4
4
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
5
5
# SPDX-License-Identifier: MIT-0
6
6
7
- CBMC_STARTER_KIT_VERSION = CBMC starter kit 2.10
7
+ CBMC_STARTER_KIT_VERSION = CBMC starter kit 2.11
8
8
9
9
# ###############################################################
10
10
# The CBMC Starter Kit depends on the files Makefile.common and
@@ -211,10 +211,13 @@ CHECKFLAGS += $(USE_EXTERNAL_SAT_SOLVER)
211
211
212
212
ifeq ($(strip $(ENABLE_POOLS ) ) ,)
213
213
POOL =
214
+ INIT_POOLS =
214
215
else ifeq ($(strip $(EXPENSIVE)),)
215
216
POOL =
217
+ INIT_POOLS =
216
218
else
217
219
POOL = --pool expensive
220
+ INIT_POOLS = --pools expensive:1
218
221
endif
219
222
220
223
# Similar to the pool feature above. If Litani is new enough, enable
@@ -229,36 +232,43 @@ endif
229
232
#
230
233
# Each variable below controls a specific property checking flag
231
234
# within CBMC. If desired, a property flag can be disabled within
232
- # a particular proof by nulling the corresponding variable. For
233
- # instance, the following line:
235
+ # a particular proof by nulling the corresponding variable when CBMC's default
236
+ # is not to perform such checks, or setting to --no-<CHECK>-check when CBMC's
237
+ # default is to perform such checks. For instance, the following lines:
234
238
#
235
- # CHECK_FLAG_POINTER_CHECK =
239
+ # CBMC_FLAG_POINTER_CHECK = --no-pointer-check
240
+ # CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK =
236
241
#
237
- # would disable the --pointer-check CBMC flag within:
242
+ # would disable pointer checks and unsigned overflow checks with CBMC flag
243
+ # within:
238
244
# * an entire project when added to Makefile-project-defines
239
245
# * a specific proof when added to the harness Makefile
240
246
241
- CBMC_FLAG_MALLOC_MAY_FAIL ?= --malloc-may-fail
242
- CBMC_FLAG_MALLOC_FAIL_NULL ?= --malloc-fail-null
243
- CBMC_FLAG_BOUNDS_CHECK ?= --bounds-check
247
+ CBMC_FLAG_MALLOC_MAY_FAIL ?= # set to --no-malloc-may-fail to disable
248
+ CBMC_FLAG_BOUNDS_CHECK ?= # set to --no-bounds-check to disable
244
249
CBMC_FLAG_CONVERSION_CHECK ?= --conversion-check
245
- CBMC_FLAG_DIV_BY_ZERO_CHECK ?= -- div-by-zero-check
250
+ CBMC_FLAG_DIV_BY_ZERO_CHECK ?= # set to --no- div-by-zero-check to disable
246
251
CBMC_FLAG_FLOAT_OVERFLOW_CHECK ?= --float-overflow-check
247
252
CBMC_FLAG_NAN_CHECK ?= --nan-check
248
- CBMC_FLAG_POINTER_CHECK ?= -- pointer-check
253
+ CBMC_FLAG_POINTER_CHECK ?= # set to --no- pointer-check to disable
249
254
CBMC_FLAG_POINTER_OVERFLOW_CHECK ?= --pointer-overflow-check
250
- CBMC_FLAG_POINTER_PRIMITIVE_CHECK ?= -- pointer-primitive-check
251
- CBMC_FLAG_SIGNED_OVERFLOW_CHECK ?= -- signed-overflow-check
252
- CBMC_FLAG_UNDEFINED_SHIFT_CHECK ?= -- undefined-shift-check
255
+ CBMC_FLAG_POINTER_PRIMITIVE_CHECK ?= # set to --no- pointer-primitive-check to disable
256
+ CBMC_FLAG_SIGNED_OVERFLOW_CHECK ?= # set to --no- signed-overflow-check to disable
257
+ CBMC_FLAG_UNDEFINED_SHIFT_CHECK ?= # set to --no- undefined-shift-check to disable
253
258
CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK ?= --unsigned-overflow-check
254
- CBMC_FLAG_UNWINDING_ASSERTIONS ?= -- unwinding-assertions
259
+ CBMC_FLAG_UNWINDING_ASSERTIONS ?= # set to --no- unwinding-assertions to disable
255
260
CBMC_DEFAULT_UNWIND ?= --unwind 1
256
261
CBMC_FLAG_FLUSH ?= --flush
257
262
258
263
# CBMC flags used for property checking and coverage checking
259
264
260
265
CBMCFLAGS += $(CBMC_FLAG_FLUSH )
261
266
267
+ # CBMC 6.0.0 enables all standard checks by default, which can make coverage analysis
268
+ # very slow. See https://github.com/diffblue/cbmc/issues/8389
269
+ # For now, we disable these checks when generating coverage info.
270
+ COVERFLAGS ?= --no-standard-checks --malloc-may-fail --malloc-fail-null
271
+
262
272
# CBMC flags used for property checking
263
273
264
274
CHECKFLAGS += $(CBMC_FLAG_BOUNDS_CHECK )
@@ -299,8 +309,8 @@ CHECKFLAGS += $(CBMC_FLAG_UNSIGNED_OVERFLOW_CHECK)
299
309
NONDET_STATIC ?=
300
310
301
311
# Flags to pass to goto-cc for compilation and linking
302
- COMPILE_FLAGS ?= -Wall
303
- LINK_FLAGS ?= -Wall
312
+ COMPILE_FLAGS ?= -Wall -Werror
313
+ LINK_FLAGS ?= -Wall -Werror
304
314
EXPORT_FILE_LOCAL_SYMBOLS ?= --export-file-local-symbols
305
315
306
316
# During instrumentation, it adds models of C library functions
@@ -404,7 +414,7 @@ endif
404
414
405
415
# Optional configuration library flags
406
416
OPT_CONFIG_LIBRARY ?=
407
- CBMC_OPT_CONFIG_LIBRARY := $(CBMC_FLAG_MALLOC_MAY_FAIL ) $(CBMC_FLAG_MALLOC_FAIL_NULL ) $( CBMC_STRING_ABSTRACTION )
417
+ CBMC_OPT_CONFIG_LIBRARY := $(CBMC_FLAG_MALLOC_MAY_FAIL ) $(CBMC_STRING_ABSTRACTION )
408
418
409
419
# Proof writers could add function contracts in their source code.
410
420
# These contracts are ignored by default, but may be enabled in two distinct
@@ -453,7 +463,7 @@ endif
453
463
# The default unwind should only be used in DFCC mode without loop contracts.
454
464
# When loop contracts are applied, we only unwind specified loops.
455
465
# If any loops remain after loop contracts have been applied, CBMC might try
456
- # to unwind the program indefinetly , because we do not pass default unwind
466
+ # to unwind the program indefinitely , because we do not pass default unwind
457
467
# (i.e., --unwind 1) to CBMC when in DFCC mode.
458
468
# We must not use a default unwind command in DFCC mode, because contract instrumentation
459
469
# introduces loops encoding write set inclusion checks that must be dynamically unwound during
@@ -510,7 +520,6 @@ COMMA :=,
510
520
# Set C compiler defines
511
521
512
522
CBMCFLAGS += --object-bits $(CBMC_OBJECT_BITS )
513
- COMPILE_FLAGS += --object-bits $(CBMC_OBJECT_BITS )
514
523
515
524
DEFINES += -DCBMC=1
516
525
DEFINES += -DCBMC_OBJECT_BITS=$(CBMC_OBJECT_BITS )
@@ -833,6 +842,23 @@ $(LOGDIR)/result.xml: $(HARNESS_GOTO).goto
833
842
--stderr-file $(LOGDIR ) /result-err-log.txt \
834
843
--description " $( PROOF_UID) : checking safety properties"
835
844
845
+ $(LOGDIR ) /result.txt : $(HARNESS_GOTO ) .goto
846
+ $(LITANI ) add-job \
847
+ $(POOL ) \
848
+ --command \
849
+ ' $(CBMC) $(CBMC_VERBOSITY) $(CBMCFLAGS) $(CBMC_FLAG_UNWINDING_ASSERTIONS) $(CHECKFLAGS) --trace $<' \
850
+ --inputs $^ \
851
+ --outputs $@ \
852
+ --ci-stage test \
853
+ --stdout-file $@ \
854
+ $(MEMORY_PROFILING ) \
855
+ --ignore-returns 10 \
856
+ --timeout $(CBMC_TIMEOUT ) \
857
+ --pipeline-name " $( PROOF_UID) " \
858
+ --tags " stats-group:safety checks" \
859
+ --stderr-file $(LOGDIR ) /result-err-log.txt \
860
+ --description " $( PROOF_UID) : checking safety properties"
861
+
836
862
$(LOGDIR ) /property.xml : $(HARNESS_GOTO ) .goto
837
863
$(LITANI ) add-job \
838
864
--command \
@@ -898,7 +924,7 @@ litani-path:
898
924
_goto : $(HARNESS_GOTO ) .goto
899
925
goto :
900
926
@ echo Running ' litani init'
901
- $(LITANI ) init --project $(PROJECT_NAME )
927
+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
902
928
@ echo Running ' litani add-job'
903
929
$(MAKE ) -B _goto
904
930
@ echo Running ' litani build'
@@ -907,7 +933,7 @@ goto:
907
933
_result : $(LOGDIR ) /result.txt
908
934
result :
909
935
@ echo Running ' litani init'
910
- $(LITANI ) init --project $(PROJECT_NAME )
936
+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
911
937
@ echo Running ' litani add-job'
912
938
$(MAKE ) -B _result
913
939
@ echo Running ' litani build'
@@ -916,7 +942,7 @@ result:
916
942
_property : $(LOGDIR ) /property.xml
917
943
property :
918
944
@ echo Running ' litani init'
919
- $(LITANI ) init --project $(PROJECT_NAME )
945
+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
920
946
@ echo Running ' litani add-job'
921
947
$(MAKE ) -B _property
922
948
@ echo Running ' litani build'
@@ -925,7 +951,7 @@ property:
925
951
_coverage : $(LOGDIR ) /coverage.xml
926
952
coverage :
927
953
@ echo Running ' litani init'
928
- $(LITANI ) init --project $(PROJECT_NAME )
954
+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
929
955
@ echo Running ' litani add-job'
930
956
$(MAKE ) -B _coverage
931
957
@ echo Running ' litani build'
@@ -934,7 +960,7 @@ coverage:
934
960
_report : $(PROOFDIR ) /report
935
961
report :
936
962
@ echo Running ' litani init'
937
- $(LITANI ) init --project $(PROJECT_NAME )
963
+ $(LITANI ) init $( INIT_POOLS ) --project $(PROJECT_NAME )
938
964
@ echo Running ' litani add-job'
939
965
$(MAKE ) -B _report
940
966
@ echo Running ' litani build'
0 commit comments