Return value removal: handle missing declarations more gracefully

[tautschnig]

If a function is used before it is defined, a signature of int f(void)
is assumed. Then trying to use the (possibly non-existent) return value
fails during return-statement removal. In such cases, just assume a
non-deterministic value is being returned.

Found by running C-Reduce on a CSmith-generated example.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Base: 78.25% // Head: 78.26% // Increases project coverage by +0.00% 🎉

Coverage data is based on head (05e5be3) compared to base (babbd24).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #5671   +/-   ##
========================================
  Coverage    78.25%   78.26%           
========================================
  Files         1642     1642           
  Lines       189749   189757    +8     
========================================
+ Hits        148487   148505   +18     
+ Misses       41262    41252   -10     

Impacted Files	Coverage Δ
src/goto-programs/builtin_functions.cpp	58.95% <100.00%> (+0.43%)	⬆️
src/goto-programs/remove_returns.cpp	98.15% <100.00%> (ø)
src/goto-programs/goto_program.cpp	81.80% <0.00%> (+1.55%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[martin-cs]

I feel like the test could be further developed to show what happens when you actually call this / where this goes wrong. The "VERIFICATION SUCCESSFUL" is technically correct but I feel like it is almost a bit in bad faith. How about:

void a()
{
  int b = c();  // Uses the implicit signature of undefined functions: int c(void)
  assert(b == 0);
}
void c(void)
{
  // Actually... don't return anything
  // So the results will be non-deterministic
}

int main(int argc, char **argv) {
  a();
  return 0;
}

[tautschnig]

I feel like the test could be further developed to show what happens when you actually call this / where this goes wrong. The "VERIFICATION SUCCESSFUL" is technically correct but I feel like it is almost a bit in bad faith. How about:

[...]

Thank you - shamelessly took this code verbatim to replace the regression test.

[kroening]

Should this become a hard error in C99/C11? Clang won't have it.