├── analyzer ├── python │ └── ikos │ │ └── __init__.py └── test │ └── regression │ ├── uva │ ├── test-27-error.c │ ├── test-26-error.cpp │ ├── test-16-error.c │ ├── test-24-error.cpp │ ├── test-15-error.c │ ├── test-31-error.cpp │ ├── test-25-warning.c │ ├── test-33-error.cpp │ ├── test-37-error.cpp │ ├── test-22-error.c │ ├── test-2-error-1.c │ ├── test-19-error.c │ ├── test-38-safe.cpp │ ├── test-30-safe.c │ ├── test-2-safe.c │ ├── test-17-error.c │ ├── test-18-error.c │ ├── test-1-safe.c │ ├── test-34-safe.cpp │ ├── test-32-error.cpp │ ├── test-39-error.cpp │ ├── test-1-error.c │ ├── test-36-error.cpp │ ├── test-35-safe.cpp │ ├── test-23-warning.c │ ├── test-8-safe.c │ ├── test-21-safe.cpp │ ├── test-28-error.cpp │ ├── test-14-safe.c │ ├── test-20-safe.c │ ├── test-29-safe.cpp │ ├── test-8-warning.c │ └── test-2-error-2.c │ ├── uma │ ├── test-4-error-1.c │ ├── test-4-error-2.c │ ├── test-10-safe.c │ ├── test-3-safe.c │ ├── test-13-error.c │ ├── test-3-error.c │ ├── test-13-safe.c │ ├── test-11-safe.c │ ├── test-12-safe.c │ ├── test-7-safe.c │ └── test-20-safe.c │ ├── null │ ├── test-6-unsafe.c │ ├── test-9-unsafe.c │ ├── test-3-unsafe.c │ ├── test-3.c │ ├── test-7-unsafe.c │ ├── test-8-unsafe.c │ ├── test-4.c │ ├── test-5.c │ ├── test-1.c │ ├── test-2.c │ ├── test-4-unsafe-1.c │ ├── test-5-unsafe-1.c │ ├── test-4-unsafe-2.c │ └── test-5-unsafe-2.c │ ├── boa │ ├── test-56.cpp │ ├── test-28.c │ ├── test-66.c │ ├── test-60.c │ ├── test-63.c │ ├── test-49.c │ ├── test-50.c │ ├── test-49-unsafe-2.c │ ├── test-53.c │ ├── test-55.cpp │ ├── test-48.c │ ├── test-49-unsafe-1.c │ ├── test-50-unsafe.c │ ├── test-52.c │ ├── test-58.c │ ├── test-25.c │ ├── test-30-use-after-free.c │ ├── test-48-unsafe-1.c │ ├── test-48-unsafe-2.c │ ├── test-54.c │ ├── test-59.c │ ├── test-59-unsafe.c │ ├── test-65.c │ ├── test-2-unsafe.c │ ├── test-14.c │ ├── test-2.c │ ├── test-26-volatile-safe.c │ ├── test-46.c │ ├── test-64.c │ ├── test-57.c │ ├── test-16.c │ ├── test-26-volatile-unsafe.c │ ├── test-57-unsafe.c │ ├── test-46-unsafe.c │ ├── test-45.c │ ├── test-22-safe.c │ ├── test-43.c │ ├── test-29.c │ ├── test-45-unsafe.c │ ├── test-67.c │ ├── test-15.c │ ├── test-22-unsafe.c │ ├── test-31-use-after-free.c │ ├── test-10.c │ ├── test-68.c │ ├── test-1-unsafe.c │ ├── test-47.cpp │ ├── test-24-safe.c │ ├── test-10-unsafe.c │ ├── test-38-argv.c │ ├── test-47-unsafe.cpp │ ├── test-4.c │ ├── test-4-unsafe-1.c │ ├── test-4-unsafe-2.c │ ├── test-3.c │ ├── test-3-unsafe.c │ ├── test-44.c │ ├── test-21.c │ ├── test-5.c │ ├── astree-ex.c │ ├── test-62.c │ ├── test-70.c │ ├── test-9a.c │ ├── test-9b.c │ ├── test-11.c │ ├── test-5-unsafe-1.c │ ├── test-5-unsafe-2.c │ ├── test-5-unsafe-3.c │ ├── test-5-unsafe-4.c │ ├── test-11-unsafe.c │ ├── test-6.c │ ├── test-1.c │ ├── test-32-use-after-return.c │ ├── test-9a-unsafe.c │ ├── test-9b-unsafe.c │ ├── test-6-unsafe.c │ ├── test-8.c │ ├── test-23-safe.c │ ├── test-23-unsafe-1.c │ ├── test-17-simpler.c │ ├── test-8-unsafe.c │ ├── test-23-unsafe-3.c │ ├── test-23-unsafe-2.c │ ├── test-18.c │ ├── test-44-unsafe.c │ ├── test-18-unsafe.c │ ├── test-69.c │ └── test-42.c │ ├── sound │ ├── test-store.c │ ├── test-call-side-effect.c │ ├── test-free.c │ ├── test-memset.c │ ├── test-memcpy.c │ ├── test-memmove.c │ └── test-recursive.c │ ├── dfa │ ├── test-3-delete.cpp │ ├── test-5-delete-array.cpp │ ├── test-1-error.c │ ├── test-4-safe.c │ └── test-2-warnings.c │ ├── runalltests │ ├── sio │ ├── test-6-warning.c │ ├── test-5-div-unsafe.c │ ├── test-7-rem.c │ ├── test-3-warnings.c │ ├── test-1-overflow-unsafe.c │ ├── test-2-underflow-unsafe.c │ └── test-4-safe.c │ ├── prover │ ├── test-14.c │ ├── test-24.c │ ├── asian06-ex2.c │ ├── astree-1.c │ ├── test-2.c │ ├── test-3.c │ ├── test-25.c │ ├── test-15.cpp │ ├── 48-volatile-safe.c │ ├── test-18.c │ ├── 48-volatile-unsafe.c │ ├── loop-9.c │ ├── test-12.c │ ├── 11.c │ ├── test-20.c │ ├── test-19.c │ ├── 30.c │ ├── loop-3.c │ ├── 24.c │ ├── 01.c │ ├── loop-1.c │ ├── loop-2.c │ ├── 04.c │ ├── 05.c │ ├── 28.c │ ├── 35.c │ ├── loop-10.c │ ├── 10.c │ ├── 22.c │ ├── astree-2a.c │ ├── 02.c │ ├── astree-2c.c │ ├── 46.c │ ├── astree-2b.c │ ├── 17.c │ ├── loop-4.c │ ├── test-10.c │ ├── test-17.c │ ├── 38.c │ ├── test-9.c │ ├── 06.c │ ├── 18.c │ ├── 23.c │ ├── 34.c │ ├── 43.c │ ├── 26.c │ ├── test-23.c │ ├── 32.c │ ├── 25.c │ ├── test-22-exceptions.cpp │ ├── 14.c │ ├── test-11.c │ ├── 03.c │ ├── 27.c │ ├── 16.c │ ├── 13.c │ ├── 15.c │ ├── test-1.c │ ├── test-21-exceptions.cpp │ ├── 29.c │ ├── test-5.cpp │ ├── test-8.cpp │ ├── 37.c │ ├── test-16.c │ ├── 08.c │ ├── 40.c │ ├── 44.c │ ├── 42.c │ ├── test-7.cpp │ ├── 07.c │ ├── 12.c │ ├── 19.c │ ├── test-6.cpp │ └── 41.c │ ├── pcmp │ └── test-1-unsafe.c │ ├── poa │ ├── test-3-undefined.c │ ├── test-1-unsafe.c │ └── test-2-warnings.c │ ├── dbz │ ├── test-2-safe.c │ ├── test-1-unsafe.c │ ├── test-4-unsafe.c │ └── test-3-unsafe.c │ ├── shc │ ├── test-5-safe.c │ ├── test-2-warnings.c │ ├── test-4-unsigned.c │ ├── test-1-negative.c │ └── test-3-oversized.c │ ├── mem │ ├── test-1-safe.c │ ├── test-1-unsafe.c │ ├── test-32-safe.c │ ├── test-11.c │ ├── test-21.c │ ├── test-14c.c │ ├── test-29-safe.c │ ├── test-30-safe.c │ ├── test-29-unsafe-1.c │ ├── test-29-unsafe-2.c │ ├── test-2-safe.c │ ├── test-31-safe.c │ ├── test-2-unsafe.c │ ├── test-25.c │ ├── test-0-unsafe.c │ ├── astree.c │ ├── test-5-safe.c │ ├── test-3-safe.c │ ├── test-4-safe.c │ ├── test-6-safe.c │ ├── test-0-safe.c │ ├── test-10-unsafe.c │ ├── test-14a.c │ ├── test-9-unsafe.c │ ├── test-5-unsafe.c │ ├── test-8-safe.c │ ├── test-3-unsafe.c │ ├── test-9-safe.c │ ├── test-20.c │ ├── test-30-unsafe.c │ ├── test-26a-unsafe.c │ ├── test-23.c │ ├── test-26a-safe.c │ ├── test-10-safe.c │ ├── test-15-safe.c │ ├── test-26c.c │ └── test-15-unsafe.c │ ├── upa │ ├── test-5-unsafe.c │ ├── test-6.c │ ├── test-4.c │ ├── test-4-unsafe.c │ ├── test-7-unsafe.c │ └── test-1.c │ ├── uio │ ├── test-1-overflow-unsafe.c │ └── test-2-safe.c │ └── fca │ └── test-2-error.c ├── LICENSE.pdf ├── test └── install │ └── logs │ └── .gitignore ├── frontend └── llvm │ └── test │ └── regression │ └── import │ ├── basic_optimization │ ├── array-init.cpp │ ├── empty-array-3.c │ ├── branch-undef.c │ ├── bitwise-op.c │ ├── noexcept.cpp │ ├── bit-field-2.c │ ├── thread-local.cpp │ ├── bool.cpp │ ├── empty-array-1.c │ ├── empty-array-2.c │ ├── atomic.c │ ├── empty-function-body.c │ ├── ptr-to-int.c │ ├── undef.c │ ├── nullptr.cpp │ ├── complex.c │ ├── call-args.c │ ├── reference.cpp │ ├── non-term-2.c │ ├── union.c │ ├── bitwise-cond-1.c │ ├── vector-4.c │ ├── vector-3.c │ ├── vector-1.c │ ├── vector-2.c │ ├── flexible-array-member.c │ ├── phi-1.c │ ├── basic-loop.c │ ├── linked-list.c │ ├── non-term-1.c │ ├── bitwise-cond-2.c │ ├── bit-field-1.c │ ├── opaque-struct.c │ ├── nested-struct.c │ ├── shufflevector.c │ ├── asm.c │ ├── phi-4.cpp │ ├── local-array-1.c │ ├── vla.c │ ├── mem-intrinsics.c │ ├── select.cpp │ ├── pod-types.c │ ├── bool-op-select.cpp │ ├── file-intrinsics.c │ ├── struct-parameters.c │ ├── aggregate-in-reg-2.cpp │ ├── gv-init.c │ ├── multiple-inheritance.cpp │ ├── pointer-arithmetic.cpp │ ├── aggregate-in-reg-1.cpp │ ├── local-array-2.c │ ├── constructors.cpp │ └── virtual-inheritance.cpp │ ├── no_optimization │ ├── array-init.cpp │ ├── branch-undef.c │ ├── empty-array-3.c │ ├── bitwise-op.c │ ├── noexcept.cpp │ ├── bit-field-2.c │ ├── empty-array-1.c │ ├── thread-local.cpp │ ├── bool.cpp │ ├── atomic.c │ ├── empty-array-2.c │ ├── empty-function-body.c │ ├── ptr-to-int.c │ ├── undef.c │ ├── nullptr.cpp │ ├── complex.c │ ├── call-args.c │ ├── non-term-2.c │ ├── reference.cpp │ ├── union.c │ ├── bitwise-cond-1.c │ ├── vector-4.c │ ├── vector-1.c │ ├── vector-2.c │ ├── vector-3.c │ ├── flexible-array-member.c │ ├── phi-1.c │ ├── basic-loop.c │ ├── linked-list.c │ ├── non-term-1.c │ ├── bitwise-cond-2.c │ ├── bit-field-1.c │ ├── opaque-struct.c │ ├── nested-struct.c │ ├── shufflevector.c │ ├── asm.c │ ├── phi-4.cpp │ ├── local-array-1.c │ ├── vla.c │ ├── mem-intrinsics.c │ ├── pod-types.c │ ├── select.cpp │ ├── bool-op-select.cpp │ ├── file-intrinsics.c │ ├── struct-parameters.c │ ├── aggregate-in-reg-2.cpp │ ├── gv-init.c │ ├── multiple-inheritance.cpp │ ├── pointer-arithmetic.cpp │ ├── aggregate-in-reg-1.cpp │ ├── local-array-2.c │ ├── constructors.cpp │ └── virtual-inheritance.cpp │ ├── aggressive_optimization │ ├── array-init.cpp │ ├── empty-array-3.c │ ├── branch-undef.c │ ├── bitwise-op.c │ ├── noexcept.cpp │ ├── bit-field-2.c │ ├── thread-local.cpp │ ├── bool.cpp │ ├── empty-array-1.c │ ├── empty-array-2.c │ ├── atomic.c │ ├── empty-function-body.c │ ├── ptr-to-int.c │ ├── undef.c │ ├── nullptr.cpp │ ├── complex.c │ ├── call-args.c │ ├── reference.cpp │ ├── non-term-2.c │ ├── union.c │ ├── bitwise-cond-1.c │ ├── vector-4.c │ ├── vector-3.c │ ├── vector-1.c │ ├── vector-2.c │ ├── flexible-array-member.c │ ├── phi-1.c │ ├── basic-loop.c │ ├── linked-list.c │ ├── non-term-1.c │ ├── bitwise-cond-2.c │ ├── bit-field-1.c │ ├── opaque-struct.c │ ├── nested-struct.c │ ├── shufflevector.c │ ├── asm.c │ ├── phi-4.cpp │ ├── local-array-1.c │ ├── vla.c │ ├── mem-intrinsics.c │ ├── select.cpp │ ├── pod-types.c │ ├── bool-op-select.cpp │ ├── file-intrinsics.c │ ├── struct-parameters.c │ ├── aggregate-in-reg-2.cpp │ ├── gv-init.c │ ├── multiple-inheritance.cpp │ ├── pointer-arithmetic.cpp │ ├── aggregate-in-reg-1.cpp │ ├── local-array-2.c │ ├── constructors.cpp │ └── virtual-inheritance.cpp │ └── fneg │ ├── test-1-float.c │ └── test-2-double.c ├── doc └── contribute │ ├── CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT.pdf │ └── INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT.pdf ├── CONTRIBUTORS.md ├── .gitignore └── .clang-format /analyzer/python/ikos/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /LICENSE.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NASA-SW-VnV/ikos/HEAD/LICENSE.pdf -------------------------------------------------------------------------------- /test/install/logs/.gitignore: -------------------------------------------------------------------------------- 1 | # ignore everything 2 | * 3 | 4 | # except .gitignore 5 | !.gitignore 6 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-27-error.c: -------------------------------------------------------------------------------- 1 | int main() 2 | { 3 | int* ivar; 4 | return *ivar; 5 | } 6 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-4-error-1.c: -------------------------------------------------------------------------------- 1 | int main(void) { 2 | int a[15]; 3 | return a[10]; // undefined 4 | } 5 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-6-unsafe.c: -------------------------------------------------------------------------------- 1 | int* p; // NULL 2 | 3 | int main() { 4 | *p = 0x42; 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/array-init.cpp: -------------------------------------------------------------------------------- 1 | struct i { 2 | unsigned j[16]; 3 | } k[]{{}, {2}}; 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/empty-array-3.c: -------------------------------------------------------------------------------- 1 | union { 2 | char a[0]; 3 | int b; 4 | } c = {}; 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/array-init.cpp: -------------------------------------------------------------------------------- 1 | struct i { 2 | unsigned j[16]; 3 | } k[]{{}, {2}}; 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/branch-undef.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | return main ? 0 % 0 ?: 1 : 2; 3 | } 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/empty-array-3.c: -------------------------------------------------------------------------------- 1 | union { 2 | char a[0]; 3 | int b; 4 | } c = {}; 5 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-26-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | int main() { 3 | int* p = new int; 4 | return *p; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/array-init.cpp: -------------------------------------------------------------------------------- 1 | struct i { 2 | unsigned j[16]; 3 | } k[]{{}, {2}}; 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/empty-array-3.c: -------------------------------------------------------------------------------- 1 | union { 2 | char a[0]; 3 | int b; 4 | } c = {}; 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/branch-undef.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | return main ? 0 % 0 ?: 1 : 2; 3 | } 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/fneg/test-1-float.c: -------------------------------------------------------------------------------- 1 | 2 | int main() { 3 | float y = 10.0F; 4 | return (int)(-y); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/fneg/test-2-double.c: -------------------------------------------------------------------------------- 1 | 2 | int main() { 3 | double y = 10.0F; 4 | return (int)(-y); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bitwise-op.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | int x = 3, y = 5; 3 | int z = x | y; 4 | } 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/branch-undef.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | return main ? 0 % 0 ?: 1 : 2; 3 | } 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bitwise-op.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | int x = 3, y = 5; 3 | int z = x | y; 4 | } 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/noexcept.cpp: -------------------------------------------------------------------------------- 1 | extern int f(); 2 | 3 | int g() noexcept { 4 | return f(); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bitwise-op.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | int x = 3, y = 5; 3 | int z = x | y; 4 | } 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/noexcept.cpp: -------------------------------------------------------------------------------- 1 | extern int f(); 2 | 3 | int g() noexcept { 4 | return f(); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bit-field-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | unsigned : 7; 3 | unsigned a; 4 | } b[6][1] = {{{}}}; 5 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-16-error.c: -------------------------------------------------------------------------------- 1 | int f(int* p) { 2 | return *p; 3 | } 4 | 5 | int main() { 6 | int* p; 7 | return f(p); 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/noexcept.cpp: -------------------------------------------------------------------------------- 1 | extern int f(); 2 | 3 | int g() noexcept { 4 | return f(); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bit-field-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | unsigned : 7; 3 | unsigned a; 4 | } b[6][1] = {{{}}}; 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/thread-local.cpp: -------------------------------------------------------------------------------- 1 | static thread_local int x; 2 | 3 | int main() { 4 | return x; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/empty-array-1.c: -------------------------------------------------------------------------------- 1 | struct { 2 | char a[0]; 3 | int* b; 4 | double c; 5 | } d = {{}, 1}; 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/thread-local.cpp: -------------------------------------------------------------------------------- 1 | static thread_local int x; 2 | 3 | int main() { 4 | return x; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bit-field-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | unsigned : 7; 3 | unsigned a; 4 | } b[6][1] = {{{}}}; 5 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/thread-local.cpp: -------------------------------------------------------------------------------- 1 | static thread_local int x; 2 | 3 | int main() { 4 | return x; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bool.cpp: -------------------------------------------------------------------------------- 1 | bool b = true; 2 | 3 | int f(bool i) {} 4 | 5 | int main() { 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/empty-array-1.c: -------------------------------------------------------------------------------- 1 | struct { 2 | char a[0]; 3 | int* b; 4 | double c; 5 | } d = {{}, 1}; 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bool.cpp: -------------------------------------------------------------------------------- 1 | bool b = true; 2 | 3 | int f(bool i) {} 4 | 5 | int main() { 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-4-error-2.c: -------------------------------------------------------------------------------- 1 | void bar(int* p) {} 2 | 3 | int main(void) { 4 | int x; 5 | bar(&x); 6 | return x; // undefined 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-24-error.cpp: -------------------------------------------------------------------------------- 1 | int main(int argc, char *argv[]) 2 | { 3 | int myray[2]; 4 | myray[1] = 5; 5 | return myray[0]; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bool.cpp: -------------------------------------------------------------------------------- 1 | bool b = true; 2 | 3 | int f(bool i) {} 4 | 5 | int main() { 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/empty-array-1.c: -------------------------------------------------------------------------------- 1 | struct { 2 | char a[0]; 3 | int* b; 4 | double c; 5 | } d = {{}, 1}; 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/empty-array-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | int a[0]; 3 | struct { 4 | int b; 5 | }; 6 | } c = {{}, 6}; 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/atomic.c: -------------------------------------------------------------------------------- 1 | _Atomic volatile unsigned x; 2 | 3 | int main() { 4 | x = 42; 5 | return (int)x; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/empty-array-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | int a[0]; 3 | struct { 4 | int b; 5 | }; 6 | } c = {{}, 6}; 7 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-56.cpp: -------------------------------------------------------------------------------- 1 | class a { 2 | long b; 3 | }; 4 | 5 | class c : virtual a {}; 6 | 7 | int main() { 8 | c d(d); 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-9-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char* p; // NULL 4 | 5 | int main() { 6 | memset(p, 0, 10); 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-store.c: -------------------------------------------------------------------------------- 1 | extern char* os_name(void); 2 | 3 | int main() { 4 | char* p = os_name(); 5 | *p = 'a'; 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/empty-array-2.c: -------------------------------------------------------------------------------- 1 | struct { 2 | int a[0]; 3 | struct { 4 | int b; 5 | }; 6 | } c = {{}, 6}; 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/atomic.c: -------------------------------------------------------------------------------- 1 | _Atomic volatile unsigned x; 2 | 3 | int main() { 4 | x = 42; 5 | return (int)x; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/empty-function-body.c: -------------------------------------------------------------------------------- 1 | void GEN2_w_test2_terminate(void) { 2 | /* (no terminate code required) */ 3 | } 4 | -------------------------------------------------------------------------------- /analyzer/test/regression/dfa/test-3-delete.cpp: -------------------------------------------------------------------------------- 1 | class Foo {}; 2 | 3 | int main() { 4 | Foo* a = new Foo(); 5 | Foo* b = a; 6 | delete a; 7 | delete b; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-3-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char* s = NULL; 6 | return strlen(s); 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-3.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | const char* s = "AAAA"; 6 | return strlen(s); 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-15-error.c: -------------------------------------------------------------------------------- 1 | void f(int* p) { 2 | *p = 0x42; 3 | } 4 | 5 | int main() { 6 | int* p; 7 | f(p); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /doc/contribute/CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NASA-SW-VnV/ikos/HEAD/doc/contribute/CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT.pdf -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/atomic.c: -------------------------------------------------------------------------------- 1 | _Atomic volatile unsigned x; 2 | 3 | int main() { 4 | x = 42; 5 | return (int)x; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/empty-function-body.c: -------------------------------------------------------------------------------- 1 | void GEN2_w_test2_terminate(void) { 2 | /* (no terminate code required) */ 3 | } 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/ptr-to-int.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 0; 5 | } 6 | 7 | uintptr_t x = (intptr_t)&f; 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/undef.c: -------------------------------------------------------------------------------- 1 | extern int flag; 2 | 3 | int main(int argc, char** argv) { 4 | int* v; 5 | return flag + *v; 6 | } 7 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-31-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | int main(int argc, char *argv[]) 3 | { 4 | bool* test1 = new bool; 5 | return (int)*test1; 6 | } 7 | -------------------------------------------------------------------------------- /doc/contribute/INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NASA-SW-VnV/ikos/HEAD/doc/contribute/INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT.pdf -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/empty-function-body.c: -------------------------------------------------------------------------------- 1 | void GEN2_w_test2_terminate(void) { 2 | /* (no terminate code required) */ 3 | } 4 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/ptr-to-int.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 0; 5 | } 6 | 7 | uintptr_t x = (intptr_t)&f; 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/undef.c: -------------------------------------------------------------------------------- 1 | extern int flag; 2 | 3 | int main(int argc, char** argv) { 4 | int* v; 5 | return flag + *v; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/nullptr.cpp: -------------------------------------------------------------------------------- 1 | int f(decltype(nullptr) x) { 2 | return 1; 3 | } 4 | 5 | int main() { 6 | return f(nullptr); 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-28.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define HWADDR_1 0x40 5 | 6 | int main() { 7 | (*(int*)HWADDR_1) = 0x41; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-25-warning.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char** argv) 2 | { 3 | int ivar; 4 | if(argc > 1) { 5 | ivar = 5; 6 | } 7 | return ivar; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/ptr-to-int.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 0; 5 | } 6 | 7 | uintptr_t x = (intptr_t)&f; 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/undef.c: -------------------------------------------------------------------------------- 1 | extern int flag; 2 | 3 | int main(int argc, char** argv) { 4 | int* v; 5 | return flag + *v; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/nullptr.cpp: -------------------------------------------------------------------------------- 1 | int f(decltype(nullptr) x) { 2 | return 1; 3 | } 4 | 5 | int main() { 6 | return f(nullptr); 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/complex.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | double complex c = 1.0 + 2.0 * I; 5 | return creal(c); 6 | } 7 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-66.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | unsigned int A[10]; 3 | unsigned int B[3]; 4 | if (B[2] < 10) { 5 | A[B[2]] = 1; 6 | } 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/nullptr.cpp: -------------------------------------------------------------------------------- 1 | int f(decltype(nullptr) x) { 2 | return 1; 3 | } 4 | 5 | int main() { 6 | return f(nullptr); 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/complex.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | double complex c = 1.0 + 2.0 * I; 5 | return creal(c); 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/complex.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | double complex c = 1.0 + 2.0 * I; 5 | return creal(c); 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/call-args.c: -------------------------------------------------------------------------------- 1 | int foo(int i) { 2 | return i + 1; 3 | } 4 | 5 | int main(int argc, char** argv) { 6 | return foo(argc); 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/call-args.c: -------------------------------------------------------------------------------- 1 | int foo(int i) { 2 | return i + 1; 3 | } 4 | 5 | int main(int argc, char** argv) { 6 | return foo(argc); 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-33-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | int main(int argc, char *argv[]) 3 | { 4 | std::shared_ptr test1 (new bool); 5 | return (int)*test1; 6 | } 7 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-37-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | int main(int argc, char *argv[]) 3 | { 4 | std::unique_ptr test1 (new bool); 5 | return (int)*test1; 6 | } 7 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/call-args.c: -------------------------------------------------------------------------------- 1 | int foo(int i) { 2 | return i + 1; 3 | } 4 | 5 | int main(int argc, char** argv) { 6 | return foo(argc); 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/reference.cpp: -------------------------------------------------------------------------------- 1 | void f(int& x) { 2 | x = 1; 3 | } 4 | 5 | int main() { 6 | int y = 0; 7 | f(y); 8 | return y; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/non-term-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | while (1) { 5 | printf("hello world\n"); 6 | } 7 | return 42; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/reference.cpp: -------------------------------------------------------------------------------- 1 | void f(int& x) { 2 | x = 1; 3 | } 4 | 5 | int main() { 6 | int y = 0; 7 | f(y); 8 | return y; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/union.c: -------------------------------------------------------------------------------- 1 | union my_union { 2 | int m_int; 3 | char* m_ptr; 4 | }; 5 | 6 | int main() { 7 | union my_union x = {.m_int = 1}; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-60.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | printf("hello world\n"); 6 | printf("errno = %d\n", errno); 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-7-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char* p; // NULL 4 | 5 | int main() { 6 | char tab[10]; 7 | memcpy(p, tab, 10); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-8-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char* p; // NULL 4 | 5 | int main() { 6 | char tab[10]; 7 | memcpy(tab, p, 10); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-22-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main() { 3 | int* p = (int*)malloc(sizeof(int)); 4 | if (!p) { 5 | return 0; 6 | } 7 | return *p + 5; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/reference.cpp: -------------------------------------------------------------------------------- 1 | void f(int& x) { 2 | x = 1; 3 | } 4 | 5 | int main() { 6 | int y = 0; 7 | f(y); 8 | return y; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/non-term-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | while (1) { 5 | printf("hello world\n"); 6 | } 7 | return 42; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/union.c: -------------------------------------------------------------------------------- 1 | union my_union { 2 | int m_int; 3 | char* m_ptr; 4 | }; 5 | 6 | int main() { 7 | union my_union x = {.m_int = 1}; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-call-side-effect.c: -------------------------------------------------------------------------------- 1 | extern char* os_name(void); 2 | extern int os_strlen(char*); 3 | 4 | int main() { 5 | char* p = os_name(); 6 | return os_strlen(p); 7 | } 8 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-free.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern char* os_name(void); 4 | 5 | int main() { 6 | char* p = os_name(); 7 | free(p); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-2-error-1.c: -------------------------------------------------------------------------------- 1 | // From http://blog.regehr.org/archives/519 2 | 3 | int main(void) { 4 | int y, z; 5 | for (y = 0; y < 5; y++) 6 | z++; 7 | return z; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/non-term-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | while (1) { 5 | printf("hello world\n"); 6 | } 7 | return 42; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/union.c: -------------------------------------------------------------------------------- 1 | union my_union { 2 | int m_int; 3 | char* m_ptr; 4 | }; 5 | 6 | int main() { 7 | union my_union x = {.m_int = 1}; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-63.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct S { 4 | char* p; 5 | char c; 6 | }; 7 | 8 | int main() { 9 | struct S s = {NULL, 'a'}; 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/dfa/test-5-delete-array.cpp: -------------------------------------------------------------------------------- 1 | class Foo {}; 2 | 3 | int main() { 4 | class Foo* a = new Foo[42]; 5 | class Foo* b = a; 6 | 7 | delete[] a; 8 | delete[] b; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-10-safe.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | double a[10]; 3 | int i; 4 | for (i = 0; i < 10; ++i) { 5 | a[i] = 1.0; 6 | } 7 | a[i] = 0.0; 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-19-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void f(int* p) { 4 | memset(p, 0, 10); 5 | } 6 | 7 | int main() { 8 | int* p; 9 | f(p); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-38-safe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | using namespace std; 3 | int main(int argc, char *argv[]) 4 | { 5 | auto test1 = make_unique(); 6 | return (int)*test1; 7 | } 8 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bitwise-cond-1.c: -------------------------------------------------------------------------------- 1 | int foo(int x, int y, int z) { 2 | int a = x - y; 3 | int b = (z == 0 && a) ? x + y : y + z; 4 | return (a > b) ? x : y; 5 | } 6 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-49.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[10]; 6 | const char* s2 = "AAAA"; 7 | strcpy(s1, s2); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-4.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[10]; 6 | const char* s2 = "AAAA"; 7 | strcpy(s1, s2); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-memset.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern char* os_name(void); 4 | 5 | int main() { 6 | char* p = os_name(); 7 | memset(p, 0, 7); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bitwise-cond-1.c: -------------------------------------------------------------------------------- 1 | int foo(int x, int y, int z) { 2 | int a = x - y; 3 | int b = (z == 0 && a) ? x + y : y + z; 4 | return (a > b) ? x : y; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/vector-4.c: -------------------------------------------------------------------------------- 1 | typedef long vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t f(vector_t x) { 4 | return __builtin_ia32_pshufd(x, 0); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/vector-4.c: -------------------------------------------------------------------------------- 1 | typedef long vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t f(vector_t x) { 4 | return __builtin_ia32_pshufd(x, 0); 5 | } 6 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-50.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[10] = "A"; 6 | const char* s2 = "BBBB"; 7 | strcat(s1, s2); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-memcpy.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern char* os_name(void); 4 | 5 | int main() { 6 | char* p = os_name(); 7 | memcpy(p, "Linux", 6); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-memmove.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern char* os_name(void); 4 | 5 | int main() { 6 | char* p = os_name(); 7 | memmove(p, "Linux", 6); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-30-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main() { 3 | char* p = malloc(sizeof(char)); 4 | if (!p) { 5 | return 5; 6 | } 7 | *p = 3; 8 | return (int)*p; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bitwise-cond-1.c: -------------------------------------------------------------------------------- 1 | int foo(int x, int y, int z) { 2 | int a = x - y; 3 | int b = (z == 0 && a) ? x + y : y + z; 4 | return (a > b) ? x : y; 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/vector-4.c: -------------------------------------------------------------------------------- 1 | typedef long vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t f(vector_t x) { 4 | return __builtin_ia32_pshufd(x, 0); 5 | } 6 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/vector-3.c: -------------------------------------------------------------------------------- 1 | typedef int vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/vector-1.c: -------------------------------------------------------------------------------- 1 | typedef float vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/vector-2.c: -------------------------------------------------------------------------------- 1 | typedef double vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a * b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/vector-3.c: -------------------------------------------------------------------------------- 1 | typedef int vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-49-unsafe-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[4]; 6 | const char* s2 = "AAAA"; 7 | strcpy(s1, s2); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-53.c: -------------------------------------------------------------------------------- 1 | static int* p; 2 | 3 | int main() { 4 | int A[10]; 5 | p = &A[0]; 6 | for (int i = 0; i < 10; i++) { 7 | *p = 0; 8 | p++; 9 | } 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-55.cpp: -------------------------------------------------------------------------------- 1 | struct MyStruct { 2 | bool is_down[3] = {}; 3 | }; 4 | 5 | int main(int argc, char* argv[]) { 6 | MyStruct s; 7 | s.is_down[2] = false; 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-5.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[9] = "AAAA"; 6 | const char* s2 = "BBBB"; 7 | strcat(s1, s2); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-2-safe.c: -------------------------------------------------------------------------------- 1 | // From http://blog.regehr.org/archives/519 2 | 3 | int main(void) { 4 | int y, z; 5 | z = 0; 6 | for (y = 0; y < 5; y++) 7 | z++; 8 | return z; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/vector-3.c: -------------------------------------------------------------------------------- 1 | typedef int vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/vector-1.c: -------------------------------------------------------------------------------- 1 | typedef float vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/vector-2.c: -------------------------------------------------------------------------------- 1 | typedef double vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a * b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/flexible-array-member.c: -------------------------------------------------------------------------------- 1 | struct line { 2 | int length; 3 | char contents[]; 4 | }; 5 | 6 | struct line l; 7 | 8 | int main() { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-48.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | const char* s = "AAAAA"; 6 | int i = strlen(s); 7 | printf("%d\n", (int)s[i]); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-49-unsafe-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[10]; 6 | const char* s2 = "AAAA"; 7 | strcpy(s1, &s2[5]); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-50-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char s1[10] = "A"; 6 | const char* s2 = "BBBB"; 7 | strcat(s1, &s2[5]); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-52.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | void foo(int** x) { 4 | x[3][2] = 5; 5 | } 6 | 7 | int main(int arg, char** argv) { 8 | int b[4][4]; 9 | foo(b); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-3-safe.c: -------------------------------------------------------------------------------- 1 | // From http://blog.regehr.org/archives/519 2 | 3 | int main(void) { 4 | int a[6], i; 5 | for (i = 0; i < 6; i++) { 6 | a[i] = 1; 7 | } 8 | return a[5]; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/vector-1.c: -------------------------------------------------------------------------------- 1 | typedef float vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a + b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/vector-2.c: -------------------------------------------------------------------------------- 1 | typedef double vector_t __attribute__((__vector_size__(16))); 2 | 3 | vector_t a, b, c; 4 | 5 | int main() { 6 | c = a * b; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/flexible-array-member.c: -------------------------------------------------------------------------------- 1 | struct line { 2 | int length; 3 | char contents[]; 4 | }; 5 | 6 | struct line l; 7 | 8 | int main() { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-58.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | char buffer[32]; 6 | strncpy(buffer, "hello", sizeof(buffer)); 7 | puts(buffer); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/runalltests: -------------------------------------------------------------------------------- 1 | #!/usr/bin/sh 2 | for d in `find -type d` 3 | do 4 | if test -x "$d/runtest" 5 | then 6 | echo "++++++++++++" 7 | echo $d 8 | $d/runtest 9 | fi 10 | echo "" 11 | done 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-13-error.c: -------------------------------------------------------------------------------- 1 | int* foo(int* x, int* y) { 2 | return x + *y; 3 | } 4 | 5 | int main() { 6 | int a[10]; 7 | int b = 5; 8 | 9 | int* z = foo(&a[0], &b); 10 | return *z; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-3-error.c: -------------------------------------------------------------------------------- 1 | // From http://blog.regehr.org/archives/519 2 | 3 | int main(void) { 4 | int a[6], i; 5 | for (i = 0; i < 5; i++) { 6 | a[i] = 1; 7 | } 8 | return a[5]; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-17-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void f(int* p) { 4 | char tab[10]; 5 | memcpy(p, tab, 105); 6 | } 7 | 8 | int main() { 9 | int* p; 10 | f(p); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-18-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void f(int* p) { 4 | char tab[10]; 5 | memcpy(tab, p, 105); 6 | } 7 | 8 | int main() { 9 | int* p; 10 | f(p); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/flexible-array-member.c: -------------------------------------------------------------------------------- 1 | struct line { 2 | int length; 3 | char contents[]; 4 | }; 5 | 6 | struct line l; 7 | 8 | int main() { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/phi-1.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-6-warning.c: -------------------------------------------------------------------------------- 1 | extern int __ikos_nondet_int(void); 2 | 3 | int main() { 4 | int x = __ikos_nondet_int(); 5 | if (x < 0) { 6 | return -x; 7 | } else { 8 | return 0; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/phi-1.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/basic-loop.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/linked-list.c: -------------------------------------------------------------------------------- 1 | struct node { 2 | int value; 3 | struct node* next; 4 | }; 5 | 6 | struct node head; 7 | 8 | int main(int argc, char** argv) { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-25.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int accelSample[3]; 5 | 6 | for (uint8_t axis = 0; axis < 3; axis++) { 7 | accelSample[axis] = 0; 8 | } 9 | 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-30-use-after-free.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int* p = calloc(10, sizeof(int)); 5 | if (p != NULL) { 6 | p[5] = 17; 7 | free(p); 8 | p[5] = 18; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-48-unsafe-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | const char* s = "AAAAA"; 6 | int i = strlen(s); 7 | printf("%d\n", (int)s[i + 1]); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-48-unsafe-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | const char* s = "AAAAA"; 6 | int i = strlen(&s[6]); 7 | printf("%d\n", (int)s[i]); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | int* foo(int* x, int* y) { 3 | return x + *y; 4 | } 5 | 6 | int main() { 7 | int a[10] = {0}; 8 | int b = 5; 9 | 10 | int* z = foo(&a[0], &b); 11 | return *z; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/phi-1.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/basic-loop.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/linked-list.c: -------------------------------------------------------------------------------- 1 | struct node { 2 | int value; 3 | struct node* next; 4 | }; 5 | 6 | struct node head; 7 | 8 | int main(int argc, char** argv) { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/non-term-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | while (1) { 6 | if (i == 0) 7 | exit(1); 8 | i++; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/non-term-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | while (1) { 6 | if (i == 0) 7 | exit(1); 8 | i++; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/basic-loop.c: -------------------------------------------------------------------------------- 1 | double a[10]; 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | for (i = 0; i < 10; i++) { 6 | a[i] = i * 0.88; 7 | } 8 | a[i] = i; 9 | } 10 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/linked-list.c: -------------------------------------------------------------------------------- 1 | struct node { 2 | int value; 3 | struct node* next; 4 | }; 5 | 6 | struct node head; 7 | 8 | int main(int argc, char** argv) { 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/non-term-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char** argv) { 4 | int i; 5 | while (1) { 6 | if (i == 0) 7 | exit(1); 8 | i++; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-54.c: -------------------------------------------------------------------------------- 1 | static int count = 10; 2 | 3 | int main() { 4 | int tab[10] = {0}; 5 | int i; 6 | for (i = 0; i < 10; i++) { 7 | count = count >> 1; 8 | tab[count] = 1; 9 | } 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-59.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_check_mem_access(const void* ptr, size_t size); 4 | 5 | int main() { 6 | char buffer[32]; 7 | __ikos_check_mem_access(buffer, 32); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-14.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int main() { 6 | uint64_t x = 0x200000001; 7 | uint32_t y = (uint32_t)(x); 8 | __ikos_assert(y == 1); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-24.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | struct { 4 | struct { 5 | int a; 6 | }; 7 | double b[]; 8 | } c = {{9}}; 9 | 10 | int main() { 11 | __ikos_assert(c.a == 9); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-1-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char** argv) { 4 | int k, i; 5 | k = 0; 6 | for (i = 0; i < 10; i++) { 7 | k = k + 1; 8 | } 9 | printf("%d", k); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bitwise-cond-2.c: -------------------------------------------------------------------------------- 1 | int g; 2 | 3 | int foo(int x, int y) { 4 | int z = x - y; 5 | int a; 6 | if (g == 0 && z) 7 | a = x + y; 8 | else 9 | a = x * y; 10 | return a * 42; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bitwise-cond-2.c: -------------------------------------------------------------------------------- 1 | int g; 2 | 3 | int foo(int x, int y) { 4 | int z = x - y; 5 | int a; 6 | if (g == 0 && z) 7 | a = x + y; 8 | else 9 | a = x * y; 10 | return a * 42; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bit-field-1.c: -------------------------------------------------------------------------------- 1 | struct info_t { 2 | char x : 1; 3 | char y : 1; 4 | int z : 10; 5 | int k : 1; 6 | }; 7 | 8 | int main() { 9 | struct info_t info = {0, 0, 42, 1}; 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-59-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_check_mem_access(const void* ptr, size_t size); 4 | 5 | int main() { 6 | char buffer[32]; 7 | __ikos_check_mem_access(buffer, 33); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-65.c: -------------------------------------------------------------------------------- 1 | extern int __ikos_nondet_uint(void); 2 | 3 | static unsigned char i; 4 | 5 | int main() { 6 | int A[10]; 7 | i = __ikos_nondet_uint(); 8 | if (i < 10) { 9 | A[i] = 0; 10 | } 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/pcmp/test-1-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | char* p = malloc(42); 5 | char* q = malloc(42); 6 | 7 | int tmp = p < q; // Error 8 | 9 | free(p); 10 | free(q); 11 | 12 | return tmp; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-13-safe.c: -------------------------------------------------------------------------------- 1 | int* foo(int* x, int* y) { 2 | int* z = x + *y; 3 | *z = 78; 4 | return x + *y; 5 | } 6 | 7 | int main() { 8 | int a[10]; 9 | int b = 5; 10 | 11 | int* z = foo(&a[0], &b); 12 | return *z; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-34-safe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | using namespace std; 3 | int main(int argc, char *argv[]) 4 | { 5 | auto test1 = make_shared(); 6 | //dereference pointer that is properly initialized. 7 | return (int)*test1; 8 | } 9 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bitwise-cond-2.c: -------------------------------------------------------------------------------- 1 | int g; 2 | 3 | int foo(int x, int y) { 4 | int z = x - y; 5 | int a; 6 | if (g == 0 && z) 7 | a = x + y; 8 | else 9 | a = x * y; 10 | return a * 42; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bit-field-1.c: -------------------------------------------------------------------------------- 1 | struct info_t { 2 | char x : 1; 3 | char y : 1; 4 | int z : 10; 5 | int k : 1; 6 | }; 7 | 8 | int main() { 9 | struct info_t info = {0, 0, 42, 1}; 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/opaque-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct X; 4 | 5 | typedef struct { 6 | int* a; 7 | struct X* b; 8 | } my_struct; 9 | 10 | my_struct s; 11 | 12 | int main() { 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/poa/test-3-undefined.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | extern unsigned int __ikos_nondet_uint(void); 5 | extern uint64_t f(void); 6 | 7 | int main() { 8 | int* c; 9 | 10 | c[4] = 5; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-5-div-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x, y, z; 8 | x = INT_MIN; 9 | y = -1; 10 | z = x / y; 11 | printf("%d", z); 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bit-field-1.c: -------------------------------------------------------------------------------- 1 | struct info_t { 2 | char x : 1; 3 | char y : 1; 4 | int z : 10; 5 | int k : 1; 6 | }; 7 | 8 | int main() { 9 | struct info_t info = {0, 0, 42, 1}; 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/opaque-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct X; 4 | 5 | typedef struct { 6 | int* a; 7 | struct X* b; 8 | } my_struct; 9 | 10 | my_struct s; 11 | 12 | int main() { 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-2.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | int* foo(int* x, int* y) { 3 | return x + *y; 4 | } 5 | 6 | int* p; // NULL 7 | 8 | int main() { 9 | int a[10]; 10 | int b = *p; 11 | 12 | int* z = foo(&a[0], &b); 13 | return *z; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/opaque-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct X; 4 | 5 | typedef struct { 6 | int* a; 7 | struct X* b; 8 | } my_struct; 9 | 10 | my_struct s; 11 | 12 | int main() { 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-2-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | 4 | // To test loops 5 | int main(int argc, char** argv) { 6 | int i, a[10]; 7 | for (i = 0; i < 10; i++) { 8 | a[i] = i; 9 | } 10 | printf("%d\n", a[i]); 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/asian06-ex2.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | int main(int argc, char** argv) { 4 | int i, x; 5 | 6 | x = 10; 7 | for (i = 0; i <= 10; i++) { 8 | x++; 9 | } 10 | __ikos_assert(x <= 21); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/nested-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct Node { 4 | struct Node* next; 5 | }; 6 | 7 | int main(int argc, char* argv[]) { 8 | struct Node* node = malloc(sizeof(struct Node*)); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/nested-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct Node { 4 | struct Node* next; 5 | }; 6 | 7 | int main(int argc, char* argv[]) { 8 | struct Node* node = malloc(sizeof(struct Node*)); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-14.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // from King and Simon 3 | 4 | void main() { 5 | char s[32] = "the string"; 6 | int i = 0; 7 | char c; 8 | while (1) { 9 | c = s[i]; 10 | if (c == 0) 11 | break; 12 | i = i + 1; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/dbz/test-2-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int x, y; 7 | if (__ikos_nondet_int()) { 8 | y = 3; 9 | } else { 10 | y = 10; 11 | } 12 | 13 | x = 10 / y; 14 | return x; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-7-rem.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x = INT_MIN; 8 | int y = -1; 9 | int z = x % y; 10 | 11 | printf("%d", z); 12 | 13 | return z; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/nested-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct Node { 4 | struct Node* next; 5 | }; 6 | 7 | int main(int argc, char* argv[]) { 8 | struct Node* node = malloc(sizeof(struct Node*)); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/shufflevector.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void printv(__m128); 4 | 5 | int main(int argc, char** argv) { 6 | __m128 m = _mm_set_ps(4, 3, 2, 1); 7 | m = _mm_shuffle_ps(m, m, 0x1B); 8 | printv(m); 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-2.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | // To test loops 5 | int main(int argc, char** argv) { 6 | int i; 7 | int a[10]; 8 | for (i = 0; i < 10; i++) { 9 | a[i] = i; 10 | } 11 | printf("%d\n", a[i - 1]); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-26-volatile-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern unsigned __ikos_nondet_uint(void); 4 | 5 | int main() { 6 | int values[5] = {0}; 7 | // not volatile 8 | unsigned i = __ikos_nondet_uint() % 5; 9 | printf("%d\n", values[i]); 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/dbz/test-1-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int x, y; 7 | if (__ikos_nondet_int()) { 8 | y = 0; 9 | } else { 10 | y = 10; 11 | } 12 | 13 | x = 10 / y; 14 | return x; 15 | } 16 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/shufflevector.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void printv(__m128); 4 | 5 | int main(int argc, char** argv) { 6 | __m128 m = _mm_set_ps(4, 3, 2, 1); 7 | m = _mm_shuffle_ps(m, m, 0x1B); 8 | printv(m); 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/astree-1.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | // need of relational domain 4 | 5 | int main() { 6 | int X = 100000, Y = 1000000; 7 | while (X >= 0) { 8 | X--; 9 | Y--; 10 | } 11 | __ikos_assert(X <= Y); 12 | return 42; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-2.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | int x = 4; 4 | int y = 5; 5 | float z = 8; 6 | int main() { 7 | while (x < 10) { 8 | x++; 9 | } 10 | y--; 11 | z = z + y; 12 | 13 | __ikos_assert(x + y + z == 26); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-3.c: -------------------------------------------------------------------------------- 1 | // for relational domains 2 | extern void __ikos_assert(int); 3 | 4 | int main() { 5 | int i = 0; 6 | int x = 0; 7 | while (i < 10) { 8 | i++; 9 | x += 32; 10 | } 11 | 12 | __ikos_assert(x == 320); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/shc/test-5-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a = __ikos_nondet_int(); 7 | int b = __ikos_nondet_int(); 8 | if (b < 0 || b >= 32) { 9 | return 0; 10 | } 11 | return a << b; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-32-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | bool* getBool() 4 | { 5 | return new bool; 6 | } 7 | 8 | int main(int argc, char *argv[]) 9 | { 10 | bool* test1 = new bool; 11 | bool* test2 = getBool(); 12 | return (int)(*test1 && *test2); 13 | } 14 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/shufflevector.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void printv(__m128); 4 | 5 | int main(int argc, char** argv) { 6 | __m128 m = _mm_set_ps(4, 3, 2, 1); 7 | m = _mm_shuffle_ps(m, m, 0x1B); 8 | printv(m); 9 | } 10 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-3-warnings.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x, y, z; 8 | x = __ikos_nondet_int(); 9 | y = __ikos_nondet_int(); 10 | z = x + y; 11 | printf("%d", z); 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-39-error.cpp: -------------------------------------------------------------------------------- 1 | struct MyStruct { 2 | int _aa; 3 | int _bb; 4 | MyStruct() noexcept 5 | { 6 | //_aa = 5; 7 | _bb = 7; 8 | } 9 | }; 10 | 11 | int main(int argc, char *argv[]) 12 | { 13 | MyStruct ss{}; 14 | 15 | return ss._aa; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-46.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | int main() { 6 | int* p = (int*)malloc(sizeof(int)); 7 | if (!p) 8 | return 1; 9 | *p = 0x41424344; 10 | short* q = (short*)((char*)p + 2); 11 | *q = 0; 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/dfa/test-1-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int* p; 7 | p = (int*)calloc(1, sizeof(int)); 8 | if (p != NULL) { 9 | *p = __ikos_nondet_int(); 10 | free(p); 11 | free(p); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/poa/test-1-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | extern unsigned int __ikos_nondet_uint(void); 5 | extern uint64_t f(void); 6 | 7 | int main() { 8 | int c[40]; 9 | uint64_t a = UINT64_MAX / 4 + 1; 10 | c[a] = 5; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-25.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | 6 | int main() { 7 | errno = 0; 8 | printf("hello world\n"); 9 | __ikos_assert(errno == 0); // errno could be != 0, assertion is wrong 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/asm.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int src = 1; 5 | int dst; 6 | 7 | asm("mov %1, %0\n\t" 8 | "add $1, %0" 9 | : "=r"(dst) 10 | : "r"(src)); 11 | 12 | printf("%d\n", dst); 13 | return dst; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/phi-4.cpp: -------------------------------------------------------------------------------- 1 | int main(int argc, char** argv) { 2 | int i = 0, a[10]; 3 | bool flag = argc % 5 == 0; 4 | for (; i < 10; i++) { 5 | if (flag) 6 | a[i] = i ^ 2; 7 | else 8 | a[i] = i * 2; 9 | } 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-64.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | extern ssize_t read(int fd, void* buffer, size_t nbytes); 6 | 7 | int main() { 8 | char buffer[32]; 9 | read(0, buffer, 32); 10 | return strncmp(buffer, "hello", 32); 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/dbz/test-4-unsafe.c: -------------------------------------------------------------------------------- 1 | struct my_method { 2 | int (*div)(int x); 3 | }; 4 | 5 | static int div(int x) { 6 | return 100 / x; 7 | } 8 | 9 | int main(int argc, char* argv[]) { 10 | static const struct my_method meth = {div}; 11 | meth.div(0); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/asm.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int src = 1; 5 | int dst; 6 | 7 | asm("mov %1, %0\n\t" 8 | "add $1, %0" 9 | : "=r"(dst) 10 | : "r"(src)); 11 | 12 | printf("%d\n", dst); 13 | return dst; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/phi-4.cpp: -------------------------------------------------------------------------------- 1 | int main(int argc, char** argv) { 2 | int i = 0, a[10]; 3 | bool flag = argc % 5 == 0; 4 | for (; i < 10; i++) { 5 | if (flag) 6 | a[i] = i ^ 2; 7 | else 8 | a[i] = i * 2; 9 | } 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-11-safe.c: -------------------------------------------------------------------------------- 1 | struct Foo { 2 | int x; 3 | double a[10]; 4 | }; 5 | 6 | void f(struct Foo* p) { 7 | int i; 8 | for (i = 0; i < 10; ++i) { 9 | p->a[i] = 1.0; 10 | } 11 | } 12 | 13 | int main() { 14 | struct Foo foo; 15 | f(&foo); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/asm.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int src = 1; 5 | int dst; 6 | 7 | asm("mov %1, %0\n\t" 8 | "add $1, %0" 9 | : "=r"(dst) 10 | : "r"(src)); 11 | 12 | printf("%d\n", dst); 13 | return dst; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/phi-4.cpp: -------------------------------------------------------------------------------- 1 | int main(int argc, char** argv) { 2 | int i = 0, a[10]; 3 | bool flag = argc % 5 == 0; 4 | for (; i < 10; i++) { 5 | if (flag) 6 | a[i] = i ^ 2; 7 | else 8 | a[i] = i * 2; 9 | } 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-57.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | char buffer[32]; 5 | FILE* f = fopen("passwd", "r"); 6 | if (f == NULL) { 7 | puts("error"); 8 | return -1; 9 | } 10 | fgets(buffer, 32, f); 11 | puts(buffer); 12 | fclose(f); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/dfa/test-4-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int* p; 7 | p = (int*)calloc(1, sizeof(int)); 8 | if (p != NULL) { 9 | *p = __ikos_nondet_int(); 10 | free(p); 11 | p = NULL; 12 | } 13 | free(p); 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-15.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int) noexcept; 3 | } 4 | 5 | class X { 6 | public: 7 | int v; 8 | 9 | X() : v(0) { 10 | v++; // constructor body 11 | } 12 | }; 13 | 14 | X x; 15 | 16 | int main() { 17 | __ikos_assert(x.v == 1); 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/shc/test-2-warnings.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a = __ikos_nondet_int(); 7 | int b = __ikos_nondet_int(); 8 | 9 | if (b > 0) { 10 | b = -b; 11 | } 12 | int c = a >> b; 13 | 14 | return c; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-16.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | struct foo { 3 | int x; 4 | int y; 5 | int z; 6 | }; 7 | 8 | void init(struct foo* f) { 9 | f->x = 5; 10 | f->y = 6; 11 | f->z = 7; 12 | } 13 | 14 | int main(int argc, char** argv) { 15 | struct foo a; 16 | init(&a); 17 | return a.x; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-26-volatile-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern unsigned __ikos_nondet_uint(void); 4 | 5 | int main() { 6 | int values[5] = {0}; 7 | // volatile should trigger a warning 8 | volatile unsigned i = __ikos_nondet_uint() % 5; 9 | printf("%d\n", values[i]); 10 | } 11 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-57-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | char buffer[32]; 5 | FILE* f = fopen("passwd", "r"); 6 | if (f == NULL) { 7 | puts("error"); 8 | return -1; 9 | } 10 | fgets(buffer, 33, f); 11 | puts(buffer); 12 | fclose(f); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/poa/test-2-warnings.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | extern unsigned int __ikos_nondet_uint(void); 5 | extern uint64_t f(void); 6 | 7 | int main() { 8 | int c[40]; 9 | uint64_t a = UINT64_MAX / 4 + __ikos_nondet_int(); 10 | c[a] = 5; 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/48-volatile-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int main() { 6 | int src[11] = {3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5}; 7 | int dest[11] = {0}; 8 | 9 | memcpy(dest, src, sizeof(int) * 11); 10 | 11 | __ikos_assert(dest[0] == 3); 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-18.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int main() { 6 | uint16_t k; 7 | 8 | for (k = 0; k < 60000; k++) { 9 | asm volatile("nop"); 10 | } 11 | 12 | __ikos_assert(1); 13 | __ikos_assert(k == 60000); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-1-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | // all zeros 5 | 6 | extern void __ikos_assert(int); 7 | 8 | int main() { 9 | int a[10]; 10 | int64_t i; 11 | 12 | for (i = 0; i < 10; i++) 13 | a[i] = 0; 14 | 15 | __ikos_assert(a[9] == 0); 16 | return 42; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/shc/test-4-unsigned.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern unsigned __ikos_nondet_uint(void); 4 | 5 | int main() { 6 | unsigned a = __ikos_nondet_uint(); 7 | if (a > 1000) { 8 | return 0; 9 | } 10 | unsigned b = a * 8 + 42; 11 | 12 | unsigned c = a << b; 13 | return c; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/sound/test-recursive.c: -------------------------------------------------------------------------------- 1 | extern void f1(void); 2 | extern void f2(void); 3 | extern void f3(void); 4 | 5 | void f1(void) { 6 | f2(); 7 | } 8 | 9 | void f2(void) { 10 | f3(); 11 | } 12 | 13 | void f3(void) { 14 | f1(); 15 | } 16 | 17 | int main() { 18 | f1(); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-12-safe.c: -------------------------------------------------------------------------------- 1 | struct Foo { 2 | int x; 3 | double a[10]; 4 | }; 5 | 6 | void f(double* p, int n) { 7 | int i; 8 | for (i = 0; i < n; ++i) { 9 | p[i] = 1.0; 10 | } 11 | } 12 | 13 | int main() { 14 | struct Foo foo; 15 | f((double*)&foo.a, 10); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/local-array-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | #include 4 | 5 | // To test loops 6 | int main(int argc, char** argv) { 7 | int i; 8 | int a[10]; 9 | for (i = 0; i < 10; i++) { 10 | a[i] = i; 11 | } 12 | printf("%d\n", a[i - 1]); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/local-array-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | #include 4 | 5 | // To test loops 6 | int main(int argc, char** argv) { 7 | int i; 8 | int a[10]; 9 | for (i = 0; i < 10; i++) { 10 | a[i] = i; 11 | } 12 | printf("%d\n", a[i - 1]); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-46-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | #include 3 | #include 4 | 5 | int main() { 6 | int* p = (int*)malloc(sizeof(int)); 7 | if (!p) 8 | return 1; 9 | *p = 0x41424344; 10 | short* q = (short*)((char*)p + 3); 11 | *q = 0; // buffer overflow 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/48-volatile-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int main() { 6 | volatile int src[11] = {3, 1, 4, 1, 5, 9, 2, 6, 5, 3, 5}; 7 | int dest[11] = {0}; 8 | 9 | memcpy(dest, src, sizeof(int) * 11); 10 | 11 | __ikos_assert(dest[0] == 3); 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-9.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int i, s, n; 6 | 7 | n = __ikos_nondet_int(); 8 | s = 0; 9 | for (i = 0; i < n; i++) { 10 | s++; 11 | } 12 | 13 | __ikos_assert(s == i); 14 | 15 | return 42; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-12.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | void f(int* p, int* q) { 4 | if (p == q) { 5 | __ikos_assert(0); 6 | } else { 7 | __ikos_assert(1); 8 | } 9 | } 10 | 11 | int main() { 12 | int a[10]; 13 | int b[10]; 14 | f(&a[0], &b[0]); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/local-array-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | #include 4 | 5 | // To test loops 6 | int main(int argc, char** argv) { 7 | int i; 8 | int a[10]; 9 | for (i = 0; i < 10; i++) { 10 | a[i] = i; 11 | } 12 | printf("%d\n", a[i - 1]); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-1-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | 4 | // all zeros 5 | 6 | extern void __ikos_assert(int); 7 | 8 | int main() { 9 | int a[10]; 10 | int64_t i; 11 | 12 | for (i = 0; i < 10; i++) 13 | a[i] = 0; 14 | 15 | __ikos_assert(a[9] == 5); 16 | return 42; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/vla.c: -------------------------------------------------------------------------------- 1 | #include 2 | void foo(int n) { 3 | int a[n], i; 4 | for (i = 0; i < n; i++) { 5 | a[i] = i * i; 6 | } 7 | a[n] = n * n; 8 | } 9 | 10 | int main(int argc, char** argv) { 11 | int v; 12 | scanf("%d", &v); 13 | foo(v); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/11.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | /* 4 | * Based on ex3 from NECLA Static Analysis Benchmarks 5 | */ 6 | 7 | int main() { 8 | int j = 0; 9 | int i; 10 | int x = 100; 11 | 12 | for (i = 0; i < x; i++) { 13 | j = j + 2; 14 | } 15 | 16 | __ikos_assert(j == 2 * x); 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/vla.c: -------------------------------------------------------------------------------- 1 | #include 2 | void foo(int n) { 3 | int a[n], i; 4 | for (i = 0; i < n; i++) { 5 | a[i] = i * i; 6 | } 7 | a[n] = n * n; 8 | } 9 | 10 | int main(int argc, char** argv) { 11 | int v; 12 | scanf("%d", &v); 13 | foo(v); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/mem-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int cst() { 4 | int G = 0 ? 0 : (((1 + 1) + 3) * 2); 5 | return G; 6 | } 7 | 8 | int main() { 9 | int *p, *q, *r; 10 | r = (int*)memcpy(p, q, 10); 11 | r = (int*)memmove(p, q, 50); 12 | r = (int*)memset(p, 1, 50); 13 | } 14 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/vla.c: -------------------------------------------------------------------------------- 1 | #include 2 | void foo(int n) { 3 | int a[n], i; 4 | for (i = 0; i < n; i++) { 5 | a[i] = i * i; 6 | } 7 | a[n] = n * n; 8 | } 9 | 10 | int main(int argc, char** argv) { 11 | int v; 12 | scanf("%d", &v); 13 | foo(v); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/mem-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int cst() { 4 | int G = 0 ? 0 : (((1 + 1) + 3) * 2); 5 | return G; 6 | } 7 | 8 | int main() { 9 | int *p, *q, *r; 10 | r = (int*)memcpy(p, q, 10); 11 | r = (int*)memmove(p, q, 50); 12 | r = (int*)memset(p, 1, 50); 13 | } 14 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-20.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | int f() { 4 | return 1; 5 | } 6 | unsigned g() { 7 | return 1; 8 | } 9 | 10 | int main() { 11 | int* p = (int*)f(); 12 | int* q = (int*)g(); 13 | int* r = (int*)1; 14 | __ikos_assert(p == q); 15 | __ikos_assert(p == r); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/shc/test-1-negative.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a = __ikos_nondet_int(); 7 | int b = __ikos_nondet_int(); 8 | if (b > 0) { 9 | b = -b; 10 | } else if (b == 0) { 11 | b = -1; 12 | } 13 | int c = a << b; 14 | 15 | return c; 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/mem-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int cst() { 4 | int G = 0 ? 0 : (((1 + 1) + 3) * 2); 5 | return G; 6 | } 7 | 8 | int main() { 9 | int *p, *q, *r; 10 | r = (int*)memcpy(p, q, 10); 11 | r = (int*)memmove(p, q, 50); 12 | r = (int*)memset(p, 1, 50); 13 | } 14 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > clang++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/pod-types.c: -------------------------------------------------------------------------------- 1 | unsigned int i; 2 | 3 | float f; 4 | 5 | double d; 6 | 7 | void* p; 8 | 9 | int* q; 10 | 11 | unsigned char b; 12 | 13 | short tab[10][12]; 14 | 15 | void fun() {} 16 | 17 | int main(int argc, char** argv) { 18 | int xxx[10] = {1, -1, 255, 42}; 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > clang++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/dfa/test-2-warnings.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int* p; 7 | p = (int*)calloc(1, sizeof(int)); 8 | if (p != NULL) { 9 | *p = __ikos_nondet_int(); 10 | if (__ikos_nondet_int()) { 11 | free(p); 12 | } 13 | free(p); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-19.c: -------------------------------------------------------------------------------- 1 | extern int __ikos_nondet_int(void); 2 | extern void __ikos_assert(int); 3 | 4 | int main() { 5 | int i, j; 6 | j = 0; 7 | 8 | for (i = 0; i < 10; ++i) { 9 | if (__ikos_nondet_int()) { 10 | j++; 11 | } 12 | __ikos_assert(j >= 0 && j <= 10); 13 | } 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > clang++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/pod-types.c: -------------------------------------------------------------------------------- 1 | unsigned int i; 2 | 3 | float f; 4 | 5 | double d; 6 | 7 | void* p; 8 | 9 | int* q; 10 | 11 | unsigned char b; 12 | 13 | short tab[10][12]; 14 | 15 | void fun() {} 16 | 17 | int main(int argc, char** argv) { 18 | int xxx[10] = {1, -1, 255, 42}; 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/bool-op-select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > llvm-g++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/pod-types.c: -------------------------------------------------------------------------------- 1 | unsigned int i; 2 | 3 | float f; 4 | 5 | double d; 6 | 7 | void* p; 8 | 9 | int* q; 10 | 11 | unsigned char b; 12 | 13 | short tab[10][12]; 14 | 15 | void fun() {} 16 | 17 | int main(int argc, char** argv) { 18 | int xxx[10] = {1, -1, 255, 42}; 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/bool-op-select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > llvm-g++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-45.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | int* init(int* tab, int n) { 5 | for (int i = 0; i < n; i++) { 6 | tab[i] = 0; 7 | } 8 | 9 | return tab; 10 | } 11 | 12 | int main() { 13 | int tab[10]; 14 | int* p = init(tab, 10); 15 | printf("%d\n", p[0]); 16 | printf("%d\n", p[9]); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-32-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | typedef struct { 6 | char message[255]; 7 | int id; 8 | } Struct; 9 | 10 | int main() { 11 | Struct s = {.message = "", .id = 1}; 12 | strncpy(&s.message[0], "hello world", 255); 13 | __ikos_assert(s.id == 1); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/30.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | /* 4 | * Based on "SYNERGY: A New Algorithm for Property Checking" by Gulavani et al. 5 | */ 6 | 7 | int main() { 8 | int i, c; 9 | i = 0; 10 | c = 0; 11 | while (i < 1000) { 12 | c = c + i; 13 | i = i + 1; 14 | } 15 | 16 | __ikos_assert(c >= 0); 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-1-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main(int argc, char** argv) { 6 | argc = __ikos_nondet_int(); 7 | 8 | if (argc > 0) { 9 | int k, i; 10 | for (i = 0; i < 10; i++) { 11 | k = k + 1; 12 | } 13 | printf("%d", k); 14 | } 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/bool-op-select.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * To generate LLVM select instruction, we need to compile 3 | * the code with optimization enabled (at least -O1) 4 | * 5 | * > llvm-g++ -O1 -emit-llvm -o test.bc -g -c test.cpp 6 | */ 7 | 8 | int a; 9 | 10 | int main() { 11 | return a > 0 ? 123 : 321; 12 | } 13 | -------------------------------------------------------------------------------- /analyzer/test/regression/shc/test-3-oversized.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a = __ikos_nondet_int(); 7 | int b = __ikos_nondet_int(); 8 | if (b < 0) { 9 | b = -b; 10 | } else if (b == 0) { 11 | b = 2; 12 | } 13 | b *= 32; 14 | int c = a << b; 15 | 16 | return c; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-36-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | using namespace std; 3 | 4 | struct MyStruct { 5 | int _aa; 6 | int _bb; 7 | MyStruct() noexcept 8 | { 9 | //_aa = 5; 10 | _bb = 7; 11 | } 12 | }; 13 | 14 | int main(int argc, char *argv[]) 15 | { 16 | auto test1 = make_shared(); 17 | return test1->_aa; 18 | } 19 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/file-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | FILE* f = fopen("/tmp/test", "rw"); 5 | char buf[1025]; 6 | int x; 7 | fgets(buf, 1024, f); 8 | fgetc(f); 9 | fputs("hello world", f); 10 | fprintf(f, "%d", 1); 11 | fscanf(f, "%d", &x); 12 | fflush(f); 13 | fclose(f); 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/file-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | FILE* f = fopen("/tmp/test", "rw"); 5 | char buf[1025]; 6 | int x; 7 | fgets(buf, 1024, f); 8 | fgetc(f); 9 | fputs("hello world", f); 10 | fprintf(f, "%d", 1); 11 | fscanf(f, "%d", &x); 12 | fflush(f); 13 | fclose(f); 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-22-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | struct foo { 5 | int a; 6 | int b; 7 | }; 8 | 9 | struct foo x; 10 | 11 | int main(int argc, char** argv) { 12 | int i; 13 | int a[10]; 14 | for (i = 0; i < 10; i++) { 15 | x.a = i; 16 | a[x.a] = i; 17 | } 18 | printf("%d\n", a[i - 1]); 19 | return 42; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-35-safe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | using namespace std; 3 | 4 | struct MyStruct { 5 | int _aa; 6 | int _bb; 7 | MyStruct() noexcept 8 | { 9 | _aa = 5; 10 | _bb = 7; 11 | } 12 | }; 13 | 14 | int main(int argc, char *argv[]) 15 | { 16 | auto test1 = make_shared(); 17 | 18 | return test1->_aa; 19 | } 20 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/file-intrinsics.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | FILE* f = fopen("/tmp/test", "rw"); 5 | char buf[1025]; 6 | int x; 7 | fgets(buf, 1024, f); 8 | fgetc(f); 9 | fputs("hello world", f); 10 | fprintf(f, "%d", 1); 11 | fscanf(f, "%d", &x); 12 | fflush(f); 13 | fclose(f); 14 | } 15 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/struct-parameters.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | char buf[10]; 5 | char buf1[10]; 6 | char buf2[10]; 7 | } my_struct; 8 | 9 | my_struct f(my_struct* s) { 10 | return *s; 11 | } 12 | 13 | my_struct g(my_struct s) { 14 | return s; 15 | } 16 | 17 | int main() { 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/struct-parameters.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | char buf[10]; 5 | char buf1[10]; 6 | char buf2[10]; 7 | } my_struct; 8 | 9 | my_struct f(my_struct* s) { 10 | return *s; 11 | } 12 | 13 | my_struct g(my_struct s) { 14 | return s; 15 | } 16 | 17 | int main() { 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-43.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void fun_exit() { 4 | int i = 0; 5 | while (1) { 6 | if (i == 42) 7 | exit(1); 8 | i++; 9 | } 10 | } 11 | 12 | int main() { 13 | int tab[10]; 14 | int i; 15 | 16 | fun_exit(); 17 | 18 | for (i = 0; i <= 10; i++) { 19 | tab[i] = i * i; 20 | } 21 | return tab[0]; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-11.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | 4 | int main() { 5 | int a[10]; 6 | int b[10]; 7 | 8 | int* x = &a[0]; 9 | int* y = &b[0]; 10 | 11 | x = x + 2; 12 | *x = 3; 13 | x++; 14 | x--; 15 | y = y + 4; 16 | *y = 19; 17 | 18 | y = x; 19 | *y = 5; 20 | __ikos_assert(*x == 5); 21 | return 42; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-5-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | // global variable is 2-aligned, add 1 so it's unaligned 3 | #include 4 | 5 | extern int __ikos_nondet_int(void); 6 | 7 | uint16_t x; 8 | 9 | int main() { 10 | int a = 1; 11 | if (__ikos_nondet_int()) 12 | a = 3; 13 | 14 | uint16_t* b = (uint16_t*)((uint8_t*)&x + a); 15 | return *b; 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/struct-parameters.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | char buf[10]; 5 | char buf1[10]; 6 | char buf2[10]; 7 | } my_struct; 8 | 9 | my_struct f(my_struct* s) { 10 | return *s; 11 | } 12 | 13 | my_struct g(my_struct s) { 14 | return s; 15 | } 16 | 17 | int main() { 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-29.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int* hwaddr; 8 | if (__ikos_nondet_int()) { 9 | hwaddr = 0x42; 10 | } else if (__ikos_nondet_int() == 42) { 11 | hwaddr = 0x47; 12 | } else { 13 | hwaddr = 0x99; 14 | } 15 | 16 | *hwaddr = 142857; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-45-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | #include 3 | 4 | int* init() { 5 | int tab[10]; 6 | for (int i = 0; i < 10; i++) { 7 | tab[i] = 0; 8 | } 9 | 10 | return tab; // unsafe: return a local variable 11 | } 12 | 13 | int main() { 14 | int* p = init(); 15 | printf("%d\n", p[0]); 16 | printf("%d\n", p[9]); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-67.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | static uint8_t x = 0; 6 | 7 | int main() { 8 | int A[10]; 9 | while (__ikos_nondet_int()) { 10 | x++; 11 | if (x >= 10) { 12 | x = 0; 13 | } 14 | A[x] = __ikos_nondet_int(); 15 | } 16 | A[x] = __ikos_nondet_int(); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-3.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int x = 0; 6 | int y = 0; 7 | while (x < 100) { 8 | if (__ikos_nondet_int()) 9 | y = 1; 10 | x = x + 4; 11 | } 12 | 13 | __ikos_assert(y >= 0 && y <= 1); 14 | __ikos_assert(x <= 103); 15 | 16 | return 42; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-1-overflow-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x = __ikos_nondet_int(); 8 | int y = __ikos_nondet_int(); 9 | int z; 10 | if (x >= INT_MAX - 1 && y >= 2) { 11 | z = x + y; 12 | } else { 13 | z = 42; 14 | } 15 | printf("%d", z); 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-2-underflow-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x = __ikos_nondet_int(); 8 | int y = __ikos_nondet_int(); 9 | int z; 10 | if (x <= INT_MIN + 1 && y >= 2) { 11 | z = x - y; 12 | } else { 13 | z = 42; 14 | } 15 | printf("%d", z); 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-23-warning.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main(int argc, char** argv) { 3 | int* p = NULL; 4 | int x = 0; 5 | p = malloc(sizeof(int)); // uninitialized 6 | if (!p) { 7 | return 0; 8 | } 9 | if (argc) { 10 | p = &x; 11 | } 12 | int y = *p; // initialized if p = &x but uninitialized if p = malloc(..) 13 | return y; 14 | } 15 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-15.c: -------------------------------------------------------------------------------- 1 | // SAFE if --domain=interval-congruence 2 | int main(int argc, char** argv) { 3 | int k = 0; 4 | int i = 0; 5 | int j = 1; 6 | int A[10]; 7 | for (k = 0; k < 10; k++) { 8 | A[k] = 0; 9 | i = i + 2; 10 | j = j + 2; 11 | } 12 | if (i % 2 == 1) { 13 | A[k] = 1; // unsafe but dead code 14 | } 15 | return i + j; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-22-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | 4 | struct foo { 5 | int a; 6 | int b; 7 | }; 8 | 9 | struct foo x; 10 | 11 | int main(int argc, char** argv) { 12 | int i; 13 | int a[10]; 14 | for (i = 0; i < 10; i++) { 15 | x.a = i + 1; 16 | a[x.a] = i; 17 | } 18 | printf("%d\n", a[i - 1]); 19 | return 42; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-21.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | int main() { 5 | int n; 6 | int **p, *r; 7 | int* a[10]; 8 | 9 | for (n = 0; n < 10; n++) { 10 | p = &a[n]; 11 | r = (int*)malloc(sizeof(int)); 12 | if (r == NULL) { 13 | return 0; 14 | } 15 | *r = n; 16 | *p = r; 17 | } 18 | 19 | r = a[9]; 20 | return *r; 21 | } 22 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/aggregate-in-reg-2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | float x; 5 | float y; 6 | } pos_t; 7 | 8 | typedef struct { 9 | pos_t begin, end; 10 | } line_t; 11 | 12 | line_t f(float y) { 13 | return {{0.0, y}, {2.0, 0}}; 14 | } 15 | 16 | int main() { 17 | printf("%f\n", f(2.0).begin.y); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-14c.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a[10]; 7 | int* x; 8 | 9 | a[0] = 5; 10 | a[1] = 10; 11 | 12 | if (__ikos_nondet_int()) 13 | x = &a[0]; 14 | else 15 | x = &a[1]; 16 | 17 | __ikos_assert(*x >= 5 && *x <= 10); // safe 18 | 19 | return 42; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-4-unsafe-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | const char* f() { 7 | if (__ikos_nondet_int()) { 8 | return "AAAA"; 9 | } else { 10 | return NULL; 11 | } 12 | } 13 | 14 | int main() { 15 | char s1[10]; 16 | const char* s2 = f(); 17 | strcpy(s1, s2); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/24.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * "nested5.c" from InvGen test suite 6 | */ 7 | 8 | int main() { 9 | int i, j, k, n; 10 | 11 | n = __ikos_nondet_int(); 12 | for (i = 0; i < n; i++) 13 | for (j = i; j < n; j++) 14 | for (k = j; k < n; k++) 15 | __ikos_assert(k >= i); 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/aggregate-in-reg-2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | float x; 5 | float y; 6 | } pos_t; 7 | 8 | typedef struct { 9 | pos_t begin, end; 10 | } line_t; 11 | 12 | line_t f(float y) { 13 | return {{0.0, y}, {2.0, 0}}; 14 | } 15 | 16 | int main() { 17 | printf("%f\n", f(2.0).begin.y); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-31-use-after-free.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int* p = calloc(10, sizeof(int)); 8 | if (p != NULL) { 9 | if (__ikos_nondet_int()) { 10 | free(p); 11 | } else { 12 | p[5] = __ikos_nondet_int(); 13 | } 14 | printf("p=%d\n", p[5]); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-5-unsafe-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | const char* f() { 7 | if (__ikos_nondet_int()) { 8 | return "BBBB"; 9 | } else { 10 | return NULL; 11 | } 12 | } 13 | 14 | int main() { 15 | char s1[9] = "AAAA"; 16 | const char* s2 = f(); 17 | strcat(s1, s2); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/01.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * IC3 motivating example 6 | */ 7 | 8 | int main() { 9 | int x = 1; 10 | int y = 1; 11 | 12 | while (__ikos_nondet_int()) { 13 | int t1 = x; 14 | int t2 = y; 15 | x = t1 + t2; 16 | y = t1 + t2; 17 | } 18 | 19 | __ikos_assert(y >= 1); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-1.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | #define TRUE 1 5 | 6 | int main() { 7 | int s = 0; 8 | while (TRUE) { 9 | if (__ikos_nondet_int()) 10 | break; 11 | if (s < 5) 12 | s++; 13 | else 14 | s = 0; 15 | } 16 | __ikos_assert(s >= 0 && s <= 5); 17 | 18 | return 42; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-2.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | #define TRUE 1 5 | 6 | int main() { 7 | int n = 0; 8 | while (TRUE) { 9 | if (__ikos_nondet_int()) 10 | continue; 11 | if (n < 60) 12 | n++; 13 | else 14 | n = 0; 15 | __ikos_assert(n >= 0 && n <= 60); 16 | } 17 | return 42; 18 | } 19 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/aggregate-in-reg-2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | float x; 5 | float y; 6 | } pos_t; 7 | 8 | typedef struct { 9 | pos_t begin, end; 10 | } line_t; 11 | 12 | line_t f(float y) { 13 | return {{0.0, y}, {2.0, 0}}; 14 | } 15 | 16 | int main() { 17 | printf("%f\n", f(2.0).begin.y); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/dbz/test-3-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int x, y, z, w; 7 | z = 7; 8 | if (__ikos_nondet_int()) { 9 | y = 0; 10 | } else { 11 | y = z - 7; 12 | } 13 | 14 | // if (__ikos_nondet_int()) 15 | // { 16 | x = 10 / y; 17 | //} 18 | 19 | w = 10 / (y + 1); 20 | return x + w; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/04.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Taken from Gulwani PLDI'08: 6 | * Program Analysis as Constraint Solving 7 | */ 8 | 9 | int main() { 10 | int x, y; 11 | 12 | x = -50; 13 | y = __ikos_nondet_int(); 14 | while (x < 0) { 15 | x = x + y; 16 | y++; 17 | } 18 | __ikos_assert(y > 0); 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/uio/test-1-overflow-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern unsigned __ikos_nondet_uint(void); 5 | 6 | int main() { 7 | unsigned x = __ikos_nondet_uint(); 8 | unsigned y = __ikos_nondet_uint(); 9 | unsigned z; 10 | if (x >= UINT_MAX - 1 && y >= 2) { 11 | z = x + y; 12 | } else { 13 | z = 42; 14 | } 15 | printf("%d", z); 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-8-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main(int argc, char** argv) { 6 | argc = __ikos_nondet_int(); 7 | 8 | if (argc < 0) 9 | return 42; 10 | 11 | int x; 12 | if (argc == 0) 13 | x = 0; 14 | else if (argc == 1) 15 | x = 1; 16 | else if (argc > 1) 17 | x = 2; 18 | 19 | return x; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-29-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | 4 | struct point { 5 | int x; 6 | int y; 7 | int z; 8 | }; 9 | 10 | int main(int argc, char** argv) { 11 | struct point p; 12 | p.x = 1; 13 | p.y = 2; 14 | p.z = 8; 15 | 16 | int* q = (int*)(((char*)&p.x) + 2); 17 | *q = 3; 18 | 19 | __ikos_assert(p.z == 8); // SAFE 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-4-unsafe-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | char buf[10]; 5 | 6 | extern int __ikos_nondet_int(void); 7 | 8 | char* f() { 9 | if (__ikos_nondet_int()) { 10 | return buf; 11 | } else { 12 | return NULL; 13 | } 14 | } 15 | 16 | int main() { 17 | char* s1 = f(); 18 | const char* s2 = "AAAA"; 19 | strcpy(s1, s2); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/05.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int flag, char** argv) { 5 | int x = 0; 6 | int y = 0; 7 | 8 | int j = 0; 9 | int i = 0; 10 | 11 | while (__ikos_nondet_int()) { 12 | x++; 13 | y++; 14 | i += x; 15 | j += y; 16 | if (flag) 17 | j += 1; 18 | } 19 | __ikos_assert(j >= i); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/28.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * From CAV'12 by Sharma et al. 6 | */ 7 | 8 | int main() { 9 | int x = 0; 10 | int y = 0; 11 | int n = 0; 12 | while (__ikos_nondet_int()) { 13 | x++; 14 | y++; 15 | } 16 | while (x != n) { 17 | x--; 18 | y--; 19 | } 20 | __ikos_assert(y == n); 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/35.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * InvGen, CAV'09 paper, fig 2 6 | */ 7 | 8 | int main(int argc, char** argv) { 9 | int n = __ikos_nondet_int(); 10 | int x = 0; 11 | if (n < 0) 12 | return 0; 13 | while (x < n) { 14 | x++; 15 | } 16 | if (n > 0) { 17 | __ikos_assert(x == n); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-10.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | 3 | // provable by using a fully relational or gauge domain but as well 4 | // by using simply intervals after induction variable optimization. 5 | int main() { 6 | int i, s, n; 7 | 8 | n = 100; 9 | s = 0; 10 | for (i = 0; i < n; i++) { 11 | s++; 12 | } 13 | 14 | __ikos_assert(s == i); 15 | 16 | return 42; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/gv-init.c: -------------------------------------------------------------------------------- 1 | int a[100][100]; 2 | int b[2] = {1, 2}; 3 | int c; 4 | int d = 5; 5 | extern int e; 6 | 7 | int main(int argc, char** argv) { 8 | int i = 0, j = 0; 9 | for (; i < 100; i++) 10 | for (; j < 100; j++) 11 | if (i % 2 == 0) 12 | a[i][j] = b[0] + c - e; 13 | else 14 | a[i][j] = b[1] + d - e; 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/gv-init.c: -------------------------------------------------------------------------------- 1 | int a[100][100]; 2 | int b[2] = {1, 2}; 3 | int c; 4 | int d = 5; 5 | extern int e; 6 | 7 | int main(int argc, char** argv) { 8 | int i = 0, j = 0; 9 | for (; i < 100; i++) 10 | for (; j < 100; j++) 11 | if (i % 2 == 0) 12 | a[i][j] = b[0] + c - e; 13 | else 14 | a[i][j] = b[1] + d - e; 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-10.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // Interprocedural analysis is needed. 3 | #include 4 | 5 | int foo(int k, int N) { 6 | return k + N; 7 | } 8 | 9 | int bar(int p) { 10 | return p + foo(p, 10); 11 | } 12 | 13 | int main(int argc, char** argv) { 14 | int a[56]; 15 | int x = foo(5, 10); // x=15 16 | int y = x + bar(x); // y=55 17 | 18 | a[y] = 67; 19 | return y; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-68.c: -------------------------------------------------------------------------------- 1 | void f1(void) { 2 | int tab[10]; 3 | int* p = &tab[0]; 4 | int* q = &tab[10]; 5 | for (; p != q; p++) { 6 | *p = 0; 7 | } 8 | } 9 | 10 | void f2(void) { 11 | int tab[100]; 12 | int* p = &tab[0]; 13 | int* q = &tab[100]; 14 | for (; p != q; p++) { 15 | *p = 0; 16 | } 17 | } 18 | 19 | int main() { 20 | f1(); 21 | f2(); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/10.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int w = 1; 6 | int z = 0; 7 | int x = 0; 8 | int y = 0; 9 | while (__ikos_nondet_int()) { 10 | if (w) { 11 | x++; 12 | w = !w; 13 | }; 14 | if (!z) { 15 | y++; 16 | z = !z; 17 | }; 18 | } 19 | 20 | __ikos_assert(x == y); 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/22.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int x = 0; 6 | int y = 0; 7 | int z = 0; 8 | int k = 0; 9 | 10 | while (__ikos_nondet_int()) { 11 | if (k % 3 == 0) 12 | x++; 13 | y++; 14 | z++; 15 | k = x + y + z; 16 | } 17 | 18 | __ikos_assert(x == y); 19 | __ikos_assert(y == z); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/astree-2a.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | // Need of the clock domain or fully relational 5 | int main() { 6 | int i = 0; 7 | int x = 0; 8 | int b = __ikos_nondet_int(); 9 | while (i < 1000) { 10 | x++; 11 | if (b) 12 | x = 0; 13 | i++; 14 | } 15 | 16 | __ikos_assert(x <= 1000); 17 | return 42; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-6.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // Runs some safe code with lots of special functions that are caught 3 | // differently in the analyzer 4 | #include 5 | #include 6 | #include 7 | 8 | int main() { 9 | const char* s = "AAAA"; 10 | int a = strlen(s); 11 | char* p = malloc(sizeof(*s)); 12 | memcpy(p, s, sizeof(*s)); 13 | printf(p); 14 | return a; 15 | } 16 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/gv-init.c: -------------------------------------------------------------------------------- 1 | int a[100][100]; 2 | int b[2] = {1, 2}; 3 | int c; 4 | int d = 5; 5 | extern int e; 6 | 7 | int main(int argc, char** argv) { 8 | int i = 0, j = 0; 9 | for (; i < 100; i++) 10 | for (; j < 100; j++) 11 | if (i % 2 == 0) 12 | a[i][j] = b[0] + c - e; 13 | else 14 | a[i][j] = b[1] + d - e; 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/null/test-5-unsafe-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | char buf[10] = "AAAA"; 5 | 6 | extern int __ikos_nondet_int(void); 7 | 8 | char* f() { 9 | if (__ikos_nondet_int()) { 10 | return buf; 11 | } else { 12 | return NULL; 13 | } 14 | } 15 | 16 | int main() { 17 | char* s1 = f(); 18 | const char* s2 = "BBBB"; 19 | strcat(s1, s2); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-21-safe.cpp: -------------------------------------------------------------------------------- 1 | // Test that generates array inside structs 2 | #include 3 | 4 | typedef struct { 5 | float x; 6 | float y; 7 | } pos_t; 8 | 9 | typedef struct { 10 | pos_t begin; 11 | pos_t end; 12 | } line_t; 13 | 14 | line_t f(float y) { 15 | return {{0.0, y}, {2.0, 0}}; 16 | } 17 | 18 | int main() { 19 | printf("%f\n", f(2.0).begin.y); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-1-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | // See how we treat global variables, struct and one-dimensional arrays 3 | int x = 6; 4 | 5 | struct foo { 6 | int x; 7 | }; 8 | 9 | int B[10]; 10 | 11 | int main(int argc, char** argv) { 12 | int A[5] = {0}; 13 | 14 | struct foo a; 15 | a.x = 59; 16 | x++; 17 | B[8] = 23; 18 | int z = x + 7 + a.x + A[5] + B[10]; 19 | return z; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-47.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern "C" { 4 | extern int __ikos_nondet_int(void) noexcept; 5 | } 6 | 7 | int x; 8 | 9 | void f() { 10 | x = 9; 11 | if (__ikos_nondet_int()) { 12 | throw 0x42; 13 | } 14 | x = 0; 15 | } 16 | 17 | int main() { 18 | int tab[10] = {0}; 19 | 20 | try { 21 | f(); 22 | } catch (int) { 23 | } 24 | 25 | printf("%d\n", tab[x]); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-30-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE if --domain=interval-congruence 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a[3]; 7 | a[0] = 5; 8 | a[1] = 10; 9 | int x = __ikos_nondet_int(); 10 | a[x] = 7; 11 | 12 | __ikos_assert(a[0] >= 5 && a[0] <= 7); // safe 13 | __ikos_assert(a[1] >= 7 && a[1] <= 10); // safe 14 | 15 | return 42; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/02.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int i = 1; 6 | int j = 0; 7 | int z = i - j; 8 | int x = 0; 9 | int y = 0; 10 | int w = 0; 11 | 12 | while (__ikos_nondet_int()) { 13 | z += x + y + w; 14 | y++; 15 | if (z % 2 == 1) 16 | x++; 17 | w += 2; 18 | } 19 | 20 | __ikos_assert(x == y); 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/astree-2c.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | // Need of the clock domain or fully relational 5 | int main() { 6 | int i = 1000; 7 | int x = 1000; 8 | int b = __ikos_nondet_int(); 9 | while (i >= -200) { 10 | x--; 11 | if (b) 12 | x = 1000; 13 | i--; 14 | } 15 | 16 | __ikos_assert(x <= 1000); 17 | return 42; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-24-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | struct Foo { 5 | int a; // 4 6 | int b; // 4 7 | int c[5]; // 20 8 | char* s; // 8 9 | // + padding of 4 in my 64bit machine 10 | }; // sizeof (struct Foo) = 40 11 | 12 | int foo(struct Foo f) { 13 | return f.b; 14 | } 15 | 16 | int main() { 17 | struct Foo f; 18 | memset(&f, 0, sizeof(f)); 19 | return foo(f); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-29-unsafe-1.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | extern void __ikos_assert(int); 3 | 4 | struct point { 5 | int x; 6 | int y; 7 | int z; 8 | }; 9 | 10 | int main(int argc, char** argv) { 11 | struct point p; 12 | p.x = 1; 13 | p.y = 2; 14 | p.z = 8; 15 | 16 | int* q = (int*)(((char*)&p.x) + 2); 17 | *q = 3; 18 | 19 | __ikos_assert(p.x == 1); // WARNING 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-29-unsafe-2.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | extern void __ikos_assert(int); 3 | 4 | struct point { 5 | int x; 6 | int y; 7 | int z; 8 | }; 9 | 10 | int main(int argc, char** argv) { 11 | struct point p; 12 | p.x = 1; 13 | p.y = 2; 14 | p.z = 8; 15 | 16 | int* q = (int*)(((char*)&p.x) + 2); 17 | *q = 3; 18 | 19 | __ikos_assert(p.y == 2); // WARNING 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/46.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int w = 1; 6 | int z = 0; 7 | int x = 0; 8 | int y = 0; 9 | 10 | while (__ikos_nondet_int()) { 11 | if (w % 2 == 1) { 12 | x++; 13 | w++; 14 | }; 15 | if (z % 2 == 0) { 16 | y++; 17 | z++; 18 | }; 19 | } 20 | 21 | __ikos_assert(x <= 1); 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/astree-2b.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | // Need of the clock domain or fully relational 5 | int main() { 6 | int i = 5; 7 | int x = 5; 8 | int b = __ikos_nondet_int(); 9 | while (i < 1000) { 10 | x = x + 2; 11 | if (b) 12 | x = 0; 13 | i = i + 2; 14 | } 15 | 16 | __ikos_assert(x <= 1001); 17 | return 42; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-7-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | void foo(int vsupply, int LOW_BATTERY_DECIVOLT) { 6 | static int t = 0; 7 | if (vsupply < LOW_BATTERY_DECIVOLT) 8 | t++; 9 | else 10 | t = 0; 11 | 12 | printf("%d\n", t); 13 | } 14 | 15 | int main(int argc, char** argv) { 16 | foo(__ikos_nondet_int(), __ikos_nondet_int()); 17 | return 42; 18 | } 19 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/multiple-inheritance.cpp: -------------------------------------------------------------------------------- 1 | class Base { 2 | private: 3 | int x; 4 | int y; 5 | }; 6 | 7 | struct Mixin { 8 | private: 9 | unsigned z; 10 | }; 11 | 12 | struct Empty { 13 | void f() {} 14 | }; 15 | 16 | class Child : public Base, public Mixin, public Empty { 17 | private: 18 | int tab[10]; 19 | }; 20 | 21 | Child c; 22 | 23 | int main(void) { 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-10-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | // Interprocedural analysis is needed. 3 | #include 4 | 5 | int foo(int k, int N) { 6 | return k + N; 7 | } 8 | 9 | int bar(int p) { 10 | return p + foo(p, 10); 11 | } 12 | 13 | int main(int argc, char** argv) { 14 | int a[56]; 15 | int x = foo(5, 10); // x=15 16 | int y = x + bar(x); // y=55 17 | 18 | a[y + 1] = 67; 19 | return y; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-38-argv.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int main(int argc, char** argv) { 6 | // we assume argc == 4 7 | printf("argv[argc-1]=%s\n", argv[argc - 1]); // Last argument 8 | printf("argv[3]=%s\n", argv[3]); // Last argument 9 | printf("argv[4]=%s\n", argv[4]); // NULL 10 | printf("argv[5]=%s\n", argv[5]); // Error 11 | } 12 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-47-unsafe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern "C" { 4 | extern int __ikos_nondet_int(void) noexcept; 5 | } 6 | 7 | int x; 8 | 9 | void f() { 10 | x = 10; 11 | if (__ikos_nondet_int()) { 12 | throw 0x42; 13 | } 14 | x = 0; 15 | } 16 | 17 | int main() { 18 | int tab[10] = {0}; 19 | 20 | try { 21 | f(); 22 | } catch (int) { 23 | } 24 | 25 | printf("%d\n", tab[x]); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/sio/test-4-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x = __ikos_nondet_int(); 8 | int y = __ikos_nondet_int(); 9 | int lim = INT_MAX / 2; 10 | if (x > lim || x < 0) { 11 | x = lim - 1; 12 | } 13 | if (y > lim || y < 0) { 14 | y = lim - 1; 15 | } 16 | int z; 17 | z = x + y; 18 | printf("%d", z); 19 | } 20 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/multiple-inheritance.cpp: -------------------------------------------------------------------------------- 1 | class Base { 2 | private: 3 | int x; 4 | int y; 5 | }; 6 | 7 | struct Mixin { 8 | private: 9 | unsigned z; 10 | }; 11 | 12 | struct Empty { 13 | void f() {} 14 | }; 15 | 16 | class Child : public Base, public Mixin, public Empty { 17 | private: 18 | int tab[10]; 19 | }; 20 | 21 | Child c; 22 | 23 | int main(void) { 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-4.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int MAX_ARRAY = 10; 4 | 5 | // To test loops that decrements a counter 6 | int main(int argc, char** argv) { 7 | int a[MAX_ARRAY]; 8 | int i; 9 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 10 | a[i] = i; 11 | } 12 | // for underflow check 13 | printf("%d\n", a[i + 1]); 14 | // for overflow check 15 | printf("%d\n", a[MAX_ARRAY - 1]); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-28-error.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct MyStruct { 4 | int _aa; 5 | int _bb; 6 | MyStruct() noexcept 7 | { 8 | //_aa = 5; 9 | _bb = 7; 10 | } 11 | }; 12 | 13 | int main(int argc, char *argv[]) 14 | { 15 | MyStruct* test1 = nullptr; 16 | int i = 0; 17 | do { 18 | test1 = new MyStruct; 19 | i++; 20 | }while (i < 2); 21 | return test1->_aa; 22 | } 23 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/multiple-inheritance.cpp: -------------------------------------------------------------------------------- 1 | class Base { 2 | private: 3 | int x; 4 | int y; 5 | }; 6 | 7 | struct Mixin { 8 | private: 9 | unsigned z; 10 | }; 11 | 12 | struct Empty { 13 | void f() {} 14 | }; 15 | 16 | class Child : public Base, public Mixin, public Empty { 17 | private: 18 | int tab[10]; 19 | }; 20 | 21 | Child c; 22 | 23 | int main(void) { 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-4-unsafe-1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int MAX_ARRAY = 10; 4 | 5 | // To test loops that decrements a counter 6 | int main(int argc, char** argv) { 7 | int a[MAX_ARRAY]; 8 | int i; 9 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 10 | a[i] = i; 11 | } 12 | // for underflow check 13 | printf("%d\n", a[i]); 14 | // for overflow check 15 | printf("%d\n", a[MAX_ARRAY - 1]); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-4-unsafe-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int MAX_ARRAY = 10; 4 | 5 | // To test loops that decrements a counter 6 | int main(int argc, char** argv) { 7 | int a[MAX_ARRAY]; 8 | int i; 9 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 10 | a[i] = i; 11 | } 12 | // for underflow check 13 | printf("%d\n", a[i + 1]); 14 | // for overflow check 15 | printf("%d\n", a[MAX_ARRAY]); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/17.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int argc, char** argv) { 5 | int n = __ikos_nondet_int(); 6 | int k = 1; 7 | int i = 1; 8 | int j = 0; 9 | if (n < 0) 10 | return 0; 11 | while (i < n) { 12 | j = 0; 13 | while (j < i) { 14 | k += (i - j); 15 | j++; 16 | } 17 | i++; 18 | } 19 | __ikos_assert(k >= n); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/uio/test-2-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern unsigned __ikos_nondet_uint(void); 5 | 6 | int main() { 7 | unsigned x = __ikos_nondet_uint(); 8 | unsigned y = __ikos_nondet_uint(); 9 | unsigned lim = INT_MAX / 2; 10 | if (x > lim) { 11 | x = lim - 1; 12 | } 13 | if (y > lim) { 14 | y = lim - 1; 15 | } 16 | unsigned z; 17 | z = x + y; 18 | printf("%d", z); 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/loop-4.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int foo(int x, int y) { 5 | while (x < 100) { 6 | if (__ikos_nondet_int()) 7 | y = 1; 8 | x = x + 4; 9 | } 10 | 11 | __ikos_assert(y >= 0 && y <= 1); 12 | __ikos_assert(x <= 103); 13 | 14 | return x + y; 15 | } 16 | 17 | int main() { 18 | int res = foo(0, 0); 19 | __ikos_assert(res <= 104); 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-10.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | 6 | long foo(long n, ...) { 7 | long r = 0; 8 | va_list ap; 9 | va_start(ap, n); 10 | for (long i = 0; i < n; i++) { 11 | r += va_arg(ap, long); 12 | } 13 | va_end(ap); 14 | return r; 15 | } 16 | 17 | int main() { 18 | long r = foo(4, 1, 2, 3, 4); 19 | __ikos_assert(r == 10); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-3.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops that decrements a counter 7 | int main(int argc, char** argv) { 8 | int a[MAX_ARRAY]; 9 | int i; 10 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 11 | a[i] = i; 12 | } 13 | // for underflow check 14 | printf("%d\n", a[i + 1]); 15 | // for overflow check 16 | printf("%d\n", a[MAX_ARRAY - 1]); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-17.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | extern int __ikos_nondet_int(void); 5 | 6 | int main() { 7 | int x = 0; 8 | 9 | int* p; 10 | if (__ikos_nondet_int()) { 11 | p = &x; 12 | } else { 13 | p = NULL; 14 | } 15 | 16 | int* q = &x; 17 | 18 | if (p != q) { 19 | __ikos_assert(1); 20 | } else { 21 | __ikos_assert(1); 22 | } 23 | 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-3-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops that decrements a counter 7 | int main(int argc, char** argv) { 8 | int a[MAX_ARRAY]; 9 | int i; 10 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 11 | a[i] = i; 12 | } 13 | // buffer underflow 14 | printf("%d\n", a[i]); 15 | // buffer overflow 16 | printf("%d\n", a[MAX_ARRAY]); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-44.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | typedef void* (*fun_ptr_t)(size_t); 6 | 7 | fun_ptr_t allocator() { 8 | return &malloc; 9 | } 10 | 11 | int main() { 12 | int tab[10]; 13 | int i = 0; 14 | int* p; 15 | 16 | fun_ptr_t f = allocator(); 17 | p = (int*)f(42); 18 | if (!p) 19 | return 1; 20 | *p = 42; 21 | 22 | printf("%d\n", tab[i]); 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/38.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int argc, char** argv) { 5 | int n = __ikos_nondet_int(); 6 | int x = 0; 7 | int y = 0; 8 | int i = 0; 9 | 10 | if (n < 0) 11 | return 0; 12 | while (i < n) { 13 | i++; 14 | x++; 15 | if (i % 2 == 0) 16 | y++; 17 | } 18 | 19 | if (i % 2 == 0) { 20 | __ikos_assert(x == 2 * y); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-9.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | 6 | long foo(long a, ...) { 7 | long r = a; 8 | va_list ap; 9 | va_start(ap, a); 10 | r += va_arg(ap, long); 11 | r += va_arg(ap, long); 12 | r += va_arg(ap, long); 13 | va_end(ap); 14 | return r; 15 | } 16 | 17 | int main() { 18 | long r = foo(1, 2, 3, 4); 19 | __ikos_assert(r == 10); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-14-safe.c: -------------------------------------------------------------------------------- 1 | int x = 5; 2 | float y = 5.7; 3 | 4 | extern int __ikos_nondet_int(void); 5 | 6 | void incr_x() { 7 | if (__ikos_nondet_int()) 8 | x++; 9 | } 10 | 11 | void incr_y() { 12 | if (__ikos_nondet_int()) 13 | y = y + 1.0; 14 | } 15 | 16 | int main() { 17 | int a; 18 | 19 | incr_x(); 20 | a = x; 21 | 22 | float b; 23 | incr_y(); 24 | b = y; 25 | 26 | int c = a + (int)b; 27 | return c; 28 | } 29 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/06.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int w = 1; 6 | int z = 0; 7 | int x = 0; 8 | int y = 0; 9 | 10 | while (__ikos_nondet_int()) { 11 | while (__ikos_nondet_int()) { 12 | if (w % 2 == 1) 13 | x++; 14 | if (z % 2 == 0) 15 | y++; 16 | } 17 | z = x + y; 18 | w = z + 1; 19 | } 20 | 21 | __ikos_assert(x == y); 22 | } 23 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | NASA Contributors 2 | ----------------- 3 | 4 | * Maxime Arthaud 5 | * Thomas Bailleux 6 | * Guillaume Brat 7 | * Clément Decoodt 8 | * Arnaud Hamon 9 | * Jorge Navas 10 | * Elodie-Jane Simms 11 | * Nija Shi 12 | * Sarah Thompson 13 | * Arnaud Venet 14 | * Alexandre Wimmers 15 | 16 | External Contributors 17 | --------------------- 18 | 19 | * [avemilia](https://github.com/avemilia) 20 | * [Sung Kook Kim](https://github.com/skkeem) 21 | * Aditya Thakur 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-21.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | int bar(int* a, int sz) { 6 | int i; 7 | for (i = 0; i < sz; i++) { 8 | a[i] = i; 9 | } 10 | printf("%d\n", a[i - 1]); 11 | return 42; 12 | } 13 | 14 | int foo(int sz) { 15 | int* a = (int*)malloc(sizeof(int) * sz); 16 | if (!a) 17 | return -1; 18 | return bar(a, sz); 19 | } 20 | 21 | int main(int argc, char** argv) { 22 | return foo(10); 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-5.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops 7 | int main(int argc, char** argv) { 8 | int i, j; 9 | int a[MAX_ARRAY][MAX_ARRAY]; 10 | for (i = 0; i < MAX_ARRAY; i++) { 11 | for (j = 0; j < MAX_ARRAY; j++) 12 | a[i][j] = argc; // some unknown value here 13 | } 14 | 15 | for (i = 0; i < MAX_ARRAY; i++) { 16 | printf("%d\n", a[i][i]); 17 | } 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/18.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Adapted from ex17.c in NECLA test suite 6 | */ 7 | 8 | int main() { 9 | int flag = __ikos_nondet_int(); 10 | int a = __ikos_nondet_int(); 11 | 12 | int b; 13 | int j = 0; 14 | 15 | for (b = 0; b < 100; ++b) { 16 | if (flag) 17 | j = j + 1; 18 | } 19 | 20 | if (flag) { 21 | __ikos_assert(j == 100); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/23.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * ex49 from NECLA Static Analysis Benchmarks 6 | */ 7 | 8 | int main(int argc, char** argv) { 9 | int n = __ikos_nondet_int(); 10 | int i, sum = 0; 11 | if (n < 0) 12 | return 0; 13 | if (n >= 0) { 14 | for (i = 0; i < n; ++i) { 15 | sum = sum + i; 16 | } 17 | __ikos_assert(sum >= 0); 18 | } 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/34.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int argc, char** argv) { 5 | int n = __ikos_nondet_int(); 6 | int x = 0; 7 | int y = 0; 8 | int i = 0; 9 | int m = 10; 10 | 11 | if (n < 0) 12 | return 0; 13 | while (i < n) { 14 | i++; 15 | x++; 16 | if (i % 2 == 0) 17 | y++; 18 | } 19 | 20 | if (i == m) { 21 | __ikos_assert(x == 2 * y); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/43.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Based on ex16 from NECLA Static Analysis Benchmarks 6 | */ 7 | 8 | int main() { 9 | int x = __ikos_nondet_int(); 10 | int y = __ikos_nondet_int(); 11 | int t = y; 12 | 13 | if (x == y) 14 | return x; 15 | 16 | while (__ikos_nondet_int()) { 17 | if (x > 0) 18 | y = y + x; 19 | } 20 | 21 | __ikos_assert(y >= t); 22 | } 23 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/pointer-arithmetic.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 6; 5 | } 6 | 7 | unsigned char* ptr_fun = (unsigned char*)&f + 1; 8 | 9 | const char* string_map[] = {"aaa", "bbb"}; 10 | 11 | struct vector { 12 | int x; 13 | int y; 14 | int z; 15 | }; 16 | 17 | struct vector v[] = {{1, 2, 3}, {4, 5, 6}}; 18 | 19 | int* ptr = &(v[1].z); 20 | 21 | int main() { 22 | return printf("%d\n", v[1].z); 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-2-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | int main(int argc, char** argv) { 4 | int a[2]; 5 | int b[3]; 6 | int c[10] = {0}; 7 | 8 | a[0] = 1; 9 | a[1] = 3; 10 | 11 | b[0] = 4; 12 | b[1] = 7; 13 | b[2] = 7; 14 | 15 | b[1] = 5; 16 | 17 | int* p = &a[0]; 18 | int* q = &b[0]; 19 | 20 | p = a + 1; 21 | q = b + 2; 22 | 23 | if (p == q) { 24 | q = q - 10; 25 | p = p + 42; 26 | } 27 | 28 | return c[*p + *(q - 1)]; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-31-safe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | 6 | int main() { 7 | int** a = malloc(sizeof(int*)); 8 | if (a == NULL) 9 | return 1; 10 | 11 | *a = NULL; 12 | __ikos_assert(*((int64_t*)a) == 0); 13 | 14 | int64_t* b = malloc(sizeof(int64_t)); 15 | if (b == NULL) 16 | return 1; 17 | 18 | *b = 0; 19 | __ikos_assert(*(int**)(b) == NULL); 20 | 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/26.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int w = 1, z = 0, x = 0, y = 0; 6 | while (__ikos_nondet_int()) { 7 | while (__ikos_nondet_int()) { 8 | if (w % 2 == 1) 9 | x++; 10 | if (z % 2 == 0) 11 | y++; 12 | } 13 | while (__ikos_nondet_int()) { 14 | z = x + y; 15 | w = z + 1; 16 | } 17 | } 18 | __ikos_assert(x == y); 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-23.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | 6 | int* f() { 7 | int* p = (int*)malloc(sizeof(int)); 8 | 9 | if (p == NULL) { 10 | exit(0); 11 | } 12 | 13 | return p; 14 | } 15 | 16 | int main() { 17 | int* p = f(); 18 | *p = 0; 19 | 20 | int* q = f(); 21 | *q = 42; 22 | 23 | __ikos_assert(p != q); 24 | __ikos_assert(*p == 0); 25 | __ikos_assert(*q == 42); 26 | } 27 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/pointer-arithmetic.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 6; 5 | } 6 | 7 | unsigned char* ptr_fun = (unsigned char*)&f + 1; 8 | 9 | const char* string_map[] = {"aaa", "bbb"}; 10 | 11 | struct vector { 12 | int x; 13 | int y; 14 | int z; 15 | }; 16 | 17 | struct vector v[] = {{1, 2, 3}, {4, 5, 6}}; 18 | 19 | int* ptr = &(v[1].z); 20 | 21 | int main() { 22 | return printf("%d\n", v[1].z); 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/astree-ex.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | struct s { 3 | struct s* next; 4 | int data; 5 | }; 6 | struct s A[100]; 7 | int main() { 8 | int i = 0; 9 | struct s* ptr; 10 | for (i = 0; i < 199; i++) { 11 | if (i < 99) 12 | A[i].next = &(A[i + 1]); 13 | else 14 | A[i - 99].data = i; 15 | } 16 | A[99].next = 0; 17 | A[99].data = 99; 18 | ptr = &(A[0]); 19 | while (ptr != 0) { 20 | ptr = ptr->next; 21 | } 22 | return 42; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-62.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern unsigned __ikos_nondet_uint(void); 4 | extern void __ikos_assume_mem_size(const void* ptr, size_t size); 5 | 6 | int main() { 7 | int* p = (int*)malloc(__ikos_nondet_uint()); 8 | if (!p) { 9 | return -1; 10 | } 11 | *p = 1; // warning 12 | __ikos_assume_mem_size(p, sizeof(int)); 13 | *p = 2; // safe 14 | __ikos_assume_mem_size(p, sizeof(char)); 15 | *p = 3; // error 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/pointer-arithmetic.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f() { 4 | return 6; 5 | } 6 | 7 | unsigned char* ptr_fun = (unsigned char*)&f + 1; 8 | 9 | const char* string_map[] = {"aaa", "bbb"}; 10 | 11 | struct vector { 12 | int x; 13 | int y; 14 | int z; 15 | }; 16 | 17 | struct vector v[] = {{1, 2, 3}, {4, 5, 6}}; 18 | 19 | int* ptr = &(v[1].z); 20 | 21 | int main() { 22 | return printf("%d\n", v[1].z); 23 | } 24 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | install/ 3 | !doc/install/ 4 | 5 | # Editors 6 | *.swp 7 | *~ 8 | .ycm_extra_conf.py 9 | 10 | # Python 11 | *.pyc 12 | __pycache__ 13 | 14 | # Object files 15 | *.o 16 | *.ko 17 | *.obj 18 | *.elf 19 | 20 | # Libraries 21 | *.lib 22 | *.a 23 | 24 | # Shared objects (inc. Windows DLLs) 25 | *.dll 26 | *.so 27 | *.so.* 28 | *.dylib 29 | 30 | # Executables 31 | *.exe 32 | *.out 33 | *.app 34 | *.i*86 35 | *.x86_64 36 | *.hex 37 | 38 | # IKOS 39 | *.ar 40 | *.db 41 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-70.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_abstract_mem(void* ptr, size_t size); 4 | 5 | static int tab[10]; 6 | 7 | static int* f(int value) { 8 | for (int i = 0; i < 10; i++) { 9 | if (tab[i] == value) { 10 | return &tab[i]; 11 | } 12 | } 13 | return NULL; 14 | } 15 | 16 | int main() { 17 | __ikos_abstract_mem(&tab[0], 10 * sizeof(int)); 18 | int* p = f(42); 19 | if (p != NULL) { 20 | *p = 0; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-4.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // Adds even number to a uint16_t address, still resulting in safe access 3 | #include 4 | 5 | extern int __ikos_nondet_int(void); 6 | 7 | uint16_t* foo(uint16_t* x, uint16_t* y) { 8 | return x + *y; 9 | } 10 | 11 | int main() { 12 | uint16_t a = 0; 13 | 14 | uint16_t b = 2; 15 | if (__ikos_nondet_int()) 16 | b = 4 * b; 17 | else 18 | b = 6; 19 | 20 | uint16_t* z = foo(&a, &b); 21 | return *z; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-9a.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // 3 | // If the multidimensional array is global then LLVM generates a 4 | // single GetElementPtr instruction 5 | 6 | int p[2][2][2]; 7 | void kalman_global(void) { 8 | p[0][0][0] = 1; 9 | p[0][0][1] = 1; 10 | p[0][1][0] = 1; 11 | p[0][1][1] = 1; 12 | p[1][0][0] = 1; 13 | p[1][0][1] = 1; 14 | p[1][1][0] = 1; 15 | p[1][1][1] = 1; 16 | } 17 | 18 | int main(int arg, char** argv) { 19 | kalman_global(); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-9b.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // 3 | // If the multidimensional array is local then LLVM generates multiple 4 | // GetElementPtr instructions 5 | void kalman_local(void) { 6 | int p[2][2][2]; 7 | 8 | p[0][0][0] = 1; 9 | p[0][0][1] = 1; 10 | p[0][1][0] = 1; 11 | p[0][1][1] = 1; 12 | p[1][0][0] = 1; 13 | p[1][0][1] = 1; 14 | p[1][1][0] = 1; 15 | p[1][1][1] = 1; 16 | } 17 | 18 | int main(int arg, char** argv) { 19 | kalman_local(); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-2-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | int main(int argc, char** argv) { 4 | int a[2]; 5 | int b[3]; 6 | int c[10] = {0}; 7 | 8 | a[0] = 1; 9 | a[1] = 3; 10 | 11 | b[0] = 4; 12 | b[1] = 7; 13 | b[2] = 7; 14 | 15 | // b[1]=5; 16 | 17 | int* p = &a[0]; 18 | int* q = &b[0]; 19 | 20 | p = a + 1; 21 | q = b + 2; 22 | 23 | if (p == q) { 24 | q = q - 10; 25 | p = p + 42; 26 | } 27 | 28 | return c[*p + *(q - 1)]; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-25.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | struct foo { 6 | int p; 7 | int q; 8 | }; 9 | 10 | struct foo x; 11 | int main() { 12 | x.p = 9; 13 | x.q = 20; 14 | 15 | int p1, p2; 16 | 17 | if (__ikos_nondet_int()) 18 | p1 = x.p; 19 | else 20 | p1 = x.q; 21 | 22 | p2 = x.q; 23 | 24 | __ikos_assert(p1 >= 9 && p1 <= 20); 25 | __ikos_assert(p2 == 20); 26 | return p1 + p2; 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/32.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * "split.c" from InvGen benchmark suite 6 | */ 7 | 8 | int main() { 9 | int k = 100; 10 | int b = __ikos_nondet_int(); 11 | int j = __ikos_nondet_int(); 12 | int n; 13 | int i = j; 14 | for (n = 0; n < 2 * k; n++) { 15 | if (b) { 16 | i++; 17 | } else { 18 | j++; 19 | } 20 | b = !b; 21 | } 22 | __ikos_assert(i == j); 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-11.c: -------------------------------------------------------------------------------- 1 | // SAFE if interprocedural 2 | #include 3 | 4 | int a[100][100]; 5 | int init = 5; 6 | 7 | int foo(int k) { 8 | while (k < 100) { 9 | int i = 0; 10 | int j = k; 11 | while (i < j) { 12 | i = i + 1; 13 | j = j - 1; 14 | a[i][j] = init; 15 | } 16 | k = k + 1; 17 | } 18 | return k; 19 | } 20 | 21 | int main(int argc, char** argv) { 22 | int ind = foo(0); 23 | printf("%d\n", a[ind - 1][ind - 1]); 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-0-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | #include 4 | 5 | extern void __ikos_assert(int); 6 | extern int __ikos_nondet_int(void); 7 | 8 | int main() { 9 | int* p = (int*)malloc(sizeof(int)); 10 | if (p == 0) 11 | exit(0); 12 | 13 | *p = 0; 14 | while (__ikos_nondet_int()) { 15 | if (__ikos_nondet_int()) 16 | *p = 1; 17 | if (__ikos_nondet_int()) 18 | *p = 3; 19 | } 20 | __ikos_assert(*p == 4); 21 | return 42; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/25.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int x = 0; 6 | int y = 0; 7 | int i = 0; 8 | int j = 0; 9 | 10 | while (__ikos_nondet_int()) { 11 | while (__ikos_nondet_int()) { 12 | if (x == y) 13 | i++; 14 | else 15 | j++; 16 | } 17 | if (i >= j) { 18 | x++; 19 | y++; 20 | } else 21 | y++; 22 | } 23 | 24 | __ikos_assert(i >= j); 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-22-exceptions.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern int __ikos_nondet_int(void) noexcept; 3 | extern void __ikos_assert(int) noexcept; 4 | } 5 | 6 | int x; 7 | 8 | void f() { 9 | if (__ikos_nondet_int() == 47) { 10 | throw 42; 11 | } 12 | } 13 | 14 | int main() { 15 | x = 0; 16 | f(); 17 | x = 1; 18 | 19 | try { 20 | f(); 21 | x = 2; 22 | } catch (int) { 23 | __ikos_assert(x == 1); 24 | } 25 | __ikos_assert(x >= 1 && x <= 2); 26 | } 27 | -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | BasedOnStyle: Google 3 | --- 4 | Language: Cpp 5 | SpacesInAngles: true 6 | AccessModifierOffset: -2 7 | DerivePointerAlignment: false 8 | AllowShortIfStatementsOnASingleLine: false 9 | AllowShortLoopsOnASingleLine: false 10 | AllowShortFunctionsOnASingleLine: Inline 11 | BinPackParameters: false 12 | BinPackArguments: false 13 | PenaltyBreakBeforeFirstCallParameter: 5000 14 | PenaltyReturnTypeOnItsOwnLine: 500 15 | SpacesBeforeTrailingComments: 1 16 | IncludeBlocks: Preserve 17 | --- 18 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-5-unsafe-1.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE (overflow) 2 | 3 | #include 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops 7 | int main(int argc, char** argv) { 8 | int i, j; 9 | int a[MAX_ARRAY][MAX_ARRAY]; 10 | for (i = 0; i < MAX_ARRAY; i++) { 11 | for (j = 0; j < MAX_ARRAY; j++) 12 | a[i + 1][j] = argc; // some unknown value here 13 | } 14 | 15 | for (i = 0; i < MAX_ARRAY; i++) { 16 | printf("%d\n", a[i][i]); 17 | } 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-5-unsafe-2.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE (overflow) 2 | #include 3 | 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops 7 | int main(int argc, char** argv) { 8 | int i, j; 9 | int a[MAX_ARRAY][MAX_ARRAY]; 10 | for (i = 0; i < MAX_ARRAY; i++) { 11 | for (j = 0; j < MAX_ARRAY; j++) 12 | a[i][j + 1] = argc; // some unknown value here 13 | } 14 | 15 | for (i = 0; i < MAX_ARRAY; i++) { 16 | printf("%d\n", a[i][i]); 17 | } 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-5-unsafe-3.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE (underflow) 2 | 3 | #include 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops 7 | int main(int argc, char** argv) { 8 | int i, j; 9 | int a[MAX_ARRAY][MAX_ARRAY]; 10 | for (i = 0; i < MAX_ARRAY; i++) { 11 | for (j = 0; j < MAX_ARRAY; j++) 12 | a[i][j - 1] = argc; // some unknown value here 13 | } 14 | 15 | for (i = 0; i < MAX_ARRAY; i++) { 16 | printf("%d\n", a[i][i]); 17 | } 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-5-unsafe-4.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE (underflow) 2 | 3 | #include 4 | #define MAX_ARRAY 10 5 | 6 | // To test loops 7 | int main(int argc, char** argv) { 8 | int i, j; 9 | int a[MAX_ARRAY][MAX_ARRAY]; 10 | for (i = 0; i < MAX_ARRAY; i++) { 11 | for (j = 0; j < MAX_ARRAY; j++) 12 | a[i - 1][j] = argc; // some unknown value here 13 | } 14 | 15 | for (i = 0; i < MAX_ARRAY; i++) { 16 | printf("%d\n", a[i][i]); 17 | } 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/astree.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | 4 | typedef union _u { 5 | int a; 6 | char b[4]; 7 | } my_union; 8 | my_union U; 9 | 10 | typedef struct _x { 11 | unsigned int a : 1; 12 | unsigned int b : 1; 13 | } bit; 14 | 15 | int main() { 16 | bit z; 17 | z.b = 0; 18 | z.a = 1; 19 | __ikos_assert((z.a == 1)); 20 | U.b[0] = 1; 21 | U.b[1] = 1; 22 | U.b[2] = 1; 23 | U.b[3] = 1; 24 | __ikos_assert((U.a == 0x1010101)); 25 | return 42; 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-5-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | struct bar { 6 | int y; 7 | unsigned char z; 8 | }; 9 | 10 | struct foo { 11 | unsigned char a; 12 | long b; 13 | unsigned char c; 14 | struct bar d; 15 | }; 16 | 17 | int main() { 18 | struct foo x; 19 | x.a = 5; 20 | x.b = 2000; 21 | x.c = 10; 22 | x.d.y = 32; 23 | x.d.z = 5; 24 | 25 | if (x.d.y > 0) { 26 | __ikos_assert(x.d.y + x.c == 42); 27 | } 28 | return 42; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-4-unsafe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // Adds odd number to a uint16_t address, resulting in unsafe access 3 | #include 4 | 5 | extern int __ikos_nondet_int(void); 6 | 7 | uint16_t* foo(uint8_t* x, uint8_t* y) { 8 | return (uint16_t*)(x + *y); 9 | } 10 | 11 | int main() { 12 | uint16_t a = 0; 13 | 14 | uint8_t b = 3; 15 | if (__ikos_nondet_int()) 16 | b = 5 * b; 17 | else 18 | b = 7; 19 | 20 | uint16_t* z = foo((uint8_t*)&a, &b); 21 | return *z; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-3-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | int foo(int* a, int* b, int* c) { 4 | int* p; 5 | int* q; 6 | 7 | p = a + 1; 8 | q = b + 2; 9 | 10 | if (p == q) { 11 | q = q - 10; 12 | p = p + 42; 13 | } 14 | 15 | return c[*p + *q]; 16 | } 17 | 18 | int main(int argc, char** argv) { 19 | int a[2]; 20 | int b[3]; 21 | int c[10] = {0}; 22 | 23 | a[0] = 1; 24 | a[1] = 3; 25 | 26 | b[0] = 4; 27 | b[1] = 5; 28 | b[2] = 6; 29 | 30 | return foo(a, b, c); 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-4-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | struct bar { 6 | int y; 7 | unsigned char z; 8 | }; 9 | 10 | struct foo { 11 | unsigned char a; 12 | long b; 13 | unsigned char c; 14 | struct bar d; 15 | }; 16 | 17 | struct foo x = {5, 2000, 10, {32, 5}}; 18 | 19 | int h; 20 | 21 | int main() { 22 | if (x.d.y > 0) { 23 | x.d.y++; 24 | h = 8; 25 | h++; 26 | __ikos_assert(x.d.y + x.c + h == 52); 27 | } 28 | return 42; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-6-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | struct bar { 6 | int y; 7 | unsigned char z; 8 | }; 9 | 10 | struct foo { 11 | unsigned char a; 12 | long b; 13 | unsigned char c; 14 | struct bar d; 15 | }; 16 | 17 | struct foo x; 18 | 19 | int main() { 20 | x.a = 5; 21 | x.b = 2000; 22 | x.c = 10; 23 | x.d.y = 32; 24 | x.d.z = 5; 25 | 26 | if (x.d.y > 0) { 27 | __ikos_assert(x.d.y + x.c == 42); 28 | } 29 | return 42; 30 | } 31 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/14.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * From "The Octagon Abstract Domain" HOSC 2006 by Mine. 6 | */ 7 | 8 | int main() { 9 | int a = 0; 10 | int j; 11 | int m; 12 | m = __ikos_nondet_int(); 13 | if (m <= 0) 14 | return 0; 15 | for (j = 1; j <= m; j++) { 16 | if (__ikos_nondet_int()) 17 | a++; 18 | else 19 | a--; 20 | } 21 | __ikos_assert(a >= -m); 22 | __ikos_assert(a <= m); 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-11.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int foo(int n, ...) { 6 | int* p; 7 | int r = 0; 8 | va_list ap; 9 | va_start(ap, n); 10 | for (int i = 0; i < n; i++) { 11 | p = va_arg(ap, int*); 12 | r += *p; 13 | } 14 | va_end(ap); 15 | return r; 16 | } 17 | 18 | int main() { 19 | int x = 1, y = 2, z = 3; 20 | int r = foo(2, &x, &y, &z); 21 | __ikos_assert(r >= 0); 22 | __ikos_assert(r == 3); 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-0-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | extern void __ikos_assert(int); 6 | extern int __ikos_nondet_int(void); 7 | 8 | int main() { 9 | int* p = (int*)malloc(sizeof(int)); 10 | if (p == NULL) 11 | exit(0); 12 | 13 | *p = 0; 14 | while (__ikos_nondet_int()) { 15 | if (__ikos_nondet_int()) 16 | *p = 1; 17 | if (__ikos_nondet_int()) 18 | *p = 5; 19 | } 20 | __ikos_assert(*p >= 0 && *p <= 5); 21 | return 42; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-10-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | extern void __ikos_assert(int); 6 | 7 | struct foo { 8 | int a; 9 | int b; 10 | }; 11 | 12 | struct foo* x; 13 | 14 | int main(int argc, char** argv) { 15 | x = (struct foo*)malloc(sizeof(struct foo)); 16 | if (x == 0) 17 | exit(0); 18 | 19 | x->a = 5; 20 | x->b = x->a + 7; 21 | x->a = x->a + 2; 22 | 23 | __ikos_assert(x->a == 6 && x->b == 12); 24 | 25 | return 42; 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-14a.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a[10]; 7 | int b[10]; 8 | int* x; 9 | 10 | a[0] = 5; 11 | b[0] = 10; 12 | 13 | if (__ikos_nondet_int()) 14 | x = &a[0]; 15 | else 16 | x = &b[0]; 17 | 18 | //__ikos_assert ( *x == 5); // warning 19 | //__ikos_assert ( *x == 10); // warning 20 | __ikos_assert(*x >= 5 && *x <= 10); // safe 21 | return 42; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-9-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int x = 6; 6 | 7 | void f4() { 8 | x++; 9 | x++; 10 | } 11 | 12 | void f3() { 13 | f4(); 14 | } 15 | 16 | void f2() { 17 | f3(); 18 | } 19 | 20 | void f1() { 21 | f2(); 22 | __ikos_assert(x == 7); // x == 8 23 | f3(); 24 | __ikos_assert(x == 8); // x== 10 25 | x++; 26 | } 27 | 28 | int main(int argc, char** argv) { 29 | f1(); 30 | __ikos_assert(x == 11); 31 | return 42; 32 | } 33 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/03.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * "nested4.c" from InvGen benchmark suite 6 | */ 7 | 8 | int main() { 9 | int i, k, n, l; 10 | n = __ikos_nondet_int(); 11 | l = __ikos_nondet_int(); 12 | // assume(l>0); 13 | if (l > 0) { 14 | for (k = 1; k < n; k++) { 15 | for (i = l; i < n; i++) { 16 | } 17 | for (i = l; i < n; i++) { 18 | __ikos_assert(1 <= i); 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/27.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * "nested2.c" from InvGen benchmark suite 6 | */ 7 | 8 | int main() { 9 | int i, k, n, l; 10 | // assume(l>0); 11 | l = __ikos_nondet_int(); 12 | n = __ikos_nondet_int(); 13 | if (l > 0) { 14 | for (k = 1; k < n; k++) { 15 | for (i = l; i < n; i++) { 16 | } 17 | for (i = l; i < n; i++) { 18 | __ikos_assert(1 <= k); 19 | } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-5-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | struct bar { 6 | int y; 7 | unsigned char z; 8 | }; 9 | 10 | struct foo { 11 | unsigned char a; 12 | long b; 13 | unsigned char c; 14 | struct bar d; 15 | }; 16 | 17 | int main() { 18 | struct foo x; 19 | x.a = 5; 20 | x.b = 2000; 21 | x.c = 10; 22 | x.d.y = 32; 23 | x.d.z = 5; 24 | 25 | if (x.d.y > 0) { 26 | __ikos_assert(x.d.y + x.c == 43); 27 | } 28 | return 42; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-8-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int foo(int* a, int* c) { 6 | int* p; 7 | 8 | p = a + 1; 9 | 10 | __ikos_assert(*p == 3); 11 | 12 | int res = c[*p]; 13 | c[*p] = 555; 14 | return res; 15 | } 16 | 17 | int main(int argc, char** argv) { 18 | int a[2]; 19 | int c[10]; 20 | 21 | a[1] = 3; 22 | c[3] = 666; 23 | 24 | int x = foo(a, c); 25 | 26 | __ikos_assert(x == 666); 27 | __ikos_assert(c[3] == 555); 28 | return x; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/16.c: -------------------------------------------------------------------------------- 1 | 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | /* 6 | * From "A Practical and Complete Approach to Predicate Refinement" by McMillan 7 | * TACAS'06 8 | */ 9 | 10 | int main(int argc, char** argv) { 11 | int i = __ikos_nondet_int(); 12 | int j = __ikos_nondet_int(); 13 | 14 | int x = i; 15 | int y = j; 16 | 17 | while (x != 0) { 18 | x--; 19 | y--; 20 | } 21 | if (i == j) { 22 | __ikos_assert(y == 0); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-3-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | 3 | int foo(int* a, int* b, int* c) { 4 | int* p; 5 | int* q; 6 | 7 | p = a + 1; 8 | q = b + 2; 9 | 10 | if (p == q) { 11 | q = q - 10; 12 | p = p + 42; 13 | } 14 | 15 | return c[*p + *q]; 16 | } 17 | 18 | int main(int argc, char** argv) { 19 | int a[2]; 20 | int b[3]; 21 | int c[10] = {0}; 22 | 23 | a[0] = 1; 24 | a[1] = 3; 25 | 26 | b[0] = 4; 27 | b[1] = 5; 28 | b[2] = 7; 29 | 30 | return foo(a, b, c); 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-9-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | 5 | int x = 6; 6 | int y = 4; 7 | 8 | void f4() { 9 | x++; 10 | y++; 11 | } 12 | 13 | void f3() { 14 | f4(); 15 | } 16 | 17 | void f2() { 18 | f3(); 19 | } 20 | 21 | void f1() { 22 | f2(); 23 | __ikos_assert(x == 7 && y == 5); 24 | f3(); 25 | __ikos_assert(x == 8 && y == 6); 26 | x++; 27 | } 28 | 29 | int main(int argc, char** argv) { 30 | f1(); 31 | __ikos_assert(x == 9 && y == 6); 32 | return 42; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/uma/test-20-safe.c: -------------------------------------------------------------------------------- 1 | // Test that generates extractelem, insertelem and range for a struct 2 | #include 3 | 4 | typedef struct { 5 | int x1; 6 | int x2; 7 | int x3; 8 | } vector_t; 9 | 10 | vector_t f() { 11 | vector_t v; 12 | v.x1 = 1; 13 | v.x2 = 2; 14 | v.x3 = 3; 15 | return v; 16 | } 17 | 18 | void print_vector(vector_t v) { 19 | printf("%d %d %d\n", v.x1, v.x2, v.x3); 20 | } 21 | 22 | int main() { 23 | vector_t v = f(); 24 | print_vector(v); 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-20-safe.c: -------------------------------------------------------------------------------- 1 | // Test that generates extractelem, insertelem and range for a struct 2 | #include 3 | 4 | typedef struct { 5 | int x1; 6 | int x2; 7 | int x3; 8 | } vector_t; 9 | 10 | vector_t f() { 11 | vector_t v; 12 | v.x1 = 1; 13 | v.x2 = 2; 14 | v.x3 = 3; 15 | return v; 16 | } 17 | 18 | void print_vector(vector_t v) { 19 | printf("%d %d %d\n", v.x1, v.x2, v.x3); 20 | } 21 | 22 | int main() { 23 | vector_t v = f(); 24 | print_vector(v); 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-7-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | // Complex function that gives an offset 3 | #include 4 | #include 5 | 6 | uint8_t foo(uint8_t k, uint8_t N) { 7 | return k + N; 8 | } 9 | 10 | uint8_t bar(uint8_t p) { 11 | return p + foo(p, 10); 12 | } 13 | 14 | int main(int argc, char** argv) { 15 | uint8_t a[56]; 16 | uint8_t x = foo(5, 10); // x=15 17 | uint8_t y = x + bar(x); // y=55 18 | a[x] = y; 19 | 20 | uint16_t* test; 21 | test = a[x] + y + 1; 22 | return *test; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-11-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | // interprocedural analysis is needed. 3 | #include 4 | 5 | int a[100][100]; 6 | int init = 5; 7 | 8 | int foo(int k) { 9 | while (k < 100) { 10 | int i = 0; 11 | int j = k; 12 | while (i < j) { 13 | i = i + 1; 14 | j = j - 1; 15 | a[i][j] = init; 16 | } 17 | k = k + 1; 18 | } 19 | return k; 20 | } 21 | 22 | int main(int argc, char** argv) { 23 | int ind = foo(0); 24 | printf("%d\n", a[ind - 1][ind]); 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-6.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #define MAX_ARRAY 10 4 | 5 | struct foo { 6 | int x; 7 | int a[MAX_ARRAY][MAX_ARRAY]; 8 | }; 9 | 10 | // To test loops 11 | int main(int argc, char** argv) { 12 | int i, j; 13 | struct foo x; 14 | for (i = 0; i < MAX_ARRAY; i++) { 15 | for (j = 0; j < MAX_ARRAY; j++) 16 | x.a[i][j] = argc; // some unknown value here 17 | } 18 | 19 | for (i = 0; i < MAX_ARRAY; i++) { 20 | printf("%d\n", x.a[i][i]); 21 | } 22 | 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/13.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Based on "Property-Directed Incremental Invariant Generation" by Bradley et 6 | * al. 7 | */ 8 | 9 | int main(int flag, char** argv) { 10 | int j = 2; 11 | int k = 0; 12 | 13 | while (__ikos_nondet_int()) { 14 | if (flag) 15 | j = j + 4; 16 | else { 17 | j = j + 2; 18 | k = k + 1; 19 | } 20 | } 21 | if (k != 0) { 22 | __ikos_assert(j == 2 * k + 2); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // See how we treat global variables, struct and one-dimensional arrays 3 | // The program is safe in terms of buffer overflow although A is 4 | // uninitialized. B is uninitialized since it is a global array. 5 | int x = 6; 6 | 7 | struct foo { 8 | int x; 9 | }; 10 | 11 | int B[10]; 12 | 13 | int main(int argc, char** argv) { 14 | int A[5] = {0}; 15 | 16 | struct foo a; 17 | a.x = 59; 18 | x++; 19 | B[8] = 23; 20 | int z = x + 7 + a.x + A[4] + B[9]; 21 | return z; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-32-use-after-return.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | int* f() { 6 | int array[10]; 7 | for (int i = 0; i < 10; i++) { 8 | array[i] = __ikos_nondet_int(); 9 | } 10 | 11 | for (int i = 0; i < 10; i++) { 12 | if (array[i] == 42) { 13 | return &array[i]; 14 | } 15 | } 16 | 17 | return NULL; 18 | } 19 | 20 | int main() { 21 | int* ret = f(); 22 | if (ret != NULL) { 23 | return *ret; 24 | } else { 25 | return 0; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/15.c: -------------------------------------------------------------------------------- 1 | 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | /* 6 | * from Invgen test suite 7 | */ 8 | 9 | int main(int argc, char** argv) { 10 | int n; 11 | int k, j; 12 | n = __ikos_nondet_int(); 13 | k = __ikos_nondet_int(); 14 | if (n > 0) { // assume(n>0); 15 | if (k > n) { // assume(k>n); 16 | j = 0; 17 | while (j < n) { 18 | j++; 19 | k--; 20 | } 21 | __ikos_assert(k >= 0); 22 | } 23 | } 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-9a-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | // 3 | // If the multidimensional array is global then LLVM generates a 4 | // single GetElementPtr instruction 5 | 6 | int p[2][2][2]; 7 | int kalman_global(void) { 8 | p[0][0][0] = 1; 9 | p[0][0][1] = 1; 10 | p[0][1][0] = 1; 11 | p[0][1][1] = 1; 12 | p[2][0][0] = 1; 13 | p[1][0][1] = 1; 14 | p[1][1][0] = 1; 15 | p[1][1][1] = 1; 16 | 17 | return p[0][1][0] + p[0][1][1]; 18 | } 19 | 20 | int main(int arg, char** argv) { 21 | return kalman_global(); 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-9b-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | // 3 | // If the multidimensional array is local then LLVM generates multiple 4 | // GetElementPtr instructions 5 | int kalman_local(void) { 6 | int p[2][2][2]; 7 | 8 | p[0][0][2] = 1; 9 | p[0][0][1] = 1; 10 | p[0][1][0] = 1; 11 | p[0][1][1] = 1; 12 | p[1][0][0] = 1; 13 | p[2][0][1] = 1; 14 | p[1][1][0] = 1; 15 | p[1][1][1] = 1; 16 | 17 | return p[0][1][0] + p[0][1][1]; 18 | } 19 | 20 | int main(int arg, char** argv) { 21 | return kalman_local(); 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-1.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int i = 0; 6 | int x = 2; 7 | while (__ikos_nondet_int()) { 8 | x = 3; 9 | i++; 10 | } 11 | __ikos_assert(i >= 0); // any numerical domain >= intervals will do it 12 | __ikos_assert(x == 2 || x == 3); // a numerical domain with some 13 | // reasoning for disequalities (currently 14 | // only intervals if the interval is a singleton) 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-21-exceptions.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern int __ikos_nondet_int(void) noexcept; 3 | extern void __ikos_assert(int) noexcept; 4 | } 5 | 6 | int x = 0; 7 | 8 | void may_throw() { 9 | x = 1; 10 | if (__ikos_nondet_int()) { 11 | throw nullptr; 12 | } 13 | } 14 | 15 | extern int f(); 16 | 17 | int main() { 18 | may_throw(); 19 | try { 20 | __ikos_assert(x == 1); 21 | x = 2; 22 | f(); 23 | } catch (void*) { 24 | __ikos_assert(x == 2); 25 | } 26 | __ikos_assert(x == 2); 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-20.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | extern int __ikos_nondet_int(void); 6 | 7 | int main() { 8 | int *p, *q, *r; 9 | 10 | p = (int*)malloc(sizeof(int)); 11 | q = (int*)malloc(sizeof(int)); 12 | r = (int*)malloc(sizeof(int)); 13 | 14 | if (!p || !q || !r) 15 | return 0; 16 | 17 | *q = 3; 18 | *r = 5; 19 | 20 | if (__ikos_nondet_int()) 21 | p = q; 22 | else 23 | p = r; 24 | 25 | __ikos_assert(*p >= 3 && *p <= 5); 26 | return *p; 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/29.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main() { 5 | int a = 1; 6 | int b = 1; 7 | int c = 2; 8 | int d = 2; 9 | int x = 3; 10 | int y = 3; 11 | while (__ikos_nondet_int()) { 12 | x = a + c; 13 | y = b + d; 14 | if ((x + y) % 2 == 0) { 15 | a++; 16 | d++; 17 | } else { 18 | a--; 19 | } 20 | while (__ikos_nondet_int()) { 21 | c--; 22 | b--; 23 | } 24 | } 25 | __ikos_assert(a + c == b + d); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-6-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE SAFE 2 | #include 3 | #define MAX_ARRAY 10 4 | 5 | struct foo { 6 | int x; 7 | int a[MAX_ARRAY][MAX_ARRAY]; 8 | }; 9 | 10 | // To test loops 11 | int main(int argc, char** argv) { 12 | int i, j; 13 | struct foo x; 14 | for (i = 0; i < MAX_ARRAY; i++) { 15 | for (j = 0; j < MAX_ARRAY; j++) 16 | x.a[i][j] = argc; // some unknown value here 17 | } 18 | 19 | for (i = 0; i < MAX_ARRAY; i++) { 20 | printf("%d\n", x.a[i][i + 1]); 21 | } 22 | 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-30-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE if --domain=interval-congruence 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main() { 6 | int a[3]; 7 | a[0] = 5; 8 | a[1] = 10; 9 | // a = [ 5 | 10 | T ] 10 | int x = __ikos_nondet_int(); 11 | a[x] = 7; 12 | // a = [ [5,7] | [7,10] | [-oo,+oo] ] 13 | 14 | __ikos_assert(a[0] >= 5 && a[0] <= 7); // safe 15 | __ikos_assert(a[1] >= 7 && a[1] <= 10); // safe 16 | __ikos_assert(a[x] >= 5 && a[x] <= 10); // unsafe 17 | 18 | return 42; 19 | } 20 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-29-safe.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct MyStruct { 4 | int _aa; 5 | int _bb; 6 | MyStruct() noexcept 7 | { 8 | _aa = 5; 9 | _bb = 7; 10 | } 11 | }; 12 | 13 | int main(int argc, char *argv[]) 14 | { 15 | // This test gives a false positive because the ikos AR 16 | // does not assure that the body is executed at least once. 17 | // That could probably be fixed. 18 | MyStruct* test1 = nullptr; 19 | for(int i = 0; i < 2;i++) { 20 | test1 = new MyStruct; 21 | } 22 | return test1->_aa; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-5.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int) noexcept; 3 | extern int __ikos_nondet_int(void) noexcept; 4 | } 5 | 6 | int x; 7 | 8 | void no_exit() { 9 | while (true) { 10 | } 11 | } 12 | 13 | void throw_exc() { 14 | throw 0x42; 15 | } 16 | 17 | void f() { 18 | if (__ikos_nondet_int()) { 19 | x = 1; 20 | throw_exc(); 21 | } 22 | 23 | no_exit(); 24 | } 25 | 26 | int main() { 27 | x = 0; 28 | try { 29 | f(); 30 | } catch (int) { 31 | __ikos_assert(x == 1); 32 | } 33 | return 0; 34 | } 35 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-8.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int) noexcept; 3 | extern int __ikos_nondet_int(void) noexcept; 4 | } 5 | 6 | int x = 0; 7 | 8 | void may_throw() { 9 | x = 1; 10 | if (__ikos_nondet_int()) { 11 | throw 0x42; 12 | } 13 | } 14 | 15 | void does_not_throw() { 16 | x = 2; 17 | } 18 | 19 | void does_not_catch() { 20 | try { 21 | does_not_throw(); 22 | } catch (int) { 23 | __ikos_assert(false); // unreachable 24 | } 25 | } 26 | 27 | int main() { 28 | may_throw(); 29 | does_not_catch(); 30 | } 31 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-8.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | // We just use a pointer as an array 6 | #define MAX_ARRAY 10 7 | // To test loops that decrements a counter 8 | int main(int argc, char** argv) { 9 | int* p = (int*)malloc(sizeof(int) * MAX_ARRAY); 10 | int i; 11 | if (!p) 12 | return 1; 13 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 14 | p[i] = i; 15 | } 16 | // for underflow check 17 | // printf("%d\n", p[i+1]); 18 | // for overflow check 19 | printf("%d\n", p[MAX_ARRAY - 1]); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/37.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Taken from "Counterexample Driven Refinement for Abstract Interpretation" 6 | * (TACAS'06) by Gulavani 7 | */ 8 | 9 | int main(int argc, char** argv) { 10 | int n = __ikos_nondet_int(); 11 | int x = 0; 12 | int m = 0; 13 | if (n < 0) 14 | return 0; 15 | while (x < n) { 16 | if (__ikos_nondet_int()) { 17 | m = x; 18 | } 19 | x = x + 1; 20 | } 21 | if (n > 0) { 22 | __ikos_assert(0 <= m && m < n); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-16.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int x = 0; 5 | 6 | void f(void) { 7 | x++; 8 | __ikos_assert(x == 1); 9 | } 10 | 11 | void g(void) { 12 | f(); 13 | __ikos_assert(x == 1); 14 | } 15 | 16 | typedef void (*fun_ptr_t)(void); 17 | 18 | int main(int argc, char** argv) { 19 | fun_ptr_t tab[2]; 20 | tab[0] = &f; 21 | tab[1] = &g; 22 | 23 | int i = __ikos_nondet_int(); 24 | if (i < 0 || i > 1) { 25 | return 0; 26 | } 27 | 28 | fun_ptr_t h = tab[i]; 29 | h(); 30 | } 31 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/08.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Based on "Automatically refining abstract interpretations" fig.1 6 | */ 7 | 8 | int main() { 9 | int x = 0, y = 0; 10 | while (__ikos_nondet_int()) { 11 | if (__ikos_nondet_int()) { 12 | x++; 13 | y += 100; 14 | } else if (__ikos_nondet_int()) { 15 | if (x >= 4) { 16 | x++; 17 | y++; 18 | } 19 | if (x < 0) { 20 | y--; 21 | } 22 | } 23 | } 24 | __ikos_assert(x < 4 || y > 2); 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-23-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | char* foo(char* a, int n) { 6 | int i; 7 | for (i = 0; i < n; i++) 8 | a[i] = 'A'; 9 | return a; 10 | } 11 | 12 | int main() { 13 | char str[50]; 14 | 15 | strcpy(str, "This is string.h library function"); 16 | puts(str); 17 | 18 | memset(str, '$', 50); // SAFE 19 | char* A = foo(str, 10); 20 | // char * B; <- B will be undefined 21 | char B[10]; 22 | memcpy(B, A, 10); // SAFE 23 | char* C = foo(B, 10); // SAFE 24 | puts(C); 25 | return (0); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/40.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int flag, char** argv) { 5 | int i, j; 6 | j = 1; 7 | if (flag) { 8 | i = 0; 9 | } else { 10 | i = 1; 11 | } 12 | 13 | while (__ikos_nondet_int()) { 14 | i += 2; 15 | if (i % 2 == 0) { 16 | j += 2; 17 | } else 18 | j++; 19 | } 20 | 21 | int a = 0; 22 | int b = 0; 23 | 24 | while (__ikos_nondet_int()) { 25 | a++; 26 | b += (j - i); 27 | } 28 | if (flag) { 29 | __ikos_assert(a == b); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/44.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Adapted from ex20 from NECLA Static Analysis Benchmarks 6 | */ 7 | 8 | int main() { 9 | int k = __ikos_nondet_int(); 10 | int flag = __ikos_nondet_int(); 11 | 12 | int i = 0; 13 | int j = 0; 14 | int n; 15 | 16 | if (flag == 1) { 17 | n = 1; 18 | } else { 19 | n = 2; 20 | } 21 | 22 | i = 0; 23 | 24 | while (i <= k) { 25 | i++; 26 | j = j + n; 27 | } 28 | if (flag == 1) { 29 | __ikos_assert(j == i); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/aggregate-in-reg-1.cpp: -------------------------------------------------------------------------------- 1 | template < typename T > 2 | class Vector3 { 3 | private: 4 | T _x, _y, _z; 5 | 6 | public: 7 | Vector3< T >(T x, T y, T z) : _x(x), _y(y), _z(z) {} 8 | }; 9 | 10 | class Foo { 11 | private: 12 | Vector3< float > coord; 13 | 14 | public: 15 | Foo(float x, float y, float z) : coord(Vector3< float >(x, y, z)) {} 16 | Vector3< float > get_coord() { return coord; } 17 | }; 18 | 19 | int main(int argc, char* argv[]) { 20 | Foo f(1, 2, 3); 21 | Vector3< float > coord = f.get_coord(); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-23-unsafe-1.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | char* foo(char* a, int n) { 6 | int i; 7 | for (i = 0; i < n; i++) 8 | a[i] = 'A'; 9 | return a; 10 | } 11 | 12 | int main() { 13 | char str[50]; 14 | 15 | strcpy(str, "This is string.h library function"); 16 | puts(str); 17 | 18 | memset(str, '$', 100); // DEFINITE ERROR 19 | char* A = foo(str, 7); 20 | // char * B; <- B will be undefined 21 | char B[50]; 22 | memcpy(B, A, 5); 23 | char* C = foo(B, 6); 24 | puts(C); 25 | return (0); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/upa/test-1.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | // This test performs a malloc and tries to access every byte independently 3 | // The access should be aligned on the two accesses 4 | // 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | int main(int argc, char* argv[]) { 11 | // Request 3 bytes, the first is aligned, the second is aligned to 1 byte, 12 | // not to 2 bytes 13 | uint8_t* dynAlloc = malloc(3); 14 | uint8_t* secondByte = dynAlloc + 1; 15 | 16 | printf("Access to %p, value: %x\n", secondByte, *secondByte); 17 | 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/aggregate-in-reg-1.cpp: -------------------------------------------------------------------------------- 1 | template < typename T > 2 | class Vector3 { 3 | private: 4 | T _x, _y, _z; 5 | 6 | public: 7 | Vector3< T >(T x, T y, T z) : _x(x), _y(y), _z(z) {} 8 | }; 9 | 10 | class Foo { 11 | private: 12 | Vector3< float > coord; 13 | 14 | public: 15 | Foo(float x, float y, float z) : coord(Vector3< float >(x, y, z)) {} 16 | Vector3< float > get_coord() { return coord; } 17 | }; 18 | 19 | int main(int argc, char* argv[]) { 20 | Foo f(1, 2, 3); 21 | Vector3< float > coord = f.get_coord(); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/42.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | int main(int flag, char** argv) { 5 | int x = 1; 6 | int y = 1; 7 | int a; 8 | 9 | if (flag) 10 | a = 0; 11 | else 12 | a = 1; 13 | 14 | while (__ikos_nondet_int()) { 15 | if (flag) { 16 | a = x + y; 17 | x++; 18 | } else { 19 | a = x + y + 1; 20 | y++; 21 | } 22 | if (a % 2 == 1) 23 | y++; 24 | else 25 | x++; 26 | } 27 | // x==y 28 | 29 | if (flag) 30 | a++; 31 | __ikos_assert(a % 2 == 1); 32 | } 33 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-7.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int) noexcept; 3 | } 4 | 5 | class Vector { 6 | public: 7 | int _x; 8 | int _y; 9 | int _z; 10 | 11 | Vector(int x, int y, int z) noexcept : _x(x), _y(y), _z(z) {} 12 | }; 13 | 14 | int f(Vector* v) { 15 | return v->_y; 16 | } 17 | 18 | class Master { 19 | public: 20 | Vector* _v; 21 | int* _p; 22 | 23 | Master() { 24 | _v = new Vector(1, 2, 3); 25 | _p = new int(4); 26 | __ikos_assert(f(_v) == 2); 27 | } 28 | }; 29 | 30 | int main() { 31 | Master master; 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/aggregate-in-reg-1.cpp: -------------------------------------------------------------------------------- 1 | template < typename T > 2 | class Vector3 { 3 | private: 4 | T _x, _y, _z; 5 | 6 | public: 7 | Vector3< T >(T x, T y, T z) : _x(x), _y(y), _z(z) {} 8 | }; 9 | 10 | class Foo { 11 | private: 12 | Vector3< float > coord; 13 | 14 | public: 15 | Foo(float x, float y, float z) : coord(Vector3< float >(x, y, z)) {} 16 | Vector3< float > get_coord() { return coord; } 17 | }; 18 | 19 | int main(int argc, char* argv[]) { 20 | Foo f(1, 2, 3); 21 | Vector3< float > coord = f.get_coord(); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-17-simpler.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | int foo(const float* x, int xlen, float u) { 4 | int idx = 0; 5 | int bottom = 0; 6 | int top = xlen - 1; 7 | int retValue = 0; 8 | 9 | for (;;) { 10 | idx = (bottom + top) / 2; 11 | if (u <= x[idx]) 12 | top = idx - 1; 13 | else if (u > x[idx + 1]) 14 | bottom = idx + 1; 15 | else { 16 | retValue = idx; 17 | break; 18 | } 19 | } 20 | return retValue; 21 | } 22 | 23 | int main(int argc, char** argv) { 24 | int xlen = 100; 25 | float A[100]; 26 | return foo(&A, xlen, 34.0); 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-8-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | // We just use a pointer as an array 6 | #define MAX_ARRAY 10 7 | // To test loops that decrements a counter 8 | int main(int argc, char** argv) { 9 | int n = MAX_ARRAY - 1; 10 | int* p = (int*)malloc(sizeof(int) * n); 11 | int i; 12 | if (!p) 13 | return 1; 14 | for (i = n - 1; i >= 0; i--) { 15 | p[i] = i; 16 | } 17 | // for underflow check 18 | // printf("%d\n", p[i+1]); 19 | // for overflow check 20 | printf("%d\n", p[MAX_ARRAY - 1]); 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-26a-unsafe.c: -------------------------------------------------------------------------------- 1 | // UNSAFE 2 | 3 | extern void __ikos_assert(int); 4 | extern int __ikos_nondet_int(void); 5 | 6 | int* fst(int* a, int* b) { 7 | return a; 8 | } 9 | 10 | int* snd(int* a, int* b) { 11 | return b; 12 | } 13 | 14 | int main() { 15 | int x = 5; 16 | int y = 7; 17 | int *p, *q; 18 | if (__ikos_nondet_int()) 19 | p = &x; 20 | else 21 | p = &y; 22 | 23 | if (__ikos_nondet_int()) 24 | q = fst(&x, &y); 25 | else 26 | q = snd(&x, &y); 27 | 28 | __ikos_assert(*p == 5); 29 | __ikos_assert(*q == 7); 30 | 31 | return 42; 32 | } 33 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/local-array-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | char* foo(char* a, int n) { 5 | int i; 6 | for (i = 0; i < n; i++) 7 | a[i] = 'A'; 8 | return a; 9 | } 10 | 11 | int main() { 12 | char str[50]; 13 | 14 | strcpy(str, "This is string.h library function"); 15 | puts(str); 16 | 17 | memset(str, '$', 50); // SAFE 18 | char* A = foo(str, 10); 19 | // char * B; <- B will be undefined 20 | char B[10]; 21 | memcpy(B, A, 10); // SAFE 22 | char* C = foo(B, 10); // SAFE 23 | puts(C); 24 | return (0); 25 | } 26 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/local-array-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | char* foo(char* a, int n) { 5 | int i; 6 | for (i = 0; i < n; i++) 7 | a[i] = 'A'; 8 | return a; 9 | } 10 | 11 | int main() { 12 | char str[50]; 13 | 14 | strcpy(str, "This is string.h library function"); 15 | puts(str); 16 | 17 | memset(str, '$', 50); // SAFE 18 | char* A = foo(str, 10); 19 | // char * B; <- B will be undefined 20 | char B[10]; 21 | memcpy(B, A, 10); // SAFE 22 | char* C = foo(B, 10); // SAFE 23 | puts(C); 24 | return (0); 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-23-unsafe-3.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | char* foo(char* a, int n) { 6 | int i; 7 | for (i = 0; i < n; i++) 8 | a[i] = 'A'; 9 | return a; 10 | } 11 | 12 | int main() { 13 | char str[50]; 14 | 15 | strcpy(str, "This is string.h library function"); 16 | puts(str); 17 | 18 | memset(str, '$', 50); // SAFE 19 | char* A = foo(str, 10); 20 | // char * B; <- B will be undefined 21 | char B[10]; 22 | memcpy(B, A, 10); // SAFE 23 | char* C = foo(B, 11); // WARNING 24 | puts(C); 25 | return (0); 26 | } 27 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/local-array-2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | char* foo(char* a, int n) { 5 | int i; 6 | for (i = 0; i < n; i++) 7 | a[i] = 'A'; 8 | return a; 9 | } 10 | 11 | int main() { 12 | char str[50]; 13 | 14 | strcpy(str, "This is string.h library function"); 15 | puts(str); 16 | 17 | memset(str, '$', 50); // SAFE 18 | char* A = foo(str, 10); 19 | // char * B; <- B will be undefined 20 | char B[10]; 21 | memcpy(B, A, 10); // SAFE 22 | char* C = foo(B, 10); // SAFE 23 | puts(C); 24 | return (0); 25 | } 26 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-23-unsafe-2.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | char* foo(char* a, int n) { 6 | int i; 7 | for (i = 0; i < n; i++) 8 | a[i] = 'A'; 9 | return a; 10 | } 11 | 12 | int main() { 13 | char str[50]; 14 | 15 | strcpy(str, "This is string.h library function"); 16 | puts(str); 17 | 18 | memset(str, '$', 50); // SAFE 19 | char* A = foo(str, 10); 20 | // char * B; <- B will be undefined 21 | char B[10]; 22 | memcpy(B, A, 11); // DEFINITE ERROR 23 | char* C = foo(B, 10); // SAFE 24 | puts(C); 25 | return (0); 26 | } 27 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-23.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | 4 | extern void __ikos_assert(int); 5 | extern int __ikos_nondet_int(void); 6 | 7 | struct foo { 8 | int p; 9 | int q; 10 | }; 11 | 12 | int main() { 13 | struct foo* x = (struct foo*)malloc(sizeof(struct foo)); 14 | if (x == 0) 15 | exit(0); 16 | 17 | x->p = 9; 18 | x->q = 20; 19 | 20 | int p1, p2; 21 | 22 | if (__ikos_nondet_int()) 23 | p1 = x->p; 24 | else 25 | p1 = x->q; 26 | 27 | p2 = x->q; 28 | 29 | __ikos_assert(p1 >= 9 && p1 <= 20); 30 | __ikos_assert(p2 == 20); 31 | return p1 + p2; 32 | } 33 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-18.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | // We just use a pointer as an array 6 | // Same as test-8.c, but using calloc 7 | #define MAX_ARRAY 10 8 | // To test loops that decrements a counter 9 | int main(int argc, char** argv) { 10 | int* p = (int*)calloc(MAX_ARRAY, sizeof(int)); 11 | int i; 12 | if (!p) 13 | return 1; 14 | for (i = MAX_ARRAY - 1; i >= 0; i--) { 15 | p[i] = i; 16 | } 17 | // for underflow check 18 | // printf("%d\n", p[i+1]); 19 | // for overflow check 20 | printf("%d\n", p[MAX_ARRAY - 1]); 21 | return 0; 22 | } 23 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/07.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * From "Path Invariants" PLDI 07 by Beyer et al. 6 | */ 7 | 8 | int main() { 9 | int i, n, a, b; 10 | n = __ikos_nondet_int(); 11 | if (n >= 0) { // assume( n >= 0 ); 12 | i = 0; 13 | a = 0; 14 | b = 0; 15 | while (i < n) { 16 | if (__ikos_nondet_int()) { 17 | a = a + 1; 18 | b = b + 2; 19 | } else { 20 | a = a + 2; 21 | b = b + 1; 22 | } 23 | i = i + 1; 24 | } 25 | __ikos_assert(a + b == 3 * n); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/constructors.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int); 3 | } 4 | 5 | class Vector { 6 | public: 7 | int _x; 8 | int _y; 9 | int _z; 10 | 11 | Vector(int x, int y, int z) noexcept : _x(x), _y(y), _z(z) {} 12 | }; 13 | 14 | int f(Vector* v) { 15 | return v->_y; 16 | } 17 | 18 | class Master { 19 | public: 20 | Vector* _v; 21 | int* _p; 22 | 23 | Master() { 24 | _v = new Vector(1, 2, 3); 25 | _p = new int(4); 26 | __ikos_assert(f(_v) == 2); 27 | } 28 | }; 29 | 30 | int main() { 31 | Master master; 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/constructors.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int); 3 | } 4 | 5 | class Vector { 6 | public: 7 | int _x; 8 | int _y; 9 | int _z; 10 | 11 | Vector(int x, int y, int z) noexcept : _x(x), _y(y), _z(z) {} 12 | }; 13 | 14 | int f(Vector* v) { 15 | return v->_y; 16 | } 17 | 18 | class Master { 19 | public: 20 | Vector* _v; 21 | int* _p; 22 | 23 | Master() { 24 | _v = new Vector(1, 2, 3); 25 | _p = new int(4); 26 | __ikos_assert(f(_v) == 2); 27 | } 28 | }; 29 | 30 | int main() { 31 | Master master; 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-26a-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | extern int __ikos_nondet_int(void); 5 | 6 | int* fst(int* a, int* b) { 7 | return a; 8 | } 9 | 10 | int* snd(int* a, int* b) { 11 | return b; 12 | } 13 | 14 | int main() { 15 | int x = 5; 16 | int y = 7; 17 | int *p, *q; 18 | if (__ikos_nondet_int()) 19 | p = &x; 20 | else 21 | p = &y; 22 | 23 | if (__ikos_nondet_int()) 24 | q = fst(&x, &y); 25 | else 26 | q = snd(&x, &y); 27 | 28 | __ikos_assert(*p >= 5 && *p <= 7); 29 | __ikos_assert(*q >= 5 && *q <= 7); 30 | 31 | return 42; 32 | } 33 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/constructors.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int); 3 | } 4 | 5 | class Vector { 6 | public: 7 | int _x; 8 | int _y; 9 | int _z; 10 | 11 | Vector(int x, int y, int z) noexcept : _x(x), _y(y), _z(z) {} 12 | }; 13 | 14 | int f(Vector* v) { 15 | return v->_y; 16 | } 17 | 18 | class Master { 19 | public: 20 | Vector* _v; 21 | int* _p; 22 | 23 | Master() { 24 | _v = new Vector(1, 2, 3); 25 | _p = new int(4); 26 | __ikos_assert(f(_v) == 2); 27 | } 28 | }; 29 | 30 | int main() { 31 | Master master; 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-44-unsafe.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | typedef void* (*fun_ptr_t)(size_t); 6 | 7 | uint64_t buffer[6]; 8 | 9 | void* my_malloc(size_t s) { 10 | return &buffer; 11 | } 12 | 13 | extern int __ikos_nondet_int(void); 14 | 15 | int main() { 16 | fun_ptr_t f; 17 | 18 | if (__ikos_nondet_int()) { 19 | f = &malloc; 20 | } else { 21 | f = &my_malloc; 22 | } 23 | 24 | int* p = (int*)f(2 * sizeof(int)); 25 | if (!p) 26 | return 1; 27 | *p = 1; 28 | p++; 29 | *p = 2; 30 | 31 | printf("%d\n", *p); 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-10-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | #include 3 | #include 4 | 5 | extern void __ikos_assert(int); 6 | 7 | struct foo { 8 | int a; 9 | int b; 10 | }; 11 | 12 | struct foo* x; 13 | 14 | int main(int argc, char** argv) { 15 | x = (struct foo*)malloc(sizeof(struct foo)); 16 | if (!x) 17 | return 0; 18 | 19 | x->a = 5; 20 | x->b = x->a + 7; 21 | x->a++; 22 | 23 | // printf("%d %d\n",x->a, x->b); 24 | __ikos_assert(x->a == 6 && x->b == 12); 25 | 26 | /* 27 | x->a = 5; 28 | x->b = 10; 29 | __ikos_assert (x->a == 5 && x->b == 10); 30 | */ 31 | 32 | return 42; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-15-safe.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int addOne(int x) { 6 | return x + 1; 7 | } 8 | 9 | int addTwo(int x) { 10 | return x + 2; 11 | } 12 | 13 | int addThree(int x) { 14 | return x + 3; 15 | } 16 | 17 | int main() { 18 | int (*fPtr)(int); 19 | int x = 8; 20 | if (__ikos_nondet_int()) { 21 | fPtr = &addOne; 22 | } else if (__ikos_nondet_int()) { 23 | fPtr = &addTwo; 24 | } else { 25 | fPtr = &addThree; 26 | } 27 | 28 | int res = fPtr(x); 29 | __ikos_assert(res >= 9 && res <= 11); 30 | return 42; 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-26c.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | 3 | extern void __ikos_assert(int); 4 | extern int __ikos_nondet_int(void); 5 | 6 | int* id(int* p) { 7 | return p; 8 | } 9 | 10 | int main() { 11 | int x = 5; 12 | int y = 7; 13 | int* a[1]; 14 | int *p, *q; 15 | 16 | if (__ikos_nondet_int()) 17 | p = id(&x); 18 | else 19 | p = id(&y); 20 | 21 | if (__ikos_nondet_int()) 22 | q = id(&x); 23 | else 24 | q = id(&y); 25 | 26 | if (__ikos_nondet_int()) 27 | a[0] = p; // &x; 28 | else 29 | a[0] = q; // &y; 30 | 31 | __ikos_assert(*(a[0]) >= 5 && *(a[0]) <= 7); 32 | 33 | return 42; 34 | } 35 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-18-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | #include 3 | #include 4 | 5 | // We just use a pointer as an array 6 | // Same as test-8-unsafe.c but using calloc 7 | #define MAX_ARRAY 10 8 | // To test loops that decrements a counter 9 | int main(int argc, char** argv) { 10 | int n = MAX_ARRAY - 1; 11 | int* p = (int*)calloc(n, sizeof(int)); 12 | int i; 13 | if (!p) 14 | return 1; 15 | for (i = n - 1; i >= 0; i--) { 16 | p[i] = i; 17 | } 18 | // for underflow check 19 | // printf("%d\n", p[i+1]); 20 | // for overflow check 21 | printf("%d\n", p[MAX_ARRAY - 1]); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /analyzer/test/regression/mem/test-15-unsafe.c: -------------------------------------------------------------------------------- 1 | // DEFINITE UNSAFE 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int addOne(int x) { 6 | return x + 1; 7 | } 8 | 9 | int addTwo(int x) { 10 | return x + 2; 11 | } 12 | 13 | int addThree(int x) { 14 | return x + 3; 15 | } 16 | 17 | int main() { 18 | int (*fPtr)(int); 19 | int x = 8; 20 | if (__ikos_nondet_int()) { 21 | fPtr = &addOne; 22 | } else if (__ikos_nondet_int()) { 23 | fPtr = &addTwo; 24 | } else { 25 | fPtr = &addThree; 26 | } 27 | 28 | int res = fPtr(x); 29 | __ikos_assert(res >= 10 && res <= 11); 30 | return 42; 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/12.c: -------------------------------------------------------------------------------- 1 | 2 | extern void __ikos_assert(int); 3 | extern int __ikos_nondet_int(void); 4 | 5 | int main(int flag, char** argv) { 6 | int t = 0; 7 | int s = 0; 8 | int a = 0; 9 | int b = 0; 10 | while (__ikos_nondet_int()) { 11 | a++; 12 | b++; 13 | s += a; 14 | t += b; 15 | if (flag) { 16 | t += a; 17 | } 18 | } 19 | // 2s >= t 20 | int x = 1; 21 | if (flag) { 22 | x = t - 2 * s + 2; 23 | } 24 | // x <= 2 25 | int y = 0; 26 | while (y <= x) { 27 | if (__ikos_nondet_int()) 28 | y++; 29 | else 30 | y += 2; 31 | } 32 | __ikos_assert(y <= 4); 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-8-warning.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int __ikos_nondet_int(void); 4 | 5 | // gcc test-8.c -Wuninitialized -o test-8 6 | // gcc does not report any warning. 7 | 8 | // uno test-8.c: uno: in fct main, possibly uninitialized variable 'x' 9 | 10 | // this test is biased by the compiler. It should be unsafe but ikos reports 11 | // safe. 12 | int main(int argc, char** argv) { 13 | argc = __ikos_nondet_int(); 14 | 15 | if (argc < 0) 16 | return 42; 17 | 18 | int x; 19 | if (argc == 0) 20 | x = 0; 21 | else if (argc == 1) 22 | x = 1; 23 | else if (argc > 2) 24 | x = 2; 25 | 26 | return x; 27 | } 28 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/no_optimization/virtual-inheritance.cpp: -------------------------------------------------------------------------------- 1 | struct A { 2 | int x; 3 | }; 4 | 5 | struct B { 6 | char* y; 7 | }; 8 | 9 | struct C { 10 | bool a; 11 | }; 12 | 13 | struct E : public virtual A, public B, public C { 14 | int x; 15 | 16 | virtual void f() {} 17 | }; 18 | 19 | struct D : public virtual A, public virtual B, public C { 20 | float z; 21 | }; 22 | 23 | struct F : public virtual A { 24 | int y; 25 | }; 26 | 27 | struct G : public virtual A { 28 | char* z; 29 | }; 30 | 31 | struct H : public F, public G {}; 32 | 33 | int main() { 34 | E e; 35 | D d; 36 | F f; 37 | G g; 38 | H h; 39 | return 0; 40 | } 41 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/basic_optimization/virtual-inheritance.cpp: -------------------------------------------------------------------------------- 1 | struct A { 2 | int x; 3 | }; 4 | 5 | struct B { 6 | char* y; 7 | }; 8 | 9 | struct C { 10 | bool a; 11 | }; 12 | 13 | struct E : public virtual A, public B, public C { 14 | int x; 15 | 16 | virtual void f() {} 17 | }; 18 | 19 | struct D : public virtual A, public virtual B, public C { 20 | float z; 21 | }; 22 | 23 | struct F : public virtual A { 24 | int y; 25 | }; 26 | 27 | struct G : public virtual A { 28 | char* z; 29 | }; 30 | 31 | struct H : public F, public G {}; 32 | 33 | int main() { 34 | E e; 35 | D d; 36 | F f; 37 | G g; 38 | H h; 39 | return 0; 40 | } 41 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-69.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | static FILE* log = NULL; 5 | static int* array = NULL; 6 | 7 | int init() { 8 | // Open a file 9 | FILE* f = fopen("log", "w"); 10 | if (f == NULL) { 11 | return EXIT_FAILURE; 12 | } 13 | log = f; 14 | 15 | // Allocate the array 16 | void* p = malloc(100 * sizeof(100)); 17 | if (p == NULL) { 18 | return EXIT_FAILURE; 19 | } 20 | array = (int*)p; 21 | 22 | return EXIT_SUCCESS; 23 | } 24 | 25 | int main() { 26 | int status = init(); 27 | if (status != EXIT_SUCCESS) { 28 | return status; 29 | } 30 | 31 | array[0] = 0; 32 | return EXIT_SUCCESS; 33 | } 34 | -------------------------------------------------------------------------------- /analyzer/test/regression/fca/test-2-error.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern void __ikos_assert(int); 4 | extern int __ikos_nondet_int(void); 5 | 6 | // void(int) 7 | static void a(int x) {} 8 | 9 | // void(long) 10 | static void b(long x) {} 11 | 12 | // void(double) 13 | static void c(double x) {} 14 | 15 | // void(int*) 16 | typedef void (*fun_ptr_t)(int*); 17 | 18 | int main() { 19 | void* vtable[3]; 20 | vtable[0] = (void*)a; 21 | vtable[1] = (void*)b; 22 | vtable[2] = (void*)c; 23 | 24 | int nd = __ikos_nondet_int(); 25 | if (nd >= 0 && nd <= 2) { 26 | fun_ptr_t f = (fun_ptr_t)vtable[nd]; 27 | f(NULL); // error 28 | } 29 | 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/19.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * From "Simplifying Loop Invariant Generation using Splitter Predicates", 6 | * Sharma et al. CAV'11 7 | */ 8 | 9 | int main() { 10 | int n = __ikos_nondet_int(); 11 | int m = __ikos_nondet_int(); 12 | 13 | if (n >= 0) { // assume(n>=0); 14 | if (m >= 0) { // assume(m>=0); 15 | if (m < n) { // assume(m m) 21 | y++; 22 | } 23 | __ikos_assert(y == n); 24 | } 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/test-6.cpp: -------------------------------------------------------------------------------- 1 | extern "C" { 2 | extern void __ikos_assert(int) noexcept; 3 | } 4 | 5 | class A { 6 | public: 7 | A() noexcept {} 8 | virtual void f() { __ikos_assert(false); } 9 | virtual void g() { __ikos_assert(false); } 10 | virtual ~A() {} 11 | }; 12 | 13 | class B : public A { 14 | public: 15 | B() noexcept {} 16 | void f() { __ikos_assert(true); } 17 | void g() { __ikos_assert(false); } 18 | }; 19 | 20 | class C : public A { 21 | public: 22 | C() noexcept {} 23 | void f() { __ikos_assert(false); } 24 | void g() { __ikos_assert(false); } 25 | }; 26 | 27 | int main() { 28 | A* a = new B(); 29 | a->f(); 30 | return 0; 31 | } 32 | -------------------------------------------------------------------------------- /frontend/llvm/test/regression/import/aggressive_optimization/virtual-inheritance.cpp: -------------------------------------------------------------------------------- 1 | struct A { 2 | int x; 3 | }; 4 | 5 | struct B { 6 | char* y; 7 | }; 8 | 9 | struct C { 10 | bool a; 11 | }; 12 | 13 | struct E : public virtual A, public B, public C { 14 | int x; 15 | 16 | virtual void f() {} 17 | }; 18 | 19 | struct D : public virtual A, public virtual B, public C { 20 | float z; 21 | }; 22 | 23 | struct F : public virtual A { 24 | int y; 25 | }; 26 | 27 | struct G : public virtual A { 28 | char* z; 29 | }; 30 | 31 | struct H : public F, public G {}; 32 | 33 | int main() { 34 | E e; 35 | D d; 36 | F f; 37 | G g; 38 | H h; 39 | return 0; 40 | } 41 | -------------------------------------------------------------------------------- /analyzer/test/regression/prover/41.c: -------------------------------------------------------------------------------- 1 | extern void __ikos_assert(int); 2 | extern int __ikos_nondet_int(void); 3 | 4 | /* 5 | * Adapted from "Automated Error Diagnosis Using Abductive Inference" by Dillig 6 | * et al. 7 | */ 8 | 9 | int main() { 10 | int n = __ikos_nondet_int(); 11 | int flag = __ikos_nondet_int(); 12 | 13 | if (n >= 0) { // assume(n>=0); 14 | int k = 1; 15 | if (flag) { 16 | k = __ikos_nondet_int(); 17 | // assume(k>=0); 18 | // ?? 19 | } 20 | int i = 0, j = 0; 21 | while (i <= n) { 22 | i++; 23 | j += i; 24 | } 25 | int z = k + i + j; 26 | __ikos_assert(z > 2 * n); 27 | } 28 | return 0; 29 | } 30 | -------------------------------------------------------------------------------- /analyzer/test/regression/uva/test-2-error-2.c: -------------------------------------------------------------------------------- 1 | // From http://blog.regehr.org/archives/519 2 | 3 | // This is an example where the compiler can use undefinedness to make 4 | // a bit surprising transformation. Note that z may be 5 | // uninitialized. The compiler notices that and it initializes it. 6 | // This is a sound transformation since the program has an undefined 7 | // behavior so the compiler can do whatever it wants. 8 | 9 | extern int __ikos_nondet_int(void); 10 | 11 | int main(int argc, char** argv) { 12 | argc = __ikos_nondet_int(); 13 | 14 | int y, z; 15 | if (argc > 2) { 16 | z = 5; 17 | } 18 | for (y = 0; y < 5; y++) 19 | z++; 20 | return z; 21 | } 22 | -------------------------------------------------------------------------------- /analyzer/test/regression/boa/test-42.c: -------------------------------------------------------------------------------- 1 | // SAFE 2 | extern void __ikos_assert(int); 3 | 4 | static struct { 5 | int stopExecutionFlag; 6 | int isrOverrun; 7 | int overrunFlags[10]; 8 | const char* errmsg; 9 | } GBLbuf; 10 | 11 | typedef struct { 12 | int x; 13 | int y; 14 | } foo; 15 | 16 | typedef struct { 17 | int a; 18 | int b; 19 | int c; 20 | int d[5]; 21 | } FOO_BAR; 22 | 23 | FOO_BAR foo_M_; 24 | FOO_BAR* foo_M = &foo_M_; 25 | 26 | FOO_BAR* init() { 27 | return foo_M; 28 | } 29 | 30 | int main() { 31 | FOO_BAR* M = init(); 32 | M->d[2] = 3; 33 | M->d[3] = 4; 34 | M->d[4] = M->d[2] + M->d[3]; 35 | __ikos_assert(M->d[4] == 7); 36 | return 42; 37 | } 38 | --------------------------------------------------------------------------------