├── .devcontainer ├── Dockerfile ├── README.md ├── devcontainer.env └── devcontainer.json ├── .dockerignore ├── .git-blame-ignore-revs ├── .gitattributes ├── .github ├── dependabot.yml └── workflows │ ├── coverage.yml │ ├── docker.yml │ ├── docs.yml │ ├── indentation.yml │ ├── locked.yml │ ├── metadata.yml │ ├── options.yml │ ├── semgrep.yml │ └── unlocked.yml ├── .gitignore ├── .gitmodules ├── .mailmap ├── .readthedocs.yaml ├── .semgrep ├── cil.yml ├── cilint.yml ├── exit.yml ├── fold.yml ├── fun.yml ├── hashtbl.yml ├── list.yml ├── logs.yml ├── obj.yml ├── option.yml ├── timing.yml ├── tracing.yml └── zarith.yml ├── .zenodo.json ├── CHANGELOG.md ├── CITATION.cff ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── Vagrantfile ├── bench ├── basic │ ├── benchSet.ml │ ├── benchTuple4.ml │ └── dune ├── deriving │ ├── benchEq.ml │ └── dune ├── hash.ml ├── hashcons │ ├── .merlin │ ├── equality_bench.ml │ ├── hashcons.ml │ └── physical_equality.ml ├── json.ml └── zarith │ ├── benchZarith.ml │ └── dune ├── conf ├── bench-yaml-validate.json ├── bench-yaml.json ├── dune ├── examples │ ├── large-program.json │ ├── medium-program.json │ └── very-precise.json ├── incremental.json ├── ldv-races.json ├── min-unsound.json ├── minimal_incremental.json ├── svcomp-ghost.json ├── svcomp-validate.json ├── svcomp-yaml-validate.json ├── svcomp-yaml.json ├── svcomp.json ├── svcomp21.json ├── svcomp22-intervals-novareq-affeq-apron.json ├── svcomp22-intervals-novareq-affeq-native.json ├── svcomp22-intervals-novareq-octagon-apron.json ├── svcomp22-intervals-novareq-polyhedra-apron.json ├── svcomp22.json ├── svcomp23.json ├── svcomp24-validate.json ├── svcomp24.json ├── svcomp25-validate.json ├── svcomp25.json ├── svcomp2var.json ├── traces-rel-toy.json ├── traces-rel.json ├── traces.json └── zstd-race.json ├── docs ├── artifact-descriptions │ ├── esop23.md │ ├── sas21.md │ ├── vmcai24.md │ └── vmcai25.md ├── developer-guide │ ├── debugging.md │ ├── developing.md │ ├── documenting.md │ ├── extending-library.md │ ├── firstanalysis.md │ ├── messaging.md │ ├── profiling.md │ ├── releasing.md │ └── testing.md ├── img │ └── wettlaufweltmeister.svg ├── index.md ├── requirements.txt └── user-guide │ ├── annotating.md │ ├── assumptions.md │ ├── benchmarking.md │ ├── configuring.md │ ├── inspecting.md │ └── running.md ├── dune ├── dune-project ├── goblint.opam ├── goblint.opam.locked ├── goblint.opam.template ├── jsfh.yml ├── lib ├── .gitignore ├── README.md ├── goblint │ ├── dune │ └── runtime │ │ ├── dune │ │ ├── include │ │ └── goblint.h │ │ └── src │ │ ├── dune │ │ └── goblint.c ├── libc │ ├── dune │ └── stub │ │ ├── include │ │ └── assert.h │ │ └── src │ │ ├── pthread.c │ │ └── stdlib.c ├── linux │ ├── dune │ └── stub │ │ └── include │ │ ├── linux │ │ └── goblint_preconf.h │ │ └── linuxlight.h └── sv-comp │ ├── dune │ └── stub │ └── src │ └── sv-comp.c ├── make.sh ├── mkdocs.yml ├── regtest.sh ├── scripts ├── bash-completion.sh ├── bisect.sh ├── cil_input.sh ├── creduce │ ├── README.md │ ├── branches.sh │ ├── incremental.sh │ └── privPrecCompare.sh ├── fix_patch_headers.sh ├── goblint-lib-modules.py ├── hooks │ └── pre-commit ├── incremental.sh ├── incremental_avg.sh ├── privPrecCompare.sh ├── regression2sv-benchmarks.py ├── suite-result-witness-evals.py ├── sv-comp │ ├── archive.sh │ ├── sv-comp-run-no-overflow.py │ ├── sv-comp-run.py │ └── witness-isomorphism.py ├── test-gobview.py ├── test-incremental-multiple.sh ├── test-incremental.sh ├── test-param-activated.py ├── test_solvers.sh ├── trace_off.sh ├── trace_on.sh ├── travis-ci.sh └── update_suite.rb ├── spin ├── .gitignore └── pthread.base.pml ├── src ├── .gitignore ├── analyses │ ├── abortUnless.ml │ ├── accessAnalysis.ml │ ├── activeLongjmp.ml │ ├── activeSetjmp.ml │ ├── apron │ │ ├── affineEqualityAnalysis.apron.ml │ │ ├── affineEqualityAnalysis.no-apron.ml │ │ ├── apronAnalysis.apron.ml │ │ ├── apronAnalysis.no-apron.ml │ │ ├── dune │ │ ├── linearTwoVarEqualityAnalysis.apron.ml │ │ ├── linearTwoVarEqualityAnalysis.no-apron.ml │ │ ├── relationAnalysis.apron.ml │ │ ├── relationAnalysis.no-apron.ml │ │ ├── relationPriv.apron.ml │ │ └── relationPriv.no-apron.ml │ ├── assert.ml │ ├── base.ml │ ├── baseInvariant.ml │ ├── basePriv.ml │ ├── basePriv.mli │ ├── baseUtil.ml │ ├── baseUtil.mli │ ├── c2poAnalysis.ml │ ├── callstring.ml │ ├── commonPriv.ml │ ├── condVars.ml │ ├── deadlock.ml │ ├── expRelation.ml │ ├── expsplit.ml │ ├── extractPthread.ml │ ├── locksetAnalysis.ml │ ├── loopTermination.ml │ ├── loopfreeCallstring.ml │ ├── mCP.ml │ ├── mCPAccess.ml │ ├── mCPRegistry.ml │ ├── mHPAnalysis.ml │ ├── mallocFresh.ml │ ├── malloc_null.ml │ ├── mayLocks.ml │ ├── memLeak.ml │ ├── memOutOfBounds.ml │ ├── modifiedSinceSetjmp.ml │ ├── mutexAnalysis.ml │ ├── mutexEventsAnalysis.ml │ ├── mutexGhosts.ml │ ├── mutexTypeAnalysis.ml │ ├── poisonVariables.ml │ ├── pthreadSignals.ml │ ├── ptranalAnalysis.ml │ ├── raceAnalysis.ml │ ├── region.ml │ ├── singleThreadedLifter.ml │ ├── stackTrace.ml │ ├── startStateAnalysis.ml │ ├── symbLocks.ml │ ├── taintPartialContexts.ml │ ├── threadAnalysis.ml │ ├── threadEscape.ml │ ├── threadFlag.ml │ ├── threadId.ml │ ├── threadJoins.ml │ ├── threadReturn.ml │ ├── tmpSpecial.ml │ ├── tutorials │ │ ├── constants.ml │ │ ├── signs.ml │ │ ├── taint.ml │ │ └── unitAnalysis.ml │ ├── unassumeAnalysis.ml │ ├── uninit.ml │ ├── useAfterFree.ml │ ├── varEq.ml │ ├── vla.ml │ └── wrapperFunctionAnalysis.ml ├── apronPrecCompare.ml ├── arg │ ├── argConstraints.ml │ ├── argTools.ml │ ├── myARG.ml │ ├── observerAnalysis.ml │ ├── observerAutomaton.ml │ ├── violation.ml │ └── z3 │ │ ├── dune │ │ ├── violationZ3.no-z3.ml │ │ └── violationZ3.z3.ml ├── autoTune.ml ├── autoTune0.ml ├── build-info │ ├── .gitignore │ ├── dune │ ├── dune_build_info.ml │ ├── dune_build_info.mli │ └── goblint_build_info.ml ├── cdomain │ └── value │ │ ├── analyses │ │ └── wrapperFunctionAnalysis0.ml │ │ ├── cdomain_value.mld │ │ ├── cdomains │ │ ├── addressDomain.ml │ │ ├── addressDomain.mli │ │ ├── addressDomain_intf.ml │ │ ├── arrayDomain.ml │ │ ├── arrayDomain.mli │ │ ├── concDomain.ml │ │ ├── floatDomain.ml │ │ ├── floatDomain.mli │ │ ├── int │ │ │ ├── bitfieldDomain.ml │ │ │ ├── congruenceDomain.ml │ │ │ ├── defExcDomain.ml │ │ │ ├── enumsDomain.ml │ │ │ ├── intDomTuple.ml │ │ │ ├── intervalDomain.ml │ │ │ └── intervalSetDomain.ml │ │ ├── intDomain.ml │ │ ├── intDomain.mli │ │ ├── intDomain0.ml │ │ ├── intDomain_intf.ml │ │ ├── jmpBufDomain.ml │ │ ├── lval.ml │ │ ├── mutexAttrDomain.ml │ │ ├── mval.ml │ │ ├── mval.mli │ │ ├── mval_intf.ml │ │ ├── nullByteSet.ml │ │ ├── offset.ml │ │ ├── offset.mli │ │ ├── offset_intf.ml │ │ ├── preValueDomain.ml │ │ ├── stringDomain.ml │ │ ├── stringDomain.mli │ │ ├── structDomain.ml │ │ ├── structDomain.mli │ │ ├── threadIdDomain.ml │ │ ├── unionDomain.ml │ │ └── valueDomain.ml │ │ ├── domains │ │ ├── invariant.ml │ │ ├── invariantCil.ml │ │ └── valueDomainQueries.ml │ │ ├── dune │ │ └── util │ │ ├── precisionUtil.ml │ │ ├── wideningThresholds.ml │ │ └── wideningThresholds.mli ├── cdomains │ ├── affineEquality │ │ ├── arrayImplementation │ │ │ ├── arrayMatrix.ml │ │ │ └── arrayVector.ml │ │ ├── matrix.ml │ │ ├── ratOps.ml │ │ ├── sparseImplementation │ │ │ ├── listMatrix.ml │ │ │ └── sparseVector.ml │ │ └── vector.ml │ ├── apron │ │ ├── affineEqualityDenseDomain.apron.ml │ │ ├── affineEqualityDenseDomain.no-apron.ml │ │ ├── affineEqualityDomain.apron.ml │ │ ├── affineEqualityDomain.no-apron.ml │ │ ├── apronDomain.apron.ml │ │ ├── apronDomain.no-apron.ml │ │ ├── dune │ │ ├── gobApron.apron.ml │ │ ├── gobApron.no-apron.ml │ │ ├── linearTwoVarEqualityDomain.apron.ml │ │ ├── linearTwoVarEqualityDomain.no-apron.ml │ │ ├── relationDomain.apron.ml │ │ ├── relationDomain.no-apron.ml │ │ ├── sharedFunctions.apron.ml │ │ └── sharedFunctions.no-apron.ml │ ├── baseDomain.ml │ ├── c2poDomain.ml │ ├── congruenceClosure.ml │ ├── deadlockDomain.ml │ ├── duplicateVars.ml │ ├── escapeDomain.ml │ ├── lockDomain.ml │ ├── mHP.ml │ ├── musteqDomain.ml │ ├── pthreadDomain.ml │ ├── regionDomain.ml │ ├── stackDomain.ml │ ├── symbLocksDomain.ml │ ├── threadFlagDomain.ml │ └── unionFind.ml ├── common │ ├── cdomains │ │ ├── basetype.ml │ │ └── floatOps │ │ │ ├── floatOps.ml │ │ │ ├── floatOps.mli │ │ │ └── stubs.c │ ├── common.mld │ ├── domains │ │ └── printable.ml │ ├── dune │ ├── framework │ │ ├── analysisState.ml │ │ ├── cfgTools.ml │ │ ├── controlSpecC.ml │ │ ├── controlSpecC.mli │ │ ├── edge.ml │ │ ├── myCFG.ml │ │ ├── node.ml │ │ └── node0.ml │ ├── incremental │ │ └── updateCil0.ml │ └── util │ │ ├── analysisStateUtil.ml │ │ ├── cilCfg0.ml │ │ ├── cilLocation.ml │ │ ├── cilType.ml │ │ ├── cilfacade.ml │ │ ├── cilfacade0.ml │ │ ├── contextUtil.ml │ │ ├── gobFormat.ml │ │ ├── intOps.ml │ │ ├── lazyEval.ml │ │ ├── loopUnrolling0.ml │ │ ├── messageCategory.ml │ │ ├── messageUtil.ml │ │ ├── messages.ml │ │ ├── resettableLazy.ml │ │ ├── resettableLazy.mli │ │ ├── richVarinfo.ml │ │ ├── richVarinfo.mli │ │ ├── timing.ml │ │ └── xmlUtil.ml ├── config │ ├── afterConfig.ml │ ├── config.mld │ ├── dune │ ├── gobConfig.ml │ ├── jsonSchema.ml │ ├── options.ml │ └── options.schema.json ├── constraint │ ├── constrSys.ml │ ├── dune │ ├── goblint_constraint.ml │ ├── solverTypes.ml │ ├── translators.ml │ ├── varQuery.ml │ └── varQuery.mli ├── domain │ ├── boolDomain.ml │ ├── disjointDomain.ml │ ├── domain.mld │ ├── dune │ ├── flagHelper.ml │ ├── hoareDomain.ml │ ├── lattice.ml │ ├── mapDomain.ml │ ├── partitionDomain.ml │ ├── setDomain.ml │ └── trieDomain.ml ├── domains │ ├── abstractionDomainProperties.ml │ ├── access.ml │ ├── accessDomain.ml │ ├── domainProperties.ml │ ├── events.ml │ ├── intDomainProperties.ml │ └── queries.ml ├── dune ├── framework │ ├── analyses.ml │ ├── analysisResult.ml │ ├── compareConstraints.ml │ ├── constraints.ml │ ├── control.ml │ ├── refinement.ml │ └── resultQuery.ml ├── goblint.ml ├── goblint_lib.ml ├── incremental │ ├── cilMaps.ml │ ├── compareAST.ml │ ├── compareCFG.ml │ ├── compareCIL.ml │ ├── dune │ ├── incremental.mld │ ├── makefileUtil.ml │ ├── maxIdUtil.ml │ ├── serialize.ml │ └── updateCil.ml ├── index.mld ├── lifters │ ├── contextGasLifter.ml │ ├── contextGasLifter.mli │ ├── longjmpLifter.ml │ ├── longjmpLifter.mli │ ├── recursionTermLifter.ml │ ├── recursionTermLifter.mli │ ├── specLifters.ml │ ├── wideningDelay.ml │ ├── wideningToken.ml │ └── wideningTokenLifter.ml ├── maingoblint.ml ├── messagesCompare.ml ├── ppx │ ├── dune │ ├── lattice │ │ ├── dune │ │ └── ppx_deriving_lattice.ml │ └── printable │ │ ├── dune │ │ └── ppx_deriving_printable.ml ├── privPrecCompare.ml ├── sites │ ├── dune │ ├── goblint_sites.ml │ └── goblint_sites.mli ├── solver │ ├── dune │ ├── effectWConEq.ml │ ├── generic.ml │ ├── goblint_solver.ml │ ├── localFixpoint.ml │ ├── postSolver.ml │ ├── sLR.ml │ ├── sLRphased.ml │ ├── sLRterm.ml │ ├── selector.ml │ ├── sideWPointSelect.ml │ ├── solverBox.ml │ ├── solverStats.ml │ ├── td3.ml │ ├── td3UpdateRule.ml │ ├── td_simplified.ml │ ├── topDown.ml │ ├── topDown_deprecated.ml │ ├── topDown_space_cache_term.ml │ ├── topDown_term.ml │ └── worklist.ml ├── transform │ ├── deadCode.ml │ ├── evalAssert.ml │ ├── expressionEvaluation.ml │ └── transform.ml ├── util │ ├── apron │ │ ├── apronPrecCompareUtil.apron.ml │ │ ├── apronPrecCompareUtil.no-apron.ml │ │ ├── dune │ │ ├── relationPrecCompareUtil.apron.ml │ │ └── relationPrecCompareUtil.no-apron.ml │ ├── autoSoundConfig.ml │ ├── backtrace │ │ ├── dune │ │ ├── goblint_backtrace.ml │ │ └── goblint_backtrace.mli │ ├── cilCfg.ml │ ├── compilationDatabase.ml │ ├── dune │ ├── gobExn.ml │ ├── goblintDir.ml │ ├── library │ │ ├── accessKind.ml │ │ ├── dune │ │ ├── library.mld │ │ ├── libraryDesc.ml │ │ ├── libraryDsl.ml │ │ ├── libraryDsl.mli │ │ ├── libraryFunctions.ml │ │ └── libraryFunctions.mli │ ├── logs │ │ ├── ansiColors.ml │ │ ├── dune │ │ └── logs.ml │ ├── loopUnrolling.ml │ ├── loopUnrolling.mli │ ├── parallel │ │ ├── data.ml │ │ ├── data.mli │ │ ├── domainsafeLazy.ml │ │ ├── domainsafeLazy.mli │ │ ├── dune │ │ ├── gobMutex.domainslib.ml │ │ ├── gobMutex.mli │ │ ├── gobMutex.no-domainslib.ml │ │ ├── goblint_parallel.ml │ │ ├── threadpool.domainslib.ml │ │ ├── threadpool.mli │ │ └── threadpool.no-domainslib.ml │ ├── precCompare.ml │ ├── precCompareUtil.ml │ ├── preprocessor.ml │ ├── privPrecCompareUtil.ml │ ├── processPool.ml │ ├── returnUtil.ml │ ├── sarif.ml │ ├── sarifRules.ml │ ├── sarifType.ml │ ├── server.ml │ ├── std │ │ ├── dune │ │ ├── gobArray.ml │ │ ├── gobFpath.ml │ │ ├── gobGc.ml │ │ ├── gobHashtbl.ml │ │ ├── gobList.ml │ │ ├── gobOption.ml │ │ ├── gobPretty.ml │ │ ├── gobQCheck.ml │ │ ├── gobRef.ml │ │ ├── gobResult.ml │ │ ├── gobSys.ml │ │ ├── gobTuple.ml │ │ ├── gobUnix.ml │ │ ├── gobYaml.ml │ │ ├── gobYojson.ml │ │ ├── gobZ.ml │ │ └── goblint_std.ml │ ├── terminationPreprocessing.ml │ ├── timeout.ml │ ├── timing │ │ ├── dune │ │ ├── goblint_timing.ml │ │ ├── goblint_timing.mli │ │ └── goblint_timing_intf.ml │ └── tracing │ │ ├── dune │ │ └── goblint_tracing.ml ├── vendor │ ├── dune │ ├── ppx_easy_deriving │ │ ├── LICENSE.md │ │ ├── README.md │ │ ├── deriver.ml │ │ ├── deriver.mli │ │ ├── deriver_intf.ml │ │ ├── dune │ │ ├── intf.ml │ │ ├── pat_exp.ml │ │ ├── pat_exp.mli │ │ ├── ppx_easy_deriving.ml │ │ ├── product.ml │ │ ├── product.mli │ │ ├── product_intf.ml │ │ ├── util.ml │ │ └── util.mli │ └── zarith │ │ ├── dune │ │ ├── z_mlgmpidl.ml │ │ └── z_mlgmpidl.mli └── witness │ ├── svcomp.ml │ ├── svcompSpec.ml │ ├── timeUtil.ml │ ├── witness.ml │ ├── witnessGhost.ml │ ├── witnessGhostVar.ml │ ├── witnessUtil.ml │ ├── yamlWitness.ml │ └── yamlWitnessType.ml └── tests ├── extraction ├── 00-sanity.c ├── 00-sanity.t ├── 01-base.c ├── 01-base.t ├── 02-starve.c ├── 02-starve.t └── dune ├── incremental ├── 00-basic │ ├── 00-local.c │ ├── 00-local.json │ ├── 00-local.patch │ ├── 01-global.c │ ├── 01-global.json │ ├── 01-global.patch │ ├── 02-changed_start_state1.c │ ├── 02-changed_start_state1.json │ ├── 02-changed_start_state1.patch │ ├── 03-changed_start_state2.c │ ├── 03-changed_start_state2.json │ ├── 03-changed_start_state2.patch │ ├── 04-rename_ids.c │ ├── 04-rename_ids.json │ ├── 04-rename_ids.patch │ ├── 05-sideeffects.c │ ├── 05-sideeffects.json │ ├── 05-sideeffects.patch │ ├── 06-threadid.c │ ├── 06-threadid.json │ ├── 06-threadid.patch │ ├── 07-dead-branch.c │ ├── 07-dead-branch.json │ ├── 07-dead-branch.patch │ ├── 08-refine_interval_with_def_exc.c │ ├── 08-refine_interval_with_def_exc.json │ ├── 08-refine_interval_with_def_exc.patch │ ├── 09-unreach.c │ ├── 09-unreach.json │ ├── 09-unreach.patch │ ├── 10-reach.c │ ├── 10-reach.json │ ├── 10-reach.patch │ ├── 11-unreach-reusesuper.c │ ├── 11-unreach-reusesuper.json │ ├── 11-unreach-reusesuper.patch │ ├── 12-rec-type.c │ ├── 12-rec-type.json │ ├── 12-rec-type.patch │ ├── 13-anonymous-compound.c │ ├── 13-anonymous-compound.json │ ├── 13-anonymous-compound.patch │ ├── 14-struct.c │ ├── 14-struct.json │ ├── 14-struct.patch │ ├── 15-reluctant-test.c │ ├── 15-reluctant-test.json │ └── 15-reluctant-test.patch ├── 01-force-reanalyze │ ├── 00-int.c │ ├── 00-int.json │ ├── 00-int.patch │ ├── 01-int-reluctant.c │ ├── 01-int-reluctant.json │ └── 01-int-reluctant.patch ├── 02-cfg-comparison │ ├── 00-infinite-loop.c │ ├── 00-infinite-loop.json │ ├── 00-infinite-loop.patch │ ├── 01-added-return-stmt.c │ ├── 01-added-return-stmt.json │ ├── 01-added-return-stmt.patch │ ├── 02-added-return-after-exit.c │ ├── 02-added-return-after-exit.json │ └── 02-added-return-after-exit.patch ├── 03-precision-annotation │ ├── 01-change_precision.c │ ├── 01-change_precision.json │ ├── 01-change_precision.patch │ ├── 02-reluctant-int-annotation.c │ ├── 02-reluctant-int-annotation.json │ ├── 02-reluctant-int-annotation.patch │ ├── 03-reluctant-int-annotation-dyn.c │ ├── 03-reluctant-int-annotation-dyn.json │ └── 03-reluctant-int-annotation-dyn.patch ├── 04-var-rename │ ├── 01-rename_and_shuffle.c │ ├── 01-rename_and_shuffle.json │ ├── 01-rename_and_shuffle.patch │ ├── 01-rename_and_shuffle.t │ ├── 02-rename_with_usage.c │ ├── 02-rename_with_usage.json │ ├── 02-rename_with_usage.patch │ ├── 02-rename_with_usage.t │ ├── 03-renamed_assert.c │ ├── 03-renamed_assert.json │ ├── 03-renamed_assert.patch │ ├── 04-renamed_param.c │ ├── 04-renamed_param.json │ ├── 04-renamed_param.patch │ ├── 04-renamed_param.t │ ├── 05-renamed_param_usage_changed.c │ ├── 05-renamed_param_usage_changed.json │ ├── 05-renamed_param_usage_changed.patch │ ├── 05-renamed_param_usage_changed.t │ ├── dune │ └── multiple_incremental_runs │ │ ├── 08-2_incremental_runs.json │ │ ├── 08-2_incremental_runs_1.c │ │ ├── 08-2_incremental_runs_1.patch │ │ ├── 08-2_incremental_runs_2.patch │ │ ├── 09-2_ir_with_changes.json │ │ ├── 09-2_ir_with_changes_1.c │ │ ├── 09-2_ir_with_changes_1.patch │ │ └── 09-2_ir_with_changes_2.patch ├── 05-method-rename │ ├── 00-simple_rename.c │ ├── 00-simple_rename.json │ ├── 00-simple_rename.patch │ ├── 00-simple_rename.t │ ├── 01-dependent_rename.c │ ├── 01-dependent_rename.json │ ├── 01-dependent_rename.patch │ ├── 01-dependent_rename.t │ ├── 02-cyclic_rename_dependency.c │ ├── 02-cyclic_rename_dependency.json │ ├── 02-cyclic_rename_dependency.patch │ ├── 02-cyclic_rename_dependency.t │ ├── 03-cyclic_with_swap.c │ ├── 03-cyclic_with_swap.json │ ├── 03-cyclic_with_swap.patch │ ├── 03-cyclic_with_swap.t │ ├── 04-deep_change.c │ ├── 04-deep_change.json │ ├── 04-deep_change.patch │ ├── 04-deep_change.t │ ├── 05-common_rename.c │ ├── 05-common_rename.json │ ├── 05-common_rename.patch │ ├── 05-common_rename.t │ ├── 06-recursive_rename.c │ ├── 06-recursive_rename.json │ ├── 06-recursive_rename.patch │ ├── 06-recursive_rename.t │ └── dune ├── 06-glob-var-rename │ ├── 00-simple_rename.c │ ├── 00-simple_rename.json │ ├── 00-simple_rename.patch │ ├── 00-simple_rename.t │ ├── 01-duplicate_local_global.c │ ├── 01-duplicate_local_global.json │ ├── 01-duplicate_local_global.patch │ ├── 01-duplicate_local_global.t │ ├── 02-add_new_gvar.c │ ├── 02-add_new_gvar.json │ ├── 02-add_new_gvar.patch │ ├── 02-add_new_gvar.t │ └── dune ├── 11-restart │ ├── 00-justglob.c │ ├── 00-justglob.json │ ├── 00-justglob.patch │ ├── 01-global-nochange.c │ ├── 01-global-nochange.json │ ├── 01-global-nochange.patch │ ├── 02-global-remove.c │ ├── 02-global-remove.json │ ├── 02-global-remove.patch │ ├── 03-global-change.c │ ├── 03-global-change.json │ ├── 03-global-change.patch │ ├── 04-global-add.c │ ├── 04-global-add.json │ ├── 04-global-add.patch │ ├── 05-local-wpoint.c │ ├── 05-local-wpoint.json │ ├── 05-local-wpoint.patch │ ├── 06-local-wpoint-read.c │ ├── 06-local-wpoint-read.json │ ├── 06-local-wpoint-read.patch │ ├── 07-local-wpoint-nochange.c │ ├── 07-local-wpoint-nochange.json │ ├── 07-local-wpoint-nochange.patch │ ├── 08-side-restart.c │ ├── 08-side-restart.json │ ├── 08-side-restart.patch │ ├── 09-call-remove.c │ ├── 09-call-remove.json │ ├── 09-call-remove.patch │ ├── 11-paper-example.c │ ├── 11-paper-example.json │ ├── 11-paper-example.patch │ ├── 12-mutex-simple-access.c │ ├── 12-mutex-simple-access.json │ ├── 12-mutex-simple-access.patch │ ├── 13-changed_start_state2.c │ ├── 13-changed_start_state2.json │ ├── 13-changed_start_state2.patch │ ├── 14-mutex-simple-wrap2.c │ ├── 14-mutex-simple-wrap2.json │ ├── 14-mutex-simple-wrap2.patch │ ├── 15-mutex-simple-wrap1.c │ ├── 15-mutex-simple-wrap1.json │ ├── 15-mutex-simple-wrap1.patch │ ├── 16-mutex-simple-wrap1-global.c │ ├── 16-mutex-simple-wrap1-global.json │ ├── 16-mutex-simple-wrap1-global.patch │ ├── 17-mutex-simple-fuel.c │ ├── 17-mutex-simple-fuel.json │ ├── 17-mutex-simple-fuel.patch │ ├── 48-local-wpoint-funcall.c │ ├── 48-local-wpoint-funcall.json │ └── 48-local-wpoint-funcall.patch ├── 13-restart-write │ ├── 01-mutex-simple.c │ ├── 01-mutex-simple.json │ ├── 01-mutex-simple.patch │ ├── 02-mutex-simple-wrap.c │ ├── 02-mutex-simple-wrap.json │ ├── 02-mutex-simple-wrap.patch │ ├── 03-mutex-simple-nochange.c │ ├── 03-mutex-simple-nochange.json │ ├── 03-mutex-simple-nochange.patch │ ├── 04-malloc-node.c │ ├── 04-malloc-node.json │ ├── 04-malloc-node.patch │ ├── 05-race-call-remove.c │ ├── 05-race-call-remove.json │ ├── 05-race-call-remove.patch │ ├── 06-mutex-simple-reluctant.c │ ├── 06-mutex-simple-reluctant.json │ ├── 06-mutex-simple-reluctant.patch │ ├── 07-mutex-simple-reluctant2.c │ ├── 07-mutex-simple-reluctant2.json │ ├── 07-mutex-simple-reluctant2.patch │ ├── 08-mutex-simple-reluctant3.c │ ├── 08-mutex-simple-reluctant3.json │ ├── 08-mutex-simple-reluctant3.patch │ ├── 09-mutex-self-fix.c │ ├── 09-mutex-self-fix.json │ └── 09-mutex-self-fix.patch ├── 14-manual-restart │ ├── 01-restart_manual_simple.c │ ├── 01-restart_manual_simple.json │ ├── 01-restart_manual_simple.patch │ ├── 02-read_write_global.c │ ├── 02-read_write_global.json │ ├── 02-read_write_global.patch │ ├── 03-partial_contexts.c │ ├── 03-partial_contexts.json │ ├── 03-partial_contexts.patch │ ├── 04-restarting_and_aborting.c │ ├── 04-restarting_and_aborting.json │ └── 04-restarting_and_aborting.patch └── dune ├── others ├── cilbug.c ├── nocompile.c ├── noterm.c ├── vararg.c └── vararg_sum.c ├── regression ├── 00-sanity │ ├── 01-assert.c │ ├── 01-assert.t │ ├── 02-minimal.c │ ├── 03-no_succ.c │ ├── 04-empty_if.c │ ├── 05-inf_loop.c │ ├── 06-term1.c │ ├── 07-term2.c │ ├── 08-asm_nop.c │ ├── 09-include.c │ ├── 10-loop_label.c │ ├── 11-loop_race.c │ ├── 12-errno.c │ ├── 13-sans_context.c │ ├── 14-startstate.c │ ├── 15-unused_arg.c │ ├── 16-unknown_branches.c │ ├── 17-constructors.c │ ├── 18-parse-empty-array.c │ ├── 19-if-0.c │ ├── 19-if-0.t │ ├── 20-if-0-realnode.c │ ├── 20-if-0-realnode.t │ ├── 21-empty-loops.c │ ├── 21-empty-loops.t │ ├── 22-modulo.c │ ├── 23-modulo-interval.c │ ├── 24-update_suite.c │ ├── 25-cfg-connect.c │ ├── 26-strict-loop-enter.c │ ├── 27-uncalled.c │ ├── 28-strict-multi-entry-loop.c │ ├── 29-earlyglobs-insens.c │ ├── 30-both_branches.c │ ├── 31-assert-redefine.c │ ├── 32-check.c │ ├── 33-hoare-over-paths.c │ ├── 33-hoare-over-paths.t │ ├── 34-hoare-over-addrs.c │ ├── 35-join-contexts.c │ ├── 36-strict-loop-dead.c │ ├── 36-strict-loop-dead.t │ ├── 37-long-double.c │ ├── 37-long-double.t │ ├── 38-evalfunvar-dead.c │ ├── 40-wpoint-restart-sound.c │ ├── 41-both_branches-2.c │ ├── 51-base-special-lval.c │ ├── 52-thread-unsafe-libfuns-single-thread.c │ ├── 52-thread-unsafe-libfuns-single-thread.t │ ├── 53-ptr-and-int.c │ └── dune ├── 01-cpa │ ├── 01-expressions.c │ ├── 02-branch.c │ ├── 03-loops.c │ ├── 04-functions.c │ ├── 05-recursion.c │ ├── 06-pointers.c │ ├── 07-structs.c │ ├── 08-unions.c │ ├── 09-arrays.c │ ├── 10-posneg.c │ ├── 11-fun_ptrargs.c │ ├── 12-bool.c │ ├── 13-scanf.c │ ├── 14-vararg.c │ ├── 15-break.c │ ├── 16-exit.c │ ├── 17-ptr_aliasing.c │ ├── 18-ptr_chains.c │ ├── 19-dangling_ptr.c │ ├── 20-static_var.c │ ├── 21-strings.c │ ├── 22-null_ptr.c │ ├── 23-std_funs.c │ ├── 24-library_functions.c │ ├── 25-ptr_problem.c │ ├── 26-const_ptr.c │ ├── 27-array_init.c │ ├── 28-interval.c │ ├── 29-fun_struct_array.c │ ├── 30-extern_var.c │ ├── 31-unk-fn-ptrs.c │ ├── 32-earlyglobs.c │ ├── 33-asserts.c │ ├── 34-def-exc.c │ ├── 35-intervals.c │ ├── 36-interval-branching.c │ ├── 37-div.c │ ├── 38-enum.c │ ├── 39-interval-and-enums.c │ ├── 40-arithm.c │ ├── 41-cast_in_equal_comp.c │ ├── 42-non-injective-mult-def-exc.c │ ├── 43-large-n-div.c │ ├── 44-large-n-div2.c │ ├── 45-float.c │ ├── 46-funptr_path.c │ ├── 47-posneg-signed-overflow.c │ ├── 48-inf-recursion.c │ ├── 49-earlyglobs-base.c │ ├── 50-earlyglobs_precious.c │ ├── 51-marshal.c │ ├── 52-escaping-recursion.c │ ├── 53-escaping-recursion-varEq.c │ ├── 54-tid-invalidate.c │ ├── 55-def_exc-widen.c │ ├── 56-def_exc-fp1.c │ ├── 57-def_exc-interval-inconsistent.c │ ├── 58-base-ctx-insens-bot.c │ ├── 59-def_exc-cmp-range.c │ ├── 60-def_exc-int128.c │ ├── 70-dead-branch-multiple.c │ ├── 71-widen-sides.c │ ├── 72-library-function-pointer.c │ ├── 73-vararg-function-ptr.c │ ├── 74-rand.c │ ├── 75-refine-def-exc.c │ └── 76-pointer-typedef.c ├── 02-base │ ├── 01-thread_creation.c │ ├── 02-simple_assignments.c │ ├── 03-pthread_join.c │ ├── 04-branched_thread_creation.c │ ├── 05-result_thread_creation.c │ ├── 06-side_effect1.c │ ├── 07-side_effect2.c │ ├── 08-glob_interval.c │ ├── 09-ambigpointer.c │ ├── 10-init_allfuns.c │ ├── 11-init_mainfun.c │ ├── 12-init_otherfun.c │ ├── 20-malloc_int.c │ ├── 21-malloc_loop.c │ ├── 22-malloc_glob.c │ ├── 23-malloc_globmt.c │ ├── 24-malloc_races.c │ ├── 25-malloc_race_cp.c │ ├── 26-malloc_struct.c │ ├── 27-malloc_array.c │ ├── 29-bot_vals.c │ ├── 30-escape_sound.c │ ├── 32-single-thr.c │ ├── 33-assert-infinite-loop.c │ ├── 34-builtin_va_list.c │ ├── 35-calloc_array.c │ ├── 36-calloc_struct.c │ ├── 37-calloc_glob.c │ ├── 38-calloc_int.c │ ├── 39-calloc_matrix.c │ ├── 40-calloc_loop.c │ ├── 41-calloc_globmt.c │ ├── 42-calloc_zero_init.c │ ├── 43-calloc_struct_array.c │ ├── 44-malloc_array.c │ ├── 45-branched_thread_creation_return.c │ ├── 46-spawn-global-funptrs.c │ ├── 47-no-threadescape.c │ ├── 48-unknown_func_struct.c │ ├── 49-unknown_func_union.c │ ├── 50-unknown_func_array.c │ ├── 51-spawn-special.c │ ├── 52-otherfun-special.c │ ├── 53-spawn-special-arg.c │ ├── 54-spawn-special-unknown.c │ ├── 55-printf-n.c │ ├── 56-printf-ptr.c │ ├── 57-meet-def-exc.c │ ├── 58-empty-not-dead.c │ ├── 59-evalint-deep.c │ ├── 60-malloc-nonrefl.c │ ├── 61-no-int-context.c │ ├── 62-no-int-context-attribute.c │ ├── 63-int-context-attribute.c │ ├── 64-enums-minmax.c │ ├── 65-no-eval-on-write.c │ ├── 66-no-eval-on-write-multi.c │ ├── 67-no-int-context-option.c │ ├── 68-int-context-option.c │ ├── 69-ipmi-struct-blob-fixpoint.c │ ├── 70-escape-unknown.c │ ├── 71-pthread-once.c │ ├── 72-ad-widen-duplicate.c │ ├── 73-no-eval-on-write-offset.c │ ├── 74-pcwd-deref-unknown-fp.c │ ├── 75-memset.c │ ├── 76-realloc.c │ ├── 77-chrony-sched-array.c │ ├── 78-realloc-free.c │ ├── 79-unknown-spawn.c │ ├── 80-unknown-no-spawn.c │ ├── 81-invalidate_indirect_base.c │ ├── 82-eq-no-overflow.c │ ├── 83-evalint-mustbeequal.c │ ├── 84-evalint-maybeequal.c │ ├── 85-evalint-maybeless.c │ ├── 86-spurious.c │ ├── 87-casts-dep-on-param.c │ ├── 87-casts-dep-on-param.t │ ├── 88-string-ptrs-limited.c │ ├── 89-string-ptrs-not-limited.c │ ├── 90-memcpy.c │ ├── 91-ad-meet.c │ ├── 92-ad-union-fields.c │ ├── 93-ad-struct-offset.c │ ├── 94-ad-first-field.c │ ├── 95-ad-zero-index.c │ ├── 96-null-deref-top.c │ ├── 97-null-deref-none.c │ ├── 98-refine-unsigned.c │ ├── 99-refine-typedef.c │ └── dune ├── 03-practical │ ├── 01-lval_eval.c │ ├── 02-index_nonstruct.c │ ├── 03-pthread_ptrs.c │ ├── 04-assign_to_ukwn.c │ ├── 05-deslash.c │ ├── 06-callback.c │ ├── 07-nonterm.c │ ├── 08-nonterm1.c │ ├── 09-nonterm2.c │ ├── 10-big_init.c │ ├── 11-extern.c │ ├── 12-aget_minimal.c │ ├── 13-pfscan_minimal.c │ ├── 14-call_by_pointer.c │ ├── 15-exit_problems.c │ ├── 16-union_index.c │ ├── 17-struct_priv.c │ ├── 18-no_ctx_box.c │ ├── 19-unsignedlonglong.c │ ├── 20-extern_nonpriv_sound.c │ ├── 21-pfscan_combine_minimal.c │ ├── 22-nested-infinite-loops.c │ ├── 23-knot-timeout.c │ ├── 24-threshold.c │ ├── 25-zstd-customMem.c │ ├── 26-smtprc-crash.c │ ├── 27-charptr_null.c │ ├── 28-bool.c │ ├── 29-bool-interval.c │ ├── 30-bool-congr.c │ ├── 31-zstd-cctxpool-blobs.c │ ├── 32-smtprc-tid.c │ ├── 33-threshold-narrowing-intervals.c │ ├── 34-threshold-narrowing-interval-sets.c │ ├── 35-base-mutex-macos.c │ ├── 35-base-mutex-macos.t │ ├── 36-struct-ptr.c │ └── dune ├── 04-mutex │ ├── 01-simple_rc.c │ ├── 01-simple_rc.t │ ├── 02-simple_nr.c │ ├── 03-munge_rc.c │ ├── 04-munge_nr.c │ ├── 05-lockfuns.c │ ├── 06-ps_rc.c │ ├── 07-ps_nr.c │ ├── 08-pthread_arg.c │ ├── 09-ptrmunge_rc.c │ ├── 10-ptrmunge_nr.c │ ├── 11-ptr_rc.c │ ├── 12-ptr_nr.c │ ├── 13-failed_locking.c │ ├── 14-funarg_rc.c │ ├── 15-funarg_nr.c │ ├── 16-ps_add1_rc.c │ ├── 17-ps_add1_nr.c │ ├── 18-glob_guards.c │ ├── 19-call_by_ptr_rc.c │ ├── 20-stdfun_rc.c │ ├── 21-sound_base.c │ ├── 22-deref_read.c │ ├── 23-sound_unlock.c │ ├── 24-sound_lock.c │ ├── 25-single_acc.c │ ├── 26-ptrrace_default.c │ ├── 27-base_rc.c │ ├── 28-base_nr.c │ ├── 29-funstruct_rc.c │ ├── 30-funstruct_nr.c │ ├── 31-uninitialized.c │ ├── 32-allfuns.c │ ├── 33-kernel_rc.c │ ├── 34-kernel_nr.c │ ├── 35-trylock_rc.c │ ├── 36-trylock_nr.c │ ├── 37-indirect_rc.c │ ├── 38-indexing_malloc.c │ ├── 39-rw_lock_nr.c │ ├── 40-rw_lock_rc.c │ ├── 41-pt_rwlock.c │ ├── 42-trylock_2mutex.c │ ├── 43-thread_create_nr.c │ ├── 44-malloc_sound.c │ ├── 45-escape_rc.c │ ├── 46-escape_nr.c │ ├── 47-fun_write.c │ ├── 48-assign_spawn.c │ ├── 49-type-invariants.c │ ├── 49-type-invariants.t │ ├── 50-funptr_rc.c │ ├── 51-mutex_ptr.c │ ├── 52-confid_rc.c │ ├── 53-kernel-spinlock.c │ ├── 54-pt_rwlock_ww.c │ ├── 55-pt_rwlock_rr.c │ ├── 56-extern_call_by_ptr_rc.c │ ├── 57-thread_ret.c │ ├── 58-pthread-lock-return.c │ ├── 59-testfive-intervals.c │ ├── 60-testfive-intervals-protection.c │ ├── 61-allfuns-globs.c │ ├── 62-simple_atomic_nr.c │ ├── 63-unknown_unlock_rc.c │ ├── 64-free_direct_rc.c │ ├── 65-free_indirect_rc.c │ ├── 66-free_direct_nc.c │ ├── 67-free_indirect_nr.c │ ├── 68-vla_rc.c │ ├── 69-sizeof_rc.c │ ├── 70-memset_indirect_nr.c │ ├── 71-memset_direct_rc.c │ ├── 72-memset_arg_rc.c │ ├── 73-simple_nr_spinlock.c │ ├── 74-combine-env-assign-imprecise.c │ ├── 75-combine-env-assign-unsound.c │ ├── 76-empty-if_rc.c │ ├── 77-type-nested-fields.c │ ├── 77-type-nested-fields.t │ ├── 78-type-array.c │ ├── 79-type-nested-fields-deep1.c │ ├── 79-type-nested-fields-deep1.t │ ├── 80-type-nested-fields-deep2.c │ ├── 80-type-nested-fields-deep2.t │ ├── 81-if-cond-race-loc.c │ ├── 82-thread-local-storage.c │ ├── 83-thread-local-storage-escape.c │ ├── 84-distribute-fields-1.c │ ├── 84-distribute-fields-1.t │ ├── 85-distribute-fields-2.c │ ├── 85-distribute-fields-2.t │ ├── 86-distribute-fields-3.c │ ├── 86-distribute-fields-3.t │ ├── 87-distribute-fields-4.c │ ├── 87-distribute-fields-4.t │ ├── 88-distribute-fields-5.c │ ├── 88-distribute-fields-5.t │ ├── 89-distribute-fields-6.c │ ├── 89-distribute-fields-6.t │ ├── 90-distribute-fields-type-1.c │ ├── 90-distribute-fields-type-1.t │ ├── 91-distribute-fields-type-2.c │ ├── 91-distribute-fields-type-2.t │ ├── 92-distribute-fields-type-deep.c │ ├── 92-distribute-fields-type-deep.t │ ├── 93-distribute-fields-type-global.c │ ├── 93-distribute-fields-type-global.t │ ├── 94-thread-unsafe_fun_rc.c │ ├── 95-thread-unsafe_fun_nr.c │ ├── 96-split.c │ ├── 97-split-mt.c │ ├── 98-thread-local-eq.c │ ├── 99-volatile.c │ └── dune ├── 05-lval_ls │ ├── 01-idx_rc.c │ ├── 02-idx_nr.c │ ├── 03-fld_rc.c │ ├── 04-fld_nr.c │ ├── 05-glob_idx_rc.c │ ├── 06-glob_idx_nr.c │ ├── 07-glob_fld_rc.c │ ├── 08-glob_fld_2_rc.c │ ├── 09-idxsense_rc.c │ ├── 10-idxsense_nr.c │ ├── 11-fldsense_rc.c │ ├── 12-fldsense_nr.c │ ├── 13-idxunknown_lock.c │ ├── 14-idxunknown_access.c │ ├── 15-fldunknown_access.c │ ├── 16-idxunknown_unlock.c │ ├── 17-per_elem_simp.c │ ├── 18-website.c │ ├── 19-idxunknown_unlock_precise.c │ ├── 20-race-null-void.c │ ├── 21-race-null-type.c │ ├── 22-race-null-void-deep.c │ ├── 23-race-null-type-deep.c │ ├── 24-idxunknown_recursive.c │ └── 25-idxunknown_recursive_2.c ├── 06-symbeq │ ├── 01-symbeq_ints.c │ ├── 02-funloop_norace.c │ ├── 03-funloop_simple.c │ ├── 04-funloop_hard1.c │ ├── 05-funloop_hard2.c │ ├── 06-tricky_address1.c │ ├── 07-tricky_address2.c │ ├── 08-tricky_address3.c │ ├── 09-tricky_address4.c │ ├── 10-equ_rc.c │ ├── 11-equ_nr.c │ ├── 12-equ_proc_rc.c │ ├── 13-equ_proc_nr.c │ ├── 14-list_entry_rc.c │ ├── 14-list_entry_rc.t │ ├── 15-list_entry_nr.c │ ├── 16-type_rc.c │ ├── 16-type_rc.t │ ├── 17-type_nr.c │ ├── 18-symbeq_addrs.c │ ├── 19-symbeq_funcs.c │ ├── 20-mult_accs_nr.c │ ├── 21-mult_accs_rc.c │ ├── 21-mult_accs_rc.t │ ├── 22-var_eq_types.c │ ├── 23-idxsense_nr.c │ ├── 24-escape_rc.c │ ├── 25-ptr_global.c │ ├── 26-symb_lockfuns.c │ ├── 27-symb_no_lockfuns.c │ ├── 28-symb_lockset_unsound.c │ ├── 29-symb_lockfun_unsound.c │ ├── 30-symb_lockset_mayunlock.c │ ├── 31-zstd-thread-pool.c │ ├── 32-var_eq-unknown-invalidate.c │ ├── 33-symb_accfun.c │ ├── 34-var_eq-exponential-context.c │ ├── 35-zstd-thread-pool-multi.c │ ├── 36-zstd-thread-pool-add.c │ ├── 37-funloop_index.c │ ├── 38-chrony-name2ipaddress.c │ ├── 39-funloop_index_bad.c │ ├── 40-var_eq-widen1.c │ ├── 41-vareq_global.c │ ├── 42-vareq_escape.c │ ├── 43-type_nr_disjoint_types.c │ ├── 44-type_rc_type_field.c │ ├── 45-zstd-thread-pool-free.c │ ├── 46-calloc-free.c │ ├── 47-var_eq_multithread.c │ ├── 50-type_array_via_ptr_rc.c │ ├── 51-typedef_rc.c │ ├── 52-typedef2_rc.c │ └── dune ├── 07-uninit │ ├── 01-simple.c │ ├── 02-path_sense.c │ ├── 03-path_sense_bad.c │ ├── 04-intent_out.c │ ├── 05-struct-bad.c │ ├── 06-struct-good.c │ ├── 07-struct_return.c │ ├── 08-struct_intent_out.c │ ├── 09-struct_deep_bad.c │ ├── 10-struct_deep_good.c │ ├── 11-ptr_passtrough.c │ ├── 12-struct_return_warn.c │ ├── 13-struct_param_warn.c │ ├── 14-struct_in_struct.c │ ├── 15-union_simple_good.c │ ├── 16-union_simple_bad.c │ ├── 17-struct_in_union.c │ ├── 18-union_in_union.c │ └── 19-struct_in_union_bad.c ├── 08-malloc_null │ ├── 01-simple-malloc.c │ └── 02-paths-malloc.c ├── 09-regions │ ├── 01-list_rc.c │ ├── 02-list_nr.c │ ├── 03-list2_rc.c │ ├── 04-list2_nr.c │ ├── 05-ptra_rc.c │ ├── 06-ptra_nr.c │ ├── 07-kernel_list_rc.c │ ├── 08-kernel_list_nr.c │ ├── 09-arraylist.c │ ├── 10-arraylist_rc.c │ ├── 11-arraylist_nr.c │ ├── 12-arraycollapse_rc.c │ ├── 13-arraycollapse_nr.c │ ├── 14-kernel_foreach_rc.c │ ├── 15-kernel_foreach_nr.c │ ├── 16-arrayloop_rc.c │ ├── 17-arrayloop_nr.c │ ├── 18-nested_rc.c │ ├── 19-nested_nr.c │ ├── 20-arrayloop2_rc.c │ ├── 21-arrayloop2_nr.c │ ├── 22-nocollapse.c │ ├── 23-evilcollapse_rc.c │ ├── 24-evilcollapse_nr.c │ ├── 25-usb_bus_list_nr.c │ ├── 26-alloc_region_rc.c │ ├── 27-alloc_buffer.c │ ├── 28-list2alloc.c │ ├── 29-malloc_race_cp.c │ ├── 30-list2alloc-offsets.c │ ├── 31-equ_rc.c │ ├── 32-equ_nr.c │ ├── 33-alloc_region_rc_next_flip.c │ ├── 34-escape_rc.c │ ├── 35-list2_rc-offsets-thread.c │ ├── 36-global_init_rc.c │ ├── 37-global_init_nr.c │ ├── 38-escape_malloc.c │ ├── 39-evilcollapse_rc_wpoint.c │ ├── 40-zstd-thread-pool-region.c │ └── 41-per-thread-array-init-race.c ├── 10-synch │ ├── 01-thread_unique.c │ ├── 02-thread_nonunique.c │ ├── 03-two_unique.c │ ├── 04-two_mainfuns.c │ ├── 05-two_unique_two_lock.c │ ├── 06-thread_nonunique_plain.c │ ├── 07-thread_self_create.c │ ├── 11-join_nr.c │ ├── 12-join_rc.c │ ├── 13-two_threads_nr.c │ ├── 14-two_threads_rc.c │ ├── 15-join_other_nr.c │ ├── 16-join_loop_nr.c │ ├── 17-glob_fld_nr.c │ ├── 18-join_other_rc.c │ ├── 19-join_path_nr.c │ ├── 20-race-2_1-container_of.c │ ├── 21-spawn_path_nr.c │ ├── 22-spawn_path_ctx_nr.c │ ├── 23-tid-partitioned-array.c │ ├── 24-tid-partitioned-array-global.c │ ├── 25-tid-array-malloc.c │ ├── 26-tid-array-malloc-free.c │ ├── 27-tid-array-malloc-2.c │ ├── 28-join-array.c │ ├── 29-multiple-created-only.c │ └── 30-no-crash.c ├── 11-heap │ ├── 01-nestedlist_nr.c │ ├── 02-nestedlist_rc.c │ ├── 03-linked.c │ ├── 04-malloc_unique_addresses.c │ ├── 05-malloc_not_unique_address.c │ ├── 06-wrapper_plus_unique_addresses.c │ ├── 07-strong_updates.c │ ├── 08-no_strong_update.c │ ├── 09-no_strong_update_not_unique_thread.c │ ├── 10-no_strong_update_different_size.c │ ├── 11-threads_malloc_no_race.c │ ├── 12-calloc.c │ ├── 13-linear-search.c │ ├── 14-list_entry_rc-unroll.c │ ├── 15-malloc_unique_addresses_struct.c │ ├── 16-issue-1388.c │ ├── 17-unique-mt.c │ └── 18-unique-st.c ├── 12-containment │ └── README.txt ├── 13-privatized │ ├── 01-priv_nr.c │ ├── 01-priv_nr.t │ ├── 02-priv_rc.c │ ├── 03-priv_inv.c │ ├── 04-priv_multi.c │ ├── 04-priv_multi.t │ ├── 17-priv_interval.c │ ├── 18-first-reads.c │ ├── 19-publish-precision.c │ ├── 20-publish-regression.c │ ├── 21-publish-basic.c │ ├── 22-traces-paper.c │ ├── 23-traces-paper2.c │ ├── 24-multiple-protecting.c │ ├── 25-struct_nr.c │ ├── 25-struct_nr.t │ ├── 26-struct_rc.c │ ├── 27-multiple-protecting2.c │ ├── 28-multiple-protecting2-simple.c │ ├── 29-multiple-protecting2-vesal.c │ ├── 30-traces-oplus-vs-meet.c │ ├── 31-traces-mine-vs-mutex.c │ ├── 32-traces-mine-vs-oplus-vs-meet.c │ ├── 33-traces-v-matters.c │ ├── 34-traces-minepp-L-needs-to-be-um.c │ ├── 35-traces-ex-2.c │ ├── 36-traces-ex-3.c │ ├── 37-traces-ex-4.c │ ├── 38-traces-ex-4-switch.c │ ├── 39-traces-ex-5.c │ ├── 40-traces-ex-6.c │ ├── 41-traces-ex-7.c │ ├── 42-traces-ex-mini.c │ ├── 43-traces-mine1.c │ ├── 44-traces-mine2.c │ ├── 45-traces-per-global-and-current-lock-mine-incomparable.c │ ├── 46-refine-protected1.c │ ├── 47-refine-protected2.c │ ├── 48-pfscan_protected_loop_minimal.c │ ├── 49-refine-protected-loop.c │ ├── 50-pfscan_protected_loop_minimal2.c │ ├── 51-refine-protected-loop2.c │ ├── 52-refine-protected-loop2-small.c │ ├── 53-pfscan_widen_dependent_minimal.c │ ├── 54-widen-dependent.c │ ├── 55-widen-dependent-local.c │ ├── 56-aget_extern_init_minimal.c │ ├── 57-singlethreaded-unlock.c │ ├── 58-singlethreaded-lock.c │ ├── 59-smtprc_threadenter_path_minimal.c │ ├── 60-allfuns-priv.c │ ├── 61-otherfun-priv.c │ ├── 62-global-threadid.c │ ├── 63-access-threadspawn-lval.c │ ├── 63-access-threadspawn-lval.t │ ├── 64-access-invalidate.c │ ├── 64-access-invalidate.t │ ├── 65-threadreturn-cpa-remove.c │ ├── 66-mine-W-init.c │ ├── 67-pthread_cond_wait.c │ ├── 68-pfscan_protected_loop_minimal_interval.c │ ├── 69-refine-protected-loop-interval.c │ ├── 70-mm-reentrant.c │ ├── 71-branched-thread-creation-priv.c │ ├── 72-pthread_cond_wait_mutexoplus.c │ ├── 73-branched-thread-creation-priv2.c │ ├── 74-mutex.c │ ├── 74-mutex.t │ ├── 75-protection-tid.c │ ├── 76-protection-tid2.c │ ├── 77-lock-tid.c │ ├── 78-write-tid.c │ ├── 79-write-lock-tid.c │ ├── 80-nondet-struct-ptr.c │ ├── 81-nondet-local-pointer.c │ ├── 82-nondet-global-pointer.c │ ├── 83-nondet-struct-ptr-write.c │ ├── 84-nondet-local-pointer-write.c │ ├── 85-nondet-global-pointer-write.c │ ├── 86-nondet-struct-ptr-lock.c │ ├── 87-nondet-local-pointer-lock.c │ ├── 88-nondet-global-pointer-lock.c │ ├── 89-write-lacking-precision.c │ ├── 90-union.c │ ├── 91-union-direct.c │ ├── 92-idx_priv.c │ ├── 92-idx_priv.t │ ├── 93-unlock-idx-ambiguous.c │ ├── 93-unlock-idx-ambiguous.t │ ├── 94-unlock-unknown.c │ ├── 94-unlock-unknown.t │ ├── 95-mm-calloc.c │ ├── 96-mine-W-threadenter.c │ └── dune ├── 14-osek │ └── README.md ├── 15-deadlock │ ├── 01-basic_deadlock.c │ ├── 02-basic_nodeadlock.c │ ├── 03-triple_deadlock.c │ ├── 04-triple_nodeadlock.c │ ├── 05-may_deadlock.c │ ├── 06-may_nodeadlock.c │ ├── 07-account_deadlock.c │ ├── 08-account_nodeadlock.c │ ├── 09-account_correct.c │ ├── 10-account_incorrect.c │ ├── 11-common_mutex_nodeadlock.c │ ├── 12-ase16_nodeadlock.c │ ├── 13-deadlock-mhp.c │ ├── 14-missing-unlock.c │ ├── 15-deadlock-mhp2.c │ ├── 19-fail_deadlock.c │ ├── 20-ambig_deadlock.c │ ├── 21-unknown_deadlock.c │ ├── 22-ambig_unlock_deadlock.c │ ├── 23-unknown_unlock_deadlock.c │ ├── 24-malloc_unlock_deadlock.c │ ├── 25-malloc_deadlock.c │ ├── 26-unknown_deadlock2.c │ └── 27-self_deadlock.c ├── 16-relinv │ └── README.md ├── 17-arinc │ └── README.md ├── 18-file │ └── README.md ├── 19-spec │ └── README.md ├── 20-slr_term │ ├── 01-no-int-context.c │ ├── 02-global-inc.c │ ├── 03-3ctxs.c │ ├── 04-assert-exit.c │ ├── 05-selfloop.c │ ├── 06-trylock_rc_slr.c │ ├── 07-slr-interval.c │ └── 08-slr-glob_interval.c ├── 21-casts │ ├── 01-via_ptr.c │ ├── 02-loop.c │ ├── 03-Exc-overflow.c │ └── 04-neg-to-unsigned-invariant.c ├── 22-partitioned_arrays │ ├── 01-simple_array.c │ ├── 02-pointers_array.c │ ├── 03-multidimensional_arrays.c │ ├── 04-nesting_arrays.c │ ├── 05-adapted_from_01_09_array.c │ ├── 06-interprocedural.c │ ├── 07-global_array.c │ ├── 08-unsupported.c │ ├── 09-one_by_one.c │ ├── 11-was_problematic.c │ ├── 12-was_problematic_2.c │ ├── 13-was_problematic_3.c │ ├── 14-with_def_exc.c │ ├── 15-var_eq.c │ ├── 16-refine-meet.c │ ├── 17-large_arrays.c │ ├── 18-large_arrays-nocalloc.c │ ├── 19-fixpoint.c │ └── 20-more-fixpoint.c ├── 23-partitioned_arrays_last │ ├── 01-simple_array.c │ ├── 02-pointers_array.c │ ├── 03-multidimensional_arrays.c │ ├── 04-nesting_arrays.c │ ├── 05-adapted_from_01_09_array.c │ ├── 06-interprocedural.c │ ├── 07-global_array.c │ ├── 08-unsupported.c │ ├── 09-one_by_one.c │ ├── 11-was_problematic.c │ ├── 12-was_problematic_2.c │ ├── 13-advantage_for_last.c │ └── 14-replace_with_const.c ├── 24-octagon │ ├── 01-octagon_simple.c │ ├── 02-octagon_interprocedural.c │ ├── 03-previously_problematic_a.c │ ├── 04-previously_problematic_b.c │ ├── 05-previously_problematic_c.c │ ├── 06-previously_problematic_d.c │ ├── 07-previously_problematic_e.c │ ├── 08-previously_problematic_f.c │ ├── 09-previously_problematic_g.c │ ├── 10-previously_problematic_h.c │ ├── 11-previously_problematic_i.c │ ├── 12-previously_problematic_j.c │ ├── 13-array_octagon.c │ ├── 14-array_octagon_keep_last.c │ ├── 15-array_octagon_prec.c │ ├── 16-array_octagon_keep_last_prec.c │ ├── 17-address.c │ ├── 18-dead.c │ └── dune ├── 25-vla │ ├── 01-simple.c │ ├── 02-loop.c │ ├── 03-calls.c │ ├── 04-passing_ptr_to_array.c │ ├── 05-more_passing.c │ └── 06-even_more_passing.c ├── 26-undefined_behavior │ ├── 01-only-intervals.c │ ├── 02-array-out-of-bounds.c │ ├── 03-array-out-of-bounds-pointer.c │ ├── 04-multidimensional-array-oob-access.c │ ├── 05-dynamically-sized-array-oob-access.c │ ├── 06-pointer-to-arrays-of-different-sizes.c │ ├── 07-arrays-within-structures.c │ ├── 09-nullpointer-dereference-struct.c │ ├── 10-nullpointer-dereference-simple.c │ ├── 11-nullpointer-dereference-ints.c │ ├── 12-nullpointer-dereference-array.c │ ├── 13-nullpointer-derefence-lval.c │ ├── 14-nullpointer-dereference-function.c │ └── 15-oob_init.c ├── 27-inv_invariants │ ├── 01-ints.c │ ├── 02-bot-during-condition.c │ ├── 03-ints-not.c │ ├── 04-ints-not-interval.c │ ├── 05-overflow-def-exc.c │ ├── 06-mul-arith.c │ ├── 07-more-bot.c │ ├── 08-bor-inv.c │ ├── 09-invariant-worsen.c │ ├── 10-invariant-worsen-global.c │ ├── 11-indirect-addresses.c │ ├── 12-bot-mul-div.c │ ├── 13-mul-arith.c │ ├── 14-interval-arith.c │ ├── 15-unknown-null-ptr.c │ ├── 16-sedgewick.c │ ├── 17-interval-exclude-bound.c │ ├── 18-union-float-int.c │ ├── 19-union-char-int.c │ ├── 20-warns-unsigned.c │ ├── 21-unsigned.c │ ├── 22-mine-tutorial-ex4.4.c │ ├── 23-meet-ptrs.c │ ├── 24-ptr.c │ └── 25-deadcode.c ├── 28-race_reach │ ├── 01-simple_racing.c │ ├── 02-simple_racefree.c │ ├── 03-munge_racing.c │ ├── 04-munge_racefree.c │ ├── 05-lockfuns_racefree.c │ ├── 06-cond_racing1.c │ ├── 07-cond_racing2.c │ ├── 08-cond_racefree.c │ ├── 09-ptrmunge_racing.c │ ├── 10-ptrmunge_racefree.c │ ├── 11-ptr_racing.c │ ├── 12-ptr_racefree.c │ ├── 19-callback_racing.c │ ├── 20-callback_racefree.c │ ├── 21-deref_read_racing.c │ ├── 22-deref_read_racefree.c │ ├── 23-sound_unlock_racing.c │ ├── 24-sound_lock_racing.c │ ├── 27-funptr_racing.c │ ├── 28-funptr_racefree.c │ ├── 36-indirect_racefree.c │ ├── 37-indirect_racing.c │ ├── 40-trylock_racing.c │ ├── 41-trylock_racefree.c │ ├── 42-trylock2_racefree.c │ ├── 45-escape_racing.c │ ├── 46-escape_racefree.c │ ├── 51-mutexptr_racefree.c │ ├── 60-invariant_racefree.c │ ├── 61-invariant_racing.c │ ├── 70-funloop_racefree.c │ ├── 71-funloop_racing.c │ ├── 72-funloop_hard_racing.c │ ├── 73-funloop_hard_racefree.c │ ├── 74-tricky_address1_racefree.c │ ├── 75-tricky_address2_racefree.c │ ├── 76-tricky_address3_racefree.c │ ├── 77-tricky_address4_racing.c │ ├── 78-equ_racing.c │ ├── 79-equ_racefree.c │ ├── 81-list_racing.c │ ├── 82-list_racefree.c │ ├── 83-list2_racing1.c │ ├── 84-list2_racing2.c │ ├── 85-list2_racefree.c │ ├── 86-lists_racing.c │ ├── 87-lists_racefree.c │ ├── 90-arrayloop2_racing.c │ ├── 91-arrayloop2_racefree.c │ ├── 92-evilcollapse_racing.c │ ├── 93-evilcollapse_racefree.c │ ├── 94-alloc_region_racing.c │ ├── 95-deref-fun.c │ ├── 96-deref-fun2.c │ └── racemacros.h ├── 29-svcomp │ ├── 01-race-2_3b-container_of.c │ ├── 02-race-2_4b-container_of.c │ ├── 03-race-2_5b-container_of.c │ ├── 04-lustre-minimal.c │ ├── 05-isp1362-malloc-fun.c │ ├── 06-isp1362-widen-context.c │ ├── 07-malloc_fun.c │ ├── 08-malloc_fun2.c │ ├── 09-ptr-cast-write.c │ ├── 10-ptr-cast-write-malloc.c │ ├── 11-arithmetic-bot.c │ ├── 12-interval-bot.c │ ├── 13-comparision-bot.c │ ├── 14-addition-in-comparision-bot.c │ ├── 15-atomic_nr.c │ ├── 16-atomic_priv.c │ ├── 16-atomic_priv.t │ ├── 17-atomic_fun_nr.c │ ├── 18-atomic_fun_priv.c │ ├── 19-problematic.c │ ├── 20-char_generic_nvram.c │ ├── 21-issue-casting.c │ ├── 22-atomic_priv_sound.c │ ├── 23-atomic_priv_sound2.c │ ├── 24-atomic_priv_sound3.c │ ├── 25-writing-into-char-array.c │ ├── 26-ikinds_if.c │ ├── 28-svcomp-marshal.c │ ├── 29-witness.c │ ├── 30-nondets.c │ ├── 31-dd-address-meet.c │ ├── 32-no-ov.c │ ├── 32-no-ov.t │ ├── 33-verifier-assert-undef.c │ ├── 33-verifier-assert-undef.t │ ├── 34-verifier-assert-def.c │ ├── 34-verifier-assert-def.t │ ├── 35-nla-sqrt.c │ ├── 36-svcomp-arch.c │ ├── 36-svcomp-arch.t │ └── dune ├── 30-fast_global_inits │ ├── 01-on.c │ ├── 02-off.c │ ├── 03-performance.c │ ├── 04-non-zero.c │ └── 05-non-zero-performance.c ├── 31-ikind-aware-ints │ ├── 01-cast-in-if.c │ ├── 02-NULL-0-test.c │ ├── 03-lnot.c │ ├── 04-ptrdiff.c │ ├── 05-shift.c │ ├── 06-structs.c │ ├── 07-defexc-large.c │ ├── 08-unsigned-negate.c │ ├── 09-signed-negate.c │ ├── 10-log-bitwise-def_exc.c │ ├── 11-log-bitwise-intervals.c │ ├── 12-log-bitwise-enums.c │ ├── 13-intervals-large.c │ ├── 14-enums-large.c │ ├── 15-strange.c │ ├── 16-enums-compare.c │ └── 17-def-enum-refine.c ├── 32-widen-context │ ├── 01-on.c │ ├── 02-on-attribute.c │ └── 03-off-attribute.c ├── 33-constants │ ├── 01-const.c │ ├── 02-simple.c │ ├── 03-empty-not-dead-branch.c │ ├── 04-empty-not-dead.c │ └── 05-fun_ptranal.c ├── 34-localwn_restart │ ├── 01-nested.c │ ├── 02-hybrid.c │ ├── 03-nested2.c │ ├── 04-hh.c │ ├── 05-nested.w.counter.c │ ├── 06-td-a2i.c │ ├── 11-side-restart.c │ ├── 12-side-restart-mutual.c │ └── 13-side-restart-self.c ├── 35-marshaling │ └── 01-disable_hashcons.c ├── 36-apron │ ├── 01-octagon_simple.c │ ├── 02-octagon_interprocudral.c │ ├── 03-problem-signextension.c │ ├── 04-problem-rec.c │ ├── 05-problem-rec2.c │ ├── 06-problem-overflow.c │ ├── 07-problem-pointer.c │ ├── 08-problem-implicitunsignedconversion.c │ ├── 09-branch.c │ ├── 10-float.c │ ├── 11-traces-max-simple.c │ ├── 12-traces-min-rpb1.c │ ├── 12-traces-min-rpb1.t │ ├── 13-traces-min-rpb2.c │ ├── 14-traces-unprot.c │ ├── 15-globals-st.c │ ├── 16-traces-unprot2.c │ ├── 17-traces-rpb-litmus.c │ ├── 18-branch2.c │ ├── 19-traces-other-rpb.c │ ├── 20-traces-even-more-rpb.c │ ├── 21-traces-cluster-based.c │ ├── 22-traces-write-centered-vs-meet-mutex.c │ ├── 23-traces-write-centered-problem.c │ ├── 24-combine-no-lval.c │ ├── 25-combine-global.c │ ├── 26-combine-forget-local-lval.c │ ├── 27-combine-forget-fun-lval.c │ ├── 28-combine-forget-fun-lval-imprecise.c │ ├── 29-combine-arg-var-conflict.c │ ├── 30-return-global.c │ ├── 31-combine-global-lval.c │ ├── 32-typedef.c │ ├── 33-large-int64.c │ ├── 34-large-bigint.c │ ├── 35-rational-value.c │ ├── 36-special-unknown-globals.c │ ├── 37-special-unknown-lval.c │ ├── 38-branch-global.c │ ├── 39-enter-global-arg.c │ ├── 40-rational-bounds.c │ ├── 41-threadenter-no-locals.c │ ├── 42-threadenter-arg.c │ ├── 45-context.c │ ├── 46-no-context.c │ ├── 47-no-context-attribute.c │ ├── 48-context-attribute.c │ ├── 49-assert-refine.c │ ├── 50-evalint.c │ ├── 51-airline.c │ ├── 52-queuesize.c │ ├── 52-queuesize.t │ ├── 53-queuesize-resize.c │ ├── 54-account-2-const.c │ ├── 55-account-2.c │ ├── 56-vectorsize-eager-downsize.c │ ├── 57-vectorsize-lazy-downsize.c │ ├── 58-queuesize-const.c │ ├── 59-queuesize-cond.c │ ├── 60-evalint-interval.c │ ├── 61-branched.c │ ├── 62-branched_intricate.c │ ├── 63-branched-not-too-brutal.c │ ├── 64-dummy-sound.c │ ├── 65-multi-lock-producer-consumer.c │ ├── 68-pfscan-workers-strengthening.c │ ├── 69-evalint-overflow.c │ ├── 70-signed-overflows.c │ ├── 71-tid-toy1.c │ ├── 72-tid-toy2.c │ ├── 73-tid-toy3.c │ ├── 74-tid-curious.c │ ├── 75-tid-toy5.c │ ├── 76-tid-toy6.c │ ├── 77-tid-toy7.c │ ├── 78-tid-toy8.c │ ├── 79-tid-toy9.c │ ├── 80-tid-toy10.c │ ├── 81-tid-toy11.c │ ├── 82-tid-toy12.c │ ├── 83-tid-toy13.c │ ├── 84-problem-0402.c │ ├── 85-problem-0405.c │ ├── 86-branched-thread-creation.c │ ├── 87-sync.c │ ├── 88-mine14-no-threshhold.c │ ├── 89-mine14.c │ ├── 90-mine14-5b.c │ ├── 91-mine14-5b-no-threshhold.c │ ├── 92-traces-mutex-meet-cluster2.c │ ├── 93-traces-mutex-meet-cluster12.c │ ├── 94-simple-apron-interval.c │ ├── 95-simple-polyhedra.c │ ├── 96-branched-thread-creation-apron-priv.c │ ├── 97-no-loc.c │ ├── 98-loc.c │ ├── 99-mine14-strengthening.c │ └── dune ├── 37-congruence │ ├── 01-simple.c │ ├── 02-constants.c │ ├── 03-interval-overflow.c │ ├── 04-branching.c │ ├── 05-implicitunsignedconversion-1.c │ ├── 06-refinements.c │ ├── 07-refinements-o.c │ ├── 08-mod-16-unsigned-overflow.c │ ├── 09-mod-pow-two-unsigned-overflow.c │ ├── 10-overflow-unsigned-special-cases.c │ ├── 11-overflow-signed.c │ ├── 12-invariant-ineq.c │ ├── 13-bitand.c │ ├── 14-negative.c │ ├── 15-congruence-hardness-unsound-branches.c │ ├── 16-refinement-fixpoint.c │ └── 17-sub-congruence.c ├── 38-int-refinements │ ├── 01-interval-congruence.c │ ├── 02-strange-ulong.c │ ├── 03-more-problem.c │ ├── 04-ov.c │ ├── 05-invalid-widen.c │ ├── 06-narrow.c │ └── 07-enums.c ├── 39-signed-overflows │ ├── 01-def_exc.c │ ├── 02-intervals.c │ ├── 03-cast-return-void-ptr.c │ ├── 04-cast-unsigned-to-signed.c │ ├── 05-lower-constants.c │ ├── 06-abs.c │ ├── 07-abs-sqrt.c │ ├── 08-labs.c │ ├── 09-labs-sqrt.c │ ├── 10-shiftleft.c │ ├── 11-imaxabs.c │ ├── 12-imaxabs-sqrt.c │ └── 13-imaxabs-macos.c ├── 40-threadid │ ├── 01-threadid_history_unique.c │ ├── 02-threadid_history_nonunique.c │ ├── 03-threadid_history_two_unique.c │ ├── 04-recover.c │ ├── 05-nc-simple.c │ ├── 06-nc-deep.c │ ├── 07-nc-createEdges.c │ ├── 08-nc-fromThread.c │ ├── 09-multiple.c │ ├── 10-multiple-thread.c │ └── 11-multiple-unique-counter.c ├── 41-stdlib │ ├── 01-qsort.c │ ├── 02-bsearch.c │ ├── 03-noqsort.c │ ├── 03-noqsort.t │ ├── 04-pthread-specific.c │ ├── 05-more.c │ ├── 06-atomic.c │ ├── 07-atexit.c │ ├── 08-atexit-no-spawn.c │ └── dune ├── 42-annotated-precision │ ├── 01-def_exc.c │ ├── 02-interval.c │ ├── 03-congruence.c │ ├── 04-struct.c │ ├── 05-array.c │ ├── 06-global.c │ ├── 07-missing_annotation.c │ ├── 08-22_01-simple_array.c │ ├── 09-22_02-pointers_array.c │ ├── 10-22_03-multidimensional_arrays.c │ ├── 11-22_04-nesting_arrays.c │ ├── 12-22_06-interprocedural.c │ ├── 13-22_07-global_array.c │ ├── 15-23_01-simple_array.c │ ├── 16-23_02-pointers_array.c │ ├── 17-23_03-multidimensional_arrays.c │ ├── 18-23_04-nesting_arrays.c │ ├── 19-23_06-interprocedural.c │ ├── 21-23_14-replace_with_const.c │ ├── 22-26_05-dynamically-sized-array-oob-access.c │ ├── 23-26_07-arrays-within-structures.c │ ├── 24-30_02-off.c │ ├── 25-34_01-nested.c │ ├── 26-34_02-hybrid.c │ ├── 27-01_03-loops.c │ ├── 28-02_36-calloc_struct.c │ ├── 29-07_14-struct_in_struct.c │ ├── 30-31_12-log-bitwise-enums.c │ ├── 31-37_04-branching.c │ ├── 32-01_03-loops_i.c │ ├── 33-02_36-calloc_struct_i.c │ ├── 34-07_14-struct_in_struct_i.c │ ├── 35-31_12-log-bitwise-enums_i.c │ ├── 36-37_04-branching_i.c │ └── 37-def_exc-via-option.c ├── 43-struct-domain │ ├── 01-single-thread.c │ ├── 02-multi-thread.c │ ├── 03-multi-thread-mutex.c │ ├── 04-small.c │ ├── 05-single-thread-widening.c │ ├── 06-many-choices.c │ ├── 07-check-sets.c │ ├── 08-nested-structs.c │ ├── 09-join-test.c │ ├── 10-many-choices-intervals.c │ ├── 11-normalize-top.c │ ├── 12-aget.c │ ├── 13-intervals-branching-meet.c │ ├── 14-single-thread-keyed.c │ ├── 15-multi-thread-keyed.c │ ├── 16-multi-thread-mutex-keyed.c │ ├── 17-small-keyed.c │ ├── 18-single-thread-widening-keyed.c │ ├── 19-many-choices-keyed.c │ ├── 20-check-sets-keyed.c │ ├── 21-nested-structs-keyed.c │ ├── 22-join-test-keyed.c │ ├── 23-many-choices-intervals-keyed.c │ ├── 24-normalize-top-keyed.c │ ├── 25-aget-keyed.c │ ├── 26-intervals-branching-meet-keyed.c │ ├── 27-chrony-nameserv-sched-array.c │ ├── 28-chrony-nameserv-sched-array2.c │ ├── 29-chrony-nameserv-sched-array2-set-struct.c │ └── 30-ambig-field.c ├── 44-trier_analyzer │ ├── 00-A0.c │ ├── 01-A1.c │ ├── 02-abc.c │ ├── 03-break.c │ ├── 04-D0.c │ ├── 05-D1.c │ ├── 06-D2.c │ ├── 07-exit.c │ ├── 08-G0.c │ ├── 09-G1.c │ ├── 10-G2.c │ ├── 11-G3.c │ ├── 12-if.c │ ├── 13-ifif.c │ ├── 14-P0.c │ ├── 15-P1.c │ ├── 16-P2.c │ ├── 17-P3.c │ ├── 18-P4.c │ ├── 19-P5.c │ ├── 20-Pchain.c │ ├── 21-Pproc.c │ ├── 22-proov.c │ ├── 23-rec0.c │ ├── 24-rec1.c │ ├── 25-rec2.c │ ├── 26-rec3.c │ ├── 27-rec4.c │ ├── 28-rec5.c │ ├── 29-rec6.c │ ├── 30-rec7.c │ ├── 31-rec8.c │ ├── 32-rec9.c │ ├── 33-recA.c │ ├── 34-S0.c │ ├── 35-S1.c │ ├── 36-S2.c │ ├── 37-S3.c │ ├── 38-S4.c │ ├── 39-S5.c │ ├── 40-S6.c │ ├── 41-strcpy.c │ ├── 42-switch.c │ ├── 43-thread.c │ └── 44-while.c ├── 45-escape │ ├── 01-local-in-pthread.c │ ├── 02-local-in-global.c │ ├── 03-local-in-pthread-a.c │ ├── 04-imprecision.c │ ├── 05-global-single-threaded.c │ ├── 06-local-escp.c │ ├── 07-local-in-global-after-create.c │ ├── 08-local-escp-main.c │ ├── 09-id-local-in-global.c │ ├── 49-fresh-alloca.c │ ├── 50-fresh-malloc.c │ ├── 51-fresh-global.c │ ├── 51-fresh-global.t │ ├── 52-malloc_tl.c │ └── dune ├── 46-apron2 │ ├── 01-realfixpoint.c │ ├── 02-localization-hh.c │ ├── 03-other-assume.c │ ├── 04-other-assume-inprec.c │ ├── 05-pointer-multilevel.c │ ├── 06-pointer-multilevel-two.c │ ├── 07-escaping-recursion.c │ ├── 08-escape-local-in-pthread-dummy.c │ ├── 09-escape-local-in-pthread-mm.c │ ├── 10-escape-local-in-pthread-mm-tid.c │ ├── 11-names.c │ ├── 12-escape-local-in-pthread-simple.c │ ├── 13-initializer.c │ ├── 14-invalidate.c │ ├── 15-invalidate-threadreturn.c │ ├── 16-rel-offset.c │ ├── 17-passing.c │ ├── 18-evalint-torture.c │ ├── 19-tid-toy-10-exit.c │ ├── 20-inprecise-returns.c │ ├── 21-tid-toy-10-exit-othert.c │ ├── 22-oct-narrow.c │ ├── 23-new-start-example.c │ ├── 24-pipeline-no-threadflag.c │ ├── 25-abortUnless.c │ ├── 26-autotune.c │ ├── 27-overflow.c │ ├── 28-sv-comp-unroll-term.c │ ├── 29-read-var-offset.c │ ├── 30-autotune-stub.c │ ├── 31-taint-apron.c │ ├── 32-iset_array_octagon.c │ ├── 33-iset_no-context.c │ ├── 34-iset_previously_problematic_c.c │ ├── 35-iset_hh.c │ ├── 36-iset_previosuly_problematic_g.c │ ├── 37-iset_previosuly_problematic_f.c │ ├── 38-iset_address.c │ ├── 39-iset_previosuly_problematic_d.c │ ├── 40-iset_context-attribute.c │ ├── 41-iset_no-context-attribute.c │ ├── 42-iset_octagon_interprocedural.c │ ├── 43-iset_array_octagon_prec.c │ ├── 44-iset_array_octagon_keep_last.c │ ├── 45-iset_previosuly_problematic_i.c │ ├── 46-iset_simple-apron-interval.c │ ├── 47-iset_previously_problematic_a.c │ ├── 48-iset_simple-polyhedra.c │ ├── 49-iset_previously_problematic_b.c │ ├── 50-iset_branched-not-too-brutal-c.c │ ├── 51-iset_previosuly_problematic_e.c │ ├── 52-iset_context.c │ ├── 53-iset_previously_problematic_h.c │ ├── 54-iset_octagon_simple.c │ ├── 55-iset_array_octagon_keep_last_prec.c │ ├── 56-combine-env-assign.c │ ├── 57-rand.c │ ├── 58-issue-1249.c │ ├── 59-issue-1319.c │ ├── 60-issue-1338.c │ ├── 61-atomic_priv.c │ ├── 62-atomic_fun_priv.c │ ├── 63-atomic_priv_sound.c │ ├── 64-atomic_priv_sound2.c │ ├── 65-atomic_priv_sound3.c │ ├── 66-atomic_relation.c │ ├── 67-case_distinction_with_ghosts.c │ ├── 68-case_distinction_with_ghosts-2.c │ ├── 69-atomic-live.c │ ├── 70-nondet_inc_with_ghosts.c │ ├── 71-nondet_inc_with_ghosts-2.c │ ├── 72-nondet_inc_with_ghosts-3.c │ ├── 73-nondet_inc_with_ghosts-globalize.c │ ├── 74-mutex.c │ ├── 75-mutex_with_ghosts.c │ ├── 76-mutex_with_ghosts-2.c │ ├── 77-mutex_with_ghosts-3.c │ ├── 78-case_distinction_with_ghosts-3.c │ ├── 79-context-insens.c │ ├── 80-lock-digest.c │ ├── 81-overflow-caching.c │ ├── 82-fixpoint-not-reached.c │ ├── 83-reachable_bodies.c │ ├── 84-relation-extern.c │ ├── 85-fix.c │ ├── 86-escape-cluster12.c │ ├── 87-unlock-idx-ambiguous.c │ ├── 87-unlock-idx-ambiguous.t │ ├── 88-unlock-unknown.c │ ├── 88-unlock-unknown.t │ ├── 89-flag-ctx-sens.c │ ├── 90-malloc.c │ ├── 91-malloc-tid.c │ ├── 92-malloc-atomic.c │ ├── 95-witness-mm-escape.c │ ├── 95-witness-mm-escape.t │ ├── 95-witness-mm-escape.yml │ ├── 96-witness-mm-escape2.c │ ├── 96-witness-mm-escape2.t │ ├── 97-std-globals.c │ ├── 98-issue-1511b.c │ ├── 98-issue-1511b.t │ ├── 99-lmust-cluster-unsound.c │ └── dune ├── 49-expsplit │ ├── 01-null-exp-split.c │ ├── 02-null-value-split.c │ ├── 03-int-value-split.c │ ├── 04-multi-split.c │ ├── 05-fun-split.c │ └── 06-fun-combine-split.c ├── 50-juliet │ ├── 01-CWE190_Integer_Overflow__01.c │ ├── 02-CWE190_Integer_Overflow__02.c │ ├── 03-CWE190_Integer_Overflow__03.c │ ├── 04-CWE191_Integer_Underflow__01.c │ ├── 05-CWE191_Integer_Underflow__02.c │ ├── 06-CWE191_Integer_Underflow__03.c │ ├── 07-CWE570_Expression_Always_False__01.c │ ├── 08-CWE570_Expression_Always_False__02.c │ ├── 09-CWE570_Expression_Always_False__03.c │ ├── 10-CWE571_Expression_Always_True__01.c │ ├── 11-CWE571_Expression_Always_True__02.c │ └── 12-CWE571_Expression_Always_True__03.c ├── 51-threadjoins │ ├── 01-trivial.c │ ├── 02-other.c │ ├── 03-other-assume.c │ ├── 04-assume-recreate.c │ ├── 05-assume-unknown.c │ ├── 06-ctxinsens.c │ ├── 07-trivial-unknowntid.c │ ├── 08-klever-multiple.c │ ├── 09-join-main.c │ ├── 10-join-main-plain.c │ └── 11-join-main-plain-no-node.c ├── 52-apron-mukherjee │ ├── 01-mukherjee_reorder_2.c │ ├── 02-mukherjee_sigma.c │ ├── 03-mukherjee_sssc12.c │ ├── 04-mukherjee_spin2003.c │ ├── 05-mukherjee_simpleLoop.c │ ├── 06-mukherjee_simpleLoop5.c │ ├── 07-mukherjee_DoubleLock_P3.c │ ├── 08-mukherjee_unverif.c │ ├── 09-mukherjee_fib_Bench.c │ ├── 10-mukherjee_fib_Bench_Longer.c │ ├── 11-mukherjee_indexer.c │ ├── 12-mukherjee_twostage_3.c │ ├── 13-mukherjee_singleton_with_uninit.c │ ├── 14-mukherjee_stack.c │ ├── 15-mukherjee_Stack_Longer.c │ ├── 16-mukherjee_Stack_Longest.c │ ├── 17-mukherjee_sync01.c │ ├── 18-mukherjee_qw2004.c │ ├── 19-mukherjee_fig_3_11.c │ ├── README.txt │ └── dune ├── 53-races-mhp │ ├── 01-not-created.c │ ├── 02-join.c │ ├── 03-not-created_rc.c │ ├── 04-not-created2.c │ ├── 05-not-created3.c │ ├── 06-not-created4.c │ ├── 07-not-created5.c │ └── 08-not-created6.c ├── 54-unroll_arrays │ ├── 01-simple_array.c │ ├── 02-simple_array_in_loops.c │ ├── 03-large_index_type.c │ └── 04-access_no_bounds.c ├── 55-loop-unrolling │ ├── 01-simple-cases.c │ ├── 01-simple-cases.t │ ├── 02-break.c │ ├── 02-break.t │ ├── 03-break-right-place.c │ ├── 03-break-right-place.t │ ├── 04-simple.c │ ├── 04-simple.t │ ├── 05-continue.c │ ├── 05-continue.t │ ├── 06-simple-cases-unrolled.c │ ├── 06-simple-cases-unrolled.t │ ├── 07-nested-unroll.c │ ├── 07-nested-unroll.t │ ├── 08-bad.c │ ├── 08-bad.t │ ├── 09-weird.c │ ├── 09-weird.t │ ├── 10-continue-right-place.c │ ├── 10-continue-right-place.t │ ├── 11-unrolled-loop-invariant.c │ ├── 11-unrolled-loop-invariant.t │ ├── 12-loop-no-overflows.c │ ├── 13-unrolled-loop-no-overflows.c │ └── dune ├── 56-witness │ ├── .gitignore │ ├── 01-base-lor-enums.c │ ├── 01-base-lor-enums.yml │ ├── 02-base-lor-addr.c │ ├── 02-base-lor-addr.yml │ ├── 03-int-log-short.c │ ├── 03-int-log-short.yml │ ├── 04-base-priv-sync-prune.c │ ├── 04-base-priv-sync-prune.yml │ ├── 05-prec-problem.c │ ├── 05-prec-problem.t │ ├── 06-smtprc-witness-fp.c │ ├── 07-base-lor-interval.c │ ├── 07-base-lor-interval.yml │ ├── 08-witness-all-locals.c │ ├── 08-witness-all-locals.t │ ├── 10-apron-unassume-interval.c │ ├── 10-apron-unassume-interval.yml │ ├── 11-base-unassume-interval.c │ ├── 11-base-unassume-interval.yml │ ├── 12-apron-unassume-branch.c │ ├── 12-apron-unassume-branch.yml │ ├── 13-base-unassume-branch.c │ ├── 13-base-unassume-branch.yml │ ├── 14-base-unassume-precondition.c │ ├── 14-base-unassume-precondition.yml │ ├── 15-base-unassume-query.c │ ├── 15-base-unassume-query.yml │ ├── 16-base-unassume-dependent.c │ ├── 16-base-unassume-dependent.yml │ ├── 17-base-unassume-tauto.c │ ├── 17-base-unassume-tauto.yml │ ├── 18-base-unassume-contra.c │ ├── 18-base-unassume-contra.yml │ ├── 19-base-unassume-mem.c │ ├── 19-base-unassume-mem.yml │ ├── 20-apron-unassume-global.c │ ├── 20-apron-unassume-global.yml │ ├── 21-apron-unassume-priv.c │ ├── 21-apron-unassume-priv.yml │ ├── 22-base-unassume-priv.c │ ├── 22-base-unassume-priv.yml │ ├── 23-base-unassume-priv2.c │ ├── 23-base-unassume-priv2.yml │ ├── 24-apron-unassume-priv2.c │ ├── 24-apron-unassume-priv2.yml │ ├── 25-apron-unassume-strengthening.c │ ├── 25-apron-unassume-strengthening.yml │ ├── 26-mine-tutorial-ex4.6.c │ ├── 26-mine-tutorial-ex4.6.yml │ ├── 27-mine-tutorial-ex4.7.c │ ├── 27-mine-tutorial-ex4.7.yml │ ├── 28-mine-tutorial-ex4.8.c │ ├── 28-mine-tutorial-ex4.8.yml │ ├── 29-mine-tutorial-ex4.10.c │ ├── 29-mine-tutorial-ex4.10.yml │ ├── 30-base-unassume-inc-dec.c │ ├── 30-base-unassume-inc-dec.yml │ ├── 31-base-unassume-mem-ex.c │ ├── 31-base-unassume-mem-ex.yml │ ├── 32-base-unassume-lor-addr.c │ ├── 32-base-unassume-lor-addr.yml │ ├── 33-base-unassume-lor-enums.c │ ├── 33-base-unassume-lor-enums.yml │ ├── 34-base-unassume-inc-dec-traces.c │ ├── 34-base-unassume-inc-dec-traces.yml │ ├── 35-hh-ex1b.c │ ├── 35-hh-ex1b.yml │ ├── 36-hh-ex2b.c │ ├── 36-hh-ex2b.yml │ ├── 37-hh-ex3.c │ ├── 37-hh-ex3.yml │ ├── 38-bh-ex3.c │ ├── 38-bh-ex3.yml │ ├── 39-bh-ex-add.c │ ├── 39-bh-ex-add.yml │ ├── 40-bh-ex1-poly.c │ ├── 40-bh-ex1-poly.yml │ ├── 41-as-hybrid.c │ ├── 41-as-hybrid.yml │ ├── 42-base-unassume-precheck.c │ ├── 42-base-unassume-precheck.yml │ ├── 43-apron-unassume-precheck.c │ ├── 43-apron-unassume-precheck.yml │ ├── 44-base-unassume-array.c │ ├── 44-base-unassume-array.yml │ ├── 45-apron-tracked-global-annot.c │ ├── 45-apron-tracked-global-annot.yml │ ├── 46-top-bool-invariant.c │ ├── 46-top-bool-invariant.t │ ├── 47-top-int-invariant.c │ ├── 47-top-int-invariant.t │ ├── 48-apron-unassume-no-strengthening.c │ ├── 48-apron-unassume-no-strengthening.yml │ ├── 50-witness-lifter-fp1.c │ ├── 51-witness-lifter-ps1.c │ ├── 52-witness-lifter-ps2.c │ ├── 53-witness-lifter-ps3.c │ ├── 54-witness-lifter-abortUnless.c │ ├── 54-witness-lifter-abortUnless.t │ ├── 60-tm-inv-transfer-protection.c │ ├── 61-tm-inv-transfer-mine.c │ ├── 62-tm-inv-transfer-protection-witness-manual.yml │ ├── 62-tm-inv-transfer-protection-witness.c │ ├── 62-tm-inv-transfer-protection-witness.t │ ├── 62-tm-inv-transfer-protection-witness.yml │ ├── 63-hh-ex3-term.c │ ├── 63-hh-ex3-term.yml │ ├── 64-ghost-multiple-protecting.c │ ├── 64-ghost-multiple-protecting.t │ ├── 65-ghost-ambiguous-lock.c │ ├── 65-ghost-ambiguous-lock.t │ ├── 66-ghost-alloc-lock.c │ ├── 66-ghost-alloc-lock.t │ ├── 67-ghost-no-unlock.c │ ├── 67-ghost-no-unlock.t │ ├── 68-ghost-ambiguous-idx.c │ ├── 68-ghost-ambiguous-idx.t │ ├── 69-ghost-ptr-protection.c │ ├── 69-ghost-ptr-protection.t │ ├── 70-apron-unassume-set-tokens.c │ ├── 70-apron-unassume-set-tokens.yml │ ├── dune │ └── strip-ghost-alloc.sh ├── 57-floats │ ├── 01-base.c │ ├── 02-node_configuration.c │ ├── 03-infinity_or_nan.c │ ├── 04-casts.c │ ├── 05-invariant.c │ ├── 06-library_functions.c │ ├── 07-equality.c │ ├── 08-bit_casts.c │ ├── 09-svcomp_float_req_bl_1252b.c │ ├── 10-svcomp_floats_cbmc_regression_float11.c │ ├── 11-advanced_invariants.c │ ├── 12-subtraction_assignment.c │ ├── 13-refine-branch.c │ ├── 14-builtin-comparisons.c │ ├── 15-more-library.c │ ├── 16-more-stuff.c │ ├── 17-other.c │ ├── 18-zerodiv.c │ ├── 19-library-invariant.c │ ├── 20-library-invariant-invalidate.c │ ├── 21-library-invariant-ceil-floor.c │ ├── 22-lnot.c │ ├── 23-trig_functions_c-stubs.c │ └── 24-sin-inf.c ├── 58-base-mm-tid │ ├── 01-tid-toy1.c │ ├── 02-traces-write-centered-vs-meet-mutex.c │ ├── 03-tid-toy2.c │ ├── 04-tid-toy3.c │ ├── 05-tid-curious.c │ ├── 06-tid-toy5.c │ ├── 07-tid-toy6.c │ ├── 08-tid-toy7.c │ ├── 09-tid-toy8.c │ ├── 10-tid-toy9.c │ ├── 11-tid-toy10.c │ ├── 12-tid-toy11.c │ ├── 13-tid-toy12.c │ ├── 14-tid-toy13.c │ ├── 15-branched-thread-creation.c │ ├── 16-sync.c │ ├── 17-mine14.c │ ├── 18-no-loc.c │ ├── 19-loc.c │ ├── 20-nothreadescape_02_47.c │ ├── 21-unreach.c │ ├── 22-other-assume.c │ ├── 23-other-assume-inprec.c │ ├── 24-phases-sound.c │ ├── 25-phases-intricate-sound.c │ ├── 26-phases-trivial.c │ ├── 27-phases.c │ ├── 28-phases-prot.c │ ├── 29-phases-prot-prime.c │ ├── 30-create-lock.c │ ├── 31-create-lock-assert.c │ ├── 32-phases-sound-tid.c │ └── 33-phases-sound-tid-other.c ├── 59-signals │ ├── 01-simple.c │ ├── 02-unsignaled.c │ ├── 03-too-early.c │ ├── 04-too-late.c │ ├── 05-too-early-many.c │ ├── 06-simple-many.c │ └── 07-too-early-mhp.c ├── 60-array_annotations │ ├── 01-var_array_annotation.c │ ├── 02-function_array_annotation.c │ ├── 03-change_domain_array_annotation.c │ ├── 04-structure_array_annotation.c │ ├── 05-type_array_annotation.c │ └── 07-array_domain_project.c ├── 61-evalAssert │ └── 01-union_evalAssert.c ├── 62-abortUnless │ ├── 01-simple.c │ ├── 02-unsound-abortUnless.c │ ├── 03-unsound-min.c │ ├── 04-lval.c │ ├── 05-apron-mutex-meet-abortUnless.c │ └── dune ├── 63-affeq │ ├── 01-rel_simple.c │ ├── 02-unsigned_guards.c │ ├── 03-guard-check.c │ ├── 04-join-after-guard.c │ ├── 05-coeff-vec.c │ ├── 06-signs.c │ ├── 07-env-order.c │ ├── 08-overflows.c │ ├── 09-bounds_guards_no_ov.c │ ├── 10-bounds_guards.ov.c │ ├── 11-division.c │ ├── 12-const_guards.c │ ├── 13-multiple_vars.c │ ├── 14-norm_inv.c │ ├── 15-mutex-meet.c │ ├── 16-mutex-meet2.c │ ├── 17-verify.c │ ├── 18-special-refine.c │ ├── 19-witness.c │ ├── 20-svcomp-signextension.c │ ├── 21-function_call.c │ └── dune ├── 64-noreturn │ ├── 00-noreturn-deadcode-off.c │ └── 01-noreturn-deadcode-on.c ├── 65-taint │ ├── 01-simple.c │ ├── 02-invalidate.c │ ├── 03-lval.c │ ├── 04-multithread.c │ ├── 05-partArray.c │ ├── 06-condVars.c │ ├── 07-varEq.c │ ├── 09-multipleVar.c │ ├── 10-callToMain.c │ └── 11-svcomp-cstrcmp.c ├── 66-interval-set-one │ ├── 00-was_problematic_2.c │ ├── 01-dynamically-sized-array-oob-access.c │ ├── 02-continue.c │ ├── 03-was_problematic_3.c │ ├── 04-interval-overflow.c │ ├── 05-sync.c │ ├── 06-ints.c │ ├── 07-no-int-context-attribute.c │ ├── 08-base-priv-sync-prune.c │ ├── 09-intervals-large.c │ ├── 10-calloc_struct.c │ ├── 11-nesting_arrays.c │ ├── 12-tid-toy10.c │ ├── 13-glob_interval.c │ ├── 14-no-int-context.c │ ├── 16-simple.c │ ├── 17-hybrid.c │ ├── 19-simple_array.c │ ├── 20-slr-glob_interval.c │ ├── 21-strange-ulong.c │ ├── 22-calloc_globmt.c │ ├── 23-publish-regression.c │ ├── 25-simple_array.c │ ├── 26-float.c │ ├── 27-calloc_int.c │ ├── 28-performance.c │ ├── 29-global_array.c │ ├── 31-interval-arith.c │ ├── 33-was_problematic.c │ ├── 34-calloc_glob.c │ ├── 36-one_by_one.c │ ├── 37-on-attribute.c │ ├── 38-interval-congruence.c │ ├── 39-calls.c │ ├── 40-priv_interval.c │ ├── 44-calloc_zero_init.c │ ├── 46-calloc_matrix.c │ ├── 47-only-intervals.c │ ├── 48-tid-toy12.c │ ├── 49-simple-cases-unrolled.c │ ├── 50-interprocedural.c │ ├── 51-widen-sides.c │ ├── 53-simple_array.c │ ├── 54-interval-and-enums.c │ ├── 55-advantage_for_last.c │ ├── 56-modulo-interval.c │ ├── 57-passing_ptr_to_array.c │ ├── 59-replace_with_const.c │ ├── 60-intervals-test.c │ ├── 61-arithm.c │ ├── 62-pfscan_widen_dependent_minimal.c │ ├── 64-loc.c │ ├── 65-multidimensional-array-oob-access.c │ ├── 66-large-n-div2.c │ ├── 69-even_more_passing.c │ ├── 70-simple-cases.c │ ├── 71-int-context-option.c │ ├── 73-intervals.c │ ├── 74-testfive-intervals-protection.c │ ├── 75-22_02-pointers_array.c │ ├── 76-calloc_loop.c │ ├── 77-more-problem.c │ ├── 78-pointers_array.c │ ├── 79-tid-toy13.c │ ├── 80-lustre-minimal.c │ ├── 82-malloc_array.c │ ├── 84-non-zero.c │ ├── 85-cast-unsigned-to-signed.c │ ├── 86-large-n-div.c │ ├── 87-on.c │ ├── 88-publish-basic.c │ ├── 89-slr-interval.c │ ├── 90-nesting_arrays.c │ ├── 92-assert-infinite-loop.c │ ├── 93-enum.c │ ├── 94-widen-dependent.c │ ├── 95-large_arrays-nocalloc.c │ ├── 96-more_passing.c │ ├── 97-casts.c │ ├── 98-widen-dependent-local.c │ └── 99-off.c ├── 67-interval-sets-two │ ├── 00-large_arrays.c │ ├── 01-array-out-of-bounds.c │ ├── 02-pointers_array.c │ ├── 03-def_exc-interval-inconsistent.c │ ├── 04-unsupported.c │ ├── 05-tid-toy11.c │ ├── 06-no-int-context.c │ ├── 07-var_eq.c │ ├── 08-nested-unroll.c │ ├── 09-mm-reentrant.c │ ├── 10-cast-return-void-ptr.c │ ├── 13-loop.c │ ├── 14-trylock_rc_slr.c │ ├── 15-interval-bot.c │ ├── 16-branched-thread-creation.c │ ├── 17-intervals-branching-meet-keyed.c │ ├── 18-adapted_from_01_09_array.c │ ├── 19-arrays-within-structures.c │ ├── 20-no-loc.c │ ├── 21-thread_ret.c │ ├── 23-testfive-intervals.c │ ├── 24-arithmetic-bot.c │ ├── 25-mine14.c │ ├── 27-nested2.c │ ├── 28-multidimensional_arrays.c │ ├── 29-def-exc.c │ ├── 30-no-int-context-option.c │ ├── 31-ptrdiff.c │ ├── 32-nested.c │ ├── 33-calloc_array.c │ ├── 34-publish-precision.c │ ├── 35-strict-loop-enter.c │ ├── 36-no-eval-on-write-multi.c │ ├── 37-int-context-attribute.c │ ├── 38-simple.c │ ├── 39-div.c │ ├── 40-off-attribute.c │ ├── 41-interval-branching.c │ ├── 43-first-reads.c │ ├── 44-comparision-bot.c │ ├── 45-intervals-branching-meet.c │ ├── 46-nesting_arrays.c │ ├── 47-non-zero-performance.c │ ├── 48-calloc_struct_array.c │ ├── 49-threshold.c │ ├── 50-interval.c │ ├── 52-no-eval-on-write.c │ ├── 53-pointer-to-arrays-of-different-sizes.c │ ├── 54-simple_array_in_loops.c │ ├── 56-interval-set-dead-code.c │ ├── 57-interval-set-wrap-around.c │ └── 58-interval-set-dead-code-with-fun-call.c ├── 68-longjmp │ ├── 01-setjmp-return.c │ ├── 02-setjmp-global.c │ ├── 03-setjmp-local.c │ ├── 04-counting-local.c │ ├── 05-heap-counting-return-one-method.c │ ├── 06-sigsetjmp-return.c │ ├── 07-returns.c │ ├── 11-counting-return.c │ ├── 12-counting-global.c │ ├── 13-counting-local.c │ ├── 14-counting-return-one-method.c │ ├── 15-counting-global-one-method.c │ ├── 16-counting-local-one-method.c │ ├── 17-loop.c │ ├── 18-simple-else.c │ ├── 19-simpler.c │ ├── 20-simpler-multifun.c │ ├── 21-multifun.c │ ├── 22-multifun-arg.c │ ├── 23-arguments.c │ ├── 24-too-late.c │ ├── 25-rec.c │ ├── 26-non-term.c │ ├── 27-other.c │ ├── 28-svcomp.c │ ├── 29-rec2.c │ ├── 30-nonuniquetid.c │ ├── 31-mixedjmpbufs.c │ ├── 32-libpng.c │ ├── 33-munge.c │ ├── 34-wrapper.c │ ├── 35-null.c │ ├── 36-poison.c │ ├── 37-more.c │ ├── 38-more-trimmed.c │ ├── 39-poison-return.c │ ├── 40-complicated-poison.c │ ├── 41-poison-rec.c │ ├── 42-poison-reduced.c │ ├── 43-poison-addr.c │ ├── 44-simple-else-path.c │ ├── 45-variably-modified.c │ ├── 46-copied.c │ ├── 47-more-reduced.c │ ├── 48-bot-buff.c │ ├── 49-arguments-inline.c │ ├── 50-arguments-non-top.c │ ├── 51-worries.c │ ├── 52-races.c │ ├── 53-races-no.c │ ├── 54-races-actually.c │ ├── 55-races-no-return.c │ ├── 56-longjmp-top.c │ └── README.md ├── 69-addresses │ ├── 01-meet.c │ ├── 02-array-cast.c │ └── 03-issue-564.c ├── 70-transform │ ├── 01-empty.c │ ├── 01-ordering.t │ ├── 02-deadcode.c │ ├── 02-deadcode.t │ ├── 03-deadcode-globals.c │ ├── 03-deadcode-globals.t │ ├── 04-unchecked-condition.c │ ├── 04-unchecked-condition.t │ ├── dune │ └── transform.sh ├── 71-doublelocking │ ├── 01-simple.c │ ├── 02-unknown.c │ ├── 03-thread-exit-with-mutex.c │ ├── 04-unlock.c │ ├── 05-rec.c │ ├── 06-rec-dyn.c │ ├── 07-rec-dyn-osx.c │ ├── 08-other-type.c │ ├── 09-other-dyn.c │ ├── 10-thread-exit-recursive.c │ ├── 11-rec-dyn-branch.c │ ├── 12-rec-dyn-struct.c │ ├── 13-rec-struct.c │ ├── 14-rec-dyn-no-race.c │ ├── 15-rec-dyn-nested.c │ ├── 16-rec-dyn-no-path-sense.c │ ├── 17-default-null-dyn.c │ ├── 18-default-explicit-dyn.c │ ├── 19-default-init.c │ └── 20-default-init-osx.c ├── 72-thread_create_wrapper │ ├── 01-wrapper.c │ ├── 02-unique-counter.c │ ├── 03-wrapper-unique-counter.c │ ├── 04-unique-counter-id-count-0.c │ └── 05-wrapper-unique-counter-id-count-0.c ├── 73-strings │ ├── 01-string_literals.c │ ├── 02-string_literals_with_null.c │ ├── 03-string_basics.c │ ├── 04-smtprc_strlen_fp.c │ ├── 05-string-unit-domain.c │ ├── 06-juliet.c │ ├── 07-larger_example.c │ ├── 08-cursed.c │ ├── 09-malloc.c │ └── 10-char_arrays.c ├── 74-invalid_deref │ ├── 01-oob-heap-simple.c │ ├── 01-oob-heap-simple.t │ ├── 02-conditional-uaf.c │ ├── 03-nested-ptr-uaf.c │ ├── 04-function-call-uaf.c │ ├── 05-oob-implicit-deref.c │ ├── 06-memset-oob.c │ ├── 07-memcpy-oob.c │ ├── 08-memset-memcpy-array.c │ ├── 09-juliet-uaf.c │ ├── 10-oob-two-loops.c │ ├── 11-address-offset-oob.c │ ├── 12-memcpy-oob-src.c │ ├── 13-mem-oob-packed-struct.c │ ├── 14-alloca-uaf.c │ ├── 15-juliet-uaf-global-var.c │ ├── 16-uaf-packed-struct.c │ ├── 17-scopes-no-static.c │ ├── 18-simple-uaf.c │ ├── 19-oob-stack-simple.c │ ├── 20-scopes-global-var.c │ ├── 21-oob-loop.c │ ├── 22-scopes-static.c │ ├── 23-oob-deref-after-ptr-arith.c │ ├── 24-uaf-free-in-wrapper-fun.c │ ├── 25-uaf-struct.c │ ├── 26-memset-memcpy-addr-offs.c │ ├── 27-wrapper-funs-uaf.c │ ├── 28-multi-threaded-uaf.c │ ├── 29-multi-threaded-uaf-with-joined-thread.c │ ├── 30-calloc.c │ ├── 31-multithreaded.c │ ├── 32-dll2c_append_equal-mini.c │ ├── 33-enum-in-index.c │ └── dune ├── 75-invalid_free │ ├── 01-invalid-dealloc-simple.c │ ├── 02-invalid-dealloc-struct.c │ ├── 03-invalid-dealloc-array.c │ ├── 04-invalid-realloc.c │ ├── 05-free-at-offset.c │ ├── 06-realloc-at-offset.c │ ├── 07-free-at-struct-offset.c │ ├── 08-itc-no-double-free.c │ ├── 09-juliet-invalid-dealloc-alloca.c │ ├── 10-invalid-dealloc-union.c │ ├── 11-itc-double-free.c │ ├── 12-realloc-at-struct-offset.c │ └── 13-juliet-double-free.c ├── 76-memleak │ ├── 01-simple-no-mem-leak.c │ ├── 02-simple-mem-leak.c │ ├── 03-simple-exit-mem-leak.c │ ├── 04-simple-abort-mem-leak.c │ ├── 05-simple-assert-no-mem-leak.c │ ├── 06-simple-assert-mem-leak.c │ ├── 07-simple-quick-exit-mem-leak.c │ ├── 08-unreachable-mem.c │ ├── 09-unreachable-with-local-var.c │ ├── 10-global-struct-no-ptr.c │ ├── 11-global-struct-ptr.c │ ├── 12-global-nested-struct-ptr.c │ ├── 13-global-nested-struct-ptr-reachable.c │ ├── 14-global-nested-struct-non-ptr-reachable.c │ ├── 20-invalid-memcleanup-multi-threaded.c │ ├── 21-invalid-memcleanup-multi-threaded-abort.c │ ├── 22-leak-later.c │ ├── 23-leak-later-nested.c │ ├── 24-multi-threaded-assert.c │ ├── 25-assert-unknown-multi-threaded.c │ ├── 26-invalid-memcleanup-multi-threaded-betterpiv.c │ ├── 27-mem-leak-not-joined-thread.c │ ├── 28-no-mem-leak-thread-exit-main.c │ ├── 29-mem-leak-thread-return.c │ ├── 30-mem-leak-thread-exit.c │ ├── 31-no-mem-leak-return.c │ ├── 32-no-mem-leak-goblint-check.c │ ├── 32-no-mem-leak-goblint-check.t │ └── dune ├── 77-lin2vareq │ ├── 01-loop.c │ ├── 02-iteration.c │ ├── 03-loop_increment.c │ ├── 04-complicated_expression.c │ ├── 05-overflow.c │ ├── 06-join-non-constant.c │ ├── 07-coeff_vec.c │ ├── 08-partitioning.c │ ├── 09-loop_relational.c │ ├── 10-linear_loop.c │ ├── 11-overflow_ignored.c │ ├── 12-bounds_guards_ov.c │ ├── 13-meet-tcons.c │ ├── 14-function-call.c │ ├── 15-join_all_cases.c │ ├── 16-sum-of-two-vars.c │ ├── 17-svcomp-signextension.c │ ├── 18-forget_var.c │ ├── 19-cast-to-short.c │ ├── 20-function_call2.c │ ├── 21-global-variables.c │ ├── 22-cast-to-short2.c │ ├── 23-function-return-value.c │ ├── 24-narrowing-on-steroids.c │ ├── 25-different_types.c │ ├── 26-termination-overflow.c │ ├── 27-overflow-unknown.c │ ├── 28-overflow-on-steroids.c │ ├── 29-meet-tcons-on-steroids.c │ ├── 30-cast-non-int.c │ ├── 31-careful.c │ ├── 32-divbzero-in-overflow.c │ ├── 33-dimarray.c │ ├── 34-coefficient-features.c │ ├── 36-relations-overflow.c │ ├── 37-bottomprobs.c │ └── dune ├── 78-termination │ ├── 01-simple-loop-terminating.c │ ├── 02-simple-loop-nonterminating.c │ ├── 03-nested-loop-terminating.c │ ├── 04-nested-loop-nonterminating.c │ ├── 05-for-loop-terminating.c │ ├── 06-for-loop-nonterminating.c │ ├── 07-nested-for-loop-terminating.c │ ├── 08-nested-for-loop-nonterminating.c │ ├── 09-complex-for-loop-terminating.c │ ├── 10-complex-loop-terminating.c │ ├── 11-loopless-termination.c │ ├── 12-do-while-instant-terminating.c │ ├── 13-do-while-terminating.c │ ├── 14-do-while-nonterminating.c │ ├── 15-complex-loop-combination-terminating.c │ ├── 16-nested-loop-nontrivial-nonterminating.c │ ├── 17-goto-terminating.c │ ├── 18-goto-nonterminating.c │ ├── 19-rand-terminating.c │ ├── 20-rand-nonterminating.c │ ├── 21-no-exit-on-rand-unproofable.c │ ├── 22-exit-on-rand-unproofable.c │ ├── 23-exit-on-rand-terminating.c │ ├── 24-upjumping-goto-loopless-terminating.c │ ├── 25-leave-loop-goto-terminating.c │ ├── 26-enter-loop-goto-terminating.c │ ├── 27-upjumping-goto-nonterminating.c │ ├── 28-do-while-continue-terminating.c │ ├── 29-do-while-continue-nonterminating.c │ ├── 30-goto-out-of-inner-loop-terminating.c │ ├── 31-goto-out-of-inner-loop-nonterminating.c │ ├── 32-multithread-terminating.c │ ├── 33-multithread-nonterminating.c │ ├── 34-nested-for-loop-nonterminating.c │ ├── 35-goto-out-of-inner-loop-with-print-terminating.c │ ├── 36-recursion-terminating.c │ ├── 37-recursion-nonterminating.c │ ├── 38-recursion-nested-terminating.c │ ├── 39-recursion-nested-nonterminating.c │ ├── 40-multi-expression-conditions-terminating.c │ ├── 41-for-continue-terminating.c │ ├── 42-downjumping-goto-loopless-terminating.c │ ├── 43-return-from-endless-loop-terminating.c │ ├── 44-recursion-multiple-functions-terminating.c │ ├── 45-recursion-multiple-functions-nonterminating.c │ ├── 46-recursion-different-context-terminating.c │ ├── 47-recursion-different-context-nonterminating.c │ ├── 48-dynamic-recursion-nonterminating.c │ ├── 49-longjmp.c │ ├── 50-decreasing-signed-int.c │ ├── 51-modulo.c │ └── dune ├── 79-callstring │ ├── 01-multiple_tests_h5sens_cs.c │ ├── 02-multiple_tests_h5ins_cs.c │ ├── 03-multiple_tests_h2sens_cs.c │ ├── 04-endless_loop_cs.c │ ├── 05-ackermann_cs.c │ ├── 06-big_loop_cs.c │ ├── 07-loop_unrolling_cs.c │ ├── 08-threads_sens_cs.c │ ├── 09-threads_ins_cs.c │ ├── 10-inf_callstack_cs.c │ ├── 11-multiple_tests_h5sens_csi.c │ ├── 12-multiple_tests_h5ins_csi.c │ ├── 13-multiple_tests_h2sens_csi.c │ ├── 14-endless_loop_csi.c │ ├── 15-ackermann_csi.c │ ├── 16-big_loop_csi.c │ ├── 17-loop_unrolling_csi.c │ ├── 18-threads_sens_csi.c │ ├── 19-threads_ins_csi.c │ └── 20-inf_callstack_csi.c ├── 80-context_gas │ ├── 01-basic_tests_bound_sens.c │ ├── 02-basic_tests_bound_ins.c │ ├── 03-contextGas0.c │ ├── 04-contextGasNeg.c │ ├── 05-circle_call_sens.c │ ├── 06-circle_call_ins.c │ ├── 07-main_recursion_sens.c │ ├── 08-main_recursion_ins.c │ ├── 09-endless_loop.c │ ├── 10-thread_handling_sens.c │ ├── 11-thread_handling_ins.c │ ├── 12-multiple_function_chain_sens.c │ ├── 13-multiple_function_chain_ins.c │ ├── 14-ackermann.c │ ├── 15-compl_loop_unrolling.c │ ├── 16-loop_unrolling_sens.c │ ├── 17-loop_unrolling_ins.c │ ├── 18-loop_unrolling_big_loop.c │ ├── 19-value_update_sens.c │ ├── 20-value_update_ins.c │ ├── 21-sync.c │ ├── 22-sync-precision.c │ ├── 23-per-fun.c │ ├── 24-per-fun-ex.c │ └── 25-per-fun-nonterm.c ├── 81-loopfree_callstring │ ├── 01-loop_calling_sens.c │ ├── 02-loop_calling_ins.c │ ├── 03-ackermann.c │ ├── 04-endless_loop.c │ ├── 05-multiple_calls_base_sens.c │ ├── 06-multiple_calls_sens.c │ ├── 07-multiple_calls_ins.c │ ├── 08-new_calling_set.c │ ├── 09-many_nested_loops.c │ ├── 10-nested_loops.c │ ├── 11-value_update_sens.c │ ├── 12-value_update_ins.c │ ├── 13-circle_call_and_big_loop.c │ ├── 14-loop_unrolling.c │ ├── 15-threads_sens.c │ └── 16-threads_ins.c ├── 82-widen │ ├── 01-side_parallel.c │ ├── 02-loop_increment.c │ ├── 03-loop_conditional_side.c │ ├── 04-side_simple_update.c │ ├── 05-side_and_no_side.c │ ├── 06-post_loop1.c │ ├── 07-post_loop2.c │ ├── 08-semaphore.c │ ├── 10-mine-tutorial-ex4.8-delay.c │ ├── 11-mihaila-widen-fig7-delay.c │ ├── 12-mihaila-widen-slide-delay.c │ └── 13-mine14-delay.c ├── 83-bitfield │ ├── 00-simple-demo.c │ ├── 01-simple-arith.c │ ├── 02-complex-arith.c │ ├── 03-simple-bitwise.c │ ├── 04-complex-bitwise.c │ ├── 05-refine-with-congruence.c │ ├── 06-refine-with-incl-set.c │ ├── 07-refine-with-interval.c │ ├── 08-refine-with-bitfield.c │ ├── 09-refine-intervalA.c │ ├── 10-refine-intervalB.c │ ├── 11-refine-intervalC.c │ ├── 12-precision.c │ └── 13-join.c ├── 84-c2po │ ├── 01-simple.c │ ├── 02-rel-simple.c │ ├── 03-function-call.c │ ├── 04-remove-vars.c │ ├── 05-branch.c │ ├── 06-invertible-assignment.c │ ├── 07-invertible-assignment2.c │ ├── 08-simple-assignment.c │ ├── 09-different-offsets.c │ ├── 10-different-types.c │ ├── 11-array.c │ ├── 12-rel-function.c │ ├── 13-experiments.c │ ├── 14-join.c │ ├── 15-arrays-structs.c │ ├── 16-loops.c │ ├── 17-join2.c │ ├── 18-complicated-join.c │ ├── 19-disequalities.c │ ├── 20-self-pointing-struct.c │ ├── 21-global-var.c │ ├── 22-join-diseq.c │ ├── 23-function-deref.c │ ├── 24-disequalities-small-example.c │ ├── 25-struct-circular.c │ ├── 26-join3.c │ ├── 27-join-diseq2.c │ ├── 28-return-value.c │ ├── 29-widen.c │ └── 30-call.c ├── 85-narrow_globs │ ├── 01-modulo-guard.c │ ├── 02-state-machine.c │ ├── 03-guarded_inc.c │ ├── 04-semaphore.c │ ├── 05-nested_loop.c │ ├── 06-cyclic-dependency.c │ ├── 07-ctxt-widen.c │ ├── 08-ctxt-insensitive.c │ ├── 09-longjmp-counting-local.c │ ├── 10-longjmp-heap-counting-return.c │ ├── 11-longjmp-counting-return.c │ ├── 12-multiple-growing-updates.c │ ├── 13-threaded-ctxt-widen.c │ ├── 14-widening-thresholds.c │ ├── 15-intertwined_increment.c │ ├── 16-cyclic-dependency-guarded.c │ ├── 17-dead-side-effect.c │ ├── 18-dead-side-effect2.c │ ├── 19-dead-side-effect3.c │ ├── 20-dead-side-effect4.c │ ├── 21-dead-escape.c │ └── 22-dead-escape-indirect.c ├── 99-tutorials │ ├── 01-first.c │ ├── 02-first-extend.c │ ├── 03-taint_simple.c │ └── 04-taint_inter.c ├── cfg │ ├── dune │ ├── foo.t │ │ ├── foo.c │ │ └── run.t │ ├── issue-1356.t │ │ ├── issue-1356.c │ │ └── run.t │ ├── loops.t │ │ ├── loops.c │ │ └── run.t │ ├── pr-758.t │ │ ├── pr-758.c │ │ └── run.t │ └── util │ │ ├── cfgDot.ml │ │ └── dune ├── dune ├── expected-priv.txt ├── issue-94.t │ ├── issue-94.c │ └── run.t ├── td3 │ └── weak-deps.t │ │ ├── run.t │ │ └── weak-deps.c └── witness │ ├── int.t │ ├── int.c │ └── run.t │ ├── typedef.t │ ├── run.t │ └── typedef.c │ └── violation.t │ ├── correct-hard.c │ ├── correct-hard.yml │ ├── correct.c │ ├── correct.yml │ ├── incorrect.c │ ├── incorrect.yml │ └── run.t ├── sv-comp ├── ConcurrencySafety-Main-2019.txt ├── ConcurrencySafety-Main.set ├── ReachSafety-Basic.set ├── basic │ ├── for_fun_true-unreach-call.c │ ├── for_fun_true-unreach-call.expected │ ├── for_odd_vesal_true-unreach-call.c │ ├── for_odd_vesal_true-unreach-call.expected │ ├── for_true-unreach-call.c │ ├── for_true-unreach-call.expected │ ├── global_init_true-unreach-call.c │ ├── global_init_true-unreach-call.expected │ ├── if_det_false-unreach-call.c │ ├── if_det_false-unreach-call.expected │ ├── if_det_incr_true-unreach-call.c │ ├── if_det_incr_true-unreach-call.expected │ ├── if_det_true-unreach-call.c │ ├── if_det_true-unreach-call.expected │ ├── if_mod_false-unreach-call.c │ ├── if_mod_false-unreach-call.expected │ ├── if_mod_true-unreach-call.c │ ├── if_mod_true-unreach-call.expected │ ├── if_nondet_fun_false-unreach-call.c │ ├── if_nondet_fun_false-unreach-call.expected │ ├── if_nondet_var_false-unreach-call.c │ ├── if_nondet_var_false-unreach-call.expected │ ├── if_trier_exclude_multiple_false-unreach-call.c │ ├── if_trier_exclude_multiple_false-unreach-call.expected │ ├── if_trier_exclude_multiple_true-unreach-call.c │ ├── if_trier_exclude_multiple_true-unreach-call.expected │ ├── if_trier_exclude_true-unreach-call.c │ └── if_trier_exclude_true-unreach-call.expected ├── cfg │ ├── builtin_expect_true-unreach-call.c │ ├── builtin_expect_true-unreach-call.expected │ ├── free_spawn_true-unreach-call.c │ ├── free_spawn_true-unreach-call.expected │ ├── free_spawn_ub_true-unreach-call.c │ ├── free_spawn_ub_true-unreach-call.expected │ ├── join_true-unreach-call.c │ ├── join_true-unreach-call.expected │ ├── local_shadow_fun_true-unreach-call.c │ ├── local_shadow_fun_true-unreach-call.expected │ ├── main_goto_loop_true-unreach-call.c │ ├── multicall_context_join_true-unreach-call.c │ ├── multicall_context_join_true-unreach-call.expected │ ├── multicall_context_true-unreach-call.c │ ├── multicall_context_true-unreach-call.expected │ ├── multicall_join_true-unreach-call.c │ ├── multicall_join_true-unreach-call.expected │ ├── multicall_nested_join_true-unreach-call.c │ ├── multicall_nested_join_true-unreach-call.expected │ ├── multicall_nested_true-unreach-call.c │ ├── multicall_nested_true-unreach-call.expected │ ├── multicall_return_context_true-unreach-call.c │ ├── multicall_return_context_true-unreach-call.expected │ ├── multicall_true-unreach-call.c │ ├── multicall_true-unreach-call.expected │ ├── nondetcall_same_true-unreach-call.c │ ├── nondetcall_true-unreach-call.c │ ├── path_true-unreach-call.c │ ├── region_global_init_true-unreach-call.c │ ├── region_global_init_true-unreach-call.expected │ └── uncil │ │ ├── and3_true-unreach-call.c │ │ ├── and3_true-unreach-call.expected │ │ ├── and3dead_true-unreach-call.c │ │ ├── and3dead_true-unreach-call.expected │ │ ├── and_copy_true-unreach-call.c │ │ ├── and_copy_true-unreach-call.expected │ │ ├── and_join_invariant_true-unreach-call.c │ │ ├── and_join_invariant_true-unreach-call.expected │ │ ├── and_true-unreach-call.c │ │ ├── and_true-unreach-call.expected │ │ ├── and_var_false-unreach-call.c │ │ ├── and_var_false-unreach-call.expected │ │ ├── and_var_true-unreach-call.c │ │ ├── and_var_true-unreach-call.expected │ │ ├── or3_true-unreach-call.c │ │ ├── or3_true-unreach-call.expected │ │ ├── or3dead_true-unreach-call.c │ │ ├── or3dead_true-unreach-call.expected │ │ ├── or_true-unreach-call.c │ │ └── or_true-unreach-call.expected ├── data-race │ ├── 01-simple_false-no-data-race.c │ ├── 02-simple_true-no-data-race.c │ ├── race-1_2-join_safe_true-no-data-race.c │ ├── race-1_2-join_true-no-data-race.c │ ├── race-1_2b-join_false-no-data-race.c │ ├── race-1_3-join_true-no-data-race.c │ └── race-1_3b-join_false-no-data-race.c ├── dune ├── dune.inc ├── eq │ ├── eq_double_true-unreach-call.c │ ├── eq_double_true-unreach-call.expected │ ├── eq_single_true-unreach-call.c │ ├── eq_single_true-unreach-call.expected │ ├── multivar_false-unreach-call1.c │ ├── multivar_false-unreach-call1.expected │ ├── multivar_true-unreach-call1.c │ └── multivar_true-unreach-call1.expected ├── false │ ├── for_last_false-unreach-call.c │ ├── for_snd_false-unreach-call.c │ ├── fse15_false-unreach-call.c │ ├── fse15_nofun_false-unreach-call.c │ ├── if_vesal_false-unreach-call.c │ ├── multivar_false-unreach-call1.c │ └── test_locks_2_false-unreach-call.c ├── gen │ ├── dune │ └── gen.ml ├── heap │ ├── 07-structs_true-unreach-call.c │ ├── 08-unions_true-unreach-call.c │ ├── 20-malloc_int_nonheap_true-unreach-call.c │ ├── 20-malloc_int_true-unreach-call.c │ ├── deref_invariant_1cycle_true-unreach-call.c │ ├── deref_invariant_2cycle_tail_true-unreach-call.c │ ├── deref_invariant_2cycle_true-unreach-call.c │ ├── deref_invariant_chain_true-unreach-call.c │ ├── test01_multi_global_true-unreach-call.c │ ├── test01_multi_true-unreach-call.c │ ├── test01_same_true-unreach-call.c │ ├── test01_true-unreach-call.c │ ├── test02_false-unreach-call.c │ ├── test02_multi_false-unreach-call.c │ └── test02_multi_global_false-unreach-call.c ├── hoare │ └── minepump_spec2_product33.min.c ├── no-data-race.prp ├── no-overflow.prp ├── observer │ ├── fake_true-unreach-call.c │ ├── junker2_nofun_true-unreach-call.c │ ├── junker2_true-unreach-call.c │ ├── junker_nofun_true-unreach-call.c │ ├── junker_true-unreach-call.c │ ├── path_nofun_true-unreach-call.c │ ├── path_true-unreach-call.c │ ├── return_nondet_false-unreach-call.c │ └── return_nondet_true-unreach-call.c ├── races │ ├── race-0_1-join_true-unreach-call.c │ ├── race-0_2-join_true-unreach-call.c │ ├── race-0_3-join_true-unreach-call.c │ ├── race-1_1-join_true-unreach-call.c │ ├── race-1_2-join_false-unreach-call.c │ └── race-1_3-join_false-unreach-call.c ├── thread │ ├── fib_1_true-unreach-call.c │ ├── inc_1_true-unreach-call.c │ └── thread_exit_true-unreach-call.c ├── unreach-call-__VERIFIER_error.prp ├── unreach-call-reach_error.prp ├── valid-memcleanup.prp └── valid-memsafety.prp ├── unit ├── analyses │ └── libraryDslTest.ml ├── cdomains │ ├── affineEqualityDomain │ │ ├── dune │ │ └── sparseImplementation │ │ │ ├── sparseMatrixImplementationTest.apron.ml │ │ │ └── sparseMatrixImplementationTest.no-apron.ml │ ├── floatDomainTest.ml │ ├── intDomainTest.ml │ ├── lvalTest.ml │ └── threadIdDomainTest.ml ├── domains │ └── mapDomainTest.ml ├── dune ├── mainTest.ml ├── maindomaintest.ml ├── solver │ └── solverTest.ml └── util │ ├── cilfacadeTest.ml │ ├── compilationDatabaseTest.ml │ └── intOpsTest.ml └── util ├── dune ├── multilibConfigure.ml ├── yamlWitnessStrip.ml ├── yamlWitnessStripCommon.ml └── yamlWitnessStripDiff.ml /.dockerignore: -------------------------------------------------------------------------------- 1 | .gitignore -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | reviewers: 8 | - "sim642" 9 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "webapp"] 2 | path = webapp 3 | url = https://github.com/vogler/goblint-webapp.git 4 | [submodule "g2html"] 5 | path = g2html 6 | url = https://github.com/goblint/g2html.git 7 | [submodule "gobview"] 8 | path = gobview 9 | url = https://github.com/goblint/gobview.git 10 | -------------------------------------------------------------------------------- /.semgrep/fun.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | - id: fun-id 3 | pattern: fun $X -> $X 4 | message: use Fun.id instead 5 | languages: [ocaml] 6 | severity: WARNING 7 | -------------------------------------------------------------------------------- /.semgrep/obj.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | - id: open-obj 3 | patterns: 4 | - pattern: open Obj 5 | message: use Obj explicitly 6 | languages: [ocaml] 7 | severity: ERROR 8 | -------------------------------------------------------------------------------- /.semgrep/option.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | - id: option-is-some-get 3 | patterns: 4 | - pattern: Option.get $O 5 | - pattern-either: 6 | - pattern-inside: if Option.is_some $O then ... 7 | - pattern-inside: if ... && Option.is_some $O then ... 8 | message: use match instead 9 | languages: [ocaml] 10 | severity: WARNING 11 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | native : 2 | 3 | % : 4 | @./make.sh $@ 5 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "ubuntu/bionic64" 6 | 7 | config.vm.provision :shell, :path => "scripts/travis-ci.sh" 8 | 9 | config.vm.provider :virtualbox do |v| 10 | v.name = "goblint testing" 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /bench/basic/dune: -------------------------------------------------------------------------------- 1 | (executables 2 | (names benchTuple4 benchSet) 3 | (optional) ; TODO: for some reason this doesn't work: `dune build` still tries to compile if benchmark missing (https://github.com/ocaml/dune/issues/4065) 4 | (libraries benchmark batteries.unthreaded)) 5 | -------------------------------------------------------------------------------- /bench/deriving/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (name benchEq) 3 | (optional) ; TODO: for some reason this doesn't work: `dune build` still tries to compile if benchmark missing (https://github.com/ocaml/dune/issues/4065) 4 | (libraries benchmark batteries.unthreaded) 5 | (preprocess (pps ppx_deriving.std))) -------------------------------------------------------------------------------- /bench/hashcons/.merlin: -------------------------------------------------------------------------------- 1 | PKG batteries benchmark 2 | -------------------------------------------------------------------------------- /bench/zarith/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (name benchZarith) 3 | (optional) ; TODO: for some reason this doesn't work: `dune build` still tries to compile if benchmark missing (https://github.com/ocaml/dune/issues/4065) 4 | (libraries benchmark zarith)) 5 | -------------------------------------------------------------------------------- /conf/dune: -------------------------------------------------------------------------------- 1 | 2 | (install 3 | (section (site (goblint conf))) 4 | (files 5 | (glob_files_rec *.json) 6 | ) 7 | ) 8 | -------------------------------------------------------------------------------- /conf/min-unsound.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "activated": [ 4 | ] 5 | } 6 | } -------------------------------------------------------------------------------- /docs/requirements.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for MkDocs and Read the Docs 2 | 3 | mkdocs==1.5.3 4 | -------------------------------------------------------------------------------- /jsfh.yml: -------------------------------------------------------------------------------- 1 | expand_buttons: true 2 | collapse_long_descriptions: false 3 | link_to_reused_ref: false 4 | -------------------------------------------------------------------------------- /lib/.gitignore: -------------------------------------------------------------------------------- 1 | # override root goblint .gitignore 2 | !goblint 3 | 4 | # copied here by sv-com/archive.sh 5 | *.a 6 | *.so 7 | LICENSE.APRON 8 | -------------------------------------------------------------------------------- /lib/goblint/dune: -------------------------------------------------------------------------------- 1 | (install 2 | (section (site (goblint lib))) 3 | (files 4 | (glob_files_rec *.h))) 5 | -------------------------------------------------------------------------------- /lib/goblint/runtime/src/dune: -------------------------------------------------------------------------------- 1 | (foreign_library 2 | (archive_name goblint) 3 | (language c) 4 | (names goblint) 5 | (include_dirs ../include)) 6 | -------------------------------------------------------------------------------- /lib/libc/dune: -------------------------------------------------------------------------------- 1 | (install 2 | (section (site (goblint lib))) 3 | (files 4 | (glob_files_rec *.h) 5 | (glob_files_rec *.c))) 6 | -------------------------------------------------------------------------------- /lib/libc/stub/include/assert.h: -------------------------------------------------------------------------------- 1 | #ifndef GOBLINT_NO_ASSERT 2 | 3 | void __goblint_assert(int expression); 4 | #undef assert 5 | #define assert(expression) __goblint_assert(expression) 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /lib/libc/stub/src/pthread.c: -------------------------------------------------------------------------------- 1 | #ifndef GOBLINT_NO_PTHREAD_ONCE 2 | #include 3 | 4 | int pthread_once(pthread_once_t *once_control,void (*init_routine)(void)) __attribute__((goblint_stub)); 5 | int pthread_once(pthread_once_t *once_control,void (*init_routine)(void)) { 6 | // Not actually once, just call it 7 | int top; 8 | init_routine(); 9 | return top; 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /lib/linux/dune: -------------------------------------------------------------------------------- 1 | (install 2 | (section (site (goblint lib))) 3 | (files 4 | (glob_files_rec *.h))) 5 | -------------------------------------------------------------------------------- /lib/linux/stub/include/linux/goblint_preconf.h: -------------------------------------------------------------------------------- 1 | #define CONFIG_DEBUG_SPINLOCK 1 2 | #define __GOBLINT__ 3 | #define MODULE 4 | -------------------------------------------------------------------------------- /lib/sv-comp/dune: -------------------------------------------------------------------------------- 1 | (install 2 | (section (site (goblint lib))) 3 | (files 4 | (glob_files_rec *.c))) 5 | -------------------------------------------------------------------------------- /scripts/bisect.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #git bisect start HEAD {last known good revision} 3 | #git bisect run ./scripts/bisect.sh 4 | ./make.sh opt || exit 125 5 | ./scripts/update_suite.rb 6 | 7 | #goblint tests/regression/01-cpa/01-expressions.c --result pretty | grep '__builtin_strncpy' 8 | #RETVAL=$(( ! $?)) 9 | #exit $RETVAL 10 | -------------------------------------------------------------------------------- /scripts/cil_input.sh: -------------------------------------------------------------------------------- 1 | set -e 2 | tmp="result/cil.c" 3 | ./goblint --enable justcil $@ | gcc -E -P - > $tmp 4 | echo "./goblint ${@:1:$#-1} $tmp" 5 | ./goblint ${@:1:$#-1} $tmp 6 | -------------------------------------------------------------------------------- /scripts/fix_patch_headers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Run from root, e.g.,: ./scripts/fix_patch_headers.sh tests/incremental/11-restart/*.patch 3 | for file in "$@" 4 | do 5 | echo $file 6 | cfile="${file%.patch}.c" 7 | efile="${cfile//\//\\/}" 8 | perl -0777 -i -pe "s/.*?@/--- $efile\n+++ $efile\n@/is" $file 9 | done 10 | -------------------------------------------------------------------------------- /scripts/trace_off.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "You can also change profile to \"dev\" in ./dune-workspace directly!" 4 | 5 | if grep -qs '(profile .*)' dune-workspace; then 6 | sed -i.bak 's/(profile .*)/(profile dev)/' dune-workspace && rm dune-workspace.bak 7 | else 8 | echo "(lang dune 2.8)" >> dune-workspace 9 | echo "(profile dev)" >> dune-workspace 10 | fi 11 | 12 | make 13 | -------------------------------------------------------------------------------- /spin/.gitignore: -------------------------------------------------------------------------------- 1 | pan* 2 | *.trail 3 | *.tmp 4 | trail.txt 5 | -------------------------------------------------------------------------------- /src/.gitignore: -------------------------------------------------------------------------------- 1 | # generated by dune 2 | .merlin 3 | -------------------------------------------------------------------------------- /src/analyses/apron/affineEqualityAnalysis.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This analysis is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/analyses/apron/apronAnalysis.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This analysis is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/analyses/apron/dune: -------------------------------------------------------------------------------- 1 | ; Workaround for workaround for alternative dependencies with unqualified subdirs. 2 | ; copy_files causes "dependency cycle that does not involve any files" otherwise 3 | (include_subdirs no) 4 | -------------------------------------------------------------------------------- /src/analyses/apron/linearTwoVarEqualityAnalysis.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This analysis is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/analyses/apron/relationAnalysis.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This analysis is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/analyses/apron/relationPriv.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This module is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/analyses/baseUtil.mli: -------------------------------------------------------------------------------- 1 | (** Basic analysis utilities. *) 2 | 3 | open GoblintCil 4 | 5 | val is_global: Queries.ask -> varinfo -> bool 6 | val is_static: varinfo -> bool 7 | val is_volatile: varinfo -> bool 8 | val is_always_unknown: varinfo -> bool 9 | val is_excluded_from_earlyglobs: varinfo -> bool 10 | val is_excluded_from_invalidation: varinfo -> bool 11 | -------------------------------------------------------------------------------- /src/apronPrecCompare.ml: -------------------------------------------------------------------------------- 1 | open Goblint_lib 2 | (* Utility program to compare precision of results of the apron analysis with different privatizations and/or differents apron domains *) 3 | (* The result files that can be compared here may be created by passing an output file name in "exp.apron.prec-dump" to Goblint *) 4 | module B = PrecCompare.MakeDump (ApronPrecCompareUtil) 5 | 6 | let () = 7 | B.main () -------------------------------------------------------------------------------- /src/arg/z3/dune: -------------------------------------------------------------------------------- 1 | ; Workaround for workaround for alternative dependencies with unqualified subdirs. 2 | ; copy_files causes "dependency cycle that does not involve any files" otherwise 3 | (include_subdirs no) 4 | -------------------------------------------------------------------------------- /src/arg/z3/violationZ3.no-z3.ml: -------------------------------------------------------------------------------- 1 | (** ARG path feasibility checking using weakest precondition and {!Z3} ({b not installed!}). *) 2 | 3 | module WP = Violation.UnknownFeasibility (* default to always unknown if no Z3 installed *) 4 | -------------------------------------------------------------------------------- /src/build-info/.gitignore: -------------------------------------------------------------------------------- 1 | config*.ml 2 | -------------------------------------------------------------------------------- /src/build-info/dune_build_info.ml: -------------------------------------------------------------------------------- 1 | let statically_linked_libraries = 2 | List.map (fun lib -> 3 | let name = Build_info.V1.Statically_linked_library.name lib in 4 | let version = Option.map Build_info.V1.Version.to_string (Build_info.V1.Statically_linked_library.version lib) in 5 | (name, version) 6 | ) (Build_info.V1.Statically_linked_libraries.to_list ()) 7 | -------------------------------------------------------------------------------- /src/build-info/dune_build_info.mli: -------------------------------------------------------------------------------- 1 | val statically_linked_libraries: (string * string option) list 2 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/addressDomain.mli: -------------------------------------------------------------------------------- 1 | (** Domains for addresses/pointers. *) 2 | 3 | include AddressDomain_intf.AddressDomain (** @inline *) 4 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/intDomain.ml: -------------------------------------------------------------------------------- 1 | include IntDomain0 2 | 3 | include IntervalDomain 4 | include IntervalSetDomain 5 | include DefExcDomain 6 | include EnumsDomain 7 | include CongruenceDomain 8 | include BitfieldDomain 9 | include IntDomTuple 10 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/intDomain.mli: -------------------------------------------------------------------------------- 1 | (** Abstract domains for C integers. *) 2 | 3 | include IntDomain_intf.IntDomain (** @inline *) 4 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/lval.ml: -------------------------------------------------------------------------------- 1 | (** Domains for {!GoblintCil.lval}. *) 2 | 3 | module Set = SetDomain.ToppedSet (CilType.Lval) (struct let topname = "All" end) 4 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/mval.mli: -------------------------------------------------------------------------------- 1 | (** Domains for mvalues: simplified lvalues, which start with a {!GoblintCil.varinfo}. 2 | Mvalues are the result of resolving {{!GoblintCil.Mem} pointer dereferences} in lvalues. *) 3 | 4 | include Mval_intf.Mval (** @inline *) 5 | -------------------------------------------------------------------------------- /src/cdomain/value/cdomains/offset.mli: -------------------------------------------------------------------------------- 1 | (** Domains for variable offsets, i.e. array indices and struct fields. *) 2 | 3 | include Offset_intf.Offset (** @inline *) 4 | -------------------------------------------------------------------------------- /src/cdomains/apron/affineEqualityDenseDomain.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | 5 | let reset_lazy () = () 6 | -------------------------------------------------------------------------------- /src/cdomains/apron/affineEqualityDomain.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | 5 | let reset_lazy () = () 6 | -------------------------------------------------------------------------------- /src/cdomains/apron/apronDomain.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | 5 | let reset_lazy () = () 6 | -------------------------------------------------------------------------------- /src/cdomains/apron/dune: -------------------------------------------------------------------------------- 1 | ; Workaround for workaround for alternative dependencies with unqualified subdirs. 2 | ; copy_files causes "dependency cycle that does not involve any files" otherwise 3 | (include_subdirs no) 4 | -------------------------------------------------------------------------------- /src/cdomains/apron/gobApron.no-apron.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goblint/analyzer/05d35cf38f419293312623795ae5b4b34a39a6ec/src/cdomains/apron/gobApron.no-apron.ml -------------------------------------------------------------------------------- /src/cdomains/apron/linearTwoVarEqualityDomain.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | 5 | let reset_lazy () = () 6 | -------------------------------------------------------------------------------- /src/cdomains/apron/relationDomain.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/cdomains/apron/sharedFunctions.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This domain is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual domain can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/cdomains/deadlockDomain.ml: -------------------------------------------------------------------------------- 1 | (** Deadlock domain. *) 2 | 3 | module Lock = LockDomain.Addr 4 | module LockEvent = Printable.Prod3 (Lock) (Node) (MCPAccess.A) 5 | 6 | module MayLockEvents = SetDomain.ToppedSet (LockEvent) (struct let topname = "All lock events" end) 7 | -------------------------------------------------------------------------------- /src/cdomains/escapeDomain.ml: -------------------------------------------------------------------------------- 1 | (** Domain for escaped thread-local variables. *) 2 | 3 | module EscapedVars = 4 | struct 5 | include SetDomain.ToppedSet (Basetype.Variables) (struct let topname = "All Variables" end) 6 | end 7 | -------------------------------------------------------------------------------- /src/common/util/resettableLazy.ml: -------------------------------------------------------------------------------- 1 | open BatCache 2 | 3 | type 'a t = (unit, 'a) manual_cache 4 | 5 | let from_fun f = make_map ~gen:f 6 | 7 | let force cache = cache.get () 8 | 9 | let reset cache = cache.del () 10 | 11 | let map f cache = from_fun (fun () -> f (force cache)) 12 | -------------------------------------------------------------------------------- /src/common/util/resettableLazy.mli: -------------------------------------------------------------------------------- 1 | (** Lazy type which can be reset to a closure. *) 2 | 3 | type 'a t 4 | 5 | val from_fun: (unit -> 'a) -> 'a t 6 | val force: 'a t -> 'a 7 | val reset: 'a t -> unit 8 | val map: ('a -> 'b) -> 'a t -> 'b t 9 | -------------------------------------------------------------------------------- /src/common/util/timing.ml: -------------------------------------------------------------------------------- 1 | (** Time measurement of computations. *) 2 | 3 | module Default = Goblint_timing.Make (struct let name = "Default" end) 4 | 5 | module Program = Goblint_timing.Make (struct let name = "Program" end) 6 | 7 | let wrap = Default.wrap 8 | -------------------------------------------------------------------------------- /src/config/afterConfig.ml: -------------------------------------------------------------------------------- 1 | (** Hooks which run after the runtime configuration is fully loaded. *) 2 | 3 | let callbacks = ref [] 4 | 5 | let register callback = 6 | callbacks := callback :: !callbacks 7 | 8 | let run () = 9 | List.iter (fun callback -> callback ()) !callbacks; 10 | callbacks := [] -------------------------------------------------------------------------------- /src/config/config.mld: -------------------------------------------------------------------------------- 1 | {0 Library goblint.config} 2 | This library is unwrapped and provides the following top-level modules. 3 | For better context, see {!Goblint_lib} which also documents these modules. 4 | 5 | 6 | {1 Framework} 7 | 8 | {2 Configuration} 9 | {!modules: 10 | GobConfig 11 | AfterConfig 12 | JsonSchema 13 | Options 14 | } 15 | -------------------------------------------------------------------------------- /src/constraint/goblint_constraint.ml: -------------------------------------------------------------------------------- 1 | (** (Side-effecting) constraint systems. *) 2 | 3 | (** {1 Specification} *) 4 | 5 | module ConstrSys = ConstrSys 6 | module SolverTypes = SolverTypes 7 | 8 | (** {2 Utilities} *) 9 | 10 | module Translators = Translators 11 | 12 | 13 | (** {1 Results} *) 14 | 15 | module VarQuery = VarQuery 16 | -------------------------------------------------------------------------------- /src/incremental/incremental.mld: -------------------------------------------------------------------------------- 1 | {0 Library goblint.incremental} 2 | This library is unwrapped and provides the following top-level modules. 3 | For better context, see {!Goblint_lib} which also documents these modules. 4 | 5 | 6 | {1 Incremental} 7 | 8 | {!modules: 9 | CompareCIL 10 | CompareAST 11 | CompareCFG 12 | UpdateCil 13 | MaxIdUtil 14 | Serialize 15 | CilMaps 16 | } 17 | -------------------------------------------------------------------------------- /src/lifters/longjmpLifter.mli: -------------------------------------------------------------------------------- 1 | (** Analysis lifter for [longjmp] and [setjmp] support. *) 2 | 3 | module Lifter: Analyses.Spec2Spec 4 | -------------------------------------------------------------------------------- /src/lifters/recursionTermLifter.mli: -------------------------------------------------------------------------------- 1 | (** Cycle detection in the context-sensitive dynamic function call graph of an analysis. *) 2 | 3 | module Lifter: Analyses.Spec2Spec 4 | -------------------------------------------------------------------------------- /src/ppx/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | -------------------------------------------------------------------------------- /src/ppx/lattice/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_deriving_lattice) 3 | (kind ppx_deriver) 4 | (libraries ppxlib ppx_easy_deriving) 5 | (preprocess (pps ppxlib.metaquot))) 6 | -------------------------------------------------------------------------------- /src/ppx/printable/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_deriving_printable) 3 | (kind ppx_deriver) 4 | (libraries ppxlib ppx_easy_deriving) 5 | (preprocess (pps ppxlib.metaquot))) 6 | -------------------------------------------------------------------------------- /src/sites/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | 3 | (library 4 | (name goblint_sites) 5 | (public_name goblint.sites) 6 | (libraries dune-site fpath)) 7 | 8 | (generate_sites_module 9 | (module dunesite) 10 | (sites goblint)) 11 | -------------------------------------------------------------------------------- /src/sites/goblint_sites.mli: -------------------------------------------------------------------------------- 1 | val lib: Fpath.t list 2 | val lib_stub_include: Fpath.t list 3 | val lib_stub_src: Fpath.t list 4 | val lib_runtime_include: Fpath.t list 5 | val lib_runtime_src: Fpath.t list 6 | val conf: Fpath.t list 7 | -------------------------------------------------------------------------------- /src/solver/solverStats.ml: -------------------------------------------------------------------------------- 1 | (** Statistics for solvers. *) 2 | 3 | let vars = ref 0 4 | let evals = ref 0 5 | let narrow_reuses = ref 0 6 | 7 | let print () = 8 | Logs.info "vars = %d evals = %d narrow_reuses = %d" !vars !evals !narrow_reuses 9 | 10 | let reset () = 11 | vars := 0; 12 | evals := 0; 13 | narrow_reuses := 0 14 | -------------------------------------------------------------------------------- /src/util/apron/apronPrecCompareUtil.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This module is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual apronPrecComapreUtil can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/util/apron/dune: -------------------------------------------------------------------------------- 1 | ; Workaround for workaround for alternative dependencies with unqualified subdirs. 2 | ; copy_files causes "dependency cycle that does not involve any files" otherwise 3 | (include_subdirs no) 4 | -------------------------------------------------------------------------------- /src/util/apron/relationPrecCompareUtil.no-apron.ml: -------------------------------------------------------------------------------- 1 | (* This module is empty on purpose. It serves only as an alternative dependency 2 | in cases where the actual apronPrecComapreUtil can't be used because of a missing library. 3 | It was added because we don't want to fully depend on Apron. *) 4 | -------------------------------------------------------------------------------- /src/util/backtrace/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | 3 | (library 4 | (name goblint_backtrace) 5 | (public_name goblint.backtrace)) 6 | -------------------------------------------------------------------------------- /src/util/dune: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/util/library/library.mld: -------------------------------------------------------------------------------- 1 | {0 Library goblint.library} 2 | This library is unwrapped and provides the following top-level modules. 3 | For better context, see {!Goblint_lib} which also documents these modules. 4 | 5 | 6 | {1 Utilities} 7 | 8 | {2 Library specification} 9 | {!modules: 10 | AccessKind 11 | LibraryDesc 12 | LibraryDsl 13 | LibraryFunctions 14 | } 15 | -------------------------------------------------------------------------------- /src/util/logs/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | 3 | (library 4 | (name goblint_logs) 5 | (public_name goblint.logs) 6 | (libraries 7 | batteries.unthreaded 8 | goblint_std 9 | goblint-cil) 10 | (flags :standard -open Goblint_std) 11 | (preprocess 12 | (pps 13 | ppx_deriving.std 14 | ppx_deriving_hash 15 | ppx_deriving_yojson)) 16 | (instrumentation (backend bisect_ppx))) 17 | -------------------------------------------------------------------------------- /src/util/loopUnrolling.mli: -------------------------------------------------------------------------------- 1 | (** Syntactic loop unrolling. *) 2 | 3 | val unroll_loops: GoblintCil.fundec -> int -> unit 4 | (** Unroll loops in a function. 5 | 6 | @param totalLoops total number of loops from autotuner *) 7 | 8 | val find_original: GoblintCil.stmt -> GoblintCil.stmt 9 | (** Find original un-unrolled instance of the statement. *) 10 | -------------------------------------------------------------------------------- /src/util/parallel/domainsafeLazy.mli: -------------------------------------------------------------------------------- 1 | (** Lazy type which protects against concurrent calls of {!force}. *) 2 | 3 | type 'a t 4 | 5 | val from_fun: (unit -> 'a) -> 'a t 6 | val from_val: 'a -> 'a t 7 | val force: 'a t -> 'a 8 | -------------------------------------------------------------------------------- /src/util/parallel/gobMutex.mli: -------------------------------------------------------------------------------- 1 | (** A mutex that supports multiple threads on a domain when parallelism is supported 2 | as detected by the presence of the [domainslib] library. It is mocked to a no-op 3 | when [domainslib] is not available for backwards compatibility. *) 4 | 5 | type t 6 | 7 | val create: unit -> t 8 | val unlock: t -> unit 9 | val lock: t -> unit 10 | -------------------------------------------------------------------------------- /src/util/parallel/gobMutex.no-domainslib.ml: -------------------------------------------------------------------------------- 1 | type state = NoOp 2 | type t = state 3 | 4 | let create () = NoOp 5 | let unlock _ = () 6 | let lock _ = () 7 | -------------------------------------------------------------------------------- /src/util/parallel/goblint_parallel.ml: -------------------------------------------------------------------------------- 1 | (** {1 Utilities for concurrency} *) 2 | 3 | module DomainsafeLazy = DomainsafeLazy 4 | 5 | module GobMutex = GobMutex 6 | 7 | module Threadpool = Threadpool 8 | 9 | (** {1 Concurrent data structures} *) 10 | 11 | module Data = Data 12 | -------------------------------------------------------------------------------- /src/util/parallel/threadpool.domainslib.ml: -------------------------------------------------------------------------------- 1 | module T = Domainslib.Task 2 | 3 | type t = T.pool 4 | type 'a promise = 'a T.promise 5 | 6 | let run = T.run 7 | 8 | let create n = T.setup_pool ~num_domains:n () 9 | 10 | let add_work pool f = T.async pool f 11 | 12 | let await_all pool promises = 13 | List.iter (T.await pool) promises 14 | 15 | let finished_with pool = T.teardown_pool pool 16 | -------------------------------------------------------------------------------- /src/util/parallel/threadpool.mli: -------------------------------------------------------------------------------- 1 | type t 2 | type 'a promise 3 | 4 | val create : int -> t 5 | val run : t -> (unit -> 'a) -> 'a 6 | val add_work : t -> (unit -> 'a) -> 'a promise 7 | val await_all : t -> unit promise list -> unit 8 | val finished_with : t -> unit 9 | 10 | -------------------------------------------------------------------------------- /src/util/parallel/threadpool.no-domainslib.ml: -------------------------------------------------------------------------------- 1 | type t = unit 2 | type 'a promise = 'a 3 | 4 | let run pool f = f () 5 | 6 | let create n = () 7 | 8 | let add_work pool f = f () 9 | 10 | let await_all pool promises = () 11 | 12 | let finished_with pool = () 13 | -------------------------------------------------------------------------------- /src/util/returnUtil.ml: -------------------------------------------------------------------------------- 1 | (** Special variable for return value. *) 2 | 3 | open GoblintCil 4 | module AD = ValueDomain.AD 5 | 6 | let return_varstore = ref dummyFunDec.svar 7 | let return_varinfo () = !return_varstore 8 | let return_var () = AD.of_var (return_varinfo ()) 9 | let return_lval (): lval = (Var (return_varinfo ()), NoOffset) 10 | 11 | let longjmp_return = ref dummyFunDec.svar -------------------------------------------------------------------------------- /src/util/std/gobRef.ml: -------------------------------------------------------------------------------- 1 | (** call [f], with [r] temporarily set to [x] *) 2 | let wrap r x = 3 | let x0 = !r in 4 | r := x; 5 | Fun.protect ~finally:(fun () -> r := x0) 6 | -------------------------------------------------------------------------------- /src/util/std/gobZ.ml: -------------------------------------------------------------------------------- 1 | type t = Z.t [@@deriving eq, ord, hash] 2 | 3 | let to_yojson z = 4 | `Intlit (Z.to_string z) 5 | 6 | let rec for_all_range f (a, b) = 7 | if Z.compare a b > 0 then 8 | true 9 | else 10 | f a && for_all_range f (Z.succ a, b) 11 | 12 | let pretty () x = GoblintCil.Pretty.text (Z.to_string x) 13 | 14 | let pp = Z.pp_print 15 | -------------------------------------------------------------------------------- /src/util/timing/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | 3 | (library 4 | (name goblint_timing) 5 | (public_name goblint.timing) 6 | (libraries catapult catapult-file domain_shims)) 7 | -------------------------------------------------------------------------------- /src/util/timing/goblint_timing.mli: -------------------------------------------------------------------------------- 1 | (** Profiling with custom hierarchical timed sections. *) 2 | 3 | include Goblint_timing_intf.Goblint_timing (** @inline *) 4 | -------------------------------------------------------------------------------- /src/util/tracing/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | 3 | (library 4 | (name goblint_tracing) 5 | (public_name goblint.tracing) 6 | (libraries 7 | goblint_parallel 8 | goblint_std 9 | goblint_logs 10 | goblint-cil 11 | goblint_build_info)) 12 | -------------------------------------------------------------------------------- /src/vendor/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs no) 2 | (vendored_dirs *) 3 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/README.md: -------------------------------------------------------------------------------- 1 | # ppx_easy_deriving 2 | 3 | Goblint vendors a subset of the unreleased [ppx_easy_deriving](https://github.com/sim642/ppx_easy_deriving) library. 4 | It only includes products, excluding simples and variants. 5 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/deriver.mli: -------------------------------------------------------------------------------- 1 | (** Registerable deriver. *) 2 | 3 | include Deriver_intf.Deriver (** @inline *) 4 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/deriver_intf.ml: -------------------------------------------------------------------------------- 1 | module type S = 2 | sig 3 | val register: unit -> Ppxlib.Deriving.t 4 | (** Register deriver with ppxlb. *) 5 | end 6 | 7 | module type Deriver = 8 | sig 9 | module type S = S 10 | 11 | module Make (_: Intf.S): S 12 | (** Make registerable deriver. *) 13 | end 14 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_easy_deriving) 3 | (libraries ppxlib ppx_deriving.api) 4 | (preprocess (pps ppxlib.metaquot))) 5 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/ppx_easy_deriving.ml: -------------------------------------------------------------------------------- 1 | (** Library for easily defining PPX derivers without boilerplate and runtime overhead. *) 2 | 3 | (** {1 Interfaces} *) 4 | 5 | include Intf (** @inline *) 6 | 7 | 8 | (** {1 Deriver} *) 9 | 10 | module Deriver = Deriver 11 | 12 | 13 | (** {1 Easier constructs} *) 14 | 15 | module Product = Product 16 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/product.mli: -------------------------------------------------------------------------------- 1 | (** Product derivers which unify tuple and record derivers. *) 2 | 3 | include Product_intf.Product (** @inline *) 4 | -------------------------------------------------------------------------------- /src/vendor/ppx_easy_deriving/util.mli: -------------------------------------------------------------------------------- 1 | (** Utility functions. *) 2 | 3 | val reduce: unit:'a -> both:('a -> 'a -> 'a) -> 'a list -> 'a 4 | (** Reduce a list of values "optimally", 5 | i.e. without unnecessary [~unit] and [~both]. *) 6 | 7 | val map3: ('a -> 'b -> 'c -> 'd) -> 'a list -> 'b list -> 'c list -> 'd list 8 | (** Map three lists into one. *) 9 | -------------------------------------------------------------------------------- /src/vendor/zarith/dune: -------------------------------------------------------------------------------- 1 | ; Z_mlgmpidl module vendored from zarith, which doesn't package it 2 | (library 3 | (name zarith_mlgmpidl) 4 | (public_name goblint.zarith.mlgmpidl) 5 | (optional) 6 | (wrapped false) 7 | (libraries zarith gmp)) 8 | -------------------------------------------------------------------------------- /tests/extraction/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (alias runcramtest) 3 | (enabled_if %{bin-available:spin}) 4 | (deps (package goblint) (glob_files *.c) (source_tree ../../spin))) 5 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/00-local.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int x = 1; 5 | __goblint_check(x == 1); // success before, success after 6 | return 0; 7 | } -------------------------------------------------------------------------------- /tests/incremental/00-basic/00-local.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/00-basic/01-global.c: -------------------------------------------------------------------------------- 1 | // Previosuly, the function was erroneously not reanalyzed when the global initializer/the start state changed 2 | // when hash-consing is activated. 3 | // NOCHECK 4 | int g = 0; 5 | 6 | int main(){ 7 | int x = g; 8 | return x; 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/01-global.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana":{ 3 | "opt":{ 4 | "hashcons": true 5 | } 6 | }, 7 | "exp":{ 8 | "earlyglobs": true 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/02-changed_start_state1.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "base" : { 4 | "privatization": "none" 5 | } 6 | }, 7 | "exp": { 8 | "earlyglobs": true 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/03-changed_start_state2.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "base": { 4 | "context": { 5 | "int": false 6 | } 7 | } 8 | }, 9 | "incremental": { 10 | "restart": { 11 | "sided": { 12 | "enabled": true 13 | } 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/04-rename_ids.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | int a; 3 | void b(); 4 | void c(); 5 | main() { b(); c(); } 6 | void d(); 7 | void c() { 8 | switch (a) { 9 | case 2: 10 | d(); 11 | } 12 | b(); 13 | } 14 | void d() {} 15 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/04-rename_ids.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/04-rename_ids.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/00-basic/04-rename_ids.c 2 | +++ tests/incremental/00-basic/04-rename_ids.c 3 | @@ -6,6 +6,7 @@ void d(); 4 | void c() { 5 | switch (a) { 6 | case 2: 7 | + case 3: 8 | d(); 9 | } 10 | b(); 11 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/05-sideeffects.json: -------------------------------------------------------------------------------- 1 | { 2 | "exp": { 3 | "earlyglobs": true 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/05-sideeffects.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goblint/analyzer/05d35cf38f419293312623795ae5b4b34a39a6ec/tests/incremental/00-basic/05-sideeffects.patch -------------------------------------------------------------------------------- /tests/incremental/00-basic/06-threadid.json: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/07-dead-branch.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void foo() { 4 | 5 | } 6 | 7 | int main() { 8 | int a = 1; 9 | 10 | if (a) // WARN 11 | __goblint_check(a); 12 | 13 | foo(); 14 | 15 | return 0; 16 | } -------------------------------------------------------------------------------- /tests/incremental/00-basic/07-dead-branch.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "dead-code": { 4 | "branches": true 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/07-dead-branch.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/00-basic/07-dead-branch.c 2 | +++ tests/incremental/00-basic/07-dead-branch.c 3 | @@ -1,7 +1,7 @@ 4 | #include 5 | 6 | void foo() { 7 | - 8 | + __goblint_check(1); 9 | } 10 | 11 | int main() { 12 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/08-refine_interval_with_def_exc.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true, 5 | "refinement": "once" 6 | } 7 | }, 8 | "solver": "td3" 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/09-unreach.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void foo() { 4 | int x = 2; 5 | __goblint_check(x == 3); //FAIL 6 | } 7 | 8 | int main() { 9 | int a = 1; 10 | 11 | foo(); 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/09-unreach.json: -------------------------------------------------------------------------------- 1 | { 2 | "warn": { 3 | "debug": true 4 | }, 5 | "incremental" : { 6 | "postsolver": { 7 | "enabled": true 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/09-unreach.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/00-basic/09-unreach.c 2 | +++ tests/incremental/00-basic/09-unreach.c 3 | @@ -2,13 +2,12 @@ 4 | 5 | void foo() { 6 | int x = 2; 7 | - __goblint_check(x == 3); //FAIL 8 | + __goblint_check(x == 3); //NOWARN 9 | } 10 | 11 | int main() { 12 | int a = 1; 13 | 14 | - foo(); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/10-reach.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void foo() { 5 | int x = 2; 6 | __goblint_check(x == 2); 7 | } 8 | 9 | int main() { 10 | pthread_t id; 11 | pthread_create(&id, NULL, foo, NULL); // just go multithreaded 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/10-reach.json: -------------------------------------------------------------------------------- 1 | { 2 | "warn": { 3 | "debug": true 4 | }, 5 | "incremental" : { 6 | "postsolver": { 7 | "enabled": true 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/10-reach.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goblint/analyzer/05d35cf38f419293312623795ae5b4b34a39a6ec/tests/incremental/00-basic/10-reach.patch -------------------------------------------------------------------------------- /tests/incremental/00-basic/11-unreach-reusesuper.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void foo() { 4 | int x = 2; 5 | __goblint_check(x == 3); //FAIL 6 | } 7 | 8 | int main() { 9 | int a = 1; 10 | 11 | foo(); 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/11-unreach-reusesuper.json: -------------------------------------------------------------------------------- 1 | { 2 | "warn": { 3 | "debug": true 4 | }, 5 | "incremental" : { 6 | "postsolver": { 7 | "enabled": true, 8 | "superstable-reached" : true 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/12-rec-type.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "compare": "ast" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/13-anonymous-compound.json: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/14-struct.json: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /tests/incremental/00-basic/15-reluctant-test.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "enums": true 5 | } 6 | }, 7 | "incremental": { 8 | "reluctant": { 9 | "enabled": true 10 | } 11 | }, 12 | "exp": { 13 | "earlyglobs": true 14 | } 15 | } -------------------------------------------------------------------------------- /tests/incremental/01-force-reanalyze/00-int.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f(int in){ 4 | while(in < 17) { 5 | in++; 6 | } 7 | __goblint_check(in == 17); //UNKNOWN 8 | return in; 9 | } 10 | 11 | int main() { 12 | int a = 0; 13 | __goblint_check(a); // FAIL! 14 | a = f(a); 15 | __goblint_check(a == 17); //UNKNOWN 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/01-force-reanalyze/01-int-reluctant.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f(int in){ 4 | while(in < 17) { 5 | in++; 6 | } 7 | __goblint_check(in == 17); //UNKNOWN 8 | return in; 9 | } 10 | 11 | int main() { 12 | int a = 0; 13 | __goblint_check(a); // FAIL! 14 | a = f(a); 15 | __goblint_check(a == 17); //UNKNOWN 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/00-infinite-loop.c: -------------------------------------------------------------------------------- 1 | void main() 2 | { int x; 3 | int y = 0; 4 | 5 | __goblint_check(y==0); 6 | 7 | while (1) { 8 | if (x) { 9 | y++; 10 | } else { 11 | y--; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/00-infinite-loop.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/00-infinite-loop.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/02-cfg-comparison/00-infinite-loop.c 2 | +++ tests/incremental/02-cfg-comparison/00-infinite-loop.c 3 | @@ -11,4 +11,5 @@ void main() 4 | y--; 5 | } 6 | } 7 | + return; 8 | } 9 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/01-added-return-stmt.c: -------------------------------------------------------------------------------- 1 | void main() { 2 | int y = 0; 3 | label: 4 | __goblint_check(y==0); 5 | goto label; 6 | y++; 7 | } 8 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/01-added-return-stmt.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/01-added-return-stmt.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/02-cfg-comparison/01-added-return-stmt.c 2 | +++ tests/incremental/02-cfg-comparison/01-added-return-stmt.c 3 | @@ -4,4 +4,5 @@ void main() { 4 | __goblint_check(y==0); 5 | goto label; 6 | y++; 7 | + return; 8 | } 9 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/02-added-return-after-exit.c: -------------------------------------------------------------------------------- 1 | void main() { 2 | int y = 0; 3 | __goblint_check(y==0); 4 | y++; 5 | exit(0); 6 | } 7 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/02-added-return-after-exit.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/02-cfg-comparison/02-added-return-after-exit.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/02-cfg-comparison/02-added-return-after-exit.c 2 | +++ tests/incremental/02-cfg-comparison/02-added-return-after-exit.c 3 | @@ -3,4 +3,5 @@ void main() { 4 | __goblint_check(y==0); 5 | y++; 6 | exit(0); 7 | + return; 8 | } 9 | -------------------------------------------------------------------------------- /tests/incremental/03-precision-annotation/01-change_precision.json: -------------------------------------------------------------------------------- 1 | { 2 | "annotation": { 3 | "int": { 4 | "enabled": true 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /tests/incremental/03-precision-annotation/02-reluctant-int-annotation.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int f(int in){ 4 | while(in < 17) { 5 | in++; 6 | } 7 | __goblint_check(in == 17); //UNKNOWN 8 | return in; 9 | } 10 | 11 | int main() { 12 | int a = 0; 13 | __goblint_check(a); // FAIL! 14 | a = f(a); 15 | __goblint_check(a == 17); //UNKNOWN 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/01-rename_and_shuffle.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | // a is renamed to c, but the usage of a is replaced by b (semantic changes) 4 | int main() { 5 | int a = 0; 6 | int b = 1; 7 | 8 | printf("Print %d", a); 9 | 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/01-rename_and_shuffle.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/02-rename_with_usage.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | //a is renamed to c, but its usages stay the same 4 | int main() { 5 | int a = 0; 6 | int b = 1; 7 | 8 | printf("Print %d", a); 9 | 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/02-rename_with_usage.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/03-renamed_assert.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | // local var used in assert is renamed (no semantic changes) 4 | int main() { 5 | int myVar = 0; 6 | 7 | __goblint_check(myVar < 11); 8 | 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/03-renamed_assert.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/04-renamed_param.c: -------------------------------------------------------------------------------- 1 | // function param is renamed (no semantic changes) 2 | // CRAM 3 | void method(int a) { 4 | int c = a; 5 | } 6 | 7 | int main() { 8 | method(0); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/04-renamed_param.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/04-renamed_param.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/04-var-rename/04-renamed_param.c 2 | +++ tests/incremental/04-var-rename/04-renamed_param.c 3 | @@ -2,5 +2,5 @@ 4 | // CRAM 5 | -void method(int a) { 6 | - int c = a; 7 | +void method(int b) { 8 | + int c = b; 9 | } 10 | 11 | int main() { 12 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/05-renamed_param_usage_changed.c: -------------------------------------------------------------------------------- 1 | //This test should mark foo and main as changed 2 | // CRAM 3 | void foo(int a, int b) { 4 | int x = a; 5 | int y = b; 6 | } 7 | 8 | int main() { 9 | foo(3, 4); 10 | return 0; 11 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/05-renamed_param_usage_changed.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.{c,json,patch}) (sandbox preserve_file_kind))) 3 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/multiple_incremental_runs/08-2_incremental_runs.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/multiple_incremental_runs/08-2_incremental_runs_1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int varFirstIteration = 0; 5 | 6 | varFirstIteration++; 7 | 8 | __goblint_check(varFirstIteration < 10); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/04-var-rename/multiple_incremental_runs/09-2_ir_with_changes.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/00-simple_rename.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void foo() { 4 | printf("foo"); 5 | } 6 | 7 | int main() { 8 | foo(); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/00-simple_rename.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/00-simple_rename.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/05-method-rename/00-simple_rename.c 2 | +++ tests/incremental/05-method-rename/00-simple_rename.c 3 | @@ -1,10 +1,10 @@ 4 | #include 5 | // CRAM 6 | -void foo() { 7 | +void bar() { 8 | printf("foo"); 9 | } 10 | 11 | int main() { 12 | - foo(); 13 | + bar(); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/01-dependent_rename.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void fun1() { 4 | printf("fun1"); 5 | } 6 | 7 | void fun2() { 8 | fun1(); 9 | } 10 | 11 | int main() { 12 | fun2(); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/01-dependent_rename.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/02-cyclic_rename_dependency.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void foo1(int c) { 4 | if (c < 10) foo2(c + 1); 5 | } 6 | 7 | void foo2(int c) { 8 | if (c < 10) foo1(c + 1); 9 | } 10 | 11 | int main() { 12 | foo1(0); 13 | foo2(0); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/02-cyclic_rename_dependency.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/03-cyclic_with_swap.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void foo1(int c) { 4 | if (c < 10) foo2(c + 1); 5 | } 6 | 7 | void foo2(int c) { 8 | if (c < 10) foo1(c + 1); 9 | } 10 | 11 | int main() { 12 | foo1(0); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/03-cyclic_with_swap.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/04-deep_change.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void zap() { 4 | printf("zap"); 5 | } 6 | 7 | void bar() { 8 | zap(); 9 | } 10 | 11 | void foo() { 12 | bar(); 13 | } 14 | 15 | int main() { 16 | foo(); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/04-deep_change.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/04-deep_change.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/05-method-rename/04-deep_change.c 2 | +++ tests/incremental/05-method-rename/04-deep_change.c 3 | @@ -1,7 +1,7 @@ 4 | #include 5 | // CRAM 6 | void zap() { 7 | - printf("zap"); 8 | + printf("drap"); 9 | } 10 | 11 | void bar() { 12 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/05-common_rename.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | void foo() { 4 | printf("foo"); 5 | } 6 | 7 | void fun1() { 8 | foo(); 9 | } 10 | 11 | void fun2() { 12 | foo(); 13 | } 14 | 15 | int main() { 16 | fun1(); 17 | fun2(); 18 | foo(); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/05-common_rename.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/06-recursive_rename.c: -------------------------------------------------------------------------------- 1 | // CRAM 2 | void foo(int x) { 3 | if(x > 1) foo(x - 1); 4 | } 5 | 6 | int main() { 7 | foo(10); 8 | } 9 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/06-recursive_rename.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/05-method-rename/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.{c,json,patch}) (sandbox preserve_file_kind))) 3 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/00-simple_rename.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | int foo = 1; 4 | 5 | int main() { 6 | printf("%d", foo); 7 | 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/00-simple_rename.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/00-simple_rename.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/06-glob-var-rename/00-simple_rename.c 2 | +++ tests/incremental/06-glob-var-rename/00-simple_rename.c 3 | @@ -1,9 +1,9 @@ 4 | #include 5 | // CRAM 6 | -int foo = 1; 7 | +int bar = 1; 8 | 9 | int main() { 10 | - printf("%d", foo); 11 | + printf("%d", bar); 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/01-duplicate_local_global.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | int foo = 1; 4 | 5 | int main() { 6 | 7 | printf("%d", foo); 8 | 9 | int foo = 2; 10 | 11 | printf("%d", foo); 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/01-duplicate_local_global.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/02-add_new_gvar.c: -------------------------------------------------------------------------------- 1 | #include 2 | // CRAM 3 | int myVar = 1; 4 | 5 | int main() { 6 | printf("%d", myVar); 7 | printf("%d", myVar); 8 | } 9 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/02-add_new_gvar.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } 4 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/02-add_new_gvar.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/06-glob-var-rename/02-add_new_gvar.c 2 | +++ tests/incremental/06-glob-var-rename/02-add_new_gvar.c 3 | @@ -1,8 +1,9 @@ 4 | #include 5 | // CRAM 6 | int myVar = 1; 7 | +int foo = 1; 8 | 9 | int main() { 10 | printf("%d", myVar); 11 | - printf("%d", myVar); 12 | + printf("%d", foo); 13 | } 14 | -------------------------------------------------------------------------------- /tests/incremental/06-glob-var-rename/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.{c,json,patch}) (sandbox preserve_file_kind))) 3 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/00-justglob.c: -------------------------------------------------------------------------------- 1 | int max_domains = 0; 2 | int main() {} 3 | // CRAM 4 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/00-justglob.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/00-justglob.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/11-restart/00-justglob.c 2 | +++ tests/incremental/11-restart/00-justglob.c 3 | @@ -1,2 +1,2 @@ 4 | -int max_domains = 0; 5 | +int max_domains = 4; 6 | int main() {} 7 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/01-global-nochange.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true 5 | } 6 | } 7 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/01-global-nochange.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/11-restart/01-global-nochange.c 2 | +++ tests/incremental/11-restart/01-global-nochange.c 3 | @@ -2,7 +2,7 @@ 4 | #include 5 | 6 | int g = 1; 7 | - 8 | +// cmt 9 | void* t_fun(void *arg) { 10 | g = 2; 11 | return NULL; 12 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/02-global-remove.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true 6 | } 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/03-global-change.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true 5 | } 6 | }, 7 | "incremental": { 8 | "restart": { 9 | "sided": { 10 | "enabled": true 11 | } 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/04-global-add.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int g = 1; 5 | 6 | void* t_fun(void *arg) { 7 | 8 | return NULL; 9 | } 10 | 11 | int main() { 12 | pthread_t id; 13 | pthread_create(&id, NULL, t_fun, NULL); // just go multithreaded 14 | 15 | __goblint_check(g == 1); // SUCCESS before, unknown after 16 | return 0; 17 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/04-global-add.json: -------------------------------------------------------------------------------- 1 | { 2 | 3 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/07-local-wpoint-nochange.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true 5 | } 6 | }, 7 | "incremental": { 8 | "wpoint": false 9 | } 10 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/07-local-wpoint-nochange.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goblint/analyzer/05d35cf38f419293312623795ae5b4b34a39a6ec/tests/incremental/11-restart/07-local-wpoint-nochange.patch -------------------------------------------------------------------------------- /tests/incremental/11-restart/08-side-restart.patch: -------------------------------------------------------------------------------- 1 | --- tests/incremental/11-restart/08-side-restart.c 2 | +++ tests/incremental/11-restart/08-side-restart.c 3 | @@ -10,7 +10,7 @@ void* t_fun1(void *arg) { 4 | } 5 | 6 | void* t_fun2(void *arg) { 7 | - g = 0; 8 | + 9 | return NULL; 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/09-call-remove.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true 6 | } 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/11-paper-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true 5 | } 6 | }, 7 | "incremental": { 8 | "restart": { 9 | "sided": { 10 | "enabled": true 11 | } 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/12-mutex-simple-access.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true, 6 | "vars": "write-only", 7 | "fuel": 1 8 | }, 9 | "write-only": false 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/13-changed_start_state2.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "base": { 4 | "context": { 5 | "int": false 6 | } 7 | } 8 | }, 9 | "incremental": { 10 | "restart": { 11 | "sided": { 12 | "enabled": true, 13 | "vars": "write-only" 14 | } 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/14-mutex-simple-wrap2.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true, 6 | "fuel": 2 7 | }, 8 | "write-only": false 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/15-mutex-simple-wrap1.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true, 6 | "fuel": 1 7 | }, 8 | "write-only": false 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/incremental/11-restart/16-mutex-simple-wrap1-global.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true, 6 | "fuel": 1, 7 | "fuel-only-global": true 8 | }, 9 | "write-only": false 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/17-mutex-simple-fuel.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": true, 6 | "fuel": 1 7 | }, 8 | "write-only": false 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /tests/incremental/11-restart/48-local-wpoint-funcall.json: -------------------------------------------------------------------------------- 1 | { 2 | "ana": { 3 | "int": { 4 | "interval": true 5 | } 6 | }, 7 | "solvers": { 8 | "td3": { 9 | "restart": { 10 | "wpoint": { 11 | "enabled": true, 12 | "once": true 13 | } 14 | } 15 | } 16 | } 17 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/01-mutex-simple.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/02-mutex-simple-wrap.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/03-mutex-simple-nochange.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/03-mutex-simple-nochange.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goblint/analyzer/05d35cf38f419293312623795ae5b4b34a39a6ec/tests/incremental/13-restart-write/03-mutex-simple-nochange.patch -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/05-race-call-remove.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int g; 4 | 5 | void *t_fun(void *arg) { 6 | g++; // RACE! 7 | return NULL; 8 | } 9 | 10 | void foo() { 11 | g++; // RACE! 12 | } 13 | 14 | int main() { 15 | pthread_t id; 16 | pthread_create(&id, NULL, t_fun, NULL); 17 | foo(); 18 | return 0; 19 | } 20 | -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/05-race-call-remove.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | } 8 | }, 9 | "ana": { 10 | "thread": { 11 | "include-node": false 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/06-mutex-simple-reluctant.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | }, 8 | "reluctant": { 9 | "enabled": true 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/07-mutex-simple-reluctant2.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | }, 8 | "reluctant": { 9 | "enabled": true 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/08-mutex-simple-reluctant3.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | } 7 | }, 8 | "reluctant": { 9 | "enabled": true 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/09-mutex-self-fix.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | pthread_mutex_t A = PTHREAD_MUTEX_INITIALIZER; 4 | int g; 5 | 6 | void *t_fun(void *arg) { 7 | g++; // RACE! 8 | return NULL; 9 | } 10 | 11 | int main() { 12 | pthread_t id; 13 | while (1) { 14 | pthread_create(&id, NULL, t_fun, NULL); 15 | } 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/incremental/13-restart-write/09-mutex-self-fix.json: -------------------------------------------------------------------------------- 1 | { 2 | "incremental": { 3 | "restart": { 4 | "sided": { 5 | "enabled": false 6 | }, 7 | "write-only": true 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/incremental/14-manual-restart/01-restart_manual_simple.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int g = 4; 4 | 5 | int main() { 6 | int x = g; 7 | __goblint_check(x == 4); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/incremental/14-manual-restart/01-restart_manual_simple.json: -------------------------------------------------------------------------------- 1 | { 2 | "exp": { 3 | "earlyglobs": true 4 | }, 5 | "incremental": { 6 | "restart": { 7 | "sided": { 8 | "enabled": false 9 | }, 10 | "list": [] 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/incremental/14-manual-restart/02-read_write_global.c: -------------------------------------------------------------------------------- 1 | int g = 0; 2 | 3 | void foo(){ 4 | g = 1; 5 | } 6 | 7 | void bar(){ 8 | int x = g; 9 | __goblint_check(x % 2 == 0); // UNKNOWN (imprecision caused by earlyglobs) 10 | } 11 | 12 | int main(){ 13 | foo(); 14 | bar(); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/incremental/14-manual-restart/03-partial_contexts.c: -------------------------------------------------------------------------------- 1 | #include 2 | int foo(int x){ 3 | return x; 4 | } 5 | 6 | int main(){ 7 | int x = 12; 8 | int y = foo(x); 9 | __goblint_check(x == y); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/incremental/14-manual-restart/04-restarting_and_aborting.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int g = 0; 4 | 5 | void foo(){ 6 | g = 1; 7 | } 8 | 9 | void bar(){ 10 | int x = g; 11 | __goblint_check(x != 0); // UNKNOWN (imprecision caused by earlyglobs) 12 | } 13 | 14 | int main(){ 15 | foo(); 16 | bar(); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/others/cilbug.c: -------------------------------------------------------------------------------- 1 | void f(int a); 2 | void f(int c){ 3 | int x = c; 4 | } 5 | void f(int b); 6 | 7 | int main(){ 8 | // cil bug: f.sformals now contains a/b instead of c? -> not the case... 9 | f(1); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/others/nocompile.c: -------------------------------------------------------------------------------- 1 | int f(int a, int b){ 2 | int x = b; 3 | int y = x+1; 4 | return a; 5 | } 6 | int main(){ 7 | return f(1); 8 | } 9 | -------------------------------------------------------------------------------- /tests/others/noterm.c: -------------------------------------------------------------------------------- 1 | int i = 0; 2 | 3 | int main () { 4 | while(1) 5 | i++; 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /tests/others/vararg.c: -------------------------------------------------------------------------------- 1 | // This function sets all varargs to the given x 2 | void maja (int x, ...) { 3 | va_list args; 4 | int *i; 5 | va_start(args, x); 6 | i = va_arg(args, int*); 7 | va_end(args); 8 | *i = x; 9 | return; 10 | } 11 | 12 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/02-minimal.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | __goblint_check(1); // reachable, formerly TERM 3 | return 0; 4 | } 5 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/03-no_succ.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | __goblint_check(1); // reachable, formerly TERM 3 | return 0; 4 | } 5 | 6 | void f() { 7 | return; 8 | 9 | switch (1) { 10 | case 1:; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/04-empty_if.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() 4 | { 5 | int i; 6 | if (i); 7 | ++ i; 8 | __goblint_check(i); // UNKNOWN! 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/05-inf_loop.c: -------------------------------------------------------------------------------- 1 | int main() 2 | { 3 | while (1); 4 | __goblint_check(0); // NOWARN (unreachable), formerly NONTERM 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/06-term1.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | int i; 3 | while (1); 4 | __goblint_check(0); // NOWARN (unreachable), formerly NONTERM 5 | //return 0; // with this line it is okay) 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/07-term2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void f() { 4 | exit(0); 5 | } 6 | 7 | int main() { 8 | while (1); 9 | __goblint_check(0); // NOWARN (unreachable), formerly NONTERM 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/08-asm_nop.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | __asm__ ("nop"); 3 | __goblint_check(1); // reachable, formerly TERM 4 | return (0); 5 | } 6 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/10-loop_label.c: -------------------------------------------------------------------------------- 1 | int main () { 2 | while (1) { 3 | while_1_continue: /* CIL label */ ; 4 | } 5 | __goblint_check(0); // NOWARN (unreachable), formerly NONTERM 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/11-loop_race.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set allfuns true 2 | 3 | /*extern void g(void);*/ 4 | 5 | int x; 6 | 7 | void f() { 8 | int i; 9 | while (1) { 10 | x++; // RACE! 11 | } 12 | i = 0; 13 | } 14 | 15 | int main () { 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/12-errno.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(){ 5 | errno = 1; 6 | __goblint_check(errno); // UNKNOWN! 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/13-sans_context.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.ctx_insens[+] base 2 | #include 3 | 4 | void f(int v, int i){ 5 | __goblint_check(v == 2); 6 | __goblint_check(i*i == 9); // UNKNOWN 7 | } 8 | 9 | int main(){ 10 | f(2,-3); 11 | f(2, 3); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/14-startstate.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set kernel true 2 | #include 3 | #include 4 | 5 | int __init start (unsigned count) { 6 | if (count) 7 | return -1; 8 | __goblint_check(0); // FAIL 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/15-unused_arg.c: -------------------------------------------------------------------------------- 1 | int glob = 0; 2 | 3 | void f() { 4 | glob++; // NOWARN! 5 | } 6 | 7 | void (*fptr)(void) = f; 8 | 9 | int g(void (*ptr)(void)) { 10 | return 0; 11 | } 12 | 13 | int main() { 14 | g(fptr); 15 | return glob; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/17-constructors.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int g=0; 4 | 5 | void c() __attribute__((__constructor__)) ; 6 | void c(){ 7 | g = 10; 8 | } 9 | 10 | int main(){ 11 | __goblint_check(g==10); 12 | return 0; 13 | } -------------------------------------------------------------------------------- /tests/regression/00-sanity/24-update_suite.c: -------------------------------------------------------------------------------- 1 | // SKIP (just for manually testing that update_suite works) 2 | #include 3 | 4 | int main() { 5 | int x = 42; 6 | // Should fail with: Expected unknown, but registered success 7 | __goblint_check(x == 42); // UNKNOWN 8 | 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/27-uncalled.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | return 0; 3 | } 4 | 5 | void foo() { // WARN 6 | 7 | } -------------------------------------------------------------------------------- /tests/regression/00-sanity/29-earlyglobs-insens.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.ctx_insens[+] base --enable exp.earlyglobs 2 | // NOCRASH 3 | int main() {} 4 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/32-check.c: -------------------------------------------------------------------------------- 1 | // just a few sanity checks on checks 2 | #include 3 | 4 | int main() { 5 | int success = 1; 6 | int silence = 1; 7 | int fail = 0; 8 | int unknown; 9 | __goblint_check(success); 10 | __goblint_check(fail); // FAIL! 11 | __goblint_check(unknown == 4); // UNKNOWN! 12 | return 0; 13 | __goblint_check(silence); // NOWARN! 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/37-long-double.c: -------------------------------------------------------------------------------- 1 | // CRAM 2 | int main() { 3 | long double l = 0.0L; 4 | return (int)l; 5 | } 6 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/37-long-double.t: -------------------------------------------------------------------------------- 1 | Testing that there isn't a warning about treating long double as double constant. 2 | $ goblint 37-long-double.c 3 | [Info][Deadcode] Logical lines of code (LLoC) summary: 4 | live: 3 5 | dead: 0 6 | total lines: 3 7 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/38-evalfunvar-dead.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int (*fp)(void) = &rand; 5 | abort(); 6 | fp(); // NOWARN (No suitable function to call) 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/41-both_branches-2.c: -------------------------------------------------------------------------------- 1 | // PARAM: --disable sem.unknown_function.invalidate.globals 2 | #include 3 | struct S { 4 | int *f[1]; 5 | }; 6 | 7 | int main() { 8 | struct S* s; 9 | s = magic(); 10 | 11 | int *p = s->f[0]; 12 | if (p) 13 | __goblint_check(1); // reachable 14 | else 15 | __goblint_check(1); // reachable 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/51-base-special-lval.c: -------------------------------------------------------------------------------- 1 | // Making sure special function lval is not invalidated recursively 2 | #include 3 | 4 | extern int * anIntPlease(); 5 | int main() { 6 | int x = 0; 7 | int *p = &x; 8 | p = anIntPlease(); 9 | 10 | __goblint_check(x == 0); 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/52-thread-unsafe-libfuns-single-thread.t: -------------------------------------------------------------------------------- 1 | $ goblint --enable allglobs --set ana.activated[+] threadJoins 52-thread-unsafe-libfuns-single-thread.c 2 | [Info][Deadcode] Logical lines of code (LLoC) summary: 3 | live: 8 4 | dead: 0 5 | total lines: 8 6 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/53-ptr-and-int.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main () 3 | { 4 | int x; 5 | int three = 3; 6 | 7 | int y = (three == &x); 8 | 9 | // &x equaling the constant 3 is exceedingly unlikely 10 | __goblint_check(y == 1); //UNKNOWN! 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/00-sanity/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | 4 | (cram 5 | (applies_to 19-if-0 20-if-0-realnode 21-empty-loops) 6 | (enabled_if %{bin-available:graph-easy}) 7 | (deps 8 | %{bin:cfgDot})) 9 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/12-bool.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | int x; 6 | bool y; 7 | x = 4; 8 | y = true; 9 | __goblint_check(y); 10 | return x; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/14-vararg.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int kala (int x, ...) { 6 | return x; 7 | } 8 | 9 | int main () { 10 | int i = 0; 11 | i = kala(3); 12 | __goblint_check(i==3); 13 | 14 | i = kala(2, 5); 15 | __goblint_check(i==2); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/15-break.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | main () { 5 | int sum = 0, k = 7; 6 | int i; 7 | for (i = 0; i < 100; i++) { 8 | if (i < 11) 9 | sum += i; 10 | else 11 | break; 12 | } 13 | printf("%d\n",sum); 14 | __goblint_check(sum == 1); // UNKNOWN 15 | __goblint_check(k == 7); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/16-exit.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | main () { 6 | int x; 7 | scanf("%d",&x); 8 | if (x != 7) { 9 | printf("Immediate exit.\n"); 10 | exit(0); 11 | } 12 | printf("The number was not zero.\n"); 13 | __goblint_check(x == 7); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/21-strings.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(){ 4 | char *str = "0123456789"; 5 | char c1 = str[1]; 6 | char **strh; 7 | strh = &str; 8 | c1 = (*strh)[1]; 9 | str[2] = '3'; 10 | __goblint_check(c1 == '1'); // UNKNOWN 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/25-ptr_problem.c: -------------------------------------------------------------------------------- 1 | // SKIP 2 | // Out of bound accesses 3 | #include 4 | int main() 5 | { 6 | int x, y, z[2]; 7 | int *p = &x; 8 | ++ p; 9 | __goblint_check(p == &y); // UNKNOWN 10 | 11 | p = &z[-1]; 12 | __goblint_check(p == &y); // UNKNOWN 13 | 14 | p = &z[y]; 15 | __goblint_check(p == &z[y]); // UNKNOWN 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/26-const_ptr.c: -------------------------------------------------------------------------------- 1 | // SKIP! 2 | #include 3 | extern void f(int* const*); 4 | int main() 5 | { 6 | int n = 0; 7 | int* pn = &n; 8 | int* t = pn; 9 | f(&pn); 10 | __goblint_check(n); // UNKNOWN! 11 | __goblint_check(pn == t); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/29-fun_struct_array.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void QQ(){ 4 | } 5 | 6 | struct a{ 7 | int aa; 8 | int qq; 9 | }; 10 | 11 | int main(){ 12 | int i = 1; 13 | 14 | struct a A[1] = {50, (unsigned long)&QQ}; 15 | 16 | __goblint_check(A[0].aa == 50); 17 | __goblint_check(A[0].qq == (unsigned long)&QQ); // UNKNOWN 18 | 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/30-extern_var.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int q; 4 | 5 | int main(){ 6 | int i = q ? 1 : 2 ; 7 | __goblint_check(0); // FAIL 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/35-intervals.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --disable ana.int.def_exc --disable ana.int.enums 2 | #include 3 | 4 | void main(){ 5 | int n = 7; 6 | for (; n; n--) { 7 | __goblint_check(n==1); // UNKNOWN! 8 | } 9 | int i; 10 | if(i-1){ 11 | __goblint_check(i==2); // UNKNOWN! 12 | } 13 | return; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/36-interval-branching.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --disable ana.int.def_exc 2 | #include 3 | #include 4 | int main(){ 5 | int i; 6 | if(i<0){ 7 | __goblint_check(i<0); 8 | } else { 9 | __goblint_check(i>=0); 10 | } 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/38-enum.c: -------------------------------------------------------------------------------- 1 | // PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.enums 2 | void main(){ 3 | int n = 1; 4 | for (; n; n++) { // FIXPOINT: previously fixed point not reached here 5 | } 6 | return; 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/41-cast_in_equal_comp.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main(){ 3 | signed char x; 4 | unsigned char y; 5 | 6 | // y = 224; 7 | x = -32; 8 | if (((signed short)y) == x ) 9 | { 10 | // Unreachable 11 | x = 12; 12 | } 13 | __goblint_check(x== -32); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/42-non-injective-mult-def-exc.c: -------------------------------------------------------------------------------- 1 | //PARAM: --enable ana.int.def_exc 2 | #include 3 | 4 | int main() { 5 | unsigned int top; 6 | unsigned int x; 7 | 8 | if (top == 3){ 9 | return 0; 10 | } 11 | 12 | x = top * 1073741824u; 13 | __goblint_check(x != 3221225472u); // UNKNOWN! 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/50-earlyglobs_precious.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set exp.earlyglobs true --set exp.exclude_from_earlyglobs[+] "'g'" 2 | #include 3 | 4 | int g = 10; 5 | int main(void){ 6 | g = 100; 7 | __goblint_check(g==100); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/51-marshal.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | // NOCHECK 3 | void callee(int j) { 4 | j++; 5 | } 6 | 7 | int main(void) { 8 | int x = 3; 9 | int y = 2; 10 | int z = x + y; 11 | callee(1); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/55-def_exc-widen.c: -------------------------------------------------------------------------------- 1 | //PARAM: --disable ana.int.def_exc_widen_by_join 2 | // NOTIMEOUT 3 | int main(int argc , char **argv ) 4 | { 5 | char buf[512]; 6 | int top; 7 | char *start ; 8 | 9 | while (1) { 10 | start = & buf[top]; 11 | } 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/60-def_exc-int128.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | // There are no 128bit integer literals... 5 | __int128 int128max = ((__int128) LLONG_MAX) << 64 | ULLONG_MAX; 6 | 7 | int main() { 8 | __int128 x, y, z; 9 | z = x + y; 10 | __goblint_check(z < int128max); // UNKNOWN! 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/70-dead-branch-multiple.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int a = 1; 5 | int b = 0; 6 | 7 | if (a && b) { // WARN 8 | __goblint_check(0); // NOWARN (unreachable) 9 | } 10 | 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/01-cpa/74-rand.c: -------------------------------------------------------------------------------- 1 | //PARAM: --enable ana.int.interval 2 | #include 3 | #include 4 | #include 5 | 6 | int main () { 7 | int r = rand(); 8 | 9 | __goblint_check(r >= 0); 10 | 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/02-base/10-init_allfuns.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable allfuns 2 | #include 3 | 4 | int glob1 = 5; 5 | int glob2 = 7; 6 | 7 | int f() { 8 | glob1 = 5; 9 | return 0; 10 | } 11 | 12 | int g() { 13 | __goblint_check(glob1 == 5); 14 | __goblint_check(glob2 == 7); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/02-base/11-init_mainfun.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set otherfun "['f']" --enable exp.earlyglobs 2 | #include 3 | 4 | int glob; 5 | 6 | void f() { 7 | int i = glob; 8 | __goblint_check(i == 0); 9 | } 10 | 11 | int main(void *arg) { 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/02-base/12-init_otherfun.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set otherfun "['f']" 2 | 3 | int glob1 = 5; 4 | 5 | int g() { 6 | __goblint_check(glob1 == 5); 7 | return 0; 8 | } 9 | 10 | int main() { 11 | __goblint_check(glob1 == 5); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/02-base/21-malloc_loop.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | int* x[10]; 6 | int i = 0; 7 | 8 | while (i < 10) 9 | x[i++] = malloc(sizeof(int)); 10 | 11 | *x[3] = 50; 12 | *x[7] = 100; 13 | __goblint_check(*x[8] == 100); // UNKNOWN 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/02-base/29-bot_vals.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(void) { 5 | int x, y[2]; 6 | int unknown; 7 | 8 | x = 0; 9 | if (unknown){ 10 | x = atoi("10"); 11 | } 12 | __goblint_check(x); // UNKNOWN 13 | 14 | // x = 8; 15 | // if (unknown) 16 | // x = y[0]; 17 | // 18 | // __goblint_check(x != 8); 19 | 20 | return 0; 21 | } -------------------------------------------------------------------------------- /tests/regression/02-base/32-single-thr.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set exp.single-threaded true 2 | extern int no_spawn(void*); 3 | 4 | int g; 5 | 6 | void f(){ 7 | g = 20; // NOWARN! 8 | } 9 | 10 | int main(){ 11 | g = 10; // NOWARN! 12 | no_spawn(&f); 13 | return 0; 14 | } -------------------------------------------------------------------------------- /tests/regression/02-base/39-calloc_matrix.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.int.interval true --set ana.base.arrays.domain partitioned 2 | 3 | #include 4 | #include 5 | 6 | int main(void) { 7 | int (*r)[5] = calloc(2, sizeof(int[5])); 8 | r[0][1] = 3; 9 | int* z = &r[0][1]; 10 | 11 | __goblint_check(*z == 3); //UNKNOWN 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/02-base/51-spawn-special.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void* magic(void* arg); 5 | int g; 6 | 7 | int main() { 8 | pthread_t id; 9 | pthread_create(&id, NULL, magic, NULL); 10 | 11 | __goblint_check(g == 0); // UNKNOWN! (magic may invalidate) 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/02-base/52-otherfun-special.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set otherfun '["magic"]' 2 | #include 3 | #include 4 | 5 | extern void* magic(void* arg); 6 | int g; 7 | 8 | int main() { 9 | __goblint_check(g == 0); // UNKNOWN! (magic may invalidate) 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/02-base/53-spawn-special-arg.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void* magic(void* arg); 5 | 6 | int main() { 7 | int x = 0; 8 | pthread_t id; 9 | pthread_create(&id, NULL, magic, &x); 10 | 11 | __goblint_check(x == 0); // UNKNOWN! (magic may invalidate) 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/02-base/54-spawn-special-unknown.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int g; 5 | 6 | int main() { 7 | void (*unknown)(void*); 8 | 9 | pthread_t id; 10 | pthread_create(&id, NULL, unknown, NULL); 11 | 12 | __goblint_check(g == 0); // UNKNOWN! (unknown thread may invalidate) 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/02-base/55-printf-n.c: -------------------------------------------------------------------------------- 1 | // SKIP 2 | #include 3 | #include 4 | 5 | int main() { 6 | int written = 0; 7 | printf("foo%n\n", &written); // invalidates written by setting written = 3 8 | __goblint_check(written != 0); // TODO (fail means written == 0, which is unsound) 9 | 10 | printf("%d\n", written); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/02-base/56-printf-ptr.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | int x = 42; 6 | printf("&x = %p\n", &x); // doesn't invalidate x despite taking address 7 | __goblint_check(x == 42); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/02-base/61-no-int-context.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --disable ana.context.widen --disable ana.base.context.int 2 | #include 3 | 4 | int f(int x) { 5 | if (x) 6 | return f(x+1); 7 | else 8 | return x; 9 | } 10 | 11 | int main () { 12 | int a = f(1); 13 | __goblint_check(!a); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/02-base/64-enums-minmax.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.enums 2 | // NOTIMEOUT 3 | int main(void) { 4 | unsigned char c; 5 | int top; 6 | 7 | if(c != 0) { 8 | if(c < 43) { 9 | top =12; 10 | } 11 | } 12 | 13 | if(c != 255) { 14 | if(c < 43) { 15 | top = 12; 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/02-base/71-pthread-once.c: -------------------------------------------------------------------------------- 1 | //PARAM: --disable sem.unknown_function.spawn 2 | #include 3 | #include 4 | 5 | int g; 6 | pthread_once_t once = PTHREAD_ONCE_INIT; 7 | 8 | void t_fun() { 9 | __goblint_check(1); // reachable! 10 | return NULL; 11 | } 12 | 13 | int main() { 14 | pthread_once(&once,t_fun); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/02-base/72-ad-widen-duplicate.c: -------------------------------------------------------------------------------- 1 | // https://github.com/goblint/analyzer/issues/554 2 | // FIXPOINT 3 | int a; 4 | 5 | int main() { c(&a); } 6 | int c(int *f) { 7 | unsigned long d; 8 | int *e = &a; 9 | d = 0; 10 | while (1) { 11 | e = f++; 12 | d++; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/02-base/73-no-eval-on-write-offset.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable exp.earlyglobs 2 | // NOCRASH 3 | char a; 4 | int c; 5 | 6 | int main() { 7 | *(&c + 0) = a; 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/02-base/79-unknown-spawn.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable sem.unknown_function.spawn 2 | #include 3 | #include 4 | 5 | int magic(void* (f (void *))); 6 | 7 | void *t_fun(void *arg) { 8 | __goblint_check(1); // reachable 9 | return NULL; 10 | } 11 | 12 | int main() { 13 | magic(t_fun); // unknown function 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/02-base/80-unknown-no-spawn.c: -------------------------------------------------------------------------------- 1 | // PARAM: --disable sem.unknown_function.spawn 2 | #include 3 | #include 4 | 5 | void *t_fun(void *arg) { 6 | __goblint_check(1); // NOWARN (unreachable) 7 | return NULL; 8 | } 9 | 10 | int main() { 11 | magic(t_fun); // unknown function 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/02-base/81-invalidate_indirect_base.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | extern void __goblint_unknown(void*); // shallow write 5 | 6 | int g; 7 | 8 | struct s { 9 | int *p; 10 | } s = {&g}; 11 | 12 | int main(void) { 13 | int *p = s.p; 14 | __goblint_unknown(&s); 15 | __goblint_check(*p == 0); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/02-base/82-eq-no-overflow.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | #include 3 | 4 | int main() { 5 | unsigned long x; 6 | x = 0; 7 | 8 | int b; 9 | b = x == 7; // NOWARN 10 | 11 | if (b) 12 | __goblint_check(0); // NOWARN (unreachable) 13 | else 14 | __goblint_check(1); // reachable 15 | 16 | return 0; 17 | } -------------------------------------------------------------------------------- /tests/regression/02-base/84-evalint-maybeequal.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] expRelation 2 | #include 3 | #include 4 | 5 | int main() { 6 | int x; 7 | 8 | // expRelation EvalInt 9 | __goblint_check(!(x + 1 == x)); 10 | __goblint_check(!(x == x + 1)); 11 | __goblint_check(!(x - 1 == x)); 12 | __goblint_check(!(x == x - 1)); 13 | return 0; 14 | } -------------------------------------------------------------------------------- /tests/regression/02-base/85-evalint-maybeless.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] expRelation 2 | #include 3 | #include 4 | 5 | int main() { 6 | int x; 7 | 8 | // expRelation EvalInt 9 | __goblint_check(!(x + 1 < x)); 10 | __goblint_check(!(x < x + (-1))); 11 | __goblint_check(!(x - (-1) < x)); 12 | __goblint_check(!(x < x - 1)); 13 | return 0; 14 | } -------------------------------------------------------------------------------- /tests/regression/02-base/92-ad-union-fields.c: -------------------------------------------------------------------------------- 1 | // TODO: be sound and claim that assert may hold instead of must not hold 2 | // assert passes when compiled 3 | #include 4 | 5 | union u { 6 | int fst; 7 | float snd; 8 | }; 9 | 10 | int main() { 11 | union u a; 12 | void *p = &a.fst; 13 | void *q = &a.snd; 14 | assert(p == q); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/02-base/94-ad-first-field.c: -------------------------------------------------------------------------------- 1 | // be sound and claim that assert may hold instead of must not hold 2 | // assert passes when compiled 3 | #include 4 | 5 | struct s { 6 | int fst; 7 | }; 8 | 9 | int main() { 10 | struct s a; 11 | void *p = &a; 12 | void *q = &a.fst; 13 | assert(p == q); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/02-base/95-ad-zero-index.c: -------------------------------------------------------------------------------- 1 | // SKIP 2 | // TODO: be sound and claim that assert may hold instead of must not hold 3 | // assert passes when compiled 4 | #include 5 | 6 | int main() { 7 | int a[10]; 8 | void *p = &a; 9 | void *q = &a[0]; 10 | assert(p == q); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/02-base/96-null-deref-top.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set sem.null-pointer.dereference assume_top 2 | #include 3 | #include 4 | 5 | int main() { 6 | int r; // rand 7 | int i = 0; 8 | int *p; 9 | 10 | if (r) 11 | p = &i; 12 | else 13 | p = NULL; 14 | 15 | if (*p == 2) // WARN 16 | assert(1); // reachable (via UB) 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/02-base/97-null-deref-none.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set sem.null-pointer.dereference assume_none 2 | #include 3 | #include 4 | 5 | int main() { 6 | int r; // rand 7 | int i = 0; 8 | int *p; 9 | 10 | if (r) 11 | p = &i; 12 | else 13 | p = NULL; 14 | 15 | if (*p == 2) // WARN 16 | assert(0); // NOWARN (unreachable) 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/02-base/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/03-practical/01-lval_eval.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern unsigned short const **__ctype_b_loc(void) __attribute__((__const__)) ; 4 | 5 | int main(void) { 6 | int i = 5; 7 | unsigned short const **tmp ; 8 | 9 | tmp = __ctype_b_loc(); 10 | i = (int)(*((*tmp) + 13)); 11 | __goblint_check(i == 5); // UNKNOWN 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/03-practical/06-callback.c: -------------------------------------------------------------------------------- 1 | // From the Trier benches... 2 | 3 | #include 4 | #include 5 | 6 | int x = 0; 7 | 8 | void callme(void) { 9 | x = 5; 10 | } 11 | 12 | void callfun(void (*fun)(void)) { 13 | fun(); 14 | return; 15 | } 16 | 17 | int main() { 18 | callfun(& callme); 19 | __goblint_check(x == 5); 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /tests/regression/03-practical/09-nonterm2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | while (1) 5 | __goblint_check(0); // FAIL! 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/03-practical/10-big_init.c: -------------------------------------------------------------------------------- 1 | // Just an example of slow initialization. 2 | typedef unsigned char BYTE; 3 | BYTE Buffer[4096]; 4 | 5 | typedef char TEXT[20]; 6 | typedef TEXT TABLE[20]; 7 | TABLE MessageSystem[20]; 8 | 9 | int main() { 10 | __goblint_check(1); // reachable, formerly TERM 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/03-practical/11-extern.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | static int glob = 5; 4 | extern void mywrite(int *x); 5 | 6 | int main() { 7 | int i=0; 8 | int j=5; 9 | mywrite(&i); 10 | __goblint_check(i == 0); // UNKNOWN! 11 | __goblint_check(glob == 5); 12 | __goblint_check(j == 5); 13 | return 0; 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tests/regression/03-practical/13-pfscan_minimal.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int get(void); 4 | 5 | int init(void) { return 0; } 6 | 7 | int main(int argc , char **argv ) 8 | { 9 | int tmp = 5; 10 | init(); 11 | tmp = get(); 12 | __goblint_check(tmp == 5); // UNKNOWN 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/03-practical/16-union_index.c: -------------------------------------------------------------------------------- 1 | typedef union { 2 | char c[4] ; // c needs to be at least as big as l 3 | long l ; 4 | } u; 5 | 6 | u uv; 7 | 8 | int main(){ 9 | __goblint_check(1); // reachable, formerly TERM 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/03-practical/18-no_ctx_box.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[-] mutex --set solver "'new'" --set ana.ctx_insens[+] base --set ana.ctx_insens[+] escape 2 | void write(int **p){ 3 | *p=1; 4 | } 5 | 6 | int *P = 0; 7 | 8 | void f(){ 9 | int *a; 10 | write(&a); 11 | return; 12 | } 13 | 14 | int main(void){ 15 | write(&P); 16 | f(); 17 | return 0; // NOWARN 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/03-practical/19-unsignedlonglong.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int i; 5 | unsigned long long j; 6 | 7 | i = 10; 8 | j = 100; 9 | 10 | j = (unsigned long long) i; 11 | __goblint_check(j == 10); 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/03-practical/22-nested-infinite-loops.c: -------------------------------------------------------------------------------- 1 | // https://github.com/goblint/analyzer/issues/231#issuecomment-868369123 2 | // NOCHECK: should check CFG? 3 | int main(void) { 4 | int x = 0; 5 | while(1) { 6 | while(1) { 7 | x++; 8 | } 9 | x--; 10 | } 11 | x--; 12 | return x; 13 | } -------------------------------------------------------------------------------- /tests/regression/03-practical/26-smtprc-crash.c: -------------------------------------------------------------------------------- 1 | // SKIP: Low Priority -- this compiles with warnings, but goblint crashes. 2 | #include 3 | 4 | int data[10]; 5 | 6 | void *t_fun(int i) { 7 | int *x = &data[i]; 8 | return NULL; 9 | } 10 | 11 | int main() { 12 | pthread_t id; 13 | int n = 0; 14 | pthread_create(&id, NULL, t_fun, (int*) n); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/03-practical/28-bool.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | int a; 6 | int *p = &a; 7 | 8 | bool x = p; 9 | __goblint_check(x); 10 | bool y = !!p; 11 | __goblint_check(y); 12 | bool z = p != 0; 13 | __goblint_check(z); 14 | 15 | int b = 10; 16 | bool bb = b; 17 | __goblint_check(bb); 18 | 19 | return 0; 20 | } -------------------------------------------------------------------------------- /tests/regression/03-practical/30-bool-congr.c: -------------------------------------------------------------------------------- 1 | //PARAM: --enable ana.int.congruence 2 | #include 3 | #include 4 | 5 | int main() { 6 | 7 | bool x = 1; 8 | bool y = 1; 9 | bool z = x + y; 10 | __goblint_check(z); 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/03-practical/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/08-pthread_arg.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | void *http_get(void *arg ) { 6 | int x = (int) arg; 7 | __goblint_check(x == 43); 8 | return NULL; 9 | } 10 | 11 | int main() { 12 | pthread_t tid; 13 | pthread_create(&tid, NULL, & http_get, (void *) 43); 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/20-stdfun_rc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int myglobal; 5 | 6 | void *t_fun(void *arg) { 7 | myglobal=myglobal+1; // RACE! 8 | return NULL; 9 | } 10 | 11 | int main(void) { 12 | pthread_t id; 13 | pthread_create(&id, NULL, t_fun, NULL); 14 | scanf("%d", &myglobal); // RACE! 15 | return 0; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/25-single_acc.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int x; 4 | 5 | void *t_fun(void *arg) { 6 | x++; // RACE! 7 | return NULL; 8 | } 9 | 10 | int main() { 11 | pthread_t id1, id2; 12 | 13 | pthread_create(&id1, NULL, t_fun, NULL); 14 | pthread_create(&id2, NULL, t_fun, NULL); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/68-vla_rc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int g; 5 | 6 | void *t_fun(void *arg) { 7 | g=g+1; // RACE! 8 | return NULL; 9 | } 10 | 11 | int main(void) { 12 | pthread_t id; 13 | pthread_create(&id, NULL, t_fun, NULL); 14 | int a[g]; // RACE! 15 | int b[2][g]; // RACE! 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/69-sizeof_rc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int g; 5 | 6 | void *t_fun(void *arg) { 7 | g=g+1; // RACE! 8 | return NULL; 9 | } 10 | 11 | int main(void) { 12 | pthread_t id; 13 | pthread_create(&id, NULL, t_fun, NULL); 14 | int a = sizeof(int[g]); // RACE! 15 | int b = sizeof(int[2][g]); // RACE! 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/04-mutex/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/05-lval_ls/05-glob_idx_rc.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int data[10]; 4 | 5 | void *t_fun(void *arg) { 6 | data[4]++; // RACE! 7 | return NULL; 8 | } 9 | 10 | int main() { 11 | pthread_t id; 12 | pthread_create(&id, NULL, t_fun, NULL); 13 | data[4]++; // RACE! 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /tests/regression/05-lval_ls/06-glob_idx_nr.c: -------------------------------------------------------------------------------- 1 | // SKIP 2 | #include 3 | 4 | int data[10]; 5 | 6 | void *t_fun(void *arg) { 7 | data[4]++; // Can't say anything... 8 | return NULL; 9 | } 10 | 11 | int main() { 12 | pthread_t id; 13 | pthread_create(&id, NULL, t_fun, NULL); 14 | data[3]++; // NOWARN! 15 | return 0; 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/regression/05-lval_ls/07-glob_fld_rc.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | struct { 4 | int x; 5 | int y; 6 | } data; 7 | 8 | void *t_fun(void *arg) { 9 | data.x++; // RACE! 10 | return NULL; 11 | } 12 | 13 | int main() { 14 | pthread_t id; 15 | pthread_create(&id, NULL, t_fun, NULL); 16 | data.x++; // RACE! 17 | return 0; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /tests/regression/06-symbeq/01-symbeq_ints.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.race.direct-arithmetic --set ana.activated[+] "'var_eq'" 2 | #include 3 | #include 4 | 5 | int main() { 6 | int x; 7 | int y; 8 | 9 | scanf("%d", &x); 10 | y = x; 11 | 12 | __goblint_check(x==y); 13 | 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/06-symbeq/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/01-simple.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | #include 3 | 4 | int main() { 5 | int i,j,k; 6 | 7 | j = 6; 8 | k = j + 4; // NOWARN 9 | 10 | k = i + 8; // WARN 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/04-intent_out.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | void some_function(int* x){ 3 | *x = 0; 4 | } 5 | 6 | int main(){ 7 | int v; 8 | some_function(&v); 9 | return v; //NOWARN 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/05-struct-bad.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | int main(){ 7 | S ss; 8 | return ss.i; //WARN 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/06-struct-good.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | int main(){ 7 | S ss; 8 | ss.i = 0; 9 | return ss.i; //NOWARN 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/07-struct_return.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | S some_function(){ 7 | S xx; 8 | xx.i = 42; 9 | return xx; 10 | } 11 | 12 | int main(){ 13 | S ss; 14 | ss = some_function(); 15 | return ss.i; //NOWARN 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/08-struct_intent_out.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | void some_function(S* xx){ 7 | (*xx).i = 42; 8 | } 9 | 10 | int main(){ 11 | S ss; 12 | some_function(&ss); 13 | return ss.i; //NOWARN 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/09-struct_deep_bad.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | typedef struct { 7 | S s; 8 | int j; 9 | } T; 10 | 11 | 12 | int main(){ 13 | T tt; 14 | return tt.s.i + tt.j; //WARN 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/10-struct_deep_good.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i; 4 | } S; 5 | 6 | typedef struct { 7 | S s; 8 | int j; 9 | } T; 10 | 11 | S ss; 12 | 13 | int main(){ 14 | T tt; 15 | tt.s = ss; 16 | tt.j = 0; 17 | return tt.s.i + tt.j; //NOWARN 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/11-ptr_passtrough.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | int* some_function(int * x){ 3 | return x; //NOWARN 4 | } 5 | 6 | int main(){ 7 | int z; 8 | int* zp; 9 | zp = some_function(&z); //NOWARN 10 | return z; //WARN 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/12-struct_return_warn.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i, j; 4 | } S; 5 | 6 | 7 | S some_function(){ 8 | S xx; 9 | xx.i = 42; 10 | return xx; //WARN 11 | } 12 | 13 | int main(){ 14 | S ss; 15 | ss = some_function(); 16 | return ss.j; //NOWARN 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/13-struct_param_warn.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef struct { 3 | int i,j; 4 | } S; 5 | 6 | 7 | int some_function(S xx){ 8 | return xx.j; //NOWARN 9 | } 10 | 11 | int main(){ 12 | S ss; 13 | some_function(ss); //WARN 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/15-union_simple_good.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef union { 3 | int i; 4 | int j; 5 | } S; 6 | 7 | 8 | int main(){ 9 | S s; 10 | s.i = 0; // NOWARN 11 | return s.j; // NOWARN 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/16-union_simple_bad.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef union { 3 | double i; 4 | int j; 5 | } S; 6 | 7 | 8 | int main(){ 9 | S s; 10 | s.i = 0; // NOWARN 11 | return s.j; // WARN 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/07-uninit/17-struct_in_union.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] uninit 2 | typedef union { 3 | struct { 4 | int a; 5 | int b; 6 | } i; 7 | struct { 8 | int c; 9 | int d; 10 | } j; 11 | } S; 12 | 13 | 14 | int main(){ 15 | S s1,s2; 16 | s1.i.a = 0; // NOWARN 17 | s2.j.d = 0; // NOWARN 18 | return s1.j.c + s1.i.a + s2.i.b + s2.j.d; // NOWARN 19 | } 20 | -------------------------------------------------------------------------------- /tests/regression/10-synch/01-thread_unique.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] thread 2 | #include 3 | #include 4 | 5 | int myglobal; 6 | 7 | void *t_fun(void *arg) { 8 | myglobal=40; // NORACE 9 | return NULL; 10 | } 11 | 12 | int main(void) { 13 | pthread_t id; 14 | pthread_create(&id, NULL, t_fun, NULL); 15 | pthread_join (id, NULL); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/10-synch/04-two_mainfuns.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] thread --set exitfun "['f1','f2']" 2 | #include 3 | 4 | int myglobal1; 5 | int myglobal2; 6 | 7 | void *f1(void *arg) { 8 | myglobal1=42; //NOWARN 9 | return NULL; 10 | } 11 | 12 | void *f2(void *arg) { 13 | myglobal2=42; //NOWARN 14 | return NULL; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/11-heap/12-calloc.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.malloc.unique_address_count 1 2 | #include 3 | #include 4 | int main() { 5 | int* arr = calloc(5,sizeof(int)); 6 | arr[0] = 3; 7 | __goblint_check(arr[2] == 0); //UNKNOWN 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/12-containment/README.txt: -------------------------------------------------------------------------------- 1 | This directory was used by the now removed containment analysis. 2 | Keeping it around to not cause extra confusion by group renumbering. 3 | -------------------------------------------------------------------------------- /tests/regression/13-privatized/60-allfuns-priv.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable allfuns 2 | #include 3 | #include 4 | 5 | int g = 0; 6 | pthread_mutex_t A = PTHREAD_MUTEX_INITIALIZER; 7 | 8 | void f() { 9 | pthread_mutex_lock(&A); 10 | while (g) { 11 | // should be unreachable 12 | } 13 | __goblint_check(g == 0); // should be reachable 14 | } -------------------------------------------------------------------------------- /tests/regression/13-privatized/61-otherfun-priv.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set otherfun[+] f 2 | // no earlyglobs! 3 | #include 4 | #include 5 | 6 | int g = 0; 7 | pthread_mutex_t A = PTHREAD_MUTEX_INITIALIZER; 8 | 9 | void f() { 10 | pthread_mutex_lock(&A); 11 | while (g) { 12 | // should be unreachable 13 | } 14 | __goblint_check(g == 0); // should be reachable 15 | } -------------------------------------------------------------------------------- /tests/regression/13-privatized/62-global-threadid.c: -------------------------------------------------------------------------------- 1 | #include 2 | // NOCHECK 3 | pthread_t id; 4 | 5 | extern void magic(); 6 | 7 | void *t_fun(void *arg) { 8 | magic(); // invalidates 9 | return NULL; 10 | } 11 | 12 | void main() { 13 | pthread_create(&id, NULL, t_fun, NULL); 14 | // mine-W didn't propagate id properly so invalidation set to top of "wrong" type 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/13-privatized/66-mine-W-init.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int g; 5 | 6 | void *t_fun(void *arg) { 7 | return NULL; 8 | } 9 | 10 | int main() { 11 | pthread_t id; 12 | pthread_create(&id, NULL, t_fun, NULL); 13 | g = 1; 14 | __goblint_check(g); // TODO (Mine's analysis would succeed, our mine-W doesn't) 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/13-privatized/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | 4 | (cram 5 | (applies_to 04-priv_multi) 6 | (enabled_if (<> %{system} macosx))) 7 | -------------------------------------------------------------------------------- /tests/regression/14-osek/README.md: -------------------------------------------------------------------------------- 1 | OSEK support has been removed from recent Goblint versions, please use Release 1.1.1 2 | Folder is left in place to avoid renumbering all tests 3 | -------------------------------------------------------------------------------- /tests/regression/16-relinv/README.md: -------------------------------------------------------------------------------- 1 | OSEK support has been removed from recent Goblint versions, please use Release 1.1.1 2 | Folder is left in place to avoid renumbering all tests 3 | -------------------------------------------------------------------------------- /tests/regression/17-arinc/README.md: -------------------------------------------------------------------------------- 1 | ARINC653 support has been removed from recent Goblint versions, please use Release 1.1.1 2 | Folder is left in place to avoid renumbering all tests 3 | -------------------------------------------------------------------------------- /tests/regression/18-file/README.md: -------------------------------------------------------------------------------- 1 | The file analysis has been removed from recent Goblint versions, please use Release 2.3.0 2 | Folder is left in place to avoid renumbering all tests 3 | -------------------------------------------------------------------------------- /tests/regression/19-spec/README.md: -------------------------------------------------------------------------------- 1 | The spec analysis has been removed from recent Goblint versions, please use Release 2.3.0 2 | Folder is left in place to avoid renumbering all tests 3 | -------------------------------------------------------------------------------- /tests/regression/20-slr_term/01-no-int-context.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --set solver slr3t --disable ana.base.context.int 2 | // NOCHECK 3 | int f (int i) { // -2 4 | return i+1; } // -3 5 | void g(int j) { // -4 6 | f(j); } // -5 7 | int main(){ 8 | int x; 9 | x = f(1); // -1 10 | g(x); // 0 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/20-slr_term/02-global-inc.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | int g = 0; 3 | int f = 0; 4 | 5 | int main(){ 6 | g = g+1; 7 | return 0; 8 | } 9 | 10 | int __main(){ 11 | return main(); 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/20-slr_term/03-3ctxs.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | int f(int j){ 3 | return j+1; 4 | } 5 | 6 | int main(){ 7 | int i = 0; 8 | while (i<10){ 9 | i = 1 + f(i); 10 | } 11 | return i; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/20-slr_term/05-selfloop.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | void f() { } 3 | void g() { } 4 | void h() { } 5 | 6 | int main() 7 | { 8 | int tmp,a,b; 9 | f(); // fine 10 | while(a){ // loops with > 1 edges are also fine 11 | g(); 12 | tmp = 0; 13 | } 14 | while(b){ // but side effects of selfloops/reflexive edges get lost somehow... 15 | h(); 16 | } 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/24-octagon/12-previously_problematic_j.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | // NOCHECK 3 | void main(void) { 4 | int i = 0; 5 | int j = i; 6 | 7 | i++; 8 | j = i; 9 | 10 | int x = (int) j-1; 11 | int z = x +1; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/24-octagon/dune: -------------------------------------------------------------------------------- 1 | (rule 2 | (aliases runtest runaprontest) 3 | (enabled_if %{lib-available:apron}) 4 | (deps 5 | (package goblint) 6 | ../../../goblint ; update_suite calls local goblint 7 | (:update_suite ../../../scripts/update_suite.rb) 8 | (glob_files ??-*.c)) 9 | (locks /update_suite) 10 | (action (chdir ../../.. (run %{update_suite} group octagon -q)))) 11 | -------------------------------------------------------------------------------- /tests/regression/26-undefined_behavior/01-only-intervals.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --disable ana.int.def_exc 2 | #include 3 | 4 | int main() { 5 | for(int i=2; i < 42; i++) { 6 | int x = i==2; // NOWARN 7 | __goblint_check(1); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/26-undefined_behavior/10-nullpointer-dereference-simple.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main(){ 3 | int *pi; // a pointer to an integer 4 | int *t; 5 | int a = *t; // WARN 6 | pi = NULL; 7 | int c = *pi; // WARN 8 | return 1; 9 | } -------------------------------------------------------------------------------- /tests/regression/26-undefined_behavior/13-nullpointer-derefence-lval.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main() { 3 | int *x = NULL; 4 | *x = 5; //WARN 5 | return 1; 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/26-undefined_behavior/14-nullpointer-dereference-function.c: -------------------------------------------------------------------------------- 1 | #include 2 | int main(){ 3 | int *pi; // a pointer to an integer 4 | pi = NULL; 5 | int c = foo(*pi); // WARN 6 | return 1; 7 | } 8 | 9 | int foo(int f){ 10 | return f; 11 | } -------------------------------------------------------------------------------- /tests/regression/26-undefined_behavior/15-oob_init.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.arrayoob 2 | 3 | int a[1]; 4 | 5 | int main() { 6 | a[0] = 5; // NOWARN 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/02-bot-during-condition.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | int main () 3 | { 4 | int tmp; 5 | int p_9 = 60; 6 | 7 | tmp = (p_9 +1) % 0; 8 | 9 | if ((p_9 +1) % 0) { 10 | tmp = 1; 11 | } 12 | 13 | return (0); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/03-ints-not.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int x; 5 | 6 | if(!x) { 7 | __goblint_check(x==0); 8 | } else { 9 | __goblint_check(x==1); //UNKNOWN! 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/04-ints-not-interval.c: -------------------------------------------------------------------------------- 1 | //PARAM: --disable ana.int.def_exc --enable ana.int.interval 2 | #include 3 | 4 | int main() { 5 | int x; 6 | 7 | if(!x) { 8 | } else { 9 | __goblint_check(x==1); //UNKNOWN! 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/05-overflow-def-exc.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | long xl, yl, zl; 5 | 6 | if(xl + 2 < 10) { 7 | int z = 5; 8 | 9 | if(xl == -20) { 10 | __goblint_check(1); 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/07-more-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | // Adapted from sv-comp array-programs/partial_mod_count_1.c 3 | // NOCHECK 4 | int N = 1000; 5 | int main(){ 6 | int i; 7 | 8 | for(i=0;iN/2) { 11 | z++; 12 | } 13 | 14 | } 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/15-unknown-null-ptr.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() { 5 | int *r; // rand 6 | 7 | if (r == NULL) 8 | __goblint_check(r == NULL); 9 | else 10 | __goblint_check(r != NULL); 11 | 12 | if (r != NULL) 13 | __goblint_check(r != NULL); 14 | else 15 | __goblint_check(r == NULL); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/27-inv_invariants/21-unsigned.c: -------------------------------------------------------------------------------- 1 | //PARAM: --enable ana.int.interval 2 | #include 3 | #include 4 | #include 5 | 6 | 7 | int main() { 8 | int i = 0; 9 | unsigned int length = 5; 10 | 11 | while(i < length) { 12 | i = i+1; 13 | } 14 | 15 | __goblint_check(i == 5); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/04-lustre-minimal.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --enable ana.int.def_exc 2 | // issue #120 3 | #include 4 | 5 | int main() { 6 | // should be LP64 7 | unsigned long n = 16; 8 | unsigned long size = 4912; 9 | 10 | __goblint_check(!(0xffffffffffffffffUL / size < n)); 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/09-ptr-cast-write.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | unsigned char a = 200; 5 | 6 | signed char x; 7 | unsigned char* y = &x; 8 | *y = a; 9 | 10 | __goblint_check(x == -56); 11 | } -------------------------------------------------------------------------------- /tests/regression/29-svcomp/12-interval-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --enable ana.int.def_exc 2 | // NOCRASH 3 | int main(){ 4 | 5 | unsigned long long a ; 6 | unsigned long long addr; 7 | 8 | if(a + addr > 0x0ffffffffULL){ 9 | return 1; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/13-comparision-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --enable ana.int.def_exc 2 | // NOCRASH 3 | #include 4 | int main(){ 5 | int a = 0; 6 | unsigned int b = (unsigned int) a - 256U; 7 | if ((unsigned int) a - 256U <= 511U) { 8 | a += 4; 9 | } 10 | printf("%u\n", (unsigned int) a - 256U); 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/14-addition-in-comparision-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | // NOCRASH 3 | int main() 4 | { 5 | unsigned int top; 6 | unsigned int start = 0; 7 | unsigned int count = 0; 8 | 9 | if(start + count > top) { 10 | return 1; 11 | } 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/28-svcomp-marshal.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --enable ana.sv-comp.enabled --set ana.specification "CHECK( init(main()), LTL(G ! call(reach_error())) )" 2 | // SV-COMP marshaling doesn't work 3 | 4 | void f() { 5 | 6 | } 7 | 8 | int main() { 9 | f(); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/33-verifier-assert-undef.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.sv-comp.functions 2 | 3 | int main() { 4 | int r; // rand 5 | __VERIFIER_assert(1); 6 | __VERIFIER_assert(r); // UNKNOWN! 7 | __VERIFIER_assert(0); // FAIL 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/29-svcomp/36-svcomp-arch.c: -------------------------------------------------------------------------------- 1 | // CRAM 2 | #include 3 | 4 | int main() { 5 | long k = INT_MAX; 6 | long n = k * k; 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/01-cast-in-if.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | #include 3 | int main(){ 4 | int b = 0; 5 | if ((unsigned long )b == (unsigned long )((void *)0)) { 6 | b = b + 1; 7 | } 8 | __goblint_check(b == 1); // 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/02-NULL-0-test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | int main(){ 4 | int *ptr = NULL; 5 | int null = 0; 6 | int a = 0; 7 | if((unsigned long )null == (unsigned long ) ptr){ 8 | a++; 9 | } 10 | __goblint_check(a == 1); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/03-lnot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | // NOCRASH 3 | int main() 4 | { 5 | unsigned int l = 0; 6 | 7 | l = 0; 8 | 9 | if(l%2U) 10 | l = 5; 11 | 12 | if (!(l % 2U)) 13 | l = l+1; 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/05-shift.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | int main(void) { 3 | // NOCRASH: Shifting by a negative number is UB, but we should still not crash on it, but go to top instead 4 | int v = -1; 5 | int r = 17; 6 | int u = r >> v; 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/08-unsigned-negate.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(){ 5 | unsigned int x = 1; 6 | 7 | unsigned int y = -x; 8 | 9 | __goblint_check(y == 4294967295); 10 | printf("y: %u\n", y); 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/31-ikind-aware-ints/15-strange.c: -------------------------------------------------------------------------------- 1 | //PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.enums 2 | int main (int argc, char* argv[]) 3 | { 4 | // NOCRASH: This used to cause an exception because of incompatible ikinds 5 | // See https://github.com/goblint/cil/issues/29 6 | signed char f2 = 7; 7 | signed char l_1857 = ((0xFFBD4A17L && f2) | f2); 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/32-widen-context/01-on.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --enable ana.context.widen 2 | #include 3 | 4 | int f(int x) { 5 | if (x) 6 | return f(x+1); 7 | else 8 | return x; 9 | } 10 | 11 | int main () { 12 | int a = f(1); 13 | __goblint_check(!a); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/33-constants/02-simple.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.activated '["constants"]' 2 | // intentional explicit ana.activated to do tutorial in isolation 3 | // NOCHECK 4 | int main(){ 5 | int x = 3; 6 | int y = 4; 7 | int z; 8 | int c; 9 | c = x + y; 10 | 11 | if(c){ 12 | z = 0; 13 | } else { 14 | z = 1; 15 | } 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/34-localwn_restart/05-nested.w.counter.c: -------------------------------------------------------------------------------- 1 | // Variant of nested.c with a counter. 2 | // NOCHECK 3 | void main() 4 | { 5 | int z = 0; 6 | for (int i=0; i<10 ; i++) { 7 | z = z+1; 8 | for (int j = 0; j < 10 ; j++) ; 9 | z = z+1; // was this intended to be inner loop? 10 | } 11 | return ; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/35-marshaling/01-disable_hashcons.c: -------------------------------------------------------------------------------- 1 | // PARAM: --disable ana.opt.hashcons 2 | // NOCRASH 3 | int main(void) { return 0; } 4 | -------------------------------------------------------------------------------- /tests/regression/36-apron/04-problem-rec.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | // Example from https://github.com/sosy-lab/sv-benchmarks/blob/master/c/recursive-simple/afterrec-1.c 3 | #include 4 | 5 | void f(int n) { 6 | if (n<3) return; 7 | n--; 8 | f(n); 9 | __goblint_check(1); 10 | } 11 | 12 | int main(void) { 13 | f(4); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/36-apron/06-problem-overflow.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | // Example from https://github.com/sosy-lab/sv-benchmarks/blob/master/c/bitvector-loops/overflow_1-2.c 3 | #include 4 | 5 | int main(void) { 6 | unsigned int x = 10; 7 | 8 | while (x >= 10) { 9 | x += 2; 10 | } 11 | 12 | __goblint_check(1); 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/36-apron/69-evalint-overflow.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.int.interval 2 | #include 3 | 4 | int main(void) { 5 | unsigned int x = 10; 6 | 7 | while (x >= 10) { 8 | x += 2; 9 | } 10 | 11 | __goblint_check(1); 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/37-congruence/08-mod-16-unsigned-overflow.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.congruence 2 | #include 3 | int main() 4 | { 5 | unsigned int a = 0; 6 | unsigned int b = 16; 7 | while (1) 8 | { 9 | a = a + b; 10 | b = b + b; 11 | __goblint_check(a % 16 == 0); 12 | } 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/37-congruence/09-mod-pow-two-unsigned-overflow.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.congruence 2 | #include 3 | 4 | int main() 5 | { 6 | unsigned int a = 0; 7 | unsigned int b = 16; 8 | 9 | while (1) 10 | { 11 | a = a + b * 3; 12 | b = b + b * 5; 13 | __goblint_check(a % 16 == 0); 14 | } 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/38-int-refinements/04-ov.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --set ana.int.refinement once 2 | int main() { 3 | int i, j; 4 | if (i < j) //NOWARN 5 | return 1; 6 | else 7 | return 2; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/38-int-refinements/05-invalid-widen.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.int.refinement once --enable ana.int.enums 2 | // NOCRASH 3 | #include 4 | 5 | int main() { 6 | int a = 3; 7 | while (1) 8 | a += 2; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/39-signed-overflows/01-def_exc.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set sem.int.signed_overflow assume_none 2 | #include 3 | 4 | int main(void) { 5 | int a; 6 | 7 | if(a != -1) { 8 | int s = a+1; 9 | __goblint_check(s != 0); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/39-signed-overflows/02-intervals.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set sem.int.signed_overflow assume_none --enable ana.int.interval --disable ana.int.def_exc 2 | #include 3 | 4 | int main(void) { 5 | int x = 0; 6 | while(x != 42) { 7 | x++; 8 | __goblint_check(x >= 1); 9 | } 10 | 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/39-signed-overflows/04-cast-unsigned-to-signed.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --set sem.int.signed_overflow assume_none 2 | #include 3 | 4 | int main(void) { 5 | unsigned long x; 6 | long y = x; 7 | __goblint_check(y >= 0); // UNKNOWN! 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/39-signed-overflows/05-lower-constants.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(void) { 5 | int x = INT_MAX + 1; 6 | __goblint_check(x == INT_MIN); //UNKNOWN! 7 | 8 | int r = - INT_MIN; 9 | 10 | __goblint_check(r == INT_MIN); //UNKNOWN! 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/40-threadid/09-multiple.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int myglobal; 5 | 6 | void *t_fun(void *arg) { 7 | myglobal=40; //RACE 8 | return NULL; 9 | } 10 | 11 | int main(void) { 12 | // This should spawn a non-unique thread 13 | unknown(t_fun); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/40-threadid/10-multiple-thread.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] thread 2 | #include 3 | #include 4 | 5 | int myglobal; 6 | 7 | void *t_fun(void *arg) { 8 | myglobal=40; //RACE 9 | return NULL; 10 | } 11 | 12 | int main(void) { 13 | // This should spawn a non-unique thread 14 | unknown(t_fun); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/40-threadid/11-multiple-unique-counter.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.thread.unique_thread_id_count 4 2 | #include 3 | #include 4 | 5 | int myglobal; 6 | 7 | void *t_fun(void *arg) { 8 | myglobal=40; //RACE 9 | return NULL; 10 | } 11 | 12 | int main(void) { 13 | // This should spawn a non-unique thread 14 | unknown(t_fun); 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/03-noqsort.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set pre.cppflags[+] -DGOBLINT_NO_QSORT 2 | // CRAM 3 | #include 4 | 5 | // There should be no CIL warning about multiple definitions here 6 | void qsort(void *ptr, size_t count, size_t size, int (*comp)(const void*, const void*), int more) { 7 | } 8 | 9 | int main() { 10 | 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/03-noqsort.t: -------------------------------------------------------------------------------- 1 | There should be no CIL warning about multiple definitions: 2 | 3 | $ goblint --set pre.cppflags[+] -DGOBLINT_NO_QSORT 03-noqsort.c 4 | [Warning][Deadcode] Function 'qsort' is uncalled: 1 LLoC (03-noqsort.c:6:1-7:1) 5 | [Info][Deadcode] Logical lines of code (LLoC) summary: 6 | live: 2 7 | dead: 1 (1 in uncalled functions) 8 | total lines: 3 9 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/06-atomic.c: -------------------------------------------------------------------------------- 1 | #include 2 | int g = 8; 3 | 4 | int main() { 5 | int i; 6 | __atomic_store_n (&i, 12, __ATOMIC_RELAXED); 7 | i = __atomic_load_n (&i, __ATOMIC_RELAXED); 8 | __goblint_check(i == 12); //TODO 9 | 10 | // Should not be invalidated 11 | __goblint_check(g == 8); 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/07-atexit.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void bye() 5 | { 6 | __goblint_check(1); // reachable 7 | } 8 | 9 | int main() 10 | { 11 | atexit(bye); 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/08-atexit-no-spawn.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable sem.atexit.ignore 2 | #include 3 | #include 4 | 5 | void bye() 6 | { 7 | __goblint_check(0); // NOWARN (unreachable) 8 | } 9 | 10 | int main() 11 | { 12 | atexit(bye); 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/41-stdlib/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/00-A0.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | extern int printf(char *, ...); 3 | 4 | main () { 5 | int i, j; 6 | int a[11]; 7 | for (i = 0; i < 11; i++) 8 | a[i] = i; 9 | i = 0; 10 | do { 11 | j = i + 1; 12 | a[j] += a[i]; 13 | i = j; 14 | } while (i < 11); 15 | printf("%d\n", a[10]); 16 | } 17 | 18 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/01-A1.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | extern int printf (char *, ...); 3 | extern int scanf (char *, ...); 4 | 5 | main () { 6 | int c[10]; 7 | int *a, *b; 8 | int x, i; 9 | b = c; 10 | for (i = 0; i < 10; i++) 11 | scanf("%d",&(b[i])); 12 | a = b; 13 | x = a[0]; 14 | printf("%d\n",x); 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/03-break.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | extern int printf(); 3 | 4 | main () { 5 | int sum = 0; 6 | int i; 7 | for (i = 0; i < 100; i++) { 8 | if (i < 11) 9 | sum += i; 10 | else 11 | break; 12 | } 13 | printf("%d\n",sum); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/04-D0.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int scanf (char *, ...); 4 | 5 | main () { 6 | int a, b; 7 | a = 0; 8 | b = 0; 9 | b = scanf("%d",&a); 10 | __goblint_check(a == 0); //UNKNOWN! 11 | __goblint_check(b == 0); //UNKNOWN! 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/05-D1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int scanf (char *, ...); 4 | 5 | main () { 6 | int a; 7 | a = 0; 8 | a = scanf("%d",&a); 9 | __goblint_check(a == 0); //UNKNOWN! 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/06-D2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf (char *, ...); 4 | 5 | main () { 6 | int a; 7 | a = 0; 8 | a = printf("%d\n",a); 9 | __goblint_check(a == 0); //UNKNOWN! 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/08-G0.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf(char *, ...); 4 | extern int scanf(char *, ...); 5 | 6 | int i; 7 | 8 | void proc () { 9 | i = 11; 10 | } 11 | 12 | main () { 13 | proc(); 14 | __goblint_check(i == 11); 15 | printf("The square is %d .\n", i * i); 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/09-G1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf(char *, ...); 4 | 5 | int i; 6 | 7 | int proc() { 8 | int i; 9 | for (i = 0; i < 1000000000; i++); 10 | return 0; 11 | } 12 | 13 | main () { 14 | i = proc(); 15 | __goblint_check(i == 0); 16 | printf("%d\n", i); 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/10-G2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf(char *, ...); 4 | extern int scanf(char *, ...); 5 | 6 | int i; 7 | 8 | main () { 9 | i = -2; 10 | scanf("%d",&i); 11 | __goblint_check(i == -2); //UNKNOWN! 12 | printf("The square is %d .\n", i * i); 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/11-G3.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf(char *, ...); 4 | extern int scanf(char *, ...); 5 | 6 | int i; 7 | 8 | main () { 9 | int k; 10 | i = -2; 11 | scanf("%d",&i); 12 | __goblint_check(i == -2); //UNKNOWN! 13 | k = i * i; 14 | printf("The square is %d .\n", k); 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/12-if.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf(); 4 | extern int scanf(); 5 | 6 | main () { 7 | int x; 8 | scanf("%d",&x); 9 | if (x == 0) { 10 | __goblint_check(x==0); 11 | printf("Equal to zero.\n"); 12 | } 13 | else { 14 | __goblint_check(x!=0); 15 | printf("Non-zero.\n"); 16 | } 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/13-ifif.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | extern int printf(); 3 | extern int scanf(); 4 | 5 | main () { 6 | int i; 7 | scanf("%d",&i); 8 | if (i < 0) { 9 | if (i % 2 == 0) 10 | i *= 2; 11 | else 12 | i *= 4; 13 | } else { 14 | if (i % 2 == 0) 15 | i *= 8; 16 | else 17 | i *= 16; 18 | } 19 | printf("%d\n",i); 20 | } 21 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/14-P0.c: -------------------------------------------------------------------------------- 1 | main() { 2 | int y; 3 | int *p, *q; 4 | *p = 5; //WARN 5 | y = *q; 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/15-P1.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | main () { 3 | int y, a; 4 | int *p, *q, *t; 5 | q = &a; 6 | p = q; 7 | t = p; 8 | *p = 5; 9 | *t = 7; 10 | y = *q; 11 | } -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/16-P2.c: -------------------------------------------------------------------------------- 1 | // NOCHECK 2 | main () { 3 | int y, a, b; 4 | int *p, *q; 5 | q = &a; 6 | p = q; 7 | *p = 5; 8 | p = &b; 9 | y = *q; 10 | } -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/18-P4.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int printf (char *, ...); 4 | 5 | void *awful(int **u) { 6 | int a; 7 | a = 5; 8 | (*u) = &a; 9 | } 10 | 11 | main () { 12 | int *p; 13 | awful(&p); 14 | __goblint_check(*p == 5); //UNKNOWN! 15 | printf("%d\n", *p); 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/19-P5.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void proc(int *x, int *y) {} 4 | 5 | main () { 6 | int z = 1; 7 | proc(&z, &z); 8 | __goblint_check(z == 1); 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/24-rec1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char rec (int x) { 4 | char v; 5 | if (x) { 6 | v = 'a'; 7 | return rec(0); 8 | } else 9 | v = 'b'; 10 | return v; 11 | } 12 | 13 | main () { 14 | char c = rec(1); 15 | __goblint_check(c == 'b'); 16 | } 17 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/31-rec8.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | extern int scanf(char *, ...); 4 | 5 | int *rec(int i) { 6 | int *p; 7 | if (!i) { 8 | __goblint_check(i == 0); 9 | p = rec(i + 1); 10 | } 11 | return &i; 12 | } 13 | 14 | main () { 15 | int *p; 16 | int i; 17 | scanf("%d", &i); 18 | p = rec(i); 19 | } 20 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/32-rec9.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void p (int *x) { 4 | int y; 5 | int *z; 6 | z = &y; 7 | p(z); 8 | } 9 | 10 | main() { 11 | int z; 12 | int ind = 0; 13 | if(z) { 14 | p(&z); 15 | // p does not return 16 | ind = 1; 17 | } 18 | 19 | __goblint_check(ind == 0); 20 | } 21 | -------------------------------------------------------------------------------- /tests/regression/44-trier_analyzer/44-while.c: -------------------------------------------------------------------------------- 1 | //PARAM: --enable ana.int.interval 2 | #include 3 | 4 | extern int printf(char *, ...); 5 | 6 | main() { 7 | int sum = 0; 8 | int i = 0; 9 | while (i < 11) { 10 | sum += i; 11 | i++; 12 | } 13 | __goblint_check(i == 11); 14 | printf("%d\n",sum); 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/45-escape/05-global-single-threaded.c: -------------------------------------------------------------------------------- 1 | #include 2 | int* ptr; 3 | int nine = 9; 4 | 5 | int other() { 6 | __goblint_check(*ptr == 8); //UNKNOWN! 7 | } 8 | 9 | int main() 10 | { 11 | int g = 8; 12 | int top; 13 | 14 | if(top) { 15 | ptr = &g; 16 | } else { 17 | ptr = &nine; 18 | } 19 | 20 | other(); 21 | } 22 | -------------------------------------------------------------------------------- /tests/regression/45-escape/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/46-apron2/02-localization-hh.c: -------------------------------------------------------------------------------- 1 | ../34-localwn_restart/04-hh.c -------------------------------------------------------------------------------- /tests/regression/46-apron2/22-oct-narrow.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron --disable ana.int.interval --set ana.apron.domain octagon 2 | #include 3 | 4 | int main() { 5 | int i = 0; 6 | while (i < 100) { 7 | i++; 8 | } 9 | assert(i == 100); 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/46-apron2/27-overflow.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --enable ana.int.interval --set ana.activated[+] apron 2 | #include 3 | typedef long long int64_t; 4 | 5 | int main(int argc, char * argv[]) 6 | { 7 | long long data; 8 | if (data < 0x7fffffffffffffffLL) 9 | { 10 | long long result = data + 1; //NOWARN 11 | } 12 | 13 | return 0; 14 | } -------------------------------------------------------------------------------- /tests/regression/46-apron2/29-read-var-offset.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | #include 3 | 4 | struct s { 5 | int x; 6 | int y; 7 | }; 8 | 9 | struct s g; 10 | 11 | int main() { 12 | assert(g.x < 10); 13 | // Manually check that Apron environment doesn't contain just "g" after read from int offset. 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/46-apron2/58-issue-1249.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | int *a; 3 | int b; 4 | void c(int d) { 5 | // NOCRASH: *a is a null pointer here, so we should warn but maybe not crash 6 | *a = d; 7 | } 8 | int main() { 9 | c(b); 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/46-apron2/60-issue-1338.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron 2 | // NOCRASH 3 | #include 4 | int main() 5 | { 6 | char *ptr = malloc(2); 7 | char s = *(ptr+0)+0; 8 | 9 | char *arr; 10 | arr = malloc(8); 11 | int tmp = (int)*(arr+0); 12 | } -------------------------------------------------------------------------------- /tests/regression/46-apron2/81-overflow-caching.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron --set ana.relation.privatization top 2 | 3 | #include 4 | #include 5 | 6 | int num = 1; 7 | 8 | 9 | int main() { 10 | 11 | while(num > 0) 12 | num++; // Here num overflows 13 | 14 | __goblint_check(1); // reachable 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/46-apron2/82-fixpoint-not-reached.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set sem.int.signed_overflow assume_none --set ana.activated[+] apron 2 | // FIXPOINT 3 | int main() { 4 | int minInt = -2147483647 + -1; 5 | int x = (minInt + -1) +1; 6 | return 0; 7 | } -------------------------------------------------------------------------------- /tests/regression/46-apron2/85-fix.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] apron --set sem.int.signed_overflow assume_none 2 | #include 3 | 4 | int main() { 5 | int d = 1; 6 | while (d < 6) { 7 | if (0) 8 | return 0; //FIXPOINT: Earlier this fixpoint was not reached here 9 | d++; 10 | } 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/01-CWE190_Integer_Overflow__01.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | #include 3 | 4 | void main() 5 | { 6 | char data; 7 | fscanf(stdin, "%c", &data); 8 | { 9 | char result = data + 1; // WARN: potential overflow 10 | printf("%hhd\n", result); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/04-CWE191_Integer_Underflow__01.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | #include 3 | 4 | void main() 5 | { 6 | char data; 7 | fscanf(stdin, "%c", &data); 8 | { 9 | data--; // WARN: potential underflow 10 | char result = data; 11 | printf("%hhd\n", result); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/05-CWE191_Integer_Underflow__02.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval 2 | #include 3 | 4 | void main() 5 | { 6 | char data; 7 | fscanf(stdin, "%c", &data); 8 | if(-data < 0) // avoid potential overflow 9 | { 10 | char result = -data * 2; // WARN: potential underflow 11 | printf("%hhd\n", result); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/07-CWE570_Expression_Always_False__01.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | bool gFalse = false; 5 | 6 | void main() 7 | { 8 | if (gFalse) // WARN: expression is always false 9 | { 10 | printf("Never prints"); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/08-CWE570_Expression_Always_False__02.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void main() 5 | { 6 | // (0 <= uInt < UINT_MAX), uInt is pseudo-random 7 | unsigned int uInt = (unsigned int)(rand()); 8 | 9 | if (uInt < 0) // WARN: expression is always false 10 | { 11 | printf("Never prints"); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/09-CWE570_Expression_Always_False__03.c: -------------------------------------------------------------------------------- 1 | void main() 2 | { 3 | int intTen = 10; 4 | 5 | if (intTen == (intTen-1)) // WARN: expression is always false 6 | { 7 | printf("Never prints"); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/10-CWE571_Expression_Always_True__01.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | bool gTrue = true; 5 | 6 | void main() 7 | { 8 | if (gTrue) // WARN: expression is always true 9 | { 10 | printf("Always prints\n"); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/50-juliet/11-CWE571_Expression_Always_True__02.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void main() 5 | { 6 | // (0 <= uInt < UINT_MAX), uInt is pseudo-random 7 | unsigned int uInt = (unsigned int)(rand()); 8 | 9 | if (uInt >= 0) // WARN: expression is always true 10 | { 11 | printf("Always prints\n"); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/55-loop-unrolling/08-bad.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set exp.unrolling-factor 1 --enable dbg.run_cil_check 2 | // CRAM 3 | int main() { 4 | int m; 5 | 6 | switch (m) 7 | { 8 | default: 9 | do { } while (0); 10 | } 11 | 12 | 13 | goto lab; 14 | 15 | lab: do { } while (0); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/55-loop-unrolling/09-weird.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set exp.unrolling-factor 2 --enable dbg.run_cil_check 2 | #include 3 | 4 | void main(void) 5 | { 6 | int j = 0; 7 | 8 | for(int i=0;i < 50;i++) { 9 | goto somelab; 10 | somelab: j = 8; 11 | } 12 | 13 | __goblint_check(j==8); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/55-loop-unrolling/11-unrolled-loop-invariant.c: -------------------------------------------------------------------------------- 1 | // CRAM 2 | int main() { 3 | int i = 0; 4 | while (i < 10) 5 | i++; 6 | 7 | int j = 0, k = 0; 8 | while (j < 10) { 9 | while (k < 100) 10 | k++; 11 | j++; 12 | } 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/55-loop-unrolling/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | 4 | (cram 5 | (applies_to 11-unrolled-loop-invariant) 6 | (enabled_if %{bin-available:graph-easy}) 7 | (deps 8 | %{bin:cfgDot})) 9 | -------------------------------------------------------------------------------- /tests/regression/56-witness/.gitignore: -------------------------------------------------------------------------------- 1 | witness.certificate.yml 2 | -------------------------------------------------------------------------------- /tests/regression/56-witness/03-int-log-short.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set witness.yaml.entry-types[*] location_invariant --set witness.yaml.validate 03-int-log-short.yml 2 | 3 | int main() { 4 | int r; 5 | int x, y; 6 | x = 1; 7 | y = 0; 8 | ; // SUCCESS (witness) 9 | ; // SUCCESS (witness) 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/56-witness/07-base-lor-interval.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval --set witness.yaml.entry-types[*] location_invariant --set witness.yaml.validate 07-base-lor-interval.yml 2 | #include 3 | 4 | int main() { 5 | int r; // rand 6 | int x; 7 | __goblint_assume(x >= 2); 8 | ; // SUCCESS (witness) 9 | ; // SUCCESS (witness) 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/56-witness/08-witness-all-locals.c: -------------------------------------------------------------------------------- 1 | // CRAM PARAM: --enable witness.yaml.enabled --set witness.yaml.entry-types '["location_invariant"]' --disable witness.invariant.all-locals 2 | int main() { 3 | int x; 4 | x = 5; 5 | { 6 | int y; 7 | y = 10; 8 | } 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/56-witness/18-base-unassume-contra.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set witness.yaml.entry-types[*] location_invariant --set ana.activated[+] unassume --set witness.yaml.unassume 18-base-unassume-contra.yml --enable ana.int.interval 2 | #include 3 | 4 | int main() { 5 | int i; 6 | i = 0; 7 | __goblint_check(i == 0); 8 | return 0; 9 | } -------------------------------------------------------------------------------- /tests/regression/56-witness/46-top-bool-invariant.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable witness.yaml.enabled --set witness.yaml.entry-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --disable witness.invariant.inexact-type-bounds 2 | // CRAM 3 | int main() { 4 | _Bool x; 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/56-witness/47-top-int-invariant.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable witness.yaml.enabled --set witness.yaml.entry-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --disable witness.invariant.inexact-type-bounds 2 | // CRAM 3 | int main() { 4 | int x; 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/57-floats/07-equality.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.float.interval 2 | 3 | void main() 4 | { 5 | int check1 = (0.2f == 0.2); // WARN 6 | int check2 = (0.2 != 0.3l); // WARN 7 | 8 | // Not all integers that are this big are representable in doubles anymore... 9 | double high_value = 179769313486231568384.0; 10 | double x = high_value + 1; // WARN 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/57-floats/13-refine-branch.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.float.interval 2 | #include 3 | int main() 4 | { 5 | double z; 6 | int x; 7 | 8 | if(z) { 9 | // z may NOT be refined to range only in the values of int here(!) 10 | __goblint_check(__builtin_isfinite(z)); //UNKNOWN! 11 | } else { 12 | 13 | } 14 | 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/57-floats/18-zerodiv.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.float.interval 2 | // Taken from CBMC's regression test suite 3 | // (http://svn.cprover.org/svn/cbmc/trunk/regression/cbmc/). 4 | #include 5 | #include 6 | #include 7 | 8 | int main() 9 | { 10 | int res = 0; 11 | if(0.0 / 5.0 == 0) { 12 | res=1; 13 | } 14 | __goblint_check(res == 1); 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/62-abortUnless/04-lval.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] abortUnless 2 | #include 3 | 4 | int assume_abort_if_not(int cond) { 5 | if(!cond) 6 | { 7 | abort(); 8 | } 9 | return 42; 10 | } 11 | 12 | int main(void) 13 | { 14 | int x, y; 15 | y = assume_abort_if_not(x == 8); 16 | __goblint_check(x==8); 17 | __goblint_check(y==42); 18 | } 19 | -------------------------------------------------------------------------------- /tests/regression/63-affeq/08-overflows.c: -------------------------------------------------------------------------------- 1 | //SKIP PARAM: --set ana.activated[+] affeq --enable ana.int.interval 2 | 3 | int main() { 4 | //Overflow 5 | int c = 2147483647; 6 | c = c + 1; 7 | 8 | __goblint_check(c < 2147483647); //UNKNOWN! 9 | 10 | } -------------------------------------------------------------------------------- /tests/regression/63-affeq/11-division.c: -------------------------------------------------------------------------------- 1 | //SKIP PARAM: --set ana.activated[+] affeq --enable ana.int.interval 2 | int main() { 3 | int two = 2; 4 | int three = 3; 5 | int six = 6; 6 | 7 | int x, y; 8 | if (x == three && y/x == two) { 9 | // y could for example also be 7 10 | __goblint_check(y == six); // UNKNOWN! 11 | } 12 | } -------------------------------------------------------------------------------- /tests/regression/63-affeq/13-multiple_vars.c: -------------------------------------------------------------------------------- 1 | //SKIP //PARAM: --set ana.activated[+] affeq --enable ana.int.interval 2 | // An issue with the assignment of multiple vars made the assert evaluate to unknown 3 | int f (int j) { 4 | return j + 1; 5 | } 6 | int main() { 7 | int test = f(10); 8 | __goblint_check(test == 11); 9 | } -------------------------------------------------------------------------------- /tests/regression/63-affeq/17-verify.c: -------------------------------------------------------------------------------- 1 | //SKIP PARAM: --set ana.activated[+] affeq --sem.int.signed_overflow "assume_none" --enable ana.int.interval 2 | // FIXPOINT: Error in leq check led to verify error 3 | 4 | int main() { 5 | int n, a, b; 6 | 7 | n = a - b; 8 | while (n--) { 9 | 10 | } 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/63-affeq/18-special-refine.c: -------------------------------------------------------------------------------- 1 | //SKIP PARAM: --set ana.activated[+] affeq --set sem.int.signed_overflow assume_top --enable ana.int.interval 2 | 3 | int main() { 4 | int top; 5 | int blarg = top; 6 | 7 | if(top == 8) { 8 | __goblint_check(top == 8); 9 | __goblint_check(top == blarg); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/63-affeq/dune: -------------------------------------------------------------------------------- 1 | (rule 2 | (aliases runtest runaprontest) 3 | (enabled_if %{lib-available:apron}) 4 | (deps 5 | (package goblint) 6 | ../../../goblint ; update_suite calls local goblint 7 | (:update_suite ../../../scripts/update_suite.rb) 8 | (glob_files ??-*.c)) 9 | (locks /update_suite) 10 | (action (chdir ../../.. (run %{update_suite} group affeq -q)))) 11 | -------------------------------------------------------------------------------- /tests/regression/65-taint/07-varEq.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] var_eq --set ana.ctx_insens[+] var_eq --set ana.activated[+] taintPartialContexts 2 | #include 3 | 4 | void f(int *zptr){ 5 | 6 | } 7 | 8 | int main() { 9 | int z, x; 10 | 11 | f(&z); 12 | z = x; 13 | f(&z); 14 | 15 | __goblint_check(z == x); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/14-no-int-context.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --set solver slr3t --disable ana.base.context.int 2 | // NOCHECK 3 | int f (int i) { // -2 4 | return i+1; } // -3 5 | void g(int j) { // -4 6 | f(j); } // -5 7 | int main(){ 8 | int x; 9 | x = f(1); // -1 10 | g(x); // 0 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/46-calloc_matrix.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.int.interval_set true --set ana.base.arrays.domain partitioned 2 | 3 | #include 4 | #include 5 | 6 | int main(void) { 7 | int (*r)[5] = calloc(2, sizeof(int[5])); 8 | r[0][1] = 3; 9 | int* z = &r[0][1]; 10 | 11 | __goblint_check(*z == 3); //UNKNOWN 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/47-only-intervals.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --disable ana.int.def_exc 2 | #include 3 | 4 | int main() { 5 | for(int i=2; i < 42; i++) { 6 | int x = i==2; // NOWARN 7 | __goblint_check(1); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/60-intervals-test.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --disable ana.int.def_exc --disable ana.int.enums 2 | #include 3 | 4 | void main(){ 5 | int n = 7; 6 | for (; n; n--) { 7 | __goblint_check(n==1); // UNKNOWN! 8 | } 9 | int i; 10 | if(i-1){ 11 | __goblint_check(i==2); // UNKNOWN! 12 | } 13 | return; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/73-intervals.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set sem.int.signed_overflow assume_none --enable ana.int.interval_set --disable ana.int.def_exc 2 | #include 3 | 4 | int main(void) { 5 | int x = 0; 6 | while(x != 42) { 7 | x++; 8 | __goblint_check(x >= 1); 9 | } 10 | 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/80-lustre-minimal.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --enable ana.int.def_exc 2 | // issue #120 3 | #include 4 | 5 | int main() { 6 | // should be LP64 7 | unsigned long n = 16; 8 | unsigned long size = 4912; 9 | 10 | __goblint_check(!(0xffffffffffffffffUL / size < n)); 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/85-cast-unsigned-to-signed.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --set sem.int.signed_overflow assume_none 2 | #include 3 | 4 | int main(void) { 5 | unsigned long x; 6 | long y = x; 7 | __goblint_check(y >= 0); // UNKNOWN! 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/66-interval-set-one/93-enum.c: -------------------------------------------------------------------------------- 1 | // PARAM: --disable ana.int.interval_set --disable ana.int.def_exc --enable ana.int.enums 2 | // NOCHECK 3 | void main(){ 4 | int n = 1; 5 | for (; n; n++) { // fixed point not reached here 6 | } 7 | return; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/67-interval-sets-two/06-no-int-context.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --disable ana.context.widen --disable ana.base.context.int 2 | #include 3 | 4 | int f(int x) { 5 | if (x) 6 | return f(x+1); 7 | else 8 | return x; 9 | } 10 | 11 | int main () { 12 | int a = f(1); 13 | __goblint_check(!a); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/67-interval-sets-two/15-interval-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --enable ana.int.def_exc 2 | // NOCHECK 3 | int main(){ 4 | 5 | unsigned long long a ; 6 | unsigned long long addr; 7 | 8 | if(a + addr > 0x0ffffffffULL){ 9 | return 1; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/67-interval-sets-two/41-interval-branching.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --disable ana.int.def_exc 2 | #include 3 | #include 4 | int main(){ 5 | int i; 6 | if(i<0){ 7 | __goblint_check(i<0); 8 | } else { 9 | __goblint_check(i>=0); 10 | } 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/67-interval-sets-two/44-comparision-bot.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --enable ana.int.def_exc 2 | // NOCHECK 3 | #include 4 | int main(){ 5 | int a = 0; 6 | unsigned int b = (unsigned int) a - 256U; 7 | if ((unsigned int) a - 256U <= 511U) { 8 | a += 4; 9 | } 10 | printf("%u\n", (unsigned int) a - 256U); 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/67-interval-sets-two/56-interval-set-dead-code.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set 2 | // NOCHECK 3 | #include 4 | #include 5 | 6 | int main() { 7 | 8 | int i; 9 | 10 | if (i > 5 && i < 10) { 11 | i = 1; 12 | } 13 | if (i == 7) { 14 | i = INT_MAX; 15 | i += 1; 16 | } 17 | 18 | return 0; 19 | } -------------------------------------------------------------------------------- /tests/regression/68-longjmp/48-bot-buff.c: -------------------------------------------------------------------------------- 1 | #include 2 | jmp_buf env_buffer; 3 | 4 | int main() { 5 | longjmp(env_buffer, 1); //WARN 6 | } 7 | -------------------------------------------------------------------------------- /tests/regression/68-longjmp/49-arguments-inline.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | jmp_buf env_buffer; 5 | 6 | int main () { 7 | if (setjmp(env_buffer)) { 8 | __goblint_check(1); // reachable 9 | return 8; 10 | } 11 | 12 | longjmp(env_buffer, 0); // WARN 13 | __goblint_check(0); // NOWARN 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/69-addresses/03-issue-564.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct { 4 | int x; 5 | } a; 6 | 7 | int main() { 8 | a z; 9 | a *y = &z; 10 | 11 | int *m = &y->x; // {&z.x} 12 | a *n = &y[0]; // {&z[def_exc:0]} 13 | 14 | int b = m == n; 15 | assert(b); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/70-transform/01-empty.c: -------------------------------------------------------------------------------- 1 | // SKIP: this is an input file for cram tests 2 | -------------------------------------------------------------------------------- /tests/regression/70-transform/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps transform.sh (glob_files *.c) (glob_files *.json))) 3 | -------------------------------------------------------------------------------- /tests/regression/73-strings/05-string-unit-domain.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.base.strings.domain unit 2 | #include 3 | #include 4 | 5 | void foo(char *s) { 6 | int l = strlen(s); 7 | __goblint_check(l == 3 || l == 6); // UNKNOWN 8 | } 9 | 10 | int main() { 11 | foo("foo"); 12 | foo("bar"); 13 | foo("foobar"); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/74-invalid_deref/18-simple-uaf.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.activated[+] useAfterFree 2 | #include 3 | #include 4 | 5 | int main() { 6 | int *ptr = malloc(sizeof(int)); 7 | *ptr = 42; 8 | 9 | free(ptr); 10 | 11 | *ptr = 43; //WARN 12 | free(ptr); //WARN 13 | 14 | return 0; 15 | } -------------------------------------------------------------------------------- /tests/regression/74-invalid_deref/19-oob-stack-simple.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] memOutOfBounds --enable ana.int.interval 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int i = 42; 6 | int *ptr = &i; 7 | 8 | *ptr = 5;//NOWARN 9 | *(ptr + 10) = 55;//WARN 10 | 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/74-invalid_deref/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/75-invalid_free/01-invalid-dealloc-simple.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char const *argv[]) 4 | { 5 | int a; 6 | int *p = &a; 7 | free(p); //WARN 8 | 9 | char b = 'b'; 10 | char *p2 = &b; 11 | free(p2); //WARN 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/75-invalid_free/02-invalid-dealloc-struct.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | typedef struct custom_t { 4 | int x; 5 | int y; 6 | } custom_t; 7 | 8 | int main(int argc, char const *argv[]) 9 | { 10 | custom_t *var; 11 | free(var); //WARN 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/75-invalid_free/05-free-at-offset.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char const *argv[]) { 4 | char *ptr = malloc(42 * sizeof(char)); 5 | ptr = ptr + 7; 6 | free(ptr); //WARN 7 | 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/75-invalid_free/06-realloc-at-offset.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define MAX_SIZE 5000 4 | 5 | int main(int argc, char const *argv[]) { 6 | char *ptr = malloc(42 * sizeof(char)); 7 | ptr = ptr + 7; 8 | realloc(ptr, MAX_SIZE); //WARN 9 | 10 | return 0; 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/01-simple-no-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int *p = malloc(sizeof(int)); 6 | free(p); 7 | 8 | return 0; //NOWARN 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/02-simple-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int *p = malloc(sizeof(int)); 6 | // No free => memory is leaked 7 | return 0; //WARN 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/03-simple-exit-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int *p = malloc(sizeof(int)); 6 | exit(0); //WARN 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/04-simple-abort-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int *p = malloc(sizeof(int)); 6 | abort(); //WARN 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/05-simple-assert-no-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) { 6 | int *p = malloc(sizeof(int)); 7 | assert(1); 8 | free(p); 9 | return 0; //NOWARN 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/06-simple-assert-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set warn.assert false --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | #include 4 | 5 | int main(int argc, char const *argv[]) { 6 | int *p = malloc(sizeof(int)); 7 | assert(0); //WARN 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/07-simple-quick-exit-mem-leak.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int main(int argc, char const *argv[]) { 5 | int *p = malloc(sizeof(int)); 6 | quick_exit(0); //WARN 7 | } 8 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/08-unreachable-mem.c: -------------------------------------------------------------------------------- 1 | //PARAM: --set ana.malloc.unique_address_count 1 --set ana.activated[+] memLeak 2 | #include 3 | 4 | int *g; 5 | 6 | int main(int argc, char const *argv[]) { 7 | g = malloc(sizeof(int)); 8 | // Reference to g's heap contents is lost here 9 | g = NULL; 10 | 11 | return 0; //WARN 12 | } 13 | -------------------------------------------------------------------------------- /tests/regression/76-memleak/32-no-mem-leak-goblint-check.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] memLeak --set ana.malloc.unique_address_count 1 2 | #include 3 | #include 4 | 5 | int main() { 6 | int *ptr = malloc(sizeof(int)); 7 | __goblint_check(ptr == 0); // FAIL 8 | free(ptr); 9 | } -------------------------------------------------------------------------------- /tests/regression/76-memleak/dune: -------------------------------------------------------------------------------- 1 | (cram 2 | (deps (glob_files *.c))) 3 | -------------------------------------------------------------------------------- /tests/regression/77-lin2vareq/18-forget_var.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] lin2vareq --set sem.int.signed_overflow assume_none 2 | #include 3 | 4 | int main() { 5 | int x, y, z; 6 | 7 | z = x; 8 | 9 | __goblint_check(z == x); // SUCCESS 10 | 11 | x = y * y; 12 | 13 | __goblint_check(x == z); // UNKNOWN! 14 | 15 | return 0; 16 | } -------------------------------------------------------------------------------- /tests/regression/77-lin2vareq/26-termination-overflow.c: -------------------------------------------------------------------------------- 1 | // SKIP TERM PARAM: --set "ana.activated[+]" lin2vareq 2 | 3 | #include 4 | 5 | int main() { 6 | int i = 2147483647; 7 | i++; 8 | while (i <= 10) { 9 | printf("%d\n", i); 10 | } 11 | 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/77-lin2vareq/30-cast-non-int.c: -------------------------------------------------------------------------------- 1 | // SKIP PARAM: --set ana.activated[+] lin2vareq --set sem.int.signed_overflow assume_none 2 | #include 3 | //#include 4 | int main(void) { 5 | float b = 2.5; 6 | float a = 1.5; 7 | int c = (int) a; 8 | int d = (int) b; 9 | //printf("c: %d\nd: %d\n", c, d); 10 | __goblint_check(d -c -1 == 0); // UNKNOWN 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/77-lin2vareq/dune: -------------------------------------------------------------------------------- 1 | (rule 2 | (aliases runtest runaprontest) 3 | (enabled_if %{lib-available:apron}) 4 | (deps 5 | (package goblint) 6 | ../../../goblint ; update_suite calls local goblint 7 | (:update_suite ../../../scripts/update_suite.rb) 8 | (glob_files ??-*.c)) 9 | (locks /update_suite) 10 | (action (chdir ../../.. (run %{update_suite} group lin2vareq -q)))) -------------------------------------------------------------------------------- /tests/regression/78-termination/05-for-loop-terminating.c: -------------------------------------------------------------------------------- 1 | // SKIP TERM PARAM: --set "ana.activated[+]" termination --set ana.activated[+] apron --enable ana.int.interval --set ana.apron.domain polyhedra 2 | #include 3 | 4 | int main() 5 | { 6 | unsigned int i; 7 | 8 | for (i = 1; i <= 10; i++) 9 | { 10 | printf("%d\n", i); 11 | } 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/78-termination/11-loopless-termination.c: -------------------------------------------------------------------------------- 1 | // SKIP TERM PARAM: --set "ana.activated[+]" termination --set ana.activated[+] apron --enable ana.int.interval --set ana.apron.domain polyhedra 2 | #include 3 | 4 | int main() 5 | { 6 | printf("Terminating code without a loop\n"); 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/78-termination/48-dynamic-recursion-nonterminating.c: -------------------------------------------------------------------------------- 1 | // SKIP NONTERM PARAM: --set "ana.activated[+]" termination --set ana.activated[+] apron --enable ana.int.interval --set ana.apron.domain polyhedra 2 | void troll(void (*f) ()) 3 | { 4 | f(f); 5 | } 6 | 7 | int main() 8 | { 9 | troll(troll); 10 | } 11 | -------------------------------------------------------------------------------- /tests/regression/78-termination/49-longjmp.c: -------------------------------------------------------------------------------- 1 | // SKIP NONTERM PARAM: --set "ana.activated[+]" termination --set ana.activated[+] apron --enable ana.int.interval --set ana.apron.domain polyhedra 2 | #include 3 | jmp_buf buf; 4 | int main() 5 | { 6 | if(setjmp(buf)) { 7 | 8 | } 9 | 10 | longjmp(buf, 1); 11 | } 12 | -------------------------------------------------------------------------------- /tests/regression/78-termination/50-decreasing-signed-int.c: -------------------------------------------------------------------------------- 1 | // SKIP TERM PARAM: --set "ana.activated[+]" termination --set ana.activated[+] apron --enable ana.int.interval --set ana.apron.domain octagon 2 | int main() 3 | { 4 | unsigned int x; 5 | 6 | if(x == 0){ 7 | return 0; 8 | } 9 | while (x > 0) { 10 | x = x - 1; 11 | } 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/80-context_gas/03-contextGas0.c: -------------------------------------------------------------------------------- 1 | // PARAM: --enable ana.int.interval_set --set ana.context.gas_value 0 2 | 3 | int f(int x, int y) 4 | { 5 | if (x == 0) 6 | { 7 | return y; 8 | } 9 | return f(x - 1, y - 1); 10 | } 11 | 12 | int main() 13 | { 14 | // is analyzed context-insensitive 15 | __goblint_check(f(1000, 1000) == 0); // UNKNOWN 16 | } -------------------------------------------------------------------------------- /tests/regression/82-widen/02-loop_increment.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set solvers.td3.widen_gas 5 --enable ana.int.interval 2 | #include 3 | 4 | int main(void) { 5 | int a; 6 | int b; 7 | 8 | for(a = 0; a != 3; a ++) 9 | __goblint_check(a < 3); 10 | for(b = 0; b != 4; b ++) 11 | __goblint_check(b < 4); 12 | 13 | return 0; 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/84-c2po/24-disequalities-small-example.c: -------------------------------------------------------------------------------- 1 | // PARAM: --set ana.activated[+] c2po --set ana.activated[+] startState --set ana.activated[+] taintPartialContexts --set ana.c2po.askbase false 2 | #include 3 | 4 | int *a, b; 5 | c() { b = 0; } 6 | main() { 7 | int *d; 8 | if (a == d) 9 | ; 10 | else 11 | __goblint_check(a != d); 12 | c(); 13 | } 14 | -------------------------------------------------------------------------------- /tests/regression/cfg/dune: -------------------------------------------------------------------------------- 1 | (env 2 | (_ 3 | (binaries ./util/cfgDot.exe))) 4 | 5 | (cram 6 | (applies_to :whole_subtree) 7 | (enabled_if %{bin-available:graph-easy}) 8 | (deps 9 | %{bin:cfgDot})) 10 | -------------------------------------------------------------------------------- /tests/regression/cfg/foo.t/foo.c: -------------------------------------------------------------------------------- 1 | int main() { 2 | int a = 1, b = 1; 3 | while (a > 0 && b) { 4 | a++; 5 | b--; 6 | } 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /tests/regression/cfg/util/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (name cfgDot) 3 | (libraries 4 | goblint-cil 5 | goblint_logs 6 | goblint_common 7 | goblint_lib ; TODO: avoid: extract LoopUnrolling and WitnessUtil node predicates from goblint_lib 8 | fpath) 9 | (preprocess (pps ppx_deriving.std))) 10 | -------------------------------------------------------------------------------- /tests/regression/issue-94.t/issue-94.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int x; 5 | if (1) 6 | x = 1; 7 | else 8 | x = 2; 9 | if (x) 10 | x = 1; 11 | else 12 | x = 2; 13 | assert(x > 1 && x < 0); 14 | } 15 | -------------------------------------------------------------------------------- /tests/regression/witness/int.t/int.c: -------------------------------------------------------------------------------- 1 | #include 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | int main() { 5 | int i; 6 | i = __VERIFIER_nondet_int(); 7 | 8 | if (i < 100) 9 | __goblint_check(1); 10 | 11 | if (50 < i && i < 100) 12 | __goblint_check(1); 13 | 14 | if (i == 42 || i == 5 || i == 101) 15 | __goblint_check(1); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/regression/witness/typedef.t/typedef.c: -------------------------------------------------------------------------------- 1 | typedef int myint; 2 | 3 | typedef struct { 4 | int f; 5 | } s; 6 | 7 | int main() { 8 | myint x = 42; 9 | void *p = &x; 10 | 11 | s a; 12 | a.f = 43; 13 | void *q = &a; 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /tests/regression/witness/violation.t/correct-hard.c: -------------------------------------------------------------------------------- 1 | void reach_error(){} 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | int main() { 5 | int x = __VERIFIER_nondet_int(); 6 | if (x != x) 7 | reach_error(); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /tests/regression/witness/violation.t/correct.c: -------------------------------------------------------------------------------- 1 | void reach_error(){} 2 | 3 | int main() { 4 | return 0; 5 | } 6 | -------------------------------------------------------------------------------- /tests/regression/witness/violation.t/incorrect.c: -------------------------------------------------------------------------------- 1 | void reach_error(){} 2 | 3 | int main() { 4 | reach_error(); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/sv-comp/ConcurrencySafety-Main.set: -------------------------------------------------------------------------------- 1 | races/*.c -------------------------------------------------------------------------------- /tests/sv-comp/ReachSafety-Basic.set: -------------------------------------------------------------------------------- 1 | basic/*.c 2 | eq/*.c 3 | cfg/multicall_*.c 4 | cfg/join_true-unreach-call.c 5 | cfg/builtin_expect_true-unreach-call.c 6 | cfg/region_global_init_true-unreach-call.c 7 | cfg/local_shadow_fun_true-unreach-call.c 8 | cfg/free_spawn_*.c 9 | cfg/uncil/*.c -------------------------------------------------------------------------------- /tests/sv-comp/basic/global_init_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | void __VERIFIER_assert(int cond) { 3 | if (!(cond)) { 4 | ERROR: __VERIFIER_error(); 5 | } 6 | return; 7 | } 8 | 9 | int g = 1; 10 | 11 | int main() 12 | { 13 | __VERIFIER_assert(g == 1); 14 | return 0; 15 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_det_false-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | 3 | int main() 4 | { 5 | while (1) 6 | { 7 | int x = 1; 8 | if (x) 9 | __VERIFIER_error(); 10 | } 11 | return 0; 12 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_det_incr_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | 3 | int main() 4 | { 5 | while (1) 6 | { 7 | int x = -1; 8 | x++; 9 | if (x) 10 | __VERIFIER_error(); 11 | } 12 | return 0; 13 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_det_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | 3 | int main() 4 | { 5 | while (1) 6 | { 7 | int x = 0; 8 | if (x) 9 | __VERIFIER_error(); 10 | } 11 | return 0; 12 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_mod_false-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | int main() 5 | { 6 | while (1) 7 | { 8 | int x = __VERIFIER_nondet_int() % 100; 9 | if (x >= 50) 10 | __VERIFIER_error(); 11 | } 12 | return 0; 13 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_mod_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | int main() 5 | { 6 | while (1) 7 | { 8 | int x = __VERIFIER_nondet_int() % 100; 9 | if (x >= 100) 10 | __VERIFIER_error(); 11 | } 12 | return 0; 13 | } 14 | -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_nondet_fun_false-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | int main() 5 | { 6 | while (1) 7 | { 8 | int x = __VERIFIER_nondet_int(); 9 | if (x) 10 | __VERIFIER_error(); 11 | } 12 | return 0; 13 | } -------------------------------------------------------------------------------- /tests/sv-comp/basic/if_nondet_var_false-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | 3 | int main() 4 | { 5 | while (1) 6 | { 7 | int x; 8 | if (x) 9 | __VERIFIER_error(); 10 | } 11 | return 0; 12 | } -------------------------------------------------------------------------------- /tests/sv-comp/cfg/builtin_expect_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | extern int __VERIFIER_nondet_int(); 3 | void __VERIFIER_assert(int cond) { 4 | if (!(cond)) { 5 | ERROR: __VERIFIER_error(); 6 | } 7 | return; 8 | } 9 | 10 | int main() 11 | { 12 | int x = 0; 13 | __builtin_expect(x == 0, 1); 14 | return 0; 15 | } -------------------------------------------------------------------------------- /tests/sv-comp/cfg/free_spawn_ub_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void __VERIFIER_error() __attribute__ ((__noreturn__)); 2 | extern int __VERIFIER_nondet_int(); 3 | 4 | void foo() 5 | { 6 | __VERIFIER_error(); 7 | } 8 | 9 | int main() 10 | { 11 | void (*p)(void) = &foo; 12 | free(p); // TODO: free shouldn't spawn 13 | return 0; 14 | } -------------------------------------------------------------------------------- /tests/sv-comp/gen/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (name gen)) 3 | -------------------------------------------------------------------------------- /tests/sv-comp/heap/deref_invariant_1cycle_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void abort(void); 2 | void reach_error(){} 3 | 4 | void __VERIFIER_assert(int cond) { 5 | if (!(cond)) { 6 | ERROR: {reach_error();abort();} 7 | } 8 | return; 9 | } 10 | 11 | int main() { 12 | void *p; 13 | p = &p; 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /tests/sv-comp/heap/deref_invariant_2cycle_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void abort(void); 2 | void reach_error(){} 3 | 4 | void __VERIFIER_assert(int cond) { 5 | if (!(cond)) { 6 | ERROR: {reach_error();abort();} 7 | } 8 | return; 9 | } 10 | 11 | int main() { 12 | void *p; 13 | void *q = &p; 14 | p = &q; 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /tests/sv-comp/heap/test01_same_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void abort(void); 2 | void reach_error(){} 3 | 4 | 5 | int main() { 6 | int a, b; 7 | int *p1 = &a; 8 | int *p2 = &a; // same 9 | 10 | if (p1 != p2) { // negated 11 | goto ERROR; 12 | } 13 | 14 | return 0; 15 | 16 | ERROR: {reach_error();abort();} 17 | return 1; 18 | } 19 | -------------------------------------------------------------------------------- /tests/sv-comp/heap/test01_true-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void abort(void); 2 | void reach_error(){} 3 | 4 | 5 | int main() { 6 | int a, b; 7 | int *p1 = &a; 8 | int *p2 = &b; 9 | 10 | if (p1 == p2) { 11 | goto ERROR; 12 | } 13 | 14 | return 0; 15 | 16 | ERROR: {reach_error();abort();} 17 | return 1; 18 | } 19 | -------------------------------------------------------------------------------- /tests/sv-comp/heap/test02_false-unreach-call.c: -------------------------------------------------------------------------------- 1 | extern void abort(void); 2 | void reach_error(){} 3 | 4 | 5 | int q; 6 | 7 | int main() { 8 | int a, b; 9 | int *p1 = &a; 10 | int *p2 = p1; 11 | 12 | q = 0; 13 | 14 | if (p1 == p2) { 15 | goto ERROR; 16 | } 17 | 18 | return 0; 19 | 20 | ERROR: {reach_error();abort();} 21 | return 1; 22 | } 23 | -------------------------------------------------------------------------------- /tests/sv-comp/no-data-race.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G ! data-race) ) 2 | 3 | -------------------------------------------------------------------------------- /tests/sv-comp/no-overflow.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G ! overflow) ) 2 | -------------------------------------------------------------------------------- /tests/sv-comp/unreach-call-__VERIFIER_error.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G ! call(__VERIFIER_error())) ) 2 | 3 | -------------------------------------------------------------------------------- /tests/sv-comp/unreach-call-reach_error.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G ! call(reach_error())) ) 2 | 3 | -------------------------------------------------------------------------------- /tests/sv-comp/valid-memcleanup.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G valid-memcleanup) ) 2 | 3 | -------------------------------------------------------------------------------- /tests/sv-comp/valid-memsafety.prp: -------------------------------------------------------------------------------- 1 | CHECK( init(main()), LTL(G valid-free) ) 2 | CHECK( init(main()), LTL(G valid-deref) ) 3 | CHECK( init(main()), LTL(G valid-memtrack) ) 4 | 5 | -------------------------------------------------------------------------------- /tests/unit/cdomains/affineEqualityDomain/dune: -------------------------------------------------------------------------------- 1 | ; Workaround for workaround for alternative dependencies with unqualified subdirs. 2 | ; copy_files causes "dependency cycle that does not involve any files" otherwise 3 | (include_subdirs no) -------------------------------------------------------------------------------- /tests/util/multilibConfigure.ml: -------------------------------------------------------------------------------- 1 | open GoblintCil 2 | 3 | let () = 4 | Printf.printf "%B" (Option.is_some Machdep.gcc32 && Option.is_some Machdep.gcc64) 5 | --------------------------------------------------------------------------------