Fixed test descriptions to put comments in the correct place and updated some stylistic issues with test cases.

Author: klaas

regression/contracts/function_apply_01/main.c

@@ -12,7 +12,8 @@ __CPROVER_ensures(__CPROVER_return_value == 0)
   return 1;
 }
 
-int main() {
+int main()
+{
   int x = foo();
   assert(x == 0);
   return 0;

regression/contracts/function_apply_01/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # Applying code contracts currently also checks them.
+KNOWNBUG
 main.c
 --apply-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Applying code contracts currently also checks them.

regression/contracts/function_check_01/main.c

@@ -12,9 +12,12 @@ int min(int a, int b)
                    (__CPROVER_return_value == a || __CPROVER_return_value == b)
                    )
 {
-  if (a <= b) {
+  if (a <= b)
+  {
     return a;
-  } else {
+  }
+  else
+  {
     return b;
   }
 }

regression/contracts/function_check_01/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/function_check_02/main.c

@@ -8,14 +8,16 @@ __CPROVER_ensures(
   __CPROVER_forall {int i; (0 <= i && i < 10) ==> arr[i] == i}
 )
 {
-  for(int i = 0; i < 10; i++) {
+  for(int i = 0; i < 10; i++)
+  {
     arr[i] = i;
   }
 
   return 0;
 }
 
-int main() {
+int main()
+{
   int arr[10];
   initialize(arr);
 }

regression/contracts/function_check_02/test.desc

@@ -1,6 +1,10 @@
-KNOWNBUG # Ensures statements currently do not allow quantified predicates unless the function has void return type.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Ensures statements currently do not allow quantified predicates unless the
+function has void return type.

regression/contracts/function_check_03/main.c

@@ -19,7 +19,8 @@ __CPROVER_ensures(
   }
 }
 
-int main() {
+int main()
+{
   int arr[10];
   initialize(arr, 10);
 }

regression/contracts/function_check_03/test.desc

@@ -1,6 +1,10 @@
-KNOWNBUG # Loop invariants currently do not support memory reads.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Loop invariants currently do not support memory reads in at least some
+circumstances.

regression/contracts/function_check_04/main.c

@@ -11,7 +11,8 @@ __CPROVER_ensures(__CPROVER_return_value == 0)
   return 1;
 }
 
-int main() {
+int main()
+{
   int x = foo();
   assert(x == 0);
   return 0;

regression/contracts/function_check_04/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^\[main.assertion.1\] assertion x == 0: SUCCESS$
 ^\[foo.1\] : FAILURE$
 ^VERIFICATION FAILED$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/function_check_05/main.c

@@ -14,7 +14,8 @@ __CPROVER_ensures(__CPROVER_return_value == 1)
   return 1;
 }
 
-int main() {
+int main()
+{
   int y = 0;  
   int z = foo(&y);
   // This assert should fail.

regression/contracts/function_check_05/test.desc

@@ -1,8 +1,10 @@
-KNOWNBUG # Contract checking does not properly havoc function calls
+KNOWNBUG
 main.c
 --check-code-contracts
 ^\[main.assertion.1\] assertion y == 0: FAILURE$
 ^\[main.assertion.2\] assertion z == 1: SUCCESS$
 ^\[foo.1\] : SUCCESS$
-
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Contract checking does not properly havoc function calls.

regression/contracts/function_check_mem_01/main.c

@@ -10,13 +10,17 @@
 #define __CPROVER_VALID_MEM(ptr, size) \
   __CPROVER_POINTER_OBJECT((ptr)) != __CPROVER_POINTER_OBJECT(NULL) && \
   !__CPROVER_invalid_pointer((ptr)) && \
-  __CPROVER_POINTER_OBJECT((ptr)) != __CPROVER_POINTER_OBJECT(__CPROVER_deallocated) && \
-  __CPROVER_POINTER_OBJECT((ptr)) != __CPROVER_POINTER_OBJECT(__CPROVER_dead_object) && \
-  (__builtin_object_size((ptr), 1) >= (size) && __CPROVER_POINTER_OFFSET((ptr)) >= 0l || \
+  __CPROVER_POINTER_OBJECT((ptr)) != \
+  __CPROVER_POINTER_OBJECT(__CPROVER_deallocated) && \
+  __CPROVER_POINTER_OBJECT((ptr)) != \
+  __CPROVER_POINTER_OBJECT(__CPROVER_dead_object) && \
+  (__builtin_object_size((ptr), 1) >= (size) && \
+  __CPROVER_POINTER_OFFSET((ptr)) >= 0l || \
    __CPROVER_DYNAMIC_OBJECT((ptr))) && \
   (__CPROVER_POINTER_OFFSET((ptr)) >= 0 && \
    __CPROVER_malloc_size >= (size) + __CPROVER_POINTER_OFFSET((ptr)) || \
-   __CPROVER_POINTER_OBJECT((ptr)) != __CPROVER_POINTER_OBJECT(__CPROVER_malloc_object))
+   __CPROVER_POINTER_OBJECT((ptr)) != \
+   __CPROVER_POINTER_OBJECT(__CPROVER_malloc_object))
 
 typedef struct bar {
   int x;
@@ -31,7 +35,8 @@ __CPROVER_requires(__CPROVER_VALID_MEM(x, sizeof(bar)))
   return
 }
 
-int main() {
+int main()
+{
   bar* y;
   __CPROVER_assume(__CPROVER_VALID_MEM(y, sizeof(bar)));
   y->x = 0;

regression/contracts/function_check_mem_01/test.desc

@@ -1,6 +1,10 @@
-KNOWNBUG # cbmc currently does not support assumptions about pointers.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+CBMC currently does not support assumptions about pointers in the general way
+that other assumptions are supported.

regression/contracts/invar_check_01/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/invar_check_02/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/invar_check_03/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/invar_check_04/test.desc

@@ -1,7 +1,10 @@
-KNOWNBUG # --check-code-contracts not implemented yet.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^\[main.1\] Loop invariant violated before entry: SUCCESS$
 ^\[main.2\] Loop invariant not preserved: SUCCESS$
 ^\[main.assertion.1\] assertion r==0: FAILURE$
 ^VERIFICATION FAILED$
+--
+--
+--check-code-contracts not implemented yet.

regression/contracts/invar_loop_constant/main.c

@@ -7,7 +7,8 @@
 
 #include <assert.h>
 
-int main() {
+int main()
+{
   int r;
   int s = 1;
   __CPROVER_assume(r >= 0);

regression/contracts/invar_loop_constant/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # Loop invariant checking throws away more information than needed.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Loop invariant checking throws away more information than needed.

regression/contracts/quicksort_contracts_01/main.c

@@ -50,21 +50,26 @@ __CPROVER_ensures(
     1 == 1
   )
   {
-    if(arr[h] <= pivot && arr[l] >= pivot) {
+    if(arr[h] <= pivot && arr[l] >= pivot)
+    {
       swap(arr + h, arr + l);
-      if(pivot_idx == h) {
+      if(pivot_idx == h)
+      {
         pivot_idx = l;
         h--;
       }
-      if(pivot_idx == l) {
+      if(pivot_idx == l)
+      {
         pivot_idx = h;
         l++;
       }
     }
-    else if(arr[h] <= pivot) {
+    else if(arr[h] <= pivot)
+    {
       l++;
     }
-    else {
+    else
+    {
       h--;
     }
   }
@@ -83,7 +88,8 @@ __CPROVER_ensures(
   1 == 1
 )
 {
-  if (len <= 1) {
+  if (len <= 1)
+  {
     return;
   }
   int* new_ghost = malloc(len * sizeof(int));
@@ -99,7 +105,8 @@ __CPROVER_ensures(
   free(new_ghost);
 }
 
-int main() {
+int main()
+{
   int arr[5] = {1, 2, 3, 0, 4};
   int arr_ghost[5] = {1, 2, 3, 0, 4};
   quicksort(arr_ghost, arr, 5);

regression/contracts/quicksort_contracts_01/test.desc

@@ -1,6 +1,9 @@
-KNOWNBUG # Loop invariants are overzealous in deciding what counts as side effects.
+KNOWNBUG
 main.c
 --check-code-contracts
 ^EXIT=0$
 ^SIGNAL=0$
 ^VERIFICATION SUCCESSFUL$
+--
+--
+Loop invariants are overzealous in deciding what counts as side effects.