3#ifndef __CPROVER_LIMITS_H_INCLUDED
5 # define __CPROVER_LIMITS_H_INCLUDED
12 // C99 Section 7.20.6.1:
13 // "If the result cannot be represented, the behavior is undefined."
20#ifndef __CPROVER_LIMITS_H_INCLUDED
22# define __CPROVER_LIMITS_H_INCLUDED
29 // C99 Section 7.20.6.1:
30 // "If the result cannot be represented, the behavior is undefined."
32 i !=
LONG_MIN,
"argument to labs must not be LONG_MIN");
38#ifndef __CPROVER_LIMITS_H_INCLUDED
40# define __CPROVER_LIMITS_H_INCLUDED
45 long long int llabs(
long long int i)
47 // C99 Section 7.20.6.1:
48 // "If the result cannot be represented, the behavior is undefined."
50 i !=
LLONG_MIN,
"argument to llabs must not be LLONG_MIN");
54/* FUNCTION: imaxabs */
56#ifndef __CPROVER_INTTYPES_H_INCLUDED
58 # define __CPROVER_INTTYPES_H_INCLUDED
61#ifndef __CPROVER_LIMITS_H_INCLUDED
63# define __CPROVER_LIMITS_H_INCLUDED
73 i !=
INTMAX_MIN,
"argument to imaxabs must not be INTMAX_MIN");
77/* FUNCTION: __builtin_abs */
84/* FUNCTION: __builtin_labs */
91/* FUNCTION: __builtin_llabs */
136/* FUNCTION: calloc */
174 "max allocation may fail");
179 // realistically, calloc may return NULL,
180 // and __CPROVER_allocate doesn't, but no one cares
183 // record the object size for non-determistic bounds checking
188 // detect memory leaks
192#ifdef __CPROVER_STRING_ABSTRACTION
201/* FUNCTION: malloc */
210// malloc is marked "inline" for the benefit of goto-analyzer. Really,
211// goto-analyzer should take care of inlining as needed.
214// realistically, malloc may return NULL,
215// but we only do so if `--malloc-may-fail` is set
239 "max allocation may fail");
246 // record the object size for non-determistic bounds checking
251 // detect memory leaks
255#ifdef __CPROVER_STRING_ABSTRACTION
262/* FUNCTION: __builtin_alloca */
276 // record the object size for non-determistic bounds checking
280 // record alloca to detect invalid free
284#ifdef __CPROVER_STRING_ABSTRACTION
291/* FUNCTION: alloca */
320 // If ptr is NULL, no operation is performed.
323 "free argument must be NULL or valid pointer");
325 "free argument must be dynamic object");
327 "free argument has offset zero");
333 // catch people who try to use free(...) for stuff
334 // allocated with new[]
337 "free called for new[] object");
339 // catch people who try to use free(...) with alloca
342 "free called for stack-allocated object");
348 // detect memory leaks
354/* FUNCTION: strtol */
356#ifndef __CPROVER_ERRNO_H_INCLUDED
358 #define __CPROVER_ERRNO_H_INCLUDED
361#ifndef __CPROVER_LIMITS_H_INCLUDED
363#define __CPROVER_LIMITS_H_INCLUDED
381 #ifdef __CPROVER_STRING_ABSTRACTION
383 "zero-termination of argument of strtol");
396 // 32 chars is an arbitrarily chosen limit
404 else if((base==0 || base==16) && !
in_number &&
405 ch==
'0' && (
nptr[i+1]==
'x' ||
nptr[i+1]==
'X'))
425 else if(base>10 &&
ch>=
'a' &&
ch-
'a'<base-10)
427 else if(base>10 &&
ch>=
'A' &&
ch-
'A'<base-10)
432 base=base==0 ? 10 : base;
484/* FUNCTION: getenv */
488#ifndef __CPROVER_STDDEF_H_INCLUDED
490 # define __CPROVER_STDDEF_H_INCLUDED
501 #ifdef __CPROVER_STRING_ABSTRACTION
503 "zero-termination of argument of getenv");
506#ifdef __CPROVER_CUSTOM_BITVECTOR_ANALYSIS
519 // It's reasonable to assume this won't exceed the signed
520 // range in practice, but in principle, this could exceed
527# ifdef __CPROVER_STRING_ABSTRACTION
537/* FUNCTION: realloc */
547 "realloc argument is dynamic object");
549 // if ptr is NULL, this behaves like malloc
553 // if malloc-size is 0, allocate new minimum sized object
561 // this shouldn't move if the new size isn't bigger
573/* FUNCTION: valloc */
579 // The allocated memory is aligned on a page
580 // boundary, which we don't model.
586/* FUNCTION: posix_memalign */
588#ifndef __CPROVER_ERRNO_H_INCLUDED
590#define __CPROVER_ERRNO_H_INCLUDED
604 // Modeling the posix_memalign checks on alignment.
606 alignment %
sizeof(
void *) != 0 || ((multiplier) & (multiplier - 1)) != 0 ||
611 // The address of the allocated memory is supposed to be aligned with
612 // alignment. As cbmc doesn't model address alignment,
613 // assuming MALLOC_ALIGNMENT = MAX_INT_VALUE seems fair.
614 // As _mid_memalign simplifies for alignment <= MALLOC_ALIGNMENT
615 // to a malloc call, it should be sound, if we do it too.
626/* FUNCTION: random */
632 // We return a non-deterministic value instead of a random one.
646 // We return a non-deterministic value instead of a random one.
652/* FUNCTION: rand_r */
659 // We return a non-deterministic value instead of a random one.
666/* FUNCTION: __CPROVER_deallocate */
__CPROVER_thread_local __CPROVER_size_t __CPROVER_max_malloc_size
int __CPROVER_malloc_failure_mode
int __CPROVER_malloc_failure_mode_return_null
void * __CPROVER_allocate(__CPROVER_size_t size, __CPROVER_bool zero)
const void * __CPROVER_deallocated
const void * __CPROVER_memory_leak
__CPROVER_bool __CPROVER_malloc_may_fail
int __CPROVER_malloc_failure_mode_assert_then_assume
__CPROVER_bool __CPROVER_r_ok(const void *,...)
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
mp_integer alignment(const typet &type, const namespacet &ns)
int __VERIFIER_nondet_int(void)
void * alloca(__CPROVER_size_t alloca_size)
long atol(const char *nptr)
_Bool __builtin_mul_overflow()
long int labs(long int i)
int posix_memalign(void **ptr, __CPROVER_size_t alignment, __CPROVER_size_t size)
long strtol(const char *nptr, char **endptr, int base)
int rand_r(unsigned int *seed)
intmax_t __CPROVER_imaxabs(intmax_t)
void * malloc(__CPROVER_size_t malloc_size)
long int __builtin_labs(long int i)
void __CPROVER_deallocate(void *)
void * valloc(__CPROVER_size_t malloc_size)
const void * __CPROVER_new_object
void * calloc(__CPROVER_size_t nmemb, __CPROVER_size_t size)
__CPROVER_bool __VERIFIER_nondet___CPROVER_bool(void)
void * __builtin_alloca(__CPROVER_size_t alloca_size)
intmax_t imaxabs(intmax_t i)
_Bool __builtin_add_overflow()
long long int llabs(long long int i)
char * getenv(const char *name)
const void * __CPROVER_alloca_object
long long int __builtin_llabs(long long int i)
__CPROVER_bool __CPROVER_malloc_is_new_array
ptrdiff_t __VERIFIER_nondet_ptrdiff_t(void)
int atoi(const char *nptr)
void * realloc(void *ptr, __CPROVER_size_t malloc_size)
long __VERIFIER_nondet_long(void)