Skip to content

Aliasing pre-condition not processed correctly if is_fresh clause it not standalone #8492

New issue
New issue
Open
#8494
Open
Aliasing pre-condition not processed correctly if is_fresh clause it not standalone#8492
#8494
Labels
bugpending mergesoundnessSoundness bug? Review and add "aws" if it is, or remove "soundness" if it isn't.
@hanno-becker

Description

@hanno-becker
hanno-becker
opened on Nov 4, 2024

CBMC Version: 6.3.1

The following proves successfully:

void dummy0(int *r, int *a)
__CPROVER_requires(__CPROVER_is_fresh(r, sizeof(*r)))
__CPROVER_requires(r == a)
__CPROVER_assigns(*r)
__CPROVER_ensures(*a==42) {
  *r = 42;
}

/*
goto-cc harness.c --function harness -o a.out
goto-instrument --dfcc harness --enforce-contract dummy0 a.out b.out
cbmc b.out
*/
void harness(void) {
  int *r;
  int *a;
  dummy0(r, a);
}

The following does not:

void dummy0(int *r, int *a)
__CPROVER_requires(r != NULL && __CPROVER_is_fresh(r, sizeof(*r)))
__CPROVER_requires(r == a)
__CPROVER_assigns(*r)
__CPROVER_ensures(*a==42) {
  *r = 42;
}

/*
goto-cc harness.c --function harness -o a.out
goto-instrument --dfcc harness --enforce-contract dummy0 a.out b.out
cbmc b.out
*/
void harness(void) {
  int *r;
  int *a;
  dummy0(r, a);
}

Even if the r != NULL clause is redundant, this is surprising -- is there dedicated logic for detecting is_fresh clauses which only works when is_fresh is used at the top-level in a requires clause?

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugpending mergesoundnessSoundness bug? Review and add "aws" if it is, or remove "soundness" if it isn't.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions