-
Notifications
You must be signed in to change notification settings - Fork 37
Seahorn verifies assert!(false)
#102
Comments
Seams like the iterator of the range |
Iterators are surprisingly complex - lots of method calls. btw why is there a call to verifier_nondet inside the if statement? |
Yes, but it's not that bad, I thought SH should handle it.
In the real code there's a print instruction there, and I replaced it with that nondet (rvt-patch-llvm does a similar thing for SH). |
Here is the example with everything unfolded (I looked at mem::replace and it could be challenging for verifiers): struct MyRange {
start: i32,
end: i32,
}
impl MyRange {
pub fn new(s: i32, e: i32) -> MyRange {
MyRange { start: s, end: e }
}
pub fn next(&mut self) -> Option<i32> {
if self.start < self.end {
let n = self.start + 1;
Some(std::mem::replace(&mut self.start, n))
} else {
None
}
}
}
#[test]
fn tsimpl_exp() {
let mut r = MyRange::new(0,1);
loop {
match r.next() {
Some(_) => {
n(0);
verifier::VerifierNonDet::verifier_nondet(0);
},
None => break,
}
}
if is_one(0) {
verifier::VerifierNonDet::verifier_nondet(0);
}
verifier::abort();
} |
@fshaked IIRC, this was due to exceeding the bound during bounded verification combined with a confusing or unclear error message. |
The following minimal example is verified by Seahorn, even though it should obviously fail:
The text was updated successfully, but these errors were encountered: