diff options
author | Dan Liew <daniel.liew@imperial.ac.uk> | 2015-06-28 01:44:30 +0100 |
---|---|---|
committer | Dan Liew <daniel.liew@imperial.ac.uk> | 2015-06-28 01:44:30 +0100 |
commit | 962f8d5252b3f5ec4d19e0cd2a430934bd55cc6d (patch) | |
tree | 27d5f9b0d130c6c1a6758bc0b7456b0aa51e34e0 /Test/z3api | |
parent | e11d65009d0b4ba1327f5f5dd6b26367330611f0 (diff) |
Normalise line endings using a .gitattributes file. Unfortunately
this required that this commit globally modify most files. If you
want to use git blame to see the real author of a line use the
``-w`` flag so that whitespace changes are ignored.
Diffstat (limited to 'Test/z3api')
39 files changed, 1962 insertions, 1962 deletions
diff --git a/Test/z3api/Answer b/Test/z3api/Answer index d18f12ef..6fa628b0 100644 --- a/Test/z3api/Answer +++ b/Test/z3api/Answer @@ -1,259 +1,259 @@ -
--------------------- boog0.bpl --------------------
-boog0.bpl(49,1): Error BP5003: A postcondition might not hold on this return path.
-boog0.bpl(43,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog0.bpl(46,7): anon0
-
-Boogie program verifier finished with 1 verified, 1 error
-
--------------------- boog1.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog2.bpl --------------------
-boog2.bpl(24,1): Error BP5003: A postcondition might not hold on this return path.
-boog2.bpl(20,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog2.bpl(23,8): anon0
-
-Boogie program verifier finished with 1 verified, 1 error
-
--------------------- boog3.bpl --------------------
-boog3.bpl(7,3): Error BP5001: This assertion might not hold.
-Execution trace:
- boog3.bpl(7,3): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog4.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog5.bpl --------------------
-boog5.bpl(37,3): Error BP5003: A postcondition might not hold on this return path.
-boog5.bpl(30,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog5.bpl(33,3): anon0
- boog5.bpl(36,13): anon3_Else
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog6.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog7.bpl --------------------
-boog7.bpl(18,1): Error BP5003: A postcondition might not hold on this return path.
-boog7.bpl(14,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog7.bpl(17,11): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog8.bpl --------------------
-boog8.bpl(23,1): Error BP5003: A postcondition might not hold on this return path.
-boog8.bpl(19,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog8.bpl(22,11): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog9.bpl --------------------
-boog9.bpl(20,1): Error BP5003: A postcondition might not hold on this return path.
-boog9.bpl(16,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog9.bpl(19,11): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog10.bpl --------------------
-boog10.bpl(19,3): Error BP5001: This assertion might not hold.
-Execution trace:
- boog10.bpl(19,3): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog11.bpl --------------------
-boog11.bpl(15,1): Error BP5003: A postcondition might not hold on this return path.
-boog11.bpl(11,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog11.bpl(14,8): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog12.bpl --------------------
-boog12.bpl(19,1): Error BP5003: A postcondition might not hold on this return path.
-boog12.bpl(14,3): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog12.bpl(17,16): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog13.bpl --------------------
-boog13.bpl(10,18): Error: more than one declaration of variable name: v
-1 name resolution errors detected in boog13.bpl
-
--------------------- boog14.bpl --------------------
-boog14.bpl(12,1): Error BP5003: A postcondition might not hold on this return path.
-boog14.bpl(9,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog14.bpl(11,8): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog15.bpl --------------------
-boog15.bpl(11,1): Error BP5003: A postcondition might not hold on this return path.
-boog15.bpl(8,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog15.bpl(10,8): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog16.bpl --------------------
-boog16.bpl(12,1): Error BP5003: A postcondition might not hold on this return path.
-boog16.bpl(9,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog16.bpl(11,8): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog17.bpl --------------------
-boog17.bpl(26,3): Error BP5001: This assertion might not hold.
-Execution trace:
- boog17.bpl(17,1): start
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog18.bpl --------------------
-boog18.bpl(16,1): Error BP5003: A postcondition might not hold on this return path.
-boog18.bpl(13,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- boog18.bpl(15,4): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog19.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog20.bpl --------------------
-boog20.bpl(16,1): Error BP5001: This assertion might not hold.
-Execution trace:
- boog20.bpl(16,1): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog21.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog22.bpl --------------------
-boog22.bpl(5,9): Error: more than one declaration of function/procedure name: f1
-1 name resolution errors detected in boog22.bpl
-
--------------------- boog23.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog24.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog25.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog28.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog29.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog30.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog31.bpl --------------------
-boog31.bpl(13,1): Error BP5001: This assertion might not hold.
-Execution trace:
- boog31.bpl(13,1): anon0
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- boog34.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- boog35.bpl --------------------
-boog35.bpl(16,3): Error BP5001: This assertion might not hold.
-Execution trace:
- boog35.bpl(14,11): anon0
-
-Boogie program verifier finished with 1 verified, 1 error
-
--------------------- bar1.bpl --------------------
-bar1.bpl(25,1): Error BP5003: A postcondition might not hold on this return path.
-bar1.bpl(21,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- bar1.bpl(24,3): anon0
- Inlined call to procedure foo begins
- bar1.bpl(13,5): anon0
- Inlined call to procedure bar begins
- bar1.bpl(7,5): anon0
- Inlined call to procedure bar ends
- Inlined call to procedure bar begins
- bar1.bpl(7,5): anon0
- Inlined call to procedure bar ends
- Inlined call to procedure foo ends
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- bar2.bpl --------------------
-bar2.bpl(21,3): Error BP5001: This assertion might not hold.
-Execution trace:
- bar2.bpl(19,3): anon0
- Inlined call to procedure foo begins
- bar2.bpl(5,3): anon0
- bar2.bpl(9,7): anon3_Else
- Inlined call to procedure foo ends
- Inlined call to procedure foo begins
- bar2.bpl(5,3): anon0
- bar2.bpl(6,7): anon3_Then
- Inlined call to procedure foo ends
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- bar3.bpl --------------------
-bar3.bpl(41,1): Error BP5003: A postcondition might not hold on this return path.
-bar3.bpl(34,1): Related location: This is the postcondition that might not hold.
-Execution trace:
- bar3.bpl(38,3): anon0
- Inlined call to procedure foo begins
- bar3.bpl(18,3): anon0
- bar3.bpl(24,7): anon3_Else
- Inlined call to procedure bar begins
- bar3.bpl(7,3): anon0
- bar3.bpl(10,7): anon3_Else
- Inlined call to procedure bar ends
- Inlined call to procedure bar begins
- bar3.bpl(7,3): anon0
- bar3.bpl(10,7): anon3_Else
- Inlined call to procedure bar ends
- Inlined call to procedure foo ends
- Inlined call to procedure bar begins
- bar3.bpl(7,3): anon0
- bar3.bpl(10,7): anon3_Else
- Inlined call to procedure bar ends
-
-Boogie program verifier finished with 0 verified, 1 error
-
--------------------- bar4.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
-
--------------------- bar6.bpl --------------------
-
-Boogie program verifier finished with 1 verified, 0 errors
+ +-------------------- boog0.bpl -------------------- +boog0.bpl(49,1): Error BP5003: A postcondition might not hold on this return path. +boog0.bpl(43,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog0.bpl(46,7): anon0 + +Boogie program verifier finished with 1 verified, 1 error + +-------------------- boog1.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog2.bpl -------------------- +boog2.bpl(24,1): Error BP5003: A postcondition might not hold on this return path. +boog2.bpl(20,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog2.bpl(23,8): anon0 + +Boogie program verifier finished with 1 verified, 1 error + +-------------------- boog3.bpl -------------------- +boog3.bpl(7,3): Error BP5001: This assertion might not hold. +Execution trace: + boog3.bpl(7,3): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog4.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog5.bpl -------------------- +boog5.bpl(37,3): Error BP5003: A postcondition might not hold on this return path. +boog5.bpl(30,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog5.bpl(33,3): anon0 + boog5.bpl(36,13): anon3_Else + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog6.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog7.bpl -------------------- +boog7.bpl(18,1): Error BP5003: A postcondition might not hold on this return path. +boog7.bpl(14,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog7.bpl(17,11): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog8.bpl -------------------- +boog8.bpl(23,1): Error BP5003: A postcondition might not hold on this return path. +boog8.bpl(19,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog8.bpl(22,11): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog9.bpl -------------------- +boog9.bpl(20,1): Error BP5003: A postcondition might not hold on this return path. +boog9.bpl(16,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog9.bpl(19,11): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog10.bpl -------------------- +boog10.bpl(19,3): Error BP5001: This assertion might not hold. +Execution trace: + boog10.bpl(19,3): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog11.bpl -------------------- +boog11.bpl(15,1): Error BP5003: A postcondition might not hold on this return path. +boog11.bpl(11,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog11.bpl(14,8): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog12.bpl -------------------- +boog12.bpl(19,1): Error BP5003: A postcondition might not hold on this return path. +boog12.bpl(14,3): Related location: This is the postcondition that might not hold. +Execution trace: + boog12.bpl(17,16): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog13.bpl -------------------- +boog13.bpl(10,18): Error: more than one declaration of variable name: v +1 name resolution errors detected in boog13.bpl + +-------------------- boog14.bpl -------------------- +boog14.bpl(12,1): Error BP5003: A postcondition might not hold on this return path. +boog14.bpl(9,1): Related location: This is the postcondition that might not hold. +Execution trace: + boog14.bpl(11,8): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog15.bpl -------------------- +boog15.bpl(11,1): Error BP5003: A postcondition might not hold on this return path. +boog15.bpl(8,1): Related location: This is the postcondition that might not hold. +Execution trace: + boog15.bpl(10,8): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog16.bpl -------------------- +boog16.bpl(12,1): Error BP5003: A postcondition might not hold on this return path. +boog16.bpl(9,1): Related location: This is the postcondition that might not hold. +Execution trace: + boog16.bpl(11,8): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog17.bpl -------------------- +boog17.bpl(26,3): Error BP5001: This assertion might not hold. +Execution trace: + boog17.bpl(17,1): start + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog18.bpl -------------------- +boog18.bpl(16,1): Error BP5003: A postcondition might not hold on this return path. +boog18.bpl(13,1): Related location: This is the postcondition that might not hold. +Execution trace: + boog18.bpl(15,4): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog19.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog20.bpl -------------------- +boog20.bpl(16,1): Error BP5001: This assertion might not hold. +Execution trace: + boog20.bpl(16,1): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog21.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog22.bpl -------------------- +boog22.bpl(5,9): Error: more than one declaration of function/procedure name: f1 +1 name resolution errors detected in boog22.bpl + +-------------------- boog23.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog24.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog25.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog28.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog29.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog30.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog31.bpl -------------------- +boog31.bpl(13,1): Error BP5001: This assertion might not hold. +Execution trace: + boog31.bpl(13,1): anon0 + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- boog34.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- boog35.bpl -------------------- +boog35.bpl(16,3): Error BP5001: This assertion might not hold. +Execution trace: + boog35.bpl(14,11): anon0 + +Boogie program verifier finished with 1 verified, 1 error + +-------------------- bar1.bpl -------------------- +bar1.bpl(25,1): Error BP5003: A postcondition might not hold on this return path. +bar1.bpl(21,1): Related location: This is the postcondition that might not hold. +Execution trace: + bar1.bpl(24,3): anon0 + Inlined call to procedure foo begins + bar1.bpl(13,5): anon0 + Inlined call to procedure bar begins + bar1.bpl(7,5): anon0 + Inlined call to procedure bar ends + Inlined call to procedure bar begins + bar1.bpl(7,5): anon0 + Inlined call to procedure bar ends + Inlined call to procedure foo ends + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- bar2.bpl -------------------- +bar2.bpl(21,3): Error BP5001: This assertion might not hold. +Execution trace: + bar2.bpl(19,3): anon0 + Inlined call to procedure foo begins + bar2.bpl(5,3): anon0 + bar2.bpl(9,7): anon3_Else + Inlined call to procedure foo ends + Inlined call to procedure foo begins + bar2.bpl(5,3): anon0 + bar2.bpl(6,7): anon3_Then + Inlined call to procedure foo ends + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- bar3.bpl -------------------- +bar3.bpl(41,1): Error BP5003: A postcondition might not hold on this return path. +bar3.bpl(34,1): Related location: This is the postcondition that might not hold. +Execution trace: + bar3.bpl(38,3): anon0 + Inlined call to procedure foo begins + bar3.bpl(18,3): anon0 + bar3.bpl(24,7): anon3_Else + Inlined call to procedure bar begins + bar3.bpl(7,3): anon0 + bar3.bpl(10,7): anon3_Else + Inlined call to procedure bar ends + Inlined call to procedure bar begins + bar3.bpl(7,3): anon0 + bar3.bpl(10,7): anon3_Else + Inlined call to procedure bar ends + Inlined call to procedure foo ends + Inlined call to procedure bar begins + bar3.bpl(7,3): anon0 + bar3.bpl(10,7): anon3_Else + Inlined call to procedure bar ends + +Boogie program verifier finished with 0 verified, 1 error + +-------------------- bar4.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors + +-------------------- bar6.bpl -------------------- + +Boogie program verifier finished with 1 verified, 0 errors diff --git a/Test/z3api/Boog24.bpl b/Test/z3api/Boog24.bpl index d3da775d..05da0153 100644 --- a/Test/z3api/Boog24.bpl +++ b/Test/z3api/Boog24.bpl @@ -1,17 +1,17 @@ -type ref;
-
-function LIFT(a:bool) returns (int);
-axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0);
-
-procedure main ( )
-
-{
-var a : int;
-var b : int;
-var c : int;
-
-c := LIFT (b < a) ;
-assert (c != 0 <==> b < a);
-
-}
-
+type ref; + +function LIFT(a:bool) returns (int); +axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0); + +procedure main ( ) + +{ +var a : int; +var b : int; +var c : int; + +c := LIFT (b < a) ; +assert (c != 0 <==> b < a); + +} + diff --git a/Test/z3api/bar1.bpl b/Test/z3api/bar1.bpl index 845954d5..b22f0237 100644 --- a/Test/z3api/bar1.bpl +++ b/Test/z3api/bar1.bpl @@ -1,26 +1,26 @@ -var x: int;
-var y: int;
-
-procedure {:inline 1} bar()
-modifies y;
-{
- y := y + 1;
-}
-
-procedure {:inline 1} foo()
-modifies x, y;
-{
- x := x + 1;
- call bar();
- call bar();
- x := x + 1;
-}
-
-procedure main()
-requires x == y;
-ensures x != y;
-modifies x, y;
-{
- call foo();
-}
-
+var x: int; +var y: int; + +procedure {:inline 1} bar() +modifies y; +{ + y := y + 1; +} + +procedure {:inline 1} foo() +modifies x, y; +{ + x := x + 1; + call bar(); + call bar(); + x := x + 1; +} + +procedure main() +requires x == y; +ensures x != y; +modifies x, y; +{ + call foo(); +} + diff --git a/Test/z3api/bar2.bpl b/Test/z3api/bar2.bpl index 76991a8f..6a7d4ed9 100644 --- a/Test/z3api/bar2.bpl +++ b/Test/z3api/bar2.bpl @@ -1,24 +1,24 @@ -
-procedure {:inline 1} foo() returns (x: bool)
-{
- var b: bool;
- if (b) {
- x := false;
- return;
- } else {
- x := true;
- return;
- }
-}
-
-procedure main()
-{
- var b1: bool;
- var b2: bool;
-
- call b1 := foo();
- call b2 := foo();
- assert b1 == b2;
-}
-
-
+ +procedure {:inline 1} foo() returns (x: bool) +{ + var b: bool; + if (b) { + x := false; + return; + } else { + x := true; + return; + } +} + +procedure main() +{ + var b1: bool; + var b2: bool; + + call b1 := foo(); + call b2 := foo(); + assert b1 == b2; +} + + diff --git a/Test/z3api/bar3.bpl b/Test/z3api/bar3.bpl index 7bd91184..17fc79c3 100644 --- a/Test/z3api/bar3.bpl +++ b/Test/z3api/bar3.bpl @@ -1,41 +1,41 @@ -var y: int;
-var x: int;
-
-procedure {:inline 1} bar(b: bool)
-modifies y;
-{
- if (b) {
- y := y + 1;
- } else {
- y := y - 1;
- }
-}
-
-procedure {:inline 1} foo()
-modifies x, y;
-{
- var b: bool;
- if (b) {
- x := x + 1;
- call bar(true);
- call bar(true);
- x := x + 1;
- } else {
- x := x - 1;
- call bar(false);
- call bar(false);
- x := x - 1;
- }
-}
-
-
-procedure main()
-requires x == y;
-ensures x == y;
-modifies x, y;
-modifies y;
-{
- call foo();
- assert x == y;
- call bar(false);
-}
+var y: int; +var x: int; + +procedure {:inline 1} bar(b: bool) +modifies y; +{ + if (b) { + y := y + 1; + } else { + y := y - 1; + } +} + +procedure {:inline 1} foo() +modifies x, y; +{ + var b: bool; + if (b) { + x := x + 1; + call bar(true); + call bar(true); + x := x + 1; + } else { + x := x - 1; + call bar(false); + call bar(false); + x := x - 1; + } +} + + +procedure main() +requires x == y; +ensures x == y; +modifies x, y; +modifies y; +{ + call foo(); + assert x == y; + call bar(false); +} diff --git a/Test/z3api/bar4.bpl b/Test/z3api/bar4.bpl index 84640811..f13ce0dd 100644 --- a/Test/z3api/bar4.bpl +++ b/Test/z3api/bar4.bpl @@ -1,38 +1,38 @@ -var y: int;
-var x: int;
-
-procedure {:inline 1} bar() returns (b: bool)
-modifies y;
-{
- if (b) {
- y := y + 1;
- } else {
- y := y - 1;
- }
-}
-
-procedure {:inline 1} foo()
-modifies x, y;
-{
- var b: bool;
-
- call b := bar();
- if (b) {
- x := x + 1;
- } else {
- x := x - 1;
- }
-}
-
-
-procedure main() returns (b: bool)
-requires x == y;
-ensures !b ==> x == y+1;
-ensures b ==> x+1 == y;
-modifies x, y;
-modifies y;
-{
- call foo();
- assert x == y;
- call b := bar();
-}
+var y: int; +var x: int; + +procedure {:inline 1} bar() returns (b: bool) +modifies y; +{ + if (b) { + y := y + 1; + } else { + y := y - 1; + } +} + +procedure {:inline 1} foo() +modifies x, y; +{ + var b: bool; + + call b := bar(); + if (b) { + x := x + 1; + } else { + x := x - 1; + } +} + + +procedure main() returns (b: bool) +requires x == y; +ensures !b ==> x == y+1; +ensures b ==> x+1 == y; +modifies x, y; +modifies y; +{ + call foo(); + assert x == y; + call b := bar(); +} diff --git a/Test/z3api/bar6.bpl b/Test/z3api/bar6.bpl index e133aef7..b0f72767 100644 --- a/Test/z3api/bar6.bpl +++ b/Test/z3api/bar6.bpl @@ -1,36 +1,36 @@ -var M: [int]int;
-
-procedure {:inline 1} bar(y: int) returns (b: bool)
-modifies M;
-{
- if (b) {
- M[y] := M[y] + 1;
- } else {
- M[y] := M[y] - 1;
- }
-}
-
-procedure {:inline 1} foo(x: int, y: int)
-modifies M;
-{
- var b: bool;
-
- call b := bar(y);
- if (b) {
- M[x] := M[x] + 1;
- } else {
- M[x] := M[x] - 1;
- }
-}
-
-procedure main(x: int, y: int) returns (b: bool)
-requires x != y;
-requires M[x] == M[y];
-ensures !b ==> M[x] == M[y]+1;
-ensures b ==> M[x]+1 == M[y];
-modifies M;
-{
- call foo(x, y);
- assert M[x] == M[y];
- call b := bar(y);
-}
+var M: [int]int; + +procedure {:inline 1} bar(y: int) returns (b: bool) +modifies M; +{ + if (b) { + M[y] := M[y] + 1; + } else { + M[y] := M[y] - 1; + } +} + +procedure {:inline 1} foo(x: int, y: int) +modifies M; +{ + var b: bool; + + call b := bar(y); + if (b) { + M[x] := M[x] + 1; + } else { + M[x] := M[x] - 1; + } +} + +procedure main(x: int, y: int) returns (b: bool) +requires x != y; +requires M[x] == M[y]; +ensures !b ==> M[x] == M[y]+1; +ensures b ==> M[x]+1 == M[y]; +modifies M; +{ + call foo(x, y); + assert M[x] == M[y]; + call b := bar(y); +} diff --git a/Test/z3api/boog0.bpl b/Test/z3api/boog0.bpl index 4206152b..7681589a 100644 --- a/Test/z3api/boog0.bpl +++ b/Test/z3api/boog0.bpl @@ -1,49 +1,49 @@ -type ref;
-type Wicket;
-const w: Wicket;
-var favorite: Wicket;
-function age(Wicket) returns (int);
-
-axiom age(w)==7;
-
-procedure NewFavorite(p: Wicket);
- modifies favorite;
-
- ensures favorite==p;
-
-implementation NewFavorite(l: Wicket) {
- favorite:=l;
-}
-
-const myBool: bool;
-const myRef: ref;
-const v: Wicket;
-
-axiom 7 < 8;
-axiom 7 <= 8;
-axiom 8 > 7;
-axiom 8 >= 7;
-axiom 6 != 7;
-
-axiom 7+1==8;
-axiom 8-1==7;
-axiom 7/1==7;
-axiom 7%2==1;
-axiom 4*2==8;
-
-axiom ((7==7) || (8==8));
-axiom ((7==7) ==> (7<8));
-axiom ((7==7) <==> (10==10));
-axiom ((7==7) && (8==8));
-
-var favorite2: Wicket;
-procedure SwapFavorites()
- modifies favorite,favorite2;
-
- ensures (favorite==old(favorite2)) && (favorite2==old(favorite));
-{
- var temp: Wicket;
- temp:=favorite;
- favorite:=favorite2;
- // favorite2:=temp; // commenting this line seeds a bug
-}
+type ref; +type Wicket; +const w: Wicket; +var favorite: Wicket; +function age(Wicket) returns (int); + +axiom age(w)==7; + +procedure NewFavorite(p: Wicket); + modifies favorite; + + ensures favorite==p; + +implementation NewFavorite(l: Wicket) { + favorite:=l; +} + +const myBool: bool; +const myRef: ref; +const v: Wicket; + +axiom 7 < 8; +axiom 7 <= 8; +axiom 8 > 7; +axiom 8 >= 7; +axiom 6 != 7; + +axiom 7+1==8; +axiom 8-1==7; +axiom 7/1==7; +axiom 7%2==1; +axiom 4*2==8; + +axiom ((7==7) || (8==8)); +axiom ((7==7) ==> (7<8)); +axiom ((7==7) <==> (10==10)); +axiom ((7==7) && (8==8)); + +var favorite2: Wicket; +procedure SwapFavorites() + modifies favorite,favorite2; + + ensures (favorite==old(favorite2)) && (favorite2==old(favorite)); +{ + var temp: Wicket; + temp:=favorite; + favorite:=favorite2; + // favorite2:=temp; // commenting this line seeds a bug +} diff --git a/Test/z3api/boog1.bpl b/Test/z3api/boog1.bpl index 9f4d2349..7fd54c4c 100644 --- a/Test/z3api/boog1.bpl +++ b/Test/z3api/boog1.bpl @@ -1,18 +1,18 @@ -type ref;
-type Wicket;
-const w: Wicket;
-var favorite: Wicket;
-
-function age(Wicket) returns (int);
-
-axiom age(w)==7;
-
-procedure NewFavorite(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation NewFavorite(l: Wicket) {
- favorite:=l;
+type ref; +type Wicket; +const w: Wicket; +var favorite: Wicket; + +function age(Wicket) returns (int); + +axiom age(w)==7; + +procedure NewFavorite(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation NewFavorite(l: Wicket) { + favorite:=l; }
\ No newline at end of file diff --git a/Test/z3api/boog10.bpl b/Test/z3api/boog10.bpl index 075432d7..628d275f 100644 --- a/Test/z3api/boog10.bpl +++ b/Test/z3api/boog10.bpl @@ -1,24 +1,24 @@ -type ref;
-// types
-type Color;
-const unique red: Color;
-const unique blue: Color;
-const unique green: Color;
-
-axiom (forall ce:Color :: ce==red || ce==blue || ce==green);
-var myColor: Color;
-
-// procedure
-procedure SetTo(c: Color);
- modifies myColor
-;
-
- ensures myColor==c;
-
-implementation SetTo(c: Color) {
- assert (blue==green);
- myColor:=blue;
-}
-
-
-
+type ref; +// types +type Color; +const unique red: Color; +const unique blue: Color; +const unique green: Color; + +axiom (forall ce:Color :: ce==red || ce==blue || ce==green); +var myColor: Color; + +// procedure +procedure SetTo(c: Color); + modifies myColor +; + + ensures myColor==c; + +implementation SetTo(c: Color) { + assert (blue==green); + myColor:=blue; +} + + + diff --git a/Test/z3api/boog11.bpl b/Test/z3api/boog11.bpl index 5b83de6a..c6e4f5f0 100644 --- a/Test/z3api/boog11.bpl +++ b/Test/z3api/boog11.bpl @@ -1,18 +1,18 @@ -type ref;
-// types
-const top: ref;
-var myRef: ref;
-
-// procedure
-procedure SetTo(r: ref);
- modifies myRef
-;
-
- ensures myRef==r;
-
-implementation SetTo(c: ref) {
- myRef:=top;
-}
-
-
-
+type ref; +// types +const top: ref; +var myRef: ref; + +// procedure +procedure SetTo(r: ref); + modifies myRef +; + + ensures myRef==r; + +implementation SetTo(c: ref) { + myRef:=top; +} + + + diff --git a/Test/z3api/boog12.bpl b/Test/z3api/boog12.bpl index c277a674..fe3803e9 100644 --- a/Test/z3api/boog12.bpl +++ b/Test/z3api/boog12.bpl @@ -1,22 +1,22 @@ -type ref;
-// types
-type Color;
-const blue: Color;
-
-var myArray:[int] Color;
-var myMatrix:[int,int] Color;
-
-// procedure
-procedure SetTo(c: Color);
- modifies myArray, myMatrix
-;
-
- ensures myArray[0]==c;
-
-implementation SetTo(c: Color) {
- myMatrix[0,1]:=c;
- myArray[0]:=blue;
-}
-
-
-
+type ref; +// types +type Color; +const blue: Color; + +var myArray:[int] Color; +var myMatrix:[int,int] Color; + +// procedure +procedure SetTo(c: Color); + modifies myArray, myMatrix +; + + ensures myArray[0]==c; + +implementation SetTo(c: Color) { + myMatrix[0,1]:=c; + myArray[0]:=blue; +} + + + diff --git a/Test/z3api/boog13.bpl b/Test/z3api/boog13.bpl index 9cd873c6..3fe58fd7 100644 --- a/Test/z3api/boog13.bpl +++ b/Test/z3api/boog13.bpl @@ -1,28 +1,28 @@ -type ref;
-// types
-type Wicket;
-var favorite: Wicket;
-var v: Wicket;
-
-function age(w:Wicket) returns (int);
-
-axiom (exists v:Wicket :: age(v)<8 &&
- (forall v:Wicket
- :: age(v)==7)
-
- );
-
-
-// procedure
-procedure SetToSeven(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: Wicket) {
- favorite:=favorite;
-}
-
-
-
+type ref; +// types +type Wicket; +var favorite: Wicket; +var v: Wicket; + +function age(w:Wicket) returns (int); + +axiom (exists v:Wicket :: age(v)<8 && + (forall v:Wicket + :: age(v)==7) + + ); + + +// procedure +procedure SetToSeven(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: Wicket) { + favorite:=favorite; +} + + + diff --git a/Test/z3api/boog14.bpl b/Test/z3api/boog14.bpl index 41450d85..40526011 100644 --- a/Test/z3api/boog14.bpl +++ b/Test/z3api/boog14.bpl @@ -1,12 +1,12 @@ -type ref;
-function choose(a:bool, b:int, c:int) returns (x:int);
-axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b);
-
-
-var myInt:int;
-procedure main()
-modifies myInt;
-ensures myInt==5;
-{
- myInt:=4;
+type ref; +function choose(a:bool, b:int, c:int) returns (x:int); +axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b); + + +var myInt:int; +procedure main() +modifies myInt; +ensures myInt==5; +{ + myInt:=4; }
\ No newline at end of file diff --git a/Test/z3api/boog15.bpl b/Test/z3api/boog15.bpl index 428c0f6e..5c3eb0e5 100644 --- a/Test/z3api/boog15.bpl +++ b/Test/z3api/boog15.bpl @@ -1,11 +1,11 @@ -type ref;
-function AtLeast(int, int) returns ([int]bool);
-axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]);
-
-var myInt:int;
-procedure main()
-modifies myInt;
-ensures myInt==5;
-{
- myInt:=4;
+type ref; +function AtLeast(int, int) returns ([int]bool); +axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]); + +var myInt:int; +procedure main() +modifies myInt; +ensures myInt==5; +{ + myInt:=4; }
\ No newline at end of file diff --git a/Test/z3api/boog16.bpl b/Test/z3api/boog16.bpl index a002c166..6e741cbf 100644 --- a/Test/z3api/boog16.bpl +++ b/Test/z3api/boog16.bpl @@ -1,12 +1,12 @@ -type ref;
-function choose(a:bool, b:int, c:int) returns (x:int);
-axiom(forall a:bool, b:int, c:int ::
- {choose(a,b,c)} !a ==> choose(a,b,c) == c);
-
-var myInt:int;
-procedure main()
-modifies myInt;
-ensures myInt==5;
-{
- myInt:=4;
+type ref; +function choose(a:bool, b:int, c:int) returns (x:int); +axiom(forall a:bool, b:int, c:int :: + {choose(a,b,c)} !a ==> choose(a,b,c) == c); + +var myInt:int; +procedure main() +modifies myInt; +ensures myInt==5; +{ + myInt:=4; }
\ No newline at end of file diff --git a/Test/z3api/boog17.bpl b/Test/z3api/boog17.bpl index 89159af1..24d87dc7 100644 --- a/Test/z3api/boog17.bpl +++ b/Test/z3api/boog17.bpl @@ -1,27 +1,27 @@ -type name;
-type ref;
-const unique g : int;
-axiom(g != 0);
-
-const unique PINT4_name:name;
-
-function PLUS(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b);
-
-function HasType(v:int, t:name) returns (bool);
-
-
-procedure main ( ) returns ($result.main$11.5$1$:int) {
- var p : int;
-
-start:
- assume(HasType(p, PINT4_name));
- goto label_3;
-
-label_3:
- goto label_4;
-
-label_4:
- p := PLUS(g, 4, 55) ;
- assert(HasType(p, PINT4_name));
+type name; +type ref; +const unique g : int; +axiom(g != 0); + +const unique PINT4_name:name; + +function PLUS(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b); + +function HasType(v:int, t:name) returns (bool); + + +procedure main ( ) returns ($result.main$11.5$1$:int) { + var p : int; + +start: + assume(HasType(p, PINT4_name)); + goto label_3; + +label_3: + goto label_4; + +label_4: + p := PLUS(g, 4, 55) ; + assert(HasType(p, PINT4_name)); }
\ No newline at end of file diff --git a/Test/z3api/boog18.bpl b/Test/z3api/boog18.bpl index 35f7d48a..996b502e 100644 --- a/Test/z3api/boog18.bpl +++ b/Test/z3api/boog18.bpl @@ -1,16 +1,16 @@ -type ref;
-const A100INT4_name:int;
-
-function Match(a:int, t:int) returns (int);
-function Array(int, int, int) returns (bool);
-
-axiom(forall a:int :: {Match(a, A100INT4_name)} Array(a, 4, 100));
-
-const myNull: int;
-var p: int;
-procedure main()
-modifies p;
-ensures p!=myNull;
-{
- p:=myNull;
+type ref; +const A100INT4_name:int; + +function Match(a:int, t:int) returns (int); +function Array(int, int, int) returns (bool); + +axiom(forall a:int :: {Match(a, A100INT4_name)} Array(a, 4, 100)); + +const myNull: int; +var p: int; +procedure main() +modifies p; +ensures p!=myNull; +{ + p:=myNull; }
\ No newline at end of file diff --git a/Test/z3api/boog19.bpl b/Test/z3api/boog19.bpl index 178bb04f..6e4f47ac 100644 --- a/Test/z3api/boog19.bpl +++ b/Test/z3api/boog19.bpl @@ -1,230 +1,230 @@ -type name;
-type ref;
-var alloc:[int]name;
-
-
-function Field(int) returns (name);
-function Base(int) returns (int);
-
-// Constants
-const unique UNALLOCATED:name;
-const unique ALLOCATED: name;
-const unique FREED:name;
-
-const unique BYTE:name;
-
-function Equal([int]bool, [int]bool) returns (bool);
-function Subset([int]bool, [int]bool) returns (bool);
-function Disjoint([int]bool, [int]bool) returns (bool);
-
-function Empty() returns ([int]bool);
-function Singleton(int) returns ([int]bool);
-function Reachable([int,int]bool, int) returns ([int]bool);
-function Union([int]bool, [int]bool) returns ([int]bool);
-function Intersection([int]bool, [int]bool) returns ([int]bool);
-function Difference([int]bool, [int]bool) returns ([int]bool);
-function Dereference([int]bool, [int]int) returns ([int]bool);
-function Inverse(f:[int]int, x:int) returns ([int]bool);
-
-function AtLeast(int, int) returns ([int]bool);
-function Rep(int, int) returns (int);
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y));
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]);
-axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]);
-axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z)));
-axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k));
-
-
-function Array(int, int, int) returns ([int]bool);
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty()));
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z)))));
-
-
-axiom(forall x:int :: !Empty()[x]);
-
-axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y);
-axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]);
-
-/* this formulation of Union IS more complete than the earlier one */
-/* (A U B)[e], A[d], A U B = Singleton(c), d != e */
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]);
-
-axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y]));
-axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]);
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M)));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y))));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y))));
-
-axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]);
-axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x))));
-axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x))));
-
-axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]);
-axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x]));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x]));
-axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x]));
-
-function Unified([name][int]int) returns ([int]int);
-axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]);
-axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]);
-// Memory model
-
-var Mem: [name][int]int;
-
-function Match(a:int, t:name) returns (bool);
-function HasType(v:int, t:name) returns (bool);
-function Values(t:name) returns ([int]bool);
-
-axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t));
-axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]);
-
-// Field declarations
-
-
-// Type declarations
-
-const unique A100INT4_name:name;
-const unique INT4_name:name;
-const unique PA100INT4_name:name;
-const unique PINT4_name:name;
-const unique PPINT4_name:name;
-
-// Field definitions
-
-// Type definitions
-
-axiom(forall a:int :: {Match(a, A100INT4_name)} Subset(Empty(), Array(a, 4, 100)));
-axiom(forall a:int, e:int :: {Match(a, A100INT4_name), Array(a, 4, 100)[e]}
- Match(a, A100INT4_name) && Array(a, 4, 100)[e] ==> Match(e, INT4_name));
-
-axiom(forall a:int :: {Match(a, INT4_name)}
- Match(a, INT4_name) <==> Field(a) == INT4_name);
-axiom(forall v:int :: HasType(v, INT4_name));
-
-axiom(forall a:int :: {Match(a, PA100INT4_name)}
- Match(a, PA100INT4_name) <==> Field(a) == PA100INT4_name);
-axiom(forall v:int :: {HasType(v, PA100INT4_name)} {Match(v, A100INT4_name)}
- HasType(v, PA100INT4_name) <==> (v == 0 || (v > 0 && Match(v, A100INT4_name))));
-
-axiom(forall a:int :: {Match(a, PINT4_name)}
- Match(a, PINT4_name) <==> Field(a) == PINT4_name);
-axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)}
- HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name))));
-
-axiom(forall a:int :: {Match(a, PPINT4_name)}
- Match(a, PPINT4_name) <==> Field(a) == PPINT4_name);
-axiom(forall v:int :: {HasType(v, PPINT4_name)} {Match(v, PINT4_name)}
- HasType(v, PPINT4_name) <==> (v == 0 || (v > 0 && Match(v, PINT4_name))));
-
-function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int);
-axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)}
-size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1));
-
-function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b);
-
-function PLUS(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b);
-
-function MULT(a:int, b:int) returns (int); // a*b
-axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b);
-
-function DIV(a:int, b:int) returns (int); // a/b
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1)
-);
-
-function BINARY_BOTH_INT(a:int, b:int) returns (int);
-/*
-function POW2(a:int) returns (bool);
-axiom POW2(1);
-axiom POW2(2);
-axiom POW2(4);
-axiom POW2(8);
-axiom POW2(16);
-axiom POW2(32);
-axiom POW2(64);
-axiom POW2(128);
-axiom POW2(256);
-axiom POW2(512);
-axiom POW2(1024);
-axiom POW2(2048);
-axiom POW2(4096);
-axiom POW2(8192);
-axiom POW2(16384);
-axiom POW2(32768);
-axiom POW2(65536);
-axiom POW2(131072);
-axiom POW2(262144);
-axiom POW2(524288);
-axiom POW2(1048576);
-axiom POW2(2097152);
-axiom POW2(4194304);
-axiom POW2(8388608);
-axiom POW2(16777216);
-axiom POW2(33554432);
-*/
-function LIFT(a:bool) returns (int);
-axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0);
-
-function NOT(a:int) returns (int);
-axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0);
-axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0);
-
-function NULL_CHECK(a:int) returns (int);
-axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0);
-axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0);
-
-const unique g : int;
-axiom(g != 0);
-
-
-procedure main ( ) returns ($result.main$11.5$1$:int)
-
-//TAG: requires __objectOf(g) != 0
-requires(Base(g) != 0);
-
-//TAG: requires __allocated(g)
-requires(alloc[Base(g)] == ALLOCATED);
-
-//TAG: requires __allocated(g + 55)
-requires(alloc[Base(PLUS(g, 4, 55))] == ALLOCATED);
-
-//TAG: Type Safety Precondition
-requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-requires(HasType(g, PA100INT4_name));
-
-{
-var p : int;
-
-assume(HasType(p, PINT4_name));
-p := PLUS(g, 4, 55) ;
-assert(HasType(p, PINT4_name));
-
-}
-
+type name; +type ref; +var alloc:[int]name; + + +function Field(int) returns (name); +function Base(int) returns (int); + +// Constants +const unique UNALLOCATED:name; +const unique ALLOCATED: name; +const unique FREED:name; + +const unique BYTE:name; + +function Equal([int]bool, [int]bool) returns (bool); +function Subset([int]bool, [int]bool) returns (bool); +function Disjoint([int]bool, [int]bool) returns (bool); + +function Empty() returns ([int]bool); +function Singleton(int) returns ([int]bool); +function Reachable([int,int]bool, int) returns ([int]bool); +function Union([int]bool, [int]bool) returns ([int]bool); +function Intersection([int]bool, [int]bool) returns ([int]bool); +function Difference([int]bool, [int]bool) returns ([int]bool); +function Dereference([int]bool, [int]int) returns ([int]bool); +function Inverse(f:[int]int, x:int) returns ([int]bool); + +function AtLeast(int, int) returns ([int]bool); +function Rep(int, int) returns (int); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y)); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]); +axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]); +axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z))); +axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k)); + + +function Array(int, int, int) returns ([int]bool); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty())); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z))))); + + +axiom(forall x:int :: !Empty()[x]); + +axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y); +axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]); + +/* this formulation of Union IS more complete than the earlier one */ +/* (A U B)[e], A[d], A U B = Singleton(c), d != e */ +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]); + +axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y])); +axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y)))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y)))); + +axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]); +axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x)))); +axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x)))); + +axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S)); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]); +axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x])); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x])); +axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x])); + +function Unified([name][int]int) returns ([int]int); +axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]); +axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]); +// Memory model + +var Mem: [name][int]int; + +function Match(a:int, t:name) returns (bool); +function HasType(v:int, t:name) returns (bool); +function Values(t:name) returns ([int]bool); + +axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t)); +axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]); + +// Field declarations + + +// Type declarations + +const unique A100INT4_name:name; +const unique INT4_name:name; +const unique PA100INT4_name:name; +const unique PINT4_name:name; +const unique PPINT4_name:name; + +// Field definitions + +// Type definitions + +axiom(forall a:int :: {Match(a, A100INT4_name)} Subset(Empty(), Array(a, 4, 100))); +axiom(forall a:int, e:int :: {Match(a, A100INT4_name), Array(a, 4, 100)[e]} + Match(a, A100INT4_name) && Array(a, 4, 100)[e] ==> Match(e, INT4_name)); + +axiom(forall a:int :: {Match(a, INT4_name)} + Match(a, INT4_name) <==> Field(a) == INT4_name); +axiom(forall v:int :: HasType(v, INT4_name)); + +axiom(forall a:int :: {Match(a, PA100INT4_name)} + Match(a, PA100INT4_name) <==> Field(a) == PA100INT4_name); +axiom(forall v:int :: {HasType(v, PA100INT4_name)} {Match(v, A100INT4_name)} + HasType(v, PA100INT4_name) <==> (v == 0 || (v > 0 && Match(v, A100INT4_name)))); + +axiom(forall a:int :: {Match(a, PINT4_name)} + Match(a, PINT4_name) <==> Field(a) == PINT4_name); +axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)} + HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name)))); + +axiom(forall a:int :: {Match(a, PPINT4_name)} + Match(a, PPINT4_name) <==> Field(a) == PPINT4_name); +axiom(forall v:int :: {HasType(v, PPINT4_name)} {Match(v, PINT4_name)} + HasType(v, PPINT4_name) <==> (v == 0 || (v > 0 && Match(v, PINT4_name)))); + +function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int); +axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)} +size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1)); + +function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b); + +function PLUS(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b); + +function MULT(a:int, b:int) returns (int); // a*b +axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b); + +function DIV(a:int, b:int) returns (int); // a/b + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1) +); + +function BINARY_BOTH_INT(a:int, b:int) returns (int); +/* +function POW2(a:int) returns (bool); +axiom POW2(1); +axiom POW2(2); +axiom POW2(4); +axiom POW2(8); +axiom POW2(16); +axiom POW2(32); +axiom POW2(64); +axiom POW2(128); +axiom POW2(256); +axiom POW2(512); +axiom POW2(1024); +axiom POW2(2048); +axiom POW2(4096); +axiom POW2(8192); +axiom POW2(16384); +axiom POW2(32768); +axiom POW2(65536); +axiom POW2(131072); +axiom POW2(262144); +axiom POW2(524288); +axiom POW2(1048576); +axiom POW2(2097152); +axiom POW2(4194304); +axiom POW2(8388608); +axiom POW2(16777216); +axiom POW2(33554432); +*/ +function LIFT(a:bool) returns (int); +axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0); + +function NOT(a:int) returns (int); +axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0); +axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0); + +function NULL_CHECK(a:int) returns (int); +axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0); +axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0); + +const unique g : int; +axiom(g != 0); + + +procedure main ( ) returns ($result.main$11.5$1$:int) + +//TAG: requires __objectOf(g) != 0 +requires(Base(g) != 0); + +//TAG: requires __allocated(g) +requires(alloc[Base(g)] == ALLOCATED); + +//TAG: requires __allocated(g + 55) +requires(alloc[Base(PLUS(g, 4, 55))] == ALLOCATED); + +//TAG: Type Safety Precondition +requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +requires(HasType(g, PA100INT4_name)); + +{ +var p : int; + +assume(HasType(p, PINT4_name)); +p := PLUS(g, 4, 55) ; +assert(HasType(p, PINT4_name)); + +} + diff --git a/Test/z3api/boog2.bpl b/Test/z3api/boog2.bpl index 315c51af..812c4054 100644 --- a/Test/z3api/boog2.bpl +++ b/Test/z3api/boog2.bpl @@ -1,24 +1,24 @@ -type ref;
-type Wicket;
-
-var favorite: Wicket;
-var hate: Wicket;
-
-procedure NewFavorite(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation NewFavorite(l: Wicket) {
- favorite:=l;
-}
-
-
-procedure Swap();
- modifies favorite,hate;
- ensures favorite==old(hate);
-
-implementation Swap() {
- hate := favorite;
+type ref; +type Wicket; + +var favorite: Wicket; +var hate: Wicket; + +procedure NewFavorite(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation NewFavorite(l: Wicket) { + favorite:=l; +} + + +procedure Swap(); + modifies favorite,hate; + ensures favorite==old(hate); + +implementation Swap() { + hate := favorite; }
\ No newline at end of file diff --git a/Test/z3api/boog20.bpl b/Test/z3api/boog20.bpl index 10181400..bfcf5f63 100644 --- a/Test/z3api/boog20.bpl +++ b/Test/z3api/boog20.bpl @@ -1,18 +1,18 @@ -type ref;
-
-function PLUS(int, int, int) returns (int);
-function Rep(int, int) returns (int);
-
-//PLUS(a,b,z)
-// ERROR
-
-axiom(forall a:int, b:int, z:int :: Rep(a,b) == Rep(a,0));
-axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) == x));
-// END ERROR
-
-
-procedure main ( )
-{
-assert (PLUS(0, 4, 55)!=0);
-}
-
+type ref; + +function PLUS(int, int, int) returns (int); +function Rep(int, int) returns (int); + +//PLUS(a,b,z) +// ERROR + +axiom(forall a:int, b:int, z:int :: Rep(a,b) == Rep(a,0)); +axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) == x)); +// END ERROR + + +procedure main ( ) +{ +assert (PLUS(0, 4, 55)!=0); +} + diff --git a/Test/z3api/boog21.bpl b/Test/z3api/boog21.bpl index 8e3abde7..dd3ecc76 100644 --- a/Test/z3api/boog21.bpl +++ b/Test/z3api/boog21.bpl @@ -1,19 +1,19 @@ -type ref;
-
-function PLUS(int, int, int) returns (int);
-function Rep(int,int) returns (int);
-
-
-// ERROR
-
-axiom(forall a:int, b:int, z:int :: Rep(a,b) == PLUS(a,b,z
-));
-axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) == x));
-// END ERROR
-
-
-procedure main ( )
-{
-assert (PLUS(0, 4, 55)!=0);
-}
-
+type ref; + +function PLUS(int, int, int) returns (int); +function Rep(int,int) returns (int); + + +// ERROR + +axiom(forall a:int, b:int, z:int :: Rep(a,b) == PLUS(a,b,z +)); +axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) == x)); +// END ERROR + + +procedure main ( ) +{ +assert (PLUS(0, 4, 55)!=0); +} + diff --git a/Test/z3api/boog22.bpl b/Test/z3api/boog22.bpl index c255a3c5..d1b9bc0f 100644 --- a/Test/z3api/boog22.bpl +++ b/Test/z3api/boog22.bpl @@ -1,11 +1,11 @@ -type ref;
-type W;
-
-function f1(W,int) returns (int);
-function f1(W,int,int) returns (int);
-
-procedure main()
-{
- var w: W;
- assert(f1(w,0)==f1(w,0,0));
+type ref; +type W; + +function f1(W,int) returns (int); +function f1(W,int,int) returns (int); + +procedure main() +{ + var w: W; + assert(f1(w,0)==f1(w,0,0)); }
\ No newline at end of file diff --git a/Test/z3api/boog23.bpl b/Test/z3api/boog23.bpl index 4e0fc4d0..346f39d9 100644 --- a/Test/z3api/boog23.bpl +++ b/Test/z3api/boog23.bpl @@ -1,412 +1,412 @@ -type name;
-type ref;
-type byte;
-function OneByteToInt(byte) returns (int);
-function TwoBytesToInt(byte, byte) returns (int);
-function FourBytesToInt(byte, byte, byte, byte) returns (int);
-axiom(forall b0:byte, c0:byte :: {OneByteToInt(b0), OneByteToInt(c0)} OneByteToInt(b0) == OneByteToInt(c0) ==> b0 == c0);
-axiom(forall b0:byte, b1: byte, c0:byte, c1:byte :: {TwoBytesToInt(b0, b1), TwoBytesToInt(c0, c1)} TwoBytesToInt(b0, b1) == TwoBytesToInt(c0, c1) ==> b0 == c0 && b1 == c1);
-axiom(forall b0:byte, b1: byte, b2:byte, b3:byte, c0:byte, c1:byte, c2:byte, c3:byte :: {FourBytesToInt(b0, b1, b2, b3), FourBytesToInt(c0, c1, c2, c3)} FourBytesToInt(b0, b1, b2, b3) == FourBytesToInt(c0, c1, c2, c3) ==> b0 == c0 && b1 == c1 && b2 == c2 && b3 == c3);
-
-// Mutable
-var Mem_BYTE:[int]byte;
-var alloc:[int]name;
-
-
-function Field(int) returns (name);
-function Base(int) returns (int);
-
-// Constants
-const unique UNALLOCATED:name;
-const unique ALLOCATED: name;
-const unique FREED:name;
-
-const unique BYTE:name;
-
-function Equal([int]bool, [int]bool) returns (bool);
-function Subset([int]bool, [int]bool) returns (bool);
-function Disjoint([int]bool, [int]bool) returns (bool);
-
-function Empty() returns ([int]bool);
-function Singleton(int) returns ([int]bool);
-function Reachable([int,int]bool, int) returns ([int]bool);
-function Union([int]bool, [int]bool) returns ([int]bool);
-function Intersection([int]bool, [int]bool) returns ([int]bool);
-function Difference([int]bool, [int]bool) returns ([int]bool);
-function Dereference([int]bool, [int]int) returns ([int]bool);
-function Inverse(f:[int]int, x:int) returns ([int]bool);
-
-function AtLeast(int, int) returns ([int]bool);
-function Rep(int, int) returns (int);
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y));
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]);
-axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]);
-axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z)));
-axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k));
-
-function Array(int, int, int) returns ([int]bool);
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty()));
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z)))));
-
-
-axiom(forall x:int :: !Empty()[x]);
-
-axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y);
-axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]);
-
-/* this formulation of Union IS more complete than the earlier one */
-/* (A U B)[e], A[d], A U B = Singleton(c), d != e */
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]);
-
-axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y]));
-axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]);
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M)));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y))));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y))));
-
-axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]);
-axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x))));
-axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x))));
-
-axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]);
-axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x]));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x]));
-axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x]));
-
-function Unified([name][int]int) returns ([int]int);
-axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]);
-axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]);
-// Memory model
-
-var Mem: [name][int]int;
-
-function Match(a:int, t:name) returns (bool);
-function HasType(v:int, t:name) returns (bool);
-function Values(t:name) returns ([int]bool);
-
-axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t));
-axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]);
-
-// Field declarations
-
-
-// Type declarations
-
-const unique INT4_name:name;
-const unique PINT4_name:name;
-
-// Field definitions
-
-// Type definitions
-
-axiom(forall a:int :: {Match(a, INT4_name)}
- Match(a, INT4_name) <==> Field(a) == INT4_name);
-axiom(forall v:int :: HasType(v, INT4_name));
-
-axiom(forall a:int :: {Match(a, PINT4_name)}
- Match(a, PINT4_name) <==> Field(a) == PINT4_name);
-axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)}
- HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name))));
-
-function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int);
-axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)}
-size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1));
-
-function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b);
-
-function PLUS(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b);
-
-function MULT(a:int, b:int) returns (int); // a*b
-axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b);
-
-function DIV(a:int, b:int) returns (int); // a/b
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1)
-);
-
-function BINARY_BOTH_INT(a:int, b:int) returns (int);
-
-function POW2(a:int) returns (bool);
-axiom POW2(1);
-axiom POW2(2);
-axiom POW2(4);
-axiom POW2(8);
-axiom POW2(16);
-axiom POW2(32);
-axiom POW2(64);
-axiom POW2(128);
-axiom POW2(256);
-axiom POW2(512);
-axiom POW2(1024);
-axiom POW2(2048);
-axiom POW2(4096);
-axiom POW2(8192);
-axiom POW2(16384);
-axiom POW2(32768);
-axiom POW2(65536);
-axiom POW2(131072);
-axiom POW2(262144);
-axiom POW2(524288);
-axiom POW2(1048576);
-axiom POW2(2097152);
-axiom POW2(4194304);
-axiom POW2(8388608);
-axiom POW2(16777216);
-axiom POW2(33554432);
-
-function choose(a:bool, b:int, c:int) returns (x:int);
-axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b);
-axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} !a ==> choose(a,b,c) == c);
-
-function BIT_BAND(a:int, b:int) returns (x:int);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == b ==> BIT_BAND(a,b) == a);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} POW2(a) && POW2(b) && a != b ==> BIT_BAND(a,b) == 0);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == 0 || b == 0 ==> BIT_BAND(a,b) == 0);
-
-function BIT_BOR(a:int, b:int) returns (x:int);
-
-function BIT_BXOR(a:int, b:int) returns (x:int);
-
-function BIT_BNOT(a:int) returns (int);
-
-function LIFT(a:bool) returns (int);
-axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0);
-
-function NOT(a:int) returns (int);
-axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0);
-axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0);
-
-function NULL_CHECK(a:int) returns (int);
-axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0);
-axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0);
-
-procedure nondet_choice() returns (x:int);
-
-
-procedure havoc_assert(i:int);
-requires (i != 0);
-
-procedure havoc_assume(i:int);
-ensures (i != 0);
-
-procedure __HAVOC_free(a:int);
-modifies alloc;
-ensures (forall x:int :: {alloc[x]} x == a || old(alloc)[x] == alloc[x]);
-ensures (alloc[a] == FREED);
-// Additional checks guarded by tranlator flags
-// requires alloc[a] == ALLOCATED;
-// requires Base(a) == a;
-
-procedure __HAVOC_malloc(obj_size:int) returns (new:int);
-requires obj_size >= 0;
-modifies alloc;
-ensures (new > 0);
-ensures (forall x:int :: {Base(x)} new <= x && x < new+obj_size ==> Base(x) == new);
-ensures (forall x:int :: {alloc[x]} x == new || old(alloc)[x] == alloc[x]);
-ensures old(alloc)[new] == UNALLOCATED && alloc[new] == ALLOCATED;
-
-procedure _strdup(str:int) returns (new:int);
-
-procedure _xstrcasecmp(a0:int, a1:int) returns (ret:int);
-
-procedure _xstrcmp(a0:int, a1:int) returns (ret:int);
-
-
-
-
-
-procedure main ( ) returns ($result.main$3.5$1$:int)
-
-modifies alloc;
-//TAG: no freed locations
-ensures(forall f:int :: {alloc[Base(f)]} old(alloc)[Base(f)] == UNALLOCATED || old(alloc)[Base(f)] == alloc[Base(f)]);
-
-modifies Mem;
-//TAG: no updated memory locations
-ensures(forall f: name, m:int :: {Mem[f][m]} Mem[f][m] == old(Mem[f])[m]);
-free ensures(Mem[Field(0)][0] == old(Mem[Field(0)])[0]);
-
-//TAG: Type Safety Precondition
-requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-//TAG: Type Safety Postcondition
-ensures(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-ensures(HasType($result.main$3.5$1$, INT4_name));
-{
-var havoc_stringTemp:int;
-var condVal:int;
-var $a$1$4.6$main : int;
-var b : int;
-var c : int;
-var flag : int;
-var tempBoogie0:int;
-var tempBoogie1:int;
-var tempBoogie2:int;
-var tempBoogie3:int;
-var tempBoogie4:int;
-var tempBoogie5:int;
-var tempBoogie6:int;
-var tempBoogie7:int;
-var tempBoogie8:int;
-var tempBoogie9:int;
-var tempBoogie10:int;
-var tempBoogie11:int;
-var tempBoogie12:int;
-var tempBoogie13:int;
-var tempBoogie14:int;
-var tempBoogie15:int;
-var tempBoogie16:int;
-var tempBoogie17:int;
-var tempBoogie18:int;
-var tempBoogie19:int;
-
-
-start:
-
-assume(HasType($a$1$4.6$main, INT4_name));
-assume(HasType(b, INT4_name));
-assume(HasType(c, INT4_name));
-assume(HasType(flag, INT4_name));
-assume(HasType($result.main$3.5$1$, INT4_name));
-goto label_3;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(20)
-label_1:
-assume (forall m:int :: {Mem[Field(m)][m]} alloc[Base(m)] != ALLOCATED && old(alloc)[Base(m)] != ALLOCATED ==> Mem[Field(m)][m] == old(Mem[Field(m)])[m]);
-return;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(20)
-label_2:
-assume false;
-return;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4)
-label_3:
-goto label_4;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4)
-label_4:
-goto label_5;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4)
-label_5:
-goto label_6;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(5)
-label_6:
-goto label_7;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(7)
-label_7:
-c := LIFT(b < $a$1$4.6$main) ;
-//TAG: Type Safety Assertion
-assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-assert(HasType($a$1$4.6$main, INT4_name));
-assert(HasType(b, INT4_name));
-assert(HasType(c, INT4_name));
-assert(HasType(flag, INT4_name));
-goto label_8;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(9)
-label_8:
-goto label_8_true , label_8_false ;
-
-
-label_8_true :
-assume (c != 0);
-goto label_10;
-
-
-label_8_false :
-assume (c == 0);
-goto label_9;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(12)
-label_9:
-flag := 0 ;
-//TAG: Type Safety Assertion
-assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-assert(HasType($a$1$4.6$main, INT4_name));
-assert(HasType(b, INT4_name));
-assert(HasType(c, INT4_name));
-assert(HasType(flag, INT4_name));
-goto label_11;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(10)
-label_10:
-flag := 1 ;
-//TAG: Type Safety Assertion
-assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-assert(HasType($a$1$4.6$main, INT4_name));
-assert(HasType(b, INT4_name));
-assert(HasType(c, INT4_name));
-assert(HasType(flag, INT4_name));
-goto label_11;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(15)
-label_11:
-goto label_11_true , label_11_false ;
-
-
-label_11_true :
-assume (b < $a$1$4.6$main);
-goto label_13;
-
-
-label_11_false :
-assume !(b < $a$1$4.6$main);
-goto label_12;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(18)
-label_12:
-//TAG: flag == 0
-assert (flag == 0);
-goto label_1;
-
-
-// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(16)
-label_13:
-//TAG: flag == 1
-assert (flag == 1);
-goto label_1;
-
-}
-
+type name; +type ref; +type byte; +function OneByteToInt(byte) returns (int); +function TwoBytesToInt(byte, byte) returns (int); +function FourBytesToInt(byte, byte, byte, byte) returns (int); +axiom(forall b0:byte, c0:byte :: {OneByteToInt(b0), OneByteToInt(c0)} OneByteToInt(b0) == OneByteToInt(c0) ==> b0 == c0); +axiom(forall b0:byte, b1: byte, c0:byte, c1:byte :: {TwoBytesToInt(b0, b1), TwoBytesToInt(c0, c1)} TwoBytesToInt(b0, b1) == TwoBytesToInt(c0, c1) ==> b0 == c0 && b1 == c1); +axiom(forall b0:byte, b1: byte, b2:byte, b3:byte, c0:byte, c1:byte, c2:byte, c3:byte :: {FourBytesToInt(b0, b1, b2, b3), FourBytesToInt(c0, c1, c2, c3)} FourBytesToInt(b0, b1, b2, b3) == FourBytesToInt(c0, c1, c2, c3) ==> b0 == c0 && b1 == c1 && b2 == c2 && b3 == c3); + +// Mutable +var Mem_BYTE:[int]byte; +var alloc:[int]name; + + +function Field(int) returns (name); +function Base(int) returns (int); + +// Constants +const unique UNALLOCATED:name; +const unique ALLOCATED: name; +const unique FREED:name; + +const unique BYTE:name; + +function Equal([int]bool, [int]bool) returns (bool); +function Subset([int]bool, [int]bool) returns (bool); +function Disjoint([int]bool, [int]bool) returns (bool); + +function Empty() returns ([int]bool); +function Singleton(int) returns ([int]bool); +function Reachable([int,int]bool, int) returns ([int]bool); +function Union([int]bool, [int]bool) returns ([int]bool); +function Intersection([int]bool, [int]bool) returns ([int]bool); +function Difference([int]bool, [int]bool) returns ([int]bool); +function Dereference([int]bool, [int]int) returns ([int]bool); +function Inverse(f:[int]int, x:int) returns ([int]bool); + +function AtLeast(int, int) returns ([int]bool); +function Rep(int, int) returns (int); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y)); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]); +axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]); +axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z))); +axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k)); + +function Array(int, int, int) returns ([int]bool); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty())); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z))))); + + +axiom(forall x:int :: !Empty()[x]); + +axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y); +axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]); + +/* this formulation of Union IS more complete than the earlier one */ +/* (A U B)[e], A[d], A U B = Singleton(c), d != e */ +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]); + +axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y])); +axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y)))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y)))); + +axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]); +axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x)))); +axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x)))); + +axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S)); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]); +axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x])); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x])); +axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x])); + +function Unified([name][int]int) returns ([int]int); +axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]); +axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]); +// Memory model + +var Mem: [name][int]int; + +function Match(a:int, t:name) returns (bool); +function HasType(v:int, t:name) returns (bool); +function Values(t:name) returns ([int]bool); + +axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t)); +axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]); + +// Field declarations + + +// Type declarations + +const unique INT4_name:name; +const unique PINT4_name:name; + +// Field definitions + +// Type definitions + +axiom(forall a:int :: {Match(a, INT4_name)} + Match(a, INT4_name) <==> Field(a) == INT4_name); +axiom(forall v:int :: HasType(v, INT4_name)); + +axiom(forall a:int :: {Match(a, PINT4_name)} + Match(a, PINT4_name) <==> Field(a) == PINT4_name); +axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)} + HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name)))); + +function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int); +axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)} +size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1)); + +function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b); + +function PLUS(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b); + +function MULT(a:int, b:int) returns (int); // a*b +axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b); + +function DIV(a:int, b:int) returns (int); // a/b + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1) +); + +function BINARY_BOTH_INT(a:int, b:int) returns (int); + +function POW2(a:int) returns (bool); +axiom POW2(1); +axiom POW2(2); +axiom POW2(4); +axiom POW2(8); +axiom POW2(16); +axiom POW2(32); +axiom POW2(64); +axiom POW2(128); +axiom POW2(256); +axiom POW2(512); +axiom POW2(1024); +axiom POW2(2048); +axiom POW2(4096); +axiom POW2(8192); +axiom POW2(16384); +axiom POW2(32768); +axiom POW2(65536); +axiom POW2(131072); +axiom POW2(262144); +axiom POW2(524288); +axiom POW2(1048576); +axiom POW2(2097152); +axiom POW2(4194304); +axiom POW2(8388608); +axiom POW2(16777216); +axiom POW2(33554432); + +function choose(a:bool, b:int, c:int) returns (x:int); +axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b); +axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} !a ==> choose(a,b,c) == c); + +function BIT_BAND(a:int, b:int) returns (x:int); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == b ==> BIT_BAND(a,b) == a); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} POW2(a) && POW2(b) && a != b ==> BIT_BAND(a,b) == 0); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == 0 || b == 0 ==> BIT_BAND(a,b) == 0); + +function BIT_BOR(a:int, b:int) returns (x:int); + +function BIT_BXOR(a:int, b:int) returns (x:int); + +function BIT_BNOT(a:int) returns (int); + +function LIFT(a:bool) returns (int); +axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0); + +function NOT(a:int) returns (int); +axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0); +axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0); + +function NULL_CHECK(a:int) returns (int); +axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0); +axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0); + +procedure nondet_choice() returns (x:int); + + +procedure havoc_assert(i:int); +requires (i != 0); + +procedure havoc_assume(i:int); +ensures (i != 0); + +procedure __HAVOC_free(a:int); +modifies alloc; +ensures (forall x:int :: {alloc[x]} x == a || old(alloc)[x] == alloc[x]); +ensures (alloc[a] == FREED); +// Additional checks guarded by tranlator flags +// requires alloc[a] == ALLOCATED; +// requires Base(a) == a; + +procedure __HAVOC_malloc(obj_size:int) returns (new:int); +requires obj_size >= 0; +modifies alloc; +ensures (new > 0); +ensures (forall x:int :: {Base(x)} new <= x && x < new+obj_size ==> Base(x) == new); +ensures (forall x:int :: {alloc[x]} x == new || old(alloc)[x] == alloc[x]); +ensures old(alloc)[new] == UNALLOCATED && alloc[new] == ALLOCATED; + +procedure _strdup(str:int) returns (new:int); + +procedure _xstrcasecmp(a0:int, a1:int) returns (ret:int); + +procedure _xstrcmp(a0:int, a1:int) returns (ret:int); + + + + + +procedure main ( ) returns ($result.main$3.5$1$:int) + +modifies alloc; +//TAG: no freed locations +ensures(forall f:int :: {alloc[Base(f)]} old(alloc)[Base(f)] == UNALLOCATED || old(alloc)[Base(f)] == alloc[Base(f)]); + +modifies Mem; +//TAG: no updated memory locations +ensures(forall f: name, m:int :: {Mem[f][m]} Mem[f][m] == old(Mem[f])[m]); +free ensures(Mem[Field(0)][0] == old(Mem[Field(0)])[0]); + +//TAG: Type Safety Precondition +requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +//TAG: Type Safety Postcondition +ensures(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +ensures(HasType($result.main$3.5$1$, INT4_name)); +{ +var havoc_stringTemp:int; +var condVal:int; +var $a$1$4.6$main : int; +var b : int; +var c : int; +var flag : int; +var tempBoogie0:int; +var tempBoogie1:int; +var tempBoogie2:int; +var tempBoogie3:int; +var tempBoogie4:int; +var tempBoogie5:int; +var tempBoogie6:int; +var tempBoogie7:int; +var tempBoogie8:int; +var tempBoogie9:int; +var tempBoogie10:int; +var tempBoogie11:int; +var tempBoogie12:int; +var tempBoogie13:int; +var tempBoogie14:int; +var tempBoogie15:int; +var tempBoogie16:int; +var tempBoogie17:int; +var tempBoogie18:int; +var tempBoogie19:int; + + +start: + +assume(HasType($a$1$4.6$main, INT4_name)); +assume(HasType(b, INT4_name)); +assume(HasType(c, INT4_name)); +assume(HasType(flag, INT4_name)); +assume(HasType($result.main$3.5$1$, INT4_name)); +goto label_3; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(20) +label_1: +assume (forall m:int :: {Mem[Field(m)][m]} alloc[Base(m)] != ALLOCATED && old(alloc)[Base(m)] != ALLOCATED ==> Mem[Field(m)][m] == old(Mem[Field(m)])[m]); +return; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(20) +label_2: +assume false; +return; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4) +label_3: +goto label_4; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4) +label_4: +goto label_5; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(4) +label_5: +goto label_6; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(5) +label_6: +goto label_7; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(7) +label_7: +c := LIFT(b < $a$1$4.6$main) ; +//TAG: Type Safety Assertion +assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +assert(HasType($a$1$4.6$main, INT4_name)); +assert(HasType(b, INT4_name)); +assert(HasType(c, INT4_name)); +assert(HasType(flag, INT4_name)); +goto label_8; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(9) +label_8: +goto label_8_true , label_8_false ; + + +label_8_true : +assume (c != 0); +goto label_10; + + +label_8_false : +assume (c == 0); +goto label_9; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(12) +label_9: +flag := 0 ; +//TAG: Type Safety Assertion +assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +assert(HasType($a$1$4.6$main, INT4_name)); +assert(HasType(b, INT4_name)); +assert(HasType(c, INT4_name)); +assert(HasType(flag, INT4_name)); +goto label_11; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(10) +label_10: +flag := 1 ; +//TAG: Type Safety Assertion +assert(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +assert(HasType($a$1$4.6$main, INT4_name)); +assert(HasType(b, INT4_name)); +assert(HasType(c, INT4_name)); +assert(HasType(flag, INT4_name)); +goto label_11; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(15) +label_11: +goto label_11_true , label_11_false ; + + +label_11_true : +assume (b < $a$1$4.6$main); +goto label_13; + + +label_11_false : +assume !(b < $a$1$4.6$main); +goto label_12; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(18) +label_12: +//TAG: flag == 0 +assert (flag == 0); +goto label_1; + + +// c:\espmain1\esp\tests\hvregr\split_memory\014\bool_vals_gt.c(16) +label_13: +//TAG: flag == 1 +assert (flag == 1); +goto label_1; + +} + diff --git a/Test/z3api/boog25.bpl b/Test/z3api/boog25.bpl index 0ee4163c..eff6e2fb 100644 --- a/Test/z3api/boog25.bpl +++ b/Test/z3api/boog25.bpl @@ -1,284 +1,284 @@ -type name;
-type ref;
-type byte;
-function OneByteToInt(byte) returns (int);
-function TwoBytesToInt(byte, byte) returns (int);
-function FourBytesToInt(byte, byte, byte, byte) returns (int);
-axiom(forall b0:byte, c0:byte :: {OneByteToInt(b0), OneByteToInt(c0)} OneByteToInt(b0) == OneByteToInt(c0) ==> b0 == c0);
-axiom(forall b0:byte, b1: byte, c0:byte, c1:byte :: {TwoBytesToInt(b0, b1), TwoBytesToInt(c0, c1)} TwoBytesToInt(b0, b1) == TwoBytesToInt(c0, c1) ==> b0 == c0 && b1 == c1);
-axiom(forall b0:byte, b1: byte, b2:byte, b3:byte, c0:byte, c1:byte, c2:byte, c3:byte :: {FourBytesToInt(b0, b1, b2, b3), FourBytesToInt(c0, c1, c2, c3)} FourBytesToInt(b0, b1, b2, b3) == FourBytesToInt(c0, c1, c2, c3) ==> b0 == c0 && b1 == c1 && b2 == c2 && b3 == c3);
-
-// Mutable
-var Mem_BYTE:[int]byte;
-var alloc:[int]name;
-
-
-function Field(int) returns (name);
-function Base(int) returns (int);
-
-// Constants
-const unique UNALLOCATED:name;
-const unique ALLOCATED: name;
-const unique FREED:name;
-
-const unique BYTE:name;
-
-function Equal([int]bool, [int]bool) returns (bool);
-function Subset([int]bool, [int]bool) returns (bool);
-function Disjoint([int]bool, [int]bool) returns (bool);
-
-function Empty() returns ([int]bool);
-function Singleton(int) returns ([int]bool);
-function Reachable([int,int]bool, int) returns ([int]bool);
-function Union([int]bool, [int]bool) returns ([int]bool);
-function Intersection([int]bool, [int]bool) returns ([int]bool);
-function Difference([int]bool, [int]bool) returns ([int]bool);
-function Dereference([int]bool, [int]int) returns ([int]bool);
-function Inverse(f:[int]int, x:int) returns ([int]bool);
-
-function AtLeast(int, int) returns ([int]bool);
-function Rep(int, int) returns (int);
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y));
-axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]);
-axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]);
-axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z)));
-axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k));
-
-/*
-function AtLeast(int, int) returns ([int]bool);
-function ModEqual(int, int, int) returns (bool);
-axiom(forall n:int, x:int :: ModEqual(n,x,x));
-axiom(forall n:int, x:int, y:int :: {ModEqual(n,x,y)} ModEqual(n,x,y) ==> ModEqual(n,y,x));
-axiom(forall n:int, x:int, y:int, z:int :: {ModEqual(n,x,y), ModEqual(n,y,z)} ModEqual(n,x,y) && ModEqual(n,y,z) ==> ModEqual(n,x,z));
-axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} ModEqual(n,x,PLUS(x,n,z)));
-axiom(forall n:int, x:int, y:int :: {ModEqual(n,x,y)} ModEqual(n,x,y) ==> (exists k:int :: x - y == n*k));
-axiom(forall x:int, n:int, y:int :: {AtLeast(n,x)[y]}{ModEqual(n,x,y)} AtLeast(n,x)[y] <==> x <= y && ModEqual(n,x,y));
-axiom(forall x:int, n:int :: {AtLeast(n,x)} AtLeast(n,x)[x]);
-*/
-
-function Array(int, int, int) returns ([int]bool);
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty()));
-axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z)))));
-
-
-axiom(forall x:int :: !Empty()[x]);
-
-axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y);
-axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]);
-
-/* this formulation of Union IS more complete than the earlier one */
-/* (A U B)[e], A[d], A U B = Singleton(c), d != e */
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]);
-
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]);
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]);
-
-axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y]));
-axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]);
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M)));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y))));
-axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])}
- S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y))));
-
-axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]);
-axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x))));
-axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x))));
-
-axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]);
-axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x]));
-axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x]));
-axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x]));
-
-function Unified([name][int]int) returns ([int]int);
-axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]);
-axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]);
-// Memory model
-
-var Mem: [name][int]int;
-
-function Match(a:int, t:name) returns (bool);
-function HasType(v:int, t:name) returns (bool);
-function Values(t:name) returns ([int]bool);
-
-axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t));
-axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]);
-
-// Field declarations
-
-
-// Type declarations
-
-const unique INT4_name:name;
-const unique PINT4_name:name;
-
-// Field definitions
-
-// Type definitions
-
-axiom(forall a:int :: {Match(a, INT4_name)}
- Match(a, INT4_name) <==> Field(a) == INT4_name);
-axiom(forall v:int :: HasType(v, INT4_name));
-
-axiom(forall a:int :: {Match(a, PINT4_name)}
- Match(a, PINT4_name) <==> Field(a) == PINT4_name);
-axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)}
- HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name))));
-
-function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int);
-axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)}
-size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1));
-
-function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b);
-
-function PLUS(a:int, a_size:int, b:int) returns (int);
-axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b);
-
-function MULT(a:int, b:int) returns (int); // a*b
-axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b);
-
-function DIV(a:int, b:int) returns (int); // a/b
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1)
-);
-
-axiom(forall a:int, b:int :: {DIV(a,b)}
-a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1)
-);
-
-function BINARY_BOTH_INT(a:int, b:int) returns (int);
-
-function POW2(a:int) returns (bool);
-axiom POW2(1);
-axiom POW2(2);
-axiom POW2(4);
-axiom POW2(8);
-axiom POW2(16);
-axiom POW2(32);
-axiom POW2(64);
-axiom POW2(128);
-axiom POW2(256);
-axiom POW2(512);
-axiom POW2(1024);
-axiom POW2(2048);
-axiom POW2(4096);
-axiom POW2(8192);
-axiom POW2(16384);
-axiom POW2(32768);
-axiom POW2(65536);
-axiom POW2(131072);
-axiom POW2(262144);
-axiom POW2(524288);
-axiom POW2(1048576);
-axiom POW2(2097152);
-axiom POW2(4194304);
-axiom POW2(8388608);
-axiom POW2(16777216);
-axiom POW2(33554432);
-
-function choose(a:bool, b:int, c:int) returns (x:int);
-axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b);
-axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} !a ==> choose(a,b,c) == c);
-
-function BIT_BAND(a:int, b:int) returns (x:int);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == b ==> BIT_BAND(a,b) == a);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} POW2(a) && POW2(b) && a != b ==> BIT_BAND(a,b) == 0);
-axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == 0 || b == 0 ==> BIT_BAND(a,b) == 0);
-
-function BIT_BOR(a:int, b:int) returns (x:int);
-
-function BIT_BXOR(a:int, b:int) returns (x:int);
-
-function BIT_BNOT(a:int) returns (int);
-
-function LIFT(a:bool) returns (int);
-axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0);
-
-function NOT(a:int) returns (int);
-axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0);
-axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0);
-
-function NULL_CHECK(a:int) returns (int);
-axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0);
-axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0);
-
-procedure nondet_choice() returns (x:int);
-
-
-procedure havoc_assert(i:int);
-requires (i != 0);
-
-procedure havoc_assume(i:int);
-ensures (i != 0);
-
-procedure __HAVOC_free(a:int);
-modifies alloc;
-ensures (forall x:int :: {alloc[x]} x == a || old(alloc)[x] == alloc[x]);
-ensures (alloc[a] == FREED);
-// Additional checks guarded by tranlator flags
-// requires alloc[a] == ALLOCATED;
-// requires Base(a) == a;
-
-procedure __HAVOC_malloc(obj_size:int) returns (new:int);
-requires obj_size >= 0;
-modifies alloc;
-ensures (new > 0);
-ensures (forall x:int :: {Base(x)} new <= x && x < new+obj_size ==> Base(x) == new);
-ensures (forall x:int :: {alloc[x]} x == new || old(alloc)[x] == alloc[x]);
-ensures old(alloc)[new] == UNALLOCATED && alloc[new] == ALLOCATED;
-
-procedure _strdup(str:int) returns (new:int);
-
-procedure _xstrcasecmp(a0:int, a1:int) returns (ret:int);
-
-procedure _xstrcmp(a0:int, a1:int) returns (ret:int);
-
-
-
-
-
-procedure main ( ) returns ($result.main$3.5$1$:int)
-
-modifies alloc;
-//TAG: no freed locations
-ensures(forall f:int :: {alloc[Base(f)]} old(alloc)[Base(f)] == UNALLOCATED || old(alloc)[Base(f)] == alloc[Base(f)]);
-
-modifies Mem;
-//TAG: no updated memory locations
-ensures(forall f: name, m:int :: {Mem[f][m]} Mem[f][m] == old(Mem[f])[m]);
-free ensures(Mem[Field(0)][0] == old(Mem[Field(0)])[0]);
-
-//TAG: Type Safety Precondition
-requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-//TAG: Type Safety Postcondition
-ensures(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a)));
-ensures(HasType($result.main$3.5$1$, INT4_name));
-{
-
-var a : int;
-var b : int;
-var c : int;
-
-c := LIFT (b < a) ;
-assert (c != 0 <==> b < a);
-
-
-}
-
+type name; +type ref; +type byte; +function OneByteToInt(byte) returns (int); +function TwoBytesToInt(byte, byte) returns (int); +function FourBytesToInt(byte, byte, byte, byte) returns (int); +axiom(forall b0:byte, c0:byte :: {OneByteToInt(b0), OneByteToInt(c0)} OneByteToInt(b0) == OneByteToInt(c0) ==> b0 == c0); +axiom(forall b0:byte, b1: byte, c0:byte, c1:byte :: {TwoBytesToInt(b0, b1), TwoBytesToInt(c0, c1)} TwoBytesToInt(b0, b1) == TwoBytesToInt(c0, c1) ==> b0 == c0 && b1 == c1); +axiom(forall b0:byte, b1: byte, b2:byte, b3:byte, c0:byte, c1:byte, c2:byte, c3:byte :: {FourBytesToInt(b0, b1, b2, b3), FourBytesToInt(c0, c1, c2, c3)} FourBytesToInt(b0, b1, b2, b3) == FourBytesToInt(c0, c1, c2, c3) ==> b0 == c0 && b1 == c1 && b2 == c2 && b3 == c3); + +// Mutable +var Mem_BYTE:[int]byte; +var alloc:[int]name; + + +function Field(int) returns (name); +function Base(int) returns (int); + +// Constants +const unique UNALLOCATED:name; +const unique ALLOCATED: name; +const unique FREED:name; + +const unique BYTE:name; + +function Equal([int]bool, [int]bool) returns (bool); +function Subset([int]bool, [int]bool) returns (bool); +function Disjoint([int]bool, [int]bool) returns (bool); + +function Empty() returns ([int]bool); +function Singleton(int) returns ([int]bool); +function Reachable([int,int]bool, int) returns ([int]bool); +function Union([int]bool, [int]bool) returns ([int]bool); +function Intersection([int]bool, [int]bool) returns ([int]bool); +function Difference([int]bool, [int]bool) returns ([int]bool); +function Dereference([int]bool, [int]int) returns ([int]bool); +function Inverse(f:[int]int, x:int) returns ([int]bool); + +function AtLeast(int, int) returns ([int]bool); +function Rep(int, int) returns (int); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x)[y]} AtLeast(n,x)[y] ==> x <= y && Rep(n,x) == Rep(n,y)); +axiom(forall n:int, x:int, y:int :: {AtLeast(n,x),Rep(n,x),Rep(n,y)} x <= y && Rep(n,x) == Rep(n,y) ==> AtLeast(n,x)[y]); +axiom(forall n:int, x:int :: {AtLeast(n,x)} AtLeast(n,x)[x]); +axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} Rep(n,x) == Rep(n,PLUS(x,n,z))); +axiom(forall n:int, x:int :: {Rep(n,x)} (exists k:int :: Rep(n,x) - x == n*k)); + +/* +function AtLeast(int, int) returns ([int]bool); +function ModEqual(int, int, int) returns (bool); +axiom(forall n:int, x:int :: ModEqual(n,x,x)); +axiom(forall n:int, x:int, y:int :: {ModEqual(n,x,y)} ModEqual(n,x,y) ==> ModEqual(n,y,x)); +axiom(forall n:int, x:int, y:int, z:int :: {ModEqual(n,x,y), ModEqual(n,y,z)} ModEqual(n,x,y) && ModEqual(n,y,z) ==> ModEqual(n,x,z)); +axiom(forall n:int, x:int, z:int :: {PLUS(x,n,z)} ModEqual(n,x,PLUS(x,n,z))); +axiom(forall n:int, x:int, y:int :: {ModEqual(n,x,y)} ModEqual(n,x,y) ==> (exists k:int :: x - y == n*k)); +axiom(forall x:int, n:int, y:int :: {AtLeast(n,x)[y]}{ModEqual(n,x,y)} AtLeast(n,x)[y] <==> x <= y && ModEqual(n,x,y)); +axiom(forall x:int, n:int :: {AtLeast(n,x)} AtLeast(n,x)[x]); +*/ + +function Array(int, int, int) returns ([int]bool); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z <= 0 ==> Equal(Array(x,n,z), Empty())); +axiom(forall x:int, n:int, z:int :: {Array(x,n,z)} z > 0 ==> Equal(Array(x,n,z), Difference(AtLeast(n,x),AtLeast(n,PLUS(x,n,z))))); + + +axiom(forall x:int :: !Empty()[x]); + +axiom(forall x:int, y:int :: {Singleton(y)[x]} Singleton(y)[x] <==> x == y); +axiom(forall y:int :: {Singleton(y)} Singleton(y)[y]); + +/* this formulation of Union IS more complete than the earlier one */ +/* (A U B)[e], A[d], A U B = Singleton(c), d != e */ +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T)[x]} Union(S,T)[x] <==> S[x] || T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), S[x]} S[x] ==> Union(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Union(S,T), T[x]} T[x] ==> Union(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T)[x]} Intersection(S,T)[x] <==> S[x] && T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), S[x]} S[x] && T[x] ==> Intersection(S,T)[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Intersection(S,T), T[x]} S[x] && T[x] ==> Intersection(S,T)[x]); + +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T)[x]} Difference(S,T)[x] <==> S[x] && !T[x]); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {Difference(S,T), S[x]} S[x] ==> Difference(S,T)[x] || T[x]); + +axiom(forall x:int, S:[int]bool, M:[int]int :: {Dereference(S,M)[x]} Dereference(S,M)[x] ==> (exists y:int :: x == M[y] && S[y])); +axiom(forall x:int, S:[int]bool, M:[int]int :: {M[x], S[x], Dereference(S,M)} S[x] ==> Dereference(S,M)[M[x]]); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} !S[x] ==> Equal(Dereference(S,M[x := y]), Dereference(S,M))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Difference(Dereference(S,M), Singleton(M[x])), Singleton(y)))); +axiom(forall x:int, y:int, S:[int]bool, M:[int]int :: {Dereference(S,M[x := y])} + S[x] && !Equal(Intersection(Inverse(M,M[x]), S), Singleton(x)) ==> Equal(Dereference(S,M[x := y]), Union(Dereference(S,M), Singleton(y)))); + +axiom(forall f:[int]int, x:int :: {Inverse(f,f[x])} Inverse(f,f[x])[x]); +axiom(forall f:[int]int, x:int, y:int :: {Inverse(f[x := y],y)} Equal(Inverse(f[x := y],y), Union(Inverse(f,y), Singleton(x)))); +axiom(forall f:[int]int, x:int, y:int, z:int :: {Inverse(f[x := y],z)} y == z || Equal(Inverse(f[x := y],z), Difference(Inverse(f,z), Singleton(x)))); + +axiom(forall S:[int]bool, T:[int]bool :: {Equal(S,T)} Equal(S,T) <==> Subset(S,T) && Subset(T,S)); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Subset(S,T)} S[x] && Subset(S,T) ==> T[x]); +axiom(forall S:[int]bool, T:[int]bool :: {Subset(S,T)} Subset(S,T) || (exists x:int :: S[x] && !T[x])); +axiom(forall x:int, S:[int]bool, T:[int]bool :: {S[x], Disjoint(S,T), T[x]} !(S[x] && Disjoint(S,T) && T[x])); +axiom(forall S:[int]bool, T:[int]bool :: {Disjoint(S,T)} Disjoint(S,T) || (exists x:int :: S[x] && T[x])); + +function Unified([name][int]int) returns ([int]int); +axiom(forall M:[name][int]int, x:int :: {Unified(M)[x]} Unified(M)[x] == M[Field(x)][x]); +axiom(forall M:[name][int]int, x:int, y:int :: {Unified(M[Field(x) := M[Field(x)][x := y]])} Unified(M[Field(x) := M[Field(x)][x := y]]) == Unified(M)[x := y]); +// Memory model + +var Mem: [name][int]int; + +function Match(a:int, t:name) returns (bool); +function HasType(v:int, t:name) returns (bool); +function Values(t:name) returns ([int]bool); + +axiom(forall v:int, t:name :: {Values(t)[v]} Values(t)[v] ==> HasType(v, t)); +axiom(forall v:int, t:name :: {HasType(v, t), Values(t)} HasType(v, t) ==> Values(t)[v]); + +// Field declarations + + +// Type declarations + +const unique INT4_name:name; +const unique PINT4_name:name; + +// Field definitions + +// Type definitions + +axiom(forall a:int :: {Match(a, INT4_name)} + Match(a, INT4_name) <==> Field(a) == INT4_name); +axiom(forall v:int :: HasType(v, INT4_name)); + +axiom(forall a:int :: {Match(a, PINT4_name)} + Match(a, PINT4_name) <==> Field(a) == PINT4_name); +axiom(forall v:int :: {HasType(v, PINT4_name)} {Match(v, INT4_name)} + HasType(v, PINT4_name) <==> (v == 0 || (v > 0 && Match(v, INT4_name)))); + +function MINUS_BOTH_PTR_OR_BOTH_INT(a:int, b:int, size:int) returns (int); +axiom(forall a:int, b:int, size:int :: {MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size)} +size * MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) <= a - b && a - b < size * (MINUS_BOTH_PTR_OR_BOTH_INT(a,b,size) + 1)); + +function MINUS_LEFT_PTR(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {MINUS_LEFT_PTR(a,a_size,b)} MINUS_LEFT_PTR(a,a_size,b) == a - a_size * b); + +function PLUS(a:int, a_size:int, b:int) returns (int); +axiom(forall a:int, a_size:int, b:int :: {PLUS(a,a_size,b)} PLUS(a,a_size,b) == a + a_size * b); + +function MULT(a:int, b:int) returns (int); // a*b +axiom(forall a:int, b:int :: {MULT(a,b)} MULT(a,b) == a * b); + +function DIV(a:int, b:int) returns (int); // a/b + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b > 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) + 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a >= 0 && b < 0 ==> b * DIV(a,b) <= a && a < b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b > 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) - 1) +); + +axiom(forall a:int, b:int :: {DIV(a,b)} +a < 0 && b < 0 ==> b * DIV(a,b) >= a && a > b * (DIV(a,b) + 1) +); + +function BINARY_BOTH_INT(a:int, b:int) returns (int); + +function POW2(a:int) returns (bool); +axiom POW2(1); +axiom POW2(2); +axiom POW2(4); +axiom POW2(8); +axiom POW2(16); +axiom POW2(32); +axiom POW2(64); +axiom POW2(128); +axiom POW2(256); +axiom POW2(512); +axiom POW2(1024); +axiom POW2(2048); +axiom POW2(4096); +axiom POW2(8192); +axiom POW2(16384); +axiom POW2(32768); +axiom POW2(65536); +axiom POW2(131072); +axiom POW2(262144); +axiom POW2(524288); +axiom POW2(1048576); +axiom POW2(2097152); +axiom POW2(4194304); +axiom POW2(8388608); +axiom POW2(16777216); +axiom POW2(33554432); + +function choose(a:bool, b:int, c:int) returns (x:int); +axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} a ==> choose(a,b,c) == b); +axiom(forall a:bool, b:int, c:int :: {choose(a,b,c)} !a ==> choose(a,b,c) == c); + +function BIT_BAND(a:int, b:int) returns (x:int); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == b ==> BIT_BAND(a,b) == a); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} POW2(a) && POW2(b) && a != b ==> BIT_BAND(a,b) == 0); +axiom(forall a:int, b:int :: {BIT_BAND(a,b)} a == 0 || b == 0 ==> BIT_BAND(a,b) == 0); + +function BIT_BOR(a:int, b:int) returns (x:int); + +function BIT_BXOR(a:int, b:int) returns (x:int); + +function BIT_BNOT(a:int) returns (int); + +function LIFT(a:bool) returns (int); +axiom(forall a:bool :: {LIFT(a)} a <==> LIFT(a) != 0); + +function NOT(a:int) returns (int); +axiom(forall a:int :: {NOT(a)} a == 0 ==> NOT(a) != 0); +axiom(forall a:int :: {NOT(a)} a != 0 ==> NOT(a) == 0); + +function NULL_CHECK(a:int) returns (int); +axiom(forall a:int :: {NULL_CHECK(a)} a == 0 ==> NULL_CHECK(a) != 0); +axiom(forall a:int :: {NULL_CHECK(a)} a != 0 ==> NULL_CHECK(a) == 0); + +procedure nondet_choice() returns (x:int); + + +procedure havoc_assert(i:int); +requires (i != 0); + +procedure havoc_assume(i:int); +ensures (i != 0); + +procedure __HAVOC_free(a:int); +modifies alloc; +ensures (forall x:int :: {alloc[x]} x == a || old(alloc)[x] == alloc[x]); +ensures (alloc[a] == FREED); +// Additional checks guarded by tranlator flags +// requires alloc[a] == ALLOCATED; +// requires Base(a) == a; + +procedure __HAVOC_malloc(obj_size:int) returns (new:int); +requires obj_size >= 0; +modifies alloc; +ensures (new > 0); +ensures (forall x:int :: {Base(x)} new <= x && x < new+obj_size ==> Base(x) == new); +ensures (forall x:int :: {alloc[x]} x == new || old(alloc)[x] == alloc[x]); +ensures old(alloc)[new] == UNALLOCATED && alloc[new] == ALLOCATED; + +procedure _strdup(str:int) returns (new:int); + +procedure _xstrcasecmp(a0:int, a1:int) returns (ret:int); + +procedure _xstrcmp(a0:int, a1:int) returns (ret:int); + + + + + +procedure main ( ) returns ($result.main$3.5$1$:int) + +modifies alloc; +//TAG: no freed locations +ensures(forall f:int :: {alloc[Base(f)]} old(alloc)[Base(f)] == UNALLOCATED || old(alloc)[Base(f)] == alloc[Base(f)]); + +modifies Mem; +//TAG: no updated memory locations +ensures(forall f: name, m:int :: {Mem[f][m]} Mem[f][m] == old(Mem[f])[m]); +free ensures(Mem[Field(0)][0] == old(Mem[Field(0)])[0]); + +//TAG: Type Safety Precondition +requires(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +//TAG: Type Safety Postcondition +ensures(forall a:int :: {Mem[Field(a)][a]} HasType(Mem[Field(a)][a], Field(a))); +ensures(HasType($result.main$3.5$1$, INT4_name)); +{ + +var a : int; +var b : int; +var c : int; + +c := LIFT (b < a) ; +assert (c != 0 <==> b < a); + + +} + diff --git a/Test/z3api/boog28.bpl b/Test/z3api/boog28.bpl index ab7f4ad2..d59d3630 100644 --- a/Test/z3api/boog28.bpl +++ b/Test/z3api/boog28.bpl @@ -1,17 +1,17 @@ -type ref;
-
-function LIFT(x:bool) returns (int);
-axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0);
-
-procedure main ( )
-
-{
-var a : int;
-var b : int;
-var c : int;
-
-c := LIFT (b == a) ;
-assert (c != 0 <==> b == a);
-
-}
-
+type ref; + +function LIFT(x:bool) returns (int); +axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0); + +procedure main ( ) + +{ +var a : int; +var b : int; +var c : int; + +c := LIFT (b == a) ; +assert (c != 0 <==> b == a); + +} + diff --git a/Test/z3api/boog29.bpl b/Test/z3api/boog29.bpl index 035e69fd..3320e0a8 100644 --- a/Test/z3api/boog29.bpl +++ b/Test/z3api/boog29.bpl @@ -1,20 +1,20 @@ -type ref;
-
-function LIFT(x:bool) returns (int);
-axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0);
-
-procedure main ( )
-
-{
-var c: int;
-c := LIFT(false);
-assert (c==0);
-
-c := LIFT(true);
-assert (c!=0);
-/*
-c := LIFT(1==5);
-assert (c==0);
-*/
-}
-
+type ref; + +function LIFT(x:bool) returns (int); +axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0); + +procedure main ( ) + +{ +var c: int; +c := LIFT(false); +assert (c==0); + +c := LIFT(true); +assert (c!=0); +/* +c := LIFT(1==5); +assert (c==0); +*/ +} + diff --git a/Test/z3api/boog3.bpl b/Test/z3api/boog3.bpl index 207ddbd0..48fae4a4 100644 --- a/Test/z3api/boog3.bpl +++ b/Test/z3api/boog3.bpl @@ -1,8 +1,8 @@ -type ref;
-type Wicket;
-
-procedure Dummy();
-implementation Dummy() {
- var x: Wicket;
- assert (x!=x);
+type ref; +type Wicket; + +procedure Dummy(); +implementation Dummy() { + var x: Wicket; + assert (x!=x); }
\ No newline at end of file diff --git a/Test/z3api/boog30.bpl b/Test/z3api/boog30.bpl index 81e04f20..d26c617c 100644 --- a/Test/z3api/boog30.bpl +++ b/Test/z3api/boog30.bpl @@ -1,14 +1,14 @@ -type ref;
-
-function LIFT(x:bool) returns (int);
-axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0);
-
-procedure main ( )
-
-{
-var c: int;
-
-c := LIFT(1==5);
-assert (c==0);
-}
-
+type ref; + +function LIFT(x:bool) returns (int); +axiom(forall x:bool :: {LIFT(x)} x <==> LIFT(x) != 0); + +procedure main ( ) + +{ +var c: int; + +c := LIFT(1==5); +assert (c==0); +} + diff --git a/Test/z3api/boog31.bpl b/Test/z3api/boog31.bpl index 86386a90..ca195c74 100644 --- a/Test/z3api/boog31.bpl +++ b/Test/z3api/boog31.bpl @@ -1,15 +1,15 @@ -type ref;
-
-const b1:bool;
-const b2:bool;
-const b3:bool;
-
-axiom (b1==true && b2==false && b3==true);
-
-procedure main ( )
-
-{
-var c: int;
-assert (c==0);
-}
-
+type ref; + +const b1:bool; +const b2:bool; +const b3:bool; + +axiom (b1==true && b2==false && b3==true); + +procedure main ( ) + +{ +var c: int; +assert (c==0); +} + diff --git a/Test/z3api/boog34.bpl b/Test/z3api/boog34.bpl index 88a587aa..f04bc46f 100644 --- a/Test/z3api/boog34.bpl +++ b/Test/z3api/boog34.bpl @@ -1,11 +1,11 @@ -type ref;
-
-function Rep(int, int) returns (int);
-axiom(forall n:int, x:int :: {Rep(n,x)}
- (exists k:int :: Rep(n,x) - x == n*k));
-
-procedure main(x:int)
-{
-assert((Rep(0,x)==x));
-return;
+type ref; + +function Rep(int, int) returns (int); +axiom(forall n:int, x:int :: {Rep(n,x)} + (exists k:int :: Rep(n,x) - x == n*k)); + +procedure main(x:int) +{ +assert((Rep(0,x)==x)); +return; }
\ No newline at end of file diff --git a/Test/z3api/boog35.bpl b/Test/z3api/boog35.bpl index beae0c74..8b442ea3 100644 --- a/Test/z3api/boog35.bpl +++ b/Test/z3api/boog35.bpl @@ -1,17 +1,17 @@ -procedure foo1(x: int, y: int)
-{
- var a: [int][int]int;
-
- a[x][y] := 42;
-
- assert a[x][y] == 42;
-}
-
-procedure foo2(x: int, y: int)
-{
- var a: [int][int]int;
-
- a[x][y] := 42;
-
- assert a[x][y] == 43;
+procedure foo1(x: int, y: int) +{ + var a: [int][int]int; + + a[x][y] := 42; + + assert a[x][y] == 42; +} + +procedure foo2(x: int, y: int) +{ + var a: [int][int]int; + + a[x][y] := 42; + + assert a[x][y] == 43; }
\ No newline at end of file diff --git a/Test/z3api/boog4.bpl b/Test/z3api/boog4.bpl index 95ec7011..ffb46f68 100644 --- a/Test/z3api/boog4.bpl +++ b/Test/z3api/boog4.bpl @@ -1,43 +1,43 @@ -type ref;
-type Wicket;
-
-const w: Wicket;
-const myBool: bool;
-const v: Wicket;
-
-var favorite: Wicket;
-
-function age(Wicket) returns (int);
-
-axiom age(w)==7;
-axiom 7 < 8;
-axiom 7 <= 8;
-
-axiom 8 > 7;
-axiom 8 >= 7;
-axiom 6 != 7;
-axiom 7+1==8;
-axiom 8-1==7;
-axiom 7/1==7;
-axiom 7%2==1;
-axiom 4*2==8;
-axiom ((7==7) || (8==8));
-axiom ((7==7) ==> (7<8));
-axiom ((7==7) <==> (10==10));
-axiom ((7==7) && (8==8));
-
-axiom 7!=7;
-
-
-procedure NewFavorite(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation NewFavorite(l: Wicket) {
- favorite:=l;
-}
-
-
-
+type ref; +type Wicket; + +const w: Wicket; +const myBool: bool; +const v: Wicket; + +var favorite: Wicket; + +function age(Wicket) returns (int); + +axiom age(w)==7; +axiom 7 < 8; +axiom 7 <= 8; + +axiom 8 > 7; +axiom 8 >= 7; +axiom 6 != 7; +axiom 7+1==8; +axiom 8-1==7; +axiom 7/1==7; +axiom 7%2==1; +axiom 4*2==8; +axiom ((7==7) || (8==8)); +axiom ((7==7) ==> (7<8)); +axiom ((7==7) <==> (10==10)); +axiom ((7==7) && (8==8)); + +axiom 7!=7; + + +procedure NewFavorite(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation NewFavorite(l: Wicket) { + favorite:=l; +} + + + diff --git a/Test/z3api/boog5.bpl b/Test/z3api/boog5.bpl index 4b76fd22..fc81d266 100644 --- a/Test/z3api/boog5.bpl +++ b/Test/z3api/boog5.bpl @@ -1,43 +1,43 @@ -type ref;
-// types
-type Wicket;
-
-// consts
-const w: Wicket;
-const myBool: bool;
-const v: Wicket;
-const u: Wicket;
-const x: Wicket;
-
-
-// vars
-var favorite: Wicket;
-
-// functions
-function age(Wicket) returns (int);
-
-// axioms
-axiom age(w)==6;
-axiom age(u)==5;
-axiom age(x)==4;
-
-
-// procedure
-procedure SetToSeven(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: Wicket) {
- if (age(w)==7) {
- favorite:=l;
- } else {
- favorite:=v;
- }
-
-
-}
-
-
-
+type ref; +// types +type Wicket; + +// consts +const w: Wicket; +const myBool: bool; +const v: Wicket; +const u: Wicket; +const x: Wicket; + + +// vars +var favorite: Wicket; + +// functions +function age(Wicket) returns (int); + +// axioms +axiom age(w)==6; +axiom age(u)==5; +axiom age(x)==4; + + +// procedure +procedure SetToSeven(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: Wicket) { + if (age(w)==7) { + favorite:=l; + } else { + favorite:=v; + } + + +} + + + diff --git a/Test/z3api/boog6.bpl b/Test/z3api/boog6.bpl index f6c3c23f..05a63440 100644 --- a/Test/z3api/boog6.bpl +++ b/Test/z3api/boog6.bpl @@ -1,24 +1,24 @@ -type ref;
-// types
-type Wicket;
-
-// consts
-var favorite: Wicket;
-
-// axioms
-const b: bool;
-axiom b==true;
-
-// procedure
-procedure SetToSeven(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: Wicket) {
- favorite:=l;
-}
-
-
-
+type ref; +// types +type Wicket; + +// consts +var favorite: Wicket; + +// axioms +const b: bool; +axiom b==true; + +// procedure +procedure SetToSeven(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: Wicket) { + favorite:=l; +} + + + diff --git a/Test/z3api/boog7.bpl b/Test/z3api/boog7.bpl index 78e5e3e6..abe0b17a 100644 --- a/Test/z3api/boog7.bpl +++ b/Test/z3api/boog7.bpl @@ -1,21 +1,21 @@ -type ref;
-// consts
-const w: int;
-
-
-// vars
-var favorite: int;
-
-// procedure
-procedure SetToSeven(p: int);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: int) {
- favorite:=w;
-}
-
-
-
+type ref; +// consts +const w: int; + + +// vars +var favorite: int; + +// procedure +procedure SetToSeven(p: int); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: int) { + favorite:=w; +} + + + diff --git a/Test/z3api/boog8.bpl b/Test/z3api/boog8.bpl index 121f27cf..f027e9f6 100644 --- a/Test/z3api/boog8.bpl +++ b/Test/z3api/boog8.bpl @@ -1,26 +1,26 @@ -type ref;
-// types
-type Wicket;
-var favorite: Wicket;
-
-
-const myBv: bv5;
-axiom myBv==1bv2++2bv3;
-
-const myBool: bool;
-axiom myBool==true;
-
-
-// procedure
-procedure SetToSeven(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: Wicket) {
- favorite:=favorite;
-}
-
-
-
+type ref; +// types +type Wicket; +var favorite: Wicket; + + +const myBv: bv5; +axiom myBv==1bv2++2bv3; + +const myBool: bool; +axiom myBool==true; + + +// procedure +procedure SetToSeven(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: Wicket) { + favorite:=favorite; +} + + + diff --git a/Test/z3api/boog9.bpl b/Test/z3api/boog9.bpl index 3bd6ff63..7ba21eb3 100644 --- a/Test/z3api/boog9.bpl +++ b/Test/z3api/boog9.bpl @@ -1,23 +1,23 @@ -type ref;
-// types
-type Wicket;
-var favorite: Wicket;
-
-function age(w:Wicket) returns (int);
-axiom (forall v:Wicket :: age(v)==7);
-axiom (exists v:Wicket :: age(v)<8);
-
-
-// procedure
-procedure SetToSeven(p: Wicket);
- modifies favorite
-;
-
- ensures favorite==p;
-
-implementation SetToSeven(l: Wicket) {
- favorite:=favorite;
-}
-
-
-
+type ref; +// types +type Wicket; +var favorite: Wicket; + +function age(w:Wicket) returns (int); +axiom (forall v:Wicket :: age(v)==7); +axiom (exists v:Wicket :: age(v)<8); + + +// procedure +procedure SetToSeven(p: Wicket); + modifies favorite +; + + ensures favorite==p; + +implementation SetToSeven(l: Wicket) { + favorite:=favorite; +} + + + diff --git a/Test/z3api/runtest.bat b/Test/z3api/runtest.bat index 6645667e..d74d3444 100644 --- a/Test/z3api/runtest.bat +++ b/Test/z3api/runtest.bat @@ -1,16 +1,16 @@ -@echo off
-setlocal
-
-set BGEXE=..\..\Binaries\Boogie.exe
-
-for %%f in (boog0.bpl boog1.bpl boog2.bpl boog3.bpl boog4.bpl boog5.bpl boog6.bpl boog7.bpl boog8.bpl boog9.bpl boog10.bpl boog11.bpl boog12.bpl boog13.bpl boog14.bpl boog15.bpl boog16.bpl boog17.bpl boog18.bpl boog19.bpl boog20.bpl boog21.bpl boog22.bpl boog23.bpl boog24.bpl boog25.bpl boog28.bpl boog29.bpl boog30.bpl boog31.bpl boog34.bpl boog35.bpl) do (
- echo.
- echo -------------------- %%f --------------------
- %BGEXE% %* /nologo /typeEncoding:m /prover:z3api %%f
-)
-
-for %%f in (bar1.bpl bar2.bpl bar3.bpl bar4.bpl bar6.bpl) do (
- echo.
- echo -------------------- %%f --------------------
- %BGEXE% %* /nologo /noinfer /stratifiedInline:1 /prover:z3api %%f
+@echo off +setlocal + +set BGEXE=..\..\Binaries\Boogie.exe + +for %%f in (boog0.bpl boog1.bpl boog2.bpl boog3.bpl boog4.bpl boog5.bpl boog6.bpl boog7.bpl boog8.bpl boog9.bpl boog10.bpl boog11.bpl boog12.bpl boog13.bpl boog14.bpl boog15.bpl boog16.bpl boog17.bpl boog18.bpl boog19.bpl boog20.bpl boog21.bpl boog22.bpl boog23.bpl boog24.bpl boog25.bpl boog28.bpl boog29.bpl boog30.bpl boog31.bpl boog34.bpl boog35.bpl) do ( + echo. + echo -------------------- %%f -------------------- + %BGEXE% %* /nologo /typeEncoding:m /prover:z3api %%f +) + +for %%f in (bar1.bpl bar2.bpl bar3.bpl bar4.bpl bar6.bpl) do ( + echo. + echo -------------------- %%f -------------------- + %BGEXE% %* /nologo /noinfer /stratifiedInline:1 /prover:z3api %%f )
\ No newline at end of file |