Skip to content

Non-termination of CBMC on use of size_t as type of a quantified variable #8365

Closed
@rod-chapman

Description

@rod-chapman

CBMC version: 6.0.1 (with candidate fix for #8329 applied)
Operating system: macOS
Exact command line resulting in the issue: "make"
What behaviour did you expect: successful termination
What happened instead: Non-termination

I have found a better test case that illustrates this issue. Possibly related to #8326.

Test case: https://github.com/rod-chapman/cbmc-examples/tree/main/issues/8365

Note the difference in the two versions of the inner loop invariant. When I use "int" for the type of the quantified variable, all is well and the verification terminates with 1 unproven VC.

When I use "size_t" as the type of the quantified variable, I get:

cbmc --bounds-check --pointer-check --memory-cleanup-check --div-by-zero-check --signed-overflow-check --unsigned-overflow-check --pointer-overflow-check --conversion-check --undefined-shift-check --enum-range-check --pointer-primitive-check --verbosity 6 --smt2 main_contracts.goto
CBMC version 6.0.1 (cbmc-5.34.0-4388-g73ef5ef424) 64-bit arm64 macos
Reading GOTO program from file main_contracts.goto
Generating GOTO Program
Adding CPROVER library (arm64)
Removal of function pointers and virtual functions
Generic Property Instrumentation
Starting Bounded Model Checking
Passing problem to SMT2 QF_AUFBV using Z3
converting SSA
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
Running SMT2 QF_AUFBV using Z3
... and so on...

Hopefully this will yield additional insight into what's going wrong.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions