Initialise variables in symex_target_equation.h

Corrected simplify lhs in ai_domain_baset

The boolean flag was the wrong way round for ai_simplify_lhs - this
corrects this.

Added unit tests to validate the return meaning of ai_simplify_lhs

These tests use a mock implementation of the `ai_domain_baset` interface
just to validate that true means no simplification.

Fix nullptr

Fix linter errors, ignoring big-int and miniz

Allow invariants with structured exceptions

Revert "[depends: diffblue#1063] Use nullptr to represent null pointers (targets master)"

goto-symex^2: goto-symex for symbolic execution

Goto merged before jumping out the goto-symex operator loop, for handling GOTO and ASSERT

Author: reuk

.travis.yml

@@ -159,7 +159,7 @@ install:
 
 script:
   - if [ -e bin/gcc ] ; then export PATH=$PWD/bin:$PATH ; fi ;
-    COMMAND="env UBSAN_OPTIONS=print_stacktrace=1 make -C regression test" &&
+    COMMAND="env UBSAN_OPTIONS=print_stacktrace=1 make -C regression test CXX=\"$COMPILER\" CXXFLAGS=\"-Wall -Werror -pedantic -O2 -g $EXTRA_CXXFLAGS\"" &&
     eval ${PRE_COMMAND} ${COMMAND}
   - COMMAND="make -C unit CXX=\"$COMPILER\" CXXFLAGS=\"-Wall -Werror -pedantic -O2 -g $EXTRA_CXXFLAGS\" -j2" &&
     eval ${PRE_COMMAND} ${COMMAND}

regression/Makefile

@@ -6,6 +6,7 @@ DIRS = ansi-c \
        goto-instrument \
        goto-instrument-typedef \
        goto-diff \
+       invariants \
        test-script \
        # Empty last line
 

regression/cbmc/invariant-failure/main.c

@@ -0,0 +1 @@
+driver

regression/invariants/.gitignore

@@ -0,0 +1,32 @@
+default: tests.log
+
+SRC = driver.cpp
+
+INCLUDES = -I ../../src
+
+OBJ += ../../src/util/util$(LIBEXT)
+
+include ../../src/config.inc
+include ../../src/common
+
+test: driver$(EXEEXT)
+	@if ! ../test.pl -c ../driver ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+tests.log: ../test.pl driver$(EXEEXT)
+	@if ! ../test.pl -c ../driver ; then \
+		../failed-tests-printer.pl ; \
+		exit 1 ; \
+	fi
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.c" "$$dir/*.out"; \
+		fi; \
+	done;
+
+driver$(EXEEXT): $(OBJ)
+	$(LINKBIN)

regression/invariants/Makefile

@@ -0,0 +1,88 @@
+/*******************************************************************\
+
+Module: Invariant violation testing
+
+Author: Chris Smowton, [email protected]
+
+\*******************************************************************/
+
+/// \file
+/// Invariant violation testing
+
+#include <string>
+#include <sstream>
+#include <util/invariant.h>
+
+/// An example of structured invariants-- this contains fields to
+/// describe the error to a catcher, and also produces a human-readable
+/// message containing all the information for use by the current aborting
+/// invariant implementation and/or any generic error catcher in the future.
+class structured_error_testt: public invariant_failedt
+{
+  std::string pretty_print(int code, const std::string &desc)
+  {
+    std::ostringstream ret;
+    ret << "Error code: " << code
+        << "\nDescription: " << desc;
+    return ret.str();
+  }
+
+public:
+  const int error_code;
+  const std::string description;
+
+  structured_error_testt(
+    const std::string &file,
+    const std::string &function,
+    int line,
+    const std::string &backtrace,
+    int code,
+    const std::string &_description):
+    invariant_failedt(
+      file,
+      function,
+      line,
+      backtrace,
+      pretty_print(code, _description)),
+    error_code(code),
+    description(_description)
+  {
+  }
+};
+
+/// Causes an invariant failure dependent on first argument value.
+/// One ignored argument is accepted to conform with the test.pl script,
+/// which would be the input source file for other cbmc driver programs.
+/// Returns 1 on unexpected arguments.
+int main(int argc, char** argv)
+{
+  if(argc!=3)
+    return 1;
+  std::string arg=argv[1];
+  if(arg=="structured")
+    INVARIANT_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="string")
+    INVARIANT(false, "Test invariant failure");
+  else if(arg=="precondition-structured")
+    PRECONDITION_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="precondition-string")
+    PRECONDITION(false);
+  else if(arg=="postcondition-structured")
+    POSTCONDITION_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="postcondition-string")
+    POSTCONDITION(false);
+  else if(arg=="check-return-structured")
+    CHECK_RETURN_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="check-return-string")
+    CHECK_RETURN(false);
+  else if(arg=="unreachable-structured")
+    UNREACHABLE_STRUCTURED(structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="unreachable-string")
+    UNREACHABLE;
+  else if(arg=="data-invariant-structured")
+    DATA_INVARIANT_STRUCTURED(false, structured_error_testt, 1, "Structured error"); // NOLINT
+  else if(arg=="data-invariant-string")
+    DATA_INVARIANT(false, "Test invariant failure");
+  else
+    return 1;
+}

regression/invariants/driver.cpp

@@ -1,8 +1,10 @@
 CORE
-main.c
---test-invariant-failure
+dummy_parameter.c
+string
 ^EXIT=(0|127|134|137)$
 ^SIGNAL=0$
+--- begin invariant violation report ---
+Test invariant failure
 Invariant check failed
 ^(Backtrace)|(Backtraces not supported)$
 --

regression/cbmc/invariant-failure/test.desc renamed to regression/invariants/invariant-failure/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+unreachable-structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure10/test.desc

@@ -0,0 +1,12 @@
+CORE
+dummy_parameter.c
+data-invariant-string
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Test invariant failure
+Invariant check failed
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure11/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+data-invariant-structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure12/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure2/test.desc

@@ -0,0 +1,12 @@
+CORE
+dummy_parameter.c
+precondition-string
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Precondition
+Invariant check failed
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure3/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+precondition-structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure4/test.desc

@@ -0,0 +1,12 @@
+CORE
+dummy_parameter.c
+postcondition-string
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Postcondition
+Invariant check failed
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure5/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+postcondition-structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure6/test.desc

@@ -0,0 +1,12 @@
+CORE
+dummy_parameter.c
+check-return-string
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Check return value
+Invariant check failed
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure7/test.desc

@@ -0,0 +1,13 @@
+CORE
+dummy_parameter.c
+check-return-structured
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Invariant check failed
+Error code: 1
+Description: Structured error
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure8/test.desc

@@ -0,0 +1,12 @@
+CORE
+dummy_parameter.c
+unreachable-string
+^EXIT=(0|127|134|137)$
+^SIGNAL=0$
+--- begin invariant violation report ---
+Unreachable
+Invariant check failed
+^(Backtrace)|(Backtraces not supported)$
+--
+^warning: ignoring
+^VERIFICATION SUCCESSFUL$

regression/invariants/invariant-failure9/test.desc

@@ -0,0 +1,19 @@
+default: tests.log
+
+test:
+	@../test.pl -c ../../../src/cbmc/cbmc
+
+tests.log: ../test.pl
+	@../test.pl -c ../../../src/cbmc/cbmc/
+
+show:
+	@for dir in *; do \
+		if [ -d "$$dir" ]; then \
+			vim -o "$$dir/*.c" "$$dir/*.out"; \
+		fi; \
+	done;
+
+clean:
+	find -name '*.out' -execdir $(RM) '{}' \;
+	find -name '*.gb' -execdir $(RM) '{}' \;
+	$(RM) tests.log

regression/symex2/Makefile

@@ -0,0 +1,20 @@
+
+struct some_struct
+{
+  int x, y, z;
+} some_struct_array[10];
+
+int some_int_array[10];
+
+int main()
+{
+  int i;
+
+  // zero initialization
+  assert(some_int_array[1]==0);
+  if(i>=0 && i<10) assert(some_int_array[i]==0);
+
+  some_int_array[5]=5;
+  assert(some_int_array[1]==0);
+  assert(some_int_array[5]==5);
+}

regression/symex2/array1/main.c

@@ -0,0 +1,9 @@
+CORE
+main.c
+--clustering
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

regression/symex2/array1/test.desc

@@ -0,0 +1,31 @@
+
+void (*f_ptr)(void);
+
+int global;
+
+void f1(void)
+{
+  global=1;
+}
+
+void f2(void)
+{
+  global=2;
+}
+
+int main()
+{
+  int input;
+
+  f_ptr=f1;
+  f_ptr();
+  assert(global==1);
+
+  f_ptr=f2;
+  f_ptr();
+  assert(global==2);
+
+  f_ptr=input?f1:f2;
+  f_ptr();
+  assert(global==(input?1:2));
+}