Open
Description
The __CPROVER_old primitive is not recognized when called from a spec function, whereas inlining the same code into the contract makes it work.
Concretely this example works
void modify(int *i)
__CPROVER_requires(*i < 10)
__CPROVER_ensures(*i == __CPROVER_old(*i) + 1)
__CPROVER_assigns(*i)
{
*i += 1;
}
int main() {
int i = 0;
modify(&i);
}but this refactor of the same code does not.
int check(int *i) {
return *i == __CPROVER_old(*i) + 1;
}
void modify(int *i)
__CPROVER_requires(*i < 10)
__CPROVER_ensures(check(i))
__CPROVER_assigns(*i)
{
*i += 1;
}
int main() {
int i = 0;
modify(&i);
}It fails not quite silently but emits a warning before failing the verification
warning: ignoring old
* type: signedbv
* width: 32
* #c_type: signed_int
* #source_location:
* file: test.c
* line: 2
* function: check
* working_directory: /Users/justbldr/research/kani/tests/kani/FunctionContract
0: constant
* type: signedbv
* width: 32
* #c_type: signed_int
* value: 1
CBMC version: 5.84.0
Operating system: OSX
Exact command line resulting in the issue: goto-instrument --enforce-contract modify test.out test.out2 && cbmc test.out2
What behaviour did you expect: Verification success
What happened instead: Verification failure and warning
This is currently blocking model-checking/kani#2545