44# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
55# SPDX-License-Identifier: MIT-0
66
7- CBMC_STARTER_KIT_VERSION = CBMC starter kit 2.10
7+ CBMC_STARTER_KIT_VERSION = CBMC starter kit 2.11
88
99# ###############################################################
1010# The CBMC Starter Kit depends on the files Makefile.common and
@@ -211,10 +211,13 @@ CHECKFLAGS += $(USE_EXTERNAL_SAT_SOLVER)
211211
212212ifeq ($(strip $(ENABLE_POOLS ) ) ,)
213213 POOL =
214+ INIT_POOLS =
214215else ifeq ($(strip $(EXPENSIVE)),)
215216 POOL =
217+ INIT_POOLS =
216218else
217219 POOL = --pool expensive
220+ INIT_POOLS = --pools expensive:1
218221endif
219222
220223# Similar to the pool feature above. If Litani is new enough, enable
@@ -229,36 +232,43 @@ endif
229232#
230233# Each variable below controls a specific property checking flag
231234# within CBMC. If desired, a property flag can be disabled within
232- # a particular proof by nulling the corresponding variable. For
233- # instance, the following line:
235+ # a particular proof by nulling the corresponding variable when CBMC's default
236+ # is not to perform such checks, or setting to --no-<CHECK>-check when CBMC's
237+ # default is to perform such checks. For instance, the following lines:
234238#
235- # CHECK_FLAG_POINTER_CHECK =
239+ # CBMC_FLAG_POINTER_CHECK = --no-pointer-check
240+ # CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK =
236241#
237- # would disable the --pointer-check CBMC flag within:
242+ # would disable pointer checks and unsigned overflow checks with CBMC flag
243+ # within:
238244# * an entire project when added to Makefile-project-defines
239245# * a specific proof when added to the harness Makefile
240246
241- CBMC_FLAG_MALLOC_MAY_FAIL ?= --malloc-may-fail
242- CBMC_FLAG_MALLOC_FAIL_NULL ?= --malloc-fail-null
243- CBMC_FLAG_BOUNDS_CHECK ?= --bounds-check
247+ CBMC_FLAG_MALLOC_MAY_FAIL ?= # set to --no-malloc-may-fail to disable
248+ CBMC_FLAG_BOUNDS_CHECK ?= # set to --no-bounds-check to disable
244249CBMC_FLAG_CONVERSION_CHECK ?= --conversion-check
245- CBMC_FLAG_DIV_BY_ZERO_CHECK ?= -- div-by-zero-check
250+ CBMC_FLAG_DIV_BY_ZERO_CHECK ?= # set to --no- div-by-zero-check to disable
246251CBMC_FLAG_FLOAT_OVERFLOW_CHECK ?= --float-overflow-check
247252CBMC_FLAG_NAN_CHECK ?= --nan-check
248- CBMC_FLAG_POINTER_CHECK ?= -- pointer-check
253+ CBMC_FLAG_POINTER_CHECK ?= # set to --no- pointer-check to disable
249254CBMC_FLAG_POINTER_OVERFLOW_CHECK ?= --pointer-overflow-check
250- CBMC_FLAG_POINTER_PRIMITIVE_CHECK ?= -- pointer-primitive-check
251- CBMC_FLAG_SIGNED_OVERFLOW_CHECK ?= -- signed-overflow-check
252- CBMC_FLAG_UNDEFINED_SHIFT_CHECK ?= -- undefined-shift-check
255+ CBMC_FLAG_POINTER_PRIMITIVE_CHECK ?= # set to --no- pointer-primitive-check to disable
256+ CBMC_FLAG_SIGNED_OVERFLOW_CHECK ?= # set to --no- signed-overflow-check to disable
257+ CBMC_FLAG_UNDEFINED_SHIFT_CHECK ?= # set to --no- undefined-shift-check to disable
253258CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK ?= --unsigned-overflow-check
254- CBMC_FLAG_UNWINDING_ASSERTIONS ?= -- unwinding-assertions
259+ CBMC_FLAG_UNWINDING_ASSERTIONS ?= # set to --no- unwinding-assertions to disable
255260CBMC_DEFAULT_UNWIND ?= --unwind 1
256261CBMC_FLAG_FLUSH ?= --flush
257262
258263# CBMC flags used for property checking and coverage checking
259264
260265CBMCFLAGS += $(CBMC_FLAG_FLUSH )
261266
267+ # CBMC 6.0.0 enables all standard checks by default, which can make coverage analysis
268+ # very slow. See https://github.com/diffblue/cbmc/issues/8389
269+ # For now, we disable these checks when generating coverage info.
270+ COVERFLAGS ?= --no-standard-checks --malloc-may-fail --malloc-fail-null
271+
262272# CBMC flags used for property checking
263273
264274CHECKFLAGS += $(CBMC_FLAG_BOUNDS_CHECK )
@@ -299,8 +309,8 @@ CHECKFLAGS += $(CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK)
299309NONDET_STATIC ?=
300310
301311# Flags to pass to goto-cc for compilation and linking
302- COMPILE_FLAGS ?= -Wall
303- LINK_FLAGS ?= -Wall
312+ COMPILE_FLAGS ?= -Wall -Werror
313+ LINK_FLAGS ?= -Wall -Werror
304314EXPORT_FILE_LOCAL_SYMBOLS ?= --export-file-local-symbols
305315
306316# During instrumentation, it adds models of C library functions
@@ -404,7 +414,7 @@ endif
404414
405415# Optional configuration library flags
406416OPT_CONFIG_LIBRARY ?=
407- CBMC_OPT_CONFIG_LIBRARY := $(CBMC_FLAG_MALLOC_MAY_FAIL ) $(CBMC_FLAG_MALLOC_FAIL_NULL ) $( CBMC_STRING_ABSTRACTION )
417+ CBMC_OPT_CONFIG_LIBRARY := $(CBMC_FLAG_MALLOC_MAY_FAIL ) $(CBMC_STRING_ABSTRACTION )
408418
409419# Proof writers could add function contracts in their source code.
410420# These contracts are ignored by default, but may be enabled in two distinct
@@ -453,7 +463,7 @@ endif
453463# The default unwind should only be used in DFCC mode without loop contracts.
454464# When loop contracts are applied, we only unwind specified loops.
455465# If any loops remain after loop contracts have been applied, CBMC might try
456- # to unwind the program indefinetly , because we do not pass default unwind
466+ # to unwind the program indefinitely , because we do not pass default unwind
457467# (i.e., --unwind 1) to CBMC when in DFCC mode.
458468# We must not use a default unwind command in DFCC mode, because contract instrumentation
459469# introduces loops encoding write set inclusion checks that must be dynamically unwound during
@@ -510,7 +520,6 @@ COMMA :=,
510520# Set C compiler defines
511521
512522CBMCFLAGS += --object-bits $(CBMC_OBJECT_BITS )
513- COMPILE_FLAGS += --object-bits $(CBMC_OBJECT_BITS )
514523
515524DEFINES += -DCBMC=1
516525DEFINES += -DCBMC_OBJECT_BITS=$(CBMC_OBJECT_BITS )
@@ -833,6 +842,23 @@ $(LOGDIR)/result.xml: $(HARNESS_GOTO).goto
833842 --stderr-file $(LOGDIR ) /result-err-log.txt \
834843 --description " $( PROOF_UID) "
835844
845+ $(LOGDIR ) /result.txt$(HARNESS_GOTO ) .goto
846+ $(LITANI ) add-job \
847+ $(POOL ) \
848+ --command \
849+ ' $(CBMC) $(CBMC_VERBOSITY) $(CBMCFLAGS) $(CBMC_FLAG_UNWINDING_ASSERTIONS) $(CHECKFLAGS) --trace $<' \
850+ --inputs $^ \
851+ --outputs $@ \
852+ --ci-stage test \
853+ --stdout-file $@ \
854+ $(MEMORY_PROFILING ) \
855+ --ignore-returns 10 \
856+ --timeout $(CBMC_TIMEOUT ) \
857+ --pipeline-name " $( PROOF_UID) " \
858+ --tags " stats-group:safety checks" \
859+ --stderr-file $(LOGDIR ) /result-err-log.txt \
860+ --description " $( PROOF_UID) "
861+
836862$(LOGDIR ) /property.xml$(HARNESS_GOTO ) .goto
837863 $(LITANI ) add-job \
838864 --command \
@@ -898,7 +924,7 @@ litani-path:
898924_goto : $(HARNESS_GOTO ) .goto
899925goto :
900926 @ echo Running ' litani init'
901- $(LITANI ) init --project $(PROJECT_NAME )
927+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
902928 @ echo Running ' litani add-job'
903929 $(MAKE ) -B _goto
904930 @ echo Running ' litani build'
@@ -907,7 +933,7 @@ goto:
907933_result : $(LOGDIR ) /result.txt
908934result :
909935 @ echo Running ' litani init'
910- $(LITANI ) init --project $(PROJECT_NAME )
936+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
911937 @ echo Running ' litani add-job'
912938 $(MAKE ) -B _result
913939 @ echo Running ' litani build'
@@ -916,7 +942,7 @@ result:
916942_property : $(LOGDIR ) /property.xml
917943property :
918944 @ echo Running ' litani init'
919- $(LITANI ) init --project $(PROJECT_NAME )
945+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
920946 @ echo Running ' litani add-job'
921947 $(MAKE ) -B _property
922948 @ echo Running ' litani build'
@@ -925,7 +951,7 @@ property:
925951_coverage : $(LOGDIR ) /coverage.xml
926952coverage :
927953 @ echo Running ' litani init'
928- $(LITANI ) init --project $(PROJECT_NAME )
954+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
929955 @ echo Running ' litani add-job'
930956 $(MAKE ) -B _coverage
931957 @ echo Running ' litani build'
@@ -934,7 +960,7 @@ coverage:
934960_report : $(PROOFDIR ) /report
935961report :
936962 @ echo Running ' litani init'
937- $(LITANI ) init --project $(PROJECT_NAME )
963+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
938964 @ echo Running ' litani add-job'
939965 $(MAKE ) -B _report
940966 @ echo Running ' litani build'
0 commit comments