From 0f5533a8679a6b0e68cc587582dae8ea49701526 Mon Sep 17 00:00:00 2001 From: Valentin Wüstholz Date: Wed, 29 Apr 2015 10:47:24 +0200 Subject: Add support for 'verified_under' attributes on procedure calls and invariants. --- Test/test2/CallVerifiedUnder0.bpl | 42 +++++++++++++++++++++ Test/test2/CallVerifiedUnder0.bpl.expect | 14 +++++++ Test/test2/InvariantVerifiedUnder0.bpl | 54 +++++++++++++++++++++++++++ Test/test2/InvariantVerifiedUnder0.bpl.expect | 23 ++++++++++++ 4 files changed, 133 insertions(+) create mode 100644 Test/test2/CallVerifiedUnder0.bpl create mode 100644 Test/test2/CallVerifiedUnder0.bpl.expect create mode 100644 Test/test2/InvariantVerifiedUnder0.bpl create mode 100644 Test/test2/InvariantVerifiedUnder0.bpl.expect (limited to 'Test/test2') diff --git a/Test/test2/CallVerifiedUnder0.bpl b/Test/test2/CallVerifiedUnder0.bpl new file mode 100644 index 00000000..9ac9dec7 --- /dev/null +++ b/Test/test2/CallVerifiedUnder0.bpl @@ -0,0 +1,42 @@ +// RUN: %boogie -noinfer "%s" > "%t" +// RUN: %diff "%s.expect" "%t" + +procedure A(P: bool); + requires P; + +procedure Test0() +{ + call {:verified_under false} A(false); // error +} + + +procedure Test1() +{ + call {:verified_under true} A(false); +} + + +procedure Test2(P: bool, A: bool) +{ + call {:verified_under A} A(P); // error +} + + +procedure Test3(P: bool, A: bool) + requires !A ==> P; +{ + call {:verified_under A} A(P); +} + + +procedure Test4(P: bool, A: bool) +{ + call {:verified_under A} {:verified_under true} A(P); // error +} + + +procedure Test5(P: bool, A: bool) + requires !A ==> P; +{ + call {:verified_under A} {:verified_under true} A(P); +} diff --git a/Test/test2/CallVerifiedUnder0.bpl.expect b/Test/test2/CallVerifiedUnder0.bpl.expect new file mode 100644 index 00000000..5d407874 --- /dev/null +++ b/Test/test2/CallVerifiedUnder0.bpl.expect @@ -0,0 +1,14 @@ +CallVerifiedUnder0.bpl(9,5): Error BP5002: A precondition for this call might not hold. +CallVerifiedUnder0.bpl(5,3): Related location: This is the precondition that might not hold. +Execution trace: + CallVerifiedUnder0.bpl(9,5): anon0 +CallVerifiedUnder0.bpl(21,5): Error BP5002: A precondition for this call might not hold. +CallVerifiedUnder0.bpl(5,3): Related location: This is the precondition that might not hold. +Execution trace: + CallVerifiedUnder0.bpl(21,5): anon0 +CallVerifiedUnder0.bpl(34,5): Error BP5002: A precondition for this call might not hold. +CallVerifiedUnder0.bpl(5,3): Related location: This is the precondition that might not hold. +Execution trace: + CallVerifiedUnder0.bpl(34,5): anon0 + +Boogie program verifier finished with 3 verified, 3 errors diff --git a/Test/test2/InvariantVerifiedUnder0.bpl b/Test/test2/InvariantVerifiedUnder0.bpl new file mode 100644 index 00000000..6cade5a5 --- /dev/null +++ b/Test/test2/InvariantVerifiedUnder0.bpl @@ -0,0 +1,54 @@ +// RUN: %boogie -noinfer "%s" > "%t" +// RUN: %diff "%s.expect" "%t" + +procedure Test0() +{ + while (*) + invariant {:verified_under false} false; // error + {} +} + + +procedure Test1() +{ + while (*) + invariant {:verified_under true} false; + {} +} + + +procedure Test2(P: bool, Q: bool, A: bool) +{ + while (*) + invariant {:verified_under A} P; // error + invariant {:verified_under A} Q; // error + {} +} + + +procedure Test3(P: bool, Q: bool, A: bool) + requires !A ==> P; +{ + while (*) + invariant {:verified_under A} P; + invariant {:verified_under A} Q; // error + {} +} + +procedure Test4(P: bool, Q: bool, A: bool) +{ + while (*) + invariant {:verified_under A} {:verified_under true} P; // error + invariant {:verified_under A} {:verified_under true} Q; // error + {} +} + + +procedure Test5(P: bool, Q: bool, A: bool) + requires !A ==> Q; +{ + while (*) + invariant {:verified_under A} {:verified_under true} P; // error + invariant {:verified_under A} {:verified_under true} Q; + {} +} diff --git a/Test/test2/InvariantVerifiedUnder0.bpl.expect b/Test/test2/InvariantVerifiedUnder0.bpl.expect new file mode 100644 index 00000000..171a6760 --- /dev/null +++ b/Test/test2/InvariantVerifiedUnder0.bpl.expect @@ -0,0 +1,23 @@ +InvariantVerifiedUnder0.bpl(7,7): Error BP5001: This assertion might not hold. +Execution trace: + InvariantVerifiedUnder0.bpl(6,5): anon0 +InvariantVerifiedUnder0.bpl(23,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(22,5): anon0 +InvariantVerifiedUnder0.bpl(24,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(22,5): anon0 +InvariantVerifiedUnder0.bpl(34,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(32,5): anon0 +InvariantVerifiedUnder0.bpl(41,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(40,5): anon0 +InvariantVerifiedUnder0.bpl(42,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(40,5): anon0 +InvariantVerifiedUnder0.bpl(51,7): Error BP5004: This loop invariant might not hold on entry. +Execution trace: + InvariantVerifiedUnder0.bpl(50,5): anon0 + +Boogie program verifier finished with 1 verified, 7 errors -- cgit v1.2.3