From f1adaf1a567fede2479b1060d5126cb145409e41 Mon Sep 17 00:00:00 2001
From: Virgile Prevosto <virgile.prevosto@m4x.org>
Date: Fri, 11 Oct 2019 16:30:33 +0200
Subject: [PATCH] [aorai] update oracles
---
.../tests/aorai/oracle/assigns.0.res.oracle | 436 +++----
.../tests/aorai/oracle/assigns.1.res.oracle | 296 ++---
.../tests/aorai/oracle/bts1289.0.res.oracle | 162 +--
.../tests/aorai/oracle/bts1289.1.res.oracle | 466 +++----
.../aorai/oracle/declared_function.res.oracle | 100 +-
.../aorai/oracle/deterministic.res.oracle | 788 ++++++------
.../tests/aorai/oracle/formals.res.oracle | 762 ++++++------
.../generate_assigns_bts1290.res.oracle | 102 +-
.../aorai/tests/aorai/oracle/goto.res.oracle | 1086 ++++++++--------
.../tests/aorai/oracle/hoare_seq.res.oracle | 671 +++++-----
.../tests/aorai/oracle/incorrect.res.oracle | 76 +-
.../aorai/oracle/loop_bts1050.res.oracle | 908 +++++++-------
.../tests/aorai/oracle/monostate.res.oracle | 238 ++--
.../tests/aorai/oracle/not_prm.res.oracle | 132 +-
.../aorai/tests/aorai/oracle/other.res.oracle | 908 +++++++-------
.../aorai/tests/aorai/oracle/seq.res.oracle | 921 +++++++-------
.../tests/aorai/oracle/seq_loop.res.oracle | 908 +++++++-------
.../tests/aorai/oracle/single_call.res.oracle | 162 +--
.../aorai/oracle/test_acces_params.res.oracle | 754 ++++++------
.../oracle/test_acces_params2.res.oracle | 1090 +++++++++--------
.../tests/aorai/oracle/test_boucle.res.oracle | 482 ++++----
.../aorai/oracle/test_boucle1.res.oracle | 702 +++++------
.../aorai/oracle/test_boucle2.res.oracle | 760 ++++++------
.../aorai/oracle/test_boucle3.res.oracle | 698 ++++++-----
.../test_boucle_rechercheTableau.res.oracle | 497 ++++----
.../aorai/oracle/test_factorial.res.oracle | 531 ++++----
.../aorai/oracle/test_factorial2.res.oracle | 519 ++++----
.../aorai/oracle/test_recursion1.res.oracle | 491 ++++----
.../aorai/oracle/test_recursion2.0.res.oracle | 584 ++++-----
.../aorai/oracle/test_recursion2.1.res.oracle | 588 ++++-----
.../aorai/oracle/test_recursion4.res.oracle | 529 ++++----
.../aorai/oracle/test_recursion5.res.oracle | 847 ++++++-------
.../tests/aorai/oracle/test_struct.res.oracle | 276 +++--
.../aorai/oracle/test_switch2.res.oracle | 1086 ++++++++--------
.../aorai/oracle/test_switch3.res.oracle | 635 +++++-----
.../test_switch3_et_recursion.res.oracle | 474 +++----
.../aorai/oracle/test_switch3_if.res.oracle | 635 +++++-----
.../oracle/test_switch3_return.res.oracle | 642 +++++-----
38 files changed, 11297 insertions(+), 10645 deletions(-)
diff --git a/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
index d4dfd5db8dd..6c66a3027f5 100644
--- a/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/assigns.0.res.oracle
@@ -18,111 +18,117 @@ int X;
/*@ ghost int S_in_f = 0; */
/*@ ghost int Sf = 0; */
/*@ ghost int in_main = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_in:
- assumes 1 ≡ Sf;
- ensures 1 ≡ S_in_f;
-
- behavior buch_state_S_in_f_out:
- assumes 0 ≡ Sf;
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- Sf_tmp = 0;
- if (Sf == 1) S_in_f_tmp = 1; else S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_in:
+ assumes 1 ≡ Sf;
+ ensures 1 ≡ S_in_f;
+
+ behavior buch_state_S_in_f_out:
+ assumes 0 ≡ Sf;
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void f_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ Sf_tmp = 0;
+ if (Sf == 1) S_in_f_tmp = 1; else S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S_in_f ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_in:
- assumes 1 ≡ S_in_f;
- ensures 1 ≡ in_main;
-
- behavior buch_state_in_main_out:
- assumes 0 ≡ S_in_f;
- ensures 0 ≡ in_main;
- */
-void f_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- if (S_in_f == 1) in_main_tmp = 1; else in_main_tmp = 0;
- Sf_tmp = 0;
- S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S_in_f ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_in:
+ assumes 1 ≡ S_in_f;
+ ensures 1 ≡ in_main;
+
+ behavior buch_state_in_main_out:
+ assumes 0 ≡ S_in_f;
+ ensures 0 ≡ in_main;
+ @/
+ void f_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ if (S_in_f == 1) in_main_tmp = 1; else in_main_tmp = 0;
+ Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Sf ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ in_main;
@@ -133,117 +139,123 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
X ++;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- if (S1 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S_in_f_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ if (S1 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ in_main ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
- in_main;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ in_main;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ in_main;
- ensures 0 ≡ S2;
-
- behavior buch_state_S_in_f_out:
- ensures 0 ≡ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_in_main_out:
- ensures 0 ≡ in_main;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S_in_f_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int in_main_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S_in_f_tmp = S_in_f;
- Sf_tmp = Sf;
- in_main_tmp = in_main;
- in_main_tmp = 0;
- Sf_tmp = 0;
- S_in_f_tmp = 0;
- if (in_main == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S_in_f = S_in_f_tmp;
- Sf = Sf_tmp;
- in_main = in_main_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ in_main ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
+ in_main;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ in_main;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ in_main;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures 0 ≡ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures 0 ≡ in_main;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S_in_f_tmp;
+ int Sf_tmp;
+ int in_main_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S_in_f_tmp = S_in_f;
+ Sf_tmp = Sf;
+ in_main_tmp = in_main;
+ in_main_tmp = 0;
+ Sf_tmp = 0;
+ S_in_f_tmp = 0;
+ if (in_main == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S_in_f = S_in_f_tmp;
+ Sf = Sf_tmp;
+ in_main = in_main_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S_in_f ∧ 0 ≡ Sf ∧ 0 ≡ in_main;
@@ -260,14 +272,14 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ assigns X; */
X ++;
/*@ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S_in_f, Sf,
in_main, X;
*/
f();
- main_post_func(X);
+ /*@ ghost main_post_func(X); */
return X;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
index b52a02ae310..2434556b05d 100644
--- a/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/assigns.1.res.oracle
@@ -32,76 +32,82 @@ int X;
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int aorai_CurStates = S1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_in:
- assumes aorai_CurStates ≡ Sf;
- ensures aorai_CurStates ≡ S_in_f;
-
- behavior buch_state_S_in_f_out:
- assumes aorai_CurStates ≢ Sf;
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void f_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (3 == aorai_CurStates) aorai_CurStates_tmp = S_in_f;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_in:
+ assumes aorai_CurStates ≡ Sf;
+ ensures aorai_CurStates ≡ S_in_f;
+
+ behavior buch_state_S_in_f_out:
+ assumes aorai_CurStates ≢ Sf;
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void f_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (3 == aorai_CurStates) aorai_CurStates_tmp = S_in_f;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S_in_f;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_in:
- assumes aorai_CurStates ≡ S_in_f;
- ensures aorai_CurStates ≡ in_main;
-
- behavior buch_state_in_main_out:
- assumes aorai_CurStates ≢ S_in_f;
- ensures aorai_CurStates ≢ in_main;
- */
-void f_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = in_main;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S_in_f;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_in:
+ assumes aorai_CurStates ≡ S_in_f;
+ ensures aorai_CurStates ≡ in_main;
+
+ behavior buch_state_in_main_out:
+ assumes aorai_CurStates ≢ S_in_f;
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void f_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = in_main;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ Sf;
@@ -110,82 +116,88 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
X ++;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ S1;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ S1;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ S1;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ S1;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ in_main;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ in_main;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ in_main;
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S_in_f_out:
- ensures aorai_CurStates ≢ S_in_f;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_in_main_out:
- ensures aorai_CurStates ≢ in_main;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) aorai_CurStates_tmp = S2;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ in_main;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ in_main;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ in_main;
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S_in_f_out:
+ ensures aorai_CurStates ≢ S_in_f;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_in_main_out:
+ ensures aorai_CurStates ≢ in_main;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) aorai_CurStates_tmp = S2;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S1;
assigns X, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
@@ -198,12 +210,12 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ assigns X; */
X ++;
/*@ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates, X; */
f();
- main_post_func(X);
+ /*@ ghost main_post_func(X); */
return X;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
index c7cdce1675e..97ad07ce779 100644
--- a/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/bts1289.0.res.oracle
@@ -14,42 +14,48 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void a_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void a_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void a_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void a_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -57,47 +63,53 @@ void a_post_func(void)
ensures 0 ≡ S; */
void a(void)
{
- a_pre_func();
- a_post_func();
+ /*@ ghost a_pre_func(); */
+ /*@ ghost a_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -105,8 +117,8 @@ void main_post_func(void)
ensures 0 ≡ S; */
void main(void)
{
- int aorai_Loop_Init_4;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_4; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_4 = 1; */
aorai_loop_4:
@@ -120,7 +132,7 @@ void main(void)
a();
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
index c9699d26a61..566b9dc7ab4 100644
--- a/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/bts1289.1.res.oracle
@@ -17,124 +17,130 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state = 0; */
/*@ ghost int aorai_intermediate_state_0 = 0; */
/*@ ghost int init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_out:
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ T;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ T;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void a_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- if (T == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- if (S == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_out:
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ T;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ T;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void a_pre_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ if (T == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ if (S == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S ∧ 0 ≡ T ∧ 0 ≡ init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ S;
-
- behavior buch_state_T_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ T;
-
- behavior buch_state_T_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void a_post_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) T_tmp = 1; else T_tmp = 0;
- if (aorai_intermediate_state_0 == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S ∧ 0 ≡ T ∧ 0 ≡ init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ T;
+
+ behavior buch_state_T_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void a_post_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) T_tmp = 1; else T_tmp = 0;
+ if (aorai_intermediate_state_0 == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ S ∨ 1 ≡ T) ∧ 0 ≡ aorai_intermediate_state ∧
@@ -169,117 +175,123 @@ void a_post_func(void)
*/
void a(void)
{
- a_pre_func();
- a_post_func();
+ /*@ ghost a_pre_func(); */
+ /*@ ghost a_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ init;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ init;
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- if (init == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ init;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ init;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ if (init == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S ∧ 0 ≡ T ∧ 0 ≡ aorai_intermediate_state ∧
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
- aorai_intermediate_state, aorai_intermediate_state_0, init;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
-
- behavior buch_state_T_out:
- ensures 0 ≡ T;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_init_out:
- ensures 0 ≡ init;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- /*@ ghost int T_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- T_tmp = T;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- init_tmp = init;
- init_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- T_tmp = 0;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- T = T_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- init = init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S ∧ 0 ≡ T ∧ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S, T,
+ aorai_intermediate_state, aorai_intermediate_state_0, init;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+
+ behavior buch_state_T_out:
+ ensures 0 ≡ T;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_init_out:
+ ensures 0 ≡ init;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ int T_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ T_tmp = T;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ init_tmp = init;
+ init_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ T_tmp = 0;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ T = T_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ init = init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ init ∧ 0 ≡ S ∧ 0 ≡ T ∧
@@ -293,8 +305,8 @@ void main_post_func(void)
*/
void main(void)
{
- int aorai_Loop_Init_4;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_4; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_4 = 1; */
aorai_loop_4:
@@ -316,7 +328,7 @@ void main(void)
a();
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle b/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
index 785558db321..f3082761950 100644
--- a/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/declared_function.res.oracle
@@ -45,52 +45,58 @@ lemma I_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Terminated ∧ __retres_f ≡ 0));
*/
/*@ ghost int aorai_CurStates = I; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_I_in:
- assumes aorai_CurStates ≡ I;
- ensures aorai_CurStates ≡ I;
-
- behavior buch_state_I_out:
- assumes aorai_CurStates ≢ I;
- ensures aorai_CurStates ≢ I;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_I_in:
+ assumes aorai_CurStates ≡ I;
+ ensures aorai_CurStates ≡ I;
+
+ behavior buch_state_I_out:
+ assumes aorai_CurStates ≢ I;
+ ensures aorai_CurStates ≢ I;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ I;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_I_in:
- assumes aorai_CurStates ≡ I;
- ensures aorai_CurStates ≡ I;
-
- behavior buch_state_I_out:
- assumes aorai_CurStates ≢ I;
- ensures aorai_CurStates ≢ I;
- */
-void main_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ I;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_I_in:
+ assumes aorai_CurStates ≡ I;
+ ensures aorai_CurStates ≡ I;
+
+ behavior buch_state_I_out:
+ assumes aorai_CurStates ≢ I;
+ ensures aorai_CurStates ≢ I;
+ @/
+ void main_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = I;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ I;
@@ -99,9 +105,9 @@ void main_post_func(void)
*/
void main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f();
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle b/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
index 5cf565f5e56..37d537ca5af 100644
--- a/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/deterministic.res.oracle
@@ -62,108 +62,114 @@ lemma S0_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Called ∧ c ≡ 0);
*/
/*@ ghost int aorai_CurStates = Si; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_in:
- assumes aorai_CurStates ≡ S3 ∧ x ≡ 4;
- ensures aorai_CurStates ≡ S4;
-
- behavior buch_state_S4_out:
- assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 4);
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_in:
- assumes aorai_CurStates ≡ S3 ∧ x ≡ 5;
- ensures aorai_CurStates ≡ S5;
-
- behavior buch_state_S5_out:
- assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 5);
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void g_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (3 == aorai_CurStates)
- if (x == 5) aorai_CurStates_tmp = S5;
- if (3 == aorai_CurStates)
- if (x == 4) aorai_CurStates_tmp = S4;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_in:
+ assumes aorai_CurStates ≡ S3 ∧ x ≡ 4;
+ ensures aorai_CurStates ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 4);
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_in:
+ assumes aorai_CurStates ≡ S3 ∧ x ≡ 5;
+ ensures aorai_CurStates ≡ S5;
+
+ behavior buch_state_S5_out:
+ assumes aorai_CurStates ≢ S3 ∨ ¬(x ≡ 5);
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void g_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (3 == aorai_CurStates)
+ if (x == 5) aorai_CurStates_tmp = S5;
+ if (3 == aorai_CurStates)
+ if (x == 4) aorai_CurStates_tmp = S4;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S4 ∨ aorai_CurStates ≡ S5;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_in:
- assumes aorai_CurStates ≡ S5;
- ensures aorai_CurStates ≡ S1;
-
- behavior buch_state_S1_out:
- assumes aorai_CurStates ≢ S5;
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_in:
- assumes aorai_CurStates ≡ S4;
- ensures aorai_CurStates ≡ S3;
-
- behavior buch_state_S3_out:
- assumes aorai_CurStates ≢ S4;
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void g_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) aorai_CurStates_tmp = S3;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = S1;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S4 ∨ aorai_CurStates ≡ S5;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_in:
+ assumes aorai_CurStates ≡ S5;
+ ensures aorai_CurStates ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes aorai_CurStates ≢ S5;
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_in:
+ assumes aorai_CurStates ≡ S4;
+ ensures aorai_CurStates ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes aorai_CurStates ≢ S4;
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void g_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) aorai_CurStates_tmp = S3;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = S1;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S3;
requires aorai_CurStates ≡ S3 ⇒ x ≡ 5 ∨ x ≡ 4;
@@ -178,104 +184,110 @@ void g_post_func(void)
*/
void g(int x)
{
- g_pre_func(x);
+ /*@ ghost g_pre_func(x); */
Y = x;
- g_post_func();
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_in:
- assumes aorai_CurStates ≡ S1 ∧ x ≡ 4;
- ensures aorai_CurStates ≡ S3;
-
- behavior buch_state_S3_out:
- assumes aorai_CurStates ≢ S1 ∨ ¬(x ≡ 4);
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (1 == aorai_CurStates)
- if (x == 4) aorai_CurStates_tmp = S3;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_in:
+ assumes aorai_CurStates ≡ S1 ∧ x ≡ 4;
+ ensures aorai_CurStates ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes aorai_CurStates ≢ S1 ∨ ¬(x ≡ 4);
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void f_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (1 == aorai_CurStates)
+ if (x == 4) aorai_CurStates_tmp = S3;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S1;
- requires aorai_CurStates ≡ S1 ⇒ res ≡ 0 ∧ X ≡ 5;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ S1 ∧ res ≡ 0 ∧ X ≡ 5;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ S1 ∨ ¬(res ≡ 0 ∧ X ≡ 5);
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void f_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (1 == aorai_CurStates)
- if (res == 0)
- if (X == 5) aorai_CurStates_tmp = S2;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S1;
+ requires aorai_CurStates ≡ S1 ⇒ res ≡ 0 ∧ X ≡ 5;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ S1 ∧ res ≡ 0 ∧ X ≡ 5;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ S1 ∨ ¬(res ≡ 0 ∧ X ≡ 5);
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void f_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (1 == aorai_CurStates)
+ if (res == 0)
+ if (X == 5) aorai_CurStates_tmp = S2;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S1;
requires aorai_CurStates ≡ S1 ⇒ x ≡ 4;
@@ -287,112 +299,118 @@ void f_post_func(int res)
int f(int x)
{
int __retres;
- f_pre_func(x);
+ /*@ ghost f_pre_func(x); */
X = x;
g(X);
X ++;
g(X);
__retres = 0;
- f_post_func(__retres);
+ /*@ ghost f_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_real_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_in:
- assumes aorai_CurStates ≡ S0 ∧ c ≢ 0;
- ensures aorai_CurStates ≡ S1;
-
- behavior buch_state_S1_out:
- assumes aorai_CurStates ≢ S0 ∨ c ≡ 0;
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_in:
- assumes aorai_CurStates ≡ S0 ∧ c ≡ 0;
- ensures aorai_CurStates ≡ S2;
-
- behavior buch_state_S2_out:
- assumes aorai_CurStates ≢ S0 ∨ ¬(c ≡ 0);
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void real_main_pre_func(int c)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_real_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (0 == aorai_CurStates)
- if (c == 0) aorai_CurStates_tmp = S2;
- if (0 == aorai_CurStates)
- if (c != 0) aorai_CurStates_tmp = S1;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_real_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_in:
+ assumes aorai_CurStates ≡ S0 ∧ c ≢ 0;
+ ensures aorai_CurStates ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes aorai_CurStates ≢ S0 ∨ c ≡ 0;
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_in:
+ assumes aorai_CurStates ≡ S0 ∧ c ≡ 0;
+ ensures aorai_CurStates ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes aorai_CurStates ≢ S0 ∨ ¬(c ≡ 0);
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void real_main_pre_func(int c)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_real_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (0 == aorai_CurStates)
+ if (c == 0) aorai_CurStates_tmp = S2;
+ if (0 == aorai_CurStates)
+ if (c != 0) aorai_CurStates_tmp = S1;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_real_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ S2;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ S2;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void real_main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_real_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_real_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ S2;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ S2;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void real_main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_real_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ S0;
requires aorai_CurStates ≡ S0 ⇒ c ≡ 0 ∨ c ≢ 0;
@@ -403,101 +421,107 @@ void real_main_post_func(int res)
int real_main(int c)
{
int __retres;
- real_main_pre_func(c);
+ /*@ ghost real_main_pre_func(c); */
if (c) f(4);
__retres = 0;
- real_main_post_func(__retres);
+ /*@ ghost real_main_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_in:
- assumes aorai_CurStates ≡ Si;
- ensures aorai_CurStates ≡ S0;
-
- behavior buch_state_S0_out:
- assumes aorai_CurStates ≢ Si;
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_out:
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (7 == aorai_CurStates) aorai_CurStates_tmp = S0;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_in:
+ assumes aorai_CurStates ≡ Si;
+ ensures aorai_CurStates ≡ S0;
+
+ behavior buch_state_S0_out:
+ assumes aorai_CurStates ≢ Si;
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_out:
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void main_pre_func(int c)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (7 == aorai_CurStates) aorai_CurStates_tmp = S0;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_S0_out:
- ensures aorai_CurStates ≢ S0;
-
- behavior buch_state_S1_out:
- ensures aorai_CurStates ≢ S1;
-
- behavior buch_state_S2_out:
- ensures aorai_CurStates ≢ S2;
-
- behavior buch_state_S3_out:
- ensures aorai_CurStates ≢ S3;
-
- behavior buch_state_S4_out:
- ensures aorai_CurStates ≢ S4;
-
- behavior buch_state_S5_out:
- ensures aorai_CurStates ≢ S5;
-
- behavior buch_state_Sf_in:
- assumes aorai_CurStates ≡ Sf;
- ensures aorai_CurStates ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes aorai_CurStates ≢ Sf;
- ensures aorai_CurStates ≢ Sf;
-
- behavior buch_state_Si_out:
- ensures aorai_CurStates ≢ Si;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (6 == aorai_CurStates) aorai_CurStates_tmp = Sf;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_S0_out:
+ ensures aorai_CurStates ≢ S0;
+
+ behavior buch_state_S1_out:
+ ensures aorai_CurStates ≢ S1;
+
+ behavior buch_state_S2_out:
+ ensures aorai_CurStates ≢ S2;
+
+ behavior buch_state_S3_out:
+ ensures aorai_CurStates ≢ S3;
+
+ behavior buch_state_S4_out:
+ ensures aorai_CurStates ≢ S4;
+
+ behavior buch_state_S5_out:
+ ensures aorai_CurStates ≢ S5;
+
+ behavior buch_state_Sf_in:
+ assumes aorai_CurStates ≡ Sf;
+ ensures aorai_CurStates ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes aorai_CurStates ≢ Sf;
+ ensures aorai_CurStates ≢ Sf;
+
+ behavior buch_state_Si_out:
+ ensures aorai_CurStates ≢ Si;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (6 == aorai_CurStates) aorai_CurStates_tmp = Sf;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ Si;
@@ -507,9 +531,9 @@ void main_post_func(int res)
int main(int c)
{
int tmp;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
tmp = real_main(c);
- main_post_func(tmp);
+ /*@ ghost main_post_func(tmp); */
return tmp;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle b/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
index 2aa1667c2d9..2e24eb7f8a7 100644
--- a/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/formals.res.oracle
@@ -76,151 +76,159 @@ lemma aorai_intermediate_state_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Terminated) ∨
\at(aorai_x,L) ≢ 1));
*/
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_x_0, aorai_x, aorai_CurOpStatus, aorai_CurOperation,
- aorai_CurStates;
-
- behavior buch_state_OK_out:
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_in_0:
- assumes aorai_CurStates ≡ main_0 ∧ x ≡ 1;
- ensures aorai_CurStates ≡ aorai_intermediate_state;
- ensures aorai_x ≡ \old(x);
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 1);
- ensures aorai_CurStates ≢ aorai_intermediate_state;
- ensures aorai_x ≡ \old(aorai_x);
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in_0:
- assumes aorai_CurStates ≡ main_0 ∧ x ≡ 3;
- ensures aorai_CurStates ≡ aorai_intermediate_state_2;
- ensures aorai_x_0 ≡ \old(x);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 3);
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
- ensures aorai_x_0 ≡ \old(aorai_x_0);
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (7 == aorai_CurStates)
- if (x == 3) {
- aorai_CurStates_tmp = aorai_intermediate_state_2;
- aorai_x_0 = x;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_x_0, aorai_x, aorai_CurOpStatus, aorai_CurOperation,
+ aorai_CurStates;
+
+ behavior buch_state_OK_out:
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_in_0:
+ assumes aorai_CurStates ≡ main_0 ∧ x ≡ 1;
+ ensures aorai_CurStates ≡ aorai_intermediate_state;
+ ensures aorai_x ≡ \old(x);
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 1);
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+ ensures aorai_x ≡ \old(aorai_x);
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in_0:
+ assumes aorai_CurStates ≡ main_0 ∧ x ≡ 3;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_2;
+ ensures aorai_x_0 ≡ \old(x);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes aorai_CurStates ≢ main_0 ∨ ¬(x ≡ 3);
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+ ensures aorai_x_0 ≡ \old(aorai_x_0);
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void f_pre_func(int x)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (7 == aorai_CurStates)
+ if (x == 3) {
+ aorai_CurStates_tmp = aorai_intermediate_state_2;
+ aorai_x_0 = x;
+ }
+ if (7 == aorai_CurStates)
+ if (x == 1) {
+ aorai_CurStates_tmp = aorai_intermediate_state;
+ aorai_x = x;
+ }
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
+
+/*@ ghost
+ /@ requires
+ aorai_CurStates ≡ aorai_intermediate_state ∨
+ aorai_CurStates ≡ aorai_intermediate_state_2;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state ⇒
+ aorai_x ≢ 1 ∨ aorai_x ≡ 1;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state_2 ⇒
+ aorai_x_0 ≢ 3 ∨ aorai_x_0 ≡ 3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes
+ aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≡ 3;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes
+ aorai_CurStates ≢ aorai_intermediate_state_2 ∨
+ ¬(aorai_x_0 ≡ 3);
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes
+ aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≡ 1;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes
+ aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≡ 1);
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ (aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≢ 3) ∨
+ (aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≢ 1);
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ (aorai_CurStates ≢ aorai_intermediate_state_2 ∨
+ ¬(aorai_x_0 ≢ 3)) ∧
+ (aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≢ 1));
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void f_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (4 == aorai_CurStates) {
+ if (aorai_x_0 != 3) aorai_CurStates_tmp = aorai_reject;
+ else goto _LAND;
}
- if (7 == aorai_CurStates)
- if (x == 1) {
- aorai_CurStates_tmp = aorai_intermediate_state;
- aorai_x = x;
+ else {
+ _LAND: ;
+ if (1 == aorai_CurStates)
+ if (aorai_x != 1) aorai_CurStates_tmp = aorai_reject;
}
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
-
-/*@ requires
- aorai_CurStates ≡ aorai_intermediate_state ∨
- aorai_CurStates ≡ aorai_intermediate_state_2;
- requires
- aorai_CurStates ≡ aorai_intermediate_state ⇒
- aorai_x ≢ 1 ∨ aorai_x ≡ 1;
- requires
- aorai_CurStates ≡ aorai_intermediate_state_2 ⇒
- aorai_x_0 ≢ 3 ∨ aorai_x_0 ≡ 3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes
- aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≡ 3;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes
- aorai_CurStates ≢ aorai_intermediate_state_2 ∨
- ¬(aorai_x_0 ≡ 3);
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≡ 1;
- ensures aorai_CurStates ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes
- aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≡ 1);
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- (aorai_CurStates ≡ aorai_intermediate_state_2 ∧ aorai_x_0 ≢ 3) ∨
- (aorai_CurStates ≡ aorai_intermediate_state ∧ aorai_x ≢ 1);
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- (aorai_CurStates ≢ aorai_intermediate_state_2 ∨
- ¬(aorai_x_0 ≢ 3)) ∧
- (aorai_CurStates ≢ aorai_intermediate_state ∨ ¬(aorai_x ≢ 1));
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void f_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (4 == aorai_CurStates) {
- if (aorai_x_0 != 3) aorai_CurStates_tmp = aorai_reject; else goto _LAND;
- }
- else {
- _LAND: ;
if (1 == aorai_CurStates)
- if (aorai_x != 1) aorai_CurStates_tmp = aorai_reject;
+ if (aorai_x == 1) aorai_CurStates_tmp = aorai_intermediate_state_0;
+ if (4 == aorai_CurStates)
+ if (aorai_x_0 == 3) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- if (1 == aorai_CurStates)
- if (aorai_x == 1) aorai_CurStates_tmp = aorai_intermediate_state_0;
- if (4 == aorai_CurStates)
- if (aorai_x_0 == 3) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+
+*/
/*@ requires aorai_CurStates ≡ main_0;
requires aorai_CurStates ≡ main_0 ⇒ x ≡ 3 ∨ x ≡ 1;
@@ -281,144 +289,152 @@ void f_post_func(int res)
*/
int f(int x)
{
- f_pre_func(x);
- f_post_func(x);
+ /*@ ghost f_pre_func(x); */
+ /*@ ghost f_post_func(x); */
return x;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_y, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes aorai_CurStates ≡ aorai_intermediate_state_0;
- ensures aorai_CurStates ≡ aorai_intermediate_state_1;
- ensures aorai_y ≡ \old(y);
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes aorai_CurStates ≢ aorai_intermediate_state_0;
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
- ensures aorai_y ≡ \old(aorai_y);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void g_pre_func(int y)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- if (2 == aorai_CurStates) {
- aorai_CurStates_tmp = aorai_intermediate_state_1;
- aorai_y = y;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_y, aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes aorai_CurStates ≡ aorai_intermediate_state_0;
+ ensures aorai_CurStates ≡ aorai_intermediate_state_1;
+ ensures aorai_y ≡ \old(y);
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes aorai_CurStates ≢ aorai_intermediate_state_0;
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+ ensures aorai_y ≡ \old(aorai_y);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void g_pre_func(int y)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ if (2 == aorai_CurStates) {
+ aorai_CurStates_tmp = aorai_intermediate_state_1;
+ aorai_y = y;
+ }
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
-/*@ requires
- aorai_CurStates ≡ OK ∨
- aorai_CurStates ≡ aorai_intermediate_state_1;
- requires
- aorai_CurStates ≡ aorai_intermediate_state_1 ⇒
- aorai_y ≢ 2 ∨ aorai_y ≡ 2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes
- (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≡ 2) ∨
- aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes
- (aorai_CurStates ≢ aorai_intermediate_state_1 ∨ ¬(aorai_y ≡ 2)) ∧
- aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- aorai_CurStates ≡ aorai_reject ∨
- (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≢ 2);
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- aorai_CurStates ≢ aorai_reject ∧
- (aorai_CurStates ≢ aorai_intermediate_state_1 ∨ ¬(aorai_y ≢ 2));
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void g_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- else
- if (3 == aorai_CurStates)
- if (aorai_y != 2) aorai_CurStates_tmp = aorai_reject;
- if (3 == aorai_CurStates) {
- if (aorai_y == 2) aorai_CurStates_tmp = OK; else goto _LAND;
- }
- else {
- _LAND: ;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+*/
+
+/*@ ghost
+ /@ requires
+ aorai_CurStates ≡ OK ∨
+ aorai_CurStates ≡ aorai_intermediate_state_1;
+ requires
+ aorai_CurStates ≡ aorai_intermediate_state_1 ⇒
+ aorai_y ≢ 2 ∨ aorai_y ≡ 2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes
+ (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≡ 2) ∨
+ aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes
+ (aorai_CurStates ≢ aorai_intermediate_state_1 ∨
+ ¬(aorai_y ≡ 2)) ∧
+ aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ aorai_CurStates ≡ aorai_reject ∨
+ (aorai_CurStates ≡ aorai_intermediate_state_1 ∧ aorai_y ≢ 2);
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ aorai_CurStates ≢ aorai_reject ∧
+ (aorai_CurStates ≢ aorai_intermediate_state_1 ∨
+ ¬(aorai_y ≢ 2));
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void g_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ else
+ if (3 == aorai_CurStates)
+ if (aorai_y != 2) aorai_CurStates_tmp = aorai_reject;
+ if (3 == aorai_CurStates) {
+ if (aorai_y == 2) aorai_CurStates_tmp = OK; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ }
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
}
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+
+*/
/*@ requires
aorai_CurStates ≡ OK ∨
@@ -451,105 +467,111 @@ void g_post_func(int res)
*/
int g(int y)
{
- g_pre_func(y);
- g_post_func(y);
+ /*@ ghost g_pre_func(y); */
+ /*@ ghost g_post_func(y); */
return y;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_out:
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_in:
- assumes aorai_CurStates ≡ init;
- ensures aorai_CurStates ≡ main_0;
-
- behavior buch_state_main_0_out:
- assumes aorai_CurStates ≢ init;
- ensures aorai_CurStates ≢ main_0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (6 == aorai_CurStates) aorai_CurStates_tmp = main_0;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_out:
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_in:
+ assumes aorai_CurStates ≡ init;
+ ensures aorai_CurStates ≡ main_0;
+
+ behavior buch_state_main_0_out:
+ assumes aorai_CurStates ≢ init;
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (6 == aorai_CurStates) aorai_CurStates_tmp = main_0;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires aorai_CurStates ≡ OK;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_OK_in:
- assumes aorai_CurStates ≡ OK;
- ensures aorai_CurStates ≡ OK;
-
- behavior buch_state_OK_out:
- assumes aorai_CurStates ≢ OK;
- ensures aorai_CurStates ≢ OK;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
-
- behavior buch_state_init_out:
- ensures aorai_CurStates ≢ init;
-
- behavior buch_state_main_0_out:
- ensures aorai_CurStates ≢ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires aorai_CurStates ≡ OK;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_OK_in:
+ assumes aorai_CurStates ≡ OK;
+ ensures aorai_CurStates ≡ OK;
+
+ behavior buch_state_OK_out:
+ assumes aorai_CurStates ≢ OK;
+ ensures aorai_CurStates ≢ OK;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+
+ behavior buch_state_init_out:
+ ensures aorai_CurStates ≢ init;
+
+ behavior buch_state_main_0_out:
+ ensures aorai_CurStates ≢ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (5 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ if (0 == aorai_CurStates) aorai_CurStates_tmp = OK;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires aorai_CurStates ≡ init;
ensures aorai_CurStates ≡ OK;
@@ -581,11 +603,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f(1);
g(2);
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle b/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
index d0d19c2132d..f256e74d9cb 100644
--- a/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/generate_assigns_bts1290.res.oracle
@@ -12,52 +12,58 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S_tmp = S;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+ @/
+ void main_pre_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S;
-
- behavior buch_state_S_in:
- assumes 1 ≡ S;
- ensures 1 ≡ S;
-
- behavior buch_state_S_out:
- assumes 0 ≡ S;
- ensures 0 ≡ S;
- */
-void main_post_func(void)
-{
- /*@ ghost int S_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S_tmp = S;
- if (S == 1) S_tmp = 1; else S_tmp = 0;
- S = S_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S;
+
+ behavior buch_state_S_in:
+ assumes 1 ≡ S;
+ ensures 1 ≡ S;
+
+ behavior buch_state_S_out:
+ assumes 0 ≡ S;
+ ensures 0 ≡ S;
+ @/
+ void main_post_func(void)
+ {
+ int S_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S_tmp = S;
+ if (S == 1) S_tmp = 1; else S_tmp = 0;
+ S = S_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S;
@@ -67,8 +73,8 @@ void main_post_func(void)
*/
void main(void)
{
- int aorai_Loop_Init_2;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_2; */
+ /*@ ghost main_pre_func(); */
int i = 0;
/*@ ghost aorai_Loop_Init_2 = 1; */
aorai_loop_2:
@@ -81,7 +87,7 @@ void main(void)
/*@ ghost aorai_Loop_Init_2 = 0; */
i ++;
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle b/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
index 094b941a28b..0043d14bb25 100644
--- a/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/goto.res.oracle
@@ -27,141 +27,147 @@ int rr = 1;
/*@ ghost int accept_S6 = 0; */
/*@ ghost int accept_all = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
- 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
+ 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧
@@ -180,147 +186,153 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_S6;
-
- behavior buch_state_accept_S6_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_S6;
+
+ behavior buch_state_accept_S6_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -335,134 +347,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -489,147 +507,153 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 60000;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S6;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S6;
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S6;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S6;
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -651,7 +675,7 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) goto L;
opc();
L4: goto L5;
@@ -667,7 +691,7 @@ int main(void)
L5: opb();
goto L6;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle b/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
index c4de6d08ef2..9025e381a6c 100644
--- a/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/hoare_seq.res.oracle
@@ -19,158 +19,164 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_1 = 0; */
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_reject = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_reject;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_intermediate_state == 1) aorai_reject_tmp = 1;
- else aorai_reject_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_1_tmp = 1;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_intermediate_state == 1) aorai_reject_tmp = 1;
+ else aorai_reject_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes 1 ≡ aorai_reject;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes 0 ≡ aorai_reject;
- ensures 0 ≡ aorai_reject;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes 1 ≡ aorai_reject;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes 0 ≡ aorai_reject;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_0 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -215,187 +221,194 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0 ∧ c > 0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0 ∨ ¬(c > 0);
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ S0 ∧ c ≤ 0;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ S0 ∨ ¬(c ≤ 0);
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_out:
- ensures 0 ≡ aorai_reject;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- aorai_reject_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (S0 == 1)
- if (c <= 0) aorai_intermediate_state_0_tmp = 1;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0 ∧ c > 0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0 ∨ ¬(c > 0);
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ S0 ∧ c ≤ 0;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ S0 ∨ ¬(c ≤ 0);
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_out:
+ ensures 0 ≡ aorai_reject;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ aorai_reject_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (S0 == 1)
+ if (c <= 0) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
else aorai_intermediate_state_0_tmp = 0;
- else aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
- 1 ≡ aorai_intermediate_state_2) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1;
- requires 1 ≡ aorai_intermediate_state_2 ⇒ res ≢ 0 ∨ res ≡ 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_reject;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- (1 ≡ aorai_intermediate_state_2 ∧ res ≡ 0) ∨
- 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- (0 ≡ aorai_intermediate_state_2 ∨ ¬(res ≡ 0)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_reject_in:
- assumes
- 1 ≡ aorai_reject ∨
- (1 ≡ aorai_intermediate_state_2 ∧ res ≢ 0) ∨
- 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- 0 ≡ aorai_reject ∧
- (0 ≡ aorai_intermediate_state_2 ∨ res ≡ 0) ∧
- 0 ≡ aorai_intermediate_state_0;
- ensures 0 ≡ aorai_reject;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_reject_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_reject_tmp = aorai_reject;
- if (aorai_intermediate_state_0 == 1) aorai_reject_tmp = 1;
- else
- if (aorai_intermediate_state_2 == 1) {
- if (res != 0) aorai_reject_tmp = 1; else goto _LAND;
- }
- else {
- _LAND: ;
- if (aorai_reject == 1) aorai_reject_tmp = 1; else aorai_reject_tmp = 0;
- }
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_2 == 1)
- if (res == 0) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_reject = aorai_reject_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
+ 1 ≡ aorai_intermediate_state_2) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1;
+ requires 1 ≡ aorai_intermediate_state_2 ⇒ res ≢ 0 ∨ res ≡ 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_reject;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ (1 ≡ aorai_intermediate_state_2 ∧ res ≡ 0) ∨
+ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_2 ∨ ¬(res ≡ 0)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ 1 ≡ aorai_reject ∨
+ (1 ≡ aorai_intermediate_state_2 ∧ res ≢ 0) ∨
+ 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ 0 ≡ aorai_reject ∧
+ (0 ≡ aorai_intermediate_state_2 ∨ res ≡ 0) ∧
+ 0 ≡ aorai_intermediate_state_0;
+ ensures 0 ≡ aorai_reject;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_reject_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_reject_tmp = aorai_reject;
+ if (aorai_intermediate_state_0 == 1) aorai_reject_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1) {
+ if (res != 0) aorai_reject_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (aorai_reject == 1) aorai_reject_tmp = 1;
+ else aorai_reject_tmp = 0;
+ }
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1)
+ if (res == 0) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_reject = aorai_reject_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -424,10 +437,10 @@ void main_post_func(int res)
int main(int c)
{
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c <= 0) f();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle b/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
index aff805d14e9..ebe6f07db4c 100644
--- a/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/incorrect.res.oracle
@@ -22,48 +22,54 @@ int f(void);
/*@ ghost enum aorai_ListOper aorai_CurOperation = op_main; */
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int aorai_CurStates = s0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_s0_out:
- ensures aorai_CurStates ≢ s0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_s0_out:
+ ensures aorai_CurStates ≢ s0;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_s0_out:
- ensures aorai_CurStates ≢ s0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_s0_out:
+ ensures aorai_CurStates ≢ s0;
+ @/
+ void main_post_func(int res)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false; */
int main(void)
{
int tmp;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
tmp = f();
- main_post_func(tmp);
+ /*@ ghost main_post_func(tmp); */
return tmp;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle b/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
index 6c2ded3fb12..a6f3f8f7d8a 100644
--- a/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/loop_bts1050.res.oracle
@@ -21,163 +21,170 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_1_in_1:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes
- (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_counter ++;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_1_in_1:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ if (aorai_counter < 5) aorai_counter ++;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1)
+ if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
else aorai_intermediate_state_1_tmp = 0;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
@@ -207,152 +214,159 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in:
- assumes 1 ≡ aorai_intermediate_state_2;
- ensures 1 ≡ aorai_intermediate_state_3;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes 0 ≡ aorai_intermediate_state_2;
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in:
+ assumes 1 ≡ aorai_intermediate_state_2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes 0 ≡ aorai_intermediate_state_2;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -368,155 +382,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -541,9 +561,9 @@ void main_post_func(int res)
*/
int main(int c)
{
- int aorai_Loop_Init_13;
+ /*@ ghost int aorai_Loop_Init_13; */
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c < 0) c = 0;
if (c > 0) c = 5;
/*@ ghost aorai_Loop_Init_13 = 1; */
@@ -581,7 +601,7 @@ int main(int c)
c --;
}
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle b/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
index 9d20f728baa..e4e6c64f81a 100644
--- a/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/monostate.res.oracle
@@ -38,70 +38,76 @@ lemma Init_deterministic_trans{L}:
\at(aorai_CurOpStatus,L) ≡ aorai_Called));
*/
/*@ ghost int aorai_CurStates = Init; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_in:
- assumes
- aorai_CurStates ≡ aorai_reject ∨
- aorai_CurStates ≡ aorai_intermediate_state;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes
- aorai_CurStates ≢ aorai_reject ∧
- aorai_CurStates ≢ aorai_intermediate_state;
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void f_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- else
- if (1 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_in:
+ assumes
+ aorai_CurStates ≡ aorai_reject ∨
+ aorai_CurStates ≡ aorai_intermediate_state;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes
+ aorai_CurStates ≢ aorai_reject ∧
+ aorai_CurStates ≢ aorai_intermediate_state;
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void f_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ else
+ if (1 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_in:
- assumes aorai_CurStates ≡ aorai_reject;
- ensures aorai_CurStates ≡ aorai_reject;
-
- behavior buch_state_aorai_reject_out:
- assumes aorai_CurStates ≢ aorai_reject;
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void f_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- aorai_CurStates_tmp = aorai_CurStates;
- if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_in:
+ assumes aorai_CurStates ≡ aorai_reject;
+ ensures aorai_CurStates ≡ aorai_reject;
+
+ behavior buch_state_aorai_reject_out:
+ assumes aorai_CurStates ≢ aorai_reject;
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void f_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ aorai_CurStates_tmp = aorai_CurStates;
+ if (2 == aorai_CurStates) aorai_CurStates_tmp = aorai_reject;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
requires
@@ -116,63 +122,69 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void main_pre_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void main_pre_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
-
- behavior buch_state_Init_out:
- ensures aorai_CurStates ≢ Init;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures aorai_CurStates ≢ aorai_intermediate_state;
-
- behavior buch_state_aorai_reject_out:
- ensures aorai_CurStates ≢ aorai_reject;
- */
-void main_post_func(void)
-{
- /*@ ghost int aorai_CurStates_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- aorai_CurStates_tmp = aorai_CurStates;
- aorai_CurStates = aorai_CurStates_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, aorai_CurStates;
+
+ behavior buch_state_Init_out:
+ ensures aorai_CurStates ≢ Init;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures aorai_CurStates ≢ aorai_intermediate_state;
+
+ behavior buch_state_aorai_reject_out:
+ ensures aorai_CurStates ≢ aorai_reject;
+ @/
+ void main_post_func(void)
+ {
+ int aorai_CurStates_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ aorai_CurStates_tmp = aorai_CurStates;
+ aorai_CurStates = aorai_CurStates_tmp;
+ return;
+ }
+
+*/
/*@ requires \false; */
void main(void)
{
- int aorai_Loop_Init_3;
- main_pre_func();
+ /*@ ghost int aorai_Loop_Init_3; */
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_3 = 1; */
aorai_loop_3:
/*@ loop invariant Aorai: aorai_CurStates ≢ Init;
@@ -183,7 +195,7 @@ void main(void)
/*@ ghost aorai_Loop_Init_3 = 0; */
f();
}
- main_post_func();
+ /*@ ghost main_post_func(); */
return;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle b/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
index c936e1183e0..ba7d90bbece 100644
--- a/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/not_prm.res.oracle
@@ -13,68 +13,74 @@ enum aorai_OpStatusList {
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S0 = 1; */
/*@ ghost int Sf = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ S0 ∧ x ≥ 4;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ S0 ∨ ¬(x ≥ 4);
- ensures 0 ≡ Sf;
- */
-void f_pre_func(int x)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- if (S0 == 1)
- if (x >= 4) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ S0 ∧ x ≥ 4;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ S0 ∨ ¬(x ≥ 4);
+ ensures 0 ≡ Sf;
+ @/
+ void f_pre_func(int x)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ if (S0 == 1)
+ if (x >= 4) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ return;
+ }
-/*@ requires 1 ≡ Sf ∧ 0 ≡ S0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ Sf;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ Sf;
- ensures 0 ≡ Sf;
- */
-void f_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- if (Sf == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ Sf ∧ 0 ≡ S0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ Sf;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ Sf;
+ ensures 0 ≡ Sf;
+ @/
+ void f_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ if (Sf == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S0 ∧ 0 ≡ Sf;
requires 1 ≡ S0 ⇒ x ≥ 4;
@@ -88,8 +94,8 @@ void f_post_func(int res)
*/
int f(int x)
{
- f_pre_func(x);
- f_post_func(x);
+ /*@ ghost f_pre_func(x); */
+ /*@ ghost f_post_func(x); */
return x;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/other.res.oracle b/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
index 70512487923..91b4e2cc2ad 100644
--- a/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/other.res.oracle
@@ -17,181 +17,187 @@ int x = 0;
/*@ ghost int init = 1; */
/*@ ghost int last = 0; */
/*@ ghost int step1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void f_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void f_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void f_post_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void f_post_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
@@ -251,187 +257,193 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
+ /*@ ghost f_pre_func(); */
x = 3;
- f_post_func();
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void g_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void g_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void g_post_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void g_post_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
@@ -491,139 +503,145 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
+ /*@ ghost g_pre_func(); */
x = 4;
- g_post_func();
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes 1 ≡ init ∧ x ≢ 3;
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes 0 ≡ init ∨ ¬(x ≢ 3);
- ensures 0 ≡ init;
-
- behavior buch_state_last_out:
- ensures 0 ≡ last;
-
- behavior buch_state_step1_out:
- ensures 0 ≡ step1;
- */
-void main_pre_func(void)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- step1_tmp = 0;
- last_tmp = 0;
- if (init == 1)
- if (x != 3) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
-
-/*@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
- requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
-
- behavior buch_state_init_in:
- assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
- ensures 1 ≡ init;
-
- behavior buch_state_init_out:
- assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
- ensures 0 ≡ init;
-
- behavior buch_state_last_in:
- assumes
- (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
- ensures 1 ≡ last;
-
- behavior buch_state_last_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
- (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
- ensures 0 ≡ last;
-
- behavior buch_state_step1_in:
- assumes
- (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
- (1 ≡ init ∧ x ≡ 3);
- ensures 1 ≡ step1;
-
- behavior buch_state_step1_out:
- assumes
- (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
- (0 ≡ init ∨ ¬(x ≡ 3));
- ensures 0 ≡ step1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int init_tmp; */
- /*@ ghost int last_tmp; */
- /*@ ghost int step1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- init_tmp = init;
- last_tmp = last;
- step1_tmp = step1;
- if (init == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND_0;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes 1 ≡ init ∧ x ≢ 3;
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes 0 ≡ init ∨ ¬(x ≢ 3);
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_out:
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_out:
+ ensures 0 ≡ step1;
+ @/
+ void main_pre_func(void)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ step1_tmp = 0;
+ last_tmp = 0;
+ if (init == 1)
+ if (x != 3) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- else {
- _LAND_0: ;
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ init ∨ 1 ≡ last ∨ 1 ≡ step1;
+ requires 1 ≡ last ⇒ x ≡ 3 ∨ (x ≢ 4 ∧ x ≢ 3) ∨ x ≡ 4;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, init, last, step1;
+
+ behavior buch_state_init_in:
+ assumes (1 ≡ last ∧ x ≡ 4) ∨ (1 ≡ init ∧ x ≢ 3);
+ ensures 1 ≡ init;
+
+ behavior buch_state_init_out:
+ assumes (0 ≡ last ∨ ¬(x ≡ 4)) ∧ (0 ≡ init ∨ ¬(x ≢ 3));
+ ensures 0 ≡ init;
+
+ behavior buch_state_last_in:
+ assumes
+ (1 ≡ step1 ∧ x ≡ 4) ∨ (1 ≡ last ∧ x ≢ 4 ∧ x ≢ 3);
+ ensures 1 ≡ last;
+
+ behavior buch_state_last_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≡ 4)) ∧
+ (0 ≡ last ∨ ¬(x ≢ 4 ∧ x ≢ 3));
+ ensures 0 ≡ last;
+
+ behavior buch_state_step1_in:
+ assumes
+ (1 ≡ step1 ∧ x ≢ 4) ∨ (1 ≡ last ∧ x ≡ 3) ∨
+ (1 ≡ init ∧ x ≡ 3);
+ ensures 1 ≡ step1;
+
+ behavior buch_state_step1_out:
+ assumes
+ (0 ≡ step1 ∨ ¬(x ≢ 4)) ∧ (0 ≡ last ∨ ¬(x ≡ 3)) ∧
+ (0 ≡ init ∨ ¬(x ≡ 3));
+ ensures 0 ≡ step1;
+ @/
+ void main_post_func(int res)
+ {
+ int init_tmp;
+ int last_tmp;
+ int step1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ init_tmp = init;
+ last_tmp = last;
+ step1_tmp = step1;
+ if (init == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (last == 1) {
+ if (x == 3) step1_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (step1 == 1)
+ if (x != 4) step1_tmp = 1; else step1_tmp = 0;
+ else step1_tmp = 0;
+ }
+ }
if (last == 1) {
- if (x == 3) step1_tmp = 1; else goto _LAND;
+ if (x != 4) {
+ if (x != 3) last_tmp = 1; else goto _LAND_1;
+ }
+ else goto _LAND_1;
}
else {
- _LAND: ;
+ _LAND_1: ;
if (step1 == 1)
- if (x != 4) step1_tmp = 1; else step1_tmp = 0;
- else step1_tmp = 0;
+ if (x == 4) last_tmp = 1; else last_tmp = 0;
+ else last_tmp = 0;
}
- }
- if (last == 1) {
- if (x != 4) {
- if (x != 3) last_tmp = 1; else goto _LAND_1;
+ if (init == 1) {
+ if (x != 3) init_tmp = 1; else goto _LAND_2;
}
- else goto _LAND_1;
- }
- else {
- _LAND_1: ;
- if (step1 == 1)
- if (x == 4) last_tmp = 1; else last_tmp = 0;
- else last_tmp = 0;
- }
- if (init == 1) {
- if (x != 3) init_tmp = 1; else goto _LAND_2;
- }
- else {
- _LAND_2: ;
- if (last == 1)
- if (x == 4) init_tmp = 1; else init_tmp = 0;
- else init_tmp = 0;
+ else {
+ _LAND_2: ;
+ if (last == 1)
+ if (x == 4) init_tmp = 1; else init_tmp = 0;
+ else init_tmp = 0;
+ }
+ init = init_tmp;
+ last = last_tmp;
+ step1 = step1_tmp;
+ return;
}
- init = init_tmp;
- last = last_tmp;
- step1 = step1_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ init ∧ 0 ≡ last ∧ 0 ≡ step1;
requires 1 ≡ init ⇒ x ≢ 3;
@@ -644,12 +662,12 @@ void main_post_func(int res)
*/
int main(void)
{
- main_pre_func();
+ /*@ ghost main_pre_func(); */
f();
g();
f();
g();
- main_post_func(x);
+ /*@ ghost main_post_func(x); */
return x;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle b/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
index 0feb9f18cab..6640fa2d480 100644
--- a/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/seq.res.oracle
@@ -21,147 +21,154 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -178,176 +185,183 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in_0:
- assumes 1 ≡ aorai_intermediate_state_2 ∧ aorai_counter < 2;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_3_in_1:
- assumes 1 ≡ aorai_intermediate_state_0;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_3_in_2:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes
- (0 ≡ aorai_intermediate_state_2 ∨ ¬(aorai_counter < 2)) ∧
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_3;
- ensures aorai_counter ≡ \old(aorai_counter);
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1)
- if (aorai_counter < 2) aorai_counter ++;
- if (aorai_intermediate_state_0 == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_3_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_3_tmp = 1;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in_0:
+ assumes 1 ≡ aorai_intermediate_state_2 ∧ aorai_counter < 2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_3_in_1:
+ assumes 1 ≡ aorai_intermediate_state_0;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_3_in_2:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_2 ∨ ¬(aorai_counter < 2)) ∧
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_counter ≡ \old(aorai_counter);
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1)
+ if (aorai_counter < 2) aorai_counter ++;
+ if (aorai_intermediate_state_0 == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_3_tmp = 1;
else
- if (aorai_intermediate_state_2 == 1)
- if (aorai_counter < 2) aorai_intermediate_state_3_tmp = 1;
+ if (aorai_intermediate_state_0 == 1) aorai_intermediate_state_3_tmp = 1;
+ else
+ if (aorai_intermediate_state_2 == 1)
+ if (aorai_counter < 2) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
else aorai_intermediate_state_3_tmp = 0;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0 ∨
@@ -387,154 +401,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_3;
- requires 1 ≡ aorai_intermediate_state_2 ⇒ 1 ≤ aorai_counter;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ aorai_intermediate_state_2 ∧ 1 ≤ aorai_counter;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ aorai_intermediate_state_2 ∨ ¬(1 ≤ aorai_counter);
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state_2 == 1)
- if (1 <= aorai_counter) Sf_tmp = 1; else Sf_tmp = 0;
- else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_3;
+ requires 1 ≡ aorai_intermediate_state_2 ⇒ 1 ≤ aorai_counter;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ aorai_intermediate_state_2 ∧ 1 ≤ aorai_counter;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ aorai_intermediate_state_2 ∨ ¬(1 ≤ aorai_counter);
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state_2 == 1)
+ if (1 <= aorai_counter) Sf_tmp = 1; else Sf_tmp = 0;
+ else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -558,12 +579,12 @@ void main_post_func(int res)
int main(int c)
{
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c) f();
g();
if (c) g();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle b/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
index d846ff2ed1d..b71bd8809d2 100644
--- a/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/seq_loop.res.oracle
@@ -21,163 +21,170 @@ enum aorai_OpStatusList {
/*@ ghost int aorai_intermediate_state_2 = 0; */
/*@ ghost int aorai_intermediate_state_3 = 0; */
/*@ ghost int aorai_counter = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_in_0:
- assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter) + 1;
-
- behavior buch_state_aorai_intermediate_state_1_in_1:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ 1;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- assumes
- (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
- 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ aorai_intermediate_state_1;
- ensures aorai_counter ≡ \old(aorai_counter);
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_counter ++;
- if (aorai_intermediate_state == 1) aorai_counter = 1;
- if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_counter, aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_in_0:
+ assumes 1 ≡ aorai_intermediate_state_0 ∧ aorai_counter < 5;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter) + 1;
+
+ behavior buch_state_aorai_intermediate_state_1_in_1:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ 1;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ assumes
+ (0 ≡ aorai_intermediate_state_0 ∨ ¬(aorai_counter < 5)) ∧
+ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ aorai_intermediate_state_1;
+ ensures aorai_counter ≡ \old(aorai_counter);
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
if (aorai_intermediate_state_0 == 1)
- if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ if (aorai_counter < 5) aorai_counter ++;
+ if (aorai_intermediate_state == 1) aorai_counter = 1;
+ if (aorai_intermediate_state == 1) aorai_intermediate_state_1_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1)
+ if (aorai_counter < 5) aorai_intermediate_state_1_tmp = 1;
+ else aorai_intermediate_state_1_tmp = 0;
else aorai_intermediate_state_1_tmp = 0;
- else aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_f;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_in:
- assumes 1 ≡ aorai_intermediate_state_1;
- ensures 1 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- assumes 0 ≡ aorai_intermediate_state_1;
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void f_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_f;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
- else aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_1 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_f;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_in:
+ assumes 1 ≡ aorai_intermediate_state_1;
+ ensures 1 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ assumes 0 ≡ aorai_intermediate_state_1;
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void f_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_f;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ if (aorai_intermediate_state_1 == 1) aorai_intermediate_state_2_tmp = 1;
+ else aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
@@ -207,152 +214,159 @@ void f_post_func(void)
*/
void f(void)
{
- f_pre_func();
- f_post_func();
+ /*@ ghost f_pre_func(); */
+ /*@ ghost f_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_in:
- assumes 1 ≡ aorai_intermediate_state_2;
- ensures 1 ≡ aorai_intermediate_state_3;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- assumes 0 ≡ aorai_intermediate_state_2;
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
- else aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_in:
+ assumes 1 ≡ aorai_intermediate_state_2;
+ ensures 1 ≡ aorai_intermediate_state_3;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ assumes 0 ≡ aorai_intermediate_state_2;
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ if (aorai_intermediate_state_2 == 1) aorai_intermediate_state_3_tmp = 1;
+ else aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
- 0 ≡ aorai_intermediate_state ∧ 0 ≡ aorai_intermediate_state_0 ∧
- 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_g;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_in:
- assumes 1 ≡ aorai_intermediate_state_3;
- ensures 1 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- assumes 0 ≡ aorai_intermediate_state_3;
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void g_post_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_g;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
- else aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ aorai_intermediate_state_3 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
+ 0 ≡ aorai_intermediate_state ∧
+ 0 ≡ aorai_intermediate_state_0 ∧
+ 0 ≡ aorai_intermediate_state_1 ∧ 0 ≡ aorai_intermediate_state_2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_g;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_in:
+ assumes 1 ≡ aorai_intermediate_state_3;
+ ensures 1 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ assumes 0 ≡ aorai_intermediate_state_3;
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void g_post_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_g;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ if (aorai_intermediate_state_3 == 1) aorai_intermediate_state_0_tmp = 1;
+ else aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ aorai_intermediate_state_2 ∧ 0 ≡ S0 ∧ 0 ≡ Sf ∧
@@ -368,155 +382,161 @@ void g_post_func(void)
*/
void g(void)
{
- g_pre_func();
- g_post_func();
+ /*@ ghost g_pre_func(); */
+ /*@ ghost g_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_pre_func(int c)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_pre_func(int c)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
- 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
- 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state, aorai_intermediate_state_0,
- aorai_intermediate_state_1, aorai_intermediate_state_2,
- aorai_intermediate_state_3;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes
- 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes
- 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_0_out:
- ensures 0 ≡ aorai_intermediate_state_0;
-
- behavior buch_state_aorai_intermediate_state_1_out:
- ensures 0 ≡ aorai_intermediate_state_1;
-
- behavior buch_state_aorai_intermediate_state_2_out:
- ensures 0 ≡ aorai_intermediate_state_2;
-
- behavior buch_state_aorai_intermediate_state_3_out:
- ensures 0 ≡ aorai_intermediate_state_3;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- /*@ ghost int aorai_intermediate_state_0_tmp; */
- /*@ ghost int aorai_intermediate_state_1_tmp; */
- /*@ ghost int aorai_intermediate_state_2_tmp; */
- /*@ ghost int aorai_intermediate_state_3_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
- aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
- aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
- aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
- aorai_intermediate_state_3_tmp = 0;
- aorai_intermediate_state_2_tmp = 0;
- aorai_intermediate_state_1_tmp = 0;
- aorai_intermediate_state_0_tmp = 0;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1;
- else
- if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
- aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
- aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
- aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ aorai_intermediate_state ∨ 1 ≡ aorai_intermediate_state_0) ∧
+ 0 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state_1 ∧
+ 0 ≡ aorai_intermediate_state_2 ∧ 0 ≡ aorai_intermediate_state_3;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state, aorai_intermediate_state_0,
+ aorai_intermediate_state_1, aorai_intermediate_state_2,
+ aorai_intermediate_state_3;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes
+ 1 ≡ aorai_intermediate_state_0 ∨ 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes
+ 0 ≡ aorai_intermediate_state_0 ∧ 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_0_out:
+ ensures 0 ≡ aorai_intermediate_state_0;
+
+ behavior buch_state_aorai_intermediate_state_1_out:
+ ensures 0 ≡ aorai_intermediate_state_1;
+
+ behavior buch_state_aorai_intermediate_state_2_out:
+ ensures 0 ≡ aorai_intermediate_state_2;
+
+ behavior buch_state_aorai_intermediate_state_3_out:
+ ensures 0 ≡ aorai_intermediate_state_3;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ int aorai_intermediate_state_0_tmp;
+ int aorai_intermediate_state_1_tmp;
+ int aorai_intermediate_state_2_tmp;
+ int aorai_intermediate_state_3_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_0_tmp = aorai_intermediate_state_0;
+ aorai_intermediate_state_1_tmp = aorai_intermediate_state_1;
+ aorai_intermediate_state_2_tmp = aorai_intermediate_state_2;
+ aorai_intermediate_state_3_tmp = aorai_intermediate_state_3;
+ aorai_intermediate_state_3_tmp = 0;
+ aorai_intermediate_state_2_tmp = 0;
+ aorai_intermediate_state_1_tmp = 0;
+ aorai_intermediate_state_0_tmp = 0;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1;
+ else
+ if (aorai_intermediate_state_0 == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ aorai_intermediate_state_0 = aorai_intermediate_state_0_tmp;
+ aorai_intermediate_state_1 = aorai_intermediate_state_1_tmp;
+ aorai_intermediate_state_2 = aorai_intermediate_state_2_tmp;
+ aorai_intermediate_state_3 = aorai_intermediate_state_3_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state ∧
@@ -545,9 +565,9 @@ void main_post_func(int res)
*/
int main(int c)
{
- int aorai_Loop_Init_14;
+ /*@ ghost int aorai_Loop_Init_14; */
int __retres;
- main_pre_func(c);
+ /*@ ghost main_pre_func(c); */
if (c < 0) c = 0;
if (c > 5) c = 5;
/*@ assert 0 ≤ c ≤ 5; */ ;
@@ -592,7 +612,7 @@ int main(int c)
c --;
}
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle b/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
index 5f8d466d224..cfb4234eb0c 100644
--- a/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/single_call.res.oracle
@@ -14,83 +14,89 @@ enum aorai_OpStatusList {
/*@ ghost int S0 = 1; */
/*@ ghost int Sf = 0; */
/*@ ghost int aorai_intermediate_state = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_out:
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_in:
- assumes 1 ≡ S0;
- ensures 1 ≡ aorai_intermediate_state;
-
- behavior buch_state_aorai_intermediate_state_out:
- assumes 0 ≡ S0;
- ensures 0 ≡ aorai_intermediate_state;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- if (S0 == 1) aorai_intermediate_state_tmp = 1;
- else aorai_intermediate_state_tmp = 0;
- Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_out:
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_in:
+ assumes 1 ≡ S0;
+ ensures 1 ≡ aorai_intermediate_state;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ assumes 0 ≡ S0;
+ ensures 0 ≡ aorai_intermediate_state;
+ @/
+ void main_pre_func(void)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ if (S0 == 1) aorai_intermediate_state_tmp = 1;
+ else aorai_intermediate_state_tmp = 0;
+ Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ return;
+ }
-/*@ requires 1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
- aorai_intermediate_state;
-
- behavior buch_state_S0_out:
- ensures 0 ≡ S0;
-
- behavior buch_state_Sf_in:
- assumes 1 ≡ aorai_intermediate_state;
- ensures 1 ≡ Sf;
-
- behavior buch_state_Sf_out:
- assumes 0 ≡ aorai_intermediate_state;
- ensures 0 ≡ Sf;
-
- behavior buch_state_aorai_intermediate_state_out:
- ensures 0 ≡ aorai_intermediate_state;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S0_tmp; */
- /*@ ghost int Sf_tmp; */
- /*@ ghost int aorai_intermediate_state_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S0_tmp = S0;
- Sf_tmp = Sf;
- aorai_intermediate_state_tmp = aorai_intermediate_state;
- aorai_intermediate_state_tmp = 0;
- if (aorai_intermediate_state == 1) Sf_tmp = 1; else Sf_tmp = 0;
- S0_tmp = 0;
- S0 = S0_tmp;
- Sf = Sf_tmp;
- aorai_intermediate_state = aorai_intermediate_state_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ aorai_intermediate_state ∧ 0 ≡ S0 ∧ 0 ≡ Sf;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S0, Sf,
+ aorai_intermediate_state;
+
+ behavior buch_state_S0_out:
+ ensures 0 ≡ S0;
+
+ behavior buch_state_Sf_in:
+ assumes 1 ≡ aorai_intermediate_state;
+ ensures 1 ≡ Sf;
+
+ behavior buch_state_Sf_out:
+ assumes 0 ≡ aorai_intermediate_state;
+ ensures 0 ≡ Sf;
+
+ behavior buch_state_aorai_intermediate_state_out:
+ ensures 0 ≡ aorai_intermediate_state;
+ @/
+ void main_post_func(int res)
+ {
+ int S0_tmp;
+ int Sf_tmp;
+ int aorai_intermediate_state_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S0_tmp = S0;
+ Sf_tmp = Sf;
+ aorai_intermediate_state_tmp = aorai_intermediate_state;
+ aorai_intermediate_state_tmp = 0;
+ if (aorai_intermediate_state == 1) Sf_tmp = 1; else Sf_tmp = 0;
+ S0_tmp = 0;
+ S0 = S0_tmp;
+ Sf = Sf_tmp;
+ aorai_intermediate_state = aorai_intermediate_state_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S0 ∧ 0 ≡ Sf ∧ 0 ≡ aorai_intermediate_state;
@@ -104,9 +110,9 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
index d703a2229a9..3e646c93b8a 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_acces_params.res.oracle
@@ -23,128 +23,134 @@ int rr = 1;
/*@ ghost int S4 = 0; */
/*@ ghost int SF = 0; */
/*@ ghost int mainst = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ i ≥ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ ¬(i ≥ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opa_pre_func(int i, int j)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- if (S1 == 1)
- if (i >= 0) S2_tmp = 1; else S2_tmp = 0;
- else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ i ≥ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ ¬(i ≥ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opa_pre_func(int i, int j)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ if (S1 == 1)
+ if (i >= 0) S2_tmp = 1; else S2_tmp = 0;
+ else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
- 0 ≡ mainst;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_in:
- assumes 1 ≡ S2;
- ensures 1 ≡ S3;
-
- behavior buch_state_S3_out:
- assumes 0 ≡ S2;
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opa_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- if (S2 == 1) S3_tmp = 1; else S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
+ 0 ≡ mainst;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_in:
+ assumes 1 ≡ S2;
+ ensures 1 ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes 0 ≡ S2;
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opa_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ if (S2 == 1) S3_tmp = 1; else S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
@@ -162,135 +168,141 @@ void opa_post_func(void)
*/
void opa(int i, int j)
{
- opa_pre_func(i,j);
+ /*@ ghost opa_pre_func(i,j); */
rr = i + j;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_in:
- assumes 1 ≡ S3;
- ensures 1 ≡ S4;
-
- behavior buch_state_S4_out:
- assumes 0 ≡ S3;
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- if (S3 == 1) S4_tmp = 1; else S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_in:
+ assumes 1 ≡ S3;
+ ensures 1 ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes 0 ≡ S3;
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opb_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ if (S3 == 1) S4_tmp = 1; else S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ SF ∧
- 0 ≡ mainst;
- requires 1 ≡ S4 ⇒ res > 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_in:
- assumes 1 ≡ S4 ∧ res > 0;
- ensures 1 ≡ SF;
-
- behavior buch_state_SF_out:
- assumes 0 ≡ S4 ∨ ¬(res > 0);
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void opb_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- if (S4 == 1)
- if (res > 0) SF_tmp = 1; else SF_tmp = 0;
- else SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ SF ∧
+ 0 ≡ mainst;
+ requires 1 ≡ S4 ⇒ res > 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_in:
+ assumes 1 ≡ S4 ∧ res > 0;
+ ensures 1 ≡ SF;
+
+ behavior buch_state_SF_out:
+ assumes 0 ≡ S4 ∨ ¬(res > 0);
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void opb_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ if (S4 == 1)
+ if (res > 0) SF_tmp = 1; else SF_tmp = 0;
+ else SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ SF ∧
@@ -305,133 +317,139 @@ void opb_post_func(int res)
int opb(void)
{
int __retres;
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
__retres = status * 3;
- opb_post_func(__retres);
+ /*@ ghost opb_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ mainst;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ mainst;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_out:
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- if (mainst == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ mainst;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ mainst;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_out:
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ if (mainst == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ SF ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ mainst;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
- mainst;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_SF_in:
- assumes 1 ≡ SF;
- ensures 1 ≡ SF;
-
- behavior buch_state_SF_out:
- assumes 0 ≡ SF;
- ensures 0 ≡ SF;
-
- behavior buch_state_mainst_out:
- ensures 0 ≡ mainst;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int SF_tmp; */
- /*@ ghost int mainst_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- SF_tmp = SF;
- mainst_tmp = mainst;
- mainst_tmp = 0;
- if (SF == 1) SF_tmp = 1; else SF_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- SF = SF_tmp;
- mainst = mainst_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ SF ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ mainst;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, SF,
+ mainst;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_SF_in:
+ assumes 1 ≡ SF;
+ ensures 1 ≡ SF;
+
+ behavior buch_state_SF_out:
+ assumes 0 ≡ SF;
+ ensures 0 ≡ SF;
+
+ behavior buch_state_mainst_out:
+ ensures 0 ≡ mainst;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int SF_tmp;
+ int mainst_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ SF_tmp = SF;
+ mainst_tmp = mainst;
+ mainst_tmp = 0;
+ if (SF == 1) SF_tmp = 1; else SF_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ SF = SF_tmp;
+ mainst = mainst_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ mainst ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
@@ -445,11 +463,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) opa(rr,300);
rr = opb();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
index 92799624f78..a45dd2a4943 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_acces_params2.res.oracle
@@ -24,145 +24,151 @@ int rr = 1;
/*@ ghost int S5 = 0; */
/*@ ghost int S6 = 0; */
/*@ ghost int S7 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_in:
- assumes 1 ≡ S2 ∧ r ≥ 0;
- ensures 1 ≡ S3;
-
- behavior buch_state_S3_out:
- assumes 0 ≡ S2 ∨ ¬(r ≥ 0);
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opa_pre_func(int r)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- if (S2 == 1)
- if (r >= 0) S3_tmp = 1; else S3_tmp = 0;
- else S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_in:
+ assumes 1 ≡ S2 ∧ r ≥ 0;
+ ensures 1 ≡ S3;
+
+ behavior buch_state_S3_out:
+ assumes 0 ≡ S2 ∨ ¬(r ≥ 0);
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opa_pre_func(int r)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ if (S2 == 1)
+ if (r >= 0) S3_tmp = 1; else S3_tmp = 0;
+ else S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
- 0 ≡ S6 ∧ 0 ≡ S7;
- requires 1 ≡ S3 ⇒ res ≤ 5000;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_in:
- assumes 1 ≡ S3 ∧ res ≤ 5000;
- ensures 1 ≡ S4;
-
- behavior buch_state_S4_out:
- assumes 0 ≡ S3 ∨ ¬(res ≤ 5000);
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opa_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- if (S3 == 1)
- if (res <= 5000) S4_tmp = 1; else S4_tmp = 0;
- else S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S3 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
+ 0 ≡ S6 ∧ 0 ≡ S7;
+ requires 1 ≡ S3 ⇒ res ≤ 5000;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_in:
+ assumes 1 ≡ S3 ∧ res ≤ 5000;
+ ensures 1 ≡ S4;
+
+ behavior buch_state_S4_out:
+ assumes 0 ≡ S3 ∨ ¬(res ≤ 5000);
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opa_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ if (S3 == 1)
+ if (res <= 5000) S4_tmp = 1; else S4_tmp = 0;
+ else S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S2 ∧ 0 ≡ S1 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
@@ -183,146 +189,152 @@ void opa_post_func(int res)
int opa(int r)
{
int __retres;
- opa_pre_func(r);
+ /*@ ghost opa_pre_func(r); */
__retres = r + 1;
- opa_post_func(__retres);
+ /*@ ghost opa_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_in:
- assumes 1 ≡ S4;
- ensures 1 ≡ S5;
-
- behavior buch_state_S5_out:
- assumes 0 ≡ S4;
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- if (S4 == 1) S5_tmp = 1; else S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_in:
+ assumes 1 ≡ S4;
+ ensures 1 ≡ S5;
+
+ behavior buch_state_S5_out:
+ assumes 0 ≡ S4;
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opb_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ if (S4 == 1) S5_tmp = 1; else S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S5 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ S6 ∧ 0 ≡ S7;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_in:
- assumes 1 ≡ S5;
- ensures 1 ≡ S6;
-
- behavior buch_state_S6_out:
- assumes 0 ≡ S5;
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opb_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- if (S5 == 1) S6_tmp = 1; else S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S5 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ S6 ∧ 0 ≡ S7;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_in:
+ assumes 1 ≡ S5;
+ ensures 1 ≡ S6;
+
+ behavior buch_state_S6_out:
+ assumes 0 ≡ S5;
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opb_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ if (S5 == 1) S6_tmp = 1; else S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S4 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S5 ∧
@@ -340,134 +352,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
if (rr < 4998) rr += 2;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opc_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void opc_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void opc_post_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -497,146 +515,152 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 600;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_out:
- ensures 0 ≡ S7;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_out:
+ ensures 0 ≡ S7;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ S6 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
- 0 ≡ S5 ∧ 0 ≡ S7;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
- S7;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_S3_out:
- ensures 0 ≡ S3;
-
- behavior buch_state_S4_out:
- ensures 0 ≡ S4;
-
- behavior buch_state_S5_out:
- ensures 0 ≡ S5;
-
- behavior buch_state_S6_out:
- ensures 0 ≡ S6;
-
- behavior buch_state_S7_in:
- assumes 1 ≡ S6;
- ensures 1 ≡ S7;
-
- behavior buch_state_S7_out:
- assumes 0 ≡ S6;
- ensures 0 ≡ S7;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int S3_tmp; */
- /*@ ghost int S4_tmp; */
- /*@ ghost int S5_tmp; */
- /*@ ghost int S6_tmp; */
- /*@ ghost int S7_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- S3_tmp = S3;
- S4_tmp = S4;
- S5_tmp = S5;
- S6_tmp = S6;
- S7_tmp = S7;
- if (S6 == 1) S7_tmp = 1; else S7_tmp = 0;
- S6_tmp = 0;
- S5_tmp = 0;
- S4_tmp = 0;
- S3_tmp = 0;
- S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- S3 = S3_tmp;
- S4 = S4_tmp;
- S5 = S5_tmp;
- S6 = S6_tmp;
- S7 = S7_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ S6 ∧ 0 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧
+ 0 ≡ S5 ∧ 0 ≡ S7;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, S3, S4, S5, S6,
+ S7;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_S3_out:
+ ensures 0 ≡ S3;
+
+ behavior buch_state_S4_out:
+ ensures 0 ≡ S4;
+
+ behavior buch_state_S5_out:
+ ensures 0 ≡ S5;
+
+ behavior buch_state_S6_out:
+ ensures 0 ≡ S6;
+
+ behavior buch_state_S7_in:
+ assumes 1 ≡ S6;
+ ensures 1 ≡ S7;
+
+ behavior buch_state_S7_out:
+ assumes 0 ≡ S6;
+ ensures 0 ≡ S7;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int S3_tmp;
+ int S4_tmp;
+ int S5_tmp;
+ int S6_tmp;
+ int S7_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ S3_tmp = S3;
+ S4_tmp = S4;
+ S5_tmp = S5;
+ S6_tmp = S6;
+ S7_tmp = S7;
+ if (S6 == 1) S7_tmp = 1; else S7_tmp = 0;
+ S6_tmp = 0;
+ S5_tmp = 0;
+ S4_tmp = 0;
+ S3_tmp = 0;
+ S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ S3 = S3_tmp;
+ S4 = S4_tmp;
+ S5 = S5_tmp;
+ S6 = S6_tmp;
+ S7 = S7_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ S3 ∧ 0 ≡ S4 ∧ 0 ≡ S5 ∧
@@ -652,13 +676,13 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
if (rr < 5000) rr = opa(rr);
opb();
goto L6;
opc();
L6: __retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
index 538051ad551..a418b2f7c9e 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle.res.oracle
@@ -21,82 +21,90 @@ extern int call_to_an_undefined_function(void);
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void a_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_a;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void a_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_a;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_a;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void a_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_a;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_a;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void a_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_a;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
/*@ requires (1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init;
requires 1 ≡ accept_S1 ∨ 0 ≡ accept_S1;
@@ -111,88 +119,96 @@ void a_post_func(int res)
int a(void)
{
int __retres;
- a_pre_func();
+ /*@ ghost a_pre_func(); */
__retres = 1;
- a_post_func(__retres);
+ /*@ ghost a_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_b;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void b_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_b;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_b;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void b_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_b;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_b;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void b_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_b;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_b;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void b_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_b;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init;
requires 1 ≡ accept_S1 ∨ 0 ≡ accept_S1;
@@ -207,87 +223,95 @@ void b_post_func(int res)
int b(void)
{
int __retres;
- b_pre_func();
+ /*@ ghost b_pre_func(); */
call_to_an_undefined_function();
__retres = 2;
- b_post_func(__retres);
+ /*@ ghost b_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
requires \true;
@@ -302,9 +326,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int tmp_1;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
int x = a();
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
@@ -327,7 +351,7 @@ int main(void)
}
}
tmp_1 = a();
- main_post_func(tmp_1);
+ /*@ ghost main_post_func(tmp_1); */
return tmp_1;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
index 272eb96f193..4fd824e2ad3 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle1.res.oracle
@@ -24,112 +24,118 @@ int status = 0;
/*@ ghost int accept_S3 = 0; */
/*@ ghost int accept_S4 = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_commit_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void commit_trans_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_commit_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S4 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_commit_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void commit_trans_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_commit_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S4 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_commit_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void commit_trans_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_commit_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_commit_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void commit_trans_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_commit_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧
@@ -148,128 +154,134 @@ void commit_trans_post_func(int res)
int commit_trans(void)
{
int __retres;
- commit_trans_pre_func();
+ /*@ ghost commit_trans_pre_func(); */
__retres = 1;
- commit_trans_post_func(__retres);
+ /*@ ghost commit_trans_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_init_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void init_trans_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_init_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_init_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void init_trans_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_init_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- requires 1 ≡ accept_S2 ⇒ status ≢ 0 ∨ status ≡ 0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_init_trans;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∧ status ≡ 0;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∨ ¬(status ≡ 0);
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S2 ∧ status ≢ 0;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S2 ∨ status ≡ 0;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void init_trans_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_init_trans;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S2 == 1)
- if (status != 0) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_S2 == 1)
- if (status == 0) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ requires 1 ≡ accept_S2 ⇒ status ≢ 0 ∨ status ≡ 0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_init_trans;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∧ status ≡ 0;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∨ ¬(status ≡ 0);
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S2 ∧ status ≢ 0;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S2 ∨ status ≡ 0;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void init_trans_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_init_trans;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S2 == 1)
+ if (status != 0) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_S2 == 1)
+ if (status == 0) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
@@ -291,128 +303,134 @@ void init_trans_post_func(int res)
int init_trans(void)
{
int __retres;
- init_trans_pre_func();
+ /*@ ghost init_trans_pre_func(); */
__retres = 1;
- init_trans_post_func(__retres);
+ /*@ ghost init_trans_post_func(__retres); */
return __retres;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_S3, accept_S4, accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_S3, accept_S4, accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧
@@ -436,9 +454,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
cpt = 3;
status = 0;
/*@ ghost aorai_Loop_Init_7 = 1; */
@@ -466,7 +484,7 @@ int main(void)
goto return_label;
label_ok: __retres = 1;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
index 4f101eb24f6..4b6cca74dbc 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle2.res.oracle
@@ -23,133 +23,139 @@ int rr = 1;
/*@ ghost int accept_S4 = 0; */
/*@ ghost int accept_S5 = 0; */
/*@ ghost int accept_all = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ T0_S2 ∧ rr ≡ 51;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ T0_S2 ∨ ¬(rr ≡ 51);
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_post_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (T0_S2 == 1)
- if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- else accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ T0_S2 ∧ rr ≡ 51;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ T0_S2 ∨ ¬(rr ≡ 51);
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_post_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (T0_S2 == 1)
+ if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ else accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -170,132 +176,138 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S4 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
- 0 ≡ accept_S3 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_post_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S4 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_post_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S3 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
@@ -309,132 +321,138 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
- 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧ 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S3,
- accept_S4, accept_S5, accept_all;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_all;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_all_tmp = accept_all;
- if (accept_S5 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S3, accept_S4, accept_S5, accept_all;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_all;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_all_tmp = accept_all;
+ if (accept_S5 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S3 ∧
@@ -453,9 +471,9 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
/*@ loop invariant 0 ≤ rr ≤ 50;
@@ -479,7 +497,7 @@ int main(void)
/*@ ghost int tmp = 1; */
/*@ ghost tmp = 0; */
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
index 02a0be5d77b..611da850e54 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle3.res.oracle
@@ -22,122 +22,128 @@ int rr = 1;
/*@ ghost int T1_S2 = 0; */
/*@ ghost int accept_S3 = 0; */
/*@ ghost int accept_all = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T1_S2;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T1_S2;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T1_S2;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T1_S2;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T1_S2;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T1_S2;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opa_post_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧
+ 0 ≡ accept_S3 ∧ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T1_S2;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T1_S2;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opa_post_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T1_S2 == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S4 ∨ 1 ≡ T1_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -176,120 +182,126 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_out:
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ T1_S2 ∧ rr ≡ 51;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ T1_S2 ∨ ¬(rr ≡ 51);
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- if (T1_S2 == 1)
- if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- else accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_out:
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ T1_S2 ∧ rr ≡ 51;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ T1_S2 ∨ ¬(rr ≡ 51);
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ if (T1_S2 == 1)
+ if (rr == 51) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ else accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void opb_post_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S3 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧
+ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void opb_post_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S3 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T1_S2 ∧ 0 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S3 ∧
@@ -304,123 +316,129 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_out:
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1_S2;
-
- behavior buch_state_T1_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
- */
-void main_pre_func(void)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- accept_all_tmp = 0;
- accept_S3_tmp = 0;
- if (T0_init == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
- T0_init_tmp = 0;
- T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_out:
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1_S2;
+
+ behavior buch_state_T1_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+ @/
+ void main_pre_func(void)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ if (T0_init == 1) T1_S2_tmp = 1; else T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_all;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
- accept_S3, accept_all;
-
- behavior buch_state_T0_S4_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ T0_S4;
-
- behavior buch_state_T0_S4_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ T0_S4;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_S2_out:
- ensures 0 ≡ T1_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ T0_S4;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ T0_S4;
- ensures 0 ≡ accept_all;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S4_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_all_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S4_tmp = T0_S4;
- T0_init_tmp = T0_init;
- T1_S2_tmp = T1_S2;
- accept_S3_tmp = accept_S3;
- accept_all_tmp = accept_all;
- if (T0_S4 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S3_tmp = 0;
- T1_S2_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
- T0_S4 = T0_S4_tmp;
- T0_init = T0_init_tmp;
- T1_S2 = T1_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_all = accept_all_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S4 ∧ 0 ≡ T0_init ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_all;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S4, T0_init, T1_S2,
+ accept_S3, accept_all;
+
+ behavior buch_state_T0_S4_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ T0_S4;
+
+ behavior buch_state_T0_S4_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ T0_S4;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_S2_out:
+ ensures 0 ≡ T1_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ T0_S4;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ T0_S4;
+ ensures 0 ≡ accept_all;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S4_tmp;
+ int T0_init_tmp;
+ int T1_S2_tmp;
+ int accept_S3_tmp;
+ int accept_all_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S4_tmp = T0_S4;
+ T0_init_tmp = T0_init;
+ T1_S2_tmp = T1_S2;
+ accept_S3_tmp = accept_S3;
+ accept_all_tmp = accept_all;
+ if (T0_S4 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S3_tmp = 0;
+ T1_S2_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S4 == 1) T0_S4_tmp = 1; else T0_S4_tmp = 0;
+ T0_S4 = T0_S4_tmp;
+ T0_init = T0_init_tmp;
+ T1_S2 = T1_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_all = accept_all_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S4 ∧ 0 ≡ T1_S2 ∧ 0 ≡ accept_S3 ∧
@@ -437,10 +455,10 @@ void main_post_func(int res)
*/
int main(void)
{
- int aorai_Loop_Init_15;
- int aorai_Loop_Init_7;
+ /*@ ghost int aorai_Loop_Init_15; */
+ /*@ ghost int aorai_Loop_Init_7; */
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
/*@ ghost aorai_Loop_Init_7 = 1; */
aorai_loop_7:
/*@ loop invariant 0 ≤ rr ≤ 50;
@@ -469,7 +487,7 @@ int main(void)
opa();
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
index 70269ff32b3..4b0631f98f1 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_boucle_rechercheTableau.res.oracle
@@ -20,90 +20,96 @@ enum aorai_OpStatusList {
/*@ ghost int End = 0; */
/*@ ghost int Idle = 1; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ Idle ∧ res ≢ -1;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ Idle ∨ ¬(res ≢ -1);
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_in:
- assumes 1 ≡ Idle ∧ res ≡ -1;
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes 0 ≡ Idle ∨ ¬(res ≡ -1);
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (Idle == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ Idle ∧ res ≢ -1;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ Idle ∨ ¬(res ≢ -1);
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes 1 ≡ Idle ∧ res ≡ -1;
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes 0 ≡ Idle ∨ ¬(res ≡ -1);
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (Idle == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
requires \valid(t + (0 .. max));
@@ -126,9 +132,9 @@ void isPresent_post_func(int res)
*/
int isPresent(int *t, int max, int val)
{
- int aorai_Loop_Init_2;
+ /*@ ghost int aorai_Loop_Init_2; */
int __retres;
- isPresent_pre_func(t,max,val);
+ /*@ ghost isPresent_pre_func(t,max,val); */
int i = 0;
/*@ ghost aorai_Loop_Init_2 = 1; */
aorai_loop_2:
@@ -154,86 +160,93 @@ int isPresent(int *t, int max, int val)
goto return_label;
}
__retres = -1;
- return_label: {
- isPresent_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresent_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle;
@@ -243,85 +256,91 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
@@ -335,12 +354,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,3,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
index 016b305d9ce..bc2b3248957 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_factorial.res.oracle
@@ -16,87 +16,93 @@ enum aorai_OpStatusList {
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void decode_int_pre_func(char *s)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_decode_int;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void decode_int_pre_func(char *s)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_decode_int;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void decode_int_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_decode_int;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void decode_int_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_decode_int;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
@@ -108,10 +114,10 @@ void decode_int_post_func(int res)
*/
int decode_int(char *s)
{
- int aorai_Loop_Init_5;
+ /*@ ghost int aorai_Loop_Init_5; */
int __retres;
char c;
- decode_int_pre_func(s);
+ /*@ ghost decode_int_pre_func(s); */
int intmax = ~ (1 << (sizeof(int) * (unsigned int)8 - (unsigned int)1));
int cutlim = intmax % 10;
int cutoff = intmax / 10;
@@ -171,99 +177,106 @@ int decode_int(char *s)
}
}
__retres = value;
- return_label: {
- decode_int_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost decode_int_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void factorial_pre_func(int value)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_factorial;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void factorial_pre_func(int value)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_factorial;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void factorial_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_factorial;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1;
- else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void factorial_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_factorial;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ accept_init;
requires 1 ≡ accept_S2 ∨ 0 ≡ accept_S2;
@@ -281,98 +294,104 @@ void factorial_post_func(int res)
int factorial(int value)
{
int tmp_0;
- factorial_pre_func(value);
+ /*@ ghost factorial_pre_func(value); */
if (value > 0) {
int tmp;
tmp = factorial(value - 1);
tmp_0 = tmp * value;
}
else tmp_0 = 1;
- factorial_post_func(tmp_0);
+ /*@ ghost factorial_post_func(tmp_0); */
return tmp_0;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_S2_tmp = 0;
- if (accept_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_S2_tmp = 0;
+ if (accept_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
- accept_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S1, accept_S2,
+ accept_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S1 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
requires argc ≡ 2;
@@ -388,7 +407,7 @@ int main(int argc, char **argv)
{
int __retres;
int value;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
if (argc != 2) {
__retres = 1;
goto return_label;
@@ -408,7 +427,7 @@ int main(int argc, char **argv)
factorial(value);
__retres = 0;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
index 709a03bb33c..13d491bf7fa 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_factorial2.res.oracle
@@ -16,85 +16,91 @@ enum aorai_OpStatusList {
/*@ ghost int S1 = 0; */
/*@ ghost int S2 = 0; */
/*@ ghost int main_0 = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void decode_int_pre_func(char *s)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_decode_int;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void decode_int_pre_func(char *s)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_decode_int;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_decode_int;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ 1 ≢ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ 1 ≡ 0;
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void decode_int_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_decode_int;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_decode_int;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ 1 ≢ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ 1 ≡ 0;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void decode_int_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_decode_int;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
@@ -107,10 +113,10 @@ void decode_int_post_func(int res)
*/
int decode_int(char *s)
{
- int aorai_Loop_Init_5;
+ /*@ ghost int aorai_Loop_Init_5; */
int __retres;
char c;
- decode_int_pre_func(s);
+ /*@ ghost decode_int_pre_func(s); */
int intmax = ~ (1 << (sizeof(int) * (unsigned int)8 - (unsigned int)1));
int cutlim = intmax % 10;
int cutoff = intmax / 10;
@@ -170,97 +176,104 @@ int decode_int(char *s)
}
}
__retres = value;
- return_label: {
- decode_int_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost decode_int_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void factorial_pre_func(int value)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_factorial;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1;
- else
- if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void factorial_pre_func(int value)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_factorial;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1;
+ else
+ if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_factorial;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S2 ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S2 ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void factorial_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_factorial;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1;
- else
- if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (S2 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_factorial;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S2 ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S2 ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S2 ∨ (1 ≡ S1 ∧ 1 ≢ 0);
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S2 ∧ (0 ≡ S1 ∨ 1 ≡ 0);
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void factorial_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_factorial;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1;
+ else
+ if (S2 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (S2 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ S2) ∧ 0 ≡ main_0;
requires 1 ≡ S1 ⇒ 1 ≢ 0;
@@ -279,96 +292,102 @@ void factorial_post_func(int res)
int factorial(int value)
{
int tmp_0;
- factorial_pre_func(value);
+ /*@ ghost factorial_pre_func(value); */
if (value > 0) {
int tmp;
tmp = factorial(value - 1);
tmp_0 = tmp * value;
}
else tmp_0 = 1;
- factorial_post_func(tmp_0);
+ /*@ ghost factorial_post_func(tmp_0); */
return tmp_0;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ main_0;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ main_0;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_out:
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- S2_tmp = 0;
- if (main_0 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ main_0;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ main_0;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_out:
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ S2_tmp = 0;
+ if (main_0 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_S2_in:
- assumes 1 ≡ S1 ∧ 1 ≢ 0;
- ensures 1 ≡ S2;
-
- behavior buch_state_S2_out:
- assumes 0 ≡ S1 ∨ 1 ≡ 0;
- ensures 0 ≡ S2;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int S2_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- S2_tmp = S2;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- S2 = S2_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ S2 ∧ 0 ≡ main_0;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, S2, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_S2_in:
+ assumes 1 ≡ S1 ∧ 1 ≢ 0;
+ ensures 1 ≡ S2;
+
+ behavior buch_state_S2_out:
+ assumes 0 ≡ S1 ∨ 1 ≡ 0;
+ ensures 0 ≡ S2;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int S2_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ S2_tmp = S2;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1) S2_tmp = 1; else S2_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ S2 = S2_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ main_0 ∧ 0 ≡ S1 ∧ 0 ≡ S2;
requires argc ≡ 2;
@@ -385,7 +404,7 @@ int main(int argc, char **argv)
{
int __retres;
int value;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
if (argc != 2) {
__retres = 1;
goto return_label;
@@ -405,7 +424,7 @@ int main(int argc, char **argv)
factorial(value);
__retres = 0;
return_label: {
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
index 6b08217bc02..bcd5caca7e9 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion1.res.oracle
@@ -50,80 +50,88 @@ predicate valid_string{L}(char *s) =
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
requires valid_string(argv);
@@ -137,7 +145,7 @@ int countOne(char *argv)
{
int __retres;
int tmp;
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
if ((int)*(argv + 0) == 0) {
__retres = 0;
@@ -147,86 +155,95 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
__retres = r;
- return_label: {
- countOne_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost countOne_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
requires
@@ -240,96 +257,104 @@ void count_post_func(int res)
*/
int count(int argc, char **argv)
{
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
int s = countOne(*(argv + 0));
if (argc > 1) {
int tmp_0;
tmp_0 = count(argc - 1,argv + 1);
s += tmp_0;
}
- count_post_func(s);
+ /*@ ghost count_post_func(s); */
return s;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
requires
@@ -350,11 +375,11 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int somme = 0;
if (argc > 0) somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
index 4a1cd28e828..efa580f6bc6 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.0.res.oracle
@@ -66,100 +66,106 @@ int global_argc = 0;
/*@ ghost int T0_init = 1; */
/*@ ghost int T1 = 0; */
/*@ ghost int accept_T2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_pre_func(char *argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (T1 == 1)
- if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_pre_func(char *argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (T1 == 1)
+ if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ T1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
requires 1 ≡ T1 ⇒ global_argc > 0;
@@ -176,7 +182,7 @@ int count(char *argv)
{
int __retres;
int tmp;
- count_pre_func(argv);
+ /*@ ghost count_pre_func(argv); */
if ((int)*(argv + 0) == 0) {
__retres = 0;
goto return_label;
@@ -184,101 +190,107 @@ int count(char *argv)
tmp = count(argv + 1);
__retres = 1 + tmp;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_pre_func(char *t, int length)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_pre_func(char *t, int length)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires valid_string(t) ∧ length ≥ 0 ∧ length ≡ string_len(t);
@@ -290,8 +302,8 @@ void sumOne_post_func(int res)
*/
int sumOne(char *t, int length)
{
- int aorai_Loop_Init_11;
- sumOne_pre_func(t,length);
+ /*@ ghost int aorai_Loop_Init_11; */
+ /*@ ghost sumOne_pre_func(t,length); */
int sum = 0;
int i = 0;
i = 0;
@@ -310,105 +322,111 @@ int sumOne(char *t, int length)
sum += (int)*(t + i);
i ++;
}
- sumOne_post_func(sum);
+ /*@ ghost sumOne_post_func(sum); */
return sum;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ accept_T2;
-
- behavior buch_state_accept_T2_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ accept_T2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- if (T1 == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ accept_T2;
+
+ behavior buch_state_accept_T2_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ if (T1 == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ S1 ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires
@@ -429,7 +447,7 @@ int main(int argc, char **argv)
{
int __retres;
int length;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int sum = 0;
global_argc = argc;
if (argc > 0) {
@@ -437,7 +455,7 @@ int main(int argc, char **argv)
sum = sumOne(*(argv + 0),length);
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
index 9eac73a1ce5..8b5a200aeaa 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion2.1.res.oracle
@@ -66,100 +66,106 @@ int global_argc = 0;
/*@ ghost int T0_init = 1; */
/*@ ghost int T1 = 0; */
/*@ ghost int accept_T2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_pre_func(char *argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1;
- else
- if (T1 == 1)
- if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes (1 ≡ T1 ∧ global_argc > 0) ∨ 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes (0 ≡ T1 ∨ ¬(global_argc > 0)) ∧ 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_pre_func(char *argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1;
+ else
+ if (T1 == 1)
+ if (global_argc > 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_out:
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- T1_tmp = 0;
- T0_init_tmp = 0;
- if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_out:
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void count_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ T1_tmp = 0;
+ T0_init_tmp = 0;
+ if (S1 == 1) S1_tmp = 1; else S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires (1 ≡ S1 ∨ 1 ≡ T1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
requires 1 ≡ T1 ⇒ global_argc > 0;
@@ -176,7 +182,7 @@ int count(char *argv)
{
int __retres;
int tmp;
- count_pre_func(argv);
+ /*@ ghost count_pre_func(argv); */
if ((int)*(argv + 0) == 0) {
__retres = 0;
goto return_label;
@@ -184,101 +190,107 @@ int count(char *argv)
tmp = count(argv + 1);
__retres = 1 + tmp;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ S1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ S1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_pre_func(char *t, int length)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ S1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ S1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_pre_func(char *t, int length)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (S1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_sumOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void sumOne_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_sumOne;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_sumOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void sumOne_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_sumOne;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires valid_string(t) ∧ length ≥ 0 ∧ length ≡ string_len(t);
@@ -290,8 +302,8 @@ void sumOne_post_func(int res)
*/
int sumOne(char *t, int length)
{
- int aorai_Loop_Init_11;
- sumOne_pre_func(t,length);
+ /*@ ghost int aorai_Loop_Init_11; */
+ /*@ ghost sumOne_pre_func(t,length); */
int sum = 0;
int i = 0;
i = 0;
@@ -310,107 +322,113 @@ int sumOne(char *t, int length)
sum += (int)*(t + i);
i ++;
}
- sumOne_post_func(sum);
+ /*@ ghost sumOne_post_func(sum); */
return sum;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_out:
- ensures 0 ≡ accept_T2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- accept_T2_tmp = 0;
- if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_out:
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ accept_T2_tmp = 0;
+ if (T0_init == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
- accept_T2;
-
- behavior buch_state_S1_out:
- ensures 0 ≡ S1;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_T1_in:
- assumes 1 ≡ T1;
- ensures 1 ≡ T1;
-
- behavior buch_state_T1_out:
- assumes 0 ≡ T1;
- ensures 0 ≡ T1;
-
- behavior buch_state_accept_T2_in:
- assumes 1 ≡ T1 ∧ res ≡ 1;
- ensures 1 ≡ accept_T2;
-
- behavior buch_state_accept_T2_out:
- assumes 0 ≡ T1 ∨ ¬(res ≡ 1);
- ensures 0 ≡ accept_T2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int T1_tmp; */
- /*@ ghost int accept_T2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- T0_init_tmp = T0_init;
- T1_tmp = T1;
- accept_T2_tmp = accept_T2;
- if (T1 == 1)
- if (res == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
- else accept_T2_tmp = 0;
- if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
- T0_init_tmp = 0;
- S1_tmp = 0;
- S1 = S1_tmp;
- T0_init = T0_init_tmp;
- T1 = T1_tmp;
- accept_T2 = accept_T2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T1 ∧ 0 ≡ S1 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_T2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, T0_init, T1,
+ accept_T2;
+
+ behavior buch_state_S1_out:
+ ensures 0 ≡ S1;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_T1_in:
+ assumes 1 ≡ T1;
+ ensures 1 ≡ T1;
+
+ behavior buch_state_T1_out:
+ assumes 0 ≡ T1;
+ ensures 0 ≡ T1;
+
+ behavior buch_state_accept_T2_in:
+ assumes 1 ≡ T1 ∧ res ≡ 1;
+ ensures 1 ≡ accept_T2;
+
+ behavior buch_state_accept_T2_out:
+ assumes 0 ≡ T1 ∨ ¬(res ≡ 1);
+ ensures 0 ≡ accept_T2;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int T0_init_tmp;
+ int T1_tmp;
+ int accept_T2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ T0_init_tmp = T0_init;
+ T1_tmp = T1;
+ accept_T2_tmp = accept_T2;
+ if (T1 == 1)
+ if (res == 1) accept_T2_tmp = 1; else accept_T2_tmp = 0;
+ else accept_T2_tmp = 0;
+ if (T1 == 1) T1_tmp = 1; else T1_tmp = 0;
+ T0_init_tmp = 0;
+ S1_tmp = 0;
+ S1 = S1_tmp;
+ T0_init = T0_init_tmp;
+ T1 = T1_tmp;
+ accept_T2 = accept_T2_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ S1 ∧ 0 ≡ T1 ∧ 0 ≡ accept_T2;
requires
@@ -432,7 +450,7 @@ int main(int argc, char **argv)
{
int __retres;
int length;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int sum = 0;
global_argc = argc;
if (argc > 0) {
@@ -440,7 +458,7 @@ int main(int argc, char **argv)
sum = sumOne(*(argv + 0),length);
}
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
index 3a5ab9e3cd3..09a6e371c26 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion4.res.oracle
@@ -17,108 +17,114 @@ enum aorai_OpStatusList {
/*@ ghost int End = 0; */
/*@ ghost int Idle = 1; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int size, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
-
-/*@ requires 1 ≡ End ∨ 1 ≡ Idle ∨ 1 ≡ WillDoFoo;
- requires 1 ≡ End ⇒ res ≢ -1;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes (1 ≡ Idle ∧ res ≢ -1) ∨ (1 ≡ End ∧ res ≢ -1);
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes
- (0 ≡ Idle ∨ ¬(res ≢ -1)) ∧ (0 ≡ End ∨ ¬(res ≢ -1));
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_in:
- assumes
- (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes
- (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≡ -1));
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1) {
- if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int size, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- else {
- _LAND: ;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- }
- Idle_tmp = 0;
- if (End == 1) {
- if (res != -1) End_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
- if (Idle == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
+
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∨ 1 ≡ Idle ∨ 1 ≡ WillDoFoo;
+ requires 1 ≡ End ⇒ res ≢ -1;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes (1 ≡ Idle ∧ res ≢ -1) ∨ (1 ≡ End ∧ res ≢ -1);
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes
+ (0 ≡ Idle ∨ ¬(res ≢ -1)) ∧ (0 ≡ End ∨ ¬(res ≢ -1));
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes
+ (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes
+ (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≡ -1));
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1) {
+ if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ }
+ Idle_tmp = 0;
+ if (End == 1) {
+ if (res != -1) End_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (Idle == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ }
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
requires \valid(t + (0 .. size - 1));
@@ -147,7 +153,7 @@ int isPresent(int *t, int size, int val)
{
int __retres;
int tmp;
- isPresent_pre_func(t,size,val);
+ /*@ ghost isPresent_pre_func(t,size,val); */
if (size == 0) {
__retres = -1;
goto return_label;
@@ -160,86 +166,93 @@ int isPresent(int *t, int size, int val)
int r = 1 + tmp;
if (r == 0) r = -1;
__retres = r;
- return_label: {
- isPresent_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresent_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle;
@@ -249,85 +262,91 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ WillDoFoo;
@@ -341,12 +360,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,4,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
index 40cd2510d33..b5c3e5aa930 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_recursion5.res.oracle
@@ -22,127 +22,133 @@ enum aorai_OpStatusList {
/*@ ghost int Idle = 1; */
/*@ ghost int IgnoreFoo = 0; */
/*@ ghost int WillDoFoo = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresentRec;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresentRec_pre_func(int *t, int i, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresentRec;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
-
-/*@ requires
- (1 ≡ Idle ∨ 1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End;
- requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
- requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresentRec;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_in:
- assumes
- (1 ≡ IgnoreFoo ∧ res ≢ -1) ∨ (1 ≡ Idle ∧ res ≢ -1);
- ensures 1 ≡ IgnoreFoo;
-
- behavior buch_state_IgnoreFoo_out:
- assumes
- (0 ≡ IgnoreFoo ∨ ¬(res ≢ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≢ -1));
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_in:
- assumes
- (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes
- (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
- (0 ≡ Idle ∨ ¬(res ≡ -1));
- ensures 0 ≡ WillDoFoo;
- */
-void isPresentRec_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresentRec;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- if (Idle == 1) {
- if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
- }
- else {
- _LAND: ;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresentRec;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresentRec_pre_func(int *t, int i, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresentRec;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- if (Idle == 1) {
- if (res != -1) IgnoreFoo_tmp = 1; else goto _LAND_0;
- }
- else {
- _LAND_0: ;
- if (IgnoreFoo == 1)
- if (res != -1) IgnoreFoo_tmp = 1; else IgnoreFoo_tmp = 0;
- else IgnoreFoo_tmp = 0;
+
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ Idle ∨ 1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End;
+ requires 1 ≡ Idle ⇒ res ≡ -1 ∨ res ≢ -1;
+ requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresentRec;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_in:
+ assumes
+ (1 ≡ IgnoreFoo ∧ res ≢ -1) ∨ (1 ≡ Idle ∧ res ≢ -1);
+ ensures 1 ≡ IgnoreFoo;
+
+ behavior buch_state_IgnoreFoo_out:
+ assumes
+ (0 ≡ IgnoreFoo ∨ ¬(res ≢ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≢ -1));
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes
+ (1 ≡ WillDoFoo ∧ res ≡ -1) ∨ (1 ≡ Idle ∧ res ≡ -1);
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes
+ (0 ≡ WillDoFoo ∨ ¬(res ≡ -1)) ∧
+ (0 ≡ Idle ∨ ¬(res ≡ -1));
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresentRec_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresentRec;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ if (Idle == 1) {
+ if (res == -1) WillDoFoo_tmp = 1; else goto _LAND;
+ }
+ else {
+ _LAND: ;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ }
+ if (Idle == 1) {
+ if (res != -1) IgnoreFoo_tmp = 1; else goto _LAND_0;
+ }
+ else {
+ _LAND_0: ;
+ if (IgnoreFoo == 1)
+ if (res != -1) IgnoreFoo_tmp = 1; else IgnoreFoo_tmp = 0;
+ else IgnoreFoo_tmp = 0;
+ }
+ Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
}
- Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -172,7 +178,7 @@ int isPresentRec(int *t, int i, int max, int val)
{
int __retres;
int tmp;
- isPresentRec_pre_func(t,i,max,val);
+ /*@ ghost isPresentRec_pre_func(t,i,max,val); */
if (*(t + i) == val) {
__retres = i;
goto return_label;
@@ -183,114 +189,121 @@ int isPresentRec(int *t, int i, int max, int val)
}
tmp = isPresentRec(t,i + 1,max,val);
__retres = tmp;
- return_label: {
- isPresentRec_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost isPresentRec_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_pre_func(int *t, int max, int val)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_pre_func(int *t, int max, int val)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End ∧ 0 ≡ Idle;
- requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
- requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_isPresent;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ IgnoreFoo ∧ res ≢ -1;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ IgnoreFoo ∨ ¬(res ≢ -1);
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_in:
- assumes 1 ≡ WillDoFoo ∧ res ≡ -1;
- ensures 1 ≡ WillDoFoo;
-
- behavior buch_state_WillDoFoo_out:
- assumes 0 ≡ WillDoFoo ∨ ¬(res ≡ -1);
- ensures 0 ≡ WillDoFoo;
- */
-void isPresent_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_isPresent;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- if (WillDoFoo == 1)
- if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
- else WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (IgnoreFoo == 1)
- if (res != -1) End_tmp = 1; else End_tmp = 0;
- else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ IgnoreFoo ∨ 1 ≡ WillDoFoo) ∧ 0 ≡ End ∧ 0 ≡ Idle;
+ requires 1 ≡ IgnoreFoo ⇒ res ≢ -1;
+ requires 1 ≡ WillDoFoo ⇒ res ≡ -1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_isPresent;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ IgnoreFoo ∧ res ≢ -1;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ IgnoreFoo ∨ ¬(res ≢ -1);
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_in:
+ assumes 1 ≡ WillDoFoo ∧ res ≡ -1;
+ ensures 1 ≡ WillDoFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ assumes 0 ≡ WillDoFoo ∨ ¬(res ≡ -1);
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void isPresent_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_isPresent;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ if (WillDoFoo == 1)
+ if (res == -1) WillDoFoo_tmp = 1; else WillDoFoo_tmp = 0;
+ else WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (IgnoreFoo == 1)
+ if (res != -1) End_tmp = 1; else End_tmp = 0;
+ else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -315,103 +328,109 @@ void isPresent_post_func(int res)
int isPresent(int *t, int max, int val)
{
int tmp;
- isPresent_pre_func(t,max,val);
+ /*@ ghost isPresent_pre_func(t,max,val); */
tmp = isPresentRec(t,0,max,val);
- isPresent_post_func(tmp);
+ /*@ ghost isPresent_post_func(tmp); */
return tmp;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ WillDoFoo;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ WillDoFoo;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_pre_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ WillDoFoo;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ WillDoFoo;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_pre_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (WillDoFoo == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_foo;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void foo_post_func(void)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_foo;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_foo;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void foo_post_func(void)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_foo;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ WillDoFoo ∧ 0 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo;
@@ -422,102 +441,108 @@ void foo_post_func(void)
*/
void foo(void)
{
- foo_pre_func();
- foo_post_func();
+ /*@ ghost foo_pre_func(); */
+ /*@ ghost foo_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_out:
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_in:
- assumes 1 ≡ Idle;
- ensures 1 ≡ Idle;
-
- behavior buch_state_Idle_out:
- assumes 0 ≡ Idle;
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
- End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_out:
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_in:
+ assumes 1 ≡ Idle;
+ ensures 1 ≡ Idle;
+
+ behavior buch_state_Idle_out:
+ assumes 0 ≡ Idle;
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ if (Idle == 1) Idle_tmp = 1; else Idle_tmp = 0;
+ End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
- WillDoFoo;
-
- behavior buch_state_End_in:
- assumes 1 ≡ End;
- ensures 1 ≡ End;
-
- behavior buch_state_End_out:
- assumes 0 ≡ End;
- ensures 0 ≡ End;
-
- behavior buch_state_Idle_out:
- ensures 0 ≡ Idle;
-
- behavior buch_state_IgnoreFoo_out:
- ensures 0 ≡ IgnoreFoo;
-
- behavior buch_state_WillDoFoo_out:
- ensures 0 ≡ WillDoFoo;
- */
-void main_post_func(int res)
-{
- /*@ ghost int End_tmp; */
- /*@ ghost int Idle_tmp; */
- /*@ ghost int IgnoreFoo_tmp; */
- /*@ ghost int WillDoFoo_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- End_tmp = End;
- Idle_tmp = Idle;
- IgnoreFoo_tmp = IgnoreFoo;
- WillDoFoo_tmp = WillDoFoo;
- WillDoFoo_tmp = 0;
- IgnoreFoo_tmp = 0;
- Idle_tmp = 0;
- if (End == 1) End_tmp = 1; else End_tmp = 0;
- End = End_tmp;
- Idle = Idle_tmp;
- IgnoreFoo = IgnoreFoo_tmp;
- WillDoFoo = WillDoFoo_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ End ∧ 0 ≡ Idle ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, End, Idle, IgnoreFoo,
+ WillDoFoo;
+
+ behavior buch_state_End_in:
+ assumes 1 ≡ End;
+ ensures 1 ≡ End;
+
+ behavior buch_state_End_out:
+ assumes 0 ≡ End;
+ ensures 0 ≡ End;
+
+ behavior buch_state_Idle_out:
+ ensures 0 ≡ Idle;
+
+ behavior buch_state_IgnoreFoo_out:
+ ensures 0 ≡ IgnoreFoo;
+
+ behavior buch_state_WillDoFoo_out:
+ ensures 0 ≡ WillDoFoo;
+ @/
+ void main_post_func(int res)
+ {
+ int End_tmp;
+ int Idle_tmp;
+ int IgnoreFoo_tmp;
+ int WillDoFoo_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ End_tmp = End;
+ Idle_tmp = Idle;
+ IgnoreFoo_tmp = IgnoreFoo;
+ WillDoFoo_tmp = WillDoFoo;
+ WillDoFoo_tmp = 0;
+ IgnoreFoo_tmp = 0;
+ Idle_tmp = 0;
+ if (End == 1) End_tmp = 1; else End_tmp = 0;
+ End = End_tmp;
+ Idle = Idle_tmp;
+ IgnoreFoo = IgnoreFoo_tmp;
+ WillDoFoo = WillDoFoo_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ Idle ∧ 0 ≡ End ∧ 0 ≡ IgnoreFoo ∧ 0 ≡ WillDoFoo;
@@ -532,12 +557,12 @@ void main_post_func(int res)
int main(int argc, char **argv)
{
int __retres;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
int tab[4] = {10, 20, 33, 15};
int r = isPresent(tab,3,33);
if (r == -1) foo();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
index d958a05da1c..485f555e125 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_struct.res.oracle
@@ -20,71 +20,77 @@ int myAge = 0;
/*@ ghost enum aorai_OpStatusList aorai_CurOpStatus = aorai_Called; */
/*@ ghost int S1 = 0; */
/*@ ghost int main_0 = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_increment;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void increment_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_increment;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_increment;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void increment_pre_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_increment;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
- requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_increment;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void increment_post_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_increment;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
+ requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_increment;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void increment_post_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_increment;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
@@ -96,78 +102,84 @@ void increment_post_func(void)
*/
void increment(void)
{
- increment_pre_func();
+ /*@ ghost increment_pre_func(); */
(nobody.Age) ++;
myAge ++;
- increment_post_func();
+ /*@ ghost increment_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ main_0 ∧ nobody.Age ≡ 0;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ main_0 ∨ ¬(nobody.Age ≡ 0);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_pre_func(void)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (main_0 == 1)
- if (nobody.Age == 0) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ main_0 ∧ nobody.Age ≡ 0;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ main_0 ∨ ¬(nobody.Age ≡ 0);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_pre_func(void)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (main_0 == 1)
+ if (nobody.Age == 0) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
-/*@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
- requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
-
- behavior buch_state_S1_in:
- assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
- ensures 1 ≡ S1;
-
- behavior buch_state_S1_out:
- assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
- ensures 0 ≡ S1;
-
- behavior buch_state_main_0_out:
- ensures 0 ≡ main_0;
- */
-void main_post_func(int res)
-{
- /*@ ghost int S1_tmp; */
- /*@ ghost int main_0_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- S1_tmp = S1;
- main_0_tmp = main_0;
- main_0_tmp = 0;
- if (S1 == 1)
- if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
- else S1_tmp = 0;
- S1 = S1_tmp;
- main_0 = main_0_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ S1 ∧ 0 ≡ main_0;
+ requires 1 ≡ S1 ⇒ nobody.Age ≡ 1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, S1, main_0;
+
+ behavior buch_state_S1_in:
+ assumes 1 ≡ S1 ∧ nobody.Age ≡ 1;
+ ensures 1 ≡ S1;
+
+ behavior buch_state_S1_out:
+ assumes 0 ≡ S1 ∨ ¬(nobody.Age ≡ 1);
+ ensures 0 ≡ S1;
+
+ behavior buch_state_main_0_out:
+ ensures 0 ≡ main_0;
+ @/
+ void main_post_func(int res)
+ {
+ int S1_tmp;
+ int main_0_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ S1_tmp = S1;
+ main_0_tmp = main_0;
+ main_0_tmp = 0;
+ if (S1 == 1)
+ if (nobody.Age == 1) S1_tmp = 1; else S1_tmp = 0;
+ else S1_tmp = 0;
+ S1 = S1_tmp;
+ main_0 = main_0_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ main_0 ∧ 0 ≡ S1;
requires 1 ≡ main_0 ⇒ nobody.Age ≡ 0;
@@ -183,11 +195,11 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
nobody.Age = 0;
increment();
__retres = 0;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
index 35483e014d7..cf43cbba6f0 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch2.res.oracle
@@ -29,141 +29,147 @@ int rr = 1;
/*@ ghost int accept_S6 = 0; */
/*@ ghost int accept_all = 0; */
/*@ ghost int accept_init = 1; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_in:
- assumes 1 ≡ accept_S2;
- ensures 1 ≡ accept_S3;
-
- behavior buch_state_accept_S3_out:
- assumes 0 ≡ accept_S2;
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_in:
+ assumes 1 ≡ accept_S2;
+ ensures 1 ≡ accept_S3;
+
+ behavior buch_state_accept_S3_out:
+ assumes 0 ≡ accept_S2;
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ if (accept_S2 == 1) accept_S3_tmp = 1; else accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
- 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opa;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_in:
- assumes 1 ≡ accept_S3;
- ensures 1 ≡ accept_S4;
-
- behavior buch_state_accept_S4_out:
- assumes 0 ≡ accept_S3;
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opa_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opa;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S3 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S4 ∧
+ 0 ≡ accept_S5 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opa;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_in:
+ assumes 1 ≡ accept_S3;
+ ensures 1 ≡ accept_S4;
+
+ behavior buch_state_accept_S4_out:
+ assumes 0 ≡ accept_S3;
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opa_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opa;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ if (accept_S3 == 1) accept_S4_tmp = 1; else accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧ 0 ≡ accept_S4 ∧
@@ -182,147 +188,153 @@ void opa_post_func(void)
*/
void opa(void)
{
- opa_pre_func();
+ /*@ ghost opa_pre_func(); */
rr ++;
- opa_post_func();
+ /*@ ghost opa_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_in:
- assumes 1 ≡ accept_S4;
- ensures 1 ≡ accept_S5;
-
- behavior buch_state_accept_S5_out:
- assumes 0 ≡ accept_S4;
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_in:
+ assumes 1 ≡ accept_S4;
+ ensures 1 ≡ accept_S5;
+
+ behavior buch_state_accept_S5_out:
+ assumes 0 ≡ accept_S4;
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ if (accept_S4 == 1) accept_S5_tmp = 1; else accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opb;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_in:
- assumes 1 ≡ accept_S5;
- ensures 1 ≡ accept_S6;
-
- behavior buch_state_accept_S6_out:
- assumes 0 ≡ accept_S5;
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opb_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opb;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S5 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S6 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opb;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_in:
+ assumes 1 ≡ accept_S5;
+ ensures 1 ≡ accept_S6;
+
+ behavior buch_state_accept_S6_out:
+ assumes 0 ≡ accept_S5;
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opb_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opb;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ if (accept_S5 == 1) accept_S6_tmp = 1; else accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_S4 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -337,134 +349,140 @@ void opb_post_func(void)
*/
void opb(void)
{
- opb_pre_func();
+ /*@ ghost opb_pre_func(); */
status = 1;
- opb_post_func();
+ /*@ ghost opb_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_opc;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void opc_post_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_opc;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_opc;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void opc_post_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_opc;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires \false;
@@ -491,147 +509,153 @@ void opc_post_func(void)
*/
void opc(void)
{
- opc_pre_func();
+ /*@ ghost opc_pre_func(); */
rr = 9000;
- opc_post_func();
+ /*@ ghost opc_post_func(); */
return;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_init;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_init;
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_out:
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_pre_func(void)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_init;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_init;
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_out:
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_pre_func(void)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ if (accept_init == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
- 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
- 0 ≡ accept_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
- accept_S4, accept_S5, accept_S6, accept_all, accept_init;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
-
- behavior buch_state_accept_S3_out:
- ensures 0 ≡ accept_S3;
-
- behavior buch_state_accept_S4_out:
- ensures 0 ≡ accept_S4;
-
- behavior buch_state_accept_S5_out:
- ensures 0 ≡ accept_S5;
-
- behavior buch_state_accept_S6_out:
- ensures 0 ≡ accept_S6;
-
- behavior buch_state_accept_all_in:
- assumes 1 ≡ accept_S6;
- ensures 1 ≡ accept_all;
-
- behavior buch_state_accept_all_out:
- assumes 0 ≡ accept_S6;
- ensures 0 ≡ accept_all;
-
- behavior buch_state_accept_init_out:
- ensures 0 ≡ accept_init;
- */
-void main_post_func(int res)
-{
- /*@ ghost int accept_S2_tmp; */
- /*@ ghost int accept_S3_tmp; */
- /*@ ghost int accept_S4_tmp; */
- /*@ ghost int accept_S5_tmp; */
- /*@ ghost int accept_S6_tmp; */
- /*@ ghost int accept_all_tmp; */
- /*@ ghost int accept_init_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- accept_S2_tmp = accept_S2;
- accept_S3_tmp = accept_S3;
- accept_S4_tmp = accept_S4;
- accept_S5_tmp = accept_S5;
- accept_S6_tmp = accept_S6;
- accept_all_tmp = accept_all;
- accept_init_tmp = accept_init;
- accept_init_tmp = 0;
- if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
- accept_S6_tmp = 0;
- accept_S5_tmp = 0;
- accept_S4_tmp = 0;
- accept_S3_tmp = 0;
- accept_S2_tmp = 0;
- accept_S2 = accept_S2_tmp;
- accept_S3 = accept_S3_tmp;
- accept_S4 = accept_S4_tmp;
- accept_S5 = accept_S5_tmp;
- accept_S6 = accept_S6_tmp;
- accept_all = accept_all_tmp;
- accept_init = accept_init_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S6 ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
+ 0 ≡ accept_S4 ∧ 0 ≡ accept_S5 ∧ 0 ≡ accept_all ∧
+ 0 ≡ accept_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, accept_S2, accept_S3,
+ accept_S4, accept_S5, accept_S6, accept_all, accept_init;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+
+ behavior buch_state_accept_S3_out:
+ ensures 0 ≡ accept_S3;
+
+ behavior buch_state_accept_S4_out:
+ ensures 0 ≡ accept_S4;
+
+ behavior buch_state_accept_S5_out:
+ ensures 0 ≡ accept_S5;
+
+ behavior buch_state_accept_S6_out:
+ ensures 0 ≡ accept_S6;
+
+ behavior buch_state_accept_all_in:
+ assumes 1 ≡ accept_S6;
+ ensures 1 ≡ accept_all;
+
+ behavior buch_state_accept_all_out:
+ assumes 0 ≡ accept_S6;
+ ensures 0 ≡ accept_all;
+
+ behavior buch_state_accept_init_out:
+ ensures 0 ≡ accept_init;
+ @/
+ void main_post_func(int res)
+ {
+ int accept_S2_tmp;
+ int accept_S3_tmp;
+ int accept_S4_tmp;
+ int accept_S5_tmp;
+ int accept_S6_tmp;
+ int accept_all_tmp;
+ int accept_init_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ accept_S2_tmp = accept_S2;
+ accept_S3_tmp = accept_S3;
+ accept_S4_tmp = accept_S4;
+ accept_S5_tmp = accept_S5;
+ accept_S6_tmp = accept_S6;
+ accept_all_tmp = accept_all;
+ accept_init_tmp = accept_init;
+ accept_init_tmp = 0;
+ if (accept_S6 == 1) accept_all_tmp = 1; else accept_all_tmp = 0;
+ accept_S6_tmp = 0;
+ accept_S5_tmp = 0;
+ accept_S4_tmp = 0;
+ accept_S3_tmp = 0;
+ accept_S2_tmp = 0;
+ accept_S2 = accept_S2_tmp;
+ accept_S3 = accept_S3_tmp;
+ accept_S4 = accept_S4_tmp;
+ accept_S5 = accept_S5_tmp;
+ accept_S6 = accept_S6_tmp;
+ accept_all = accept_all_tmp;
+ accept_init = accept_init_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ accept_init ∧ 0 ≡ accept_S2 ∧ 0 ≡ accept_S3 ∧
@@ -653,7 +677,7 @@ void main_post_func(int res)
int main(void)
{
int __retres;
- main_pre_func();
+ /*@ ghost main_pre_func(); */
switch (rr) {
case 1: opa();
break;
@@ -662,7 +686,7 @@ int main(void)
}
opb();
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
index 73b974a6b58..7c650ba0861 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -122,7 +128,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -132,122 +138,129 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -264,7 +277,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -275,112 +288,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -398,10 +417,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
index a11dd2f6e1c..36ea60d0a6e 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_et_recursion.res.oracle
@@ -18,75 +18,83 @@ enum aorai_OpStatusList {
/*@ ghost int T0_S2 = 0; */
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires \false;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires \false;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -101,7 +109,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -110,84 +118,92 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
@@ -198,7 +214,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -209,90 +225,98 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_out:
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_out:
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
-/*@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ return;
+ }
+
+*/
/*@ requires 1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1;
@@ -309,10 +333,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
index cf8462c802b..d0d98a3a8d8 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_if.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -122,7 +128,7 @@ void countOne_post_func(int res)
*/
int countOne(char *argv)
{
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
if ((int)*(argv + 0) != 0) {
int tmp;
@@ -130,122 +136,129 @@ int countOne(char *argv)
tmp = countOne(argv + 1);
r += tmp;
}
- countOne_post_func(r);
+ /*@ ghost countOne_post_func(r); */
return r;
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -262,7 +275,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -273,112 +286,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -396,10 +415,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
diff --git a/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle b/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
index 32c5aecfa35..e3f09944648 100644
--- a/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
+++ b/src/plugins/aorai/tests/aorai/oracle/test_switch3_return.res.oracle
@@ -17,99 +17,105 @@ enum aorai_OpStatusList {
/*@ ghost int T0_init = 1; */
/*@ ghost int accept_S1 = 0; */
/*@ ghost int accept_S2 = 0; */
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_pre_func(char *argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1;
- else
- if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_pre_func(char *argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1;
+ else
+ if (accept_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_countOne;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void countOne_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_countOne;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_countOne;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void countOne_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_countOne;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_S2 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S1;
@@ -123,7 +129,7 @@ void countOne_post_func(int res)
int countOne(char *argv)
{
int __retres;
- countOne_pre_func(argv);
+ /*@ ghost countOne_pre_func(argv); */
int r = 0;
switch ((int)*(argv + 0)) {
int tmp;
@@ -134,124 +140,132 @@ int countOne(char *argv)
r += tmp;
}
__retres = r;
- return_label: {
- countOne_post_func(__retres);
- return __retres;
- }
+ return_label:
+ {
+ /*@ ghost countOne_post_func(__retres); */
+ return __retres;
+ }
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_out:
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_out:
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧ 0 ≡ T0_init;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_count;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_in:
- assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
- ensures 1 ≡ accept_S2;
-
- behavior buch_state_accept_S2_out:
- assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
- ensures 0 ≡ accept_S2;
- */
-void count_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_count;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- if (T0_S2 == 1) accept_S2_tmp = 1;
- else
- if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
- if (T0_S2 == 1) accept_S1_tmp = 1;
- else
- if (accept_S1 == 1) accept_S1_tmp = 1;
+*/
+
+/*@ ghost
+ /@ requires
+ (1 ≡ T0_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ accept_S2) ∧
+ 0 ≡ T0_init;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_count;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ accept_S1 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_in:
+ assumes 1 ≡ accept_S2 ∨ 1 ≡ T0_S2;
+ ensures 1 ≡ accept_S2;
+
+ behavior buch_state_accept_S2_out:
+ assumes 0 ≡ accept_S2 ∧ 0 ≡ T0_S2;
+ ensures 0 ≡ accept_S2;
+ @/
+ void count_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_count;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ if (T0_S2 == 1) accept_S2_tmp = 1;
else
- if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+ if (accept_S2 == 1) accept_S2_tmp = 1; else accept_S2_tmp = 0;
+ if (T0_S2 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S1 == 1) accept_S1_tmp = 1;
+ else
+ if (accept_S2 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
(1 ≡ T0_S2 ∨ 1 ≡ accept_S1) ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
@@ -268,7 +282,7 @@ void count_post_func(int res)
int count(int argc, char **argv)
{
int __retres;
- count_pre_func(argc,argv);
+ /*@ ghost count_pre_func(argc,argv); */
if (argc > 0) {
int tmp;
int tmp_0;
@@ -279,112 +293,118 @@ int count(int argc, char **argv)
}
__retres = 0;
return_label: {
- count_post_func(__retres);
+ /*@ ghost count_post_func(__retres); */
return __retres;
}
}
-/*@ ensures aorai_CurOpStatus ≡ aorai_Called;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ T0_init;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ T0_init;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_pre_func(int argc, char **argv)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Called;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+/*@ ghost
+ /@ ensures aorai_CurOpStatus ≡ aorai_Called;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ T0_init;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ T0_init;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_pre_func(int argc, char **argv)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Called;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (T0_init == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (T0_init == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
-/*@ requires
- 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
- ensures aorai_CurOpStatus ≡ aorai_Terminated;
- ensures aorai_CurOperation ≡ op_main;
- assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init, accept_S1,
- accept_S2;
-
- behavior buch_state_T0_S2_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ T0_S2;
-
- behavior buch_state_T0_S2_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ T0_S2;
-
- behavior buch_state_T0_init_out:
- ensures 0 ≡ T0_init;
-
- behavior buch_state_accept_S1_in:
- assumes 1 ≡ accept_S1;
- ensures 1 ≡ accept_S1;
-
- behavior buch_state_accept_S1_out:
- assumes 0 ≡ accept_S1;
- ensures 0 ≡ accept_S1;
-
- behavior buch_state_accept_S2_out:
- ensures 0 ≡ accept_S2;
- */
-void main_post_func(int res)
-{
- /*@ ghost int T0_S2_tmp; */
- /*@ ghost int T0_init_tmp; */
- /*@ ghost int accept_S1_tmp; */
- /*@ ghost int accept_S2_tmp; */
- aorai_CurOpStatus = aorai_Terminated;
- aorai_CurOperation = op_main;
- T0_S2_tmp = T0_S2;
- T0_init_tmp = T0_init;
- accept_S1_tmp = accept_S1;
- accept_S2_tmp = accept_S2;
- accept_S2_tmp = 0;
- if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
- T0_init_tmp = 0;
- if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
- T0_S2 = T0_S2_tmp;
- T0_init = T0_init_tmp;
- accept_S1 = accept_S1_tmp;
- accept_S2 = accept_S2_tmp;
- return;
-}
+*/
+
+/*@ ghost
+ /@ requires
+ 1 ≡ accept_S1 ∧ 0 ≡ T0_S2 ∧ 0 ≡ T0_init ∧ 0 ≡ accept_S2;
+ ensures aorai_CurOpStatus ≡ aorai_Terminated;
+ ensures aorai_CurOperation ≡ op_main;
+ assigns aorai_CurOpStatus, aorai_CurOperation, T0_S2, T0_init,
+ accept_S1, accept_S2;
+
+ behavior buch_state_T0_S2_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ T0_S2;
+
+ behavior buch_state_T0_S2_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ T0_S2;
+
+ behavior buch_state_T0_init_out:
+ ensures 0 ≡ T0_init;
+
+ behavior buch_state_accept_S1_in:
+ assumes 1 ≡ accept_S1;
+ ensures 1 ≡ accept_S1;
+
+ behavior buch_state_accept_S1_out:
+ assumes 0 ≡ accept_S1;
+ ensures 0 ≡ accept_S1;
+
+ behavior buch_state_accept_S2_out:
+ ensures 0 ≡ accept_S2;
+ @/
+ void main_post_func(int res)
+ {
+ int T0_S2_tmp;
+ int T0_init_tmp;
+ int accept_S1_tmp;
+ int accept_S2_tmp;
+ aorai_CurOpStatus = aorai_Terminated;
+ aorai_CurOperation = op_main;
+ T0_S2_tmp = T0_S2;
+ T0_init_tmp = T0_init;
+ accept_S1_tmp = accept_S1;
+ accept_S2_tmp = accept_S2;
+ accept_S2_tmp = 0;
+ if (accept_S1 == 1) accept_S1_tmp = 1; else accept_S1_tmp = 0;
+ T0_init_tmp = 0;
+ if (accept_S1 == 1) T0_S2_tmp = 1; else T0_S2_tmp = 0;
+ T0_S2 = T0_S2_tmp;
+ T0_init = T0_init_tmp;
+ accept_S1 = accept_S1_tmp;
+ accept_S2 = accept_S2_tmp;
+ return;
+ }
+
+*/
/*@ requires
1 ≡ T0_init ∧ 0 ≡ T0_S2 ∧ 0 ≡ accept_S1 ∧ 0 ≡ accept_S2;
@@ -402,10 +422,10 @@ int main(int argc, char **argv)
{
int __retres;
int somme;
- main_pre_func(argc,argv);
+ /*@ ghost main_pre_func(argc,argv); */
somme = count(argc,argv);
__retres = 1;
- main_post_func(__retres);
+ /*@ ghost main_post_func(__retres); */
return __retres;
}
--
GitLab