Merge branch 'develop' of github.com:diffblue/cbmc into develop

Author: Daniel Kroening

.travis.yml

@@ -66,7 +66,7 @@ jobs:
         - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
       env:
-        - COMPILER="ccache g++-5"
+        - COMPILER="ccache /usr/bin/g++-5"
         - EXTRA_CXXFLAGS="-D_GLIBCXX_DEBUG"
 
     # OS X using g++
@@ -76,10 +76,8 @@ jobs:
       compiler: gcc
       cache: ccache
       before_install:
-          #we create symlink to non-ccache gcc, to be used in tests
-        - mkdir bin ; ln -s /usr/bin/gcc bin/gcc
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
-        - export PATH=/usr/local/opt/ccache/libexec:$PATH
+        - export PATH=$PATH:/usr/local/opt/ccache/libexec
       env: COMPILER="ccache g++"
 
     # OS X using clang++
@@ -90,7 +88,7 @@ jobs:
       cache: ccache
       before_install:
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
-        - export PATH=/usr/local/opt/ccache/libexec:$PATH
+        - export PATH=$PATH:/usr/local/opt/ccache/libexec
       env:
         - COMPILER="ccache clang++ -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
@@ -113,7 +111,7 @@ jobs:
         - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       # env: COMPILER=g++-5 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover -fno-omit-frame-pointer"
       env:
-        - COMPILER="ccache g++-5"
+        - COMPILER="ccache /usr/bin/g++-5"
         - EXTRA_CXXFLAGS="-DDEBUG"
       script: echo "Not running any tests for a debug build."
 
@@ -138,7 +136,7 @@ jobs:
         - export CCACHE_CPP2=yes
       # env: COMPILER=clang++-3.7 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined,integer -fno-omit-frame-pointer"
       env:
-        - COMPILER="ccache clang++-3.7 -Qunused-arguments -fcolor-diagnostics"
+        - COMPILER="ccache /usr/bin/clang++-3.7 -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
         - EXTRA_CXXFLAGS="-DNDEBUG"
 
@@ -163,14 +161,15 @@ jobs:
         - export CCACHE_CPP2=yes
       # env: COMPILER=clang++-3.7 SAN_FLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined,integer -fno-omit-frame-pointer"
       env:
-        - COMPILER="ccache clang++-3.7 -Qunused-arguments -fcolor-diagnostics"
+        - COMPILER="ccache /usr/bin/clang++-3.7 -Qunused-arguments -fcolor-diagnostics"
         - CCACHE_CPP2=yes
         - EXTRA_CXXFLAGS="-DDEBUG -DUSE_STD_STRING"
       script: echo "Not running any tests for a debug build."
 
     # cmake build using g++-5
     - stage: Test different OS/CXX/Flags
       os: linux
+      compiler: gcc
       cache: ccache
       env:
         - BUILD_SYSTEM=cmake
@@ -180,19 +179,22 @@ jobs:
             - ubuntu-toolchain-r-test
           packages:
             - g++-5
+      before_install:
+        - mkdir bin ; ln -s /usr/bin/gcc-5 bin/gcc
       install:
         - ccache -z
         - ccache --max-size=1G
-        - cmake -H. -Bbuild '-DCMAKE_BUILD_TYPE=Release' '-DCMAKE_CXX_COMPILER=g++-5'
+        - cmake -H. -Bbuild '-DCMAKE_BUILD_TYPE=Release'  '-DCMAKE_CXX_COMPILER=/usr/bin/g++-5'
         - cmake --build build -- -j4
       script: (cd build; ctest -V -L CORE -j2)
 
     - stage: Test different OS/CXX/Flags
       os: osx
+      compiler: clang
       cache: ccache
       before_install:
         - HOMEBREW_NO_AUTO_UPDATE=1 brew install ccache
-        - export PATH=/usr/local/opt/ccache/libexec:$PATH
+        - export PATH=$PATH:/usr/local/opt/ccache/libexec
       env:
         - BUILD_SYSTEM=cmake
         - CCACHE_CPP2=yes
@@ -247,11 +249,11 @@ jobs:
 
 install:
   - ccache -z
-  - ccache --max-size=1G
+  - ccache --max-size=2G
   - make -C src minisat2-download
   - make -C src/ansi-c library_check
-  - make -C src "CXX=${COMPILER}" "CXXFLAGS=-Wall -Werror -pedantic -O2 -g ${EXTRA_CXXFLAGS}" -j2
-  - make -C src "CXX=${COMPILER}" "CXXFLAGS=-Wall -Werror -pedantic -O2 -g ${EXTRA_CXXFLAGS}" -j2 clobber.dir memory-models.dir
+  - make -C src "CXX=${COMPILER}" "CXXFLAGS=-Wall -Werror -pedantic -O2 -g ${EXTRA_CXXFLAGS}" -j3
+  - make -C src "CXX=${COMPILER}" "CXXFLAGS=-Wall -Werror -pedantic -O2 -g ${EXTRA_CXXFLAGS}" -j3 clobber.dir memory-models.dir
 
 script:
   - if [ -e bin/gcc ] ; then export PATH=$PWD/bin:$PATH ; fi ;

CODEOWNERS

@@ -46,6 +46,8 @@ src/cpp/ @kroening @tautschnig @peterschrammel
 
 # These files change frequently and changes are low-risk
 
+src/util/irep_ids.def @diffblue/cbmc-developers
+
 unit/ @diffblue/cbmc-developers
 regression/ @diffblue/cbmc-developers
 

regression/cbmc/fgets1/test.desc

@@ -5,6 +5,6 @@ main.c
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
 \[main.assertion.3\] assertion p\[1\]=='b': FAILURE
-\*\* 1 of \d+ failed 
+\*\* 2 of \d+ failed
 --
 ^warning: ignoring

regression/cbmc/read1/main.c

@@ -0,0 +1,19 @@
+#ifdef _WIN32
+#include <io.h>
+#else
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+
+int main()
+{
+	char data[20];
+
+	if(read(0, data, 100) < 0)
+		printf("An error has occurred");
+	else
+		printf("Read occurred");
+
+	return 0;
+}

regression/cbmc/read1/test.desc

@@ -0,0 +1,10 @@
+CORE
+main.c
+--bounds-check --pointer-check --unwind 100
+^EXIT=10$
+^SIGNAL=0$
+^VERIFICATION FAILED$
+\[.*] dereference failure: pointer outside object bounds in .*: FAILURE
+\*\* 1 of .* failed \(.*\)
+--
+^warning: ignoring

regression/cbmc/return6/f_def.c

@@ -0,0 +1,4 @@
+unsigned f()
+{
+  return 0x34;
+}

regression/cbmc/return6/main.c

@@ -0,0 +1,11 @@
+#include <assert.h>
+
+// Do not declare f().
+// This is invalid from C99 upwards, but kind of ok before.
+
+int main()
+{
+  int return_value;
+  return_value=f();
+  assert(return_value==0x34);
+}

regression/cbmc/return6/test.desc

@@ -0,0 +1,9 @@
+CORE
+main.c
+f_def.c
+^EXIT=6$
+^SIGNAL=0$
+CONVERSION ERROR
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

src/analyses/invariant_propagation.cpp

@@ -173,10 +173,13 @@ void invariant_propagationt::get_globals(
   object_listt &dest)
 {
   // static ones
-  forall_symbols(it, ns.get_symbol_table().symbols)
-    if(it->second.is_lvalue &&
-       it->second.is_static_lifetime)
-      get_objects(it->second, dest);
+  for(const auto &symbol_pair : ns.get_symbol_table().symbols)
+  {
+    if(symbol_pair.second.is_lvalue && symbol_pair.second.is_static_lifetime)
+    {
+      get_objects(symbol_pair.second, dest);
+    }
+  }
 }
 
 bool invariant_propagationt::check_type(const typet &type) const

src/ansi-c/library/stdio.c

@@ -247,6 +247,9 @@ char *fgets(char *str, int size, FILE *stream)
   {
     int str_length=__VERIFIER_nondet_int();
     __CPROVER_assume(str_length>=0 && str_length<size);
+    // check that the memory is accessible
+    (void)*(char *)str;
+    (void)*(((const char *)str) + str_length - 1);
     char contents_nondet[str_length];
     __CPROVER_array_replace(str, contents_nondet);
     if(!error)

src/ansi-c/library/unistd.c

@@ -123,27 +123,30 @@ inline int _close(int fildes)
 // write to _write; this is covered by the explicit definition of
 // _write below
 #ifdef _MSC_VER
-#define ssize_t signed long
+#define ret_type int
+#define size_type unsigned
 #else
 #ifndef __CPROVER_SYS_TYPES_H_INCLUDED
 #include <sys/types.h>
 #define __CPROVER_SYS_TYPES_H_INCLUDED
 #endif
+#define ret_type ssize_t
+#define size_type size_t
 #endif
 
 extern struct __CPROVER_pipet __CPROVER_pipes[];
 // offset to make sure we don't collide with other fds
 extern const int __CPROVER_pipe_offset;
 
-ssize_t __VERIFIER_nondet_ssize_t();
+ret_type __VERIFIER_nondet_ret_type();
 
-ssize_t write(int fildes, const void *buf, size_t nbyte)
+ret_type write(int fildes, const void *buf, size_type nbyte)
 {
   __CPROVER_HIDE:;
   if((fildes>=0 && fildes<=2) || fildes < __CPROVER_pipe_offset)
   {
-    ssize_t retval=__VERIFIER_nondet_ssize_t();
-    __CPROVER_assume(retval>=-1 && retval<=(ssize_t)nbyte);
+    ret_type retval=__VERIFIER_nondet_ret_type();
+    __CPROVER_assume(retval>=-1 && retval<=(ret_type)nbyte);
     return retval;
   }
 
@@ -156,7 +159,7 @@ ssize_t write(int fildes, const void *buf, size_t nbyte)
       sizeof(__CPROVER_pipes[fildes].data) >=
       __CPROVER_pipes[fildes].next_avail+nbyte)
   {
-    for(size_t i=0; i<nbyte; ++i)
+    for(size_type i=0; i<nbyte; ++i)
       __CPROVER_pipes[fildes].data[i+__CPROVER_pipes[fildes].next_avail]=
         ((char*)buf)[i];
     __CPROVER_pipes[fildes].next_avail+=nbyte;
@@ -169,17 +172,20 @@ ssize_t write(int fildes, const void *buf, size_t nbyte)
 /* FUNCTION: _write */
 
 #ifdef _MSC_VER
-#define ssize_t signed long
+#define ret_type int
+#define size_type unsigned
 #else
 #ifndef __CPROVER_SYS_TYPES_H_INCLUDED
 #include <sys/types.h>
 #define __CPROVER_SYS_TYPES_H_INCLUDED
 #endif
+#define ret_type ssize_t
+#define size_type size_t
 #endif
 
-ssize_t write(int fildes, const void *buf, size_t nbyte);
+ret_type write(int fildes, const void *buf, size_type nbyte);
 
-inline ssize_t _write(int fildes, const void *buf, size_t nbyte)
+inline ret_type _write(int fildes, const void *buf, size_type nbyte)
 {
   __CPROVER_HIDE:;
   return write(fildes, buf, nbyte);
@@ -191,42 +197,54 @@ inline ssize_t _write(int fildes, const void *buf, size_t nbyte)
 // read to _read; this is covered by the explicit definition of _read
 // below
 #ifdef _MSC_VER
-#define ssize_t signed long
+#define ret_type int
+#define size_type unsigned
 #else
 #ifndef __CPROVER_SYS_TYPES_H_INCLUDED
 #include <sys/types.h>
 #define __CPROVER_SYS_TYPES_H_INCLUDED
 #endif
+#define ret_type ssize_t
+#define size_type size_t
 #endif
 
 extern struct __CPROVER_pipet __CPROVER_pipes[];
 // offset to make sure we don't collide with other fds
 extern const int __CPROVER_pipe_offset;
 
 __CPROVER_bool __VERIFIER_nondet___CPROVER_bool();
-ssize_t __VERIFIER_nondet_ssize_t();
+ret_type __VERIFIER_nondet_ret_type();
+size_type __VERIFIER_nondet_size_type();
 
-ssize_t read(int fildes, void *buf, size_t nbyte)
+ret_type read(int fildes, void *buf, size_type nbyte)
 {
   __CPROVER_HIDE:;
   if((fildes>=0 && fildes<=2) || fildes < __CPROVER_pipe_offset)
   {
-    ssize_t nread=__VERIFIER_nondet_ssize_t();
-    __CPROVER_assume(0<=nread && (size_t)nread<=nbyte);
+    ret_type nread=__VERIFIER_nondet_ret_type();
+    __CPROVER_assume(0<=nread && (size_type)nread<=nbyte);
 
+    __CPROVER_bool error=__VERIFIER_nondet___CPROVER_bool();
 #if 0
-    size_t i;
+    size_type i;
     for(i=0; i<nbyte; i++)
     {
       char nondet_char;
       ((char *)buf)[i]=nondet_char;
     }
 #else
-    char nondet_bytes[nbyte];
-    __CPROVER_array_replace((char*)buf, nondet_bytes);
+    if(nbyte>0)
+    {
+      size_type str_length=__VERIFIER_nondet_size_type();
+      __CPROVER_assume(error ? str_length<=nbyte : str_length==nbyte);
+      // check that the memory is accessible
+      (void)*(char *)buf;
+      (void)*(((const char *)buf) + str_length - 1);
+      char contents_nondet[str_length];
+      __CPROVER_array_replace((char*)buf, contents_nondet);
+    }
 #endif
 
-    __CPROVER_bool error=__VERIFIER_nondet___CPROVER_bool();
     return error ? -1 : nread;
   }
 
@@ -237,7 +255,7 @@ ssize_t read(int fildes, void *buf, size_t nbyte)
   __CPROVER_atomic_begin();
   if(!__CPROVER_pipes[fildes].widowed)
   {
-    for(size_t i=0; i<nbyte &&
+    for(size_type i=0; i<nbyte &&
       __CPROVER_pipes[fildes].next_unread <
       __CPROVER_pipes[fildes].next_avail;
       ++i)
@@ -258,17 +276,20 @@ ssize_t read(int fildes, void *buf, size_t nbyte)
 /* FUNCTION: _read */
 
 #ifdef _MSC_VER
-#define ssize_t signed long
+#define ret_type int
+#define size_type unsigned
 #else
 #ifndef __CPROVER_SYS_TYPES_H_INCLUDED
 #include <sys/types.h>
 #define __CPROVER_SYS_TYPES_H_INCLUDED
 #endif
+#define ret_type ssize_t
+#define size_type size_t
 #endif
 
-ssize_t read(int fildes, void *buf, size_t nbyte);
+ret_type read(int fildes, void *buf, size_type nbyte);
 
-inline ssize_t _read(int fildes, void *buf, size_t nbyte)
+inline ret_type _read(int fildes, void *buf, size_type nbyte)
 {
   __CPROVER_HIDE:;
   return read(fildes, buf, nbyte);