1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
|
[kernel] Parsing share/libc/__fc_builtin_for_normalization.i (no preprocessing)
[kernel] Parsing tests/misc/widen_hints2.c (with preprocessing)
/* Generated by Frama-C */
typedef unsigned int size_t;
typedef int wchar_t;
struct __fc_div_t {
int quot ;
int rem ;
};
typedef struct __fc_div_t div_t;
struct __fc_ldiv_t {
long quot ;
long rem ;
};
typedef struct __fc_ldiv_t ldiv_t;
struct __fc_lldiv_t {
long long quot ;
long long rem ;
};
typedef struct __fc_lldiv_t lldiv_t;
/*@ assigns \result;
assigns \result \from *(nptr + (..)); */
extern double atof(char const *nptr);
/*@ assigns \result;
assigns \result \from *(nptr + (..)); */
extern int atoi(char const *nptr);
/*@ assigns \result;
assigns \result \from *(nptr + (..)); */
extern long atol(char const *nptr);
/*@ assigns \result;
assigns \result \from *(nptr + (..)); */
extern long long atoll(char const *nptr);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..));
assigns *endptr \from nptr, *(nptr + (0 ..));
*/
extern double strtod(char const *nptr, char **endptr);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..));
assigns *endptr \from nptr, *(nptr + (0 ..));
*/
extern float strtof(char const *nptr, char **endptr);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..));
assigns *endptr \from nptr, *(nptr + (0 ..));
*/
extern long double strtold(char const *nptr, char **endptr);
/*@ assigns \result, *endptr;
assigns \result
\from (indirect: nptr), (indirect: *(nptr + (0 ..))), (indirect: base);
assigns *endptr
\from nptr, (indirect: *(nptr + (0 ..))), (indirect: endptr),
(indirect: base);
behavior null_endptr:
assumes endptr ≡ \null;
assigns \result;
assigns \result
\from (indirect: nptr), (indirect: *(nptr + (0 ..))),
(indirect: base);
behavior nonnull_endptr:
assumes endptr ≢ \null;
requires \valid(endptr);
ensures \initialized(\old(endptr));
ensures \subset(*\old(endptr), \old(nptr) + (0 ..));
assigns \result, *endptr;
assigns \result
\from (indirect: nptr), (indirect: *(nptr + (0 ..))),
(indirect: base);
assigns *endptr
\from nptr, (indirect: *(nptr + (0 ..))), (indirect: endptr),
(indirect: base);
complete behaviors nonnull_endptr, null_endptr;
disjoint behaviors nonnull_endptr, null_endptr;
*/
extern long strtol(char const *nptr, char **endptr, int base);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..)), base;
assigns *endptr \from nptr, *(nptr + (0 ..)), base;
*/
extern long long strtoll(char const *nptr, char **endptr, int base);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..)), base;
assigns *endptr \from nptr, *(nptr + (0 ..)), base;
*/
extern unsigned long strtoul(char const *nptr, char **endptr, int base);
/*@ assigns \result, *endptr;
assigns \result \from *(nptr + (0 ..)), base;
assigns *endptr \from nptr, *(nptr + (0 ..)), base;
*/
extern unsigned long long strtoull(char const *nptr, char **endptr, int base);
/*@ ghost
int __fc_random_counter __attribute__((__unused__, __FRAMA_C_MODEL__)); */
unsigned long const __fc_rand_max = (unsigned long)32767;
/*@ ensures 0 ≤ \result ≤ __fc_rand_max;
assigns \result, __fc_random_counter;
assigns \result \from __fc_random_counter;
assigns __fc_random_counter \from __fc_random_counter;
*/
extern int rand(void);
/*@ assigns __fc_random_counter;
assigns __fc_random_counter \from seed; */
extern void srand(unsigned int seed);
/*@ requires nmemb * size ≤ 4294967295U; */
extern void *calloc(size_t nmemb, size_t size);
/*@ ghost extern int __fc_heap_status __attribute__((__FRAMA_C_MODEL__)); */
/*@
axiomatic dynamic_allocation {
predicate is_allocable{L}(size_t n)
reads __fc_heap_status;
}
*/
/*@ assigns __fc_heap_status, \result;
assigns __fc_heap_status \from size, __fc_heap_status;
assigns \result \from (indirect: size), (indirect: __fc_heap_status);
allocates \result;
behavior allocation:
assumes is_allocable(size);
ensures \fresh{Old, Here}(\result,\old(size));
assigns __fc_heap_status, \result;
assigns __fc_heap_status \from size, __fc_heap_status;
assigns \result \from (indirect: size), (indirect: __fc_heap_status);
behavior no_allocation:
assumes ¬is_allocable(size);
ensures \result ≡ \null;
assigns \result;
assigns \result \from \nothing;
allocates \nothing;
complete behaviors no_allocation, allocation;
disjoint behaviors no_allocation, allocation;
*/
extern void *malloc(size_t size);
/*@ assigns __fc_heap_status;
assigns __fc_heap_status \from __fc_heap_status;
frees p;
behavior deallocation:
assumes p ≢ \null;
requires freeable: \freeable(p);
ensures \allocable(\old(p));
assigns __fc_heap_status;
assigns __fc_heap_status \from __fc_heap_status;
behavior no_deallocation:
assumes p ≡ \null;
assigns \nothing;
allocates \nothing;
complete behaviors no_deallocation, deallocation;
disjoint behaviors no_deallocation, deallocation;
*/
extern void free(void *p);
/*@ requires ptr ≡ \null ∨ \freeable(ptr);
assigns __fc_heap_status, \result;
assigns __fc_heap_status \from __fc_heap_status;
assigns \result \from size, ptr, __fc_heap_status;
frees ptr;
allocates \result;
behavior alloc:
assumes is_allocable(size);
ensures \fresh{Old, Here}(\result,\old(size));
assigns \result;
assigns \result \from size, __fc_heap_status;
allocates \result;
behavior dealloc:
assumes ptr ≢ \null;
assumes is_allocable(size);
requires \freeable(ptr);
ensures \allocable(\old(ptr));
ensures \result ≡ \null ∨ \freeable(\result);
frees ptr;
behavior fail:
assumes ¬is_allocable(size);
ensures \result ≡ \null;
assigns \result;
assigns \result \from size, __fc_heap_status;
allocates \nothing;
complete behaviors fail, dealloc, alloc;
disjoint behaviors alloc, fail;
disjoint behaviors dealloc, fail;
*/
extern void *realloc(void *ptr, size_t size);
/*@ ensures \false;
assigns \nothing; */
extern void abort(void);
/*@ assigns \result;
assigns \result \from \nothing; */
extern int atexit(void (*func)(void));
/*@ assigns \result;
assigns \result \from \nothing; */
extern int at_quick_exit(void (*func)(void));
/*@ ensures \false;
assigns \nothing; */
extern __attribute__((__noreturn__)) void exit(int status);
/*@ ensures \false;
assigns \nothing; */
extern __attribute__((__noreturn__)) void _Exit(int status);
/*@ ensures \result ≡ \null ∨ \valid(\result);
assigns \result;
assigns \result \from name;
*/
extern char *getenv(char const *name);
/*@ ensures \false;
assigns \nothing; */
extern __attribute__((__noreturn__)) void quick_exit(int status);
/*@ assigns \result;
assigns \result \from *(string + (..)); */
extern int system(char const *string);
/*@ assigns *((char *)\result + (..));
assigns *((char *)\result + (..))
\from *((char *)key + (..)), *((char *)base + (..)), nmemb, size,
*compar;
*/
extern void *bsearch(void const *key, void const *base, size_t nmemb,
size_t size, int (*compar)(void const *, void const *));
/*@ assigns *((char *)base + (..));
assigns *((char *)base + (..))
\from *((char *)base + (..)), nmemb, size, *compar;
*/
extern void qsort(void *base, size_t nmemb, size_t size,
int (*compar)(void const *, void const *));
/*@ requires abs_representable: (int)(-j) ≡ -j;
assigns \result;
assigns \result \from j;
*/
extern int abs(int j);
/*@ requires abs_representable: (long)(-j) ≡ -j;
assigns \result;
assigns \result \from j;
*/
extern long labs(long j);
/*@ requires abs_representable: (long long)(-j) ≡ -j;
assigns \result;
assigns \result \from j;
*/
extern long long llabs(long long j);
/*@ assigns \result;
assigns \result \from numer, denom; */
extern div_t div(int numer, int denom);
/*@ assigns \result;
assigns \result \from numer, denom; */
extern ldiv_t ldiv(long numer, long denom);
/*@ assigns \result;
assigns \result \from numer, denom; */
extern lldiv_t lldiv(long long numer, long long denom);
/*@ assigns \result;
assigns \result \from *(s + (0 ..)), n; */
extern int mblen(char const *s, size_t n);
/*@ assigns \result, *(pwc + (0 .. n - 1));
assigns \result \from *(s + (0 .. n - 1)), n;
assigns *(pwc + (0 .. n - 1)) \from *(s + (0 .. n - 1)), n;
*/
extern int mbtowc(wchar_t *pwc, char const *s, size_t n);
/*@ assigns \result, *(s + (0 ..));
assigns \result \from wc;
assigns *(s + (0 ..)) \from wc;
*/
extern int wctomb(char *s, wchar_t wc);
/*@ assigns \result, *(pwcs + (0 .. n - 1));
assigns \result \from *(s + (0 .. n - 1)), n;
assigns *(pwcs + (0 .. n - 1)) \from *(s + (0 .. n - 1)), n;
*/
extern size_t mbstowcs(wchar_t *pwcs, char const *s, size_t n);
/*@ assigns \result, *(s + (0 .. n - 1));
assigns \result \from *(pwcs + (0 .. n - 1)), n;
assigns *(s + (0 .. n - 1)) \from *(pwcs + (0 .. n - 1)), n;
*/
extern size_t wcstombs(char *s, wchar_t const *pwcs, size_t n);
int t[100];
int const x = 9;
int glob;
void f(void)
{
int tf[100];
int m;
int n;
m = 10;
n = 33 + m;
/*@ widen_hints "all", 88; */
{
int a;
a = 0;
while (a < n * 2 + 1) {
{
int b;
b = 0;
while (b < a) {
tf[b] = 1;
b ++;
}
}
a ++;
}
}
return;
}
void g(void)
{
int tg[100];
int m;
int n;
m = 10;
n = 33 + m;
{
int ll;
ll = 0;
while (ll < n * 2 + 1) {
{
int kk;
kk = 0;
while (kk < ll) {
tg[kk] = 1;
kk ++;
}
}
ll ++;
}
}
return;
}
int y;
int main(void)
{
int __retres;
int y_0;
int m;
int n;
m = 10;
/*@ widen_hints global:m, 2;
widen_hints y_0, 5; */
n = 33 + m;
{
int a;
a = 0;
/*@ loop widen_hints a, 2; */
while (a < n * 2 + 1) {
/*@ widen_hints a, 88; */
{
int b;
b = 0;
while (b < a) {
t[b] = 1;
b ++;
}
}
a ++;
}
}
{
int c;
c = 0;
/*@ loop widen_hints c, 88;
loop widen_hints y_0, 1;
loop widen_hints global:y_0, 2;
*/
while (c < n * 2 + 1) {
{
int d;
d = 0;
while (d < c) {
t[d] = 1;
d ++;
}
}
c ++;
}
}
{
int c_0;
c_0 = 0;
/*@ loop widen_hints c_0, 88; */
while (c_0 < n * 2 + 1) {
{
int d_0;
d_0 = 0;
while (d_0 < c_0) {
t[d_0] = 1;
d_0 ++;
}
}
c_0 ++;
}
}
/*@ widen_hints glob, 88; */
{
glob = 0;
while (glob < n * 2 + 1) {
{
int j;
j = 0;
while (j < glob) {
t[j] = 1;
j ++;
}
}
glob ++;
}
}
f();
g();
__retres = 0;
return __retres;
}
|
