x_4) <= 0) /\ linked(Malloc_0) /\ sconst(Mchar_0).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i).
(* Pre-condition *)
Have: P_Length_of_str_is(Malloc_0, Mchar_0, s, i_1).
- (* Invariant 'ZERO' *)
- Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x_3) < x_4) ->
- (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Invariant 'RANGE' *)
- Have: addr_le(s, ss_0) /\ addr_le(ss_0, shift_sint8(s, x_2)).
+ Have: addr_le(s, s) /\ addr_le(s, a_1).
(* Invariant 'BASE' *)
- Have: ss_0.base = x_1.
+ Have: ss_0.base = x_4.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, ss_0) /\ addr_le(ss_0, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) < x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
(* Then *)
- Have: x != 0.
+ Have: x_3 != 0.
+ (* Invariant 'RANGE' *)
+ Have: addr_le(s, a) /\ addr_le(a, a_1).
+ (* Invariant 'ZERO' *)
+ Have: forall i_2 : Z. ((0 <= i_2) -> (((i_2 + x) <= x_1) ->
+ (Mchar_0[shift_sint8(s, i_2)] != 0))).
}
-Prove: x_4 <= (x_3 + x_2).
+Prove: x_1 <= (x + x_2).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_exit_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_exit_part2.json
index a187150cc649f2fe0559e01565b0547de2fada18..aa52fbebd0ceb26b098784cbb877f8bdadb051e6 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_exit_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_exit_part2.json
@@ -1,6 +1,6 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_0,i_1:int.\n(i_0<=i_136) /\\ (i_1<=i_137) /\\ (0<=i_0) /\\ (i_136<=i_0) /\\ (i_137<=i_1)\n/\\ (i_0<=9)",
+ "target": "exists i_0,i_1:int.\n(i_0<=i_138) /\\ (i_1<=i_139) /\\ (0<=i_0) /\\ (i_138<=i_0) /\\ (i_139<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
"verdict": "valid", "time": 0.0088,
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_normal_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_normal_part2.json
index a187150cc649f2fe0559e01565b0547de2fada18..aa52fbebd0ceb26b098784cbb877f8bdadb051e6 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_normal_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_assigns_normal_part2.json
@@ -1,6 +1,6 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_0,i_1:int.\n(i_0<=i_136) /\\ (i_1<=i_137) /\\ (0<=i_0) /\\ (i_136<=i_0) /\\ (i_137<=i_1)\n/\\ (i_0<=9)",
+ "target": "exists i_0,i_1:int.\n(i_0<=i_138) /\\ (i_1<=i_139) /\\ (0<=i_0) /\\ (i_138<=i_0) /\\ (i_139<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
"verdict": "valid", "time": 0.0088,
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part2.json
index baf7c5bf62b542aa313b0d746286e799b93e67b8..820cbd3fc5e4f803e38f914bb981e386dfc27b4a 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part2.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_9) /\\ (i_1<=i_10) /\\ (0<=i_0) /\\ (i_9<=i_0) /\\ (i_10<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0279,
- "steps": 41 } ],
+ "verdict": "valid", "time": 0.0124,
+ "steps": 43 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.021,
- "steps": 41 } ] } } ]
+ "verdict": "valid", "time": 0.0121,
+ "steps": 43 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part3.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part3.json
index cae89d2a942aa4f3f67bfeab7a4b6962d46fc0a4..abaf79ffd0a939aaa9f4c60806bc8f8890d897a9 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part3.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_bis_v2_loop_assigns_part3.json
@@ -1,10 +1,10 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_1,i_2:int.\n(i_1<=i_0) /\\ (i_2<=i_3) /\\ (0<=i_1) /\\ (i_0<=i_1) /\\ (i_3<=i_2) /\\ (i_1<=9)",
+ "target": "exists i_0,i_2:int.\n(i_0<=i_1) /\\ (i_2<=i_3) /\\ (0<=i_0) /\\ (i_1<=i_0) /\\ (i_3<=i_2) /\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.009,
- "steps": 29 } ],
+ "verdict": "valid", "time": 0.0074,
+ "steps": 31 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0131,
- "steps": 29 } ] } } ]
+ "verdict": "valid", "time": 0.0078,
+ "steps": 31 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_assigns_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_assigns_part2.json
index 2ee61e01ef268896d390d325575ef4051af1088e..a158cb35d7024c69250c2c6f61b9f41654bcb56a 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_assigns_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_assigns_part2.json
@@ -1,6 +1,6 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_0,i_1:int.\n(i_0<=i_156) /\\ (i_1<=i_157) /\\ (0<=i_0) /\\ (i_156<=i_0) /\\ (i_157<=i_1)\n/\\ (i_0<=9)",
+ "target": "exists i_0,i_1:int.\n(i_0<=i_158) /\\ (i_1<=i_159) /\\ (0<=i_0) /\\ (i_158<=i_0) /\\ (i_159<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
"verdict": "valid", "time": 0.011,
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part2.json
index 6a684ed4e4fa19eaae36dd09d3b7717df0c65a0e..18643516046a339dee16a82e44473e2dc722f1ac 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part2.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_13) /\\ (i_1<=i_14) /\\ (0<=i_0) /\\ (i_13<=i_0) /\\ (i_14<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0202,
- "steps": 40 } ],
+ "verdict": "valid", "time": 0.0099,
+ "steps": 42 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0177,
- "steps": 40 } ] } } ]
+ "verdict": "valid", "time": 0.0124,
+ "steps": 42 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part3.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part3.json
index 578ffb9958aef6bacf33cb5680b0ecbafe0f5efe..522d6695a5bb42790b4084770155336d47a74f8e 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part3.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_2_part3.json
@@ -1,10 +1,10 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_0,i_2:int.\n(i_0<=i_1) /\\ (0<=i_0) /\\ (i_1<=i_0) /\\ (j_0<=i_2) /\\ (i_2<=j_0) /\\ (i_0<=9)",
+ "target": "exists i_0,i_2:int.\n(i_0<=i_1) /\\ (0<=i_0) /\\ (i_1<=i_0) /\\ (j_1<=i_2) /\\ (i_2<=j_1) /\\ (i_0<=9)",
"pattern": "\\E$i0$i$j$j9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0143,
- "steps": 24 } ],
+ "verdict": "valid", "time": 0.0094,
+ "steps": 26 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0146,
- "steps": 24 } ] } } ]
+ "verdict": "valid", "time": 0.0101,
+ "steps": 26 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part2.json
index 72b93b5526df3a049e39f88a0d1809d9e3ec6941..71531584b1405a92d8ecee2ed8fe30b8fd988d3f 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part2.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_21) /\\ (i_1<=i_22) /\\ (0<=i_0) /\\ (i_21<=i_0) /\\ (i_22<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.016,
- "steps": 33 } ],
+ "verdict": "valid", "time": 0.0098,
+ "steps": 35 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0161,
- "steps": 33 } ] } } ]
+ "verdict": "valid", "time": 0.0048,
+ "steps": 35 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part3.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part3.json
index 09755e2c851424c8871e943d93a05b0253bf1db9..0528b3f539e087d7ffe5b4a4a6ebc4bbce7590eb 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part3.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v2_loop_assigns_part3.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_8) /\\ (i_1<=i_9) /\\ (0<=i_0) /\\ (i_8<=i_0) /\\ (i_9<=i_1) /\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.016,
- "steps": 33 } ],
+ "verdict": "valid", "time": 0.0098,
+ "steps": 35 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0161,
- "steps": 33 } ] } } ]
+ "verdict": "valid", "time": 0.0048,
+ "steps": 35 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_assigns_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_assigns_part2.json
index cb380dd3e39f3d5b41787e5481e2eb7b62264873..aa273fd1e8bb18e8fc52a27351743fe17f464122 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_assigns_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_assigns_part2.json
@@ -1,6 +1,6 @@
[ { "header": "Split", "tactic": "Wp.split", "params": {},
"select": { "select": "clause-goal",
- "target": "exists i_0,i_1:int.\n(i_0<=i_148) /\\ (i_1<=i_149) /\\ (0<=i_0) /\\ (i_148<=i_0) /\\ (i_149<=i_1)\n/\\ (i_0<=9)",
+ "target": "exists i_0,i_1:int.\n(i_0<=i_149) /\\ (i_1<=i_150) /\\ (0<=i_0) /\\ (i_149<=i_0) /\\ (i_150<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
"verdict": "valid", "time": 0.011,
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part2.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part2.json
index 706eac2712b2643fdff1c6caaea6ca9725f711ad..3b3491906df49d091101db28c4d58660fed8180a 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part2.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part2.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_13) /\\ (i_1<=i_14) /\\ (0<=i_0) /\\ (i_13<=i_0) /\\ (i_14<=i_1)\n/\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0209,
- "steps": 39 } ],
+ "verdict": "valid", "time": 0.0139,
+ "steps": 45 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0184,
- "steps": 39 } ] } } ]
+ "verdict": "valid", "time": 0.0127,
+ "steps": 45 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part3.json b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part3.json
index d035bcd5046d5abb9450a6bd66795f980f87369f..c31beeea1dd2a6726bca67f972e4aebb07a292c7 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part3.json
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.session/script/init_t2_v3_loop_assigns_part3.json
@@ -3,8 +3,8 @@
"target": "exists i_0,i_1:int.\n(i_0<=i_4) /\\ (i_1<=i_6) /\\ (0<=i_0) /\\ (i_4<=i_0) /\\ (i_6<=i_1) /\\ (i_0<=9)",
"pattern": "\\E$i$i0$i$i9" },
"children": { "Goal 1/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0146,
- "steps": 27 } ],
+ "verdict": "valid", "time": 0.0169,
+ "steps": 33 } ],
"Goal 2/2": [ { "prover": "Alt-Ergo:2.2.0",
- "verdict": "valid", "time": 0.0143,
- "steps": 27 } ] } } ]
+ "verdict": "valid", "time": 0.0081,
+ "steps": 33 } ] } } ]
diff --git a/src/plugins/wp/tests/wp_typed/user_init.i b/src/plugins/wp/tests/wp_typed/user_init.i
index 6bda4f9640bfb6620309aca3950bd93c093b81e5..251dcd36298a05a068bd1d12adb9cc898e1de159 100644
--- a/src/plugins/wp/tests/wp_typed/user_init.i
+++ b/src/plugins/wp/tests/wp_typed/user_init.i
@@ -1,5 +1,5 @@
/* run.config_qualif
- EXECNOW: rm -rf @PTEST_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.1.session/script
+ EXECNOW: rm -rf @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.1.session/script
OPT: -wp-prop=-lack,-tactic
OPT: -wp-prop=tactic -wp-auto=wp:split,wp:range -wp-prover=tip,alt-ergo
OPT: -wp-prop=lack
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
index e5407bbcb4c8cf4efe72f5628e6a2a6edd6cdb67..486046a75d95dd31ea6983a70226967d14b556bf 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
@@ -22,15 +22,17 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i < n).
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
Have: ({ Init_p_0 with Init_F1_S_n = true }) = Init_p_0.
+ (* Invariant *)
+ Have: 0 <= n.
(* Loop assigns ... *)
Have: ({ Init_p_0 with Init_F1_S_a = v_1 }) = Init_p_0.
(* Invariant *)
+ Have: (0 <= i_1) /\ (i_1 <= n).
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
(Mint_0[shift_sint32(a, i_2)] = v[i_2]))).
- (* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= n).
(* Else *)
Have: n <= i_1.
}
@@ -42,15 +44,17 @@ Goal Preservation of Invariant (file tests/wp_usage/caveat2.i, line 21):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
Have: ({ Init_p_0 with Init_F1_S_n = true }) = Init_p_0.
+ (* Invariant *)
+ Have: 0 <= n.
(* Loop assigns ... *)
Have: ({ Init_p_0 with Init_F1_S_a = v }) = Init_p_0.
(* Invariant *)
+ Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(Mint_0[shift_sint32(global(G_b_26), i_1)] = v_1[i_1]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
}
@@ -70,17 +74,21 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Pre-condition *)
- Have: (0 <= n) /\ (n <= 3).
+ Have: n <= 3.
Have: ({ Init_p_0 with Init_F1_S_n = true }) = Init_p_0.
+ (* Invariant *)
+ Have: 0 <= n.
(* Loop assigns ... *)
Have: ({ Init_p_0 with Init_F1_S_a = v_1 }) = Init_p_0.
(* Invariant *)
+ Have: (0 <= i) /\ (i <= n).
+ (* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(Mint_0[shift_sint32(a, i_2)] = v[i_2]))).
- (* Invariant *)
- Have: (0 <= i) /\ (i <= n).
(* Then *)
Have: i < n.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: v[i <- Mint_0[shift_sint32(a, i)]][i_1] = Mint_0[shift_sint32(a, i_1)].
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat_range.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat_range.res.oracle
index ed2e13b489691f40aaf2bad6e32707de396479f7..1d87f4750391556230fd7dcb7018245a44713b6f 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat_range.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat_range.res.oracle
@@ -14,13 +14,13 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i <= 9).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
+ Have: (0 <= i_1) /\ (i_1 <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
(a_1[shiftfield_F1_S_f(shift_S1_S(a, i_2))] = 1))).
(* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
+ (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
(* Else *)
Have: 10 <= i_1.
}
@@ -36,13 +36,13 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i <= 9).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
- (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
+ Have: (0 <= i_1) /\ (i_1 <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
(a_1[shiftfield_F1_S_f(shift_S1_S(a, i_2))] = 1))).
(* Invariant *)
- Have: (0 <= i_1) /\ (i_1 <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i_1) ->
+ (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
(* Else *)
Have: 10 <= i_1.
}
@@ -56,13 +56,13 @@ Let a_1 = havoc(Mint_undef_0, Mint_0, shift_S1_S(a, 0), 20).
Assume {
Type: is_sint32(i) /\ is_sint32(1 + i).
(* Invariant *)
- Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
- (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_1))] = 2))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shiftfield_F1_S_f(shift_S1_S(a, i_1))] = 1))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
+ (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_1))] = 2))).
(* Then *)
Have: i <= 9.
}
@@ -83,15 +83,17 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_1[shiftfield_F1_S_f(shift_S1_S(a, i_2))] = 1))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
(* Then *)
Have: i <= 9.
+ (* Invariant *)
+ Have: (-1) <= i.
}
Prove: a_1[shiftfield_F1_S_f(shift_S1_S(a, i)) <- 1]
[shiftfield_F1_S_f(shift_S1_S(a, i_1))] = 1.
@@ -107,22 +109,28 @@ Goal Preservation of Invariant (file tests/wp_usage/caveat_range.i, line 21):
Let a = global(G_p_22).
Let a_1 = havoc(Mint_undef_0, Mint_0, shift_S1_S(a, 0), 20).
Let a_2 = shift_S1_S(a, i).
+Let a_3 = a_1[shiftfield_F1_S_f(a_2) <- 1].
Assume {
Type: is_sint32(i) /\ is_sint32(1 + i).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Invariant *)
- Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
- (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
+ Have: (0 <= i) /\ (i <= 10).
(* Invariant *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_1[shiftfield_F1_S_f(shift_S1_S(a, i_2))] = 1))).
(* Invariant *)
- Have: (0 <= i) /\ (i <= 10).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
+ (a_1[shiftfield_F1_S_g(shift_S1_S(a, i_2))] = 2))).
(* Then *)
Have: i <= 9.
+ (* Invariant *)
+ Have: (-1) <= i.
+ (* Invariant *)
+ Have: forall i_2 : Z. ((i_2 <= i) -> ((0 <= i_2) ->
+ (a_3[shiftfield_F1_S_f(shift_S1_S(a, i_2))] = 1))).
}
-Prove: a_1[shiftfield_F1_S_f(a_2) <- 1][shiftfield_F1_S_g(a_2) <- 2]
+Prove: a_3[shiftfield_F1_S_g(a_2) <- 2]
[shiftfield_F1_S_g(shift_S1_S(a, i_1))] = 2.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
index f5e6746b9b82b0a337df477dc3fd35f1053fd278..3d4ea749002b687906322345b288b9470ab18698 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
@@ -7,11 +7,11 @@
------------------------------------------------------------
Goal Post-condition 'memcpy' in 'memcpy_alias_vars':
-Let a = Mptr_0[global(P_src_24)].
-Let a_1 = Mptr_0[global(P_dst_25)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
+Let a = Mptr_0[global(P_dst_25)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_24)].
+Let a_4 = shift_uint8(a_3, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Heap *)
@@ -19,34 +19,34 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(v, len_1).
- (* Invariant 'src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(v_1, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'len' *)
Have: len_1 <= len_0.
+ (* Invariant 'src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(v, len_1).
+ (* Invariant 'dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(v_1, len_1).
+ (* Invariant 'cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Else *)
Have: len_1 <= 0.
}
-Prove: a_3[shift_uint8(a_1, i)] = Mint_0[shift_uint8(a, i)].
+Prove: a_2[shift_uint8(a, i)] = Mint_0[shift_uint8(a_3, i)].
------------------------------------------------------------
Goal Post-condition 'unmodified' in 'memcpy_alias_vars':
-Let a = Mptr_0[global(P_src_24)].
-Let a_1 = Mptr_0[global(P_dst_25)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
-Let a_5 = shift_uint8(a, i).
+Let a = Mptr_0[global(P_dst_25)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_24)].
+Let a_4 = shift_uint8(a_3, 0).
+Let a_5 = shift_uint8(a_3, i).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Heap *)
@@ -54,34 +54,34 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(v, len_1).
- (* Invariant 'src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(v_1, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'len' *)
Have: len_1 <= len_0.
+ (* Invariant 'src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(v, len_1).
+ (* Invariant 'dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(v_1, len_1).
+ (* Invariant 'cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Else *)
Have: len_1 <= 0.
}
-Prove: a_3[a_5] = Mint_0[a_5].
+Prove: a_2[a_5] = Mint_0[a_5].
------------------------------------------------------------
Goal Preservation of Invariant 'cpy' (file tests/wp_usage/issue-189-bis.i, line 27):
-Let a = Mptr_0[global(P_src_24)].
-Let a_1 = Mptr_0[global(P_dst_25)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
-Let a_5 = a_3[v <- a_3[v_1]].
+Let a = Mptr_0[global(P_dst_25)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_24)].
+Let a_4 = shift_uint8(a_3, 0).
+Let a_5 = a_2[v <- a_2[v_1]].
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Heap *)
@@ -89,24 +89,26 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(v, len_1).
- (* Invariant 'src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(v_1, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'len' *)
Have: len_1 <= len_0.
+ (* Invariant 'src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(v_1, len_1).
+ (* Invariant 'dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(v, len_1).
+ (* Invariant 'cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'len' *)
+ Have: len_1 <= (1 + len_0).
}
-Prove: a_5[shift_uint8(a, i)] = a_5[shift_uint8(a_1, i)].
+Prove: a_5[shift_uint8(a_3, i)] = a_5[shift_uint8(a, i)].
------------------------------------------------------------
@@ -126,30 +128,30 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'len' (file tests/wp_usage/issue-189-bis.i, line 23):
-Let a = Mptr_0[global(P_src_24)].
-Let a_1 = Mptr_0[global(P_dst_25)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_1).
-Let a_4 = shift_uint8(a, 0).
+Let a = Mptr_0[global(P_dst_25)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_1).
+Let a_3 = Mptr_0[global(P_src_24)].
+Let a_4 = shift_uint8(a_3, 0).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_1).
+ Have: valid_rw(Malloc_0, a_1, len_1).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_1).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_1, a_4, len_1).
- (* Invariant 'cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
- (a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
- (* Invariant 'dst' *)
- Have: shift_uint8(a_1, len_1) = shift_uint8(v, len_0).
- (* Invariant 'src' *)
- Have: shift_uint8(a, len_1) = shift_uint8(v_1, len_0).
+ Have: separated(a_1, len_1, a_4, len_1).
(* Invariant 'len' *)
Have: len_0 <= len_1.
+ (* Invariant 'src' *)
+ Have: shift_uint8(a_3, len_1) = shift_uint8(v, len_0).
+ (* Invariant 'dst' *)
+ Have: shift_uint8(a, len_1) = shift_uint8(v_1, len_0).
+ (* Invariant 'cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
+ (a_2[shift_uint8(a_3, i)] = a_2[shift_uint8(a, i)]))).
(* Then *)
Have: 0 < len_0.
}
@@ -191,38 +193,44 @@ Prove: true.
Goal Loop assigns (file tests/wp_usage/issue-189-bis.i, line 26) (4/4):
Effect at line 32
-Let a = global(P_src_24).
+Let a = global(P_dst_25).
Let a_1 = Mptr_0[a].
-Let a_2 = global(P_dst_25).
-Let a_3 = Mptr_0[a_2].
-Let a_4 = shift_uint8(a_3, 0).
-Let a_5 = havoc(Mint_undef_0, Mint_0, a_4, len_0).
-Let a_6 = shift_uint8(a_1, 0).
+Let a_2 = shift_uint8(a_1, 0).
+Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
+Let a_4 = a_3[v <- a_3[v_1]].
+Let a_5 = global(P_src_24).
+Let a_6 = Mptr_0[a_5].
+Let a_7 = shift_uint8(a_6, 0).
Assume {
- Type: is_sint32(len_0) /\ is_sint32(len_1).
+ Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_24 <- 1][P_dst_25 <- 1], v, 1).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_4, len_0).
+ Have: valid_rw(Malloc_0, a_2, len_0).
(* Pre-condition 'read_access' *)
- Have: valid_rd(Malloc_0, a_6, len_0).
+ Have: valid_rd(Malloc_0, a_7, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_4, len_0, a_6, len_0).
- (* Invariant 'cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
- (a_5[shift_uint8(a_1, i)] = a_5[shift_uint8(a_3, i)]))).
- (* Invariant 'dst' *)
- Have: shift_uint8(a_3, len_0) = shift_uint8(v, len_1).
- (* Invariant 'src' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(v_1, len_1).
+ Have: separated(a_2, len_0, a_7, len_0).
(* Invariant 'len' *)
Have: len_1 <= len_0.
+ (* Invariant 'src' *)
+ Have: shift_uint8(a_6, len_0) = shift_uint8(v_1, len_1).
+ (* Invariant 'dst' *)
+ Have: shift_uint8(a_1, len_0) = shift_uint8(v, len_1).
+ (* Invariant 'cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
+ (a_3[shift_uint8(a_6, i)] = a_3[shift_uint8(a_1, i)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'len' *)
+ Have: len_1 <= (1 + len_0).
+ (* Invariant 'cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) <= len_0) ->
+ (a_4[shift_uint8(a_6, i)] = a_4[shift_uint8(a_1, i)]))).
}
-Prove: (a_2 = v) \/ (a = v) \/ included(v, 1, a_4, len_0).
+Prove: (a = v) \/ (a_5 = v) \/ included(v, 1, a_2, len_0).
------------------------------------------------------------
@@ -236,11 +244,11 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'memcpy,ok' in 'memcpy_context_vars':
-Let a = Mptr_0[global(P_src_47)].
-Let a_1 = Mptr_0[global(P_dst_48)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
+Let a = Mptr_0[global(P_dst_48)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_47)].
+Let a_4 = shift_uint8(a_3, 0).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Heap *)
@@ -248,34 +256,34 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'ok,cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(dst2_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(dst2_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Else *)
Have: len_1 <= 0.
}
-Prove: a_3[shift_uint8(a_1, i)] = Mint_0[shift_uint8(a, i)].
+Prove: a_2[shift_uint8(a, i)] = Mint_0[shift_uint8(a_3, i)].
------------------------------------------------------------
Goal Post-condition 'unmodified,ok' in 'memcpy_context_vars':
-Let a = Mptr_0[global(P_src_47)].
-Let a_1 = Mptr_0[global(P_dst_48)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
-Let a_5 = shift_uint8(a, i).
+Let a = Mptr_0[global(P_dst_48)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_47)].
+Let a_4 = shift_uint8(a_3, 0).
+Let a_5 = shift_uint8(a_3, i).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Heap *)
@@ -283,34 +291,34 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'ok,cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(dst2_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(dst2_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Else *)
Have: len_1 <= 0.
}
-Prove: a_3[a_5] = Mint_0[a_5].
+Prove: a_2[a_5] = Mint_0[a_5].
------------------------------------------------------------
Goal Preservation of Invariant 'ok,cpy' (file tests/wp_usage/issue-189-bis.i, line 55):
-Let a = Mptr_0[global(P_src_47)].
-Let a_1 = Mptr_0[global(P_dst_48)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
-Let a_5 = a_3[dst2_0 <- a_3[src2_0]].
+Let a = Mptr_0[global(P_dst_48)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = Mptr_0[global(P_src_47)].
+Let a_4 = shift_uint8(a_3, 0).
+Let a_5 = a_2[dst2_0 <- a_2[src2_0]].
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Heap *)
@@ -318,24 +326,26 @@ Assume {
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'ok,cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(dst2_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
+ Have: separated(a_1, len_0, a_4, len_0).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_3, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(dst2_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_2[shift_uint8(a_3, i_1)] = a_2[shift_uint8(a, i_1)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'ok,len' *)
+ Have: len_1 <= (1 + len_0).
}
-Prove: a_5[shift_uint8(a, i)] = a_5[shift_uint8(a_1, i)].
+Prove: a_5[shift_uint8(a_3, i)] = a_5[shift_uint8(a, i)].
------------------------------------------------------------
@@ -355,30 +365,30 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'ok,len' (file tests/wp_usage/issue-189-bis.i, line 51):
-Let a = Mptr_0[global(P_src_47)].
-Let a_1 = Mptr_0[global(P_dst_48)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_1).
-Let a_4 = shift_uint8(a, 0).
+Let a = Mptr_0[global(P_dst_48)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_1).
+Let a_3 = Mptr_0[global(P_src_47)].
+Let a_4 = shift_uint8(a_3, 0).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_1).
+ Have: valid_rw(Malloc_0, a_1, len_1).
(* Pre-condition 'read_access' *)
Have: valid_rd(Malloc_0, a_4, len_1).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_1, a_4, len_1).
- (* Invariant 'ok,cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
- (a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_1) = shift_uint8(dst2_0, len_0).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_1) = shift_uint8(src2_0, len_0).
+ Have: separated(a_1, len_1, a_4, len_1).
(* Invariant 'ok,len' *)
Have: len_0 <= len_1.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_3, len_1) = shift_uint8(src2_0, len_0).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_1) = shift_uint8(dst2_0, len_0).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
+ (a_2[shift_uint8(a_3, i)] = a_2[shift_uint8(a, i)]))).
(* Then *)
Have: 0 < len_0.
}
@@ -420,36 +430,42 @@ Prove: true.
Goal Loop assigns (file tests/wp_usage/issue-189-bis.i, line 54) (4/4):
Effect at line 60
-Let a = Mptr_0[global(P_src_47)].
-Let a_1 = Mptr_0[global(P_dst_48)].
-Let a_2 = shift_uint8(a_1, 0).
-Let a_3 = havoc(Mint_undef_0, Mint_0, a_2, len_0).
-Let a_4 = shift_uint8(a, 0).
+Let a = Mptr_0[global(P_dst_48)].
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = a_2[tmp_0 <- a_2[src2_0]].
+Let a_4 = Mptr_0[global(P_src_47)].
+Let a_5 = shift_uint8(a_4, 0).
Assume {
- Type: is_sint32(len_0) /\ is_sint32(len_1).
+ Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_47 <- 1][P_dst_48 <- 1], tmp_0, 1).
(* Pre-condition 'write_access' *)
- Have: valid_rw(Malloc_0, a_2, len_0).
+ Have: valid_rw(Malloc_0, a_1, len_0).
(* Pre-condition 'read_access' *)
- Have: valid_rd(Malloc_0, a_4, len_0).
+ Have: valid_rd(Malloc_0, a_5, len_0).
(* Pre-condition 'unaliasing' *)
- Have: separated(a_2, len_0, a_4, len_0).
- (* Invariant 'ok,cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
- (a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(tmp_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
+ Have: separated(a_1, len_0, a_5, len_0).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_4, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(tmp_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
+ (a_2[shift_uint8(a_4, i)] = a_2[shift_uint8(a, i)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'ok,len' *)
+ Have: len_1 <= (1 + len_0).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) <= len_0) ->
+ (a_3[shift_uint8(a_4, i)] = a_3[shift_uint8(a, i)]))).
}
-Prove: included(tmp_0, 1, a_2, len_0).
+Prove: included(tmp_0, 1, a_1, len_0).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
index 34ca97dda06b736d3e49cb0a7c787fca2ce32e30..a33ddb69c93825da6e494fdb99f61e7fa614ab1d 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
@@ -4,28 +4,28 @@
[wp] Warning: Missing RTE guards
Goal Post-condition 'memcpy,ok' in 'memcpy_context_vars':
-Let a = global(G_src_47).
-Let a_1 = global(G_dst_48).
-Let a_2 = havoc(Mint_undef_0, Mint_0, shift_uint8(a_1, 0), len_0).
+Let a = global(G_dst_48).
+Let a_1 = havoc(Mint_undef_0, Mint_0, shift_uint8(a, 0), len_0).
+Let a_2 = global(G_src_47).
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
(* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
- (* Invariant 'ok,cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_2[shift_uint8(a_1, i_1)] = Mint_0[shift_uint8(a, i_1)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(dst2_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_2, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(dst2_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_1[shift_uint8(a, i_1)] = Mint_0[shift_uint8(a_2, i_1)]))).
(* Else *)
Have: len_1 <= 0.
}
-Prove: a_2[shift_uint8(a_1, i)] = Mint_0[shift_uint8(a, i)].
+Prove: a_1[shift_uint8(a, i)] = Mint_0[shift_uint8(a_2, i)].
------------------------------------------------------------
@@ -35,29 +35,31 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'ok,cpy' (file tests/wp_usage/issue-189-bis.i, line 55):
-Let a = global(G_src_47).
-Let a_1 = global(G_dst_48).
-Let a_2 = havoc(Mint_undef_0, Mint_0, shift_uint8(a_1, 0), len_0).
-Let a_3 = a_2[dst2_0 <- a_2[src2_0]].
+Let a = global(G_dst_48).
+Let a_1 = havoc(Mint_undef_0, Mint_0, shift_uint8(a, 0), len_0).
+Let a_2 = global(G_src_47).
+Let a_3 = a_1[dst2_0 <- a_1[src2_0]].
Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
(* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
- (* Invariant 'ok,cpy' *)
- Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
- (a_2[shift_uint8(a_1, i_1)] = Mint_0[shift_uint8(a, i_1)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(dst2_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_2, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(dst2_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
+ (a_1[shift_uint8(a, i_1)] = Mint_0[shift_uint8(a_2, i_1)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'ok,len' *)
+ Have: len_1 <= (1 + len_0).
}
-Prove: a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)].
+Prove: a_3[shift_uint8(a_2, i)] = a_3[shift_uint8(a, i)].
------------------------------------------------------------
@@ -77,22 +79,22 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant 'ok,len' (file tests/wp_usage/issue-189-bis.i, line 51):
-Let a = global(G_src_47).
-Let a_1 = global(G_dst_48).
+Let a = global(G_dst_48).
+Let a_1 = global(G_src_47).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Pre-condition 'write_access' *)
Have: ((0 < len_1) -> (len_1 <= 1)).
- (* Invariant 'ok,cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
- (havoc(Mint_undef_0, Mint_0, shift_uint8(a_1, 0), len_1)
- [shift_uint8(a_1, i)] = Mint_0[shift_uint8(a, i)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_1) = shift_uint8(dst2_0, len_0).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_1) = shift_uint8(src2_0, len_0).
(* Invariant 'ok,len' *)
Have: len_0 <= len_1.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_1, len_1) = shift_uint8(src2_0, len_0).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_1) = shift_uint8(dst2_0, len_0).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
+ (havoc(Mint_undef_0, Mint_0, shift_uint8(a, 0), len_1)
+ [shift_uint8(a, i)] = Mint_0[shift_uint8(a_1, i)]))).
(* Then *)
Have: 0 < len_0.
}
@@ -134,31 +136,37 @@ Prove: true.
Goal Loop assigns (file tests/wp_usage/issue-189-bis.i, line 54) (4/4):
Effect at line 60
-Let a = global(G_src_47).
-Let a_1 = global(G_dst_48).
-Let a_2 = shift_uint8(a_1, 0).
+Let a = global(G_dst_48).
+Let a_1 = shift_uint8(a, 0).
+Let a_2 = havoc(Mint_undef_0, Mint_0, a_1, len_0).
+Let a_3 = a_2[tmp_0 <- a_2[src2_0]].
+Let a_4 = global(G_src_47).
Assume {
- Type: is_sint32(len_0) /\ is_sint32(len_1).
+ Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Heap *)
Type: linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, tmp_0, 1).
(* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
- (* Invariant 'ok,cpy' *)
- Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
- (havoc(Mint_undef_0, Mint_0, a_2, len_0)[shift_uint8(a_1, i)] =
- Mint_0[shift_uint8(a, i)]))).
- (* Invariant 'ok,dst' *)
- Have: shift_uint8(a_1, len_0) = shift_uint8(tmp_0, len_1).
- (* Invariant 'ok,src' *)
- Have: shift_uint8(a, len_0) = shift_uint8(src2_0, len_1).
(* Invariant 'ok,len' *)
Have: len_1 <= len_0.
+ (* Invariant 'ok,src' *)
+ Have: shift_uint8(a_4, len_0) = shift_uint8(src2_0, len_1).
+ (* Invariant 'ok,dst' *)
+ Have: shift_uint8(a, len_0) = shift_uint8(tmp_0, len_1).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
+ (a_2[shift_uint8(a, i)] = Mint_0[shift_uint8(a_4, i)]))).
(* Then *)
Have: 0 < len_1.
+ (* Invariant 'ok,len' *)
+ Have: len_1 <= (1 + len_0).
+ (* Invariant 'ok,cpy' *)
+ Have: forall i : Z. ((0 <= i) -> (((len_1 + i) <= len_0) ->
+ (a_3[shift_uint8(a_4, i)] = a_3[shift_uint8(a, i)]))).
}
-Prove: included(tmp_0, 1, a_2, len_0).
+Prove: included(tmp_0, 1, a_1, len_0).
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/save_load.i b/src/plugins/wp/tests/wp_usage/save_load.i
index 0e3111eeace52fb92fdba25217bebf8e1ec551e3..8d6c5f320e6e8832c1a1259d49db83952a0cbe80 100644
--- a/src/plugins/wp/tests/wp_usage/save_load.i
+++ b/src/plugins/wp/tests/wp_usage/save_load.i
@@ -1,5 +1,5 @@
/* run.config
- EXECNOW: LOG save_load.sav.res LOG save_load.sav.err BIN @PTEST_NAME@.sav @frama-c@ -wp-warn-key pedantic-assigns=inactive -wp-share ./share -wp -wp-print -wp-prover none @PTEST_FILE@ -save @PTEST_RESULT@/@PTEST_NAME@.sav > @PTEST_RESULT@/@PTEST_NAME@.sav.res 2> @PTEST_RESULT@/@PTEST_NAME@.sav.err
+ EXECNOW: LOG save_load.sav.res LOG save_load.sav.err BIN @PTEST_NAME@.sav @frama-c@ -wp-warn-key pedantic-assigns=inactive -wp-share @PTEST_SHARE_DIR@ -wp -wp-print -wp-prover none @PTEST_FILE@ -save @PTEST_RESULT@/@PTEST_NAME@.sav > @PTEST_RESULT@/@PTEST_NAME@.sav.res 2> @PTEST_RESULT@/@PTEST_NAME@.sav.err
CMD: @frama-c@ -load %{dep:@PTEST_RESULT@/@PTEST_NAME@.sav} -wp-warn-key pedantic-assigns=inactive
OPT: -print
OPT: -wp -wp-prover none -wp-print
diff --git a/tests/builtins/big_local_array_script.ml b/tests/builtins/big_local_array_script.ml
index d54de2f49c941315c7e7d8d5c5046dd485a4836e..fd3254716f91c30442ce23323bbff0c4cc2681c5 100644
--- a/tests/builtins/big_local_array_script.ml
+++ b/tests/builtins/big_local_array_script.ml
@@ -1,8 +1,16 @@
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
+
let foo () =
if Project.get_name (Project.current ()) <> "prj" then begin
let prj = Project.create "prj" in
let () = Project.set_current prj in
- let f = Filepath.Normalized.of_string "tests/builtins/big_local_array.i" in
+ let f = Filepath.Normalized.of_string (ptest_file "tests/builtins/" "big_local_array.i") in
File.init_from_c_files [File.from_filename f]
end
diff --git a/tests/builtins/from_result.c b/tests/builtins/from_result.c
index c7e6b87f2e2c9119c98dbda36a09634b8760e081..e04c3978a755ccca665bb69c8782ea00006448d4 100644
--- a/tests/builtins/from_result.c
+++ b/tests/builtins/from_result.c
@@ -1,8 +1,8 @@
/* run.config*
- OPT: @EVA_CONFIG@ -eva-alloc-builtin fresh -deps
+ OPT: -cpp-extra-args=-I@PTEST_SHARE_DIR@ @EVA_CONFIG@ -eva-alloc-builtin fresh -deps
*/
-#include "../../share/libc/stdlib.c"
+#include "libc/stdlib.c"
struct T { int a; int b; };
diff --git a/tests/compliance/check-json.i b/tests/compliance/check-json.i
index 88d6a106f0362fafce2346750cd8442688257a5d..b4c5e6c33fc7f804398a3320873a02c67a4440cc 100644
--- a/tests/compliance/check-json.i
+++ b/tests/compliance/check-json.i
@@ -1,5 +1,5 @@
/*run.config
- MACRO: SHARE share/compliance
+ MACRO: SHARE @PTEST_SHARE_DIR@/compliance
NOFRAMAC:
EXECNOW: LOG json_@PTEST_NAME@_1.txt python3 -m json.tool < @SHARE@/c11_functions.json | head -n 2 > @PTEST_RESULT@/json_@PTEST_NAME@_1.txt 2> @DEV_NULL@
EXECNOW: LOG json_@PTEST_NAME@_2.txt python3 -m json.tool < @SHARE@/glibc_functions.json | head -n 2 > @PTEST_RESULT@/json_@PTEST_NAME@_2.txt 2> @DEV_NULL@
diff --git a/tests/fc_script/build-callgraph.i b/tests/fc_script/build-callgraph.i
index 32d7f8785037ce143f729181fd7d3e8ef20d42ae..7ec5a976aeb0b98d696992b666850cb7c6e497fa 100644
--- a/tests/fc_script/build-callgraph.i
+++ b/tests/fc_script/build-callgraph.i
@@ -1,6 +1,6 @@
/* run.config
NOFRAMAC: testing frama-c-script, not frama-c itself
- EXECNOW: LOG build-callgraph.res LOG build-callgraph.err bin/frama-c-script heuristic-print-callgraph @PTEST_DIR@/@PTEST_NAME@.i > @PTEST_RESULT@/build-callgraph.res 2> @PTEST_RESULT@/build-callgraph.err
+ EXECNOW: LOG build-callgraph.res LOG build-callgraph.err %{bin:frama-c-script} heuristic-print-callgraph @PTEST_DIR@/@PTEST_NAME@.i > @PTEST_RESULT@/build-callgraph.res 2> @PTEST_RESULT@/build-callgraph.err
*/
#include <stdio.h>
diff --git a/tests/fc_script/main.c b/tests/fc_script/main.c
index 34a456e008ee9c04c99aec5dbe70560232a1201b..d6526f2b234c2d45c42862eaf1d7c231c85f268f 100644
--- a/tests/fc_script/main.c
+++ b/tests/fc_script/main.c
@@ -1,7 +1,7 @@
/* run.config
NOFRAMAC: testing frama-c-script, not frama-c itself
DEPS: for-find-fun2.c for-find-fun.c main.c main2.c main3.c
- EXECNOW: LOG GNUmakefile LOG make_template.res LOG make_template.err PTESTS_TESTING= %{bin:frama-c-script} -C @PTEST_DIR@ make-template result < %{dep:@PTEST_DIR@/make_template.input} > @PTEST_RESULT@/make_template.res 2> @PTEST_RESULT@/make_template.err
+ EXECNOW: LOG GNUmakefile LOG make_template.res LOG make_template.err PTESTS_TESTING= %{bin:frama-c-script} -C @PTEST_DIR@ make-template $(basename @PTEST_RESULT@) < %{dep:@PTEST_DIR@/make_template.input} > @PTEST_RESULT@/make_template.res 2> @PTEST_RESULT@/make_template.err
DEPS: main2.c main3.c main.c
EXECNOW: LOG list_files.res LOG list_files.err %{bin:frama-c-script} list-files %{dep:@PTEST_DIR@/list_files.json} > @PTEST_RESULT@/list_files.res 2> @PTEST_RESULT@/list_files.err
DEPS: for-find-fun2.c for-find-fun.c for-list-functions.c main2.c main3.c main.c make-wrapper2.c make-wrapper3.c make-wrapper.c
diff --git a/tests/fc_script/make-wrapper.c b/tests/fc_script/make-wrapper.c
index 909a33cf6540749ec896583d0d2ef47555b27933..89700bc4aa9ecaac4668c8010ebc73edec3d2c26 100644
--- a/tests/fc_script/make-wrapper.c
+++ b/tests/fc_script/make-wrapper.c
@@ -1,9 +1,9 @@
/* run.config
+MACRO: RM_TMP_DIR rm -rf make-for-make-wrapper.parse make-for-make-wrapper.eva
NOFRAMAC: testing frama-c-script
COMMENT: in case of errors, remove the 'grep' part to get the full output
- EXECNOW: LOG make-wrapper.res LOG make-wrapper.err cd @PTEST_DIR@ && touch make-wrapper2.c && touch make-wrapper3.c && FRAMAC=../../bin/frama-c ../../bin/frama-c-script make-wrapper --make-dir . -f make-for-make-wrapper.mk | grep -A999999 "make-wrapper recommendations" > result/make-wrapper.res 2> result/make-wrapper.err && rm -rf make-for-make-wrapper.parse make-for-make-wrapper.eva
+ EXECNOW: LOG make-wrapper.res LOG make-wrapper.err (cd @PTEST_DIR@ && touch make-wrapper2.c && touch make-wrapper3.c && @RM_TMP_DIR@ && FRAMAC=%{bin:frama-c} %{bin:frama-c-script} make-wrapper --make-dir . -f make-for-make-wrapper.mk | grep -A999999 "make-wrapper recommendations" && @RM_TMP_DIR@) > @PTEST_RESULT@/make-wrapper.res 2> @PTEST_RESULT@/make-wrapper.err
*/
-
int defined(int a);
int specified(int a);
diff --git a/tests/fc_script/recursions.i b/tests/fc_script/recursions.i
index 1a167347f75321356a77c06c019f140bcca1791a..7d7cbfe0daab55000e646e4f72ada4a7a4d6525a 100644
--- a/tests/fc_script/recursions.i
+++ b/tests/fc_script/recursions.i
@@ -1,6 +1,6 @@
/* run.config
NOFRAMAC: testing frama-c-script, not frama-c itself
- EXECNOW: LOG recursions.res LOG recursions.err bin/frama-c-script heuristic-detect-recursion @PTEST_FILE@ > @PTEST_RESULT@/recursions.res 2> @PTEST_RESULT@/recursions.err
+ EXECNOW: LOG recursions.res LOG recursions.err %{bin:frama-c-script} heuristic-detect-recursion @PTEST_FILE@ > @PTEST_RESULT@/recursions.res 2> @PTEST_RESULT@/recursions.err
*/
volatile int v;
diff --git a/tests/journal/control.i b/tests/journal/control.i
index d531607a34cc031bf0d2d321097b44804624eacd..092afe2d239cccf9ed270389b444989500316f10 100644
--- a/tests/journal/control.i
+++ b/tests/journal/control.i
@@ -2,16 +2,16 @@
COMMENT: do not compare generated journals since they depend on current time
PLUGIN: @EVA_PLUGINS@
EXECNOW: BIN control_journal.ml @frama-c@ @PTEST_FILE@ -journal-enable -eva -deps -out @EVA_OPTIONS@ -main f -journal-name @PTEST_RESULT@/control_journal.ml > @DEV_NULL@ 2> @DEV_NULL@
- SCRIPT: result/control_journal.ml
+ SCRIPT: @PTEST_RESULT@/control_journal.ml
OPT:
MODULE:
- SCRIPT: result/control_journal_bis.ml
+ SCRIPT: @PTEST_RESULT@/control_journal_bis.ml
EXECNOW: BIN control_journal_bis.ml cp %{dep:@PTEST_RESULT@/control_journal.ml} @PTEST_RESULT@/control_journal_bis.ml > @DEV_NULL@ 2> @DEV_NULL@
OPT: -calldeps
MODULE: abstract_cpt use_cpt
SCRIPT:
EXECNOW: BIN abstract_cpt_journal.ml @frama-c@ -journal-enable -journal-name @PTEST_RESULT@/abstract_cpt_journal.ml > @DEV_NULL@ 2> @DEV_NULL@
- SCRIPT: result/abstract_cpt_journal.ml
+ SCRIPT: @PTEST_RESULT@/abstract_cpt_journal.ml
OPT:
*/
diff --git a/tests/journal/control2.c b/tests/journal/control2.c
index 98470c1e45b7bcdfcdce05c9d3fb5ba8994f13cc..885d7f07b81496997a68cdd8dc6f8473b7dbd5b8 100644
--- a/tests/journal/control2.c
+++ b/tests/journal/control2.c
@@ -1,9 +1,9 @@
/* run.config
PLUGIN: @EVA_PLUGINS@
EXECNOW: BIN control_journal2.ml @frama-c@ -journal-enable -eva -deps -out -main f -journal-name @PTEST_RESULT@/control_journal2.ml @PTEST_FILE@ > @DEV_NULL@ 2> @DEV_NULL@
- SCRIPT: result/control_journal2
+ SCRIPT: @PTEST_RESULT@/control_journal2.ml
EXECNOW: LOG control2_sav.res LOG control2_sav.err BIN control_journal_next2.ml @frama-c@ -journal-enable -lib-entry -journal-name @PTEST_RESULT@/control_journal_next2.ml @PTEST_FILE@ > @PTEST_RESULT@/control2_sav.res 2> @PTEST_RESULT@/control2_sav.err
- SCRIPT: result/control_journal_next2
+ SCRIPT: @PTEST_RESULT@/control_journal_next2.ml
OPT:
*/
int x,y,c,d;
diff --git a/tests/journal/intra.i b/tests/journal/intra.i
index 95251316f0439ba2e13936850f9afd2a9f4a356a..f19b1d606e2881b0abda42cc04213ea7cd16dc23 100644
--- a/tests/journal/intra.i
+++ b/tests/journal/intra.i
@@ -2,7 +2,7 @@
PLUGIN: @EVA_PLUGINS@ sparecode
MODULE: @PTEST_NAME@
EXECNOW: BIN intra_journal.ml @frama-c@ -eva-show-progress -journal-enable -journal-name @PTEST_RESULT@/intra_journal.ml @PTEST_FILE@ > @DEV_NULL@ 2> @DEV_NULL@
- SCRIPT: result/intra_journal
+ SCRIPT: @PTEST_RESULT@/intra_journal.ml
OPT:
*/
diff --git a/tests/libc/check_full_libc.sh b/tests/libc/check_full_libc.sh
index 7725be701dad428d3090f5b7cb26ff92ad6e545e..bce6a2f6159cad9a016c4032538ab74852c32dce 100755
--- a/tests/libc/check_full_libc.sh
+++ b/tests/libc/check_full_libc.sh
@@ -1,8 +1,14 @@
#!/bin/sh -eu
+# Script used by the test "fc_libc.c"
+
errors=0
-cd share/libc
+if [ "$#" -ge 1 ] && [ -d "$1" ]; then
+ cd "$1"
+else
+ cd share/libc
+fi
for A in *.h */*.h; do
if ! grep -q $A ../../tests/libc/fc_libc.c
diff --git a/tests/libc/coverage.c b/tests/libc/coverage.c
index 8f628572259c0844ff92bea687695c87757e4cd1..e8eda467f288b9461285f737f220bff999e0243f 100644
--- a/tests/libc/coverage.c
+++ b/tests/libc/coverage.c
@@ -1,6 +1,6 @@
/* run.config*
PLUGIN: @PTEST_PLUGIN@ metrics
- OPT: -eva-no-builtins-auto @EVA_OPTIONS@ share/libc/string.c -eva -eva-slevel 6 -metrics-eva-cover -then -metrics-libc
+ OPT: -eva-no-builtins-auto @EVA_OPTIONS@ @PTEST_SHARE_DIR@/libc/string.c -eva -eva-slevel 6 -metrics-eva-cover -then -metrics-libc
*/
#include "string.h"
diff --git a/tests/libc/fc_libc.c b/tests/libc/fc_libc.c
index ad542ec311f9aae9dbb55704e12f9d45b0dfaa44..23ce1d6fe4b7b3497c76fcdd552788e964daeae5 100644
--- a/tests/libc/fc_libc.c
+++ b/tests/libc/fc_libc.c
@@ -1,7 +1,7 @@
/* run.config*
PLUGIN: @EVA_PLUGINS@ metrics
MODULE: check_libc_naming_conventions, check_const
- OPT: -print -cpp-extra-args='-nostdinc -Ishare/libc' -metrics -metrics-libc -eva @EVA_CONFIG@ -then -lib-entry -no-print -metrics-no-libc
+ OPT: -print -cpp-extra-args='-nostdinc -I@PTEST_SHARE_DIR@/libc' -metrics -metrics-libc -eva @EVA_CONFIG@ -then -lib-entry -no-print -metrics-no-libc
MODULE:
OPT: -print -print-libc -machdep x86_32
MODULE: check_parsing_individual_headers
@@ -11,7 +11,7 @@
MODULE: check_compliance
OPT: -kernel-msg-key printer:attrs
MODULE:
- CMD: %{dep:@PTEST_DIR@/check_full_libc.sh}
+ CMD: %{dep:@PTEST_DIR@/check_full_libc.sh} @PTEST_SHARE_DIR@/libc
OPT:
**/
#define __FC_REG_TEST
diff --git a/tests/libc/runtime.c b/tests/libc/runtime.c
index 22567e6e4de9558ddb133b356f041295fde4a0ca..05600e9550914c4df46a46b4c5ee321fd43f6e38 100644
--- a/tests/libc/runtime.c
+++ b/tests/libc/runtime.c
@@ -1,6 +1,6 @@
/* run.config*
COMMENT: tests that the runtime can compile without errors (for PathCrawler, E-ACSL, ...)
- CMD: gcc -D__FC_MACHDEP_X86_64 share/libc/__fc_runtime.c -Wno-attributes -std=c99 -Wall -Wwrite-strings -o @DEV_NULL@
+ CMD: gcc -D__FC_MACHDEP_X86_64 @PTEST_SHARE_DIR@/libc/__fc_runtime.c -Wno-attributes -std=c99 -Wall -Wwrite-strings -o @DEV_NULL@
OPT:
*/
diff --git a/tests/libc/string_c_generic.c b/tests/libc/string_c_generic.c
index 4470a3d07b525b8b4e45e785be34dd8d5dcfa151..e139d9e467d58148978c85c48be979fbe5a0030d 100644
--- a/tests/libc/string_c_generic.c
+++ b/tests/libc/string_c_generic.c
@@ -1,5 +1,5 @@
/* run.config
- STDOPT: #"-eva-no-builtins-auto -cpp-extra-args=-includeshare/libc/string.c -eva-slevel-function strcpy:20,strncpy:5,strcmp:6,strchr:20,strrchr:20,strncat:4,memset:32,strlen:20,memcmp:8 -eva-no-skip-stdlib-specs"
+ STDOPT: #"-eva-no-builtins-auto -cpp-extra-args=-include@PTEST_SHARE_DIR@/libc/string.c -eva-slevel-function strcpy:20,strncpy:5,strcmp:6,strchr:20,strrchr:20,strncat:4,memset:32,strlen:20,memcmp:8 -eva-no-skip-stdlib-specs"
*/
/* This file has been adapted from libc-test, which is licensed under the
following standard MIT license:
diff --git a/tests/libc/string_c_strchr.c b/tests/libc/string_c_strchr.c
index 83ea787bc73c2df126834751d060407781a888b1..4f1bd74747d116b089e6d0598cb2522e83263518 100644
--- a/tests/libc/string_c_strchr.c
+++ b/tests/libc/string_c_strchr.c
@@ -1,5 +1,5 @@
/* run.config
- STDOPT: #"-cpp-extra-args=-includeshare/libc/string.c -eva-slevel-function strchr:256,main:256 -eva-slevel-merge-after-loop main -eva-no-builtins-auto -eva-no-skip-stdlib-specs"
+ STDOPT: #"-cpp-extra-args=-include@PTEST_SHARE_DIR@/libc/string.c -eva-slevel-function strchr:256,main:256 -eva-slevel-merge-after-loop main -eva-no-builtins-auto -eva-no-skip-stdlib-specs"
*/
/* This file has been adapted from libc-test, which is licensed under the
following standard MIT license:
diff --git a/tests/libc/string_c_strstr.c b/tests/libc/string_c_strstr.c
index 3dd1d13d8904d0e92b9b44ca207323abdd1715f6..14f2597d49ab7e8c9417ac50aa31a84f2c275b82 100644
--- a/tests/libc/string_c_strstr.c
+++ b/tests/libc/string_c_strstr.c
@@ -1,5 +1,5 @@
/* run.config
- STDOPT: #"-cpp-extra-args=-includeshare/libc/string.c -eva-slevel-function strstr:30 -eva-no-skip-stdlib-specs"
+ STDOPT: #"-cpp-extra-args=-include@PTEST_SHARE_DIR@/libc/string.c -eva-slevel-function strstr:30 -eva-no-skip-stdlib-specs"
*/
/* This file has been adapted from libc-test, which is licensed under the
following standard MIT license:
diff --git a/tests/libc/test_config b/tests/libc/test_config
index 069a4888d38f81544d6797ecad65e1e1070e3198..7ffaf3b052ad072e5dd60b64156040e8d2789475 100644
--- a/tests/libc/test_config
+++ b/tests/libc/test_config
@@ -1,2 +1,2 @@
PLUGIN: @EVA_PLUGINS@
-OPT: -eva @EVA_CONFIG@ -cpp-extra-args='-nostdinc -Ishare/libc'
+OPT: -eva @EVA_CONFIG@ -cpp-extra-args='-nostdinc -I@PTEST_SHARE_DIR@/libc'
diff --git a/tests/misc/audit-in.json b/tests/misc/audit-in.json
index 580f8ac0b0bf71f754b3f4a4b99a41655e8886e6..b4713ef08bbf58a39774a8b6952975872153f4a3 100644
--- a/tests/misc/audit-in.json
+++ b/tests/misc/audit-in.json
@@ -1,8 +1,8 @@
{
"sources": {
- "tests/misc/audit.c": "01010101010101010101010101010101",
- "tests/misc/audit_included.h": "c2cc488143a476f69cf2ed04c3439e6e",
- "tests/misc/non_existing_file.h": "1234567890abcdef1234567890abcdef"
+ "PTEST_DIR/audit.c": "01010101010101010101010101010101",
+ "PTEST_DIR/audit_included.h": "c2cc488143a476f69cf2ed04c3439e6e",
+ "PTEST_DIR/non_existing_file.h": "1234567890abcdef1234567890abcdef"
},
"kernel": {
"warning-categories": {
diff --git a/tests/misc/audit.c b/tests/misc/audit.c
index f9111560e09ba541fdef93e09f563fc2b75d5707..7582fc95e7fdabdaf04d50c468dfe1932c596eb1 100644
--- a/tests/misc/audit.c
+++ b/tests/misc/audit.c
@@ -1,7 +1,9 @@
/* run.config
-PLUGIN: @EVA_PLUGINS@
- LOG: audit-out.json
- STDOPT: #"-audit-check %{dep:@PTEST_DIR@/audit-in.json} -audit-prepare @PTEST_RESULT@/audit-out.json -kernel-warn-key audit=active"
+ PLUGIN: @EVA_PLUGINS@
+ EXECNOW: BIN audit.json cat %{dep:@PTEST_DIR@/audit-in.json} | sed -e 's:PTEST_DIR:@PTEST_DIR@:' > @PTEST_RESULT@/audit.json 2> @DEV_NULL@
+ DEPS: audit_included.h, audit_included_but_not_listed.h
+ LOG: audit-out.json
+ STDOPT: #"-audit-check %{dep:@PTEST_RESULT@/audit.json} -audit-prepare @PTEST_RESULT@/audit-out.json -kernel-warn-key audit=active"
*/
#include "audit_included.h"
#include "audit_included_but_not_listed.h"
diff --git a/tests/misc/interpreted_automata_dataflow_backward.ml b/tests/misc/interpreted_automata_dataflow_backward.ml
index 6eba2fdd6bd82afedadcd44e4d577435278aead5..be12ce941874d759193954a5f85e43fa013c111b 100644
--- a/tests/misc/interpreted_automata_dataflow_backward.ml
+++ b/tests/misc/interpreted_automata_dataflow_backward.ml
@@ -57,6 +57,13 @@ end
module Dataflow = Interpreted_automata.BackwardAnalysis (LivenessDomain)
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
let run () =
let main_kf, _ = Globals.entry_point () in
(* Run the analysis *)
@@ -64,8 +71,7 @@ let run () =
(* Output to dot *)
let filepath =
let open Filename in
- let (/) = concat in
- dirname __FILE__ / "result" / remove_extension (basename __FILE__) ^ ".dot"
+ ptest_file (dirname __FILE__ ^ "/result/") (remove_extension (basename __FILE__) ^ ".dot")
in
let filepath = Filepath.Normalized.of_string filepath in
Dataflow.Result.to_dot_file LivenessDomain.pretty results filepath
diff --git a/tests/misc/interpreted_automata_dataflow_forward.ml b/tests/misc/interpreted_automata_dataflow_forward.ml
index 4f9d2aa51ed8b031bc29afaba08158f246a7b8cd..157457d58a14898adc9fcca73a555ab202a0fe89 100644
--- a/tests/misc/interpreted_automata_dataflow_forward.ml
+++ b/tests/misc/interpreted_automata_dataflow_forward.ml
@@ -99,6 +99,13 @@ end
module Dataflow = Interpreted_automata.ForwardAnalysis (ConstantsDomain)
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
let run () =
let main_kf, _ = Globals.entry_point () in
let main_name = Kernel_function.get_name main_kf in
@@ -107,8 +114,7 @@ let run () =
(* Output to dot *)
let filepath =
let open Filename in
- let (/) = concat in
- dirname __FILE__ / "result" / remove_extension (basename __FILE__) ^ ".dot"
+ ptest_file ((dirname __FILE__) ^ "/result/") (remove_extension (basename __FILE__) ^ ".dot")
in
let filepath = Filepath.Normalized.of_string filepath in
Dataflow.Result.to_dot_file ConstantsDomain.pretty results filepath;
diff --git a/tests/misc/issue109.ml b/tests/misc/issue109.ml
index 7aee9ffd3243a05442c495f4ad6ec7169184008b..98cc840b15e7d55bbe01e7c1b6083c3bc28c9fbe 100644
--- a/tests/misc/issue109.ml
+++ b/tests/misc/issue109.ml
@@ -1,7 +1,14 @@
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
let main () =
!Db.Value.compute ();
Dynamic.Parameter.String.set "" "";
- Dynamic.Parameter.String.set "" "tests/misc/issue109.i";
+ Dynamic.Parameter.String.set "" (ptest_file "tests/misc/" "issue109.i");
File.init_from_cmdline ();
!Db.Value.compute ()
diff --git a/tests/misc/oracle/audit-out.json b/tests/misc/oracle/audit-out.json
index c151c12fdce623f1fe68d3bc676efd2014ddf206..30cc9049f1ea959f8a1b169fdd3b58d2c5d95dc4 100644
--- a/tests/misc/oracle/audit-out.json
+++ b/tests/misc/oracle/audit-out.json
@@ -72,7 +72,7 @@
}
},
"sources": {
- "tests/misc/audit.c": "849a5c434063ac353bc07ba7e8ca7109",
+ "tests/misc/audit.c": "4707fbd9cf9d2b4b97da7e3cc446e7ba",
"tests/misc/audit_included.h": "c2cc488143a476f69cf2ed04c3439e6e",
"tests/misc/audit_included_but_not_listed.h":
"c2cc488143a476f69cf2ed04c3439e6e"
diff --git a/tests/misc/oracle/audit.res.oracle b/tests/misc/oracle/audit.res.oracle
index 040c0629cdf7834af8207a62ba3d96e361136a7b..37134b1c37db62e2f8b7ea79f0a50558e7f1687e 100644
--- a/tests/misc/oracle/audit.res.oracle
+++ b/tests/misc/oracle/audit.res.oracle
@@ -1,12 +1,12 @@
[kernel:audit] Warning:
- different hashes for tests/misc/audit.c: got 849a5c434063ac353bc07ba7e8ca7109, expected 01010101010101010101010101010101
+ different hashes for tests/misc/audit.c: got 4707fbd9cf9d2b4b97da7e3cc446e7ba, expected 01010101010101010101010101010101
[kernel:audit] Warning:
different hashes for tests/misc/audit_included_but_not_listed.h: got c2cc488143a476f69cf2ed04c3439e6e, expected <none> (not in list)
[kernel:audit] Warning:
missing files:
tests/misc/non_existing_file.h
[kernel] Parsing tests/misc/audit.c (with preprocessing)
-[kernel:parser:decimal-float] tests/misc/audit.c:10: Warning:
+[kernel:parser:decimal-float] tests/misc/audit.c:12: Warning:
Floating-point constant 2.1 is not represented exactly. Will use 0x1.0cccccccccccdp1.
(warn-once: no further messages from category 'parser:decimal-float' will be emitted)
[eva] Analyzing a complete application starting at main
diff --git a/tests/misc/with-space.i b/tests/misc/with-space.i
index 4e9efa5b156b97abc144bd790cb390794976c275..98f36854e12589e89b66c49274a8bd9556998b20 100644
--- a/tests/misc/with-space.i
+++ b/tests/misc/with-space.i
@@ -1,4 +1,4 @@
/* run.config
- SCRIPT: with\ space/module
+ SCRIPT: @PTEST_DIR@/with\ space/module
OPT:
*/
diff --git a/tests/pdg/dyn_dpds.ml b/tests/pdg/dyn_dpds.ml
index caa5d09a5d892e1b58bb6259b31f83630610aa53..02dc6d7d49dcd3560fdba0187fe569e2f40ca4c1 100644
--- a/tests/pdg/dyn_dpds.ml
+++ b/tests/pdg/dyn_dpds.ml
@@ -5,6 +5,13 @@ zgrviewer tests/pdg/dyn_dpds_1.dot ; \
zgrviewer tests/pdg/dyn_dpds_2.dot ;
*)
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
let get_zones str_data (stmt, kf) =
let lval_term = !Db.Properties.Interp.term_lval kf str_data in
let lval = !Db.Properties.Interp.term_lval_to_lval ~result:None lval_term in
@@ -23,7 +30,7 @@ let main _ =
let kf = Globals.Functions.find_def_by_name "main" in
let pdg = !Db.Pdg.get kf in
Format.printf "%a@." (!Db.Pdg.pretty ~bw:false) pdg;
- !Db.Pdg.extract pdg "tests/pdg/result/dyn_dpds_0.dot";
+ !Db.Pdg.extract pdg (ptest_file "tests/pdg/result/" "dyn_dpds_0.dot");
let assert_sid = 5 in (* assert ( *p>G) *)
let assert_stmt, kf = Kernel_function.find_from_sid assert_sid in
let _assert_node =
@@ -44,6 +51,6 @@ let main _ =
Format.printf "Warning : cannot select %a in this function...@\n"
Locations.Zone.pretty undef;
Format.printf "%a@." (!Db.Pdg.pretty ~bw:false) pdg;
- !Db.Pdg.extract pdg "tests/pdg/result/dyn_dpds_1.dot"
+ !Db.Pdg.extract pdg (ptest_file "tests/pdg/result/" "dyn_dpds_1.dot")
let () = Db.Main.extend main
diff --git a/tests/saveload/load_one.ml b/tests/saveload/load_one.ml
index c59e9cd3b7874dde5250c1f4d9a0e2f095ec327a..cef2bc0f80bd94c3a90a943c49997a932664cade 100644
--- a/tests/saveload/load_one.ml
+++ b/tests/saveload/load_one.ml
@@ -1,10 +1,19 @@
-let () = at_exit (fun _ -> Sys.remove "tests/saveload/result/load_one.sav")
+let ptest_file =
+ try
+ let session = Unix.getenv "FRAMAC_SESSION" in
+ if session = Unix.getcwd () then fun dir file -> dir ^ file
+ else fun _ file -> file
+ with Not_found -> fun dir file -> dir ^ file
+
+let sav_file = ptest_file "tests/saveload/result/" "load_one.sav"
+
+let () = at_exit (fun _ -> Sys.remove sav_file)
let main () =
let sparecode () =
Sparecode.Register.get ~select_annot:false ~select_slice_pragma:false
in
- let fp = Filepath.Normalized.of_string "tests/saveload/result/load_one.sav" in
+ let fp = Filepath.Normalized.of_string sav_file in
let p = sparecode () in
Project.save fp;
Project.remove ~project:p ();
@@ -23,4 +32,3 @@ let main2 () =
File.pretty_ast ~prj ()
let () = Db.Main.extend main2
-
diff --git a/tests/slicing/adpcm.c b/tests/slicing/adpcm.c
index d5a940af6ce4b3e0f38686b06bd58aaaa1ce7b32..1d10e25ac4f391f3c4eb6f884236509dac3f9622 100644
--- a/tests/slicing/adpcm.c
+++ b/tests/slicing/adpcm.c
@@ -1,8 +1,5 @@
/* run.config
LIBS: libSelect
MODULE: @PTEST_NAME@
- DEPS: ../test/adpcm.c
- STDOPT: +"-ulevel -1 -deps -slicing-level 2"
+ STDOPT: +"-ulevel -1 -deps -slicing-level 2" #"%{dep:@PTEST_SUITE_DIR@/../test/adpcm.c}"
*/
-
-#include "../test/adpcm.c"
diff --git a/tests/slicing/oracle/adpcm.res.oracle b/tests/slicing/oracle/adpcm.res.oracle
index bcf5570fb7bf878789c98d30a6bcc9569956b1f1..988a2cf104498be1afd24bdaa2d8e322854cf146 100644
--- a/tests/slicing/oracle/adpcm.res.oracle
+++ b/tests/slicing/oracle/adpcm.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/adpcm.c (with preprocessing)
+[kernel] Parsing tests/test/adpcm.c (with preprocessing)
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
[eva] Initial state computed
diff --git a/tests/slicing/oracle/variadic.0.res.oracle b/tests/slicing/oracle/variadic.0.res.oracle
index f9e68d81428e8fec22c094bc01e6bfb4f2e7bd8f..7669ba0d8ee05eab460543a235ae1aff41aff547 100644
--- a/tests/slicing/oracle/variadic.0.res.oracle
+++ b/tests/slicing/oracle/variadic.0.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/variadic.c (with preprocessing)
+[kernel] Parsing tests/pdg/variadic.c (with preprocessing)
[slicing] slicing requests in progress...
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
diff --git a/tests/slicing/oracle/variadic.1.res.oracle b/tests/slicing/oracle/variadic.1.res.oracle
index 5d7828ceaa8967ff22c964132009d2e6e2b7bd02..c35e51dbe0ceee2e3fbfbd07cfbe8429acc25cb0 100644
--- a/tests/slicing/oracle/variadic.1.res.oracle
+++ b/tests/slicing/oracle/variadic.1.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/variadic.c (with preprocessing)
+[kernel] Parsing tests/pdg/variadic.c (with preprocessing)
[slicing] slicing requests in progress...
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
diff --git a/tests/slicing/oracle/variadic.2.res.oracle b/tests/slicing/oracle/variadic.2.res.oracle
index d5c0ef206f02959b4b22384124cddf1c5e649d02..bffda4493c16dbff88660dc58653e0333ab08283 100644
--- a/tests/slicing/oracle/variadic.2.res.oracle
+++ b/tests/slicing/oracle/variadic.2.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/variadic.c (with preprocessing)
+[kernel] Parsing tests/pdg/variadic.c (with preprocessing)
[slicing] slicing requests in progress...
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
diff --git a/tests/slicing/oracle/variadic.3.res.oracle b/tests/slicing/oracle/variadic.3.res.oracle
index 73ee87c31a613ad4bb5b2d2fd856c6bc8a09ba03..9ea0ba3b4978d7a14b1b67e8afe34171009106da 100644
--- a/tests/slicing/oracle/variadic.3.res.oracle
+++ b/tests/slicing/oracle/variadic.3.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/variadic.c (with preprocessing)
+[kernel] Parsing tests/pdg/variadic.c (with preprocessing)
[slicing] slicing requests in progress...
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
diff --git a/tests/slicing/oracle/variadic.4.res.oracle b/tests/slicing/oracle/variadic.4.res.oracle
index 73ee87c31a613ad4bb5b2d2fd856c6bc8a09ba03..9ea0ba3b4978d7a14b1b67e8afe34171009106da 100644
--- a/tests/slicing/oracle/variadic.4.res.oracle
+++ b/tests/slicing/oracle/variadic.4.res.oracle
@@ -1,4 +1,5 @@
[kernel] Parsing tests/slicing/variadic.c (with preprocessing)
+[kernel] Parsing tests/pdg/variadic.c (with preprocessing)
[slicing] slicing requests in progress...
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
diff --git a/tests/slicing/variadic.c b/tests/slicing/variadic.c
index d22dce051c6785a206bee4e44b59c914293a7b45..f509bbf53823837a028d25d210f9a82e64beb619 100644
--- a/tests/slicing/variadic.c
+++ b/tests/slicing/variadic.c
@@ -1,10 +1,8 @@
/* run.config
- DEPS: ../pdg/variadic.c
- STDOPT: +"-slice-return f3 -no-slice-callers -then-on 'Slicing export' -print"
- STDOPT: +"-slice-return f3 -no-slice-callers -variadic-no-translation -then-last -print"
- STDOPT: +"-slice-return f3 -then-on 'Slicing export' -print"
- STDOPT: +"-slice-return main -then-on 'Slicing export' -print"
- STDOPT: +"-slice-return main -slicing-level 3 -then-on 'Slicing export' -print"
+ MACRO: PATHNAME #"%{dep:@PTEST_SUITE_DIR@/../pdg/variadic.c}"
+ STDOPT: @PATHNAME@ +"-slice-return f3 -no-slice-callers -then-on 'Slicing export' -print"
+ STDOPT: @PATHNAME@ +"-slice-return f3 -no-slice-callers -variadic-no-translation -then-last -print"
+ STDOPT: @PATHNAME@ +"-slice-return f3 -then-on 'Slicing export' -print"
+ STDOPT: @PATHNAME@ +"-slice-return main -then-on 'Slicing export' -print"
+ STDOPT: @PATHNAME@ +"-slice-return main -slicing-level 3 -then-on 'Slicing export' -print"
*/
-
-#include "../pdg/variadic.c"
diff --git a/tests/syntax/cpp-command.c b/tests/syntax/cpp-command.c
index 48585271169f5f929f117075c3011689e3011168..8dc2482bb3c60c73ff47398a23b10b69d9252607 100644
--- a/tests/syntax/cpp-command.c
+++ b/tests/syntax/cpp-command.c
@@ -1,11 +1,11 @@
/* run.config*
- FILTER: sed "s:/[^ ]*[/]cpp-command\.[^ ]*\.i:TMPDIR/FILE.i:g; s:$PWD/::g; s: -m32::"
+ FILTER: sed "s:/[^ ]*[/]cpp-command\.[^ ]*\.i:TMPDIR/FILE.i:g; s:$PWD/::g; s:@PTEST_MAKE_DIR@/result@PTEST_CONFIG@/::g; s: -m32::"
OPT: -machdep x86_32 -cpp-frama-c-compliant -cpp-command "echo [\$(basename '%1') \$(basename '%1') \$(basename '%i') \$(basename '%input')] ['%2' '%2' '%o' '%output'] ['%args']"
OPT: -machdep x86_32 -cpp-frama-c-compliant -cpp-command "echo %%1 = \$(basename '%1') %%2 = '%2' %%args = '%args'"
OPT: -machdep x86_32 -cpp-frama-c-compliant -cpp-command "printf \"%s\n\" \"using \\% has no effect : \$(basename \"\%input\")\""
OPT: -machdep x86_32 -cpp-frama-c-compliant -cpp-command "echo %var is not an interpreted placeholder"
OPT: -machdep x86_32 -print-cpp-commands
- OPT: -cpp-extra-args-per-file=@PTEST_FILE@:"-DPF=\\\"cp%02d_3f\\\"" -no-autoload-plugins @PTEST_FILE@ -print
+ OPT: -cpp-extra-args-per-file=@PTEST_FILE@:"-DPF=\\\"cp%02d_3f\\\"" @PTEST_FILE@ -print
*/
#include <stdio.h>
diff --git a/tests/syntax/multiple_decls_contracts.c b/tests/syntax/multiple_decls_contracts.c
index 3ac56b12d72e1800376ceb32e99c82755cca9076..f79505c2b03a7798b228f71157c1b53022a7d54f 100644
--- a/tests/syntax/multiple_decls_contracts.c
+++ b/tests/syntax/multiple_decls_contracts.c
@@ -1,7 +1,7 @@
/* run.config
-OPT: share/libc/string.h @PTEST_FILE@ @PTEST_FILE@ -cpp-extra-args="-Ishare/libc" -print
-OPT: @PTEST_FILE@ share/libc/string.h @PTEST_FILE@ -cpp-extra-args="-Ishare/libc" -print
-OPT: @PTEST_FILE@ @PTEST_FILE@ share/libc/string.h -cpp-extra-args="-Ishare/libc" -print
+OPT: @PTEST_SHARE_DIR@/libc/string.h @PTEST_FILE@ @PTEST_FILE@ -cpp-extra-args="-I@PTEST_SHARE_DIR@/libc" -print
+OPT: @PTEST_FILE@ @PTEST_SHARE_DIR@/libc/string.h @PTEST_FILE@ -cpp-extra-args="-I@PTEST_SHARE_DIR@/libc" -print
+OPT: @PTEST_FILE@ @PTEST_FILE@ @PTEST_SHARE_DIR@/libc/string.h -cpp-extra-args="-I@PTEST_SHARE_DIR@/libc" -print
*/
#include "string.h"
diff --git a/tests/test_config_apron b/tests/test_config_apron
index 32de05d7c0f20a999b8499e88ce3d40627a5b121..5bc02fb2551b5cbdfece488b945456d79adbb705 100644
--- a/tests/test_config_apron
+++ b/tests/test_config_apron
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@
diff --git a/tests/test_config_bitwise b/tests/test_config_bitwise
index 1407e25287add669eb01538c3c86bd36b87341bd..7cb2da1759921ae1004517f41c903f76a9067bcf 100644
--- a/tests/test_config_bitwise
+++ b/tests/test_config_bitwise
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@
diff --git a/tests/test_config_equality b/tests/test_config_equality
index 58feee37a95057215515fc805ecdd7d5274b6c7a..5dab3a18f41d57260d9b0e38ecbc357a1af12314 100644
--- a/tests/test_config_equality
+++ b/tests/test_config_equality
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@
diff --git a/tests/test_config_gauges b/tests/test_config_gauges
index ca7078ec30dbb54ea9d451edc8fdfcc4aab6516e..93f3294a8f30b92c71212f7d7e7a0569e7d7cbe3 100644
--- a/tests/test_config_gauges
+++ b/tests/test_config_gauges
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@
diff --git a/tests/test_config_octagon b/tests/test_config_octagon
index fe1773cc1ea9069cfaea369e8adf0a8c296add6a..eadb9a73a24213917a975331e439207425fb4351 100644
--- a/tests/test_config_octagon
+++ b/tests/test_config_octagon
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@
diff --git a/tests/test_config_symblocs b/tests/test_config_symblocs
index 2352a39dc19574907fd9181d0c181ca94a5a7133..ac0fd259c17046fcb49ee99cb6450d3382f20b3b 100644
--- a/tests/test_config_symblocs
+++ b/tests/test_config_symblocs
@@ -6,7 +6,7 @@ MACRO: EVA_TEST -eva @EVA_CONFIG@ -out -input -deps
MACRO: RTE_TEST -rte -no-warn-invalid-pointer
# Compare the result with the oracle of the default config.
-FILTER: diff --new-file @PTEST_DIR@/oracle/@PTEST_ORACLE@ -
+FILTER: diff --new-file %{dep:@PTEST_SUITE_DIR@/oracle/@PTEST_ORACLE@} -
PLUGIN: @EVA_PLUGINS@
OPT: @EVA_TEST@