Migrate loop contracts regressions to dfcc

Author: qinheping

regression/contracts-dfcc/detect_loop_locals/main.c

@@ -0,0 +1,12 @@
+#include <stdlib.h>
+
+int main()
+{
+  unsigned char *i = malloc(5);
+
+  while(i != i + 5)
+    __CPROVER_loop_invariant(1 == 1)
+    {
+      const char lower = *i++;
+    }
+}

regression/contracts-dfcc/detect_loop_locals/test.desc

@@ -0,0 +1,10 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^\[main.assigns.\d+\].*line 10 Check that i is assignable: SUCCESS$
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+--
+Checks that loop local variables do not cause explicit checks.

regression/contracts-dfcc/detect_loop_locals2/main.c

@@ -0,0 +1,28 @@
+static void foo()
+{
+  unsigned i;
+
+  for(i = 0; i < 16; i++)
+    __CPROVER_loop_invariant(1 == 1)
+    {
+      int v = 1;
+    }
+}
+
+static void bar()
+{
+  unsigned i;
+
+  for(i = 0; i < 16; i++)
+    __CPROVER_loop_invariant(1 == 1)
+    {
+      int v = 1;
+    }
+}
+
+int main()
+{
+  bar();
+  foo();
+  foo();
+}

regression/contracts-dfcc/detect_loop_locals2/test.desc

@@ -0,0 +1,11 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^\[bar.assigns.\d+\].*Check that i is assignable: SUCCESS$
+^\[foo.assigns.\d+\].*Check that i is assignable: SUCCESS$
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+--
+Checks that loop local variables do not cause explicit checks 

regression/contracts-dfcc/github_6168_infinite_unwinding_bug/main.c

@@ -0,0 +1,21 @@
+#include <assert.h>
+#include <stdlib.h>
+
+static int adder(const int *a, const int *b)
+{
+  return (*a + *b);
+}
+
+int main()
+{
+  int x = 1024;
+
+  int (*local_adder)(const int *, const int *) = adder;
+
+  while(x > 0)
+    __CPROVER_loop_invariant(1 == 1)
+    {
+      x += local_adder(&x, &x); // loop detection fails
+      //x += adder(&x, &x);       // works fine
+    }
+}

regression/contracts-dfcc/github_6168_infinite_unwinding_bug/test.desc

@@ -0,0 +1,11 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+^\[main.\d+\] line \d+ Check loop invariant before entry: SUCCESS$
+^\[main.\d+\] line \d+ Check that loop invariant is preserved: SUCCESS$
+--
+--
+This is guarding against an issue described in https://github.com/diffblue/cbmc/issues/6168.

regression/contracts-dfcc/history-index/main.c

@@ -0,0 +1,14 @@
+#include <assert.h>
+
+int main()
+{
+  int i, n, x[10];
+  __CPROVER_assume(x[0] == x[9]);
+  while(i < n)
+    __CPROVER_loop_invariant(x[0] == __CPROVER_loop_entry(x[0]))
+    {
+      x[0] = x[9] - 1;
+      x[0]++;
+    }
+  assert(x[0] == x[9]);
+}

regression/contracts-dfcc/history-index/test.desc

@@ -0,0 +1,10 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^Tracking history of index expressions is not supported yet\.
+--
+This test checks that `ID_index` expressions are allowed within history variables.

regression/contracts-dfcc/history-invalid/main.c

@@ -0,0 +1,19 @@
+#include <assert.h>
+
+int foo(int x)
+{
+  return x;
+}
+
+int main()
+{
+  int i, n, x[10];
+  __CPROVER_assume(x[0] == x[9]);
+  while(i < n)
+    __CPROVER_loop_invariant(x[0] == __CPROVER_loop_entry(foo(x[0])))
+    {
+      x[0] = x[9] - 1;
+      x[0]++;
+    }
+  assert(x[0] == x[9]);
+}

regression/contracts-dfcc/history-invalid/test.desc

@@ -0,0 +1,11 @@
+CORE
+main.c
+--dfcc --apply-loop-contracts
+^main.c.* error: Tracking history of side_effect expressions is not supported yet.$
+^CONVERSION ERROR$
+^EXIT=(1|64)$
+^SIGNAL=0$
+--
+--
+This test ensures that expressions with side effect, such as function calls,
+may not be used in history variables.

regression/contracts-dfcc/invar_assigns_empty/main.c

@@ -0,0 +1,9 @@
+#include <assert.h>
+
+int main()
+{
+  while(1 == 1)
+    __CPROVER_assigns() __CPROVER_loop_invariant(1 == 1)
+    {
+    }
+}

regression/contracts-dfcc/invar_assigns_empty/test.desc

@@ -0,0 +1,12 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^\[main.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[main.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^VERIFICATION SUCCESSFUL$
+--
+--
+This test checks that empty assigns clause is supported 
+in loop contracts.

regression/contracts-dfcc/invar_assigns_opt/test.desc

@@ -1,18 +1,18 @@
 CORE
 main.c
---dfcc main
+--dfcc main --apply-loop-contracts
 ^EXIT=0$
 ^SIGNAL=0$
-^\[main.\d+\] .* Check loop invariant before entry: SUCCESS$
-^\[main.\d+\] .* Check that loop invariant is preserved: SUCCESS$
-^\[main.\d+\] .* Check decreases clause on loop iteration: SUCCESS$
-^\[main.assertion.\d+\] .* assertion r1 == 0: SUCCESS$
-^\[main.\d+\] .* Check loop invariant before entry: SUCCESS$
-^\[main.assigns.\d+\] .* Check that s2 is assignable: SUCCESS$
-^\[main.assigns.\d+\] .* Check that r2 is assignable: SUCCESS$
-^\[main.\d+\] .* Check that loop invariant is preserved: SUCCESS$
-^\[main.\d+\] .* Check decreases clause on loop iteration: SUCCESS$
-^\[main.assertion.\d+\] .* assertion r2 == 0: SUCCESS$
+^\[foo.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[foo.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^\[foo.\d+\] .* Check decreases clause on loop iteration: SUCCESS$
+^\[foo.assertion.\d+\] .* assertion r1 == 0: SUCCESS$
+^\[foo.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[foo.assigns.\d+\] .* Check that s2 is assignable: SUCCESS$
+^\[foo.assigns.\d+\] .* Check that r2 is assignable: SUCCESS$
+^\[foo.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^\[foo.\d+\] .* Check decreases clause on loop iteration: SUCCESS$
+^\[foo.assertion.\d+\] .* assertion r2 == 0: SUCCESS$
 ^VERIFICATION SUCCESSFUL$
 --
 --

regression/contracts-dfcc/invar_check_break_fail/main.c

@@ -0,0 +1,25 @@
+#include <assert.h>
+
+int main()
+{
+  int r;
+  __CPROVER_assume(r >= 0);
+
+  while(r > 0)
+    __CPROVER_loop_invariant(r >= 0)
+    {
+      --r;
+      if(r <= 1)
+      {
+        break;
+      }
+      else
+      {
+        --r;
+      }
+    }
+
+  assert(r == 0);
+
+  return 0;
+}

regression/contracts-dfcc/invar_check_break_fail/test.desc

@@ -0,0 +1,15 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=10$
+^SIGNAL=0$
+^\[main\.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[main\.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^\[main.assigns.\d+\] .* Check that r is assignable: SUCCESS$
+^\[main\.assertion\.\d+\] .* assertion r == 0: FAILURE$
+^VERIFICATION FAILED$
+--
+This test is expected to fail along the code path where r is an even integer
+before entering the loop.
+The program is simply incompatible with the desired property in this case --
+there is no loop invariant that can establish the required assertion.

regression/contracts-dfcc/invar_check_break_pass/main.c

@@ -0,0 +1,28 @@
+#include <assert.h>
+
+int main()
+{
+  int r;
+  __CPROVER_assume(r >= 0);
+
+  while(r > 0)
+    // clang-format off
+    __CPROVER_loop_invariant(r >= 0)
+    __CPROVER_decreases(r)
+    // clang-format on
+    {
+      --r;
+      if(r <= 1)
+      {
+        break;
+      }
+      else
+      {
+        --r;
+      }
+    }
+
+  assert(r == 0 || r == 1);
+
+  return 0;
+}

regression/contracts-dfcc/invar_check_break_pass/test.desc

@@ -0,0 +1,12 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^\[main\.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[main\.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^\[main.assigns.\d+\] .* Check that r is assignable: SUCCESS$
+^\[main\.assertion\.\d+\] .* assertion r == 0 || r == 1: SUCCESS$
+^VERIFICATION SUCCESSFUL$
+--
+This test checks that conditionals and `break` are correctly handled.

regression/contracts-dfcc/invar_check_continue/main.c

@@ -0,0 +1,28 @@
+#include <assert.h>
+
+int main()
+{
+  int r;
+  __CPROVER_assume(r >= 0);
+
+  while(r > 0)
+    // clang-format off
+    __CPROVER_loop_invariant(r >= 0)
+    __CPROVER_decreases(r)
+    // clang-format on
+    {
+      --r;
+      if(r < 5)
+      {
+        continue;
+      }
+      else
+      {
+        --r;
+      }
+    }
+
+  assert(r == 0);
+
+  return 0;
+}

regression/contracts-dfcc/invar_check_continue/test.desc

@@ -0,0 +1,12 @@
+CORE
+main.c
+--dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^\[main\.\d+\] .* Check loop invariant before entry: SUCCESS$
+^\[main\.\d+\] .* Check that loop invariant is preserved: SUCCESS$
+^\[main.assigns.\d+\] .* Check that r is assignable: SUCCESS$
+^\[main\.assertion\.\d+\] .* assertion r == 0: SUCCESS$
+^VERIFICATION SUCCESSFUL$
+--
+This test checks that conditionals and `continue` are correctly handled.