diff --git a/src/plugins/aorai/tests/Aorai_test.ml b/src/plugins/aorai/tests/Aorai_test.ml
index 5a1e9fb9bc0c7402697be6f1d92c3e6ad0155ca9..661d97503828b87e72e82c04f716ab97a387577c 100644
--- a/src/plugins/aorai/tests/Aorai_test.ml
+++ b/src/plugins/aorai/tests/Aorai_test.ml
@@ -111,6 +111,7 @@ let extend () =
if ProveAuxSpec.get () then begin
if InternalWpShare.is_set() then
Wp.Wp_parameters.Share.set (InternalWpShare.get());
+ Wp.Wp_parameters.Let.off();
Wp.Wp_parameters.Split.on();
Wp.Wp_parameters.SplitMax.set 32;
Wp.Wp_parameters.Verbose.set 0;
diff --git a/src/plugins/aorai/tests/ya/oracle_prove/declared_function.res.oracle b/src/plugins/aorai/tests/ya/oracle_prove/declared_function.res.oracle
index 500161bb9b87f344c719102b69b2fca48fd92521..7ae3924febd86be97966145c4a9f4f9036d271b5 100644
--- a/src/plugins/aorai/tests/ya/oracle_prove/declared_function.res.oracle
+++ b/src/plugins/aorai/tests/ya/oracle_prove/declared_function.res.oracle
@@ -1,5 +1,5 @@
[kernel] Parsing tests/ya/declared_function.i (no preprocessing)
[kernel] Parsing TMPDIR/aorai_declared_function_0.i (no preprocessing)
-[kernel:annot:missing-spec] TMPDIR/aorai_declared_function_0.i:50: Warning:
- Neither code nor specification for function f, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
+[kernel:annot:missing-spec] TMPDIR/aorai_declared_function_0.i:105: Warning:
+ Neither code nor specification for function f, generating default assigns from the prototype
diff --git a/src/plugins/aorai/tests/ya/oracle_prove/incorrect.res.oracle b/src/plugins/aorai/tests/ya/oracle_prove/incorrect.res.oracle
index 30ba0541d811ba71dc98cdebc6793c7e0d12e87e..4528171182267c406d39f66383a6a0b3ab9f48c9 100644
--- a/src/plugins/aorai/tests/ya/oracle_prove/incorrect.res.oracle
+++ b/src/plugins/aorai/tests/ya/oracle_prove/incorrect.res.oracle
@@ -2,5 +2,5 @@
[aorai] Warning: Call to main does not follow automaton's specification. This path is assumed to be dead
[kernel] Parsing TMPDIR/aorai_incorrect_0.i (no preprocessing)
[wp] Warning: Missing RTE guards
-[kernel:annot:missing-spec] TMPDIR/aorai_incorrect_0.i:69: Warning:
+[kernel:annot:missing-spec] TMPDIR/aorai_incorrect_0.i:70: Warning:
Neither code nor specification for function f, generating default assigns from the prototype
diff --git a/src/plugins/aorai/tests/ya/oracle_prove/serial.res.oracle b/src/plugins/aorai/tests/ya/oracle_prove/serial.res.oracle
index 2dd3de37879294166ef9a7e0f933bf3cc88c7339..504add72c15b60e3a444880a1f2512361f7b52ce 100644
--- a/src/plugins/aorai/tests/ya/oracle_prove/serial.res.oracle
+++ b/src/plugins/aorai/tests/ya/oracle_prove/serial.res.oracle
@@ -1,5 +1,5 @@
[kernel] Parsing tests/ya/serial.c (with preprocessing)
[kernel] Parsing TMPDIR/aorai_serial_0.i (no preprocessing)
-[kernel:annot:missing-spec] TMPDIR/aorai_serial_0.i:738: Warning:
- Neither code nor specification for function Frama_C_show_aorai_state, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
+[kernel:annot:missing-spec] TMPDIR/aorai_serial_0.i:1450: Warning:
+ Neither code nor specification for function Frama_C_show_aorai_state, generating default assigns from the prototype
diff --git a/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params.res.oracle b/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params.res.oracle
index 0bf1b088bf5ade07b4cd849c3aec445cb17b41ef..6af6c903d75f55c62879d1118a94fba3347d91fa 100644
--- a/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params.res.oracle
+++ b/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params.res.oracle
@@ -1,5 +1,3 @@
[kernel] Parsing tests/ya/test_acces_params.c (with preprocessing)
[kernel] Parsing TMPDIR/aorai_test_acces_params_0.i (no preprocessing)
-[wp] TMPDIR/aorai_test_acces_params_0.i:4: Warning:
- Global invariant not handled yet ('inv' ignored)
[wp] Warning: Missing RTE guards
diff --git a/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params2.res.oracle b/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params2.res.oracle
index 82a83a9128b6065cf9c1cddf718442da4c93d7d1..9e85d00f9bab0ceefcf38b4712d0f3ecb4bc72a2 100644
--- a/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params2.res.oracle
+++ b/src/plugins/aorai/tests/ya/oracle_prove/test_acces_params2.res.oracle
@@ -1,5 +1,3 @@
[kernel] Parsing tests/ya/test_acces_params2.c (with preprocessing)
[kernel] Parsing TMPDIR/aorai_test_acces_params2_0.i (no preprocessing)
-[wp] TMPDIR/aorai_test_acces_params2_0.i:3: Warning:
- Global invariant not handled yet ('inv' ignored)
[wp] Warning: Missing RTE guards
diff --git a/src/plugins/wp/Changelog b/src/plugins/wp/Changelog
index 2d6a0264938aa29a20205f31e02c9ea059fb8163..3abab2c703effd88b49c914549ae48b05db90e9c 100644
--- a/src/plugins/wp/Changelog
+++ b/src/plugins/wp/Changelog
@@ -24,9 +24,15 @@
Plugin WP <next-release>
#########################
-
+- WP [2020-03-01] Section « Limitation & Roadmap » added to the WP manual.
+- WP [2020-03-01] New internal WP engine, fixing many issues related to
+ control flow graph and local variable scoping.
+ Support for stmt contracts has been removed.
+ Support for looping gotos has been removed.
+ Altough unsound, the legacy engine is still
+ accessible via -wp-legacy option.
- WP [2020-01-25] Improved -wp-unfold-assigns <depth>
- Now recursively applies to all compounds
+ Now recursively applies to all compounds
-* WP [2020-01-20] Fixes opaque structures handling
- TIP [2020-11-06] New tactic: Sequence unrolling
- TIP [2020-11-05] New tactic: Induction
diff --git a/src/plugins/wp/ProverCoq.ml b/src/plugins/wp/ProverCoq.ml
index f261a580dd75e40ef1ba245c2637c389722f5cf7..8afee8c578720ab8426e8ec11efc503a4f0b4305 100644
--- a/src/plugins/wp/ProverCoq.ml
+++ b/src/plugins/wp/ProverCoq.ml
@@ -655,7 +655,7 @@ let prove_annot wpo vcq ~mode =
begin fun () ->
let prop =
WpContext.on_context (Wpo.get_context wpo)
- GOAL.compute_proof vcq.VC_Annot.goal in
+ (GOAL.compute_proof ~pid:wpo.po_pid) vcq.VC_Annot.goal in
prove_prop wpo ~mode ~axioms:None ~prop
end
diff --git a/src/plugins/wp/ProverErgo.ml b/src/plugins/wp/ProverErgo.ml
index f217f28fc42c4b4e3a7b8df7eedd7ccd6d45683d..e78bb4bb0f79193b9f870cac7d9b4633963886ff 100644
--- a/src/plugins/wp/ProverErgo.ml
+++ b/src/plugins/wp/ProverErgo.ml
@@ -491,7 +491,7 @@ let prove_annot context pid vcq ~config ~mode =
Task.todo
begin fun () ->
let axioms = vcq.VC_Annot.axioms in
- let prop = GOAL.compute_proof vcq.VC_Annot.goal in
+ let prop = GOAL.compute_proof ~pid vcq.VC_Annot.goal in
prove_prop ~pid ~config ~mode ~context ~axioms ~prop
end
diff --git a/src/plugins/wp/ProverWhy3.ml b/src/plugins/wp/ProverWhy3.ml
index 803bf87115076503721d2446610b4cb13265dc57..adb7fd3e831b90bc20e8cdb0d4acdd56eb84ac60 100644
--- a/src/plugins/wp/ProverWhy3.ml
+++ b/src/plugins/wp/ProverWhy3.ml
@@ -1104,7 +1104,7 @@ let task_of_wpo wpo =
| Wpo.GoalAnnot v ->
let pid = wpo.Wpo.po_pid in
let axioms = v.Wpo.VC_Annot.axioms in
- let prop = Wpo.GOAL.compute_proof v.Wpo.VC_Annot.goal in
+ let prop = Wpo.GOAL.compute_proof ~pid v.Wpo.VC_Annot.goal in
(* Format.printf "Goal: %a@." Lang.F.pp_pred prop; *)
prove_prop ~pid prop ?axioms
| Wpo.GoalLemma v ->
diff --git a/src/plugins/wp/VC.ml b/src/plugins/wp/VC.ml
index 32355d2fc93dbf0e666f73d1439067e66e63d405..4c9c013695cf456b287d57b70fd109bf6a1a380c 100644
--- a/src/plugins/wp/VC.ml
+++ b/src/plugins/wp/VC.ml
@@ -46,7 +46,8 @@ let get_formula po =
match po.po_formula with
| GoalLemma l -> l.VC_Lemma.lemma.Definitions.l_lemma
| GoalAnnot { VC_Annot.goal = g } ->
- WpContext.on_context (get_context po) Wpo.GOAL.compute_proof g
+ WpContext.on_context
+ (get_context po) (Wpo.GOAL.compute_proof ~pid:po.po_pid) g
let clear = Wpo.clear
let proof = Wpo.goals_of_property
diff --git a/src/plugins/wp/cfgInfos.ml b/src/plugins/wp/cfgInfos.ml
index a6e1ad306a00670f622a394c263f237a70d1a515..50ce82a8271924c9a7cef07741647fb3fb0cad87 100644
--- a/src/plugins/wp/cfgInfos.ml
+++ b/src/plugins/wp/cfgInfos.ml
@@ -108,6 +108,14 @@ let selected_call ~bhv ~prop kf =
let selected_clause ~prop name getter kf =
getter kf <> [] && selected_name ~prop name
+let selected_terminates kf =
+ match Annotations.terminates kf with
+ | None -> ()
+ | Some ip ->
+ let loc = ip.ip_content.tp_statement.pred_loc in
+ Wp_parameters.warning ~source:(fst loc)
+ "Terminates not implemented yet (skipped)."
+
let selected_disjoint_complete kf ~bhv ~prop =
selected_default ~bhv &&
( selected_clause ~prop "@complete_behaviors" Annotations.complete kf ||
@@ -247,6 +255,7 @@ let compile Key.{ kf ; smoking ; bhv ; prop } =
Option.iter
begin fun (cfg : Cfg.automaton) ->
(* Spec Iteration *)
+ selected_terminates kf ;
if selected_disjoint_complete kf ~bhv ~prop ||
(List.exists (selected_bhv ~smoking ~bhv ~prop) behaviors)
then infos.annots <- true ;
diff --git a/src/plugins/wp/doc/manual/wp_intro.tex b/src/plugins/wp/doc/manual/wp_intro.tex
index 87cf5ca2b52496de946fe09bdd591d0ce4e17656..03468d5a7b3d0d04a535f8561b616f213b7c5fc7 100644
--- a/src/plugins/wp/doc/manual/wp_intro.tex
+++ b/src/plugins/wp/doc/manual/wp_intro.tex
@@ -303,7 +303,6 @@ them to generate efficient proof obligations.
% replaces the \texttt{Store} one; the \texttt{Runtime} model will be entirely
% re-implemented as \texttt{Bytes} model in some future release.
-\clearpage
\section{Arithmetic Models}
\label{wp-model-arith}
@@ -346,7 +345,7 @@ For tackling this complexity, the \textsf{WP} plug-in relies on several
\item[Float Model:] floating-point values are represent in a special
theory with dedicated operations over \texttt{float} and \texttt{double}
values and conversion from and to their \texttt{real} representation \emph{via}
- rounding, as defined by the \textsc{C/ACSL} semantics.
+ rounding, as defined by the \textsf{C/ACSL} semantics.
Although correct with respect to the \textsc{IEEE} specifications, this
model still provides very little support for proving properties with automated
@@ -365,4 +364,69 @@ For tackling this complexity, the \textsf{WP} plug-in relies on several
proofs to be correct. Depending on the model used and the kernel options, those conditions
may change. WP do not generate proof obligations for runtime errors on its own. Instead, it can
discharge the annotations generated by the \textsf{Eva} analysis plug-in, or by the \textsf{RTE} plug-in.
-Consider also using \textsf{-wp-rte} option.
+Consider also using \texttt{-wp-rte} option.
+
+\section{Limitations \& Roadmap}
+
+The ambition of \textsf{WP} plug-in is to cover as many \textsf{ACSL} features as possible. However, some of them are still not available yet, because of lack of manpower or more fundamental reasons. This section provides an overview of those limitations, with roadmap indications: \textit{easy}
+means that support could be provided on demand, \textit{medium} means that
+significant manpower is required to implement the feature and \textit{hard} means that a mid-term research project would be required. This list of limitations is probably not exhaustive (yet) and will be maintained over future versions of \textsf{Frama-C/WP}.
+
+\begin{description}
+\item[Global invariants.]
+Not implemented yet (\textit{easy}).
+\item[Type invariants.]
+Type invariants requires to be coupled with new memory models and
+some memory region analysis (\textit{hard}).
+\item[Model fields.]
+This \textsf{ACSL} feature is generally coupled with type invariants and global invariants, hence it is not implemented yet. From a practical point
+of view, we think that ghost fields with logic types would be very complementary and easier to use. We are waiting for challenging use cases
+to implement these features (\textit{medium}).
+\item[Statement contracts.]
+No more supported since \textsf{Frama-C 23} (Vanadium) because of
+unsoundness bugs to be fixed and \textsf{ACSL} restrictions.
+Support shall be restored on a mid-term basis (\textit{easy}).
+\item[Non-natural loops.]
+Loop constructed with \textsf{goto} are no more supported since
+\textsf{Frama-C 23} (Vanadium) because of unsoundness bugs to be fixed.
+A new engine is under construction but is not yet ready (\textit{medium}).
+\item[Dynamic allocation.]
+All implemented memory models \emph{are} able to deal with dynamic allocation,
+which is actually used internally to manage the scope of local variables.
+However, \textsf{ACSL} clauses for specifying allocation and deallocation
+are not implemented yet (\textit{medium}).
+\item[Termination.]
+Verification of function termination is not implemented yet, although
+the support of \textsf{ACSL} \texttt{loop variant} is provided.
+Full support for \texttt{terminates} clause could be easily added
+and combined with the reachability analysis of dead-code smoke tests
+(\textit{easy}).
+\item[Assigns.]
+The WP strategy for proving assign clauses is a based on a sound but incomplete verification: we check that side effects
+(writes and called assigns) are \emph{included} in specified assigns, which
+is a sufficient but not necessary condition. The known workaround is to
+specify larger assigns and to add the missing equalities to contracts.
+Indeed, looking for an efficient and more permissive strategy would be challenging (\textit{hard}).
+\item[Froms.]
+Proving \textsf{ACSL} assigns-from clauses is not implemented. It is as difficult as proving functional assigns. Although, we have designed some
+heuristics to prove assigns-from clauses in simple cases that could be implemented on a mid-term basis (\textit{medium}).
+\item[Per-behavior assigns.]
+Different assigns clause associated with distinct behaviors are difficult to
+take into account without a deep refactoring of the WP rule of calls. We currently use a sound upper-approximation of assigns for function calls that might make correct \textsf{ACSL} properties not provable by lack of precision
+(\textit{medium}).
+\item[Bytes, unions \& casts.]
+Memory models with non-typed access and bit- or byte-precision access would
+be easy to implement, although terribly inefficient. We are currently working on a new memory analysis that would provide a deep understanding of how to make \emph{different} memory models soundly working with each others on distinct memory regions. This would deserve a brand new research plan, to be founded by collaborative projects (\textit{hard}).
+\item[Floats.]
+A new sound but incomplete model for floats is provided since \textsf{Frama-C 21} (Scandium). Here, by incomplete we means that it is generally difficult
+to prove arithmetic properties of float operations by lack of good support from \textsf{SMT} solvers. Although, recent advances on our \textsf{Colibri} solver open the road to a better support for float operations in a near future (\textit{medium/hard}).
+\item[Function pointers.]
+Limited support for function pointers is provided \emph{via} an extension of \textsf{ACSL}, see Section~\ref{acsl:calls} for details. Currently, a function
+pointer must be provably equal to a finite set of known functions. Although,
+this could be easily extended to support function contracts refinement (\textit{medium}).
+\end{description}
+
+
+
+
+
diff --git a/src/plugins/wp/doc/manual/wp_plugin.tex b/src/plugins/wp/doc/manual/wp_plugin.tex
index 933cd6aa14b0a1b4ccbfb24322588a51c9227e50..950ec5f52dee7cb2a9879b5c730a703f879d6fa0 100644
--- a/src/plugins/wp/doc/manual/wp_plugin.tex
+++ b/src/plugins/wp/doc/manual/wp_plugin.tex
@@ -976,6 +976,7 @@ weakest precondition calculus.
\end{description}
\subsubsection{ACSL extension \texttt{@calls}}
+\label{acsl:calls}
The handling of functions pointers is done via the ACSL code annotation
extension \verb+@calls+. For each call to a function pointer \verb+fp+
diff --git a/src/plugins/wp/tests/wp/oracle/sharing.res.oracle b/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
index 1a343c630528b7e9168bb0126b3d7d389f3a8413..66a855de8d71d8783906372f8332d77884997523 100644
--- a/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/sharing.res.oracle
@@ -85,9 +85,12 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i <= 9).
(* Pre-condition *)
- Have: (0 <= x) /\ (x <= 9) /\ valid_rw(Malloc_0, a, 10) /\
- (forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 9) ->
- (0 <= Mint_0[shift_sint32(t, i_1)])))).
+ Have: valid_rw(Malloc_0, a, 10).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (x <= 9).
+ (* Pre-condition *)
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 9) ->
+ (0 <= Mint_0[shift_sint32(t, i_1)]))).
}
Prove: 0 <= m_3[shift_sint32(t, 4) <- m_3[a_1]][shift_sint32(t, i)].
diff --git a/src/plugins/wp/tests/wp/oracle/wp_behav.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_behav.res.oracle
index 1482e87b434d9c3b0567abedd3464113b9cda5b2..6e383786619039f650fe1d79033e5356f801246b 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_behav.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_behav.res.oracle
@@ -1,28 +1,20 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp/wp_behav.c (with preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp/wp_behav.c:172: Warning:
- Ignored specification 'for b1' (generalize to all behavior)
[wp] Warning: Missing RTE guards
-[wp] tests/wp/wp_behav.c:69: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:81: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:154: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:176: Warning:
+[wp] tests/wp/wp_behav.c:82: Warning:
Missing assigns clause (assigns 'everything' instead)
------------------------------------------------------------
Function assert_needed
------------------------------------------------------------
-Goal Assertion 'ko' (file tests/wp/wp_behav.c, line 117):
+Goal Assertion 'ko' (file tests/wp/wp_behav.c, line 59):
Assume { Type: is_sint32(x). }
Prove: 0 < x.
------------------------------------------------------------
-Goal Assertion 'qed_ok,ok_with_hyp' (file tests/wp/wp_behav.c, line 120):
+Goal Assertion 'qed_ok,ok_with_hyp' (file tests/wp/wp_behav.c, line 62):
Prove: true.
------------------------------------------------------------
@@ -113,19 +105,6 @@ Prove: false.
Goal Assertion for 'x2' 'qed_ok' (file tests/wp/wp_behav.c, line 24):
Prove: true.
-------------------------------------------------------------
-------------------------------------------------------------
- Function local_named_behavior with behavior xpos_stmt_53
-------------------------------------------------------------
-
-Goal Post-condition for 'xpos' 'qed_ok' at instruction (file tests/wp/wp_behav.c, line 112):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition for 'xpos' 'qed_ok' at instruction (file tests/wp/wp_behav.c, line 112):
-Prove: true.
-
------------------------------------------------------------
------------------------------------------------------------
Function min
@@ -175,51 +154,12 @@ Assume {
}
Prove: false.
-------------------------------------------------------------
-------------------------------------------------------------
- Function more_stmt_assigns
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok,ok_with_hoare' in 'more_stmt_assigns':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function more_stmt_assigns with behavior blk_stmt_86
-------------------------------------------------------------
-
-Goal Assigns for 'blk' 'qed_ok,qed_ok' at block (1/2):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'blk' 'qed_ok,qed_ok' at block (2/2):
-Effect at line 163
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function part_stmt_bhv with behavior b1
-------------------------------------------------------------
-
-Goal Post-condition for 'b1' 'qed_ok' in 'part_stmt_bhv':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function part_stmt_bhv with behavior bs_stmt_93_b1
-------------------------------------------------------------
-
-Goal Post-condition for 'bs' (file tests/wp/wp_behav.c, line 175) at block:
-Assume { Type: is_sint32(x). (* Residual *) When: x <= 0. }
-Prove: false.
-
------------------------------------------------------------
------------------------------------------------------------
Function razT
------------------------------------------------------------
-Goal Preservation of Invariant 'qed_ok' (file tests/wp/wp_behav.c, line 153):
+Goal Preservation of Invariant 'qed_ok' (file tests/wp/wp_behav.c, line 81):
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(n_1).
(* Goal *)
@@ -235,7 +175,7 @@ Prove: T[i <- 0][i_1] = 0.
------------------------------------------------------------
-Goal Establishment of Invariant 'qed_ok' (file tests/wp/wp_behav.c, line 153):
+Goal Establishment of Invariant 'qed_ok' (file tests/wp/wp_behav.c, line 81):
Prove: true.
------------------------------------------------------------
@@ -259,130 +199,3 @@ Assume {
Prove: x = 0.
------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_assigns
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp/wp_behav.c, line 134) in 'stmt_assigns':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_assigns with behavior default_for_stmt_70
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp/wp_behav.c, line 139) at call 'unknown' (file tests/wp/wp_behav.c, line 140):
-Call Effect at line 140
-Prove: false.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract with behavior default_for_stmt_22
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract with behavior ko
-------------------------------------------------------------
-
-Goal Post-condition for 'ko' 'qed_ko' in 'stmt_contract':
-Assume {
- Type: is_sint32(stmt_contract_0).
- (* Post-condition 'qed_ok' at block *)
- Have: 0 < stmt_contract_0.
-}
-Prove: 3 <= stmt_contract_0.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract with behavior ko_without_asgn
-------------------------------------------------------------
-
-Goal Post-condition for 'ko_without_asgn' 'qed_ko' in 'stmt_contract':
-Assume {
- Type: is_sint32(Y) /\ is_sint32(stmt_contract_0).
- (* Post-condition 'qed_ok' at block *)
- Have: 0 < stmt_contract_0.
-}
-Prove: Y < stmt_contract_0.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract with behavior ok
-------------------------------------------------------------
-
-Goal Post-condition for 'ok' 'qed_ok' in 'stmt_contract':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_assigns with behavior default_for_stmt_43
-------------------------------------------------------------
-
-Goal Pre-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok,asgn_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_assigns with behavior ko
-------------------------------------------------------------
-
-Goal Post-condition for 'ko' 'qed_ko' in 'stmt_contract_assigns':
-Assume {
- Type: is_sint32(stmt_contract_assigns_0).
- (* Post-condition 'qed_ok' at block *)
- Have: 0 < stmt_contract_assigns_0.
-}
-Prove: 3 <= stmt_contract_assigns_0.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_assigns with behavior ok
-------------------------------------------------------------
-
-Goal Post-condition for 'ok' 'qed_ok' in 'stmt_contract_assigns':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_assigns with behavior ok_asgn
-------------------------------------------------------------
-
-Goal Post-condition for 'ok_asgn' 'qed_ok' in 'stmt_contract_assigns':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_label
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' in 'stmt_contract_label':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function stmt_contract_label with behavior default_for_stmt_32
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
index c377eb93bf7fa1a03983b67f6950c86b1e851748..641adaa819218411aaf86ba480296ea0fa940ee2 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_behavior.0.res.oracle
@@ -67,12 +67,12 @@ Goal Post-condition for 'X' (file tests/wp/wp_behavior.i, line 28) in 'behaviors
Assume {
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'Y' *)
- Have: (P_CY -> P_RY).
- (* Pre-condition for 'X' *)
- Have: P_RX.
(* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
+ (* Pre-condition for 'Y' *)
+ Have: (P_CY -> P_RY).
(* Assertion *)
Have: P_Q.
}
@@ -91,12 +91,12 @@ Assume {
When: !invalid(Malloc_0, px_0, 1).
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'Y' *)
- Have: (P_CY -> P_RY).
- (* Pre-condition for 'X' *)
- Have: P_RX.
(* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
+ (* Pre-condition for 'Y' *)
+ Have: (P_CY -> P_RY).
(* Assertion *)
Have: P_Q.
(* Then *)
@@ -116,12 +116,12 @@ Assume {
When: !invalid(Malloc_0, py_0, 1).
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'Y' *)
- Have: (P_CY -> P_RY).
- (* Pre-condition for 'X' *)
- Have: P_RX.
(* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
+ (* Pre-condition for 'Y' *)
+ Have: (P_CY -> P_RY).
(* Assertion *)
Have: P_Q.
}
@@ -136,12 +136,12 @@ Goal Post-condition for 'Y' (file tests/wp/wp_behavior.i, line 33) in 'behaviors
Assume {
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'X' *)
- Have: (P_CX -> P_RX).
- (* Pre-condition for 'Y' *)
- Have: P_RY.
(* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
+ (* Pre-condition for 'X' *)
+ Have: (P_CX -> P_RX).
(* Assertion *)
Have: P_Q.
}
@@ -160,12 +160,12 @@ Assume {
When: !invalid(Malloc_0, px_0, 1).
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'X' *)
- Have: (P_CX -> P_RX).
- (* Pre-condition for 'Y' *)
- Have: P_RY.
(* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
+ (* Pre-condition for 'X' *)
+ Have: (P_CX -> P_RX).
(* Assertion *)
Have: P_Q.
(* Then *)
@@ -185,12 +185,12 @@ Assume {
When: !invalid(Malloc_0, py_0, 1).
(* Pre-condition *)
Have: P_R.
- (* Pre-condition for 'X' *)
- Have: (P_CX -> P_RX).
- (* Pre-condition for 'Y' *)
- Have: P_RY.
(* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
+ (* Pre-condition for 'X' *)
+ Have: (P_CX -> P_RX).
(* Assertion *)
Have: P_Q.
}
@@ -321,9 +321,9 @@ Assume {
(* Pre-condition for 'X' *)
Have: P_CX.
(* Pre-condition for 'X' *)
- Have: P_RX1.
- (* Pre-condition for 'X' *)
Have: P_RX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX1.
}
Prove: q = p.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
index 8d98a45587a8418840253e104b34f8591534e2d9..96a885bba3278990a3effd16f15de58b00016115 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_behavior.1.res.oracle
@@ -38,9 +38,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
- Have: P_RX.
- (* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
(* Assertion *)
Have: P_Q.
}
@@ -60,9 +60,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
- Have: P_RX.
- (* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
(* Assertion *)
Have: P_Q.
(* Then *)
@@ -83,9 +83,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'X' *)
- Have: P_RX.
- (* Pre-condition for 'X' *)
Have: P_CX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX.
(* Assertion *)
Have: P_Q.
}
@@ -101,9 +101,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
- Have: P_RY.
- (* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
(* Assertion *)
Have: P_Q.
}
@@ -123,9 +123,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
- Have: P_RY.
- (* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
(* Assertion *)
Have: P_Q.
(* Then *)
@@ -146,9 +146,9 @@ Assume {
(* Pre-condition *)
Have: P_R.
(* Pre-condition for 'Y' *)
- Have: P_RY.
- (* Pre-condition for 'Y' *)
Have: P_CY.
+ (* Pre-condition for 'Y' *)
+ Have: P_RY.
(* Assertion *)
Have: P_Q.
}
@@ -279,9 +279,9 @@ Assume {
(* Pre-condition for 'X' *)
Have: P_CX.
(* Pre-condition for 'X' *)
- Have: P_RX1.
- (* Pre-condition for 'X' *)
Have: P_RX.
+ (* Pre-condition for 'X' *)
+ Have: P_RX1.
}
Prove: q = p.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_call_pre.0.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_call_pre.0.res.oracle
index 308fadbaa3174eed5309c7908a2c3c04383345eb..e5c3c82ba8b8920def51364576aa12fc22ab53b6 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_call_pre.0.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_call_pre.0.res.oracle
@@ -1,16 +1,16 @@
# frama-c -wp -wp-model 'Hoare' [...]
[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function g, generating default assigns from the prototype
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function f, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
------------------------------------------------------------
Function call_main
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rmain' in 'main'' in 'call_main' at call 'main' (file tests/wp/wp_call_pre.c, line 40)
+Goal Instance of 'Pre-condition 'qed_ok,Rmain' in 'main'' in 'call_main' at call 'main' (file tests/wp/wp_call_pre.c, line 39)
:
Prove: true.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_call_pre.1.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_call_pre.1.res.oracle
index c8d77c934815cd6db79395b4ab9616605d187395..3023ac12f391121cb6a8f9c62945408fb8f8ecce 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_call_pre.1.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_call_pre.1.res.oracle
@@ -1,9 +1,9 @@
# frama-c -wp -wp-model 'Hoare' [...]
[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
- No code nor implicit assigns clause for function f, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
+[kernel] tests/wp/wp_call_pre.c:32: Warning:
+ No code nor implicit assigns clause for function f, generating default assigns from the prototype
Goal Pre-condition 'qed_ok,Rmain' in 'main':
Prove: true.
@@ -15,7 +15,7 @@ Prove: true.
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'main' at initialization of 'x' (file tests/wp/wp_call_pre.c, line 33)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'main' at initialization of 'x' (file tests/wp/wp_call_pre.c, line 32)
:
Prove: true.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_call_pre.2.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_call_pre.2.res.oracle
index 330ae3ce02fdefc65332fe4ef2477b65bc20f885..f2e03b3000560c04efd1fad890777658830338c0 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_call_pre.2.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_call_pre.2.res.oracle
@@ -1,26 +1,26 @@
# frama-c -wp -wp-model 'Hoare' [...]
[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function g, generating default assigns from the prototype
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function f, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
------------------------------------------------------------
Function double_call
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x1' (file tests/wp/wp_call_pre.c, line 26)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x1' (file tests/wp/wp_call_pre.c, line 25)
:
Prove: true.
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x2' (file tests/wp/wp_call_pre.c, line 27)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x2' (file tests/wp/wp_call_pre.c, line 26)
:
Assume {
Type: is_sint32(f) /\ is_sint32(x).
- (* Pre-condition *)
+ (* Pre-condition 'Rd' *)
Have: 0 <= x.
(* Call 'f' *)
Have: 0 < f.
@@ -32,7 +32,7 @@ Prove: (-1) <= x.
Function main
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'main' at initialization of 'x' (file tests/wp/wp_call_pre.c, line 33)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'main' at initialization of 'x' (file tests/wp/wp_call_pre.c, line 32)
:
Prove: true.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_call_pre.3.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_call_pre.3.res.oracle
index 29adcc554a584024d6373d1168abfae012ab848a..77af61e8f723b82a8f87ac15fe0c391bcb5ca7e0 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_call_pre.3.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_call_pre.3.res.oracle
@@ -1,21 +1,21 @@
# frama-c -wp -wp-model 'Hoare' [...]
[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function f, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x1' (file tests/wp/wp_call_pre.c, line 26)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x1' (file tests/wp/wp_call_pre.c, line 25)
:
Prove: true.
------------------------------------------------------------
-Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x2' (file tests/wp/wp_call_pre.c, line 27)
+Goal Instance of 'Pre-condition 'qed_ok,Rf' in 'f'' in 'double_call' at initialization of 'x2' (file tests/wp/wp_call_pre.c, line 26)
:
Assume {
Type: is_sint32(f) /\ is_sint32(x).
- (* Pre-condition *)
+ (* Pre-condition 'Rd' *)
Have: 0 <= x.
(* Call 'f' *)
Have: 0 < f.
diff --git a/src/plugins/wp/tests/wp/oracle/wp_call_pre.4.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_call_pre.4.res.oracle
deleted file mode 100644
index 2b2fcb498fc51449dccece6ee703b7d4185276d5..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp/oracle/wp_call_pre.4.res.oracle
+++ /dev/null
@@ -1,9 +0,0 @@
-# frama-c -wp -wp-model 'Hoare' [...]
-[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-
-Goal Pre-condition 'qed_ok,Rstmt' at instruction (file tests/wp/wp_call_pre.c, line 47):
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle/wp_strategy.0.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_strategy.0.res.oracle
index db0e3c425b6e087e9635be7eab73370ce9e72e7b..cdda4a216c9ed44973a9a5c0c4421ec750f36476 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_strategy.0.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_strategy.0.res.oracle
@@ -29,131 +29,3 @@ Goal Assertion 'qed_ok,ok' (file tests/wp/wp_strategy.c, line 28):
Prove: true.
------------------------------------------------------------
-------------------------------------------------------------
- Function default_behaviors
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' in 'default_behaviors':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion 'qed_ok' (file tests/wp/wp_strategy.c, line 98):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function default_behaviors with behavior default_for_stmt_54
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok,stmt_p' at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion 'qed_ok' (file tests/wp/wp_strategy.c, line 94):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd1
-------------------------------------------------------------
-
-Goal Assertion 'qed_ok,A' (file tests/wp/wp_strategy.c, line 38):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd1 with behavior default_for_stmt_10
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ko,Eko' at program point (file tests/wp/wp_strategy.c, line 37):
-Assume { Type: is_sint32(x). }
-Prove: 0 < x.
-
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at program point (file tests/wp/wp_strategy.c, line 37):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd2 with behavior P
-------------------------------------------------------------
-
-Goal Assertion for 'P' 'qed_ok,A' (file tests/wp/wp_strategy.c, line 46):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd2 with behavior default_for_stmt_15
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ko,Eko' at program point (file tests/wp/wp_strategy.c, line 45):
-Assume { Type: is_sint32(x). }
-Prove: 0 < x.
-
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at program point (file tests/wp/wp_strategy.c, line 45):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' in 'spec_if':
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_20
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_26
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_32
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if_cond with behavior default_for_stmt_40
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if_not_cond with behavior default_for_stmt_48
-------------------------------------------------------------
-
-Goal Post-condition 'qed_ok' at if-then-else (file tests/wp/wp_strategy.c, line 80):
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle/wp_strategy.1.res.oracle b/src/plugins/wp/tests/wp/oracle/wp_strategy.1.res.oracle
index b3d21c9f32f1cee3d6159fdaacaea1e22e053ffb..cb2137283ad85028b90aafcfa0f39d50812b586a 100644
--- a/src/plugins/wp/tests/wp/oracle/wp_strategy.1.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle/wp_strategy.1.res.oracle
@@ -2,51 +2,4 @@
[kernel] Parsing tests/wp/wp_strategy.c (with preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-------------------------------------------------------------
- Function default_behaviors with behavior default_for_stmt_54
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd1 with behavior default_for_stmt_10
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at program point (file tests/wp/wp_strategy.c, line 37):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function dpd2 with behavior default_for_stmt_15
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at program point (file tests/wp/wp_strategy.c, line 45):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_20
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_26
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function spec_if with behavior default_for_stmt_32
-------------------------------------------------------------
-
-Goal Assigns 'qed_ok' at block:
-Prove: true.
-
-------------------------------------------------------------
+[wp] No proof obligations
diff --git a/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.0.res.oracle b/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.0.res.oracle
index faa679c96697f66156e01511131f9dc0cf867911..3a74aa8479f81fbc1ae664eaf1e71435900d9187 100644
--- a/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.0.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.0.res.oracle
@@ -1,18 +1,10 @@
# frama-c -wp -wp-timeout 1 [...]
[kernel] Parsing tests/wp/wp_behav.c (with preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp/wp_behav.c:172: Warning:
- Ignored specification 'for b1' (generalize to all behavior)
[wp] Warning: Missing RTE guards
-[wp] tests/wp/wp_behav.c:69: Warning:
+[wp] tests/wp/wp_behav.c:82: Warning:
Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:81: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:154: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp/wp_behav.c:176: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] 38 goals scheduled
+[wp] 19 goals scheduled
[wp] [Qed] Goal typed_f_ensures_qed_ok : Valid
[wp] [Qed] Goal typed_f_x1_ensures_qed_ok : Valid
[wp] [Qed] Goal typed_f_assert_qed_ok : Valid
@@ -25,48 +17,22 @@
[wp] [Alt-Ergo] Goal typed_bhv_complete_neg_pos : Valid
[wp] [Qed] Goal typed_bhv_pos_ensures_qed_ok : Valid
[wp] [Qed] Goal typed_bhv_neg_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_requires_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_ok_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_label_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_label_ensures_qed_ok_2 : Valid
-[wp] [Qed] Goal typed_stmt_contract_assigns_requires_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_assigns_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_assigns_assigns : Valid
-[wp] [Qed] Goal typed_stmt_contract_assigns_ok_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_stmt_contract_assigns_ok_asgn_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_local_named_behavior_xpos_ensures_qed_ok : Valid
-[wp] [Qed] Goal typed_local_named_behavior_xpos_ensures_qed_ok_2 : Valid
[wp] [Alt-Ergo] Goal typed_assert_needed_assert_ko : Unsuccess
[wp] [Qed] Goal typed_assert_needed_assert_qed_ok_ok_with_hyp : Valid
[wp] [Alt-Ergo] Goal typed_bts0513_ensures_ko1 : Unsuccess
[wp] [Alt-Ergo] Goal typed_bts0513_ensures_ko2 : Unsuccess
-[wp] [Alt-Ergo] Goal typed_stmt_assigns_assigns : Unsuccess
-[wp] [Qed] Goal typed_stmt_assigns_ensures : Valid
[wp] [Alt-Ergo] Goal typed_razT_loop_invariant_qed_ok_preserved : Valid
[wp] [Qed] Goal typed_razT_loop_invariant_qed_ok_established : Valid
[wp] [Alt-Ergo] Goal typed_razT_b1_ensures_e1 : Unsuccess
-[wp] [Qed] Goal typed_more_stmt_assigns_blk_assigns_part1 : Valid
-[wp] [Qed] Goal typed_more_stmt_assigns_blk_assigns_part2 : Valid
-[wp] [Qed] Goal typed_more_stmt_assigns_ensures_qed_ok_ok_with_hoare : Valid
-[wp] [Alt-Ergo] Goal typed_part_stmt_bhv_bs_ensures : Unsuccess
-[wp] [Qed] Goal typed_part_stmt_bhv_b1_ensures_qed_ok : Valid
-[wp] Proved goals: 32 / 38
- Qed: 30
- Alt-Ergo: 2 (unsuccess: 6)
+[wp] Proved goals: 15 / 19
+ Qed: 13
+ Alt-Ergo: 2 (unsuccess: 4)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
f 5 - 5 100%
min 4 - 4 100%
bhv 2 1 3 100%
- stmt_contract 3 - 3 100%
- stmt_contract_label 2 - 2 100%
- stmt_contract_assigns 5 - 5 100%
- local_named_behavior 2 - 2 100%
assert_needed 1 - 2 50.0%
bts0513 - - 2 0.0%
- stmt_assigns 1 - 2 50.0%
razT 1 1 3 66.7%
- more_stmt_assigns 3 - 3 100%
- part_stmt_bhv 1 - 2 50.0%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.1.res.oracle b/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.1.res.oracle
index 5d374947a3c5b1bd0c93ca6bebb380b8d10df724..96f2e570799cc06bc40f38809d1252960b9b6b3e 100644
--- a/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.1.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle_qualif/wp_behav.1.res.oracle
@@ -1,26 +1,17 @@
# frama-c -wp -wp-steps 50 [...]
[kernel] Parsing tests/wp/wp_behav.c (with preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp/wp_behav.c:172: Warning:
- Ignored specification 'for b1' (generalize to all behavior)
[wp] Warning: Missing RTE guards
-[wp] tests/wp/wp_behav.c:69: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] 8 goals scheduled
+[wp] 5 goals scheduled
[wp] [Alt-Ergo] Goal typed_f_ensures_qed_ko : Unsuccess
[wp] [Alt-Ergo] Goal typed_f_x1_ensures_qed_ko : Unsuccess
[wp] [Alt-Ergo] Goal typed_f_x2_ensures_qed_ko : Unsuccess
[wp] [Alt-Ergo] Goal typed_min_bx_ensures_qed_ko : Unsuccess
[wp] [Alt-Ergo] Goal typed_min_by_ensures_qed_ko : Unsuccess
-[wp] [Alt-Ergo] Goal typed_stmt_contract_ko_ensures_qed_ko : Unsuccess
-[wp] [Alt-Ergo] Goal typed_stmt_contract_ko_without_asgn_ensures_qed_ko : Unsuccess
-[wp] [Alt-Ergo] Goal typed_stmt_contract_assigns_ko_ensures_qed_ko : Unsuccess
-[wp] Proved goals: 0 / 8
- Alt-Ergo: 0 (unsuccess: 8)
+[wp] Proved goals: 0 / 5
+ Alt-Ergo: 0 (unsuccess: 5)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
f - - 3 0.0%
min - - 2 0.0%
- stmt_contract - - 2 0.0%
- stmt_contract_assigns - - 1 0.0%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle_qualif/wp_call_pre.res.oracle b/src/plugins/wp/tests/wp/oracle_qualif/wp_call_pre.res.oracle
index bad25e7802e2219b75ae036e67603294e2d6093e..5debdb35e27d76887b92edde7d8a21b16cceabcb 100644
--- a/src/plugins/wp/tests/wp/oracle_qualif/wp_call_pre.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle_qualif/wp_call_pre.res.oracle
@@ -1,12 +1,12 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp/wp_call_pre.c (with preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function f, generating default assigns from the prototype
-[kernel] tests/wp/wp_call_pre.c:53: Warning:
+[kernel] tests/wp/wp_call_pre.c:44: Warning:
No code nor implicit assigns clause for function g, generating default assigns from the prototype
[wp] Warning: Missing RTE guards
-[wp] 10 goals scheduled
+[wp] 9 goals scheduled
[wp] [Qed] Goal typed_double_call_call_f_requires_qed_ok_Rf : Valid
[wp] [Alt-Ergo] Goal typed_double_call_call_f_2_requires_qed_ok_Rf : Valid
[wp] [Qed] Goal typed_main_requires_qed_ok_Rmain : Valid
@@ -14,17 +14,15 @@
[wp] [Qed] Goal typed_main_call_f_requires_qed_ok_Rf : Valid
[wp] [Qed] Goal typed_call_main_ensures_qed_ok : Valid
[wp] [Qed] Goal typed_call_main_call_main_requires_qed_ok_Rmain : Valid
-[wp] [Qed] Goal typed_stmt_pre_requires_qed_ok_Rstmt : Valid
[wp] [Qed] Goal typed_call_g_call_g_requires_qed_ok_Rga : Valid
[wp] [Qed] Goal typed_call_g_call_g_requires_Rgb : Valid
-[wp] Proved goals: 10 / 10
- Qed: 9
+[wp] Proved goals: 9 / 9
+ Qed: 8
Alt-Ergo: 1
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
double_call 1 1 2 100%
main 3 - 3 100%
call_main 2 - 2 100%
- stmt_pre 1 - 1 100%
call_g 2 - 2 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/oracle_qualif/wp_strategy.res.oracle b/src/plugins/wp/tests/wp/oracle_qualif/wp_strategy.res.oracle
index 90bb89816b2808947e23ae7a45f9a42897429a66..ebc7f90c4e7957bb9e4d7ecbb0ad0a168ac5415a 100644
--- a/src/plugins/wp/tests/wp/oracle_qualif/wp_strategy.res.oracle
+++ b/src/plugins/wp/tests/wp/oracle_qualif/wp_strategy.res.oracle
@@ -2,50 +2,17 @@
[kernel] Parsing tests/wp/wp_strategy.c (with preprocessing)
[rte] annotating function bts0513
[rte] annotating function bts0513_bis
-[rte] annotating function default_behaviors
-[rte] annotating function dpd1
-[rte] annotating function dpd2
-[rte] annotating function spec_if
-[rte] annotating function spec_if_cond
-[rte] annotating function spec_if_not_cond
[wp] Running WP plugin...
-[wp] 25 goals scheduled
+[wp] 4 goals scheduled
[wp] [Alt-Ergo] Goal hoare_bts0513_ensures_qed_ko_ko1 : Unsuccess
[wp] [Alt-Ergo] Goal hoare_bts0513_ensures_qed_ko_ko2 : Unsuccess
[wp] [Alt-Ergo] Goal hoare_bts0513_bis_assert_qed_ko_ko1 : Unsuccess
[wp] [Qed] Goal hoare_bts0513_bis_assert_qed_ok_ok : Valid
-[wp] [Qed] Goal hoare_dpd1_assert_qed_ok_A : Valid
-[wp] [Alt-Ergo] Goal hoare_dpd1_ensures_qed_ko_Eko : Unsuccess
-[wp] [Qed] Goal hoare_dpd1_assigns : Valid
-[wp] [Alt-Ergo] Goal hoare_dpd2_ensures_qed_ko_Eko : Unsuccess
-[wp] [Qed] Goal hoare_dpd2_assigns : Valid
-[wp] [Qed] Goal hoare_dpd2_assert_qed_ok_A : Valid
-[wp] [Qed] Goal hoare_spec_if_ensures_qed_ok : Valid
-[wp] [Qed] Goal hoare_spec_if_assigns : Valid
-[wp] [Alt-Ergo] Goal hoare_spec_if_assert_rte_signed_overflow : Unsuccess
-[wp] [Qed] Goal hoare_spec_if_assigns_2 : Valid
-[wp] [Alt-Ergo] Goal hoare_spec_if_assert_rte_signed_overflow_2 : Unsuccess
-[wp] [Qed] Goal hoare_spec_if_assigns_3 : Valid
-[wp] [Qed] Goal hoare_spec_if_ensures_qed_ok_2 : Valid
-[wp] [Qed] Goal hoare_spec_if_cond_ensures_qed_ok : Valid
-[wp] [Qed] Goal hoare_spec_if_not_cond_ensures_qed_ok : Valid
-[wp] [Qed] Goal hoare_default_behaviors_ensures_qed_ok_stmt_p : Valid
-[wp] [Qed] Goal hoare_default_behaviors_assert_qed_ok : Valid
-[wp] [Alt-Ergo] Goal hoare_default_behaviors_assert_rte_signed_overflow : Unsuccess
-[wp] [Qed] Goal hoare_default_behaviors_assigns : Valid
-[wp] [Qed] Goal hoare_default_behaviors_ensures_qed_ok : Valid
-[wp] [Qed] Goal hoare_default_behaviors_assert_qed_ok_2 : Valid
-[wp] Proved goals: 17 / 25
- Qed: 17
- Alt-Ergo: 0 (unsuccess: 8)
+[wp] Proved goals: 1 / 4
+ Qed: 1
+ Alt-Ergo: 0 (unsuccess: 3)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
bts0513 - - 2 0.0%
bts0513_bis 1 - 2 50.0%
- dpd1 2 - 3 66.7%
- dpd2 2 - 3 66.7%
- spec_if 5 - 7 71.4%
- spec_if_cond 1 - 1 100%
- spec_if_not_cond 1 - 1 100%
- default_behaviors 5 - 6 83.3%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp/wp_behav.c b/src/plugins/wp/tests/wp/wp_behav.c
index 6c4a0817a643305bd4085888967f286fb2add99c..d7b2326cec400765a45ec2f0170e01631d6095a5 100644
--- a/src/plugins/wp/tests/wp/wp_behav.c
+++ b/src/plugins/wp/tests/wp/wp_behav.c
@@ -55,71 +55,13 @@ int bhv (int x, int n) {
return x/n;
}
-/*@ behavior ok: ensures qed_ok: \result > 0;
- behavior ko: ensures qed_ko: \result > 2;
- behavior ko_without_asgn: ensures qed_ko: \result > Y;
-*/
-int stmt_contract (int c) {
- int x = 0;
- Y = 0;
-
- /*@ requires qed_ok: x == 0;
- @ ensures qed_ok: x > 0;
- */
- if (c)
- x = 3;
- else
- x = 5;
- return x;
-}
-
-//@ ensures qed_ok: \result >= 0;
-int stmt_contract_label (int c) {
- int x = 0;
-
- //@ ensures qed_ok: x >= \old(x);
- if (c) x++;
-
- return x;
-}
-
-/*@ behavior ok: ensures qed_ok: \result > 0;
- behavior ko: ensures qed_ko: \result > 2;
- behavior ok_asgn: ensures qed_ok: \result > Y;
-*/
-int stmt_contract_assigns (int c) {
- int x = 0;
- Y = 0;
-
- /*@ requires qed_ok: x == 0;
- @ ensures qed_ok: x > 0;
- @ assigns qed_ok: asgn_ok: x;
- */
- if (c)
- x = 3;
- else
- x = 5;
- return x;
-}
-
-int local_named_behavior (int x) {
- int y = 3;
- /*@ behavior xpos:
- assumes x > 0;
- ensures qed_ok: x > 3;
- ensures qed_ok: x > y;
- */
- x += y;
- return x;
-}
-
void assert_needed (int x) {
//@ assert ko: x > 0;
int a = 0;
a += x;
//@ assert qed_ok: ok_with_hyp: a > 0;
}
-
+
/* we shouldn't be able to prove ko1 from ko2 and then ko2 from ko1 */
/*@ ensures ko1: \result == x+1;
ensures ko2: \result == x+1;
@@ -128,20 +70,6 @@ int bts0513 (int x) {
return x;
}
-//@ assigns X, Y;
-void unknown (int, int);
-
-//@ ensures \result > X;
-int stmt_assigns (int a) {
- int x = 0;
- int y = 3;
- X = x;
- //@ assigns Y;
- unknown (x, y);
- x = x+1;
- return x;
-}
-
int T[10];
// use Inv as Hyp for Bhp props
@@ -151,32 +79,8 @@ int T[10];
void razT (int n) {
//@ loop invariant qed_ok: \forall int k; 0<= k < i ==> T[k] == 0;
- for (int i = 0; i < n; i++)
+ for (int i = 0; i < n; i++)
T[i] = 0;
}
-//@ ensures qed_ok: ok_with_hoare: T[1] == \old(T[1]);
-int more_stmt_assigns (int x) {
- x = 0;
- //@ behavior blk: assigns qed_ok:x, qed_ok:T[x];
- {
- T[x] = 1;
- x = 1;
- }
- return x;
-}
-/*@ behavior b1:
- assumes x > 0;
- ensures qed_ok: \result > x;
-*/
-int part_stmt_bhv (int x) {
- /*@ //TODO: not implemented yet.
- for b1: behavior bs:
- ensures x > \old(x); */
- if (x > 0)
- x++;
- return x;
-}
-
//==============================================================================
-
diff --git a/src/plugins/wp/tests/wp/wp_call_pre.c b/src/plugins/wp/tests/wp/wp_call_pre.c
index c19283f5d29f29c9f1b83e846928f1228be7160a..857b5f629686bc3537b9b3eb40c6692caae44d76 100644
--- a/src/plugins/wp/tests/wp/wp_call_pre.c
+++ b/src/plugins/wp/tests/wp/wp_call_pre.c
@@ -1,9 +1,8 @@
/* run.config
OPT: -wp-model Hoare -wp-no-simpl -wp-prop Rmain
-OPT: -wp-model Hoare -wp-no-simpl -wp-fct main
+OPT: -wp-model Hoare -wp-no-simpl -wp-fct main
OPT: -wp-model Hoare -wp-no-simpl -wp-prop Rf
OPT: -wp-model Hoare -wp-no-simpl -wp-fct double_call
-OPT: -wp-model Hoare -wp-no-simpl -wp-fct stmt_pre -wp-prop Rstmt
*/
/* run.config_qualif
@@ -40,14 +39,6 @@ int call_main (void) {
return main ();
}
-//@ requires 0 < G;
-int stmt_pre (void) {
- int x = 0;
- //@ requires qed_ok: Rstmt: G > x;
- x = G - x;
- return x;
-}
-
// proving the preconditions on [g] call from the GUI should change the
// status of [g] preconditions since it is the only call.
int call_g (void) {
diff --git a/src/plugins/wp/tests/wp/wp_strategy.c b/src/plugins/wp/tests/wp/wp_strategy.c
index c514347a72a233922e656c26095d63647feea376..258fd478c999f79a898eb2077da01abdc6ee063a 100644
--- a/src/plugins/wp/tests/wp/wp_strategy.c
+++ b/src/plugins/wp/tests/wp/wp_strategy.c
@@ -28,74 +28,3 @@ int bts0513_bis (int x) {
//@ assert qed_ok: ok : x > 0;
return x;
}
-/*----------------------------------------------------------------------------*/
-// Problem of dependencies : we should be able to prove A, and the proof
-// of E shouldn't depend on A !
-
-void dpd1 (int x) {
- //@ ensures qed_ko: Eko: x>0; assigns qed_ok: x;
- ;
- //@ assert qed_ok: A: x>0;
-}
-
-// workaround :
-//@ behavior P:
-void dpd2 (int x) {
- //@ ensures qed_ko: Eko: x>0; assigns qed_ok: x;
- ;
- //@ for P: assert qed_ok: A: x>0;
-}
-//==============================================================================
-// specification of an IF block : notice that the proof of the ensures property
-// shouldn't depend on [spec_if_f] properties.
-
-int Z;
-int T[10];
-
-/*@ assigns T[i]; ensures T[i] > i; */
-void spec_if_f (int i);
-
-//@ ensures qed_ok: T[0] > 0;
-void spec_if (int c0, int c1, int c2) {
- //@ assigns qed_ok: T[0], Z; ensures qed_ok: T[0] > 0;
- if (c0) { spec_if_f (0); } else { T[0] = 5; }
- //@ assigns qed_ok: T[1], Z;
- if (c1) { spec_if_f (1); } else { Z++; }
- //@ assigns qed_ok: T[2], Z;
- if (c2) { spec_if_f (2); } else { Z++; }
-}
-
-//==============================================================================
-// when a IF condition is a negation, the AST doesn't have the same structure !
-//
-void spec_if_cond (int c0) {
- int i;
- //@ ensures qed_ok: i > 0;
- if (c0) { i = 2; } else { i = 1; }
-}
-
-void spec_if_not_cond (int c0) {
- int i;
- //@ ensures qed_ok: i > 0;
- if (!c0) { i = 2; } else { i = 1; }
-}
-
-//==============================================================================
-// Test is unnamed (default) behavior for function and blocks are not mixed
-// together.
-
-//@ requires c == 0 ==> x >= 0; ensures qed_ok: \result > 0;
-int default_behaviors (int c, int x) {
- int y;
-
- //@ ensures qed_ok: stmt_p: x > 0; assigns qed_ok: x;
- if (c) x = 1;
- else {
- //@ assert qed_ok: x >= 0;
- x++;
- }
- y = 0;
- //@ assert qed_ok: x > y;
- return x;
-}
-
diff --git a/src/plugins/wp/tests/wp_acsl/generalized_checks.i b/src/plugins/wp/tests/wp_acsl/generalized_checks.i
index 88b32e9f49a4bfc1c00b532287fa1563153e592e..0c2e2c54ba10b8bc8569f244dd96580121113ee6 100644
--- a/src/plugins/wp/tests/wp_acsl/generalized_checks.i
+++ b/src/plugins/wp/tests/wp_acsl/generalized_checks.i
@@ -72,9 +72,4 @@ void loop () {
*/
for (int i = 0; i< 10; i++);
/*@ check implied_by_false_invariant: j == 10; */
- l: /*@ check invariant \true; */ ;
- if (j >= 10) goto l1;
- j++;
- goto l;
- l1 : ;
}
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
index 564b0922bf517645be26e01bd384ba93f17ec04e..0c033d5c37fae577aebb1c8b28c0890fd146820a 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/axioms.res.oracle
@@ -15,7 +15,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < a_2[shift_sint32(t, i_1)]))).
@@ -37,7 +39,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < a_2[shift_sint32(t, i_1)]))).
@@ -59,7 +63,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)]))).
@@ -78,7 +84,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
+ Have: valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
}
Prove: a <= (1 + b).
@@ -95,7 +103,9 @@ Assume {
(* Goal *)
When: (a <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'Positive' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(0 < a_2[shift_sint32(t, i_2)]))).
@@ -136,7 +146,9 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'Positive' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(0 < havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)]))).
@@ -160,7 +172,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
}
Prove: i <= (1 + b).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
index 9ed2d133feedc53a1329bd81aaf5f4c4960d8e9d..797ebba2d9fe6423da69c8e4c0b9b93448c5f623 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/funvar_inv.1.res.oracle
@@ -16,8 +16,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_27)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[f] = 0. Have: shift_sint32(a, v) = f. }
- Else { Have: global(L_i_27) = f. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_27) = f. }
+ Else { Have: shift_sint32(a, v) = f. }
}
Prove: a_1 = f.
@@ -34,8 +36,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_27)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[f] = 0. Have: shift_sint32(a, v) = f. }
- Else { Have: global(L_i_27) = f. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_27) = f. }
+ Else { Have: shift_sint32(a, v) = f. }
}
Prove: a_1 = f.
@@ -59,9 +63,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_32)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[f2_0] = 0. Have: shift_sint32(a, v) = f2_0.
- }
- Else { Have: global(L_i_32) = f2_0. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_32) = f2_0. }
+ Else { Have: shift_sint32(a, v) = f2_0. }
}
Prove: a_1 = f2_0.
@@ -78,9 +83,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_32)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[f2_0] = 0. Have: shift_sint32(a, v) = f2_0.
- }
- Else { Have: global(L_i_32) = f2_0. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_32) = f2_0. }
+ Else { Have: shift_sint32(a, v) = f2_0. }
}
Prove: a_1 = f2_0.
@@ -104,8 +110,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_37)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[g] = 0. Have: shift_sint32(a, v) = g. }
- Else { Have: global(L_i_37) = g. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_37) = g. }
+ Else { Have: shift_sint32(a, v) = g. }
}
Prove: a_1 = g.
@@ -122,8 +130,10 @@ Assume {
(* Initializer *)
Init: Mint_0[global(L_i_37)] = 0.
If v <= 3
- Then { (* Else *) Have: Mint_0[g] = 0. Have: shift_sint32(a, v) = g. }
- Else { Have: global(L_i_37) = g. }
+ Then { (* Else *) Have: Mint_0[shift_sint32(a, v)] = 0. }
+ If 4 <= v
+ Then { Have: global(L_i_37) = g. }
+ Else { Have: shift_sint32(a, v) = g. }
}
Prove: a_1 = g.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
index d3f8259be9d299489b8ec49ccfac1bf68ef51b21..65a87c92522e55733522c0af3f53df5f0ad1680f 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/generalized_checks.res.oracle
@@ -1,13 +1,7 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_acsl/generalized_checks.i (no preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp_acsl/generalized_checks.i:68: Warning:
- Unsupported generalized invariant, use loop invariant instead.
- Ignored invariant
- check invariant \true;
[wp] Warning: Missing RTE guards
-[wp] tests/wp_acsl/generalized_checks.i:75: Warning:
- Missing assigns clause (assigns 'everything' instead)
------------------------------------------------------------
Axiomatic 'Th'
------------------------------------------------------------
@@ -36,7 +30,9 @@ Goal Post-condition 'R1,ko' in 'caller':
Assume {
Type: is_sint32(caller_0) /\ is_sint32(x).
(* Pre-condition *)
- Have: P_A(x) /\ P_CA1(x).
+ Have: P_A(x).
+ (* Pre-condition *)
+ Have: P_CA1(x).
(* Call 'job' *)
Have: P_B(caller_0).
}
@@ -48,7 +44,9 @@ Goal Post-condition 'R2,ko' in 'caller':
Assume {
Type: is_sint32(caller_0) /\ is_sint32(x).
(* Pre-condition *)
- Have: P_A(x) /\ P_CA1(x).
+ Have: P_A(x).
+ (* Pre-condition *)
+ Have: P_CA1(x).
(* Call 'job' *)
Have: P_B(caller_0).
}
@@ -86,7 +84,13 @@ Prove: true.
Goal Instance of 'Pre-condition 'CA2,ko' in 'job'' in 'caller' at call 'job' (file tests/wp_acsl/generalized_checks.i, line 65)
:
-Assume { Type: is_sint32(x). (* Pre-condition *) Have: P_A(x) /\ P_CA1(x). }
+Assume {
+ Type: is_sint32(x).
+ (* Pre-condition *)
+ Have: P_A(x).
+ (* Pre-condition *)
+ Have: P_CA1(x).
+}
Prove: P_CA2(x).
------------------------------------------------------------
@@ -98,7 +102,7 @@ Goal Post-condition 'B' in 'job':
Let x_1 = L_F(x).
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
- (* Pre-condition *)
+ (* Pre-condition 'A' *)
Have: P_A(x).
}
Prove: P_B(x_1).
@@ -109,7 +113,7 @@ Goal Post-condition 'CB1' in 'job':
Let x_1 = L_F(x).
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
- (* Pre-condition *)
+ (* Pre-condition 'A' *)
Have: P_A(x).
}
Prove: P_CB1(x_1).
@@ -120,7 +124,7 @@ Goal Post-condition 'CB2,ko' in 'job':
Let x_1 = L_F(x).
Assume {
Type: is_sint32(x) /\ is_sint32(x_1).
- (* Pre-condition *)
+ (* Pre-condition 'A' *)
Have: P_A(x).
}
Prove: P_CB2(x_1).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/inductive.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/inductive.res.oracle
index 5a0fc4b056cc4d4e20fa1c9abef0dcf5cf6072f2..f7adb24d1e712d83b3051760e771795e5d040948 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/inductive.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/inductive.res.oracle
@@ -22,9 +22,9 @@ theory Compound
(* use frama_c_wp.memory.Memory *)
- function shift_sint32 (p:addr) (k:int) : addr = shift p k
-
function shiftfield_F1__list_next (p:addr) : addr = shift p 1
+
+ function shift_sint32 (p:addr) (k:int) : addr = shift p k
end
[wp:print-generated]
theory WP
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
index 561960415e8a3401df1992fd4014df08b9044e52..aca8b840d48a157a56bd7236264d137a834fd6e3 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/init_label.res.oracle
@@ -38,7 +38,7 @@ Assume {
Init: A_1[2] = 12.
(* Initializer *)
Init: forall i : Z. ((3 <= i) -> ((i <= 19) -> (A_1[i] = 0))).
- (* Pre-condition *)
+ (* Pre-condition 'Init' *)
Have: EqArray_int(20, A, A_1).
}
Prove: x = 12.
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
index e5f7a31927d9ed2a7c9a339391f8b75c53ce00c9..84f53ddd896150e1a14afc13b6c96b632de323a1 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/logic.res.oracle
@@ -5,34 +5,34 @@
[wp] tests/wp_acsl/logic.i:65: Warning:
Cast with incompatible pointers types (source: __anonstruct_Buint_4*)
(target: uint32*)
-[wp] tests/wp_acsl/logic.i:49: Warning:
+[wp] tests/wp_acsl/logic.i:62: Warning:
+ Logic cast to struct (Tint2) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:61: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:60: Warning:
+ Logic cast to sized array (int [2]) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:59: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:58: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:57: Warning:
+ Logic cast to sized array (Triangle) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:56: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:55: Warning:
+ Logic cast to struct (Buint) from (unsigned int) not implemented yet
+[wp] tests/wp_acsl/logic.i:54: Warning:
+ Logic cast from struct (Buint) not implemented yet
+[wp] tests/wp_acsl/logic.i:53: Warning:
Logic cast from struct (Tint2) not implemented yet
-[wp] tests/wp_acsl/logic.i:50: Warning:
+[wp] tests/wp_acsl/logic.i:52: Warning:
Logic cast from struct (Point) not implemented yet
[wp] tests/wp_acsl/logic.i:51: Warning:
Logic cast to struct (Point) from (int [2]) not implemented yet
-[wp] tests/wp_acsl/logic.i:52: Warning:
+[wp] tests/wp_acsl/logic.i:50: Warning:
Logic cast from struct (Point) not implemented yet
-[wp] tests/wp_acsl/logic.i:53: Warning:
+[wp] tests/wp_acsl/logic.i:49: Warning:
Logic cast from struct (Tint2) not implemented yet
-[wp] tests/wp_acsl/logic.i:54: Warning:
- Logic cast from struct (Buint) not implemented yet
-[wp] tests/wp_acsl/logic.i:55: Warning:
- Logic cast to struct (Buint) from (unsigned int) not implemented yet
-[wp] tests/wp_acsl/logic.i:56: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:57: Warning:
- Logic cast to sized array (Triangle) from (int [6]) not implemented yet
-[wp] tests/wp_acsl/logic.i:58: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:59: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:60: Warning:
- Logic cast to sized array (int [2]) from (int [6]) not implemented yet
-[wp] tests/wp_acsl/logic.i:61: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:62: Warning:
- Logic cast to struct (Tint2) from (int [6]) not implemented yet
------------------------------------------------------------
Function h
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
index c4c9cd16d8a6f2fab6c268ab7db6f9a08b92b855..68d943f582170a3d187c3cb44229cd352dd0d7f1 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/looplabels.res.oracle
@@ -14,8 +14,13 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
- valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
+ Have: 0 < n.
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_2, n).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: separated(a_2, n, a_1, n).
(* Invariant *)
Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
(* Invariant *)
@@ -35,8 +40,13 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
- valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
+ Have: 0 < n.
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_2, n).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: separated(a_2, n, a_1, n).
(* Invariant *)
Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
(* Invariant *)
@@ -63,8 +73,13 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 < n) /\ valid_rw(Malloc_0, a_3, n) /\
- valid_rw(Malloc_0, a_1, n) /\ separated(a_3, n, a_1, n).
+ Have: 0 < n.
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_3, n).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: separated(a_3, n, a_1, n).
(* Invariant *)
Have: P_IsEqual(a_2, a, b, i).
(* Invariant *)
@@ -84,8 +99,13 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 < n) /\ valid_rw(Malloc_0, a_1, n) /\
- valid_rw(Malloc_0, a_2, n) /\ separated(a_1, n, a_2, n).
+ Have: 0 < n.
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_2, n).
+ (* Pre-condition *)
+ Have: separated(a_1, n, a_2, n).
}
Prove: P_IsEqual(Mint_0, a, b, 0).
@@ -108,8 +128,13 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
- Have: (0 < n) /\ valid_rw(Malloc_0, a_2, n) /\
- valid_rw(Malloc_0, a_1, n) /\ separated(a_2, n, a_1, n).
+ Have: 0 < n.
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_2, n).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: separated(a_2, n, a_1, n).
(* Invariant *)
Have: P_IsEqual(havoc(Mint_undef_0, Mint_0, a_1, n), a, b, i).
(* Invariant *)
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/opaque_struct.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/opaque_struct.res.oracle
index a5c5cf0e1819ac3fab3eb01794a33294e13656aa..d4c7697396c0754d0efbf5e6a48a36d31a20260f 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/opaque_struct.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/opaque_struct.res.oracle
@@ -114,7 +114,9 @@ Assume {
(* Heap *)
Type: (region(p.base) <= 0) /\ linked(Malloc_0) /\ cinits(Init_0).
(* Pre-condition *)
- Have: IsInit_S1_S(p, Init_0) /\ valid_rw(Malloc_0, p, Length_of_S1_S).
+ Have: IsInit_S1_S(p, Init_0).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, p, Length_of_S1_S).
(* Call Effects *)
Have: monotonic_init(Init_0, a).
}
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
index 430cdc96add4646c44083c74bfc1b93928ca43d1..69a2b9021efb45839f7333b636e176cd5d50b1cb 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/reads.res.oracle
@@ -10,7 +10,11 @@ Goal Post-condition 'qed_ok' in 'f':
Assume {
Type: is_sint32(x) /\ is_sint32(y).
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= y) /\ (x <= 10) /\ (y <= 10) /\ P_Q(y, x).
+ Have: P_Q(y, x).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (x <= 10).
+ (* Pre-condition *)
+ Have: (0 <= y) /\ (y <= 10).
}
Prove: P_Q(1 + y, 1 + x).
@@ -20,17 +24,20 @@ Prove: P_Q(1 + y, 1 + x).
------------------------------------------------------------
Goal Post-condition 'qed_ok' in 'g':
-Let x = Mint_0[u].
-Let x_1 = Mint_0[v].
-Let m = Mint_0[u <- 1 + x].
+Let x = Mint_0[v].
+Let x_1 = Mint_0[u].
+Let m = Mint_0[u <- 1 + x_1].
Let x_2 = m[v].
Assume {
- Type: is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2).
+ Type: is_sint32(x_1) /\ is_sint32(x) /\ is_sint32(x_2).
(* Heap *)
Type: (region(u.base) <= 0) /\ (region(v.base) <= 0).
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 10) /\ (x_1 <= 10) /\
- P_P(Mint_0, u, v).
+ Have: P_P(Mint_0, u, v).
+ (* Pre-condition *)
+ Have: (0 <= x_1) /\ (x_1 <= 10).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (x <= 10).
}
Prove: P_P(m[v <- 1 + x_2], u, v).
@@ -49,7 +56,7 @@ Assume {
Type: is_sint32(x).
(* Heap *)
Type: is_sint32(y).
- (* Pre-condition *)
+ (* Pre-condition 'H' *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
Prove: P_g(1 + x).
@@ -61,7 +68,7 @@ Assume {
Type: is_sint32(x).
(* Heap *)
Type: is_sint32(y).
- (* Pre-condition *)
+ (* Pre-condition 'H' *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
Prove: P_h(y, 1 + x).
@@ -73,7 +80,7 @@ Assume {
Type: is_sint32(x).
(* Heap *)
Type: is_sint32(y).
- (* Pre-condition *)
+ (* Pre-condition 'H' *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
Prove: P_w(y, 1 + x).
@@ -98,7 +105,7 @@ Assume {
Type: is_sint32(y).
(* Heap *)
Type: is_sint32(x).
- (* Pre-condition *)
+ (* Pre-condition 'H' *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
Prove: P_h(1 + y, x).
@@ -110,7 +117,7 @@ Assume {
Type: is_sint32(y).
(* Heap *)
Type: is_sint32(x).
- (* Pre-condition *)
+ (* Pre-condition 'H' *)
Have: P_f /\ P_g(x) /\ P_h(y, x) /\ P_w(y, x).
}
Prove: P_w(1 + y, x).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
index f4bf9c3fb0ee68f5f3174bd207003e8881f3eb04..178e47f5501761f3b9f4e8f5cb9e23eaee7df9cb 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle/simpl_is_type.res.oracle
@@ -209,9 +209,10 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < size_0) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
- (Mint_0[shift_sint32(t, i_2)] < 0)))).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
+ (Mint_0[shift_sint32(t, i_2)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
(* Invariant *)
Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
(a_1[shift_sint32(t, i_2)] < 0))).
@@ -234,9 +235,10 @@ Assume {
(* Heap *)
Type: region(t.base) <= 0.
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
- (Mint_0[shift_sint32(t, i_1)] < 0)))).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
+ (Mint_0[shift_sint32(t, i_1)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
(* Invariant *)
Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
(a[shift_sint32(t, i_1)] < 0))).
@@ -269,9 +271,10 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
- (Mint_0[shift_sint32(t, i_2)] < 0)))).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
+ (Mint_0[shift_sint32(t, i_2)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
(* Invariant *)
Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
(a[shift_sint32(t, i_2)] < 0))).
@@ -304,9 +307,10 @@ Assume {
(* Goal *)
When: (i_1 < size_0) /\ (i < i_1) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
- (Mint_0[shift_sint32(t, i_2)] < 0)))).
+ Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < size_0) ->
+ (Mint_0[shift_sint32(t, i_2)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
(* Invariant *)
Have: forall i_2 : Z. ((i <= i_2) -> ((i_2 < size_0) ->
(a[shift_sint32(t, i_2)] < 0))).
@@ -330,9 +334,10 @@ Assume {
(* Goal *)
When: (0 <= i) /\ (i < size_0) /\ is_sint32(i).
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
- (Mint_0[shift_sint32(t, i_1)] < 0)))).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
+ (Mint_0[shift_sint32(t, i_1)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
}
Prove: Mint_0[shift_sint32(t, i)] < 0.
@@ -355,9 +360,10 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
- Have: (0 < size_0) /\
- (forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
- (Mint_0[shift_sint32(t, i_1)] < 0)))).
+ Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < size_0) ->
+ (Mint_0[shift_sint32(t, i_1)] < 0))).
+ (* Pre-condition *)
+ Have: 0 < size_0.
(* Invariant *)
Have: forall i_1 : Z. ((i <= i_1) -> ((i_1 < size_0) ->
(a_1[shift_sint32(t, i_1)] < 0))).
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
index 5ab67d884fd17c3d2e9f352df274bc25ae478da1..99a33fee77212dd66f117cf324e5a8a81eb05983 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/generalized_checks.res.oracle
@@ -1,13 +1,7 @@
# frama-c -wp -wp-timeout 1 [...]
[kernel] Parsing tests/wp_acsl/generalized_checks.i (no preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp_acsl/generalized_checks.i:68: Warning:
- Unsupported generalized invariant, use loop invariant instead.
- Ignored invariant
- check invariant \true;
[wp] Warning: Missing RTE guards
-[wp] tests/wp_acsl/generalized_checks.i:75: Warning:
- Missing assigns clause (assigns 'everything' instead)
[wp] 21 goals scheduled
[wp] [Alt-Ergo] Goal typed_check_lemma_C_ko : Unsuccess
[wp] [Alt-Ergo] Goal typed_lemma_L_ko : Unsuccess
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/logic.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/logic.res.oracle
index 7c60acbc6bc552e898b693a4c1dff4beba722107..0b937a8f35ea2ae709163a371affd3a519cad9f5 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/logic.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/logic.res.oracle
@@ -5,34 +5,34 @@
[wp] tests/wp_acsl/logic.i:65: Warning:
Cast with incompatible pointers types (source: __anonstruct_Buint_4*)
(target: uint32*)
-[wp] tests/wp_acsl/logic.i:49: Warning:
+[wp] tests/wp_acsl/logic.i:62: Warning:
+ Logic cast to struct (Tint2) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:61: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:60: Warning:
+ Logic cast to sized array (int [2]) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:59: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:58: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:57: Warning:
+ Logic cast to sized array (Triangle) from (int [6]) not implemented yet
+[wp] tests/wp_acsl/logic.i:56: Warning:
+ Logic cast from struct (Tint6) not implemented yet
+[wp] tests/wp_acsl/logic.i:55: Warning:
+ Logic cast to struct (Buint) from (unsigned int) not implemented yet
+[wp] tests/wp_acsl/logic.i:54: Warning:
+ Logic cast from struct (Buint) not implemented yet
+[wp] tests/wp_acsl/logic.i:53: Warning:
Logic cast from struct (Tint2) not implemented yet
-[wp] tests/wp_acsl/logic.i:50: Warning:
+[wp] tests/wp_acsl/logic.i:52: Warning:
Logic cast from struct (Point) not implemented yet
[wp] tests/wp_acsl/logic.i:51: Warning:
Logic cast to struct (Point) from (int [2]) not implemented yet
-[wp] tests/wp_acsl/logic.i:52: Warning:
+[wp] tests/wp_acsl/logic.i:50: Warning:
Logic cast from struct (Point) not implemented yet
-[wp] tests/wp_acsl/logic.i:53: Warning:
+[wp] tests/wp_acsl/logic.i:49: Warning:
Logic cast from struct (Tint2) not implemented yet
-[wp] tests/wp_acsl/logic.i:54: Warning:
- Logic cast from struct (Buint) not implemented yet
-[wp] tests/wp_acsl/logic.i:55: Warning:
- Logic cast to struct (Buint) from (unsigned int) not implemented yet
-[wp] tests/wp_acsl/logic.i:56: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:57: Warning:
- Logic cast to sized array (Triangle) from (int [6]) not implemented yet
-[wp] tests/wp_acsl/logic.i:58: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:59: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:60: Warning:
- Logic cast to sized array (int [2]) from (int [6]) not implemented yet
-[wp] tests/wp_acsl/logic.i:61: Warning:
- Logic cast from struct (Tint6) not implemented yet
-[wp] tests/wp_acsl/logic.i:62: Warning:
- Logic cast to struct (Tint2) from (int [6]) not implemented yet
[wp] 21 goals scheduled
[wp] [Alt-Ergo] Goal typed_h_ensures : Valid
[wp] [Qed] Goal typed_h_assigns_exit : Valid
diff --git a/src/plugins/wp/tests/wp_bts/bts_2110.i b/src/plugins/wp/tests/wp_bts/bts_2110.i
index 807a50f5053ba69291bc3408ccd85bad69fb88a7..c3e92f41a345f65ee05065f318116fe741cf69c1 100644
--- a/src/plugins/wp/tests/wp_bts/bts_2110.i
+++ b/src/plugins/wp/tests/wp_bts/bts_2110.i
@@ -8,30 +8,23 @@
*/
struct FD {
- int pos;
- int *adr;
+ int pos;
+ int *adr;
};
struct A { int dummy; };
/*@
- //requires \valid(fd);
- //requires \valid(a);
- //requires \separated(a,fd);
- assigns fd->pos;
- assigns *a;
- ensures fd->pos != \old(fd->pos);
+ assigns fd->pos;
+ assigns *a;
+ ensures fd->pos != \old(fd->pos);
*/
int myRead(struct FD* fd,struct A* a);
/*@
- //requires \valid(fd);
- //requires \valid(a);
- //requires \separated(a,fd);
- ensures KO: *a == \old(*a);
+ ensures KO: *a == \old(*a);
*/
void myMain(struct FD* fd,struct A* a)
{
- //@ assigns KO: *a;
- myRead(fd,a);
+ myRead(fd,a);
}
diff --git a/src/plugins/wp/tests/wp_bts/issue_141.i b/src/plugins/wp/tests/wp_bts/issue_141.i
deleted file mode 100644
index 10dfcd1a1e22a9f81272ff07eb66289f539774a9..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/issue_141.i
+++ /dev/null
@@ -1,29 +0,0 @@
-/* run.config
- OPT: -wp-rte -wp -wp-steps 50
-*/
-/* run.config_qualif
- DONTRUN:
-*/
-
-typedef struct list { struct list *next; };
-struct list *cur;
-
-volatile int nondet;
-
-void f(int i) {}
-
-int main() {
- int bla = -1;
- reset:
- if (nondet) f(bla);
- while (nondet) {
- if (nondet) goto reset;
- if (nondet) goto exit;
- }
- goto reset;
- exit:
- while (nondet) {
- cur = cur->next;
- }
- return 0;
-}
diff --git a/src/plugins/wp/tests/wp_bts/issue_259.i b/src/plugins/wp/tests/wp_bts/issue_259.i
new file mode 100644
index 0000000000000000000000000000000000000000..9924b6e38ed265c28354ca667d7b0b642c6e60f7
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/issue_259.i
@@ -0,0 +1,12 @@
+/*@ assigns \nothing; */
+int f(int *p) { return *p; }
+
+/*@ assigns \nothing; */
+int g(int *p, int c) {
+ switch (c) {
+ case 0:
+ if (f(p)) return 1;
+ default:
+ return 0;
+ }
+}
diff --git a/src/plugins/wp/tests/wp_bts/issue_453.i b/src/plugins/wp/tests/wp_bts/issue_453.i
deleted file mode 100644
index af0f2ff6923102bb739f9a1e4dea959577172ac0..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/issue_453.i
+++ /dev/null
@@ -1,35 +0,0 @@
-typedef unsigned T;
-T incr_value;
-
-//@ axiomatic A { predicate Incr(T x, T r) = r == x + incr_value; }
-
-/*@ assigns \nothing;
- @ ensures Incr(x, \result);
- @ */
-T incr(T x);
-
-// Was KO before the fix of #453
-void f1(T i) {
- /*@ loop assigns i;
- @*/
- while (i<10) {
- /*@ assigns i ;
- ensures Sincr: Incr(\old(i), i);
- */
- i = incr(i);
- }
-}
-
-// Was OK before the fix of #453
-void f2(T i) {
- /*@ loop assigns i;
- @*/
- while (i<10) {
- //@ ghost A: ;
- /*@ assigns i ;
- ensures Sincr: Incr(\old(i), i);
- */
- i = incr(i);
- //@ ghost B: ;
- }
-}
diff --git a/src/plugins/wp/tests/wp_bts/issue_pub_49.i b/src/plugins/wp/tests/wp_bts/issue_pub_49.i
new file mode 100644
index 0000000000000000000000000000000000000000..13edc0d932a2141501f9b150281124a13fddeadf
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/issue_pub_49.i
@@ -0,0 +1,90 @@
+/*
+ Postcondition postcs of function caller1 is proven (fixed value for codeCursor) while codeCursor may be updated in function is_class.
+ Similar issue for caller2.
+ Hint: proof not achieved when instruction at label_useless_cond is removed as in caller3.
+ Hint: proof not achieved when t3 is not declared in the block as in caller4.
+ Used command to run the proof:
+ frama-c-gui assigns_postconditions.c -wp -wp-check-memory-model -wp-rte
+*/
+
+
+
+int codeCursor;
+
+/*@
+ assigns codeCursor;
+*/
+int is_class(void){
+ if (codeCursor < 10)
+ codeCursor++;
+ return 0;
+}
+
+
+/*@
+ assigns codeCursor;
+ ensures postcs: codeCursor == \old(codeCursor);
+*/
+int caller1(void){
+ int t1=1;
+ int t2=0;
+ int t3;
+
+ label_useless_cond: if (t1 == 7) return 1;
+
+ label_cond_1: if (t2 == 0) {int t3 = is_class(); return t3;}
+ //label_cond_2:if (t2 == 0) {t3 = is_class(); return t3;}
+ else return is_class();
+}
+
+
+/*@
+ assigns codeCursor;
+ ensures postcs: codeCursor == \old(codeCursor);
+*/
+int caller2(void){
+ int t1=1;
+ int t2=0;
+ int t3;
+
+ label_useless_cond: if (t1 == 7) return 1;
+
+ label_cond_1: if (t2 == 0) {return is_class();}
+ //label_cond_2:if (t2 == 0) {t3 = is_class(); return t3;}
+ else return is_class();
+}
+
+
+/*@
+ assigns codeCursor;
+ ensures postcs: codeCursor == \old(codeCursor);
+*/
+int caller3(void){
+ int t1=1;
+ int t2=0;
+ int t3;
+
+ //label_useless_cond: if (t1 == 7) return 1;
+
+ label_cond_1: if (t2 == 0) {int t3 = is_class(); return t3;}
+ //label_cond_2:if (t2 == 0) {t3 = is_class(); return t3;}
+ else return is_class();
+}
+
+
+/*@
+ assigns codeCursor;
+ ensures postcs: codeCursor == \old(codeCursor);
+*/
+int caller4(void){
+ int t1=1;
+ int t2=0;
+ int t3;
+
+ label_useless_cond: if (t1 == 7) return 1;
+
+ //label_cond_1: if (t2 == 0) {int t3 = is_class(); return t3;}
+ label_cond_2:if (t2 == 0) {t3 = is_class(); return t3;}
+ else return is_class();
+}
+
diff --git a/src/plugins/wp/tests/wp_bts/nupw-bcl-bts1120.i b/src/plugins/wp/tests/wp_bts/nupw-bcl-bts1120.i
index fff780f8692d1289b79d59d6c01c41a08d87e8d5..a10cc5ea417526542e3bc99c8e8ba7dca88ecbad 100644
--- a/src/plugins/wp/tests/wp_bts/nupw-bcl-bts1120.i
+++ b/src/plugins/wp/tests/wp_bts/nupw-bcl-bts1120.i
@@ -1,21 +1,12 @@
/* run.config_qualif
- OPT: -wp -wp-par 1 -wp-fct "g,unreachable_smt_with_contract"
+ OPT: -wp-fct "g"
*/
/*@ axiomatic ax {
@ predicate ExitF(integer x);
@ predicate ExitP(integer x);
- @ predicate Exit1(integer x);
-
@ predicate PostF(integer x);
- @ predicate PostP(integer x);
- @ predicate Post1(integer x);
-
- @ predicate P(integer x);
- @ predicate PreF(integer x);
- @ predicate Pre(integer x);
- @ predicate Pre1(integer x);
} */
//@ assigns \nothing; ensures PostF(x); exits ExitF(x) ;
@@ -30,37 +21,3 @@ void g (int max) {
tmp ++;
}
}
-
-//@ requires ok: x > 0 ; assigns \nothing;
-extern int f_with_precond (int x);
-
-// corrected.
-//@ requires PostP(max); ensures ok: PostP(max);
-void unreachable_smt_with_contract (int max) {
- int tmp = f_with_precond(1);
- goto L;
- //@ requires ok: Pre1(max); assigns ok: tmp; ensures ok: Post1(max); exits ok: Exit1(max);
- tmp = f_with_precond(-2);
- //@ assert ok: P(tmp);
- tmp=3;
- L:;
-}
-
-//@ assigns \nothing; exits never: \false;
-int f_no_exit(int) ;
-
-// corrected in stronger the PO (e1 is forgotten and is not provable *)
-//@ exits e:ExitP(0);
-int cfg_domination_problem (int max) {
- int tmp=1;
- if (max) {
- tmp=f_no_exit(tmp);
- goto L;
- }
- //@ assigns tmp; exits e1:ExitP(max);
- {
- tmp=f(max);
- L: tmp=3;
- }
- return tmp;
-}
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
index 7c44e0c9ee57925c84a2e57dd1e15ff1a96f603f..302dea80e02e48a5b7f55a4847045982d7fee12d 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_1360.res.oracle
@@ -17,7 +17,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (b != a) /\ valid_rd(Malloc_0, b, 1) /\ valid_rw(Malloc_0, a, 1).
+ Have: valid_rd(Malloc_0, b, 1) /\ valid_rw(Malloc_0, a, 1).
+ (* Pre-condition *)
+ Have: b != a.
}
Prove: valid_rd(Malloc_0, a, 1).
@@ -62,7 +64,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (b != a) /\ valid_rd(Malloc_0, a, 1) /\ valid_rd(Malloc_0, b, 1).
+ Have: valid_rd(Malloc_0, a, 1) /\ valid_rd(Malloc_0, b, 1).
+ (* Pre-condition *)
+ Have: b != a.
}
Prove: valid_rw(Malloc_0, a, 1).
diff --git a/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
index ccaf0802ca728955534bc9243cd74a446b58e60b..29356cc19ac00c18539f191f8aff775a43c78808 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/bts_2110.res.oracle
@@ -2,7 +2,7 @@
[kernel] Parsing tests/wp_bts/bts_2110.i (no preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-[wp] 2 goals scheduled
+[wp] 1 goal scheduled
---------------------------------------------
--- Context 'typed_myMain' Cluster 'S2_A'
---------------------------------------------
@@ -50,8 +50,6 @@ theory Compound
(* use frama_c_wp.memory.Memory *)
- function shiftfield_F1_FD_pos (p:addr) : addr = shift p 0
-
function shiftfield_F2_A_dummy (p:addr) : addr = shift p 0
(* use S2_A *)
@@ -59,6 +57,8 @@ theory Compound
function Load_S2_A (p:addr) (mint:addr -> int) : S2_A =
S2_A1 (get mint (shiftfield_F2_A_dummy p))
+ function shiftfield_F1_FD_pos (p:addr) : addr = shift p 0
+
Q_Load_S2_A_update_Mint0 :
forall mint:addr -> int, p:addr, q:addr, v:int
[Load_S2_A p (set mint q v)].
@@ -95,43 +95,17 @@ end
(* use frama_c_wp.memory.Memory *)
- (* use S2_A *)
-
- (* use Compound *)
-
- goal wp_goal :
- forall t:addr -> int, t1:addr -> int, a:addr.
- let a1 = Load_S2_A a t in
- let a2 = Load_S2_A a (havoc t1 t a 1) in
- region (base a) <= 0 -> IsS2_A a1 -> IsS2_A a2 -> EqS2_A a2 a1
- end
-[wp:print-generated]
- theory WP1
- (* use why3.BuiltIn.BuiltIn *)
-
- (* use bool.Bool *)
-
- (* use int.Int *)
-
- (* use int.ComputerDivision *)
-
- (* use real.RealInfix *)
-
- (* use frama_c_wp.qed.Qed *)
-
- (* use map.Map *)
-
- (* use frama_c_wp.memory.Memory *)
-
(* use Compound *)
goal wp_goal :
- forall t:int -> int, t1:addr -> int, a:addr, a1:addr, i:int.
+ forall t:addr -> int, t1:addr -> int, a:addr, a1:addr, i:int.
let a2 = shiftfield_F1_FD_pos a1 in
- let x = get t1 a2 in
+ let x = get t a2 in
+ let a3 = Load_S2_A a t in
+ let a4 = Load_S2_A a (set (havoc t1 t a 1) a2 i) in
not x = i ->
region (base a1) <= 0 ->
region (base a) <= 0 ->
- linked t -> is_sint32 i -> is_sint32 x -> not invalid t a2 1 -> a2 = a
+ is_sint32 i -> IsS2_A a3 -> is_sint32 x -> IsS2_A a4 -> EqS2_A a4 a3
end
-[wp] 2 goals generated
+[wp] 1 goal generated
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_141.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_141.res.oracle
deleted file mode 100644
index 9dd3dd748e7ee050326d660ce198563a2c639db4..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_141.res.oracle
+++ /dev/null
@@ -1,10 +0,0 @@
-# frama-c -wp -wp-rte -wp-steps 50 [...]
-[kernel] Parsing tests/wp_bts/issue_141.i (no preprocessing)
-[wp] Running WP plugin...
-[rte] annotating function f
-[rte] annotating function main
-[wp] tests/wp_bts/issue_141.i:18: Warning:
- calculus failed on strategy
- for 'main', behavior 'default!', all properties, both assigns or not because
- unsupported strange loop(s). (abort)
-[wp] No proof obligations
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_259.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_259.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..69d2e2143a0e16b80b7360473f5b2bddde6c3968
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_259.res.oracle
@@ -0,0 +1,54 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_bts/issue_259.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function f
+------------------------------------------------------------
+
+Goal Assigns nothing in 'f':
+Effect at line 2
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function g
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g' (1/5):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g' (2/5):
+Call Result at line 8
+Tags: Case 0.
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g' (3/5):
+Effect at line 8
+Tags: Case 0.
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g' (4/5):
+Effect at line 10
+Tags: Case 0.
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns nothing in 'g' (5/5):
+Effect at line 10
+Tags: Default.
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_453.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_453.res.oracle
deleted file mode 100644
index 9c1dde973cc4e3eb98f278b9b5e659b8b357387b..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_453.res.oracle
+++ /dev/null
@@ -1,46 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_bts/issue_453.i (no preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-------------------------------------------------------------
- Function f1
-------------------------------------------------------------
-
-Goal Loop assigns (file tests/wp_bts/issue_453.i, line 13):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f1 with behavior default_for_stmt_7
-------------------------------------------------------------
-
-Goal Post-condition 'Sincr' at call 'incr' (file tests/wp_bts/issue_453.i, line 19):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp_bts/issue_453.i, line 16) at call 'incr' (file tests/wp_bts/issue_453.i, line 19):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f2
-------------------------------------------------------------
-
-Goal Loop assigns (file tests/wp_bts/issue_453.i, line 25):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f2 with behavior default_for_stmt_17
-------------------------------------------------------------
-
-Goal Post-condition 'Sincr' at call 'incr' (file tests/wp_bts/issue_453.i, line 32):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp_bts/issue_453.i, line 29) at call 'incr' (file tests/wp_bts/issue_453.i, line 32):
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
index 3e0d3075cbff6ee167291580f18d5b1bd7d0c17b..b9f3d2dba058dd1563df40fac03437a37c36cf28 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_508.res.oracle
@@ -17,8 +17,11 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, shiftfield_F1_size(shift_S1(a, x)), 1).
(* Pre-condition *)
- Have: (0 <= d) /\ (d <= 16) /\ valid_rw(Malloc_0, tbl_0, 35) /\
- valid_rw(Malloc_0, shift_S1(a, 0), 34).
+ Have: valid_rw(Malloc_0, tbl_0, 35).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, shift_S1(a, 0), 34).
+ (* Pre-condition *)
+ Have: (0 <= d) /\ (d <= 16).
}
Prove: (x <= d) /\ (d <= x).
diff --git a/src/plugins/wp/tests/wp_bts/oracle/issue_pub_49.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/issue_pub_49.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..3ca32f21c6c0ecb55a1c9efda7fa8bcae14ca239
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/oracle/issue_pub_49.res.oracle
@@ -0,0 +1,208 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_bts/issue_pub_49.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+------------------------------------------------------------
+ Function caller1
+------------------------------------------------------------
+
+Goal Post-condition 'postcs' in 'caller1':
+Assume { Type: is_sint32(codeCursor_1) /\ is_sint32(codeCursor_0). }
+Prove: codeCursor_0 = codeCursor_1.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (1/6):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (2/6):
+Effect at line 33
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (3/6):
+Call Result at line 35
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (4/6):
+Effect at line 35
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (5/6):
+Call Result at line 37
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 25) in 'caller1' (6/6):
+Effect at line 37
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function caller2
+------------------------------------------------------------
+
+Goal Post-condition 'postcs' in 'caller2':
+Assume { Type: is_sint32(codeCursor_1) /\ is_sint32(codeCursor_0). }
+Prove: codeCursor_0 = codeCursor_1.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (1/6):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (2/6):
+Effect at line 50
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (3/6):
+Call Result at line 52
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (4/6):
+Effect at line 52
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (5/6):
+Call Result at line 54
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 42) in 'caller2' (6/6):
+Effect at line 54
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function caller3
+------------------------------------------------------------
+
+Goal Post-condition 'postcs' in 'caller3':
+Assume { Type: is_sint32(codeCursor_1) /\ is_sint32(codeCursor_0). }
+Prove: codeCursor_0 = codeCursor_1.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3' (1/5):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3' (2/5):
+Call Result at line 69
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3' (3/5):
+Effect at line 69
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3' (4/5):
+Call Result at line 71
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 59) in 'caller3' (5/5):
+Effect at line 71
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function caller4
+------------------------------------------------------------
+
+Goal Post-condition 'postcs' in 'caller4':
+Assume { Type: is_sint32(codeCursor_1) /\ is_sint32(codeCursor_0). }
+Prove: codeCursor_0 = codeCursor_1.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4':
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (1/6):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (2/6):
+Effect at line 84
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (3/6):
+Call Result at line 87
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (4/6):
+Effect at line 87
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (5/6):
+Call Result at line 88
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 76) in 'caller4' (6/6):
+Effect at line 88
+Prove: true.
+
+------------------------------------------------------------
+------------------------------------------------------------
+ Function is_class
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 15) in 'is_class' (1/2):
+Prove: true.
+
+------------------------------------------------------------
+
+Goal Assigns (file tests/wp_bts/issue_pub_49.i, line 15) in 'is_class' (2/2):
+Effect at line 20
+Prove: true.
+
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle/nupw-bcl-bts1120.res.oracle b/src/plugins/wp/tests/wp_bts/oracle/nupw-bcl-bts1120.res.oracle
index 60c6a834f15bdb4a543704f01696ec53c64f493f..eff9406479df302f65f77213ca0d26249c650091 100644
--- a/src/plugins/wp/tests/wp_bts/oracle/nupw-bcl-bts1120.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle/nupw-bcl-bts1120.res.oracle
@@ -1,34 +1,7 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_bts/nupw-bcl-bts1120.i (no preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp_bts/nupw-bcl-bts1120.i:54: Warning:
- [cfg] Forget exits clause of node <blkIn-stmt:26>
-[wp] tests/wp_bts/nupw-bcl-bts1120.i:54: Warning:
- [cfg] Forget exits clause of node <blkIn-stmt:26>
-[wp] [CFG] Goal unreachable_smt_with_contract_assigns : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_exits_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_ensures_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_requires_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_assert_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_call_f_with_precond_requires_ok : Valid (Unreachable)
[wp] Warning: Missing RTE guards
-------------------------------------------------------------
- Function cfg_domination_problem
-------------------------------------------------------------
-
-Goal Exit-condition 'e' in 'cfg_domination_problem':
-Assume { (* Exit 'f' *) Have: P_ExitF(0). }
-Prove: P_ExitP(0).
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function cfg_domination_problem with behavior default_for_stmt_26
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp_bts/nupw-bcl-bts1120.i, line 60) at block:
-Prove: true.
-
-------------------------------------------------------------
------------------------------------------------------------
Function g
------------------------------------------------------------
@@ -54,27 +27,13 @@ Prove: true.
------------------------------------------------------------
Goal Assigns nothing in 'g' (2/3):
-Call Result at line 27
+Call Result at line 18
Prove: true.
------------------------------------------------------------
Goal Assigns nothing in 'g' (3/3):
-Effect at line 29
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function unreachable_smt_with_contract
-------------------------------------------------------------
-
-Goal Post-condition 'ok' in 'unreachable_smt_with_contract':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Instance of 'Pre-condition 'ok' in 'f_with_precond'' in 'unreachable_smt_with_contract' at initialization of 'tmp' (file tests/wp_bts/nupw-bcl-bts1120.i, line 40)
-:
+Effect at line 20
Prove: true.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_259.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_259.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..0e4c596a069b32b07bcb98189b26265f41af60c2
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_259.res.oracle
@@ -0,0 +1,19 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_bts/issue_259.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+[wp] 7 goals scheduled
+[wp] [Qed] Goal typed_f_assigns : Valid
+[wp] [Qed] Goal typed_g_assigns_exit : Valid
+[wp] [Qed] Goal typed_g_assigns_normal_part1 : Valid
+[wp] [Qed] Goal typed_g_assigns_normal_part2 : Valid
+[wp] [Qed] Goal typed_g_assigns_normal_part3 : Valid
+[wp] [Qed] Goal typed_g_assigns_normal_part4 : Valid
+[wp] [Qed] Goal typed_g_assigns_normal_part5 : Valid
+[wp] Proved goals: 7 / 7
+ Qed: 7
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ f 1 - 1 100%
+ g 6 - 6 100%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_453.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_453.res.oracle
deleted file mode 100644
index c4d33cc9b69a9af5442f34759db1c02b3fd3aa32..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_453.res.oracle
+++ /dev/null
@@ -1,18 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_bts/issue_453.i (no preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 6 goals scheduled
-[wp] [Qed] Goal typed_f1_loop_assigns : Valid
-[wp] [Qed] Goal typed_f1_ensures_Sincr : Valid
-[wp] [Qed] Goal typed_f1_assigns : Valid
-[wp] [Qed] Goal typed_f2_loop_assigns : Valid
-[wp] [Qed] Goal typed_f2_ensures_Sincr : Valid
-[wp] [Qed] Goal typed_f2_assigns : Valid
-[wp] Proved goals: 6 / 6
- Qed: 6
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- f1 3 - 3 100%
- f2 3 - 3 100%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_pub_49.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_pub_49.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..76e0835aa2732681a1d5e587b32aadf36ef53d91
--- /dev/null
+++ b/src/plugins/wp/tests/wp_bts/oracle_qualif/issue_pub_49.res.oracle
@@ -0,0 +1,49 @@
+# frama-c -wp [...]
+[kernel] Parsing tests/wp_bts/issue_pub_49.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+[wp] 33 goals scheduled
+[wp] [Qed] Goal typed_is_class_assigns_part1 : Valid
+[wp] [Qed] Goal typed_is_class_assigns_part2 : Valid
+[wp] [Alt-Ergo] Goal typed_caller1_ensures_postcs : Unsuccess
+[wp] [Qed] Goal typed_caller1_assigns_exit : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part1 : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part2 : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part3 : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part4 : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part5 : Valid
+[wp] [Qed] Goal typed_caller1_assigns_normal_part6 : Valid
+[wp] [Alt-Ergo] Goal typed_caller2_ensures_postcs : Unsuccess
+[wp] [Qed] Goal typed_caller2_assigns_exit : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part1 : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part2 : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part3 : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part4 : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part5 : Valid
+[wp] [Qed] Goal typed_caller2_assigns_normal_part6 : Valid
+[wp] [Alt-Ergo] Goal typed_caller3_ensures_postcs : Unsuccess
+[wp] [Qed] Goal typed_caller3_assigns_exit : Valid
+[wp] [Qed] Goal typed_caller3_assigns_normal_part1 : Valid
+[wp] [Qed] Goal typed_caller3_assigns_normal_part2 : Valid
+[wp] [Qed] Goal typed_caller3_assigns_normal_part3 : Valid
+[wp] [Qed] Goal typed_caller3_assigns_normal_part4 : Valid
+[wp] [Qed] Goal typed_caller3_assigns_normal_part5 : Valid
+[wp] [Alt-Ergo] Goal typed_caller4_ensures_postcs : Unsuccess
+[wp] [Qed] Goal typed_caller4_assigns_exit : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part1 : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part2 : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part3 : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part4 : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part5 : Valid
+[wp] [Qed] Goal typed_caller4_assigns_normal_part6 : Valid
+[wp] Proved goals: 29 / 33
+ Qed: 29
+ Alt-Ergo: 0 (unsuccess: 4)
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ is_class 2 - 2 100%
+ caller1 7 - 8 87.5%
+ caller2 7 - 8 87.5%
+ caller3 6 - 7 85.7%
+ caller4 7 - 8 87.5%
+------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/nupw-bcl-bts1120.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/nupw-bcl-bts1120.res.oracle
index b7eb301f1182c82ee5e56750240487d8a1b2d157..5b44fe269a0aaad1f748f775bd1d60b541c94f32 100644
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/nupw-bcl-bts1120.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle_qualif/nupw-bcl-bts1120.res.oracle
@@ -1,26 +1,17 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_bts/nupw-bcl-bts1120.i (no preprocessing)
[wp] Running WP plugin...
-[wp] [CFG] Goal unreachable_smt_with_contract_assigns : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_exits_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_ensures_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_requires_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_assert_ok : Valid (Unreachable)
-[wp] [CFG] Goal unreachable_smt_with_contract_call_f_with_precond_requires_ok : Valid (Unreachable)
[wp] Warning: Missing RTE guards
-[wp] 8 goals scheduled
+[wp] 6 goals scheduled
[wp] [Qed] Goal typed_g_exits_ok : Valid
[wp] [Qed] Goal typed_g_loop_assigns : Valid
[wp] [Qed] Goal typed_g_assigns_exit : Valid
[wp] [Qed] Goal typed_g_assigns_normal_part1 : Valid
[wp] [Qed] Goal typed_g_assigns_normal_part2 : Valid
[wp] [Qed] Goal typed_g_assigns_normal_part3 : Valid
-[wp] [Qed] Goal typed_unreachable_smt_with_contract_ensures_ok_2 : Valid
-[wp] [Qed] Goal typed_unreachable_smt_with_contract_call_f_with_precond_2_requires_ok : Valid
-[wp] Proved goals: 14 / 14
- Qed: 8
+[wp] Proved goals: 6 / 6
+ Qed: 6
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
g 6 - 6 100%
- unreachable_smt_with_contract 2 - 2 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_gallery/loop-statement.c b/src/plugins/wp/tests/wp_gallery/loop-statement.c
deleted file mode 100644
index 17ed5049fa2de68ed3426efc0cc3ff640ae2acf6..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_gallery/loop-statement.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* run.config
- OPT: -wp-no-print
-*/
-
-/* run.config_qualif
- OPT:
-*/
-
-typedef char Te; // type for loop inputs
-typedef int Ts; // type for loop outputs
-
-/*@ axiomatic Ts_list {
- @ logic \list<Ts> empty_Ts_list = \Nil;
- @ logic \list<Ts> add2_Ts_tail(\list<Ts> x, Ts b) =
- \concat(x, \Cons(b, empty_Ts_list));
- @ } */
-
-/*@ axiomatic Ploop {
-
- @ predicate Pcond( Te e, Ts a ) reads \nothing;
- @ predicate Pbody( Te e, Ts a, Ts b ) reads \nothing;
- @ predicate Piter( Te e, Ts a, Ts b ) = Pbody(e,a,b) && Pcond(e,a);
-
- @ predicate Pinv( \list<Ts> x, Te e, Ts i, Ts a ) =
- 0 < \length(x)
- && i == \nth(x, 0)
- && a == \nth(x, \length(x)-1)
- && \forall integer k ;
- 0 <= k < \length(x)-1 ==> Piter(e, \nth(x, k), \nth(x, k+1) );
-
- @ predicate Pinduc( Te e, Ts a, Ts b ) =
- \forall Ts i, \list<Ts> x ;
- Pinv(x, e, i, a)
- ==> Pinv( add2_Ts_tail(x,b), e, i, b );
-
- @ lemma Lb:
- \forall Te e, Ts a, b ;
- Piter(e, a, b)
- ==> Pinduc( e, a, b );
-
- @ predicate Ploop( Te e, Ts i, Ts b ) =
- \exists \list<Ts> x ; Pinv( x, e, i, b ) ;
-
- @ } */
-
-/*@ assigns \nothing;
- @*/
-void nop(void);
-
-Ts G; // Loop outputs
-
-/*@ assigns \nothing;
- @ ensures Cond: \result != 0 <==> Pcond( e, G );
- @*/
-int cond(Te e);
-
-/*@ assigns G;
- @ ensures Body: Pbody( e, \old(G), G );
- @*/
-void body(Te e);
-
-/*@ assigns G;
- @ ensures Scond: !Pcond( e, G );
- @ ensures Sloop: Ploop( e, \old( G ), G );
- @*/
-void loop_statement(Te e) {
- /*@ requires Rinv: Pinv(add2_Ts_tail(empty_Ts_list,G), e, G, G);
- @ assigns G;
- @ ensures Scond: !Pcond(e, G );
- @ ensures Sloop: Ploop(e, \old( G ), G ) ;
- @*/
- /*@ loop assigns G;
- @ loop invariant Iloop: Ploop(e, \at( G, LoopEntry ), G );
- @*/
- while (cond(e))
- /*@ requires Scond: Pcond( e, G );
- @ assigns G ;
- @ ensures Sbody: Pbody( e, \old(G), G );
- @*/
- body(e);
-}
diff --git a/src/plugins/wp/tests/wp_gallery/oracle/loop-statement.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle/loop-statement.res.oracle
deleted file mode 100644
index 50da7d7cc9742dc4a67cbc33ad14e981cf8ba729..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_gallery/oracle/loop-statement.res.oracle
+++ /dev/null
@@ -1,19 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_gallery/loop-statement.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] Goal typed_lemma_Lb : not tried
-[wp] Goal typed_loop_statement_requires_Scond : not tried
-[wp] Goal typed_loop_statement_ensures_Sbody : not tried
-[wp] Goal typed_loop_statement_assigns : trivial
-[wp] Goal typed_loop_statement_requires_Rinv : not tried
-[wp] Goal typed_loop_statement_ensures_Scond : not tried
-[wp] Goal typed_loop_statement_ensures_Sloop : not tried
-[wp] Goal typed_loop_statement_loop_invariant_Iloop_preserved : not tried
-[wp] Goal typed_loop_statement_loop_invariant_Iloop_established : not tried
-[wp] Goal typed_loop_statement_loop_assigns_part1 : trivial
-[wp] Goal typed_loop_statement_loop_assigns_part2 : not tried
-[wp] Goal typed_loop_statement_assigns_2_exit_part1 : trivial
-[wp] Goal typed_loop_statement_assigns_2_exit_part2 : not tried
-[wp] Goal typed_loop_statement_assigns_2_normal_part1 : trivial
-[wp] Goal typed_loop_statement_assigns_2_normal_part2 : not tried
diff --git a/src/plugins/wp/tests/wp_gallery/oracle/string-compare.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle/string-compare.res.oracle
index 0c5741ea36b8b38350a2110b5dbc622c93d6c527..98a7751d496c33aedd0f6c6e53c064d43eb29356 100644
--- a/src/plugins/wp/tests/wp_gallery/oracle/string-compare.res.oracle
+++ b/src/plugins/wp/tests/wp_gallery/oracle/string-compare.res.oracle
@@ -25,6 +25,7 @@
[wp] Goal typed_stringCompare_assert_rte_mem_access : not tried
[wp] Goal typed_stringCompare_assert_rte_mem_access_2 : not tried
[wp] Goal typed_stringCompare_assert_rte_mem_access_3 : not tried
+[wp] Goal typed_stringCompare_assert_length : not tried
[wp] Goal typed_stringCompare_assert_different : not tried
[wp] Goal typed_stringCompare_assert_rte_mem_access_4 : not tried
[wp] Goal typed_stringCompare_assert_rte_mem_access_5 : not tried
diff --git a/src/plugins/wp/tests/wp_gallery/oracle_qualif/loop-statement.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle_qualif/loop-statement.res.oracle
deleted file mode 100644
index a86dae9951bdf6be94cf4c1213e92c65b93591a9..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_gallery/oracle_qualif/loop-statement.res.oracle
+++ /dev/null
@@ -1,30 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_gallery/loop-statement.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 15 goals scheduled
-[wp] [Alt-Ergo] Goal typed_lemma_Lb : Unsuccess
-[wp] [Qed] Goal typed_loop_statement_requires_Scond : Valid
-[wp] [Qed] Goal typed_loop_statement_ensures_Sbody : Valid
-[wp] [Qed] Goal typed_loop_statement_assigns : Valid
-[wp] [Alt-Ergo] Goal typed_loop_statement_requires_Rinv : Valid
-[wp] [Qed] Goal typed_loop_statement_ensures_Scond : Valid
-[wp] [Qed] Goal typed_loop_statement_ensures_Sloop : Valid
-[wp] [Alt-Ergo] Goal typed_loop_statement_loop_invariant_Iloop_preserved : Valid
-[wp] [Alt-Ergo] Goal typed_loop_statement_loop_invariant_Iloop_established : Valid
-[wp] [Qed] Goal typed_loop_statement_loop_assigns_part1 : Valid
-[wp] [Qed] Goal typed_loop_statement_loop_assigns_part2 : Valid
-[wp] [Qed] Goal typed_loop_statement_assigns_2_exit_part1 : Valid
-[wp] [Qed] Goal typed_loop_statement_assigns_2_exit_part2 : Valid
-[wp] [Qed] Goal typed_loop_statement_assigns_2_normal_part1 : Valid
-[wp] [Qed] Goal typed_loop_statement_assigns_2_normal_part2 : Valid
-[wp] Proved goals: 14 / 15
- Qed: 11
- Alt-Ergo: 3 (unsuccess: 1)
-------------------------------------------------------------
- Axiomatics WP Alt-Ergo Total Success
- Axiomatic Ploop - - 1 0.0%
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- loop_statement 11 3 14 100%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_gallery/oracle_qualif/string-compare.res.oracle b/src/plugins/wp/tests/wp_gallery/oracle_qualif/string-compare.res.oracle
index 98114b8eb4713eda59a07effdbde20813a2eea86..156f1020095f885d4fc4fed5c5caf5cd5bfae4ec 100644
--- a/src/plugins/wp/tests/wp_gallery/oracle_qualif/string-compare.res.oracle
+++ b/src/plugins/wp/tests/wp_gallery/oracle_qualif/string-compare.res.oracle
@@ -1,10 +1,10 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_gallery/string-compare.c (with preprocessing)
[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
[wp] [CFG] Goal stringCompare_exits_never : Valid (Unreachable)
[wp] [CFG] Goal stringLength_exits_never : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
-[wp] 51 goals scheduled
+[wp] 52 goals scheduled
[wp] [Qed] Goal typed_stringCompare_complete_SomeDifferent_allEqual : Valid
[wp] [Qed] Goal typed_stringCompare_disjoint_SomeDifferent_allEqual : Valid
[wp] [Alt-Ergo] Goal typed_stringCompare_loop_invariant_equal_preserved : Valid
@@ -21,6 +21,7 @@
[wp] [Alt-Ergo] Goal typed_stringCompare_loop_invariant_strlen_s1_established : Valid
[wp] [Alt-Ergo] Goal typed_stringCompare_loop_invariant_strlen_s2_preserved : Valid
[wp] [Alt-Ergo] Goal typed_stringCompare_loop_invariant_strlen_s2_established : Valid
+[wp] [Alt-Ergo] Goal typed_stringCompare_assert_length : Valid
[wp] [Alt-Ergo] Goal typed_stringCompare_assert_different : Valid
[wp] [Qed] Goal typed_stringCompare_loop_assigns_part1 : Valid
[wp] [Qed] Goal typed_stringCompare_loop_assigns_part2 : Valid
@@ -56,12 +57,12 @@
[wp] [Qed] Goal typed_main_assigns_normal_part1 : Valid
[wp] [Qed] Goal typed_main_assigns_normal_part2 : Valid
[wp] [Alt-Ergo] Goal typed_main_call_stringCompare_requires_validStrings : Valid
-[wp] Proved goals: 53 / 53
+[wp] Proved goals: 54 / 54
Qed: 33
- Alt-Ergo: 18
+ Alt-Ergo: 19
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- stringCompare 19 12 31 100%
+ stringCompare 19 13 32 100%
stringLength 9 4 13 100%
main 5 2 7 100%
------------------------------------------------------------
@@ -83,7 +84,7 @@
Alt-Ergo: 6
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- stringCompare 21 17 38 100%
+ stringCompare 21 18 39 100%
stringLength 9 5 14 100%
main 5 2 7 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_gallery/string-compare.c b/src/plugins/wp/tests/wp_gallery/string-compare.c
index 950ed7f72d78a0e34da6241c20251f29787cde37..0d4f0d05670f2019e1c15d52a373bdc2ed9dc4a3 100644
--- a/src/plugins/wp/tests/wp_gallery/string-compare.c
+++ b/src/plugins/wp/tests/wp_gallery/string-compare.c
@@ -38,8 +38,10 @@ int stringCompare(const char* s1, const char* s2) {
loop assigns s1, s2; */
while (*s1 == *(s2++))
{
- if (*(s1++) == '\0')
+ if (*(s1++) == '\0') {
+ //@ assert length: strlen(s1-1) == strlen(s2-1) == 0;
return 0;
+ }
}
//@ assert different: \let k = \at(strlen(s1), Pre) - strlen(s1) ; \at(s1,Pre)[k] != \at(s2,Pre)[k];
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
index f4ddcc684505866177434a0690f31e787b73a9da..6152d9ccb40d0b94cd60d4cd74e7cf6544bb3cb2 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/dispatch_var2.0.res.oracle
@@ -13,20 +13,15 @@ Assume {
(* Heap *)
Type: is_sint32(x_1).
(* Block In *)
- Have: (Init_tmp_0=false) /\ (ta_tmp_0=true) /\ (ta_tmp_1=false).
- Have: ((Init_tmp_0=true) <-> (Init_tmp_1=true)) /\
- ((ta_tmp_0=true) <-> (ta_tmp_2=true)).
+ Have: (Init_tmp_0=false) /\ (ta_tmp_0=false).
(* Call 'reset' *)
Have: x = 0.
- Have: (ta_tmp_2=true) <-> (ta_tmp_3=true).
(* Call 'load' *)
Have: (tmp_0 = load_0) /\ (x = load_0).
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
(* Return *)
Have: tmp_0 = call_global_0.
- (* Block Out *)
- Have: (ta_tmp_3=true).
}
Prove: call_global_0 = 0.
@@ -51,13 +46,12 @@ Assume {
Have: (ta_tmp_1=true) <-> (ta_tmp_0=true).
(* Block In *)
Have: (Init_tmp_0=false) /\ (ta_tmp_1=false).
- Have: (Init_tmp_0=true) <-> (Init_tmp_1=true).
(* Call 'reset' *)
Have: x = 0.
(* Call 'load' *)
Have: x = load_0.
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
}
Prove: (ta_tmp_0=false).
@@ -83,26 +77,19 @@ Assume {
Type: is_sint32(call_local_0) /\ is_sint32(load_0) /\ is_sint32(tmp_0) /\
is_sint32(z).
(* Block In *)
- Have: (Init_tmp_0=false) /\ (Init_z_0=false) /\ (ta_tmp_0=true) /\
- (ta_tmp_1=false) /\ (ta_z_0=true) /\ (ta_z_1=false).
- Have: ((Init_tmp_0=true) <-> (Init_tmp_1=true)) /\
- ((Init_z_0=true) <-> (Init_z_1=true)) /\
- ((ta_tmp_0=true) <-> (ta_tmp_2=true)) /\
- ((ta_z_0=true) <-> (ta_z_2=true)).
+ Have: (Init_tmp_0=false) /\ (Init_z_0=false) /\ (ta_tmp_0=false) /\
+ (ta_z_0=false).
+ Have: (Init_z_0=true) <-> (Init_z_1=true).
(* Call 'reset' *)
- Have: (ta_z_0=true) /\ (z = 0).
+ Have: z = 0.
(* Call Effects *)
Have: ((Init_z_1=true) -> (Init_z_2=true)).
- Have: ((ta_tmp_2=true) <-> (ta_tmp_3=true)) /\
- ((ta_z_2=true) <-> (ta_z_3=true)).
(* Call 'load' *)
- Have: (ta_z_2=true) /\ (tmp_0 = load_0) /\ (z = load_0).
+ Have: (tmp_0 = load_0) /\ (z = load_0).
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
(* Return *)
Have: tmp_0 = call_local_0.
- (* Block Out *)
- Have: (ta_tmp_3=true) /\ (ta_z_3=true).
}
Prove: call_local_0 = 0.
@@ -119,20 +106,17 @@ Assume {
Type: is_sint32(status_0) /\ is_sint32(status_1) /\ is_sint32(z).
Have: (ta_z_1=true) <-> (ta_z_0=true).
(* Block In *)
- Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_2=true) /\
- (ta_z_1=false).
+ Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_1=false).
(* Merge *)
Either {
Case:
Have: (Init_z_0=true) <-> (Init_z_1=true).
(* Call 'reset' *)
- Have: (ta_z_2=true) /\ (z = 0).
+ Have: z = 0.
(* Call Effects *)
Have: ((Init_z_1=true) -> (Init_z_2=true)).
Case:
Have: (Init_z_0=true) <-> (Init_z_3=true).
- (* Exit 'reset' *)
- Have: (ta_z_2=true).
(* Exit Effects *)
Have: ((Init_z_3=true) -> (Init_z_4=true)).
}
@@ -152,11 +136,10 @@ Assume {
Type: is_sint32(z).
Have: (ta_z_1=true) <-> (ta_z_0=true).
(* Block In *)
- Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_2=true) /\
- (ta_z_1=false).
+ Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_1=false).
Have: (Init_z_0=true) <-> (Init_z_1=true).
(* Call 'reset' *)
- Have: (ta_z_2=true) /\ (z = 0).
+ Have: z = 0.
(* Call Effects *)
Have: ((Init_z_1=true) -> (Init_z_2=true)).
}
@@ -171,18 +154,16 @@ Assume {
Have: (ta_tmp_1=true) <-> (ta_tmp_0=true).
(* Block In *)
Have: (Init_tmp_0=false) /\ (Init_z_0=false) /\ (ta_tmp_1=false) /\
- (ta_z_0=true) /\ (ta_z_1=false).
- Have: ((Init_tmp_0=true) <-> (Init_tmp_1=true)) /\
- ((Init_z_0=true) <-> (Init_z_1=true)) /\
- ((ta_z_0=true) <-> (ta_z_2=true)).
+ (ta_z_0=false).
+ Have: (Init_z_0=true) <-> (Init_z_1=true).
(* Call 'reset' *)
- Have: (ta_z_0=true) /\ (z = 0).
+ Have: z = 0.
(* Call Effects *)
Have: ((Init_z_1=true) -> (Init_z_2=true)).
(* Call 'load' *)
- Have: (ta_z_2=true) /\ (z = load_0).
+ Have: z = load_0.
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
}
Prove: (ta_tmp_0=false).
@@ -203,12 +184,11 @@ Goal Instance of 'Pre-condition (file tests/wp_hoare/dispatch_var2.i, line 27) i
Assume {
Type: is_sint32(z).
(* Block In *)
- Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_1=true) /\
- (ta_z_2=false).
- Have: ((Init_z_0=true) <-> (Init_z_1=true)) /\
- ((ta_z_1=true) <-> (ta_z_0=true)).
+ Have: (Init_z_0=false) /\ (ta_tmp_0=false) /\ (ta_z_0=true) /\
+ (ta_z_1=false).
+ Have: (Init_z_0=true) <-> (Init_z_1=true).
(* Call 'reset' *)
- Have: (ta_z_1=true) /\ (z = 0).
+ Have: (ta_z_0=true) /\ (z = 0).
(* Call Effects *)
Have: ((Init_z_1=true) -> (Init_z_2=true)).
}
@@ -228,22 +208,21 @@ Assume {
(* Pre-condition *)
Have: (ta_y_0=true).
(* Frame In *)
- Have: (ta_y_0=false).
+ Have: (ta_y_1=true) /\ (ta_y_0=false).
(* Block In *)
- Have: (Init_tmp_0=false) /\ (ta_tmp_0=true) /\ (ta_tmp_1=false).
- Have: ((Init_tmp_0=true) <-> (Init_tmp_1=true)) /\
- ((ta_tmp_0=true) <-> (ta_tmp_2=true)).
+ Have: (Init_tmp_0=false) /\ (ta_tmp_0=false).
+ Have: (ta_y_1=true) <-> (ta_y_2=true).
(* Call 'reset' *)
- Have: y = 0.
- Have: (ta_tmp_2=true) <-> (ta_tmp_3=true).
+ Have: (ta_y_1=true) /\ (y = 0).
+ Have: (ta_y_2=true) <-> (ta_y_3=true).
(* Call 'load' *)
- Have: (tmp_0 = load_0) /\ (y = load_0).
+ Have: (ta_y_2=true) /\ (tmp_0 = load_0) /\ (y = load_0).
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
(* Return *)
Have: tmp_0 = call_param_0.
- (* Block Out *)
- Have: (ta_tmp_3=true).
+ (* Frame Out *)
+ Have: (ta_y_3=true).
}
Prove: call_param_0 = 0.
@@ -264,11 +243,14 @@ Assume {
(* Pre-condition *)
Have: (ta_y_1=true).
(* Frame In *)
- Have: (ta_y_1=false).
+ Have: (ta_y_2=true) /\ (ta_y_1=false).
(* Block In *)
Have: (ta_tmp_0=false).
(* Merge *)
- Either { Case: (* Call 'reset' *) Have: y = 0. Case: }
+ Either {
+ Case: (* Call 'reset' *) Have: (ta_y_2=true) /\ (y = 0).
+ Case: (* Exit 'reset' *) Have: (ta_y_2=true).
+ }
}
Prove: (ta_y_0=false).
@@ -289,11 +271,11 @@ Assume {
(* Pre-condition *)
Have: (ta_y_1=true).
(* Frame In *)
- Have: (ta_y_1=false).
+ Have: (ta_y_2=true) /\ (ta_y_1=false).
(* Block In *)
Have: (ta_tmp_0=false).
(* Call 'reset' *)
- Have: y = 0.
+ Have: (ta_y_2=true) /\ (y = 0).
}
Prove: (ta_y_0=false).
@@ -309,16 +291,16 @@ Assume {
(* Pre-condition *)
Have: (ta_y_0=true).
(* Frame In *)
- Have: (ta_y_0=false).
+ Have: (ta_y_1=true) /\ (ta_y_0=false).
(* Block In *)
Have: (Init_tmp_0=false) /\ (ta_tmp_1=false).
- Have: (Init_tmp_0=true) <-> (Init_tmp_1=true).
+ Have: (ta_y_1=true) <-> (ta_y_2=true).
(* Call 'reset' *)
- Have: y = 0.
+ Have: (ta_y_1=true) /\ (y = 0).
(* Call 'load' *)
- Have: y = load_0.
+ Have: (ta_y_2=true) /\ (y = load_0).
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
}
Prove: (ta_tmp_0=false).
@@ -349,11 +331,12 @@ Assume {
(* Pre-condition *)
Have: (ta_y_1=true).
(* Frame In *)
- Have: (ta_y_0=true) /\ (ta_y_1=false).
+ Have: (ta_y_2=true) /\ (ta_y_1=false).
(* Block In *)
Have: (ta_tmp_0=false).
+ Have: (ta_y_2=true) <-> (ta_y_0=true).
(* Call 'reset' *)
- Have: (ta_y_0=true) /\ (y = 0).
+ Have: (ta_y_2=true) /\ (y = 0).
}
Prove: (ta_y_0=true).
@@ -367,20 +350,15 @@ Assume {
Type: is_sint32(call_param_ref_0) /\ is_sint32(load_0) /\ is_sint32(q) /\
is_sint32(tmp_0).
(* Block In *)
- Have: (Init_tmp_0=false) /\ (ta_tmp_0=true) /\ (ta_tmp_1=false).
- Have: ((Init_tmp_0=true) <-> (Init_tmp_1=true)) /\
- ((ta_tmp_0=true) <-> (ta_tmp_2=true)).
+ Have: (Init_tmp_0=false) /\ (ta_tmp_0=false).
(* Call 'reset' *)
Have: q = 0.
- Have: (ta_tmp_2=true) <-> (ta_tmp_3=true).
(* Call 'load' *)
Have: (q = load_0) /\ (tmp_0 = load_0).
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
(* Return *)
Have: tmp_0 = call_param_ref_0.
- (* Block Out *)
- Have: (ta_tmp_3=true).
}
Prove: call_param_ref_0 = 0.
@@ -403,13 +381,12 @@ Assume {
Have: (ta_tmp_1=true) <-> (ta_tmp_0=true).
(* Block In *)
Have: (Init_tmp_0=false) /\ (ta_tmp_1=false).
- Have: (Init_tmp_0=true) <-> (Init_tmp_1=true).
(* Call 'reset' *)
Have: q = 0.
(* Call 'load' *)
Have: q = load_0.
(* Return Effects *)
- Have: ((Init_tmp_1=true) -> (Init_tmp_2=true)).
+ Have: ((Init_tmp_0=true) -> (Init_tmp_1=true)).
}
Prove: (ta_tmp_0=false).
diff --git a/src/plugins/wp/tests/wp_hoare/oracle/logicarr.res.oracle b/src/plugins/wp/tests/wp_hoare/oracle/logicarr.res.oracle
index 921a9d48bb67a629f3c58bd262f2a5c5c64667d7..690c55528526963ba74e2e27488bee1c90608990 100644
--- a/src/plugins/wp/tests/wp_hoare/oracle/logicarr.res.oracle
+++ b/src/plugins/wp/tests/wp_hoare/oracle/logicarr.res.oracle
@@ -17,7 +17,11 @@ Assume {
IsArray_sint32(Array_sint32(a, 10, Mint_0)) /\ is_sint32(x) /\
IsArray_sint32(Array_sint32(a, 10, m)).
(* Pre-condition *)
- Have: (0 <= i) /\ (0 <= j) /\ (0 <= k) /\ (i <= 9) /\ (j <= 9) /\ (k <= 9).
+ Have: (0 <= i) /\ (i <= 9).
+ (* Pre-condition *)
+ Have: (0 <= j) /\ (j <= 9).
+ (* Pre-condition *)
+ Have: (0 <= k) /\ (k <= 9).
}
Prove: P_p_pointer(m, Mint_0, shift_sint32(a, 0), i, j).
@@ -35,7 +39,11 @@ Assume {
Type: is_sint32(i) /\ is_sint32(j) /\ is_sint32(k) /\ IsArray_sint32(m) /\
is_sint32(x) /\ IsArray_sint32(m_1).
(* Pre-condition *)
- Have: (0 <= i) /\ (0 <= j) /\ (0 <= k) /\ (i <= 9) /\ (j <= 9) /\ (k <= 9).
+ Have: (0 <= i) /\ (i <= 9).
+ (* Pre-condition *)
+ Have: (0 <= j) /\ (j <= 9).
+ (* Pre-condition *)
+ Have: (0 <= k) /\ (k <= 9).
}
Prove: P_p_arrays(m, i, m_1, j).
@@ -53,7 +61,11 @@ Assume {
IsArray_sint32(Array_sint32(a, 10, Mint_0)) /\ is_sint32(x) /\
IsArray_sint32(m).
(* Pre-condition *)
- Have: (0 <= i) /\ (0 <= j) /\ (0 <= k) /\ (i <= 9) /\ (j <= 9) /\ (k <= 9).
+ Have: (0 <= i) /\ (i <= 9).
+ (* Pre-condition *)
+ Have: (0 <= j) /\ (j <= 9).
+ (* Pre-condition *)
+ Have: (0 <= k) /\ (k <= 9).
}
Prove: P_p_dummy(m, j, k).
diff --git a/src/plugins/wp/tests/wp_plugin/cfg.c b/src/plugins/wp/tests/wp_plugin/cfg.c
index 0c0a510591c31a3e1074d13742043bd4614be76a..76b6505c4cf0e176c6e0bd8f35488faaf06db478 100644
--- a/src/plugins/wp/tests/wp_plugin/cfg.c
+++ b/src/plugins/wp/tests/wp_plugin/cfg.c
@@ -1,7 +1,7 @@
//@ assigns \nothing;
void foo(void);
-/*@ ensures BUG_WP: \false; */
+/*@ ensures BUG_LEGACY_WP: \false; */
void f1(void)
{
if (0 == 1)
@@ -14,7 +14,7 @@ void f1(void)
return_label: return;
}
-/*@ ensures BUG_WP: \false; */
+/*@ ensures BUG_LEGACY_WP: \false; */
void f1_simpler(void)
{
if (0 == 1)
@@ -26,7 +26,7 @@ void f1_simpler(void)
return_label: return;
}
-/*@ ensures BUG_WP: \false; */
+/*@ ensures BUG_LEGACY_WP: \false; */
void f1_variant(void)
{
if (0 == 1) L: ;
@@ -50,7 +50,7 @@ void f1_variant_invert(void)
return_label: return;
}
-/*@ ensures BUG_WP: \false; */
+/*@ ensures BUG_LEGACY_WP: \false; */
void f2(void)
{
if (0 == 1)
diff --git a/src/plugins/wp/tests/wp_plugin/dynamic.i b/src/plugins/wp/tests/wp_plugin/dynamic.i
index ccde8d32cf69e67cc1595503336e8a461d1b98aa..29074a3725889a4838217a6e0b0fb23820de4ad4 100644
--- a/src/plugins/wp/tests/wp_plugin/dynamic.i
+++ b/src/plugins/wp/tests/wp_plugin/dynamic.i
@@ -1,9 +1,11 @@
/* run.config
- OPT: -wp-dynamic -wp-msg-key "calls"
+ OPT: -wp-dynamic -wp-msg-key "calls" -wp-skip-fct="guarded_call"
+ OPT: -wp-dynamic -wp-msg-key "calls" -wp-fct="guarded_call" -wp-no-let
*/
/* run.config_qualif
- OPT: -wp-dynamic -wp
+ OPT: -wp-dynamic -wp -wp-skip-fct="guarded_call"
+ OPT: -wp-dynamic -wp -wp-fct="guarded_call" -wp-no-let
*/
//-----------------------------------------------------------------------------
/*@
@@ -61,7 +63,7 @@ int h0(void);
@ assigns X1;
@ ensures X1==1; */
int behavior (int (*p)(void)) {
- //@ calls h1, h2; // Shall not be proved in default behavior (known bug)
+ //@ calls h1, h2; // Shall not be proved in default behavior
return (*p)();
}
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/asm.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/asm.res.oracle
index 0f8a43912a0cc578bfd602dbfe6432b3a3911553..bda829bf5c5ec2980e0af38afb543446d7ae7871 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/asm.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/asm.res.oracle
@@ -16,12 +16,3 @@ Assume { Type: is_sint32(dst_0). }
Prove: dst_0 = 2.
------------------------------------------------------------
-------------------------------------------------------------
- Function main with behavior default_for_stmt_3
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp_plugin/asm.i, line 5) at assembly (file tests/wp_plugin/asm.i, line 5):
-Effect at line 5
-Prove: false.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/bool.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/bool.res.oracle
index fd6a26d1a47e1e500fb53783e6de294dceaf19ab..e64f01b8de572469eb6c8bd521ac834e996739e4 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/bool.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/bool.res.oracle
@@ -8,11 +8,10 @@
Goal Post-condition for 'false' (file tests/wp_plugin/bool.i, line 28) in 'band_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(band_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(band_bool_0) /\
+ is_bool(retres_0).
(* Pre-condition for 'false' *)
- Have: (a_1 != 1) \/ (b_1 != 1).
+ Have: (a != 1) \/ (b != 1).
Have: (if (land(a, b) = 0) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = band_bool_0.
@@ -26,11 +25,10 @@ Prove: band_bool_0 = 0.
Goal Post-condition for 'true' (file tests/wp_plugin/bool.i, line 25) in 'band_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(band_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(band_bool_0) /\
+ is_bool(retres_0).
(* Pre-condition for 'true' *)
- Have: (a_1 = 1) /\ (b_1 = 1).
+ Have: (a = 1) /\ (b = 1).
Have: (if (land(a, b) = 0) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = band_bool_0.
@@ -44,11 +42,9 @@ Prove: band_bool_0 = 1.
Goal Post-condition for 'false' (file tests/wp_plugin/bool.i, line 18) in 'bor_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(bor_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(bor_bool_0) /\ is_bool(retres_0).
(* Pre-condition for 'false' *)
- Have: (a_1 != 1) /\ (b_1 != 1).
+ Have: (a != 1) /\ (b != 1).
Have: (if ((a = 0) & (b = 0)) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = bor_bool_0.
@@ -62,11 +58,9 @@ Prove: bor_bool_0 = 0.
Goal Post-condition for 'true' (file tests/wp_plugin/bool.i, line 15) in 'bor_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(bor_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(bor_bool_0) /\ is_bool(retres_0).
(* Pre-condition for 'true' *)
- Have: (a_1 = 1) \/ (b_1 = 1).
+ Have: (a = 1) \/ (b = 1).
Have: (if ((a = 0) & (b = 0)) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = bor_bool_0.
@@ -80,11 +74,10 @@ Prove: bor_bool_0 = 1.
Goal Post-condition for 'false' (file tests/wp_plugin/bool.i, line 37) in 'bxor_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(bxor_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(bxor_bool_0) /\
+ is_bool(retres_0).
(* Pre-condition for 'false' *)
- Have: ((a_1 != 0) \/ (b_1 != 1)) /\ ((a_1 != 1) \/ (b_1 != 0)).
+ Have: ((a != 0) \/ (b != 1)) /\ ((a != 1) \/ (b != 0)).
Have: (if (b = a) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = bxor_bool_0.
@@ -98,11 +91,10 @@ Prove: bxor_bool_0 = 0.
Goal Post-condition for 'true' (file tests/wp_plugin/bool.i, line 34) in 'bxor_bool':
Assume {
- Type: is_bool(a) /\ is_bool(a_1) /\ is_bool(b) /\ is_bool(b_1) /\
- is_bool(bxor_bool_0) /\ is_bool(retres_0).
- Have: (a_1 = a) /\ (b_1 = b).
+ Type: is_bool(a) /\ is_bool(b) /\ is_bool(bxor_bool_0) /\
+ is_bool(retres_0).
(* Pre-condition for 'true' *)
- Have: ((a_1 = 0) /\ (b_1 = 1)) \/ ((a_1 = 1) /\ (b_1 = 0)).
+ Have: ((a = 0) /\ (b = 1)) \/ ((a = 1) /\ (b = 0)).
Have: (if (b = a) then 0 else 1) = retres_0.
(* Return *)
Have: retres_0 = bxor_bool_0.
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/cfg.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/cfg.res.oracle
index f78e97da034cdcae042c07a28d2fdb21a6fead50..7f60486d328f49305869a1dfd91400fa33f89340 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/cfg.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/cfg.res.oracle
@@ -6,24 +6,24 @@
Function f1
------------------------------------------------------------
-Goal Post-condition 'BUG_WP' in 'f1':
-Prove: true.
+Goal Post-condition 'BUG_LEGACY_WP' in 'f1':
+Prove: false.
------------------------------------------------------------
------------------------------------------------------------
Function f1_simpler
------------------------------------------------------------
-Goal Post-condition 'BUG_WP' in 'f1_simpler':
-Prove: true.
+Goal Post-condition 'BUG_LEGACY_WP' in 'f1_simpler':
+Prove: false.
------------------------------------------------------------
------------------------------------------------------------
Function f1_variant
------------------------------------------------------------
-Goal Post-condition 'BUG_WP' in 'f1_variant':
-Prove: true.
+Goal Post-condition 'BUG_LEGACY_WP' in 'f1_variant':
+Prove: false.
------------------------------------------------------------
------------------------------------------------------------
@@ -38,7 +38,7 @@ Prove: false.
Function f2
------------------------------------------------------------
-Goal Post-condition 'BUG_WP' in 'f2':
-Prove: true.
+Goal Post-condition 'BUG_LEGACY_WP' in 'f2':
+Prove: false.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
index 2df09a43e2a673bf3e6e8921b8fd05865126d17a..0198e43bea60c3a8a1a53b753ea78da52ce375da 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/copy.res.oracle
@@ -17,7 +17,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
@@ -41,7 +43,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
@@ -74,7 +78,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_2[shift_sint32(b, i_1)] = a_2[shift_sint32(a, i_1)]))).
@@ -109,7 +115,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
@@ -134,7 +142,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < i).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(b, i_2)] = a_2[shift_sint32(a, i_2)]))).
@@ -174,7 +184,9 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
(* Pre-condition *)
- Have: (0 <= n) /\ separated(a_1, n, shift_sint32(b, 0), n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: separated(a_1, n, shift_sint32(b, 0), n).
(* Invariant 'Copy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_2[shift_sint32(b, i_1)] = a_2[shift_sint32(a, i_1)]))).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle
index 07bf46ceb48fa2196aac1041d66a314f86781b30..3d1765dc886a0b61c5f552bab3870f295737e34e 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/doomed.1.res.oracle
@@ -37,11 +37,9 @@ Goal Wp_smoke_default_requires in 'foo':
Assume {
Type: is_sint32(x).
(* Pre-condition *)
- Have: (x < 0) /\ P_REQUIRES(0, x).
- (* Pre-condition for 'A' *)
- Have: (P_ASSUMES(1, x) -> ((3 <= x) /\ P_REQUIRES(1, x))).
- (* Pre-condition for 'B' *)
- Have: (P_ASSUMES(2, x) -> P_REQUIRES(2, x)).
+ Have: P_REQUIRES(0, x).
+ (* Pre-condition *)
+ Have: x < 0.
}
Prove: false.
@@ -62,13 +60,13 @@ Goal Wp_smoke_B_requires in 'foo':
Assume {
Type: is_sint32(x).
(* Pre-condition *)
- Have: (x < 0) /\ P_REQUIRES(0, x).
- (* Pre-condition for 'A' *)
- Have: (P_ASSUMES(1, x) -> ((3 <= x) /\ P_REQUIRES(1, x))).
- (* Pre-condition for 'B' *)
- Have: P_REQUIRES(2, x).
+ Have: P_REQUIRES(0, x).
+ (* Pre-condition *)
+ Have: x < 0.
(* Pre-condition for 'B' *)
Have: P_ASSUMES(2, x).
+ (* Pre-condition for 'B' *)
+ Have: P_REQUIRES(2, x).
}
Prove: false.
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.0.res.oracle
similarity index 59%
rename from src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle
rename to src/plugins/wp/tests/wp_plugin/oracle/dynamic.0.res.oracle
index ad37a67830bf85dd03dd6f3a058108f367ee9ea3..36539b979844180fa6c2890fd7a98e4f7c07db89 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/dynamic.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.0.res.oracle
@@ -2,79 +2,18 @@
[kernel] Parsing tests/wp_plugin/dynamic.i (no preprocessing)
[wp] Running WP plugin...
[wp:calls] Computing dynamic calls.
-[wp] tests/wp_plugin/dynamic.i:30: Calls f1 f2
-[wp] tests/wp_plugin/dynamic.i:44: Calls g
-[wp] tests/wp_plugin/dynamic.i:65: Calls h1 h2
-[wp] tests/wp_plugin/dynamic.i:78: Calls (for bhv1) h1 h2 h0
-[wp] tests/wp_plugin/dynamic.i:78: Calls (for bhv0) h1 h2 h0
-[wp] tests/wp_plugin/dynamic.i:87: Calls h1
-[wp] tests/wp_plugin/dynamic.i:100: Calls unreachable_g
+[wp] tests/wp_plugin/dynamic.i:32: Calls f1 f2
+[wp] tests/wp_plugin/dynamic.i:46: Calls g
+[wp] tests/wp_plugin/dynamic.i:67: Calls h1 h2
+[wp] tests/wp_plugin/dynamic.i:80: Calls (for bhv1) h1 h2 h0
+[wp] tests/wp_plugin/dynamic.i:80: Calls (for bhv0) h1 h2 h0
+[wp] tests/wp_plugin/dynamic.i:89: Calls h1
+[wp] tests/wp_plugin/dynamic.i:102: Calls unreachable_g
[wp:calls] Dynamic call(s): 6.
-[wp] tests/wp_plugin/dynamic.i:78: Warning: Missing 'calls' for default behavior
[wp] Warning: Missing RTE guards
-------------------------------------------------------------
- Function behavior with behavior bhv1
-------------------------------------------------------------
-
-Goal Call point h1 h2 in 'behavior' at instruction (file tests/wp_plugin/dynamic.i, line 65):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 62) in 'behavior' (1/2):
-Tags: Call h1.
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 62) in 'behavior' (2/2):
-Tags: Call h2.
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (1/2):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (2/2):
-Call Effect at line 65
-Tags: Call h2.
-Prove: true.
+[wp] tests/wp_plugin/dynamic.i:80: Warning: Missing 'calls' for default behavior
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (1/4):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (2/4):
-Call Effect at line 65
-Tags: Call h2.
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (3/4):
-Call Result at line 65
-Tags: Call h1.
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 61) in 'behavior' (4/4):
-Call Result at line 65
-Tags: Call h2.
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function call
-------------------------------------------------------------
-
-Goal Call point f1 f2 in 'call' at instruction (file tests/wp_plugin/dynamic.i, line 30):
+Goal Call point f1 f2 in 'call' at instruction (file tests/wp_plugin/dynamic.i, line 32):
Let a = Mptr_0[shiftfield_F1_S_f(closure_0)].
Let a_1 = global(G_f2_30).
Let a_2 = global(G_f1_22).
@@ -90,19 +29,19 @@ Prove: (a = a_2) \/ (a = a_1).
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 26) in 'call' (1/2):
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 28) in 'call' (1/2):
Tags: Call f1.
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 26) in 'call' (2/2):
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 28) in 'call' (2/2):
Tags: Call f2.
Prove: true.
------------------------------------------------------------
-Goal Instance of 'Pre-condition (file tests/wp_plugin/dynamic.i, line 10) in 'f1'' in 'call' at instruction (file tests/wp_plugin/dynamic.i, line 30)
+Goal Instance of 'Pre-condition (file tests/wp_plugin/dynamic.i, line 12) in 'f1'' in 'call' at instruction (file tests/wp_plugin/dynamic.i, line 32)
:
Tags: Call f1.
Let x = Mint_0[shiftfield_F1_S_param(closure_0)].
@@ -119,125 +58,154 @@ Assume {
Prove: ((-10) <= x) /\ (x <= 10).
------------------------------------------------------------
+
+Goal Call point h1 h2 in 'behavior' at instruction (file tests/wp_plugin/dynamic.i, line 67):
+Assume { (* Heap *) Type: region(p.base) <= 0. }
+Prove: (global(G_h1_61) = p) \/ (global(G_h2_67) = p).
+
------------------------------------------------------------
- Function guarded_call
+
+Goal Call point h1 h2 in 'behavior' at instruction (file tests/wp_plugin/dynamic.i, line 67):
+Prove: true.
+
------------------------------------------------------------
-Goal Call point g in 'guarded_call' at instruction (file tests/wp_plugin/dynamic.i, line 44):
+Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 64) in 'behavior' (1/2):
+Tags: Call h1.
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 38) in 'guarded_call' (1/2):
-Assume {
- Type: is_sint32(X).
- (* Heap *)
- Type: (region(p.base) <= 0) /\ framed(Mptr_0).
- (* Goal *)
- When: Mptr_0[shiftfield_F1_S_f(p)] = global(0).
- (* Else *)
- Have: G_g_48 = 0.
-}
-Prove: X = 1.
+Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 64) in 'behavior' (2/2):
+Tags: Call h2.
+Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 38) in 'guarded_call' (2/2):
-Tags: Call g.
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (1/2):
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 39) in 'guarded_call' (1/2):
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (2/2):
+Call Effect at line 67
+Tags: Call h2.
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 39) in 'guarded_call' (2/2):
-Tags: Call g.
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (1/4):
Prove: true.
------------------------------------------------------------
+
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (2/4):
+Call Effect at line 67
+Tags: Call h2.
+Prove: true.
+
------------------------------------------------------------
- Function missing_context
+
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (3/4):
+Call Result at line 67
+Tags: Call h1.
+Prove: true.
+
------------------------------------------------------------
-Goal Call point h1 in 'missing_context' at instruction (file tests/wp_plugin/dynamic.i, line 87):
-Assume { (* Heap *) Type: region(p.base) <= 0. }
-Prove: global(G_h1_61) = p.
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 63) in 'behavior' (4/4):
+Call Result at line 67
+Tags: Call h2.
+Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 82) in 'missing_context':
-Tags: Call h1.
+Goal Call point h1 h2 h0 for bhv1 in 'some_behaviors' at instruction (file tests/wp_plugin/dynamic.i, line 80):
Prove: true.
------------------------------------------------------------
-Goal Assigns (file tests/wp_plugin/dynamic.i, line 83) in 'missing_context':
+Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 73) in 'some_behaviors' (1/3):
+Tags: Call h0.
Prove: true.
------------------------------------------------------------
-Goal Assigns (file tests/wp_plugin/dynamic.i, line 83) in 'missing_context' (1/2):
+Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 73) in 'some_behaviors' (2/3):
+Tags: Call h2.
Prove: true.
------------------------------------------------------------
-Goal Assigns (file tests/wp_plugin/dynamic.i, line 83) in 'missing_context' (2/2):
-Call Result at line 87
+Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 73) in 'some_behaviors' (3/3):
Tags: Call h1.
Prove: true.
------------------------------------------------------------
-------------------------------------------------------------
- Function no_call
+
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (1/2):
+Prove: true.
+
------------------------------------------------------------
-Goal Call point unreachable_g in 'no_call' at instruction (file tests/wp_plugin/dynamic.i, line 100):
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (2/2):
+Call Effect at line 80
+Tags: Call h2.
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 94) in 'no_call' (1/2):
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (1/5):
Prove: true.
------------------------------------------------------------
-Goal Post-condition (file tests/wp_plugin/dynamic.i, line 94) in 'no_call' (2/2):
-Tags: Call unreachable_g.
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (2/5):
+Call Effect at line 80
+Tags: Call h2.
Prove: true.
------------------------------------------------------------
-Goal Instance of 'Pre-condition (file tests/wp_plugin/dynamic.i, line 91) in 'unreachable_g'' in 'no_call' at instruction (file tests/wp_plugin/dynamic.i, line 100)
-:
-Tags: Call unreachable_g.
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (3/5):
+Call Result at line 80
+Tags: Call h0.
Prove: true.
------------------------------------------------------------
+
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (4/5):
+Call Result at line 80
+Tags: Call h2.
+Prove: true.
+
------------------------------------------------------------
- Function some_behaviors with behavior bhv0
+
+Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 72) in 'some_behaviors' (5/5):
+Call Result at line 80
+Tags: Call h1.
+Prove: true.
+
------------------------------------------------------------
-Goal Call point h1 h2 h0 for bhv0 in 'some_behaviors' at instruction (file tests/wp_plugin/dynamic.i, line 78):
+Goal Call point h1 h2 h0 for bhv0 in 'some_behaviors' at instruction (file tests/wp_plugin/dynamic.i, line 80):
Prove: true.
------------------------------------------------------------
-Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 75) in 'some_behaviors' (1/3):
+Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 77) in 'some_behaviors' (1/3):
Tags: Call h0.
Prove: true.
------------------------------------------------------------
-Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 75) in 'some_behaviors' (2/3):
+Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 77) in 'some_behaviors' (2/3):
Tags: Call h2.
Prove: true.
------------------------------------------------------------
-Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 75) in 'some_behaviors' (3/3):
+Goal Post-condition for 'bhv0' (file tests/wp_plugin/dynamic.i, line 77) in 'some_behaviors' (3/3):
Tags: Call h1.
Prove: true.
@@ -249,14 +217,14 @@ Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (2/3):
-Call Effect at line 78
+Call Effect at line 80
Tags: Call h2.
Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (3/3):
-Call Effect at line 78
+Call Effect at line 80
Tags: Call h1.
Prove: true.
@@ -268,126 +236,102 @@ Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (2/6):
-Call Effect at line 78
+Call Effect at line 80
Tags: Call h2.
Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (3/6):
-Call Effect at line 78
+Call Effect at line 80
Tags: Call h1.
Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (4/6):
-Call Result at line 78
+Call Result at line 80
Tags: Call h0.
Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (5/6):
-Call Result at line 78
+Call Result at line 80
Tags: Call h2.
Prove: true.
------------------------------------------------------------
Goal Assigns for 'bhv0' nothing in 'some_behaviors' (6/6):
-Call Result at line 78
+Call Result at line 80
Tags: Call h1.
Prove: true.
-------------------------------------------------------------
-------------------------------------------------------------
- Function some_behaviors with behavior bhv1
-------------------------------------------------------------
-
-Goal Call point h1 h2 h0 for bhv1 in 'some_behaviors' at instruction (file tests/wp_plugin/dynamic.i, line 78):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 71) in 'some_behaviors' (1/3):
-Tags: Call h0.
-Prove: true.
-
------------------------------------------------------------
-Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 71) in 'some_behaviors' (2/3):
-Tags: Call h2.
-Prove: true.
+Goal Call point h1 in 'missing_context' at instruction (file tests/wp_plugin/dynamic.i, line 89):
+Assume { (* Heap *) Type: region(p.base) <= 0. }
+Prove: global(G_h1_61) = p.
------------------------------------------------------------
-Goal Post-condition for 'bhv1' (file tests/wp_plugin/dynamic.i, line 71) in 'some_behaviors' (3/3):
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 84) in 'missing_context':
Tags: Call h1.
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (1/2):
+Goal Assigns (file tests/wp_plugin/dynamic.i, line 85) in 'missing_context':
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (2/2):
-Call Effect at line 78
-Tags: Call h2.
+Goal Assigns (file tests/wp_plugin/dynamic.i, line 85) in 'missing_context' (1/2):
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (1/5):
+Goal Assigns (file tests/wp_plugin/dynamic.i, line 85) in 'missing_context' (2/2):
+Call Result at line 89
+Tags: Call h1.
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (2/5):
-Call Effect at line 78
-Tags: Call h2.
+Goal Call point unreachable_g in 'no_call' at instruction (file tests/wp_plugin/dynamic.i, line 102):
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (3/5):
-Call Result at line 78
-Tags: Call h0.
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 96) in 'no_call' (1/2):
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (4/5):
-Call Result at line 78
-Tags: Call h2.
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 96) in 'no_call' (2/2):
+Tags: Call unreachable_g.
Prove: true.
------------------------------------------------------------
-Goal Assigns for 'bhv1' (file tests/wp_plugin/dynamic.i, line 70) in 'some_behaviors' (5/5):
-Call Result at line 78
-Tags: Call h1.
+Goal Instance of 'Pre-condition (file tests/wp_plugin/dynamic.i, line 93) in 'unreachable_g'' in 'no_call' at instruction (file tests/wp_plugin/dynamic.i, line 102)
+:
+Tags: Call unreachable_g.
Prove: true.
------------------------------------------------------------
-[wp] tests/wp_plugin/dynamic.i:41: Warning:
- Memory model hypotheses for function 'guarded_call':
- /*@ behavior wp_typed:
- requires \separated(p, &X); */
- void guarded_call(struct S *p);
-[wp] tests/wp_plugin/dynamic.i:63: Warning:
+[wp] tests/wp_plugin/dynamic.i:65: Warning:
Memory model hypotheses for function 'behavior':
/*@ behavior wp_typed:
requires \separated(p + (..), &X1); */
int behavior(int (*p)(void));
-[wp] tests/wp_plugin/dynamic.i:76: Warning:
+[wp] tests/wp_plugin/dynamic.i:78: Warning:
Memory model hypotheses for function 'some_behaviors':
/*@ behavior wp_typed:
requires \separated(p + (..), &X1); */
int some_behaviors(int (*p)(void));
-[wp] tests/wp_plugin/dynamic.i:85: Warning:
+[wp] tests/wp_plugin/dynamic.i:87: Warning:
Memory model hypotheses for function 'missing_context':
/*@ behavior wp_typed:
requires \separated(p, &X1); */
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/dynamic.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.1.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..294cb705e413a767e7b09f89c90468dfbc9b1b43
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle/dynamic.1.res.oracle
@@ -0,0 +1,161 @@
+# frama-c -wp -wp-no-let [...]
+[kernel] Parsing tests/wp_plugin/dynamic.i (no preprocessing)
+[wp] Running WP plugin...
+[wp:calls] Computing dynamic calls.
+[wp] tests/wp_plugin/dynamic.i:32: Calls f1 f2
+[wp] tests/wp_plugin/dynamic.i:46: Calls g
+[wp] tests/wp_plugin/dynamic.i:67: Calls h1 h2
+[wp] tests/wp_plugin/dynamic.i:80: Calls (for bhv1) h1 h2 h0
+[wp] tests/wp_plugin/dynamic.i:80: Calls (for bhv0) h1 h2 h0
+[wp] tests/wp_plugin/dynamic.i:89: Calls h1
+[wp] tests/wp_plugin/dynamic.i:102: Calls unreachable_g
+[wp:calls] Dynamic call(s): 6.
+[wp] Warning: Missing RTE guards
+
+Goal Call point g in 'guarded_call' at instruction (file tests/wp_plugin/dynamic.i, line 46):
+Let a = shiftfield_F1_S_f(p).
+Let a_1 = Mptr_1[a].
+Let a_2 = global(G_g_48).
+Assume {
+ Type: is_sint32(X).
+ (* Heap *)
+ Type: (region(p_1.base) <= 0) /\ framed(Mptr_1) /\ is_sint32(X).
+ Have: p = p_1.
+ (* Pre-condition *)
+ Have: (a_1 = a_2) \/ (a_1 = null).
+ (* Pre-condition *)
+ Have: (a_1 = a_2) \/ (a_1 = null).
+ (* Then *)
+ Have: a_1 != null.
+ Have: Mptr_1 = Mptr_0.
+}
+Prove: Mptr_0[a] = a_2.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 40) in 'guarded_call' (1/2):
+Let a = Mptr_0[shiftfield_F1_S_f(p_1)].
+Let a_1 = global(G_g_48).
+Assume {
+ Type: is_sint32(X_1) /\ is_sint32(X).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ framed(Mptr_0) /\ is_sint32(X_1).
+ (* Goal *)
+ When: Mptr_1[shiftfield_F1_S_f(p)] = a_1.
+ Have: (X_2 = X_1) /\ (p_1 = p).
+ (* Pre-condition *)
+ Have: (a = a_1) \/ (a = null).
+ (* Pre-condition *)
+ Have: (a = a_1) \/ (a = null).
+ (* Frame In *)
+ Have: (ta_p_0=true).
+ (* Else *)
+ Have: a = null.
+ Have: (Mptr_0 = Mptr_1) /\ (X_2 = X) /\ ((ta_p_0=true) <-> (ta_p_1=true)).
+ (* Frame Out *)
+ Have: (ta_p_1=true).
+}
+Prove: X = 1.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 40) in 'guarded_call' (2/2):
+Tags: Call g.
+Let a = shiftfield_F1_S_f(p_1).
+Let a_1 = global(G_g_48).
+Let a_2 = Mptr_0[a].
+Assume {
+ Type: is_sint32(X_1) /\ is_sint32(X).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ framed(Mptr_0) /\ is_sint32(X_1).
+ (* Goal *)
+ When: Mptr_1[shiftfield_F1_S_f(p)] = a_1.
+ Have: p_1 = p.
+ (* Pre-condition *)
+ Have: (a_2 = a_1) \/ (a_2 = null).
+ (* Pre-condition *)
+ Have: (a_2 = a_1) \/ (a_2 = null).
+ (* Frame In *)
+ Have: (ta_p_0=true).
+ (* Then *)
+ Have: a_2 != null.
+ Have: (Mptr_0 = Mptr_2) /\ ((ta_p_0=true) <-> (ta_p_1=true)).
+ Have: Mptr_2 = Mptr_1.
+ (* Instance of 'g' *)
+ (* Call point g *)
+ Have: Mptr_2[a] = a_1.
+ Have: (ta_p_1=true) <-> (ta_p_2=true).
+ (* Call 'g' *)
+ Have: X = 1.
+ (* Frame Out *)
+ Have: (ta_p_2=true).
+}
+Prove: X = 1.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 41) in 'guarded_call' (1/2):
+Let a = Mptr_0[shiftfield_F1_S_f(p_1)].
+Let a_1 = global(G_g_48).
+Assume {
+ Type: is_sint32(X_1) /\ is_sint32(X).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ framed(Mptr_0) /\ is_sint32(X_1).
+ (* Goal *)
+ When: Mptr_1[shiftfield_F1_S_f(p)] = null.
+ Have: (X_2 = X_1) /\ (p_1 = p).
+ (* Pre-condition *)
+ Have: (a = a_1) \/ (a = null).
+ (* Pre-condition *)
+ Have: (a = a_1) \/ (a = null).
+ (* Frame In *)
+ Have: (ta_p_0=true).
+ (* Else *)
+ Have: a = null.
+ Have: (Mptr_0 = Mptr_1) /\ (X_2 = X) /\ ((ta_p_0=true) <-> (ta_p_1=true)).
+ (* Frame Out *)
+ Have: (ta_p_1=true).
+}
+Prove: X = X_1.
+
+------------------------------------------------------------
+
+Goal Post-condition (file tests/wp_plugin/dynamic.i, line 41) in 'guarded_call' (2/2):
+Tags: Call g.
+Let a = shiftfield_F1_S_f(p_1).
+Let a_1 = global(G_g_48).
+Let a_2 = Mptr_0[a].
+Assume {
+ Type: is_sint32(X_1) /\ is_sint32(X).
+ (* Heap *)
+ Type: (region(p.base) <= 0) /\ framed(Mptr_0) /\ is_sint32(X_1).
+ (* Goal *)
+ When: Mptr_1[shiftfield_F1_S_f(p)] = null.
+ Have: p_1 = p.
+ (* Pre-condition *)
+ Have: (a_2 = a_1) \/ (a_2 = null).
+ (* Pre-condition *)
+ Have: (a_2 = a_1) \/ (a_2 = null).
+ (* Frame In *)
+ Have: (ta_p_0=true).
+ (* Then *)
+ Have: a_2 != null.
+ Have: (Mptr_0 = Mptr_2) /\ ((ta_p_0=true) <-> (ta_p_1=true)).
+ Have: Mptr_2 = Mptr_1.
+ (* Instance of 'g' *)
+ (* Call point g *)
+ Have: Mptr_2[a] = a_1.
+ Have: (ta_p_1=true) <-> (ta_p_2=true).
+ (* Call 'g' *)
+ Have: X = 1.
+ (* Frame Out *)
+ Have: (ta_p_2=true).
+}
+Prove: X = X_1.
+
+------------------------------------------------------------
+[wp] tests/wp_plugin/dynamic.i:43: Warning:
+ Memory model hypotheses for function 'guarded_call':
+ /*@ behavior wp_typed:
+ requires \separated(p, &X); */
+ void guarded_call(struct S *p);
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/flash.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/flash.0.res.oracle
index d987807fecd4c5359e3a5c1fecdcf86b1f1df7f9..f10a2975696353c345b3713d2f608d69fa9dee01 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/flash.0.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/flash.0.res.oracle
@@ -27,16 +27,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 1.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 2.
+Let x_6 = RD_time_0 - 2.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_5) /\
- is_sint32(x_7) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_5) /\
+ is_sint32(x_6) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
is_sint32(x_1) /\ is_sint32(x_2).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = L_INDEX_init) /\
- (L_OBSERVER(x_6) = nil) /\ (L_RD_current(x_7) = L_INDEX_init).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = L_INDEX_init.
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = L_INDEX_init.
(* Call 'RD' *)
Have: (a_5 = a_8) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, L_RD_access(L_INDEX_init, a))
@@ -71,16 +74,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 1.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 2.
+Let x_6 = RD_time_0 - 2.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_5) /\
- is_sint32(x_7) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_5) /\
+ is_sint32(x_6) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
is_sint32(x_1) /\ is_sint32(x_2).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = L_INDEX_init) /\
- (L_OBSERVER(x_6) = nil) /\ (L_RD_current(x_7) = L_INDEX_init).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = L_INDEX_init.
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = L_INDEX_init.
(* Call 'RD' *)
Have: (a_5 = a_8) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, L_RD_access(L_INDEX_init, a))
@@ -115,16 +121,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 2.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 3.
+Let x_6 = RD_time_0 - 3.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_7) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_6) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = L_INDEX_init) /\
- (L_OBSERVER(x_6) = nil) /\ (L_RD_current(x_7) = L_INDEX_init).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = L_INDEX_init.
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = L_INDEX_init.
(* Call 'RD' *)
Have: (a_5 = a_8) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, L_RD_access(L_INDEX_init, a))
@@ -159,16 +168,19 @@ Let x_4 = RD_time_0 - 2.
Let a_7 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
Let x_6 = L_RD_value(a, L_RD_access(L_INDEX_init, a)).
-Let x_7 = OBSERVER_time_0 - 3.
-Let x_8 = RD_time_0 - 3.
+Let x_7 = RD_time_0 - 3.
+Let x_8 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_8) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_8) /\ is_sint32(x_7) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = L_INDEX_init) /\
- (L_OBSERVER(x_7) = nil) /\ (L_RD_current(x_8) = L_INDEX_init).
+ Have: L_OBSERVER(x_8) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_7) = L_INDEX_init.
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = L_INDEX_init.
(* Call 'RD' *)
Have: (a_5 = a_7) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((x_6 + L_RD_value(a_2, L_RD_access(a_7, a_2)))
@@ -203,16 +215,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 2.
Let a_7 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 3.
+Let x_6 = RD_time_0 - 3.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_7) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_6) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = L_INDEX_init) /\
- (L_OBSERVER(x_6) = nil) /\ (L_RD_current(x_7) = L_INDEX_init).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = L_INDEX_init.
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = L_INDEX_init.
(* Call 'RD' *)
Have: (a_5 = a_7) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, L_RD_access(L_INDEX_init, a))
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/flash.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/flash.1.res.oracle
index 31d6bb17966eb81c3efddb017b847781a52d9709..c950a9aa736eb06882c3ab745e4bc63ca7df5604 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/flash.1.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/flash.1.res.oracle
@@ -29,16 +29,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 1.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 2.
+Let x_6 = RD_time_0 - 2.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_5) /\
- is_sint32(x_7) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_5) /\
+ is_sint32(x_6) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
is_sint32(x_1) /\ is_sint32(x_2).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = const(0)) /\ (L_OBSERVER(x_6) = nil) /\
- (L_RD_current(x_7) = const(0)).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = const(0).
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = const(0).
(* Call 'RD' *)
Have: (a_8 = a_5) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, (const(0))[a]) + L_RD_value(a_2, (a_8)[a_2]))
@@ -72,16 +75,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 1.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 2.
+Let x_6 = RD_time_0 - 2.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_5) /\
- is_sint32(x_7) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_5) /\
+ is_sint32(x_6) /\ is_sint32(x_3) /\ is_sint32(x_4) /\ is_sint32(x) /\
is_sint32(x_1) /\ is_sint32(x_2).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = const(0)) /\ (L_OBSERVER(x_6) = nil) /\
- (L_RD_current(x_7) = const(0)).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = const(0).
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = const(0).
(* Call 'RD' *)
Have: (a_8 = a_5) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, (const(0))[a]) + L_RD_value(a_2, (a_8)[a_2]))
@@ -115,16 +121,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 2.
Let a_8 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 3.
+Let x_6 = RD_time_0 - 3.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_7) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_6) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = const(0)) /\ (L_OBSERVER(x_6) = nil) /\
- (L_RD_current(x_7) = const(0)).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = const(0).
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = const(0).
(* Call 'RD' *)
Have: (a_8 = a_5) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, (const(0))[a]) + L_RD_value(a_2, (a_8)[a_2]))
@@ -158,16 +167,19 @@ Let x_4 = RD_time_0 - 2.
Let a_7 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
Let x_6 = L_RD_value(a, (const(0))[a]).
-Let x_7 = OBSERVER_time_0 - 3.
-Let x_8 = RD_time_0 - 3.
+Let x_7 = RD_time_0 - 3.
+Let x_8 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_8) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_8) /\ is_sint32(x_7) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = const(0)) /\ (L_OBSERVER(x_7) = nil) /\
- (L_RD_current(x_8) = const(0)).
+ Have: L_OBSERVER(x_8) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_7) = const(0).
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = const(0).
(* Call 'RD' *)
Have: (a_7 = a_5) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((x_6 + L_RD_value(a_2, (a_7)[a_2])) = L_WR_value(a_2, (const(0))[a_2])).
@@ -200,16 +212,19 @@ Let x_3 = OBSERVER_time_0 - 1.
Let x_4 = RD_time_0 - 2.
Let a_7 = L_RD_current(x_4).
Let x_5 = OBSERVER_time_0 - 2.
-Let x_6 = OBSERVER_time_0 - 3.
-Let x_7 = RD_time_0 - 3.
+Let x_6 = RD_time_0 - 3.
+Let x_7 = OBSERVER_time_0 - 3.
Assume {
Type: is_sint32(OBSERVER_time_0) /\ is_sint32(RD_time_0) /\
- is_sint32(WR_time_0) /\ is_sint32(x_6) /\ is_sint32(x_7) /\
+ is_sint32(WR_time_0) /\ is_sint32(x_7) /\ is_sint32(x_6) /\
is_sint32(x_5) /\ is_sint32(x_4) /\ is_sint32(x_3) /\ is_sint32(x_2) /\
is_sint32(x) /\ is_sint32(x_1).
(* Pre-condition *)
- Have: (L_WR_current(WR_time_0) = const(0)) /\ (L_OBSERVER(x_6) = nil) /\
- (L_RD_current(x_7) = const(0)).
+ Have: L_OBSERVER(x_7) = nil.
+ (* Pre-condition *)
+ Have: L_RD_current(x_6) = const(0).
+ (* Pre-condition *)
+ Have: L_WR_current(WR_time_0) = const(0).
(* Call 'RD' *)
Have: (a_7 = a_5) /\ (L_OBSERVER(x_5) = [ a_1 ]) /\
((L_RD_value(a, (const(0))[a]) + L_RD_value(a_2, (a_7)[a_2]))
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/float_real.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/float_real.0.res.oracle
index 39e9f3d83596b5d28e157b5556f5c0450b7badb0..7925fe574f94b73f177e4cb58eda070ae382061b 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/float_real.0.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/float_real.0.res.oracle
@@ -15,10 +15,10 @@ Assume {
If x < ((1.0/100000) + y)
Then {
If y < ((1.0/100000) + x)
- Then { (* Return *) Have: dequal_0 = 1. }
- Else { (* Return *) Have: dequal_0 = 0. }
+ Then { Have: dequal_0 = 1. }
+ Else { Have: dequal_0 = 0. }
}
- Else { (* Return *) Have: dequal_0 = 0. }
+ Else { Have: dequal_0 = 0. }
}
Prove: (abs_real(x - y) < (1.0/100000)) <-> (dequal_0 != 0).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/float_real.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/float_real.1.res.oracle
index acae1296cda548c49122e49e55befe3e44cd1d16..fcf6b16825571012a6242700f16831786af9bcda 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/float_real.1.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/float_real.1.res.oracle
@@ -17,10 +17,10 @@ Assume {
Then {
If lt_f64(to_f64((-5902958103587057.0/590295810358705651712)),
sub_f64(x, y))
- Then { (* Return *) Have: dequal_0 = 1. }
- Else { (* Return *) Have: dequal_0 = 0. }
+ Then { Have: dequal_0 = 1. }
+ Else { Have: dequal_0 = 0. }
}
- Else { (* Return *) Have: dequal_0 = 0. }
+ Else { Have: dequal_0 = 0. }
}
Prove: (abs_real(of_f64(x) - of_f64(y)) < (1.0/100000)) <-> (dequal_0 != 0).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/inductive.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/inductive.res.oracle
index 56fce1fae014c63f99ea466d2d9e3981f3f7ea77..fe8a7c1947e4626c25d6564d6c9fc01af77c1fba 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/inductive.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/inductive.res.oracle
@@ -28,9 +28,9 @@
Require Import Qed.
Require Import Memory.
- Definition shift_sint32 (p : addr) (k : Z) : addr := (shift p k%Z).
-
Definition shiftfield_F1__list_next (p : addr) : addr := (shift p 1%Z).
+
+ Definition shift_sint32 (p : addr) (k : Z) : addr := (shift p k%Z).
[wp:print-generated]
"WPOUT/typed/lemma_test_Coq.v"
(* ---------------------------------------------------------- *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
index 42f63d8aedbeb628172cc98d3ac216fdde2e2b4e..3c8dd80d4597e2df725575fe65b6684863573335 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/loop.res.oracle
@@ -17,7 +17,9 @@ Assume {
(* Goal *)
When: (i_1 <= b) /\ (a <= i_1) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'qed_ok' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(t, i_2)] = e))).
@@ -39,7 +41,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'qed_ok' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)] = e))).
@@ -58,7 +62,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
+ Have: valid_rw(Malloc_0, shift_sint32(t, a), 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
}
Prove: a <= (1 + b).
@@ -75,7 +81,9 @@ Assume {
(* Goal *)
When: (a <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'qed_ok' *)
Have: forall i_2 : Z. ((a <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(t, i_2)] = e))).
@@ -116,7 +124,9 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
(* Invariant 'qed_ok' *)
Have: forall i_1 : Z. ((a <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, i - a)[shift_sint32(t, i_1)] = e))).
@@ -140,7 +150,9 @@ Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (a <= b) /\ valid_rw(Malloc_0, a_1, 1 + b - a).
+ Have: valid_rw(Malloc_0, a_1, 1 + b - a).
+ (* Pre-condition *)
+ Have: a <= b.
}
Prove: i <= (1 + b).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
index 0697c55a730d66e76ef9f11d90bfc7c1664240ff..f921ae4ce125d33e1ffdf74c9a30509986096d67 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/prenex.res.oracle
@@ -34,10 +34,9 @@ Assume {
Have: i_1 = i.
(* Then *)
Have: Mint_0[shift_sint32(q, j)] <= x.
- (* Return *)
Have: diag_0 = 0.
}
- Else { (* Return *) Have: diag_0 = 1. }
+ Else { Have: diag_0 = 1. }
}
Prove: (forall i_2 : Z. ((0 <= i_2) -> ((i_2 < n) ->
(forall i_3 : Z. ((0 <= i_3) -> ((i_3 < m) ->
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
index 02280de6dca96be0cbd3c7204c43b7f3599919be..c7250d7a7f3ae9c3f49932ff276435874024b1c0 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/repeat.res.oracle
@@ -20,7 +20,9 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: L_sequence(calls_0) = nil.
(* Invariant *)
Have: ([ 1, 2 ] *^ i) = a.
(* Invariant *)
@@ -51,7 +53,9 @@ Assume {
(* Heap *)
Type: is_sint32(calls_1).
(* Pre-condition *)
- Have: (L_sequence(calls_1) = nil) /\ (0 <= n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: L_sequence(calls_1) = nil.
(* Invariant *)
Have: (a_2 *^ i) = a.
(* Invariant *)
@@ -124,7 +128,9 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
@@ -147,7 +153,9 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
@@ -180,7 +188,9 @@ Assume {
(* Heap *)
Type: is_sint32(calls_0).
(* Pre-condition *)
- Have: (L_sequence(calls_0) = nil) /\ (0 <= n).
+ Have: 0 <= n.
+ (* Pre-condition *)
+ Have: L_sequence(calls_0) = nil.
(* Call 'f' *)
Have: L_sequence(calls_1) = [ 1 ].
(* Invariant *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
index 62b9c9001fa65dc0a6ae6d537f6b888a6043b3b8..1fd2d32b881e58611c6a586443b88e5c4c5206ba 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/sequence.res.oracle
@@ -278,7 +278,7 @@ Goal Post-condition 'ok,m2' in 'no_calls':
Assume {
(* Heap *)
Type: is_sint32(call_seq_0).
- (* Pre-condition *)
+ (* Pre-condition 'init' *)
Have: L_call_obs(call_seq_0) = nil.
}
Prove: length(L_call_nil) = 0.
@@ -294,7 +294,7 @@ Goal Post-condition 'ok,n2' in 'no_calls':
Assume {
(* Heap *)
Type: is_sint32(call_seq_0).
- (* Pre-condition *)
+ (* Pre-condition 'init' *)
Have: L_call_obs(call_seq_0) = nil.
}
Prove: L_call_nil = nil.
@@ -305,7 +305,7 @@ Goal Post-condition 'ok,n3' in 'no_calls':
Assume {
(* Heap *)
Type: is_sint32(call_seq_0).
- (* Pre-condition *)
+ (* Pre-condition 'init' *)
Have: L_call_obs(call_seq_0) = nil.
}
Prove: L_call_nil = nil.
@@ -319,7 +319,7 @@ Assume {
Type: is_sint32(call_seq_0).
(* Goal *)
When: 0 <= a.
- (* Pre-condition *)
+ (* Pre-condition 'init' *)
Have: L_call_obs(call_seq_0) = nil.
}
Prove: (L_call_nil = nil) \/ (a <= 0).
@@ -336,7 +336,7 @@ Assume {
Type: is_sint32(a).
(* Heap *)
Type: is_sint32(call_seq_0).
- (* Pre-condition *)
+ (* Pre-condition 'init' *)
Have: L_call_obs(call_seq_0) = nil.
}
Prove: (L_call_nil = nil) \/ (a <= 0).
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/stmt.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/stmt.res.oracle
deleted file mode 100644
index 124de2a508dcfec3122dac00f791189e6a0e4d25..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle/stmt.res.oracle
+++ /dev/null
@@ -1,141 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_plugin/stmt.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] [CFG] Goal f_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_assigns : Valid (Unreachable)
-[wp] [CFG] Goal g_ensures : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_assigns : Valid (Unreachable)
-[wp] [CFG] Goal h_ensures : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
-------------------------------------------------------------
- Function f
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_plugin/stmt.c, line 10) in 'f':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_plugin/stmt.c, line 11) in 'f':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion (file tests/wp_plugin/stmt.c, line 16):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_2
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_plugin/stmt.c, line 17) at block:
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assigns (file tests/wp_plugin/stmt.c, line 21) at block:
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function g
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_plugin/stmt.c, line 27) in 'g':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion (file tests/wp_plugin/stmt.c, line 32):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function h
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_plugin/stmt.c, line 40) in 'h':
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion (generated):
-Prove: true.
-
-------------------------------------------------------------
-
-Goal Assertion (generated):
-Prove: true.
-
-------------------------------------------------------------
-[report] Computing properties status...
-
---------------------------------------------------------------------------------
---- Properties of Function 'f'
---------------------------------------------------------------------------------
-
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 15) at block
- by Unreachable Annotations.
-[ Partial ] Return-condition (file tests/wp_plugin/stmt.c, line 16) at block
- By Frama-C kernel, with pending:
- - Assertion (file tests/wp_plugin/stmt.c, line 16)
-[ - ] Default behavior at block
- tried with Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Properties of Function 'g'
---------------------------------------------------------------------------------
-
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 31) at block
- by Unreachable Annotations.
-[ Valid ] Return-condition (file tests/wp_plugin/stmt.c, line 32) at block
- by Unreachable Annotations.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 33) at block
- by Unreachable Annotations.
-[ Valid ] Assigns (file tests/wp_plugin/stmt.c, line 36) at block
- by Unreachable Annotations.
-[ Valid ] Default behavior at block
- by Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Properties of Function 'h'
---------------------------------------------------------------------------------
-
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 43) at block
- by Unreachable Annotations.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 44) at block
- by Unreachable Annotations.
-[ Partial ] Return-condition for 'POS' (file tests/wp_plugin/stmt.c, line 48) at block
- By Frama-C kernel, with pending:
- - Assertion (generated)
- - Assertion (generated)
-[ Partial ] Return-condition for 'NEG' (file tests/wp_plugin/stmt.c, line 51) at block
- By Frama-C kernel, with pending:
- - Assertion (generated)
- - Assertion (generated)
-[ Valid ] Assigns (file tests/wp_plugin/stmt.c, line 53) at block
- by Unreachable Annotations.
-[ Partial ] Behavior 'NEG' at block
- By Frama-C kernel, with pending:
- - Assertion (generated)
- - Assertion (generated)
-[ Partial ] Behavior 'POS' at block
- By Frama-C kernel, with pending:
- - Assertion (generated)
- - Assertion (generated)
-[ Valid ] Default behavior at block
- by Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Status Report Summary
---------------------------------------------------------------------------------
- 10 Completely validated
- 5 Locally validated
- 1 To be validated
- 16 Total
---------------------------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
index 1774140d9e302ec8df478218bdb65ad6665dd498..4ec695d3836684961abb135cd11f669f2650370a 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/string_c.res.oracle
@@ -11,10 +11,12 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(a, n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
@@ -41,10 +43,12 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(a, n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
@@ -63,10 +67,12 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(shift_sint8(dest_0, 0), n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(shift_sint8(dest_0, 0), n, shift_sint8(src_0, 0), n).
}
Prove: 0 <= n.
@@ -83,10 +89,12 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < to_uint64(1 + i)).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(a, n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_1[shift_sint8(src_0, i_2)] = a_1[shift_sint8(dest_0, i_2)]))).
@@ -127,10 +135,12 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(a, n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
@@ -157,10 +167,12 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n) /\
- separated(a, n, shift_sint8(src_0, 0), n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'separation' *)
+ Have: separated(a, n, shift_sint8(src_0, 0), n).
(* Invariant 'no_eva' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(a_1[shift_sint8(src_0, i_1)] = a_1[shift_sint8(dest_0, i_1)]))).
@@ -185,9 +197,10 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
If n = 0
Then { Have: Mchar_1 = Mchar_0. }
Else {
@@ -256,9 +269,10 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -291,9 +305,10 @@ Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(n).
(* Heap *)
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -320,9 +335,10 @@ Assume {
sconst(Mchar_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 < to_uint64(1 + i)).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -366,9 +382,10 @@ Assume {
sconst(Mchar_0).
(* Goal *)
When: (i_1 < n) /\ (to_uint64(1 + i) <= i_1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -408,9 +425,10 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -443,9 +461,10 @@ Assume {
Type: is_sint32(memoverlap_0) /\ is_uint64(n).
(* Heap *)
Type: (region(d.base) <= 0) /\ (region(s.base) <= 0) /\ linked(Malloc_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -472,9 +491,10 @@ Assume {
sconst(Mchar_0).
(* Goal *)
When: (i_1 < n) /\ (to_uint64(i - 1) < i_1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -511,9 +531,10 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: (i < n) /\ (to_uint64(n - 1) < i).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -541,9 +562,10 @@ Assume {
sconst(Mchar_0).
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= to_uint64(i - 1)).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, s, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, s, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -598,9 +620,10 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -650,9 +673,10 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: !invalid(Malloc_0, a_3, 1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -724,9 +748,10 @@ Assume {
linked(Malloc_0) /\ sconst(Mchar_0).
(* Goal *)
When: !invalid(Malloc_0, a, 1).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, d, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, d, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -767,9 +792,10 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
@@ -809,9 +835,10 @@ Assume {
(* Heap *)
Type: (region(dest_0.base) <= 0) /\ (region(src_0.base) <= 0) /\
linked(Malloc_0) /\ sconst(Mchar_0).
- (* Pre-condition *)
- Have: P_valid_or_empty(Malloc_0, dest_0, n) /\
- P_valid_read_or_empty(Malloc_0, src_0, n).
+ (* Pre-condition 'valid_dest' *)
+ Have: P_valid_or_empty(Malloc_0, dest_0, n).
+ (* Pre-condition 'valid_src' *)
+ Have: P_valid_read_or_empty(Malloc_0, src_0, n).
(* Else *)
Have: n != 0.
(* Call 'memoverlap' *)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
index 6dc9e4477f0be20ab5a90cccc8fdb9b063f53698..01b0645e8779e00d3aab5307d15d8715b489782a 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/unroll.res.oracle
@@ -13,7 +13,7 @@ Let a = shift_uint32(t, 0).
Assume {
(* Heap *)
Type: (region(t.base) <= 0) /\ linked(Malloc_0).
- (* Pre-condition *)
+ (* Pre-condition 'access' *)
Have: valid_rw(Malloc_0, a, 16).
}
Prove: P_zeroed(Mint_0[a <- 0][shift_uint32(t, 1) <- 0][shift_uint32(t, 2)
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/asm.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/asm.res.oracle
index 344e6b078479a4d7fdc25ab603de7bec24424f63..5b5b8be46902301c8719d8e7b41edd5c1b4d12fe 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/asm.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/asm.res.oracle
@@ -2,14 +2,13 @@
[kernel] Parsing tests/wp_plugin/asm.i (no preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-[wp] 3 goals scheduled
+[wp] 2 goals scheduled
[wp] [Qed] Goal typed_main_assert_OK : Valid
[wp] [Alt-Ergo] Goal typed_main_assert_KO : Unsuccess
-[wp] [Alt-Ergo] Goal typed_main_assigns : Unsuccess
-[wp] Proved goals: 1 / 3
+[wp] Proved goals: 1 / 2
Qed: 1
- Alt-Ergo: 0 (unsuccess: 2)
+ Alt-Ergo: 0 (unsuccess: 1)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- main 1 - 3 33.3%
+ main 1 - 2 50.0%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/cfg.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/cfg.res.oracle
index 65a2d69e16bdb23fa6a41746dccb152924467752..9fc9c79a7806a7a9fac3c119348f7adafa40e0b6 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/cfg.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/cfg.res.oracle
@@ -3,19 +3,18 @@
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
[wp] 5 goals scheduled
-[wp] [Qed] Goal typed_f1_ensures_BUG_WP : Valid
-[wp] [Qed] Goal typed_f1_simpler_ensures_BUG_WP : Valid
-[wp] [Qed] Goal typed_f1_variant_ensures_BUG_WP : Valid
+[wp] [Alt-Ergo] Goal typed_f1_ensures_BUG_LEGACY_WP : Unsuccess
+[wp] [Alt-Ergo] Goal typed_f1_simpler_ensures_BUG_LEGACY_WP : Unsuccess
+[wp] [Alt-Ergo] Goal typed_f1_variant_ensures_BUG_LEGACY_WP : Unsuccess
[wp] [Alt-Ergo] Goal typed_f1_variant_invert_ensures_FAILS_AS_EXPECTED : Unsuccess
-[wp] [Qed] Goal typed_f2_ensures_BUG_WP : Valid
-[wp] Proved goals: 4 / 5
- Qed: 4
- Alt-Ergo: 0 (unsuccess: 1)
+[wp] [Alt-Ergo] Goal typed_f2_ensures_BUG_LEGACY_WP : Unsuccess
+[wp] Proved goals: 0 / 5
+ Alt-Ergo: 0 (unsuccess: 5)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- f1 1 - 1 100%
- f1_simpler 1 - 1 100%
- f1_variant 1 - 1 100%
+ f1 - - 1 0.0%
+ f1_simpler - - 1 0.0%
+ f1_variant - - 1 0.0%
f1_variant_invert - - 1 0.0%
- f2 1 - 1 100%
+ f2 - - 1 0.0%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.0.res.oracle
similarity index 81%
rename from src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.res.oracle
rename to src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.0.res.oracle
index e3e408c44c11240b3f222cc20901d0fcf6b2d977..4b96070029b32419ab4077aca380740d96f34592 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.0.res.oracle
@@ -1,18 +1,14 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_plugin/dynamic.i (no preprocessing)
[wp] Running WP plugin...
-[wp] tests/wp_plugin/dynamic.i:78: Warning: Missing 'calls' for default behavior
[wp] Warning: Missing RTE guards
-[wp] 51 goals scheduled
+[wp] tests/wp_plugin/dynamic.i:80: Warning: Missing 'calls' for default behavior
+[wp] 47 goals scheduled
[wp] [Alt-Ergo] Goal typed_call_call_point_f1_f2_s3 : Valid
[wp] [Qed] Goal typed_call_ensures_part1 : Valid
[wp] [Qed] Goal typed_call_ensures_part2 : Valid
[wp] [Alt-Ergo] Goal typed_call_call_f1_requires : Valid
-[wp] [Qed] Goal typed_guarded_call_call_point_g_s9 : Valid
-[wp] [Alt-Ergo] Goal typed_guarded_call_ensures_part1 : Valid
-[wp] [Qed] Goal typed_guarded_call_ensures_part2 : Valid
-[wp] [Qed] Goal typed_guarded_call_ensures_2_part1 : Valid
-[wp] [Qed] Goal typed_guarded_call_ensures_2_part2 : Valid
+[wp] [Alt-Ergo] Goal typed_behavior_call_point_h1_h2_s15 : Unsuccess
[wp] [Qed] Goal typed_behavior_call_point_h1_h2_s15 : Valid
[wp] [Qed] Goal typed_behavior_bhv1_ensures_part1 : Valid
[wp] [Qed] Goal typed_behavior_bhv1_ensures_part2 : Valid
@@ -55,34 +51,28 @@
[wp] [Qed] Goal typed_no_call_ensures_part1 : Valid
[wp] [Qed] Goal typed_no_call_ensures_part2 : Valid
[wp] [Qed] Goal typed_no_call_call_unreachable_g_requires : Valid
-[wp] Proved goals: 50 / 51
- Qed: 47
- Alt-Ergo: 3 (unsuccess: 1)
+[wp] Proved goals: 45 / 47
+ Qed: 43
+ Alt-Ergo: 2 (unsuccess: 2)
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
call 2 2 4 100%
- guarded_call 4 1 5 100%
- behavior 9 - 9 100%
+ behavior 9 - 10 90.0%
some_behaviors 24 - 24 100%
missing_context 4 - 5 80.0%
no_call 4 - 4 100%
------------------------------------------------------------
-[wp] tests/wp_plugin/dynamic.i:41: Warning:
- Memory model hypotheses for function 'guarded_call':
- /*@ behavior wp_typed:
- requires \separated(p, &X); */
- void guarded_call(struct S *p);
-[wp] tests/wp_plugin/dynamic.i:63: Warning:
+[wp] tests/wp_plugin/dynamic.i:65: Warning:
Memory model hypotheses for function 'behavior':
/*@ behavior wp_typed:
requires \separated(p + (..), &X1); */
int behavior(int (*p)(void));
-[wp] tests/wp_plugin/dynamic.i:76: Warning:
+[wp] tests/wp_plugin/dynamic.i:78: Warning:
Memory model hypotheses for function 'some_behaviors':
/*@ behavior wp_typed:
requires \separated(p + (..), &X1); */
int some_behaviors(int (*p)(void));
-[wp] tests/wp_plugin/dynamic.i:85: Warning:
+[wp] tests/wp_plugin/dynamic.i:87: Warning:
Memory model hypotheses for function 'missing_context':
/*@ behavior wp_typed:
requires \separated(p, &X1); */
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.1.res.oracle
new file mode 100644
index 0000000000000000000000000000000000000000..b70a45ccfcdef5d54c73386c66afd2f71d0d5b0f
--- /dev/null
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/dynamic.1.res.oracle
@@ -0,0 +1,22 @@
+# frama-c -wp -wp-no-let [...]
+[kernel] Parsing tests/wp_plugin/dynamic.i (no preprocessing)
+[wp] Running WP plugin...
+[wp] Warning: Missing RTE guards
+[wp] 5 goals scheduled
+[wp] [Alt-Ergo] Goal typed_guarded_call_call_point_g_s9 : Valid
+[wp] [Alt-Ergo] Goal typed_guarded_call_ensures_part1 : Valid
+[wp] [Qed] Goal typed_guarded_call_ensures_part2 : Valid
+[wp] [Qed] Goal typed_guarded_call_ensures_2_part1 : Valid
+[wp] [Qed] Goal typed_guarded_call_ensures_2_part2 : Valid
+[wp] Proved goals: 5 / 5
+ Qed: 3
+ Alt-Ergo: 2
+------------------------------------------------------------
+ Functions WP Alt-Ergo Total Success
+ guarded_call 3 2 5 100%
+------------------------------------------------------------
+[wp] tests/wp_plugin/dynamic.i:43: Warning:
+ Memory model hypotheses for function 'guarded_call':
+ /*@ behavior wp_typed:
+ requires \separated(p, &X); */
+ void guarded_call(struct S *p);
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log b/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log
deleted file mode 100644
index fc376ede27e35a2ecf8fc9819774ab3bedbdae75..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.log
+++ /dev/null
@@ -1,22 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_plugin/stmt.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] [CFG] Goal f_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_assigns : Valid (Unreachable)
-[wp] [CFG] Goal g_ensures : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_assigns : Valid (Unreachable)
-[wp] [CFG] Goal h_ensures : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] CFG h -> h
-[wp] CFG h -> h_NEG_stmt_15
-[wp] CFG h -> h_POS_stmt_15
-[wp] CFG h -> h_default_for_stmt_15
-[wp] CFG g -> g
-[wp] CFG g -> g_default_for_stmt_11
-[wp] CFG f -> f
-[wp] CFG f -> f_default_for_stmt_2
-[wp] Warning: No goal generated
-[wp] Proved goals: 9 / 9
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.res.oracle
deleted file mode 100644
index 0d904ff5c08035bbca30031d490eb15e6ffdf0f0..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/stmt.res.oracle
+++ /dev/null
@@ -1,114 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_plugin/stmt.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] [CFG] Goal f_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal g_assigns : Valid (Unreachable)
-[wp] [CFG] Goal g_ensures : Valid (Unreachable)
-[wp] [CFG] Goal g_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] [CFG] Goal h_assigns : Valid (Unreachable)
-[wp] [CFG] Goal h_ensures : Valid (Unreachable)
-[wp] [CFG] Goal h_exits : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
-[wp] 10 goals scheduled
-[wp] [Qed] Goal typed_f_ensures : Valid
-[wp] [Qed] Goal typed_f_assigns : Valid
-[wp] [Qed] Goal typed_f_ensures_2 : Valid
-[wp] [Qed] Goal typed_f_ensures_3 : Valid
-[wp] [Qed] Goal typed_f_assert : Valid
-[wp] [Qed] Goal typed_g_ensures_2 : Valid
-[wp] [Qed] Goal typed_g_assert : Valid
-[wp] [Qed] Goal typed_h_ensures_2 : Valid
-[wp] [Qed] Goal typed_h_assert : Valid
-[wp] [Qed] Goal typed_h_assert_2 : Valid
-[wp] Proved goals: 19 / 19
- Qed: 10
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- f 5 - 5 100%
- g 2 - 2 100%
- h 3 - 3 100%
-------------------------------------------------------------
-[report] Computing properties status...
-
---------------------------------------------------------------------------------
---- Properties of Function 'f'
---------------------------------------------------------------------------------
-
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 10)
- by Wp.typed.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 11)
- by Wp.typed.
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 15) at block
- by Unreachable Annotations.
-[ Valid ] Return-condition (file tests/wp_plugin/stmt.c, line 16) at block
- by Frama-C kernel.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 17) at block
- by Wp.typed.
-[ Valid ] Assigns (file tests/wp_plugin/stmt.c, line 21) at block
- by Wp.typed.
-[ Valid ] Assertion (file tests/wp_plugin/stmt.c, line 16)
- by Wp.typed.
-[ Valid ] Default behavior at block
- by Frama-C kernel.
-[ Valid ] Default behavior
- by Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Properties of Function 'g'
---------------------------------------------------------------------------------
-
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 27)
- by Wp.typed.
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 31) at block
- by Unreachable Annotations.
-[ Valid ] Return-condition (file tests/wp_plugin/stmt.c, line 32) at block
- by Frama-C kernel.
- by Unreachable Annotations.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 33) at block
- by Unreachable Annotations.
-[ Valid ] Assigns (file tests/wp_plugin/stmt.c, line 36) at block
- by Unreachable Annotations.
-[ Valid ] Assertion (file tests/wp_plugin/stmt.c, line 32)
- by Wp.typed.
-[ Valid ] Default behavior at block
- by Frama-C kernel.
-[ Valid ] Default behavior
- by Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Properties of Function 'h'
---------------------------------------------------------------------------------
-
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 40)
- by Wp.typed.
-[ Valid ] Exit-condition (file tests/wp_plugin/stmt.c, line 43) at block
- by Unreachable Annotations.
-[ Valid ] Post-condition (file tests/wp_plugin/stmt.c, line 44) at block
- by Unreachable Annotations.
-[ Valid ] Return-condition for 'POS' (file tests/wp_plugin/stmt.c, line 48) at block
- by Frama-C kernel.
-[ Valid ] Return-condition for 'NEG' (file tests/wp_plugin/stmt.c, line 51) at block
- by Frama-C kernel.
-[ Valid ] Assigns (file tests/wp_plugin/stmt.c, line 53) at block
- by Unreachable Annotations.
-[ Valid ] Assertion (generated)
- by Wp.typed.
-[ Valid ] Assertion (generated)
- by Wp.typed.
-[ Valid ] Behavior 'NEG' at block
- by Frama-C kernel.
-[ Valid ] Behavior 'POS' at block
- by Frama-C kernel.
-[ Valid ] Default behavior at block
- by Frama-C kernel.
-[ Valid ] Default behavior
- by Frama-C kernel.
-
---------------------------------------------------------------------------------
---- Status Report Summary
---------------------------------------------------------------------------------
- 29 Completely validated
- 29 Total
---------------------------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/stmt.c b/src/plugins/wp/tests/wp_plugin/stmt.c
deleted file mode 100644
index bb82e910c1cc73a606e725ae72c332328f1dd9a4..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/stmt.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/* run.config
- OPT: -load-module report -then -report
-*/
-
-/* run.config_qualif
- OPT: -load-module report -then -report
- EXECNOW: LOG stmt.log LOG f.dot LOG f_default_for_stmt_2.dot LOG g.dot LOG g_default_for_stmt_11.dot @frama-c@ -no-autoload-plugins -load-module wp -wp-precond-weakening -wp -wp-warn-key pedantic-assigns=inactive -wp-dump -wp-out tests/wp_plugin/result_qualif -wp-msg-key shell @PTEST_FILE@ 1> tests/wp_plugin/result_qualif/stmt.log
-*/
-
-/*@ ensures a > 0 ==> \result == a + b;
- @ ensures a <= 0 ==> \result == -1;
-*/
-int f(int a, int b) {
-
- /*@ exits \false;
- @ returns \result == a + b;
- @ ensures a <= 0;
- @ assigns \nothing;
- */
- if (a > 0)
- return a + b;
-
- return -1;
-}
-
-
-/*@ ensures \result == a + b;
-*/
-int g(int a, int b) {
-
- /*@ exits \false;
- @ returns \result == a + b;
- @ ensures \false;
- @ assigns \nothing;
- */
- return a + b;
-
-}
-
-/*@ ensures \result == (e ? a : b) ; */
-int h(int e,int a,int b) {
-
- /*@ exits \false;
- @ ensures \false;
- @ assigns \nothing;
- @ behavior POS:
- @ assumes e ;
- @ returns \result == a;
- @ behavior NEG:
- @ assumes !e ;
- @ returns \result == b;
- */
- if (e) return a; else return b;
-
-}
diff --git a/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle b/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
index 0850a3c16edfbe868b78b028cfbd5ed0857e2137..a4e64eb82beb8cd8aea0c5720550144ca32b2ecd 100644
--- a/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
+++ b/src/plugins/wp/tests/wp_store/oracle/nonaliasing.res.oracle
@@ -22,8 +22,11 @@ Assume {
(* Goal *)
When: q != p.
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
- valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
+ Have: valid_rw(Malloc_0, p, 1).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, q, 1).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199).
}
Prove: x_5 = x_2.
@@ -43,8 +46,11 @@ Assume {
(* Goal *)
When: q != p.
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
- valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
+ Have: valid_rw(Malloc_0, p, 1).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, q, 1).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199).
}
Prove: x_2 = x_1.
@@ -64,8 +70,11 @@ Assume {
(* Heap *)
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
- valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
+ Have: valid_rw(Malloc_0, p, 1).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, q, 1).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199).
}
Prove: x_5 = x_2.
@@ -83,8 +92,11 @@ Assume {
(* Heap *)
Type: (region(p.base) <= 0) /\ (region(q.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199) /\
- valid_rw(Malloc_0, p, 1) /\ valid_rw(Malloc_0, q, 1).
+ Have: valid_rw(Malloc_0, p, 1).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, q, 1).
+ (* Pre-condition *)
+ Have: (0 <= x) /\ (0 <= x_1) /\ (x <= 199) /\ (x_1 <= 199).
}
Prove: x_2 = x_1.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
index 478d90b93f1dba802f955ea4603fdf614dceee6f..8df4685c2801e535bd4e52780beafc6ce061cdd8 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.0.res.oracle
@@ -270,7 +270,7 @@ Prove: valid_rw(Malloc_0, p[i], 1).
Goal Post-condition (file tests/wp_typed/array_initialized.c, line 288) in 'simpl':
Let x = Mint_0[shift_sint32(t, 0)].
Assume {
- Type: is_sint32(x).
+ Type: is_sint32(simpl_0) /\ is_sint32(x).
(* Heap *)
Type: region(t.base) <= 0.
(* Goal *)
@@ -279,8 +279,8 @@ Assume {
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 49) ->
(Mint_0[shift_sint32(t, i_1)] = x))).
If 0 <= x
- Then { (* Return *) Have: simpl_0 = 1. }
- Else { (* Return *) Have: simpl_0 = 0. }
+ Then { Have: simpl_0 = 1. }
+ Else { Have: simpl_0 = 0. }
}
Prove: (0 <= Mint_0[shift_sint32(t, i)]) <-> (simpl_0 = 1).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
index 91c35e494c27dfb6e16519f1d684da5651aa073c..4391ebbd55c9458da9580c5433d70f16382c8a00 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/array_initialized.1.res.oracle
@@ -273,7 +273,7 @@ Prove: valid_rw(Malloc_0, Mptr_0[shift_PTR(a, i)], 1).
Goal Post-condition (file tests/wp_typed/array_initialized.c, line 288) in 'simpl':
Let x = Mint_0[shift_sint32(t, 0)].
Assume {
- Type: is_sint32(x).
+ Type: is_sint32(simpl_0) /\ is_sint32(x).
(* Heap *)
Type: region(t.base) <= 0.
(* Goal *)
@@ -282,8 +282,8 @@ Assume {
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 <= 49) ->
(Mint_0[shift_sint32(t, i_1)] = x))).
If 0 <= x
- Then { (* Return *) Have: simpl_0 = 1. }
- Else { (* Return *) Have: simpl_0 = 0. }
+ Then { Have: simpl_0 = 1. }
+ Else { Have: simpl_0 = 0. }
}
Prove: (0 <= Mint_0[shift_sint32(t, i)]) <-> (simpl_0 = 1).
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_tset.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_tset.0.res.oracle
index fd636bbb09f5ba89b5108a7ce87a4e990a7a5b87..2bf4af29a7cadc76df178840a9effa9a0a57e63c 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_tset.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_tset.0.res.oracle
@@ -6,17 +6,20 @@
Function complex
------------------------------------------------------------
-Goal Instance of 'Pre-condition (file tests/wp_typed/unit_tset.i, line 6) in 'job'' in 'complex' at call 'job' (file tests/wp_typed/unit_tset.i, line 20)
-:
+Goal Assigns (file tests/wp_typed/unit_tset.i, line 14) in 'complex':
+Call Effect at line 18
Prove: true.
------------------------------------------------------------
-------------------------------------------------------------
- Function complex with behavior default_for_stmt_2
+
+Goal Assigns (file tests/wp_typed/unit_tset.i, line 14) in 'complex':
+Call Effect at line 18
+Prove: true.
+
------------------------------------------------------------
-Goal Assigns (file tests/wp_typed/unit_tset.i, line 19) at call 'job' (file tests/wp_typed/unit_tset.i, line 20):
-Call Effect at line 20
+Goal Instance of 'Pre-condition (file tests/wp_typed/unit_tset.i, line 2) in 'job'' in 'complex' at call 'job' (file tests/wp_typed/unit_tset.i, line 18)
+:
Prove: true.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/unit_tset.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/unit_tset.1.res.oracle
index 7af88b3ded647e1a034133916ef6f2aa0e9e03c0..60beed97a627e4bae8fdf8d14e919d8b7aa25c29 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/unit_tset.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/unit_tset.1.res.oracle
@@ -6,17 +6,20 @@
Function complex
------------------------------------------------------------
-Goal Instance of 'Pre-condition (file tests/wp_typed/unit_tset.i, line 6) in 'job'' in 'complex' at call 'job' (file tests/wp_typed/unit_tset.i, line 20)
-:
+Goal Assigns (file tests/wp_typed/unit_tset.i, line 14) in 'complex':
+Call Effect at line 18
Prove: true.
------------------------------------------------------------
-------------------------------------------------------------
- Function complex with behavior default_for_stmt_2
+
+Goal Assigns (file tests/wp_typed/unit_tset.i, line 14) in 'complex':
+Call Effect at line 18
+Prove: true.
+
------------------------------------------------------------
-Goal Assigns (file tests/wp_typed/unit_tset.i, line 19) at call 'job' (file tests/wp_typed/unit_tset.i, line 20):
-Call Effect at line 20
+Goal Instance of 'Pre-condition (file tests/wp_typed/unit_tset.i, line 2) in 'job'' in 'complex' at call 'job' (file tests/wp_typed/unit_tset.i, line 18)
+:
Prove: true.
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_bitwise.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_bitwise.0.res.oracle
index 4e4f0bbf55a16a97adedf3c2357f132c3e3b91f2..ba38a185ae087539cb75fb934ed528a88d75dd8c 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_bitwise.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_bitwise.0.res.oracle
@@ -33,7 +33,7 @@ Assume {
Type: is_uint32(x) /\ is_sint32(n) /\ is_uint32(x_2).
(* Goal *)
When: (0 <= i) /\ (i < n) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 31).
}
Prove: (land(lor(to_uint32(lsl(x, n)), x_2), lsl(1, i)) != 0) <->
@@ -48,7 +48,7 @@ Assume {
Type: is_uint32(x) /\ is_sint32(n) /\ is_uint32(x_2).
(* Goal *)
When: (0 <= i) /\ (x_1 <= 31) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 31).
}
Prove: (land(lor(to_uint32(lsl(x, n)), x_2), lsl(1, x_1)) != 0) <->
@@ -66,7 +66,7 @@ Assume {
Type: is_sint32(n) /\ is_uint64(x) /\ is_uint64(x_2).
(* Goal *)
When: (0 <= i) /\ (i < n) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 63).
}
Prove: (land(lor(to_uint64(lsl(x, n)), x_2), lsl(1, i)) != 0) <->
@@ -81,7 +81,7 @@ Assume {
Type: is_sint32(n) /\ is_uint64(x) /\ is_uint64(x_2).
(* Goal *)
When: (0 <= i) /\ (x_1 <= 63) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 63).
}
Prove: (land(lor(to_uint64(lsl(x, n)), x_2), lsl(1, x_1)) != 0) <->
@@ -120,7 +120,7 @@ Assume {
Type: is_uint32(x) /\ is_sint32(n) /\ is_uint32(x_1).
(* Goal *)
When: (0 <= i) /\ (i < n) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 31).
}
Prove: (land(lor(x_1, to_uint32(lsl(x, 32 - n))), lsl(1, 32 + i - n)) != 0) <->
@@ -135,7 +135,7 @@ Assume {
Type: is_uint32(x) /\ is_sint32(n) /\ is_uint32(x_2).
(* Goal *)
When: (0 <= i) /\ (x_1 <= 31) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 31).
}
Prove: (land(lor(x_2, to_uint32(lsl(x, 32 - n))), lsl(1, i)) != 0) <->
@@ -153,7 +153,7 @@ Assume {
Type: is_sint32(n) /\ is_uint64(x) /\ is_uint64(x_1).
(* Goal *)
When: (0 <= i) /\ (i < n) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 63).
}
Prove: (land(lor(x_1, to_uint64(lsl(x, 64 - n))), lsl(1, 64 + i - n)) != 0) <->
@@ -168,7 +168,7 @@ Assume {
Type: is_sint32(n) /\ is_uint64(x) /\ is_uint64(x_2).
(* Goal *)
When: (0 <= i) /\ (x_1 <= 63) /\ is_sint32(i).
- (* Pre-condition *)
+ (* Pre-condition 'r' *)
Have: (0 < n) /\ (n <= 63).
}
Prove: (land(lor(x_2, to_uint64(lsl(x, 64 - n))), lsl(1, i)) != 0) <->
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
index e1453e78f00b00eedd5171411a24d476a3abdac4..e73a0f100136a788210f0f92688f6d7036d9ec5b 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.0.res.oracle
@@ -2,11 +2,11 @@
[kernel] Parsing tests/wp_typed/user_init.i (no preprocessing)
[wp] Running WP plugin...
[wp] [CFG] Goal init_exits : Valid (Unreachable)
+[wp] Warning: Missing RTE guards
[wp] [CFG] Goal init_t1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v2_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v3_exits : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
------------------------------------------------------------
Function init
------------------------------------------------------------
@@ -20,7 +20,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_2)] = v))).
@@ -43,7 +45,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(a, i_2)] = v))).
@@ -68,7 +72,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
@@ -108,7 +114,9 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
@@ -835,10 +843,10 @@ Assume {
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
- (t2_0[i_4][i_3] = t2_2[i_4][i_3])))))).
+ (t2_2[i_4][i_3] = t2_0[i_4][i_3])))))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
- ((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_2[i_4][i_3]))))).
+ ((i_3 <= 19) -> (t2_2[i_4][i_3] = t2_0[i_4][i_3]))))).
(* Invariant 'Partial_j' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
}
@@ -1331,7 +1339,7 @@ Assume {
Have: i <= 9.
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
- ((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
+ ((i_3 <= 19) -> (t2_1[i_4][i_3] = t2_0[i_4][i_3]))))).
(* Invariant 'Partial_j' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
index 52e4c648900f469687bc6129f102187cbef53360..81badf95a29a8e16c113baa7ff30109199227ff9 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_init.1.res.oracle
@@ -2,11 +2,11 @@
[kernel] Parsing tests/wp_typed/user_init.i (no preprocessing)
[wp] Running WP plugin...
[wp] [CFG] Goal init_exits : Valid (Unreachable)
+[wp] Warning: Missing RTE guards
[wp] [CFG] Goal init_t1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v2_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v3_exits : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
------------------------------------------------------------
Function init
------------------------------------------------------------
@@ -20,7 +20,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 < n) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_2)] = v))).
@@ -43,7 +45,9 @@ Assume {
(* Goal *)
When: (0 <= i_1) /\ (i_1 <= i) /\ is_sint32(i_1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_2 : Z. ((0 <= i_2) -> ((i_2 < i) ->
(a_2[shift_sint32(a, i_2)] = v))).
@@ -68,7 +72,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
@@ -108,7 +114,9 @@ Assume {
(* Goal *)
When: !invalid(Malloc_0, a_2, 1).
(* Pre-condition *)
- Have: (0 <= n) /\ valid_rw(Malloc_0, a_1, n).
+ Have: valid_rw(Malloc_0, a_1, n).
+ (* Pre-condition *)
+ Have: 0 <= n.
(* Invariant 'Partial' *)
Have: forall i_1 : Z. ((0 <= i_1) -> ((i_1 < i) ->
(havoc(Mint_undef_0, Mint_0, a_1, n)[shift_sint32(a, i_1)] = v))).
@@ -835,10 +843,10 @@ Assume {
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((0 <= i_3) -> ((i_4 <= 9) ->
((i_3 <= 19) ->
(((i_4 < 0) \/ (i_3 < 0) \/ (10 <= i_4) \/ (20 <= i_3)) ->
- (t2_0[i_4][i_3] = t2_2[i_4][i_3])))))).
+ (t2_2[i_4][i_3] = t2_0[i_4][i_3])))))).
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
- ((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_2[i_4][i_3]))))).
+ ((i_3 <= 19) -> (t2_2[i_4][i_3] = t2_0[i_4][i_3]))))).
(* Invariant 'Partial_j' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
}
@@ -1331,7 +1339,7 @@ Assume {
Have: i <= 9.
(* Invariant 'Previous_i' *)
Have: forall i_4,i_3 : Z. ((0 <= i_4) -> ((i_4 < i) -> ((0 <= i_3) ->
- ((i_3 <= 19) -> (t2_0[i_4][i_3] = t2_1[i_4][i_3]))))).
+ ((i_3 <= 19) -> (t2_1[i_4][i_3] = t2_0[i_4][i_3]))))).
(* Invariant 'Partial_j' *)
Have: forall i_3 : Z. ((0 <= i_3) -> ((i_3 <= 19) -> (m[i_3] = v))).
}
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
index 3df342a583be2d88bfd6665c0468e1a40becb410..48d804d0c823fef23c125984780eaed6cc1ce3b8 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_rec.0.res.oracle
@@ -26,7 +26,7 @@ Goal Post-condition (file tests/wp_typed/user_rec.i, line 9) in 'F1':
Assume {
Type: is_sint32(F1_0) /\ is_sint32(i) /\ is_sint32(n).
If n <= 1
- Then { (* Return *) Have: F1_0 = 1. }
+ Then { Have: F1_0 = 1. }
Else {
(* Invariant *)
Have: L_fact(i - 1) = F1_0.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
index 14d0ebde9e942251adc93092bccf56baacc99dfe..7ee8668e53c9d73b825da70fa28b6ab9fe06994d 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_rec.1.res.oracle
@@ -26,7 +26,7 @@ Goal Post-condition (file tests/wp_typed/user_rec.i, line 9) in 'F1':
Assume {
Type: is_sint32(F1_0) /\ is_sint32(i) /\ is_sint32(n).
If n <= 1
- Then { (* Return *) Have: F1_0 = 1. }
+ Then { Have: F1_0 = 1. }
Else {
(* Invariant *)
Have: L_fact(i - 1) = F1_0.
diff --git a/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
index ed045c6b7826dd899433716233552a553451921a..ae4e2e2a55212a89431c6284bd01dda38420daf5 100644
--- a/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle/user_swap.0.res.oracle
@@ -35,7 +35,9 @@ Assume {
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(b.base) <= 0) /\ linked(Malloc_0).
(* Pre-condition *)
- Have: valid_rw(Malloc_0, a, 1) /\ valid_rw(Malloc_0, b, 1).
+ Have: valid_rw(Malloc_0, a, 1).
+ (* Pre-condition *)
+ Have: valid_rw(Malloc_0, b, 1).
}
Prove: x_2 = x_1.
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/unit_tset.res.oracle b/src/plugins/wp/tests/wp_typed/oracle_qualif/unit_tset.res.oracle
index 73c76c092af6f8fd3ab0fc93f3f7af41fb7e4d83..a28d76ae998651fd1e431981c7ab1e584be85d87 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/unit_tset.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/unit_tset.res.oracle
@@ -2,12 +2,13 @@
[kernel] Parsing tests/wp_typed/unit_tset.i (no preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-[wp] 2 goals scheduled
-[wp] [Qed] Goal typed_complex_assigns : Valid
+[wp] 3 goals scheduled
+[wp] [Qed] Goal typed_complex_assigns_exit : Valid
+[wp] [Qed] Goal typed_complex_assigns_normal : Valid
[wp] [Qed] Goal typed_complex_call_job_requires : Valid
-[wp] Proved goals: 2 / 2
- Qed: 2
+[wp] Proved goals: 3 / 3
+ Qed: 3
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- complex 2 - 2 100%
+ complex 3 - 3 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.0.res.oracle b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.0.res.oracle
index 890545f1a901bbb0eaec681155b688d75658e609..fa0b0883eae31e9e50dc79db27fb1cec785fdaca 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.0.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.0.res.oracle
@@ -2,11 +2,11 @@
[kernel] Parsing tests/wp_typed/user_init.i (no preprocessing)
[wp] Running WP plugin...
[wp] [CFG] Goal init_exits : Valid (Unreachable)
+[wp] Warning: Missing RTE guards
[wp] [CFG] Goal init_t1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v1_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v2_exits : Valid (Unreachable)
[wp] [CFG] Goal init_t2_v3_exits : Valid (Unreachable)
-[wp] Warning: Missing RTE guards
[wp] 92 goals scheduled
[wp] [Alt-Ergo] Goal typed_init_ensures : Valid
[wp] [Alt-Ergo] Goal typed_init_loop_invariant_Partial_preserved : Valid
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.res.oracle b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.res.oracle
index 71a1c37ecc6fac5af4a88d1151b8798d141a3ca8..d063e01722192b7cf2eb264e6ccc6a50b5e85dc3 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.1.res.oracle
@@ -1,11 +1,6 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_typed/user_init.i (no preprocessing)
[wp] Running WP plugin...
-[wp] [CFG] Goal init_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t1_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v1_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v2_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v3_exits : Valid (Unreachable)
[wp] Warning: Missing RTE guards
[wp] 23 goals scheduled
[wp] [Qed] Goal typed_init_t2_v2_loop_assigns_part1 : Valid
@@ -31,7 +26,7 @@
[wp] [Qed] Goal typed_init_t2_bis_v2_assigns_exit_part3 : Valid
[wp] [Qed] Goal typed_init_t2_bis_v2_assigns_normal_part1 : Valid
[wp] [Script] Goal typed_init_t2_bis_v2_assigns_normal_part2 : Valid
-[wp] Proved goals: 28 / 28
+[wp] Proved goals: 23 / 23
Qed: 11
Script: 12
Alt-Ergo: 0 (unsuccess: 12)
diff --git a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.2.res.oracle b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.2.res.oracle
index 73b6604f313f1b3c18ba90b8824a3f4c14e24982..612a2377cfd3ce0ff68a451c5abbf4fc60a18c1c 100644
--- a/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.2.res.oracle
+++ b/src/plugins/wp/tests/wp_typed/oracle_qualif/user_init.2.res.oracle
@@ -1,11 +1,6 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_typed/user_init.i (no preprocessing)
[wp] Running WP plugin...
-[wp] [CFG] Goal init_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t1_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v1_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v2_exits : Valid (Unreachable)
-[wp] [CFG] Goal init_t2_v3_exits : Valid (Unreachable)
[wp] Warning: Missing RTE guards
[wp] 16 goals scheduled
[wp] [Qed] Goal typed_init_t2_v1_loop_assigns_part1 : Valid
@@ -24,7 +19,7 @@
[wp] [Qed] Goal typed_init_t2_bis_v1_assigns_exit_part3 : Valid
[wp] [Qed] Goal typed_init_t2_bis_v1_assigns_normal_part1 : Valid
[wp] [Alt-Ergo] Goal typed_init_t2_bis_v1_assigns_normal_part2 : Unsuccess
-[wp] Proved goals: 12 / 21
+[wp] Proved goals: 7 / 16
Qed: 7
Alt-Ergo: 0 (unsuccess: 9)
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_typed/unit_tset.i b/src/plugins/wp/tests/wp_typed/unit_tset.i
index deaf2545a0dcf657e65ea5baff302625efa48abf..d08be34855d33feae62db63c647aa138909f2c48 100644
--- a/src/plugins/wp/tests/wp_typed/unit_tset.i
+++ b/src/plugins/wp/tests/wp_typed/unit_tset.i
@@ -1,21 +1,19 @@
-/* run.config_qualif
- OPT:
-*/
-
-/*@
- requires \valid( p + (0..n-1) );
+/*@
+ requires \valid( p + (0..n-1) );
assigns p[0..n-1];
*/
void job(int *p,int n);
-typedef struct S {
+struct S {
int size ;
int value[50] ;
-} ;
+} s ;
-/*@ requires s.size < 50; */
-void complex(struct S s)
+/*@
+ requires s.size < 50;
+ assigns s.value[1..s.size];
+*/
+void complex(void)
{
- /*@ assigns s.value[1..s.size]; */
job( & s.value[1] , s.size );
}
diff --git a/src/plugins/wp/tests/wp_usage/code_spec.i b/src/plugins/wp/tests/wp_usage/code_spec.i
index 30c1819dcc10e3e11f611eaea823f56e05b53864..f3a491fd9be22990d760f2296365ace935daff74 100644
--- a/src/plugins/wp/tests/wp_usage/code_spec.i
+++ b/src/plugins/wp/tests/wp_usage/code_spec.i
@@ -53,34 +53,6 @@ void by_array_in_code(int *p, int *q, int **qq) {
p1[p2[0]]=*(p3+p4[*(p5+1)]);
}
//-------------------------------------------------------
-void by_value_in_code_annotation(int v, int *p, int*q) {
- //@ assert tab[v-1]==0 && \initialized (&x6);
- /*@ requires (x1?x2:x3)== 0;
- @ assigns x4;
- @*/
- /*@ loop invariant x5<0;
- @ loop variant q-p;
- @*/
- while (1)
- //@ assert 0 == \let term=1+\at(x7,Pre) ; 1+term;
- //@ assert \let pred=(x8==0) ; pred && x9==0;
- ;
-}
-
-//@ behavior no_exit: exits \false;
-void by_reference_in_code_annotation(int*p) {
- //@ for no_exit: assert \valid (p);
- //@ ensures \separated (p1,p2) && \freeable (p3) || \allocable (p5) <==> \initialized (p6);
- ;
- //@ loop invariant *p4<0;
- while (1);
-}
-
-void by_addr_in_code_annotation(void) {
- //@ requires (&x0 != &s0.c) && &tab[5];
- return;
-}
-
void by_array_in_code_annotation(int *p, int *q, int **qq) {
//@ assert *(ptr+1)==0 && *(p+1)==q[0] && p1[p2[0]]==*(p3+p4[*(p5+1)]);
;
diff --git a/src/plugins/wp/tests/wp_usage/core.i b/src/plugins/wp/tests/wp_usage/core.i
deleted file mode 100644
index d09dd51e5be357b39e2d93df910462e0d563ecf3..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_usage/core.i
+++ /dev/null
@@ -1,25 +0,0 @@
-/* run.config
- OPT: -wp-no-core
- OPT: -wp-core
-*/
-
-/* run.config_qualif
- DONTRUN:
-*/
-
-int a,b,c,x;
-//@ predicate OBS(integer x,integer y);
-//@ ensures OBS(\old(x),x);
-void f(void)
-{
- if (a)
- //@ ensures x == \old(x);
- a++;
- if (b)
- //@ ensures x == \old(x);
- b++;
- x++;
- if (c)
- //@ ensures x == \old(x);
- c++;
-}
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
index 3e32676531171339c4abaa8fc6cc16846c252ecc..22064c851cd062a80ea9366ae6fbe6eddcaee5d7 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat.0.res.oracle
@@ -165,7 +165,7 @@ Assume {
is_sint32(x_4) /\ is_sint32(x_5) /\ is_sint32(x_6) /\ is_sint32(x_7).
(* Heap *)
Type: (region(a.base) <= 0) /\ (region(r.base) <= 0).
- (* Pre-condition *)
+ (* Pre-condition 'KO' *)
Have: P_OBS(x, x_1, x_2).
}
Prove: P_OBS(x_5, x_6, x_7).
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat.1.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat.1.res.oracle
index 0141c03ea9ff5368e80b619ad7ce64c3253d72c0..5aa86229598225da274470eae7b89fcaa41f8352 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat.1.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat.1.res.oracle
@@ -62,7 +62,7 @@ Let x_4 = x + x_1.
Assume {
Type: is_sint32(r) /\ is_sint32(x) /\ is_sint32(x_1) /\ is_sint32(x_2) /\
is_sint32(x_3) /\ is_sint32(x_4).
- (* Pre-condition *)
+ (* Pre-condition 'KO' *)
Have: P_OBS(x, x_1, r).
}
Prove: P_OBS(x_2, x_3, x_4).
diff --git a/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
index 7ec4d49d41a9cc9cf35cc6aa9ab3dd2c08c11c9d..33766e0ffa284cf9e2dc32ec7068dc49f6ec3021 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/caveat2.res.oracle
@@ -2,7 +2,7 @@
[kernel] Parsing tests/wp_usage/caveat2.i (no preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-[wp] tests/wp_usage/caveat2.i:22: Warning: Undefined array-size (sint32[])
+[wp] tests/wp_usage/caveat2.i:14: Warning: Undefined array-size (sint32[])
------------------------------------------------------------
Function job
------------------------------------------------------------
@@ -13,6 +13,9 @@ Prove: true.
------------------------------------------------------------
Goal Post-condition 'A' in 'job':
+tests/wp_usage/caveat2.i:14: warning from Typed Model:
+ - Warning: No allocation size for variable 'b'
+ Reason: Undefined array-size (sint32[])
Let a = global(G_b_26).
Assume {
Type: is_sint32(i_1) /\ is_sint32(n).
@@ -55,9 +58,6 @@ Prove: true.
------------------------------------------------------------
Goal Preservation of Invariant (file tests/wp_usage/caveat2.i, line 22):
-tests/wp_usage/caveat2.i:22: warning from Typed Model:
- - Warning: No allocation size for variable 'b'
- Reason: Undefined array-size (sint32[])
Let a = global(G_b_26).
Assume {
Type: is_sint32(i) /\ is_sint32(n) /\ is_sint32(1 + i).
diff --git a/src/plugins/wp/tests/wp_usage/oracle/code_spec.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/code_spec.res.oracle
index 253cb2dea90b13cb88c0b0167a7ba38061fe0693..e4ec1c30595ad429a3e3cc148bd369fbd710c313 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/code_spec.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/code_spec.res.oracle
@@ -1,9 +1,9 @@
# frama-c -wp [...]
[kernel] Parsing tests/wp_usage/code_spec.i (no preprocessing)
[wp] Running WP plugin...
-[kernel] tests/wp_usage/code_spec.i:154: Warning:
+[kernel] tests/wp_usage/code_spec.i:126: Warning:
No code nor implicit assigns clause for function by_addr_in_spec, generating default assigns from the prototype
-[kernel] tests/wp_usage/code_spec.i:154: Warning:
+[kernel] tests/wp_usage/code_spec.i:126: Warning:
No code nor implicit assigns clause for function by_array_in_spec, generating default assigns from the prototype
.................................................
... Ref Usage
@@ -16,10 +16,6 @@ Function by_value_in_code:
Function by_reference_in_code: { *p1 *p *qq }
Function by_addr_in_code: { &x0 &s0 &tab &v1 &s2 &s3 }
Function by_array_in_code: { p1[] p2[] p3[] p4[] p5[] ptr[] p[] q[] }
-Function by_value_in_code_annotation:
-{ x1 x2 x3 x4 x5 x6 x7 x8 x9 tab v p q }
-Function by_reference_in_code_annotation: { *p1 *p2 *p3 *p4 *p5 *p6 *p }
-Function by_addr_in_code_annotation: { &x0 &s0 &tab }
Function by_array_in_code_annotation:
{ p1[] p2[] p3[] p4[] p5[] ptr[] p[] q[] }
Function by_value_in_spec: { x0 x1 p0 p1 p2 }
@@ -39,7 +35,5 @@ Function calling_spec:
Function cup:
{ val *ref &addr array[] &addr_value val_ref array_ref[] value_array }
.................................................
-[wp] [CFG] Goal by_addr_in_code_annotation_requires : Valid (Unreachable)
-[wp] [CFG] Goal by_reference_in_code_annotation_no_exit_exits : Valid (Unreachable)
[wp] Warning: Missing RTE guards
[wp] No proof obligations
diff --git a/src/plugins/wp/tests/wp_usage/oracle/core.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/core.0.res.oracle
deleted file mode 100644
index 4d1ca598e10b8a792fe8628a767944ef2c5f2477..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_usage/oracle/core.0.res.oracle
+++ /dev/null
@@ -1,57 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_usage/core.i (no preprocessing)
-[kernel] tests/wp_usage/core.i:11: Warning:
- parsing obsolete ACSL construct 'logic declaration'. 'an axiomatic block' should be used instead.
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] tests/wp_usage/core.i:24: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp_usage/core.i:20: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp_usage/core.i:17: Warning:
- Missing assigns clause (assigns 'everything' instead)
-------------------------------------------------------------
- Function f
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 12) in 'f':
-Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(x) /\
- is_sint32(x_1) /\ is_sint32(x_2) /\ is_sint32(x_3).
- If a != 0
- Then { Have: x_3 = x. }
- Else { Have: x_3 = x. }
- If b != 0
- Then { Have: x_3 = x_2. }
- Else { Have: x_3 = x_2. }
- If c != 0
- Then { Have: (1 + x_2) = x_1. }
- Else { Have: (1 + x_2) = x_1. }
-}
-Prove: P_OBS(x, x_1).
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_15
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 23) at instruction (file tests/wp_usage/core.i, line 24):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_4
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 16) at instruction (file tests/wp_usage/core.i, line 17):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_9
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 19) at instruction (file tests/wp_usage/core.i, line 20):
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/core.1.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/core.1.res.oracle
deleted file mode 100644
index 337bce578f76fa1cfe3acb42bcecbd05b790507f..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_usage/oracle/core.1.res.oracle
+++ /dev/null
@@ -1,49 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing tests/wp_usage/core.i (no preprocessing)
-[kernel] tests/wp_usage/core.i:11: Warning:
- parsing obsolete ACSL construct 'logic declaration'. 'an axiomatic block' should be used instead.
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] tests/wp_usage/core.i:24: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp_usage/core.i:20: Warning:
- Missing assigns clause (assigns 'everything' instead)
-[wp] tests/wp_usage/core.i:17: Warning:
- Missing assigns clause (assigns 'everything' instead)
-------------------------------------------------------------
- Function f
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 12) in 'f':
-Let x_1 = 1 + x.
-Assume {
- Type: is_sint32(a) /\ is_sint32(b) /\ is_sint32(c) /\ is_sint32(x) /\
- is_sint32(x_1).
-}
-Prove: P_OBS(x, x_1).
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_15
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 23) at instruction (file tests/wp_usage/core.i, line 24):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_4
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 16) at instruction (file tests/wp_usage/core.i, line 17):
-Prove: true.
-
-------------------------------------------------------------
-------------------------------------------------------------
- Function f with behavior default_for_stmt_9
-------------------------------------------------------------
-
-Goal Post-condition (file tests/wp_usage/core.i, line 19) at instruction (file tests/wp_usage/core.i, line 20):
-Prove: true.
-
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
index 2ed983d3f5f127812a72052978820e43f8fc87ae..f5e6746b9b82b0a337df477dc3fd35f1053fd278 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.0.res.oracle
@@ -18,9 +18,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -50,9 +53,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -82,9 +88,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -126,9 +135,12 @@ Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_1) /\ valid_rw(Malloc_0, a_2, len_1) /\
- separated(a_2, len_1, a_4, len_1).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_1).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_1).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_1, a_4, len_1).
(* Invariant 'cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
(a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
@@ -192,9 +204,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_24 <- 1][P_dst_25 <- 1], v, 1).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_6, len_0) /\ valid_rw(Malloc_0, a_4, len_0) /\
- separated(a_4, len_0, a_6, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_4, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_6, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_4, len_0, a_6, len_0).
(* Invariant 'cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
(a_5[shift_uint8(a_1, i)] = a_5[shift_uint8(a_3, i)]))).
@@ -232,9 +247,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'ok,cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -264,9 +282,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'ok,cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -296,9 +317,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'ok,cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
(a_3[shift_uint8(a, i_1)] = a_3[shift_uint8(a_1, i_1)]))).
@@ -340,9 +364,12 @@ Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
(* Heap *)
Type: framed(Mptr_0) /\ linked(Malloc_0).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_1) /\ valid_rw(Malloc_0, a_2, len_1) /\
- separated(a_2, len_1, a_4, len_1).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_1).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_1).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_1, a_4, len_1).
(* Invariant 'ok,cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
(a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
@@ -404,9 +431,12 @@ Assume {
Type: framed(Mptr_0) /\ linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0[P_src_47 <- 1][P_dst_48 <- 1], tmp_0, 1).
- (* Pre-condition *)
- Have: valid_rd(Malloc_0, a_4, len_0) /\ valid_rw(Malloc_0, a_2, len_0) /\
- separated(a_2, len_0, a_4, len_0).
+ (* Pre-condition 'write_access' *)
+ Have: valid_rw(Malloc_0, a_2, len_0).
+ (* Pre-condition 'read_access' *)
+ Have: valid_rd(Malloc_0, a_4, len_0).
+ (* Pre-condition 'unaliasing' *)
+ Have: separated(a_2, len_0, a_4, len_0).
(* Invariant 'ok,cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
(a_3[shift_uint8(a, i)] = a_3[shift_uint8(a_1, i)]))).
diff --git a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
index 0fb3ea0ed2e6643f287e6cedf372596e6086c6f1..34ca97dda06b736d3e49cb0a7c787fca2ce32e30 100644
--- a/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle/issue-189-bis.1.res.oracle
@@ -11,7 +11,7 @@ Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1).
(* Goal *)
When: (0 <= i) /\ ((2 + i) <= len_0).
- (* Pre-condition *)
+ (* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
@@ -43,7 +43,7 @@ Assume {
Type: is_sint32(len_0) /\ is_sint32(len_1) /\ is_sint32(len_1 - 1).
(* Goal *)
When: (0 <= i) /\ ((i + len_1) <= len_0).
- (* Pre-condition *)
+ (* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
Have: forall i_1 : Z. ((0 <= i_1) -> (((len_1 + i_1) < len_0) ->
@@ -81,7 +81,7 @@ Let a = global(G_src_47).
Let a_1 = global(G_dst_48).
Assume {
Type: is_sint32(len_1) /\ is_sint32(len_0) /\ is_sint32(len_0 - 1).
- (* Pre-condition *)
+ (* Pre-condition 'write_access' *)
Have: ((0 < len_1) -> (len_1 <= 1)).
(* Invariant 'ok,cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_0 + i) < len_1) ->
@@ -143,7 +143,7 @@ Assume {
Type: linked(Malloc_0).
(* Goal *)
When: !invalid(Malloc_0, tmp_0, 1).
- (* Pre-condition *)
+ (* Pre-condition 'write_access' *)
Have: ((0 < len_0) -> (len_0 <= 1)).
(* Invariant 'ok,cpy' *)
Have: forall i : Z. ((0 <= i) -> (((len_1 + i) < len_0) ->
diff --git a/src/plugins/wp/tests/wp_usage/oracle_qualif/caveat2.res.oracle b/src/plugins/wp/tests/wp_usage/oracle_qualif/caveat2.res.oracle
index 5ebef0000b8e36cb669571dd841f5ee001c4a791..5c717fb7a026465b5a2a19946b1ddb43fb2e8888 100644
--- a/src/plugins/wp/tests/wp_usage/oracle_qualif/caveat2.res.oracle
+++ b/src/plugins/wp/tests/wp_usage/oracle_qualif/caveat2.res.oracle
@@ -2,7 +2,7 @@
[kernel] Parsing tests/wp_usage/caveat2.i (no preprocessing)
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
-[wp] tests/wp_usage/caveat2.i:22: Warning: Undefined array-size (sint32[])
+[wp] tests/wp_usage/caveat2.i:14: Warning: Undefined array-size (sint32[])
[wp] 9 goals scheduled
[wp] [Qed] Goal typed_caveat_job_ensures_N : Valid
[wp] [Alt-Ergo] Goal typed_caveat_job_ensures_A : Valid
diff --git a/src/plugins/wp/wp_parameters.ml b/src/plugins/wp/wp_parameters.ml
index 38c898654f4ac51b3d37cb85bbe5d1e2c80b11e4..bd90f0d1795fcc69eed0efada0cc924598649f2d 100644
--- a/src/plugins/wp/wp_parameters.ml
+++ b/src/plugins/wp/wp_parameters.ml
@@ -57,7 +57,7 @@ let () = on_reset WP.clear
let () = Parameter_customize.set_group wp_generation
module Legacy =
- True(struct
+ False(struct
let option_name = "-wp-legacy"
let help = "Use legacy generator engine."
end)
@@ -1248,7 +1248,7 @@ let print_generated ?header file =
let protect e =
if debug_atleast 1 then false else
match e with
- | Db.Cancel | Log.AbortError _ | Log.AbortFatal _ -> false
+ | Sys.Break | Db.Cancel | Log.AbortError _ | Log.AbortFatal _ -> false
| _ -> true
(* -------------------------------------------------------------------------- *)
diff --git a/src/plugins/wp/wpo.ml b/src/plugins/wp/wpo.ml
index 0d0bf47c4f8059caf2d74312150bcc67f866f3ae..d94196679bf26f7b825d4f23d4ab8fcc44ca70ea 100644
--- a/src/plugins/wp/wpo.ml
+++ b/src/plugins/wp/wpo.ml
@@ -190,8 +190,13 @@ struct
let is_trivial g = Conditions.is_trivial g.sequent
+ let dkey = Wp_parameters.register_category "qed"
+
let apply option phi g =
- try g.sequent <- phi g.sequent
+ try
+ Db.yield () ;
+ Wp_parameters.debug ~dkey "Appy %s" option ;
+ g.sequent <- phi g.sequent ;
with exn when Wp_parameters.protect exn ->
Wp_parameters.warning ~current:false ~once:true
"Goal simplification aborted (%s):@\n\
@@ -207,7 +212,7 @@ struct
let preprocess g =
if Wp_parameters.Let.get () then
begin
- apply "introcution" Conditions.introduction_eq g ;
+ apply "introduction" Conditions.introduction_eq g ;
let fold acc (get,solver) = if get () then solver::acc else acc in
let solvers = List.fold_left fold [] default_simplifiers in
apply "-wp-simplify-*" (Conditions.simplify ~solvers) g ;
@@ -229,26 +234,24 @@ struct
g.sequent <- Conditions.trivial ;
g.obligation <- Conditions.close g.sequent
- let dkey = Wp_parameters.register_category "prover"
-
- let safecompute g =
+ let safecompute ~pid g =
begin
g.simplified <- true ;
let timer = ref 0.0 in
- Wp_parameters.debug ~dkey "Simplify goal" ;
+ Wp_parameters.debug ~dkey "Simplify %a" WpPropId.pretty pid ;
Command.time ~rmax:timer preprocess g ;
Wp_parameters.debug ~dkey "Simplification time: %a"
Rformat.pp_time !timer ;
g.time <- !timer ;
end
- let compute g =
+ let compute ~pid g =
if not g.simplified then
Lang.local ~vars:(Conditions.vars_seq g.sequent)
- safecompute g
+ (safecompute ~pid) g
- let compute_proof g = compute g ; g.obligation
- let compute_descr g = compute g ; g.sequent
+ let compute_proof ~pid g = compute ~pid g ; g.obligation
+ let compute_descr ~pid g = compute ~pid g ; g.sequent
let get_descr g = g.sequent
let qed_time g = g.time
@@ -324,7 +327,7 @@ struct
effect = None ;
}
- let resolve vcq = GOAL.compute_proof vcq.goal == Lang.F.p_true
+ let resolve ~pid vcq = GOAL.compute_proof ~pid vcq.goal == Lang.F.p_true
let is_trivial vcq = GOAL.is_trivial vcq.goal
let pp_effect fmt = function
@@ -350,7 +353,7 @@ struct
Format.fprintf fmt "@].@\n" ;
end ;
pp_warnings fmt vc.warn ;
- Pcond.pretty fmt (GOAL.compute_descr vc.goal) ;
+ Pcond.pretty fmt (GOAL.compute_descr ~pid vc.goal) ;
List.iter
(fun (prover,result) ->
if result.verdict <> NoResult then
@@ -792,8 +795,11 @@ let is_trivial g =
let reduce g =
match g.po_formula with
- | GoalLemma vc -> WpContext.on_context (get_context g) VC_Lemma.is_trivial vc
- | GoalAnnot vc -> WpContext.on_context (get_context g) VC_Annot.resolve vc
+ | GoalLemma vc ->
+ WpContext.on_context (get_context g) VC_Lemma.is_trivial vc
+ | GoalAnnot vc ->
+ let pid = g.po_pid in
+ WpContext.on_context (get_context g) (VC_Annot.resolve ~pid) vc
let resolve g =
let valid = reduce g in
@@ -806,7 +812,8 @@ let compute g =
let ctxt = get_context g in
match g.po_formula with
| GoalAnnot { VC_Annot.axioms ; VC_Annot.goal = goal } ->
- axioms , WpContext.on_context ctxt GOAL.compute_descr goal
+ let pid = g.po_pid in
+ axioms , WpContext.on_context ctxt (GOAL.compute_descr ~pid) goal
| GoalLemma ({ VC_Lemma.depends = depends ; VC_Lemma.lemma = lemma } as w) ->
let open Definitions in
Some( lemma.l_cluster , depends ) ,
diff --git a/src/plugins/wp/wpo.mli b/src/plugins/wp/wpo.mli
index 98e14b7efc254befdda2e7a1c6eecfb4942c2f8f..580b64694974e7616ee540e1c31dd8e83d09b8ac 100644
--- a/src/plugins/wp/wpo.mli
+++ b/src/plugins/wp/wpo.mli
@@ -54,10 +54,10 @@ sig
val trivial : t
val is_trivial : t -> bool
val make : Conditions.sequent -> t
- val compute_proof : t -> F.pred
- val compute_descr : t -> Conditions.sequent
+ val compute : pid:WpPropId.prop_id -> t -> unit
+ val compute_proof : pid:WpPropId.prop_id -> t -> F.pred
+ val compute_descr : pid:WpPropId.prop_id -> t -> Conditions.sequent
val get_descr : t -> Conditions.sequent
- val compute : t -> unit
val qed_time : t -> float
end
@@ -88,8 +88,8 @@ sig
effect : (stmt * effect_source) option ;
}
- val resolve : t -> bool
val is_trivial : t -> bool
+ val resolve : pid:prop_id -> t -> bool
val cache_descr : pid:prop_id -> t -> (prover * result) list -> string
end