Abort after failing C assert

tautschnig · tautschnig · commit 9b215f7f664e · 2021-04-02T21:14:27.000Z
The C standard specifies behaviour of the "assert" macro as resulting in
an abort when the condition does not evaluate to true. Implement this
behaviour by inserting assume(0) after assert(0).
diff --git a/regression/cbmc-incr-oneloop/multiple-asserts/test.c b/regression/cbmc-incr-oneloop/multiple-asserts/test.c
@@ -2,8 +2,8 @@ int main()
 {
   for(int i = 0; i < 10; ++i)
   {
-    assert(i != 5);
-    assert(i != 8);
+    __CPROVER_assert(i != 5, "i != 5");
+    __CPROVER_assert(i != 8, "i != 8");
   }
   return 0;
 }
diff --git a/regression/cbmc/Bool5/test.desc b/regression/cbmc/Bool5/test.desc
@@ -1,7 +1,7 @@
 CORE
 main.c
 
-Generated 4 VCC\(s\), 0 remaining after simplification
+Generated [34] VCC\(s\), 0 remaining after simplification
 ^VERIFICATION SUCCESSFUL$
 ^EXIT=0$
 ^SIGNAL=0$
diff --git a/regression/cbmc/Quantifiers-not-exists/fixed.c b/regression/cbmc/Quantifiers-not-exists/fixed.c
@@ -10,33 +10,43 @@ int main()
   // NOLINTNEXTLINE(whitespace/line_length)
   __CPROVER_assume(!__CPROVER_exists { int i; (i>=0 && i<2) && (__CPROVER_exists{int j; (j>=0 && j<2) && a[i][j]<=10}) });
 
-  assert(0);
+  __CPROVER_assert(0, "0");
 
   // NOLINTNEXTLINE(whitespace/line_length)
   __CPROVER_assume(__CPROVER_forall { int i; (i>=0 && i<2) ==> (!__CPROVER_exists{int j; (j>=0 && j<2) && b[i][j]>=1 && b[i][j]<=10}) });
 
-  assert(0);
+  __CPROVER_assert(0, "0");
 
   // NOLINTNEXTLINE(whitespace/line_length)
   __CPROVER_assume(!__CPROVER_exists { int i; (i>=0 && i<2) && (!__CPROVER_exists{int j; (j>=0 && j<2) && (c[i][j]==0 || c[i][j]<=10)}) });
 
-  assert(0);
+  __CPROVER_assert(0, "0");
 
   // NOLINTNEXTLINE(whitespace/line_length)
   __CPROVER_assume(!__CPROVER_exists { int i; (i>=0 && i<2) && (__CPROVER_forall{int j; (j>=0 && j<2) ==> d[i][j]>=1 && d[i][j]<=10}) });
   // clang-format on
 
-  assert(0);
+  __CPROVER_assert(0, "0");
 
-  assert(a[0][0] > 10);
+  __CPROVER_assert(a[0][0] > 10, "a[0][0] > 10");
 
-  assert((b[0][0] < 1 || b[0][0] > 10) && (b[0][1] < 1 || b[0][1] > 10));
-  assert((b[1][0] < 1 || b[1][0] > 10) && (b[1][1] < 1 || b[1][1] > 10));
+  __CPROVER_assert(
+    (b[0][0] < 1 || b[0][0] > 10) && (b[0][1] < 1 || b[0][1] > 10),
+    "(b[0][0] < 1 || b[0][0] > 10) && (b[0][1] < 1 || b[0][1] > 10)");
+  __CPROVER_assert(
+    (b[1][0] < 1 || b[1][0] > 10) && (b[1][1] < 1 || b[1][1] > 10),
+    "(b[1][0] < 1 || b[1][0] > 10) && (b[1][1] < 1 || b[1][1] > 10)");
 
-  assert(c[0][0] == 0 || c[0][1] == 0 || c[1][0] <= 10 || c[1][1] <= 10);
+  __CPROVER_assert(
+    c[0][0] == 0 || c[0][1] == 0 || c[1][0] <= 10 || c[1][1] <= 10,
+    "(b[1][0] < 1 || b[1][0] > 10) && (b[1][1] < 1 || b[1][1] > 10)");
 
-  assert(((d[0][0] < 1 || d[0][0] > 10) || (d[0][1] < 1 || d[0][1] > 10)));
-  assert(((d[1][0] < 1 || d[1][0] > 10) || (d[1][1] < 1 || d[1][1] > 10)));
+  __CPROVER_assert(
+    ((d[0][0] < 1 || d[0][0] > 10) || (d[0][1] < 1 || d[0][1] > 10)),
+    "((d[0][0] < 1 || d[0][0] > 10) || (d[0][1] < 1 || d[0][1] > 10))");
+  __CPROVER_assert(
+    ((d[1][0] < 1 || d[1][0] > 10) || (d[1][1] < 1 || d[1][1] > 10)),
+    "((d[1][0] < 1 || d[1][0] > 10) || (d[1][1] < 1 || d[1][1] > 10))");
 
   return 0;
 }
diff --git a/regression/cbmc/Quantifiers-not-exists/fixed.desc b/regression/cbmc/Quantifiers-not-exists/fixed.desc
@@ -2,12 +2,12 @@ CORE
 fixed.c
 
 ^\*\* Results:$
-^\[main.assertion.5\] line 31 assertion a\[.*\]\[.*\] > 10: SUCCESS$
-^\[main.assertion.6\] line 33 assertion tmp_if_expr\$\d+: SUCCESS$
-^\[main.assertion.7\] line 34 assertion tmp_if_expr\$\d+: SUCCESS$
-^\[main.assertion.8\] line 36 assertion tmp_if_expr\$\d+: SUCCESS$
-^\[main.assertion.9\] line 38 assertion tmp_if_expr\$\d+: SUCCESS$
-^\[main.assertion.10\] line 39 assertion tmp_if_expr\$\d+: SUCCESS$
+^\[main.assertion.5\] line 31 a\[0\]\[0\] > 10: SUCCESS$
+^\[main.assertion.6\] line 33 .*: SUCCESS$
+^\[main.assertion.7\] line 36 .*: SUCCESS$
+^\[main.assertion.8\] line 40 .*: SUCCESS$
+^\[main.assertion.9\] line 44 .*: SUCCESS$
+^\[main.assertion.10\] line 47 .*: SUCCESS$
 ^\*\* 4 of 10 failed
 ^VERIFICATION FAILED$
 ^EXIT=10$
diff --git a/regression/cbmc/double_deref/double_deref.c b/regression/cbmc/double_deref/double_deref.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 int main(int argc, char **argv)
@@ -12,5 +10,5 @@ int main(int argc, char **argv)
 
   pptr = (argc == 5 ? &ptr1 : &ptr2);
 
-  assert(**pptr == argc);
+  __CPROVER_assert(**pptr == argc, "**pptr == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_single_alias.c b/regression/cbmc/double_deref/double_deref_single_alias.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 int main(int argc, char **argv)
@@ -10,5 +8,5 @@ int main(int argc, char **argv)
 
   pptr = &ptr1;
 
-  assert(**pptr == argc);
+  __CPROVER_assert(**pptr == argc, "**pptr == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_cast.c b/regression/cbmc/double_deref/double_deref_with_cast.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 int main(int argc, char **argv)
@@ -12,5 +10,5 @@ int main(int argc, char **argv)
 
   pptr = (argc == 1 ? &ptr1 : &ptr2);
 
-  assert(*(int *)*pptr == argc);
+  __CPROVER_assert(*(int *)*pptr == argc, "*(int *)*pptr == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_cast_single_alias.c b/regression/cbmc/double_deref/double_deref_with_cast_single_alias.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 int main(int argc, char **argv)
@@ -10,5 +8,5 @@ int main(int argc, char **argv)
 
   pptr = &ptr1;
 
-  assert(*(int *)*pptr == argc);
+  __CPROVER_assert(*(int *)*pptr == argc, "*(int *)*pptr == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_member.c b/regression/cbmc/double_deref/double_deref_with_member.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 struct container
@@ -18,5 +16,5 @@ int main(int argc, char **argv)
 
   cptr = (argc == 1 ? &container1 : &container2);
 
-  assert(*(cptr->iptr) == argc);
+  __CPROVER_assert(*(cptr->iptr) == argc, "*(cptr->iptr) == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_member_single_alias.c b/regression/cbmc/double_deref/double_deref_with_member_single_alias.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 struct container
@@ -16,5 +14,5 @@ int main(int argc, char **argv)
 
   cptr = &container1;
 
-  assert(*(cptr->iptr) == argc);
+  __CPROVER_assert(*(cptr->iptr) == argc, "*(cptr->iptr) == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_pointer_arithmetic.c b/regression/cbmc/double_deref/double_deref_with_pointer_arithmetic.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 struct container
@@ -18,5 +16,6 @@ int main(int argc, char **argv)
   new_ptrs[argc % 2] = iptr1;
   new_ptrs[1 - (argc % 2)] = iptr2;
 
-  assert(*(new_ptrs[argc % 2]) == argc);
+  __CPROVER_assert(
+    *(new_ptrs[argc % 2]) == argc, "*(new_ptrs[argc % 2]) == argc");
 }
diff --git a/regression/cbmc/double_deref/double_deref_with_pointer_arithmetic_single_alias.c b/regression/cbmc/double_deref/double_deref_with_pointer_arithmetic_single_alias.c
@@ -1,5 +1,3 @@
-
-#include <assert.h>
 #include <stdlib.h>
 
 struct container
@@ -15,5 +13,6 @@ int main(int argc, char **argv)
 
   new_ptrs[argc % 2] = iptr1;
 
-  assert(*(new_ptrs[argc % 2]) == argc);
+  __CPROVER_assert(
+    *(new_ptrs[argc % 2]) == argc, "*(new_ptrs[argc % 2]) == argc");
 }
diff --git a/regression/cbmc/json-interface1/main.c b/regression/cbmc/json-interface1/main.c
@@ -1,12 +1,10 @@
-#include <assert.h>
-
 void foo(int x)
 {
   for(int i = 0; i < 5; ++i)
   {
     if(x)
-      assert(0);
-    assert(0);
+      __CPROVER_assert(0, "0");
+    __CPROVER_assert(0, "0");
   }
-  assert(0);
+  __CPROVER_assert(0, "0");
 }
diff --git a/regression/cbmc/json-interface1/test.desc b/regression/cbmc/json-interface1/test.desc
@@ -4,9 +4,9 @@ CORE broken-smt-backend
 activate-multi-line-match
 ^EXIT=10$
 ^SIGNAL=0$
-Not unwinding loop foo\.0 iteration 3 file main\.c line 5 function foo thread 0
-\{\n\s*"description": "assertion 0",\n\s*"property": "foo\.assertion\.(1|3)",\n\s*"status": "SUCCESS"\n\s*\}
-\{\n\s*"description": "assertion 0",\n\s*"property": "foo\.assertion\.(1|3)",\n\s*"status": "FAILURE",\n\s*"trace": \[
+Not unwinding loop foo\.0 iteration 3 file main\.c line 3 function foo thread 0
+\{\n\s*"description": "0",\n\s*"property": "foo\.assertion\.(1|3)",\n\s*"status": "SUCCESS"\n\s*\}
+\{\n\s*"description": "0",\n\s*"property": "foo\.assertion\.(1|3)",\n\s*"status": "FAILURE",\n\s*"trace": \[
 VERIFICATION FAILED
 --
 "property": "foo\.assertion\.2"
diff --git a/regression/cbmc/multiple-goto-traces/main.c b/regression/cbmc/multiple-goto-traces/main.c
@@ -1,14 +1,12 @@
-#include <assert.h>
-
 int main(int argc, char **argv)
 {
-  assert(4 != argc);
+  __CPROVER_assert(4 != argc, "4 != argc");
   argc++;
   argc--;
-  assert(argc >= 1);
-  assert(argc != 4);
+  __CPROVER_assert(argc >= 1, "argc >= 1");
+  __CPROVER_assert(argc != 4, "argc != 4");
   argc++;
   argc--;
-  assert(argc + 1 != 5);
+  __CPROVER_assert(argc + 1 != 5, "argc + 1 != 5");
   return 0;
 }
diff --git a/regression/cbmc/multiple-goto-traces/test.desc b/regression/cbmc/multiple-goto-traces/test.desc
@@ -5,7 +5,7 @@ activate-multi-line-match
 ^EXIT=10$
 ^SIGNAL=0$
 VERIFICATION FAILED
-Trace for main\.assertion\.1:(\n.*){22}  assertion 4 \!= argc(\n.*){5}Trace for main\.assertion\.3:(\n.*){36}  assertion argc != 4(\n.*){5}Trace for main\.assertion\.4:(\n.*){50}  assertion argc \+ 1 != 5
+Trace for main\.assertion\.1:(\n.*){22}  4 \!= argc(\n.*){5}Trace for main\.assertion\.3:(\n.*){36}  argc != 4(\n.*){5}Trace for main\.assertion\.4:(\n.*){50}  argc \+ 1 != 5
 \*\* 3 of 4 failed
 --
 ^warning: ignoring
diff --git a/regression/cbmc/r_w_ok1/test.desc b/regression/cbmc/r_w_ok1/test.desc
@@ -2,7 +2,7 @@ CORE
 main.c
 
 __CPROVER_[rw]_ok\(arbitrary_size, n \+ 1\): FAILURE$
-^\*\* 2 of 12 failed
+^\*\* [12] of 12 failed
 ^VERIFICATION FAILED$
 ^EXIT=10$
 ^SIGNAL=0$
diff --git a/regression/cbmc/r_w_ok5/main.c b/regression/cbmc/r_w_ok5/main.c
@@ -1,17 +1,16 @@
-#include <assert.h>
 #include <stdlib.h>
 
 void main()
 {
   char c[2];
-  assert(__CPROVER_r_ok(c, 2));
-  assert(!__CPROVER_r_ok(c, 2));
-  assert(__CPROVER_r_ok(c, 3));
-  assert(!__CPROVER_r_ok(c, 3));
+  __CPROVER_assert(__CPROVER_r_ok(c, 2), "__CPROVER_r_ok(c, 2)");
+  __CPROVER_assert(!__CPROVER_r_ok(c, 2), "!__CPROVER_r_ok(c, 2)");
+  __CPROVER_assert(__CPROVER_r_ok(c, 3), "__CPROVER_r_ok(c, 3)");
+  __CPROVER_assert(!__CPROVER_r_ok(c, 3), "!__CPROVER_r_ok(c, 3)");
 
   char *p = malloc(2);
-  assert(__CPROVER_r_ok(c, 2));
-  assert(!__CPROVER_r_ok(c, 2));
-  assert(__CPROVER_r_ok(p, 3));
-  assert(!__CPROVER_r_ok(p, 3));
+  __CPROVER_assert(__CPROVER_r_ok(c, 2), "__CPROVER_r_ok(c, 2)");
+  __CPROVER_assert(!__CPROVER_r_ok(c, 2), "!__CPROVER_r_ok(c, 2)");
+  __CPROVER_assert(__CPROVER_r_ok(p, 3), "__CPROVER_r_ok(p, 3)");
+  __CPROVER_assert(!__CPROVER_r_ok(p, 3), "!__CPROVER_r_ok(p, 3)");
 }
diff --git a/regression/cbmc/r_w_ok6/main.c b/regression/cbmc/r_w_ok6/main.c
@@ -1,4 +1,3 @@
-#include <assert.h>
 #include <stdlib.h>
 
 void main()
@@ -15,12 +14,12 @@ void main()
     p = malloc(3);
   }
 
-  assert(__CPROVER_r_ok(p, 2));
-  assert(!__CPROVER_r_ok(p, 2));
+  __CPROVER_assert(__CPROVER_r_ok(p, 2), "__CPROVER_r_ok(p, 2)");
+  __CPROVER_assert(!__CPROVER_r_ok(p, 2), "!__CPROVER_r_ok(p, 2)");
 
-  assert(__CPROVER_r_ok(p, 3));
-  assert(!__CPROVER_r_ok(p, 3));
+  __CPROVER_assert(__CPROVER_r_ok(p, 3), "__CPROVER_r_ok(p, 3)");
+  __CPROVER_assert(!__CPROVER_r_ok(p, 3), "!__CPROVER_r_ok(p, 3)");
 
-  assert(__CPROVER_r_ok(p, 4));
-  assert(!__CPROVER_r_ok(p, 4));
+  __CPROVER_assert(__CPROVER_r_ok(p, 4), "__CPROVER_r_ok(p, 4)");
+  __CPROVER_assert(!__CPROVER_r_ok(p, 4), "!__CPROVER_r_ok(p, 4)");
 }
diff --git a/regression/cbmc/reachability-slice-interproc/test.c b/regression/cbmc/reachability-slice-interproc/test.c
@@ -1,5 +1,3 @@
-#include <assert.h>
-
 // After a reachability slice based on the assertion in `target`, we should
 // retain both its possible callers (...may_call_target_1, ...may_call_target_2)
 // and their callees, but should be more precise concerning before_target and
@@ -22,7 +20,7 @@ void target()
   const char *local = "target_kept";
 
   before_target();
-  assert(0);
+  __CPROVER_assert(0, "0");
   after_target();
 }
 
diff --git a/regression/cbmc/xml-interface1/main.c b/regression/cbmc/xml-interface1/main.c
@@ -1,12 +1,10 @@
-#include <assert.h>
-
 void foo(int x)
 {
   for(int i = 0; i < 5; ++i)
   {
     if(x)
-      assert(0);
-    assert(0);
+      __CPROVER_assert(0, "0");
+    __CPROVER_assert(0, "0");
   }
-  assert(0);
+  __CPROVER_assert(0, "0");
 }
diff --git a/regression/cbmc/xml-interface1/test.desc b/regression/cbmc/xml-interface1/test.desc
@@ -3,7 +3,7 @@ CORE
 < test.xml
 ^EXIT=10$
 ^SIGNAL=0$
-Not unwinding loop foo\.0 iteration 3 file main\.c line 5 function foo thread 0
+Not unwinding loop foo\.0 iteration 3 file main\.c line 3 function foo thread 0
 <result property="foo\.assertion\.3" status="SUCCESS"/>
 <result property="foo\.assertion\.1" status="FAILURE">
 <goto_trace>
diff --git a/regression/goto-harness/do-not-use-nondet-for-selecting-pointers-to-treat-as-equal/test.c b/regression/goto-harness/do-not-use-nondet-for-selecting-pointers-to-treat-as-equal/test.c
@@ -1,8 +1,8 @@
 void test(int *x, int *y)
 {
-  assert(x);
-  assert(y);
-  assert(x == y);
-  assert(x != y);
-  assert(*x == *y);
+  __CPROVER_assert(x, "x");
+  __CPROVER_assert(y, "y");
+  __CPROVER_assert(x == y, "x == y");
+  __CPROVER_assert(x != y, "x != y");
+  __CPROVER_assert(*x == *y, "*x == *y");
 }
diff --git a/regression/goto-harness/do-not-use-nondet-for-selecting-pointers-to-treat-as-equal/test.desc b/regression/goto-harness/do-not-use-nondet-for-selecting-pointers-to-treat-as-equal/test.desc
@@ -2,11 +2,11 @@ CORE
 test.c
 --function test --harness-type call-function --treat-pointers-equal x,y --treat-pointers-equal-maybe
 should_make_equal
-\[test.assertion.1\] line 3 assertion x: SUCCESS
-\[test.assertion.2\] line 4 assertion y: SUCCESS
-\[test.assertion.3\] line 5 assertion x == y: FAILURE
-\[test.assertion.4\] line 6 assertion x != y: FAILURE
-\[test.assertion.5\] line 7 assertion \*x == \*y: FAILURE
+\[test.assertion.1\] line 3 x: SUCCESS
+\[test.assertion.2\] line 4 y: SUCCESS
+\[test.assertion.3\] line 5 x == y: FAILURE
+\[test.assertion.4\] line 6 x != y: FAILURE
+\[test.assertion.5\] line 7 \*x == \*y: FAILURE
 ^EXIT=10$
 ^SIGNAL=0$
 --
diff --git a/src/goto-programs/builtin_functions.cpp b/src/goto-programs/builtin_functions.cpp

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,8 @@ int main()`
`2`	`2`	`{`
`3`	`3`	`for(int i = 0; i < 10; ++i)`
`4`	`4`	`{`
`5`		`- assert(i != 5);`
`6`		`- assert(i != 8);`
	`5`	`+ __CPROVER_assert(i != 5, "i != 5");`
	`6`	`+ __CPROVER_assert(i != 8, "i != 8");`
`7`	`7`	`}`
`8`	`8`	`return 0;`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-`
`2`		`-#include <assert.h>`
`3`	`1`	`#include <stdlib.h>`
`4`	`2`
`5`	`3`	`int main(int argc, char **argv)`
`@@ -12,5 +10,5 @@ int main(int argc, char **argv)`
`12`	`10`
`13`	`11`	`pptr = (argc == 5 ? &ptr1 : &ptr2);`
`14`	`12`
`15`		`- assert(**pptr == argc);`
	`13`	`+ __CPROVER_assert(pptr == argc, "pptr == argc");`
`16`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,10 @@`
`1`		`-#include <assert.h>`
`2`		`-`
`3`	`1`	`void foo(int x)`
`4`	`2`	`{`
`5`	`3`	`for(int i = 0; i < 5; ++i)`
`6`	`4`	`{`
`7`	`5`	`if(x)`
`8`		`- assert(0);`
`9`		`- assert(0);`
	`6`	`+ __CPROVER_assert(0, "0");`
	`7`	`+ __CPROVER_assert(0, "0");`
`10`	`8`	`}`
`11`		`- assert(0);`
	`9`	`+ __CPROVER_assert(0, "0");`
`12`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`void test(int x, int y)`
`2`	`2`	`{`
`3`		`- assert(x);`
`4`		`- assert(y);`
`5`		`- assert(x == y);`
`6`		`- assert(x != y);`
`7`		`- assert(x == y);`
	`3`	`+ __CPROVER_assert(x, "x");`
	`4`	`+ __CPROVER_assert(y, "y");`
	`5`	`+ __CPROVER_assert(x == y, "x == y");`
	`6`	`+ __CPROVER_assert(x != y, "x != y");`
	`7`	`+ __CPROVER_assert(x == y, "x == y");`
`8`	`8`	`}`