Merge pull request diffblue#4271 from tautschnig/pthread_cond_wait

pthread_cond_wait may return spuriously

Author: tautschnig

regression/cbmc-library/CMakeLists.txt

@@ -1,3 +1,13 @@
+if(NOT WIN32)
 add_test_pl_tests(
     "$<TARGET_FILE:cbmc>"
 )
+else()
+add_test_pl_tests(
+    "$<TARGET_FILE:cbmc>"
+    "cbmc-library"
+    "$<TARGET_FILE:cbmc>"
+    "-C;-X;pthread"
+    "CORE"
+)
+endif()

regression/cbmc-library/Makefile

@@ -1,10 +1,17 @@
 default: tests.log
 
+include ../../src/config.inc
+include ../../src/common
+
+ifeq ($(BUILD_ENV_),MSVC)
+	no_pthread = -X pthread
+endif
+
 test:
-	@../test.pl -e -p -c ../../../src/cbmc/cbmc
+	@../test.pl -e -p -c ../../../src/cbmc/cbmc $(no_pthread)
 
 tests.log: ../test.pl
-	@../test.pl -e -p -c ../../../src/cbmc/cbmc
+	@../test.pl -e -p -c ../../../src/cbmc/cbmc $(no_pthread)
 
 show:
 	@for dir in *; do \

regression/cbmc-library/pthread_barrier_destroy-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_barrier_init-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_barrier_wait-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_cancel-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_cond_broadcast-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_cond_init-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_cond_signal-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_cond_wait-01/main.c

@@ -1,9 +1,32 @@
 #include <assert.h>
-#include <pthread_lib.h>
+#include <pthread.h>
+
+pthread_mutex_t lock;
+pthread_cond_t cond;
+
+// only accessed in critical section guarded by mutex, so there is no need to
+// make this variable atomic or volatile
+int x;
+
+void *thread(void *arg)
+{
+  (void)arg;
+  pthread_mutex_lock(&lock);
+  pthread_cond_wait(&cond, &lock);
+  // may fail: pthread_cond_wait can be waken up spuriously (see man
+  // pthread_cond_wait)
+  assert(x == 1);
+  pthread_mutex_unlock(&lock);
+  return NULL;
+}
 
 int main()
 {
-  pthread_cond_wait();
-  assert(0);
-  return 0;
+  pthread_t t;
+  pthread_mutex_init(&lock, 0);
+  pthread_cond_init(&cond, 0);
+  pthread_create(&t, NULL, thread, NULL);
+  x = 1;
+  pthread_cond_broadcast(&cond);
+  pthread_join(t, NULL);
 }

regression/cbmc-library/pthread_cond_wait-01/test.desc

@@ -1,8 +1,9 @@
-KNOWNBUG
+CORE pthread
 main.c
---pointer-check --bounds-check
-^EXIT=0$
+--bounds-check
+^EXIT=10$
 ^SIGNAL=0$
-^VERIFICATION SUCCESSFUL$
+^\*\* 1 of 2 failed
+^VERIFICATION FAILED$
 --
 ^warning: ignoring

regression/cbmc-library/pthread_create-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_exit-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_join-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutex_destroy-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutex_init-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutex_lock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutex_trylock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutex_unlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_mutexattr_settype-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_destroy-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_init-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_rdlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_tryrdlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_trywrlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_unlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_rwlock_wrlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_spin_lock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_spin_trylock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

regression/cbmc-library/pthread_spin_unlock-01/test.desc

@@ -1,4 +1,4 @@
-KNOWNBUG
+KNOWNBUG pthread
 main.c
 --pointer-check --bounds-check
 ^EXIT=0$

src/ansi-c/library/pthread_lib.c

@@ -636,8 +636,8 @@ inline int pthread_cond_wait(
   #endif
 
   __CPROVER_atomic_begin();
-  __CPROVER_assume(*((unsigned *)cond));
-  (*((unsigned *)cond))--;
+  if(*((unsigned *)cond))
+    (*((unsigned *)cond))--;
   __CPROVER_atomic_end();
 
   return 0; // we never fail