考虑下面给出的代码,我可以知道为什么CBMC的上限超过上限,而我们假设io的初始值大于2。
#include<assert.h>
void main()
{
int i0;
int o1;
__CPROVER_assume(i0>=2);
//assert(i0>=0);
while(i0<=10)
{
i0=i0+1;
}
o1=i0+1;
assert((o1 <= 1));
}
CBMC输出:
CBMC version 5.8 64-bit x86_64 linux
Parsing /tmp/in1_1524461553_1936466587.c
Converting
Type-checking in1_1524461553_1936466587
Generating GOTO Program
Adding CPROVER library (x86_64)
Removal of function pointers and virtual functions
Partial Inlining
Generic Property Instrumentation
Starting Bounded Model Checking
Unwinding loop main.0 iteration 1 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 2 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 3 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 4 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 5 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 6 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 7 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 8 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 9 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 10 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 11 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 12 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 13 file /tmp/in1_1524461553_1936466587.c
答案 0 :(得分:1)
我猜想symex还不够聪明,无法看到循环中的条件在经过特定迭代后始终为假。它会尽力简化表达式,但并不是全部。将其转换为公式并传递给SAT解算器后,SAT解算器将迅速发现循环的那些迭代的条件永远无法满足,并丢弃公式的这些部分,因此它不会影响正确性(尽管当然,这可能意味着CBMC需要花费很长时间才能运行。