Switch to a more aggressive loop-assigns widening strategy for DFCC

qinheping · qinheping · commit 231752494869 · 2024-11-05T09:38:02.000-06:00
diff --git a/regression/contracts-dfcc/invar_havoc_dynamic_array_const_idx/main.c b/regression/contracts-dfcc/invar_havoc_dynamic_array_const_idx/main.c
@@ -10,7 +10,7 @@ void main()
   data[4] = 0;
 
   for(unsigned i = 0; i < SIZE; i++)
-    __CPROVER_loop_invariant(i <= SIZE)
+    __CPROVER_assigns(data[1], i) __CPROVER_loop_invariant(i <= SIZE)
     {
       data[1] = i;
     }
diff --git a/regression/contracts-dfcc/loop_assigns_inference-05/main.c b/regression/contracts-dfcc/loop_assigns_inference-05/main.c
@@ -0,0 +1,17 @@
+#include <stdlib.h>
+
+#define SIZE 8
+
+int main()
+{
+  int i = 0;
+  int *j = malloc(SIZE * sizeof(int));
+  for(i = 0; i < SIZE; i++)
+    // __CPROVER_assigns(h.pos, i)
+    __CPROVER_loop_invariant(0 <= i && i <= SIZE)
+    {
+      int *k;
+      k = j + i;
+      *k = 1;
+    }
+}
diff --git a/regression/contracts-dfcc/loop_assigns_inference-05/test.desc b/regression/contracts-dfcc/loop_assigns_inference-05/test.desc
@@ -0,0 +1,15 @@
+CORE dfcc-only
+main.c
+--no-malloc-may-fail --dfcc main --apply-loop-contracts
+^EXIT=0$
+^SIGNAL=0$
+^\[main.loop_invariant_base.\d+\] line \d+ Check invariant before entry for loop .*: SUCCESS$
+^\[main.loop_invariant_base.\d+\] line \d+ Check invariant before entry for loop .*: SUCCESS$
+^\[main.loop_invariant_step.\d+\] line \d+ Check invariant after step for loop .*: SUCCESS$
+^\[main.loop_step_unwinding.\d+\] line \d+ Check step was unwound for loop .*: SUCCESS$
+^\[main.assigns.\d+\] line \d+ Check that \*k is assignable: SUCCESS
+^VERIFICATION SUCCESSFUL$
+--
+--
+This test checks assigns __CPROVER_object_whole(k) is inferred correctly,
+which requires widening *k to the whole object.
diff --git a/src/goto-instrument/contracts/dynamic-frames/dfcc_infer_loop_assigns.cpp b/src/goto-instrument/contracts/dynamic-frames/dfcc_infer_loop_assigns.cpp
@@ -262,7 +262,9 @@ static assignst dfcc_infer_loop_assigns_for_loop(
     {
       address_of_exprt address_of_expr(expr);
       address_of_expr.add_source_location() = expr.source_location();
-      if(!is_constant(address_of_expr))
+      // Widen assigns targets to object_whole if `expr` is a dereference or
+      // with constant address.
+      if(expr.id() == ID_dereference || !is_constant(address_of_expr))
       {
         // Target address is not constant, widening to the whole object
         result.emplace(make_object_whole_call_expr(address_of_expr, ns));

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ void main()`
`10`	`10`	`data[4] = 0;`
`11`	`11`
`12`	`12`	`for(unsigned i = 0; i < SIZE; i++)`
`13`		`- __CPROVER_loop_invariant(i <= SIZE)`
	`13`	`+ __CPROVER_assigns(data[1], i) __CPROVER_loop_invariant(i <= SIZE)`
`14`	`14`	`{`
`15`	`15`	`data[1] = i;`
`16`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,9 @@ static assignst dfcc_infer_loop_assigns_for_loop(`
`262`	`262`	`{`
`263`	`263`	`address_of_exprt address_of_expr(expr);`
`264`	`264`	`address_of_expr.add_source_location() = expr.source_location();`
`265`		`- if(!is_constant(address_of_expr))`
	`265`	+ // Widen assigns targets to object_whole if `expr` is a dereference or
	`266`	`+ // with constant address.`
	`267`	`+ if(expr.id() == ID_dereference \|\| !is_constant(address_of_expr))`
`266`	`268`	`{`
`267`	`269`	`// Target address is not constant, widening to the whole object`
`268`	`270`	`result.emplace(make_object_whole_call_expr(address_of_expr, ns));`