Merge pull request #5212 from xbauch/feature/malloc-may-fail

Add malloc-may-fail option to goto-check

Author: danpoe

doc/cprover-manual/properties.md

@@ -326,6 +326,7 @@ with `__`.
 |------------------------|-------------------------------------------------|
 | `--malloc-fail-null`   |  in case malloc fails return NULL               |
 | `--malloc-fail-assert` |  in case malloc fails report as failed property |
+| `--malloc-may-fail`    |  malloc may non-deterministically fail          |
 
 Calling `malloc` may fail for a number of reasons and the function may return a
 NULL pointer. The users can choose if and how they want the `malloc`-related
@@ -335,3 +336,7 @@ additional properties inside `malloc` that are checked and if failing the
 verification is terminated (by `assume(false)`). One such property is that the
 allocated size is not too large, i.e. internally representable. When neither of
 those two options are used, CBMC will assume that `malloc` does not fail.
+
+Malloc may also fail for external reasons which are not modelled by CProver. If
+you want to replicate this behaviour use the option `--malloc-may-fail` in
+conjunction with one of the above modes of failure.

regression/cbmc/Pointer_byte_extract5/no-simplify.desc

@@ -4,7 +4,7 @@ main.i
 ^EXIT=10$
 ^SIGNAL=0$
 array\.List dynamic object upper bound in p->List\[2\]: FAILURE
-\*\* 1 of 15 failed
+\*\* 1 of 16 failed
 --
 ^warning: ignoring
 --

regression/cbmc/Pointer_byte_extract5/test.desc

@@ -4,7 +4,7 @@ main.i
 ^EXIT=10$
 ^SIGNAL=0$
 array\.List dynamic object upper bound in p->List\[2\]: FAILURE
-\*\* 1 of 13 failed
+\*\* 1 of 14 failed
 --
 ^warning: ignoring
 --

regression/cbmc/array_constraints1/test.desc

@@ -4,6 +4,6 @@ main.c
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
-^\*\* 2 of 15
+^\*\* 2 of 16
 --
 ^warning: ignoring

regression/cbmc/malloc-may-fail/main.c

@@ -0,0 +1,7 @@
+#include <stdlib.h>
+
+int main()
+{
+  char *p = malloc(100);
+  assert(p); // should fail, given the malloc-may-fail option
+}

regression/cbmc/malloc-may-fail/test.desc

@@ -0,0 +1,9 @@
+CORE
+main.c
+--malloc-may-fail --malloc-fail-null
+^EXIT=10$
+^SIGNAL=0$
+^\[main.assertion.\d+\] line \d+ assertion p: FAILURE$
+^VERIFICATION FAILED$
+--
+^warning: ignoring

regression/cbmc/malloc-may-fail/test_without_option.desc

@@ -0,0 +1,9 @@
+CORE
+main.c
+
+^EXIT=0$
+^SIGNAL=0$
+^\[main.assertion.\d+\] line \d+ assertion p: SUCCESS$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring

regression/cbmc/pointer-overflow1/test.desc

@@ -5,7 +5,7 @@ main.c
 ^SIGNAL=0$
 ^\[main\.overflow\.\d+\] line \d+ (pointer )?arithmetic overflow on .*sizeof\(signed int\) .* : SUCCESS
 ^VERIFICATION FAILED$
-^\*\* 8 of 12 failed
+^\*\* 8 of 13 failed
 --
 ^\[main\.overflow\.\d+\] line \d+ (pointer )?arithmetic overflow on .*sizeof\(signed int\) .* : FAILURE
 ^warning: ignoring

regression/cbmc/r_w_ok1/test.desc

@@ -2,7 +2,7 @@ CORE
 main.c
 
 __CPROVER_[rw]_ok\(arbitrary_size, n \+ 1\): FAILURE$
-^\*\* 2 of 11 failed
+^\*\* 2 of 12 failed
 ^VERIFICATION FAILED$
 ^EXIT=10$
 ^SIGNAL=0$

regression/goto-analyzer/constant_propagation_01/test.desc

@@ -3,7 +3,7 @@ main.c
 --constants --simplify out.gb
 ^EXIT=0$
 ^SIGNAL=0$
-^Simplified:  assert: 1, assume: 0, goto: 1, assigns: 7, function calls: 0$
+^Simplified:  assert: 1, assume: 0, goto: 1, assigns: 8, function calls: 0$
 ^Unmodified:  assert: 0, assume: 0, goto: 0, assigns: 18, function calls: 2$
 --
 ^warning: ignoring