Adds an over-approximation model for sysconf

Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>
diffblue · Jul 11, 2023 · 830a60f · 830a60f
1 parent 64bf1ca
commit 830a60f
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 0 deletions.
diff --git a/regression/cbmc-library/sysconf-01/main.c b/regression/cbmc-library/sysconf-01/main.c
@@ -0,0 +1,27 @@
+#include <errno.h>
+#include <unistd.h>
+
+main()
+{
+  long result;
+  int name;
+
+  errno = 0;
+  // Testing sysconf as an over-apporximation.
+  // We expect to cover all branches, thus, all assertions should fail.
+  if((result = sysconf(name)) == -1)
+  {
+    if(errno == 0)
+    {
+      __CPROVER_assert(0, "ARG_MAX is not supported");
+    }
+    else
+    {
+      __CPROVER_assert(0, "sysconf() error");
+    }
+  }
+  else
+  {
+    __CPROVER_assert(0, "ARG_MAX is supported");
+  }
+}
diff --git a/regression/cbmc-library/sysconf-01/test.desc b/regression/cbmc-library/sysconf-01/test.desc
@@ -0,0 +1,12 @@
+CORE unix
+main.c
+
+^\[main.assertion.\d+\] line \d+ ARG\_MAX is not supported: FAILURE$
+^\[main.assertion.\d+\] line \d+ sysconf\(\) error: FAILURE$
+^\[main.assertion.\d+\] line \d+ ARG\_MAX is supported: FAILURE$
+^\*\* 3 of 3 failed .*$
+^VERIFICATION FAILED$
+^EXIT=10$
+^SIGNAL=0$
+--
+^WARNING: no body for function sysconf
diff --git a/src/ansi-c/library/unistd.c b/src/ansi-c/library/unistd.c
@@ -319,3 +319,34 @@ ret_type _read(int fildes, void *buf, size_type nbyte)
   __CPROVER_HIDE:;
   return read(fildes, buf, nbyte);
 }
+
+/* FUNCTION: sysconf */
+
+#ifndef __CPROVER_ERRNO_H_INCLUDED
+#  include <errno.h>
+#  define __CPROVER_ERRNO_H_INCLUDED
+#endif
+
+long __VERIFIER_nondet_long(void);
+unsigned int __VERIFIER_nondet_unsigned_int(void);
+
+long sysconf(int name);
+
+// This overapproximation is based on the sysconf specification available at
+// https://pubs.opengroup.org/onlinepubs/9699919799/functions/sysconf.html.
+long sysconf(int name)
+{
+__CPROVER_HIDE:;
+  (void)name;
+  long retval = __VERIFIER_nondet_long();
+
+  // We should keep errno as non-determinist as possible, since this model
+  // nver takes into account the name input.
+  errno = __VERIFIER_nondet_unsigned_int();
+
+  // Spec states "some returned values may be huge; they are not suitable
+  // for allocating memory". There aren't also guarantees about return
+  // values being strickly equal or greater to -1.
+  // Thus, modelling it as non-deterministic.
+  return retval;
+}