6#ifndef __CPROVER_contracts_library_defined
7#define __CPROVER_contracts_library_defined
15#if defined(_WIN32) && defined(_M_X64)
132 "ptr NULL or writable up to size");
135 "CAR size is less than __CPROVER_max_malloc_size");
139 "no offset bits overflow on CAR upper bound computation");
141 .is_writable = ptr != 0, .size = size, .lb = ptr, .ub = (
char *)ptr + size};
152#ifdef __CPROVER_DFCC_DEBUG_LIB
175#ifdef __CPROVER_DFCC_DEBUG_LIB
180 "ptr NULL or writable up to size");
183 "CAR size is less than __CPROVER_max_malloc_size");
187 "no offset bits overflow on CAR upper bound computation");
190 .is_writable = ptr != 0, .size = size, .lb = ptr, .ub = (
char *)ptr + size};
209 elem->is_writable = 0;
255#ifdef __CPROVER_DFCC_DEBUG_LIB
264#if defined(_WIN32) && defined(_M_X64)
276 .indexed_by_object_id = 1,
290#ifdef __CPROVER_DFCC_DEBUG_LIB
300 .indexed_by_object_id = 0,
308#ifdef __CPROVER_DFCC_DEBUG_LIB
327#ifdef __CPROVER_DFCC_DEBUG_LIB
345#ifdef __CPROVER_DFCC_DEBUG_LIB
365#ifdef __CPROVER_DFCC_DEBUG_LIB
385#ifdef __CPROVER_DFCC_DEBUG_LIB
402#ifdef __CPROVER_DFCC_DEBUG_LIB
417 .
is_writable = 0, .size = 0, .lb = (
void *)0, .ub = (
void *)0};
459#ifdef __CPROVER_DFCC_DEBUG_LIB
488#ifdef __CPROVER_DFCC_DEBUG_LIB
494 "contract_assigns writable");
497 "contract_frees writable");
500 "contract_frees_append writable");
607#ifdef __CPROVER_DFCC_DEBUG_LIB
620#ifdef __CPROVER_DFCC_DEBUG_LIB
639#if __CPROVER_DFCC_DEBUG_LIB
660#if __CPROVER_DFCC_DEBUG_LIB
685#ifdef __CPROVER_DFCC_DEBUG_LIB
710#if __CPROVER_DFCC_DEBUG_LIB
747 elem->is_writable = 0;
778#if __CPROVER_DFCC_DEBUG_LIB
784 "ptr NULL or writable up to size");
802# pragma CPROVER check push
803# pragma CPROVER check disable "pointer"
804# pragma CPROVER check disable "pointer-primitive"
805# pragma CPROVER check disable "unsigned-overflow"
806# pragma CPROVER check disable "signed-overflow"
807# pragma CPROVER check disable "undefined-shift"
808# pragma CPROVER check disable "conversion"
811 "ptr NULL or writable up to size");
828 "CAR size is less than __CPROVER_max_malloc_size");
834 "no offset bits overflow on CAR upper bound computation");
835 void *ub = (
void *)((
char *)ptr + size);
851# pragma CPROVER check pop
959#ifdef __CPROVER_DFCC_DEBUG_LIB
962 "set->contract_frees is indexed by object id");
965 "set->allocated is indexed by object id");
995 reference, current->
lb, current->
size);
1017#ifdef __CPROVER_DFCC_DEBUG_LIB
1020 "reference->contract_frees is indexed by object id");
1023 "reference->allocated is indexed by object id");
1026 void **current =
candidate->contract_frees_append.elems;
1032 void *ptr = *current;
1067 void *ptr = *current;
1100#ifdef __CPROVER_DFCC_DEBUG_LIB
1103 if((ptr_pred_ctx != 0))
1105 write_set->linked_ptr_pred_ctx = ptr_pred_ctx;
1122#ifdef __CPROVER_DFCC_DEBUG_LIB
1147#ifdef __CPROVER_DFCC_DEBUG_LIB
1179#ifdef __CPROVER_DFCC_SIMPLE_INVALID_POINTER_MODEL
1185# pragma GCC diagnostic push
1186# pragma GCC diagnostic ignored "-Wuninitialized"
1191# pragma GCC diagnostic pop
1222 "__CPROVER_is_fresh is used only in requires or ensures clauses");
1223#ifdef __CPROVER_DFCC_DEBUG_LIB
1238 "__CPROVER_pointer_equals is only called with valid pointers");
1241 "__CPROVER_pointer_equals does not conflict with other pointer "
1242 "predicate in assume context");
1243 write_set->linked_ptr_pred_ctx->ptr_pred =
1246 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1255 "__CPROVER_pointer_equals is only called with valid pointers");
1258 "__CPROVER_pointer_equals is only called with valid pointers");
1265 "__CPROVER_pointer_equals does not conflict with other pointer "
1266 "predicate in assert context");
1267 write_set->linked_ptr_pred_ctx->ptr_pred =
1270 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1299#ifdef __CPROVER_DFCC_DEBUG_LIB
1304 "only one context flag at a time");
1323 "__CPROVER_is_fresh max allocation size exceeded");
1337 "__CPROVER_is_fresh does not conflict with other pointer predicate in "
1339 write_set->linked_ptr_pred_ctx->ptr_pred =
1342 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1343 write_set->linked_ptr_pred_ctx->fresh_car =
1346 :
write_set->linked_ptr_pred_ctx->fresh_car;
1360#ifdef __CPROVER_DFCC_DEBUG_LIB
1365 "only one context flag at a time");
1380 "__CPROVER_is_fresh requires size <= __CPROVER_max_malloc_size");
1395 "__CPROVER_is_fresh does not conflict with other pointer predicate in "
1397 write_set->linked_ptr_pred_ctx->ptr_pred =
1400 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1401 write_set->linked_ptr_pred_ctx->fresh_car =
1404 :
write_set->linked_ptr_pred_ctx->fresh_car;
1417#ifdef __CPROVER_DFCC_DEBUG_LIB
1421 write_set->linked_allocated->nof_elems =
1423 ?
write_set->linked_allocated->nof_elems
1424 :
write_set->linked_allocated->nof_elems + 1;
1426 write_set->linked_allocated->is_empty = 0;
1432#ifdef __CPROVER_DFCC_DEBUG_LIB
1436 "only one context flag at a time");
1442 write_set->linked_ptr_pred_ctx->fresh_car;
1446 (
car.ub <= fresh_car.
lb) || (fresh_car.
ub <=
car.lb)))
1450 "__CPROVER_is_fresh does not conflict with other pointer predicate in "
1452 write_set->linked_ptr_pred_ctx->ptr_pred =
1455 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1456 write_set->linked_ptr_pred_ctx->fresh_car =
1459 :
write_set->linked_ptr_pred_ctx->fresh_car;
1467 0,
"__CPROVER_is_fresh is only called in requires or ensures clauses");
1504 "__CPROVER_pointer_in_range_dfcc is used only in requires or ensures "
1510 "lb and ub pointers must have the same object");
1530 *ptr = (
char *)lb + offset;
1532 write_set->linked_ptr_pred_ctx->ptr_pred != ptr,
1533 "__CPROVER_pointer_in_range_dfcc does not conflict with other pointer "
1534 "predicate in assume context");
1535 write_set->linked_ptr_pred_ctx->ptr_pred =
1538 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1549 write_set->linked_ptr_pred_ctx->ptr_pred != ptr,
1550 "__CPROVER_pointer_in_range_dfcc does not conflict with other "
1551 "predicate in assert context");
1552 write_set->linked_ptr_pred_ctx->ptr_pred =
1555 :
write_set->linked_ptr_pred_ctx->ptr_pred;
1572#ifdef __CPROVER_DFCC_DEBUG_LIB
1604#ifdef __CPROVER_DFCC_DEBUG_LIB
1631 "__CPROVER_is_freeable is used only in requires or ensures clauses");
1662 "__CPROVER_was_freed is used only in ensures clauses");
1665#ifdef __CPROVER_DFCC_DEBUG_LIB
1687 "__CPROVER_was_freed is used only in ensures clauses");
1691#ifdef __CPROVER_DFCC_DEBUG_LIB
1695 "assuming __CPROVER_was_freed(ptr) requires ptr to always exist in the "
1696 "contract's frees clause");
1701 "assuming __CPROVER_was_freed(ptr) requires ptr to always exist in the "
1702 "contract's frees clause");
1726 "__CPROVER_obeys_contract is used only in requires or ensures clauses");
1734 "__CPROVER_obeys_contract does not conflict with other pointer "
1735 "predicate in assume context");
1750 "__CPROVER_obeys_contract does not conflict with other pointer "
1751 "predicate in assume context");
__CPROVER_thread_local __CPROVER_size_t __CPROVER_max_malloc_size
int __CPROVER_malloc_failure_mode
int __CPROVER_malloc_failure_mode_return_null
void * __CPROVER_allocate(__CPROVER_size_t size, __CPROVER_bool zero)
__CPROVER_bool __CPROVER_w_ok(const void *,...)
void __CPROVER_deallocate(void *)
int __CPROVER_malloc_failure_mode_assert_then_assume
__CPROVER_bool __CPROVER_rw_ok(const void *,...)
__CPROVER_bool __CPROVER_r_ok(const void *,...)
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
void __CPROVER_contracts_link_deallocated(__CPROVER_contracts_write_set_ptr_t write_set_postconditions, __CPROVER_contracts_write_set_ptr_t write_set_to_link)
Links write_set_to_link->deallocated to write_set_postconditions->linked_deallocated so that dealloca...
void __CPROVER_contracts_write_set_insert_object_whole(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx, void *ptr)
Inserts a snapshot of the range of bytes covering the whole object pointed to by ptr in set->contact_...
void __CPROVER_contracts_obj_set_release(__CPROVER_contracts_obj_set_ptr_t set)
Releases resources used by set.
__CPROVER_contracts_car_t __CPROVER_contracts_car_create(void *ptr, __CPROVER_size_t size)
Creates a __CPROVER_car_t struct from ptr and size.
__CPROVER_size_t __VERIFIER_nondet_size(void)
void __CPROVER_contracts_write_set_record_deallocated(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Records that an object is deallocated by adding the pointer ptr to set->deallocated.
__CPROVER_bool __CPROVER_contracts_write_set_check_havoc_object(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Checks if a havoc_object(ptr) is allowed according to set.
void __CPROVER_contracts_car_set_insert(__CPROVER_contracts_car_set_ptr_t set, __CPROVER_size_t idx, void *ptr, __CPROVER_size_t size)
Inserts a __CPROVER_contracts_car_t snapshotted from ptr and size into set at index idx.
void __CPROVER_contracts_write_set_insert_assignable(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx, void *ptr, __CPROVER_size_t size)
Inserts a snapshot of the range starting at ptr of size size at index idx in set->contract_assigns.
void __CPROVER_contracts_obj_set_remove(__CPROVER_contracts_obj_set_ptr_t set, void *ptr)
Removes ptr form set if ptr exists in set, no-op otherwise.
void __CPROVER_contracts_ptr_pred_ctx_init(__CPROVER_contracts_ptr_pred_ctx_ptr_t set)
Resets the nondet tracker for pointer predicates in set.
void __CPROVER_contracts_write_set_record_dead(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Records that an object is dead by removing the pointer ptr from set->allocated.
__CPROVER_bool __CPROVER_contracts_pointer_equals(void **ptr1, void *ptr2, __CPROVER_bool may_fail, __CPROVER_contracts_write_set_ptr_t write_set)
Implementation of the pointer_equals front-end predicate.
void __CPROVER_contracts_check_replace_ensures_was_freed_preconditions(void *ptr, __CPROVER_contracts_write_set_ptr_t set)
Asserts that ptr is found in set->contract_frees.
void * __CPROVER_contracts_write_set_havoc_get_assignable_target(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx)
Returns the start address of the conditional address range found at index idx in set->contract_assign...
void __CPROVER_contracts_obj_set_create_indexed_by_object_id(__CPROVER_contracts_obj_set_ptr_t set)
Initialises a __CPROVER_contracts_obj_set_t object to use it in "indexed by object id" mode.
__CPROVER_contracts_car_set_t * __CPROVER_contracts_car_set_ptr_t
Type of pointers to __CPROVER_contracts_car_set_t.
__CPROVER_bool __CPROVER_contracts_write_set_check_array_copy(__CPROVER_contracts_write_set_ptr_t set, void *dest)
Checks if the operation array_copy(dest, ...) is allowed according to set.
int __builtin_clzl(unsigned long)
void __CPROVER_contracts_write_set_deallocate_freeable(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_contracts_write_set_ptr_t target)
Non-deterministically call __CPROVER_contracts_free on all elements of set->contract_frees,...
void __CPROVER_contracts_write_set_havoc_object_whole(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx)
Havocs the whole object pointed to by the lower bound pointer of the element stored at index idx in s...
const void * __CPROVER_deallocated
void __CPROVER_contracts_write_set_add_decl(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Adds the pointer ptr to set->allocated.
void __CPROVER_contracts_write_set_release(__CPROVER_contracts_write_set_ptr_t set)
Releases resources used by set.
__CPROVER_bool __CPROVER_contracts_free(void *, __CPROVER_contracts_write_set_ptr_t)
Models the instrumented version of the free function.
__CPROVER_bool __CPROVER_contracts_obj_set_contains_exact(__CPROVER_contracts_obj_set_ptr_t set, void *ptr)
Checks if ptr is contained in set.
__CPROVER_bool __CPROVER_contracts_write_set_check_array_replace(__CPROVER_contracts_write_set_ptr_t set, void *dest, void *src)
Checks if the operation array_replace(dest, src) is allowed according to set.
void __CPROVER_contracts_car_set_create(__CPROVER_contracts_car_set_ptr_t set, __CPROVER_size_t max_elems)
Initialises a __CPROVER_contracts_car_set_ptr_t object.
void __CPROVER_contracts_write_set_havoc_slice(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx)
Havocs the range of bytes represented byt the element stored at index idx in set->contract_assigns,...
void __CPROVER_contracts_make_invalid_pointer(void **ptr)
Makes the given pointer invalid.
void __CPROVER_contracts_obj_set_append(__CPROVER_contracts_obj_set_ptr_t set, void *ptr)
Appends ptr to set.
void __CPROVER_contracts_link_ptr_pred_ctx(__CPROVER_contracts_write_set_ptr_t write_set, __CPROVER_contracts_ptr_pred_ctx_ptr_t ptr_pred_ctx)
Links is_fresh_set to write_set->linked_ptr_pred_ctx to share evaluation context between requires and...
void __CPROVER_contracts_ptr_pred_ctx_reset(__CPROVER_contracts_ptr_pred_ctx_ptr_t set)
Resets the nondet tracker for pointer predicates in set.
void __CPROVER_contracts_obj_set_create_append(__CPROVER_contracts_obj_set_ptr_t set, __CPROVER_size_t max_elems)
Initialises a __CPROVER_contracts_obj_set_t object to use it in "append" mode for at most max_elems e...
__CPROVER_bool __VERIFIER_nondet___CPROVER_bool(void)
__CPROVER_contracts_write_set_t * __CPROVER_contracts_write_set_ptr_t
Type of pointers to __CPROVER_contracts_write_set_t.
void __CPROVER_contracts_write_set_add_freeable(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Adds the freeable pointer ptr to set->contract_frees.
__CPROVER_bool __CPROVER_contracts_car_set_contains(__CPROVER_contracts_car_set_ptr_t set, __CPROVER_contracts_car_t candidate)
Checks if candidate is included in one of set 's elements.
__CPROVER_bool __CPROVER_contracts_was_freed(void *ptr, __CPROVER_contracts_write_set_ptr_t set)
Returns true iff the pointer ptr is found in set->deallocated.
__CPROVER_bool __CPROVER_contracts_is_freeable(void *ptr, __CPROVER_contracts_write_set_ptr_t set)
Implementation of the is_freeable front-end predicate.
__CPROVER_bool __CPROVER_contracts_obeys_contract(void(**function_pointer)(void), void(*contract)(void), __CPROVER_bool may_fail, __CPROVER_contracts_write_set_ptr_t set)
Implementation of the obeys_contract front-end predicate.
__CPROVER_bool __CPROVER_contracts_write_set_check_assigns_clause_inclusion(__CPROVER_contracts_write_set_ptr_t reference, __CPROVER_contracts_write_set_ptr_t candidate)
Checks the inclusion of the candidate->contract_assigns elements in reference->contract_assigns or re...
void __CPROVER_contracts_car_set_remove(__CPROVER_contracts_car_set_ptr_t set, void *ptr)
Invalidates all cars in the set that point into the same object as the given ptr.
__CPROVER_bool __CPROVER_contracts_write_set_check_assignment(__CPROVER_contracts_write_set_ptr_t set, void *ptr, __CPROVER_size_t size)
Checks if an assignment to the range of bytes starting at ptr and of size bytes is allowed according ...
const void * __CPROVER_memory_leak
__CPROVER_bool __CPROVER_contracts_write_set_check_deallocate(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Checks if the deallocation of ptr is allowed according to set.
void __CPROVER_contracts_obj_set_add(__CPROVER_contracts_obj_set_ptr_t set, void *ptr)
Adds the ptr to set.
__CPROVER_bool __CPROVER_contracts_is_fresh(void **elem, __CPROVER_size_t size, __CPROVER_bool may_fail, __CPROVER_contracts_write_set_ptr_t write_set)
Implementation of the is_fresh front-end predicate.
__CPROVER_contracts_ptr_pred_ctx_t * __CPROVER_contracts_ptr_pred_ctx_ptr_t
Type of pointers to __CPROVER_contracts_ptr_pred_ctx_t.
__CPROVER_contracts_obj_set_t * __CPROVER_contracts_obj_set_ptr_t
Type of pointers to __CPROVER_contracts_obj_set_t.
__CPROVER_bool __CPROVER_malloc_is_new_array
void __CPROVER_contracts_write_set_create(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t contract_assigns_size, __CPROVER_size_t contract_frees_size, __CPROVER_bool assume_requires_ctx, __CPROVER_bool assert_requires_ctx, __CPROVER_bool assume_ensures_ctx, __CPROVER_bool assert_ensures_ctx, __CPROVER_bool allow_allocate, __CPROVER_bool allow_deallocate)
Initialises a __CPROVER_contracts_write_set_t object.
__CPROVER_bool __CPROVER_contracts_write_set_check_frees_clause_inclusion(__CPROVER_contracts_write_set_ptr_t reference, __CPROVER_contracts_write_set_ptr_t candidate)
Checks the inclusion of the candidate->contract_frees elements in reference->contract_frees or refere...
const void * __CPROVER_alloca_object
void __CPROVER_contracts_write_set_insert_object_upto(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx, void *ptr, __CPROVER_size_t size)
Inserts a snapshot of the range of bytes starting at ptr of size bytes in set->contact_assigns at ind...
__CPROVER_bool __CPROVER_contracts_obj_set_contains(__CPROVER_contracts_obj_set_ptr_t set, void *ptr)
Checks if a pointer with the same object id as ptr is contained in set.
__CPROVER_bool __CPROVER_contracts_write_set_check_allocated_deallocated_is_empty(__CPROVER_contracts_write_set_ptr_t set)
Returns true iff set->deallocated is empty.
void __CPROVER_contracts_link_allocated(__CPROVER_contracts_write_set_ptr_t write_set_postconditions, __CPROVER_contracts_write_set_ptr_t write_set_to_link)
Links write_set_to_link->allocated to write_set_postconditions->linked_allocated so that allocations ...
const void * __CPROVER_new_object
void __CPROVER_contracts_write_set_insert_object_from(__CPROVER_contracts_write_set_ptr_t set, __CPROVER_size_t idx, void *ptr)
Inserts a snapshot of the range of bytes starting at ptr and extending to the end of the object in se...
__CPROVER_bool __CPROVER_contracts_pointer_in_range_dfcc(void *lb, void **ptr, void *ub, __CPROVER_bool may_fail, __CPROVER_contracts_write_set_ptr_t write_set)
Implementation of the pointer_in_range_dfcc front-end predicate.
void __CPROVER_contracts_write_set_add_allocated(__CPROVER_contracts_write_set_ptr_t set, void *ptr)
Adds the dynamically allocated pointer ptr to set->allocated.
void * __CPROVER_contracts_malloc(__CPROVER_size_t, __CPROVER_contracts_write_set_ptr_t)
Models the instrumented interface of the malloc function.
__CPROVER_bool __CPROVER_contracts_write_set_check_array_set(__CPROVER_contracts_write_set_ptr_t set, void *dest)
Checks if the operation array_set(dest, ...) is allowed according to set.
A set of __CPROVER_contracts_car_t.
__CPROVER_size_t max_elems
Maximum number of elements that can be stored in the set.
__CPROVER_contracts_car_t * elems
An array of car_t of size max_elems.
A conditionally writable range of bytes.
__CPROVER_size_t size
Size of the range in bytes.
void * lb
Lower bound address of the range.
void * ub
Upper bound address of the range.
unsigned char is_writable
True iff __CPROVER_w_ok(lb, size) holds at creation.
void ** elems
Array of void *pointers, indexed by their object ID or some other order.
unsigned char is_empty
True iff nof_elems is 0.
__CPROVER_size_t watermark
next usable index in elems if less than max_elems (1 + greatest used index in elems)
unsigned char indexed_by_object_id
True iff elems is indexed by the object id of the pointers.
__CPROVER_size_t nof_elems
Number of elements currently in the elems array.
__CPROVER_size_t max_elems
Maximum number of elements that can be stored in the set.
Stores context information supporting the evaluation of pointer predicates in both assume and assert ...
__CPROVER_contracts_car_t fresh_car
Runtime representation of a write set.
__CPROVER_contracts_obj_set_ptr_t linked_allocated
Object set recording the is_fresh allocations in post conditions.
__CPROVER_contracts_ptr_pred_ctx_ptr_t linked_ptr_pred_ctx
Pointer to object set supporting the is_fresh predicate checks (indexed mode)
unsigned char assume_ensures_ctx
True iff the write set checks ensures clauses in an assumption ctx.
__CPROVER_contracts_obj_set_t contract_frees
Set of freeable pointers derived from the contract (indexed mode)
__CPROVER_contracts_obj_set_t deallocated
Set of objects deallocated by the function under analysis (indexed mode)
unsigned char assume_requires_ctx
True iff the write set checks requires clauses in an assumption ctx.
__CPROVER_contracts_obj_set_ptr_t linked_deallocated
Object set recording the deallocations (used by was_freed)
__CPROVER_contracts_car_set_t contract_assigns
Set of car derived from the contract.
unsigned char assert_ensures_ctx
True iff this write set checks ensures clauses in an assertion ctx.
unsigned char assert_requires_ctx
True iff the write set checks requires clauses in an assertion ctx.
unsigned char allow_deallocate
True iff dynamic deallocation is allowed (default: true)
__CPROVER_contracts_obj_set_t allocated
Set of objects allocated by the function under analysis (indexed mode)
unsigned char allow_allocate
True iff dynamic allocation is allowed (default: true)
__CPROVER_contracts_obj_set_t contract_frees_append
Set of freeable pointers derived from the contract (append mode)
1.9.8