Open
Description
Dear CBMC developers,
I'm running into an issue using CBMC 6.6.0 to verify a basic multi-threaded Cpp program. When including <pthread.h>, CBMC reports a type mismatch for pthread_create due to a difference in the parameter types for pthread_attr_t.
Minimal Reproducible Example
#include <pthread.h>
#include <assert.h>
int shared_variable = 0;
void* increment(void* arg) {
int temp = shared_variable;
shared_variable = temp + 1;
return 0;
}
void* decrement(void* arg) {
int temp = shared_variable;
shared_variable = temp - 1;
return 0;
}
int main() {
pthread_t thread1, thread2;
pthread_create(&thread1, 0, increment, 0);
pthread_create(&thread2, 0, decrement, 0);
pthread_join(thread1, 0);
pthread_join(thread2, 0);
__CPROVER_assert(shared_variable == 0, "Race condition detected: shared_variable ");
return 0;
}CBMC Output
CBMC version 6.6.0 (cbmc-6.6.0) 64-bit x86_64 linux
Type-checking test_unsafe
Generating GOTO Program
Adding CPROVER library (x86_64)
file <builtin-library-pthread_create> line 27: pointer parameter types differ between declaration and definition 'pthread_create(pthread_t *, const union pthread_attr_t *, auto (*)(void *) -> void *, void *)'
old definition in module test_unsafe file /usr/include/pthread.h line 202
signed int (pthread_t *, const pthread_attr_t *, void * (*)(void *), void *)
new definition in module <built-in-library> file <builtin-library-pthread_create> line 27
signed int (pthread_t *thread, const pthread_attr_t *attr, void * (*start_routine)(void *), void *arg)
Removal of function pointers and virtual functions
Generic Property Instrumentation
Starting Bounded Model Checking
pointer handling for concurrency is unsound
Question
Is there a way to resolve this mismatch cleanly without ignoring pointer checks?
Ideally, I would like to:
- Use pthread without redefining or using work around like __CPROVER_ASYNC
- Allow CBMC to simulate threads or analyze races.
- Still be able to perform standard checks
Thank you in advance :)