allow multiple loop invariants

[kroening]

This extends the grammar to allow multiple loop invariants for one loop.

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #6214 (b06b263) into develop (0a0a862) will increase coverage by 0.16%.
The diff coverage is 84.82%.

@@             Coverage Diff             @@
##           develop    #6214      +/-   ##
===========================================
+ Coverage    75.20%   75.37%   +0.16%     
===========================================
  Files         1458     1458              
  Lines       161311   161367      +56     
===========================================
+ Hits        121318   121634     +316     
+ Misses       39993    39733     -260     

Impacted Files	Coverage Δ
src/ansi-c/c_typecheck_code.cpp	72.44% <0.00%> (-5.89%)	⬇️
src/goto-instrument/code_contracts.h	95.83% <ø> (ø)
src/goto-programs/goto_convert_class.h	87.30% <ø> (ø)
src/solvers/smt2/smt2_conv.h	100.00% <ø> (ø)
src/solvers/smt2/smt2_dec.h	100.00% <ø> (ø)
src/solvers/smt2/smt2_conv.cpp	66.62% <64.70%> (+0.08%)	⬆️
src/ansi-c/parser.y	79.16% <88.88%> (+18.29%)	⬆️
src/goto-programs/goto_convert.cpp	91.76% <90.00%> (+0.06%)	⬆️
src/goto-instrument/code_contracts.cpp	86.57% <91.30%> (+0.21%)	⬆️
src/solvers/flattening/boolbv.cpp	80.63% <100.00%> (ø)
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e0007f...b06b263. Read the comment docs.

[SaswatPadhi]

I think we should also update the side-effect check:

cbmc/src/goto-programs/goto_convert.cpp

Lines 865 to 877 in 3e0007f

	exprt invariant =
	static_cast<const exprt &>(code.find(ID_C_spec_loop_invariant));
	exprt decreases_clause =
	static_cast<const exprt &>(code.find(ID_C_spec_decreases));
	if(!invariant.is_nil())
	{
	if(has_subexpr(invariant, ID_side_effect))
	{
	throw incorrect_goto_program_exceptiont(
	"Loop invariant is not side-effect free.", code.find_source_location());
	}

I see that the PR is now assigned to me / @feliperodri.
Should I make this change and merge the PR, @kroening?

[kroening]

No need to change this code, has_subexpr will work as required.

[SaswatPadhi]

Thanks!! Indeed, has_subexpr looks at the operands and would work as expected.

[feliperodri]

LGTM.