Merge pull request #5808 from TGWDB/CPROVER-enum-is-in-range

This adds a new builtin function __CPROVER_enum_is_in_range to determine if an enum is one of the valid enum values. This fixes issue 5473: #5473

Author: TGWDB

doc/cprover-manual/api.md

@@ -125,6 +125,38 @@ stored in the given arrays are equal. The function
 the array **dest**. The function **\_\_CPROVER\_array\_set** initializes
 the array **dest** with the given value.
 
+
+#### \_\_CPROVER\_enum\_is\_in\_range
+
+```C
+__CPROVER_bool __CPROVER_enum_is_in_range();
+```
+
+The function **\_\_CPROVER\_enum\_is\_in\_range** is used to check
+that an enumeration has one of the defined enumeration values. In
+the following example `__CPROVER_enum_is_in_range(ev1)` will return
+true and the assertion will pass
+```C
+enum my_enum { first, second };
+
+int main()
+{
+  enum my_enum ev1 = second;
+  assert(__CPROVER_enum_is_in_range(ev1));
+}
+```
+However, in the example below the assertion will fail
+```C
+enum my_enum { first, second };
+
+int main()
+{
+  enum my_enum ev1 = second + 1;
+  assert(__CPROVER_enum_is_in_range(ev1));
+}
+```
+
+
 #### Uninterpreted Functions
 
 Uninterpreted functions are documented [here](./modeling-nondeterminism.md)).

regression/ansi-c/enum_is_in_range/enum_test10.c

@@ -0,0 +1,26 @@
+#include <assert.h>
+
+enum my_enum
+{
+  first,
+  second,
+  third,
+  fourth,
+  fifth
+};
+
+int main()
+{
+  enum my_enum ev1;
+  enum my_enum ev2;
+  ev1 = first;
+  ev2 = fifth;
+  int i = 0;
+  while(i < 10)
+  {
+    ev1++;
+    assert(__CPROVER_enum_is_in_range(i));
+    i++;
+  }
+  return 0;
+}

regression/ansi-c/enum_is_in_range/enum_test10.desc

@@ -0,0 +1,12 @@
+CORE
+enum_test10.c
+
+^EXIT=(6|70)$
+^SIGNAL=0$
+^file enum_test10.c line \d+ function main: __CPROVER_enum_is_in_range expects enum, but \(i\) has type `signed int`$
+--
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(i\): SUCCESS$
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(i\): FAILURE$
+^\*\*\*\* WARNING: no body for function __CPROVER_enum_is_in_range$
+--
+This test the type checking of argument for __CPROVER_enum_is_in_range

regression/ansi-c/enum_is_in_range/enum_test12.c

@@ -0,0 +1,20 @@
+#include <assert.h>
+
+enum my_enum
+{
+  first,
+  second,
+  third,
+  fourth,
+  fifth
+};
+
+int main()
+{
+  enum my_enum ev1;
+  enum my_enum ev2;
+  ev1 = first;
+  ev2 = fifth;
+  assert(__CPROVER_enum_is_in_range(ev1, ev2));
+  return 0;
+}

regression/ansi-c/enum_is_in_range/enum_test12.desc

@@ -0,0 +1,12 @@
+CORE
+enum_test12.c
+
+^EXIT=(6|70)$
+^SIGNAL=0$
+^file enum_test12.c line \d+ function main: __CPROVER_enum_is_in_range takes exactly 1 argument, but 2 were provided$
+--
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(.*\): SUCCESS$
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(.*\): FAILURE$
+^\*\*\*\* WARNING: no body for function __CPROVER_enum_is_in_range$
+--
+This test the type checking of argument for __CPROVER_enum_is_in_range

regression/cbmc/enum_is_in_range/enum_test3.c

@@ -0,0 +1,24 @@
+#include <assert.h>
+
+enum my_enum
+{
+  first,
+  second,
+  third,
+  fourth,
+  fifth
+};
+
+int main()
+{
+  enum my_enum ev1;
+  enum my_enum ev2;
+  ev1 = first;
+  ev2 = fifth;
+  while(ev1 != ev2)
+  {
+    ev1++;
+    assert(__CPROVER_enum_is_in_range(ev1));
+  }
+  return 0;
+}

regression/cbmc/enum_is_in_range/enum_test3.desc

@@ -0,0 +1,11 @@
+CORE
+enum_test3.c
+
+^EXIT=0$
+^SIGNAL=0$
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(ev1\): SUCCESS
+--
+^\*\*\*\* WARNING: no body for function __CPROVER_enum_is_in_range
+--
+This test is for the enum_is_in_range working properly, the negation
+is if the function is not defined.

regression/cbmc/enum_is_in_range/enum_test4.c

@@ -0,0 +1,26 @@
+#include <assert.h>
+
+enum my_enum
+{
+  first,
+  second,
+  third,
+  fourth,
+  fifth
+};
+
+int main()
+{
+  enum my_enum ev1;
+  enum my_enum ev2;
+  ev1 = first;
+  ev2 = fifth;
+  int i = 0;
+  while(i < 10)
+  {
+    ev1++;
+    assert(__CPROVER_enum_is_in_range(ev1));
+    i++;
+  }
+  return 0;
+}

regression/cbmc/enum_is_in_range/enum_test4.desc

@@ -0,0 +1,13 @@
+CORE
+enum_test4.c
+
+^EXIT=10$
+^SIGNAL=0$
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(ev1\): FAILURE$
+--
+^\[main.assertion.1\] line \d+ assertion __CPROVER_enum_is_in_range\(ev1\): SUCCESS$
+^\*\*\*\* WARNING: no body for function __CPROVER_enum_is_in_range$
+--
+This test is for the enum_is_in_range working properly and detecting
+when the enum is not in range. The negation tests are to ensure the
+out of range is detected, and if the function is not defined.

regression/cbmc/enum_is_in_range/enum_test5.c

@@ -0,0 +1,25 @@
+#include <assert.h>
+
+enum my_enum
+{
+  first,
+  second,
+  third,
+  fourth,
+  fifth
+};
+
+void testfun(enum my_enum ee)
+{
+}
+
+int main()
+{
+  enum my_enum ev1;
+  enum my_enum ev2;
+  __CPROVER_assume(__CPROVER_enum_is_in_range(ev1));
+  enum my_enum ev3 = ev1;
+  testfun(ev3);
+  testfun(ev2);
+  return 0;
+}