ef6005dd6f
Executing a function may have a cumulative effect on the state guard. For example, if the callee contained ASSUME statements that rendered one or more control-flow options unviable then the guard might still embody that restriction (i.e. for if(x) ASSUME(false) the guard might still be `!x`). However, on function return we know that all control-flow paths have converged or been shown to be unviable, so we can restore the simpler guard as it was when we entered the callee function. Exceptions: (a) if the guard is false it would be correct but inefficient to restore it; keep it false until we find a convergeance with another viable path (b) if we're doing path-sensitive symex then we do tail duplication, and there are no control-flow convergeances. Keep the guard as-was. (c) if we're executing a multi-threaded program then symex_assume_l2 uses the guard to accumulate assumptions, which we must not discard. In truth this optimisation is applicable whenever a block postdominates another, but function structure gives us a cheap way to establish postdominance without analysis (in the absence of setjmp/longjmp at least) |
||
---|---|---|
.githooks | ||
.github | ||
cmake | ||
doc | ||
integration/xen | ||
jbmc | ||
pkg/arch | ||
regression | ||
scripts | ||
src | ||
unit | ||
.clang-format | ||
.clang-format-ignore | ||
.dir-locals.el | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.gitmodules | ||
.travis.yml | ||
CHANGELOG | ||
CMakeLists.txt | ||
CODEOWNERS | ||
CODING_STANDARD.md | ||
COMPILING.md | ||
LICENSE | ||
MINI-PROJECTS.md | ||
README.md | ||
buildspec-linux-clang-3.8.yml | ||
buildspec-linux-clang.yml | ||
buildspec-linux-cmake-gcc-cov.yml | ||
buildspec-linux-cmake-gcc.yml | ||
buildspec-linux-make-gcc-cov.yml | ||
buildspec-msbuild.yml | ||
buildspec-windows.yml | ||
buildspec.yml | ||
gcloud-travis-cbmc.json.enc |
README.md
About
CBMC is a Bounded Model Checker for C and C++ programs. It supports C89, C99, most of C11 and most compiler extensions provided by gcc and Visual Studio. It also supports SystemC using Scoot. It allows verifying array bounds (buffer overflows), pointer safety, exceptions and user-specified assertions. Furthermore, it can check C and C++ for consistency with other languages, such as Verilog. The verification is performed by unwinding the loops in the program and passing the resulting equation to a decision procedure.
For full information see cprover.org.
Versions
Get the latest release
- Releases are tested and for production use.
Get the current develop version: git clone https://github.com/diffblue/cbmc.git
- Develop versions are not recommended for production use.
Report bugs
If you encounter a problem please file a bug report:
- Create an issue
Contributing to the code base
- Fork the repository
- Clone the repository
git clone git@github.com:YOURNAME/cbmc.git
- Create a branch from the
develop
branch (default branch) - Make your changes (follow the coding guidelines)
- Push your changes to your branch
- Create a Pull Request targeting the
develop
branch
New contributors can look through the mini projects page for small, focussed feature ideas.
License
4-clause BSD license, see LICENSE
file.