Supports quantifiers in function contracts

[ArenBabikian]

This PR adds support for quantified expressions in function contracts. The current implementation handles cases where a function contract is only composed of a single quantified expression. Additionally, nested quantified expressions are not yet supported.

This PR might be a continuation of #2278.
Additionally, #5968 is a follow-up to this PR.

---

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #5959 (edeaf56) into develop (2459a7a) will decrease coverage by 0.96%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #5959      +/-   ##
===========================================
- Coverage    75.01%   74.05%   -0.97%     
===========================================
  Files         1431     1444      +13     
  Lines       155609   157328    +1719     
===========================================
- Hits        116732   116503     -229     
- Misses       38877    40825    +1948     

Impacted Files	Coverage Δ
src/goto-instrument/code_contracts.h	94.11% <ø> (ø)
src/goto-instrument/code_contracts.cpp	83.93% <100.00%> (+0.39%)	⬆️
src/goto-programs/link_goto_model.cpp	0.00% <0.00%> (-77.97%)	⬇️
src/ansi-c/literals/convert_character_literal.cpp	31.70% <0.00%> (-36.59%)	⬇️
...rc/ansi-c/c_typecheck_gcc_polymorphic_builtins.cpp	51.96% <0.00%> (-28.97%)	⬇️
src/goto-programs/remove_returns.cpp	74.84% <0.00%> (-24.53%)	⬇️
src/ansi-c/c_typecheck_base.cpp	55.37% <0.00%> (-22.87%)	⬇️
src/ansi-c/scanner.l	41.15% <0.00%> (-20.58%)	⬇️
src/ansi-c/literals/convert_float_literal.cpp	73.80% <0.00%> (-19.05%)	⬇️
src/ansi-c/padding.cpp	76.34% <0.00%> (-17.02%)	⬇️
... and 98 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2459a7a...edeaf56. Read the comment docs.

[ArenBabikian]

I have assess all code review comments with the exception of this comment about using INVARIANT() for handling quantifiers (I believe that in the medium-to-long-term, this would not be useful).

[feliperodri]

LGTM, I only spotted a few more typos and minor comments. Thank you for implementing all comments!!

[feliperodri]

Could you tag here the GitHub issue to track this comment?

[martin-cs]

Looks good. In the perfect world, the code changes and the regression tests would be in separate commits but don't worry about changing that unless you have to push a new version.

[martin-cs]

Have you tried the SMT back-end?

[martin-cs]

I don't think it should be an INVARIANT because it can be triggered by user input. Some kind of warning / error and an issue would be amazing.

[SaswatPadhi]

I think len should also be initialized (to 8).

[ArenBabikian]

Such a case is already tested for in the quantifiers-forall-both-01 test, and it works with the current implementation. The purpose of this test is in fact to check wether CBMC can handle cases where the range of the quantified variable is not explicitly set a priori.