2 // errorcheck -0 -d=ssa/prove/debug=1
4 // Copyright 2016 The Go Authors. All rights reserved.
5 // Use of this source code is governed by a BSD-style
6 // license that can be found in the LICENSE file.
12 func f0(a []int) int {
14 a[0] = 1 // ERROR "Proved IsInBounds$"
16 a[6] = 1 // ERROR "Proved IsInBounds$"
17 a[5] = 1 // ERROR "Proved IsInBounds$"
18 a[5] = 1 // ERROR "Proved IsInBounds$"
22 func f1(a []int) int {
26 a[0] = 1 // ERROR "Proved IsInBounds$"
27 a[0] = 1 // ERROR "Proved IsInBounds$"
29 a[6] = 1 // ERROR "Proved IsInBounds$"
30 a[5] = 1 // ERROR "Proved IsInBounds$"
31 a[5] = 1 // ERROR "Proved IsInBounds$"
35 func f1b(a []int, i int, j uint) int {
36 if i >= 0 && i < len(a) {
37 return a[i] // ERROR "Proved IsInBounds$"
39 if i >= 10 && i < len(a) {
40 return a[i] // ERROR "Proved IsInBounds$"
42 if i >= 10 && i < len(a) {
43 return a[i] // ERROR "Proved IsInBounds$"
45 if i >= 10 && i < len(a) {
46 return a[i-10] // ERROR "Proved IsInBounds$"
49 return a[j] // ERROR "Proved IsInBounds$"
54 func f1c(a []int, i int64) int {
55 c := uint64(math.MaxInt64 + 10) // overflows int
57 if i >= d && i < int64(len(a)) {
58 // d overflows, should not be handled.
64 func f2(a []int) int {
65 for i := range a { // ERROR "Induction variable: limits \[0,\?\), increment 1"
67 a[i+1] = i // ERROR "Proved IsInBounds$"
72 func f3(a []uint) int {
73 for i := uint(0); i < uint(len(a)); i++ {
74 a[i] = i // ERROR "Proved IsInBounds$"
79 func f4a(a, b, c int) int {
81 if a == b { // ERROR "Disproved Eq64$"
84 if a > b { // ERROR "Disproved Greater64$"
87 if a < b { // ERROR "Proved Less64$"
90 // We can't get to this point and prove knows that, so
91 // there's no message for the next (obvious) branch.
100 func f4b(a, b, c int) int {
103 if a == b { // ERROR "Proved Eq64$"
113 func f4c(a, b, c int) int {
116 if a != b { // ERROR "Disproved Neq64$"
126 func f4d(a, b, c int) int {
129 if a < b { // ERROR "Proved Less64$"
130 if a < c { // ERROR "Proved Less64$"
142 func f4e(a, b, c int) int {
144 if b > a { // ERROR "Proved Greater64$"
152 func f4f(a, b, c int) int {
155 if b == a { // ERROR "Disproved Eq64$"
160 if b >= a { // ERROR "Proved Geq64$"
161 if b == a { // ERROR "Proved Eq64$"
171 func f5(a, b uint) int {
173 if a <= b { // ERROR "Proved Leq64U$"
181 // These comparisons are compile time constants.
182 func f6a(a uint8) int {
183 if a < a { // ERROR "Disproved Less8U$"
189 func f6b(a uint8) int {
190 if a < a { // ERROR "Disproved Less8U$"
196 func f6x(a uint8) int {
197 if a > a { // ERROR "Disproved Greater8U$"
203 func f6d(a uint8) int {
204 if a <= a { // ERROR "Proved Leq8U$"
210 func f6e(a uint8) int {
211 if a >= a { // ERROR "Proved Geq8U$"
217 func f7(a []int, b int) int {
220 if b < len(a) { // ERROR "Proved Less64$"
221 a[b] = 5 // ERROR "Proved IsInBounds$"
227 func f8(a, b uint) int {
234 if a < b { // ERROR "Proved Less64U$"
240 func f9(a, b bool) int {
244 if a || b { // ERROR "Disproved Arg$"
250 func f10(a string) int {
252 // We optimize comparisons with small constant strings (see cmd/compile/internal/gc/walk.go),
253 // so this string literal must be long.
254 if a[:n>>1] == "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" {
260 func f11a(a []int, i int) {
262 useInt(a[i]) // ERROR "Proved IsInBounds$"
265 func f11b(a []int, i int) {
267 useSlice(a[i:]) // ERROR "Proved IsSliceInBounds$"
270 func f11c(a []int, i int) {
272 useSlice(a[:i]) // ERROR "Proved IsSliceInBounds$"
275 func f11d(a []int, i int) {
277 useInt(a[2*i+7]) // ERROR "Proved IsInBounds$"
280 func f12(a []int, b int) {
284 func f13a(a, b, c int, x bool) int {
287 if a < 12 { // ERROR "Disproved Less64$"
292 if a <= 12 { // ERROR "Disproved Leq64$"
297 if a == 12 { // ERROR "Disproved Eq64$"
302 if a >= 12 { // ERROR "Proved Geq64$"
307 if a > 12 { // ERROR "Proved Greater64$"
316 func f13b(a int, x bool) int {
319 if a < -9 { // ERROR "Disproved Less64$"
324 if a <= -9 { // ERROR "Proved Leq64$"
329 if a == -9 { // ERROR "Proved Eq64$"
334 if a >= -9 { // ERROR "Proved Geq64$"
339 if a > -9 { // ERROR "Disproved Greater64$"
348 func f13c(a int, x bool) int {
351 if a < 90 { // ERROR "Proved Less64$"
356 if a <= 90 { // ERROR "Proved Leq64$"
361 if a == 90 { // ERROR "Disproved Eq64$"
366 if a >= 90 { // ERROR "Disproved Geq64$"
371 if a > 90 { // ERROR "Disproved Greater64$"
380 func f13d(a int) int {
382 if a < 9 { // ERROR "Proved Less64$"
389 func f13e(a int) int {
391 if a > 5 { // ERROR "Proved Greater64$"
398 func f13f(a int64) int64 {
399 if a > math.MaxInt64 {
400 if a == 0 { // ERROR "Disproved Eq64$"
407 func f13g(a int) int {
414 if a == 3 { // ERROR "Proved Eq64$"
420 func f13h(a int) int {
423 if a == 2 { // ERROR "Proved Eq64$"
431 func f13i(a uint) int {
435 if a > 0 { // ERROR "Proved Greater64U$"
441 func f14(p, q *int, a []int) {
442 // This crazy ordering usually gives i1 the lowest value ID,
443 // j the middle value ID, and i2 the highest value ID.
444 // That used to confuse CSE because it ordered the args
445 // of the two + ops below differently.
446 // That in turn foiled bounds check elimination.
451 useInt(a[i2+j]) // ERROR "Proved IsInBounds$"
454 func f15(s []int, x int) {
456 useSlice(s[:x]) // ERROR "Proved IsSliceInBounds$"
459 func f16(s []int) []int {
461 return s[:10] // ERROR "Proved IsSliceInBounds$"
467 for i := 0; i < len(b); i++ { // ERROR "Induction variable: limits \[0,\?\), increment 1"
468 // This tests for i <= cap, which we can only prove
469 // using the derived relation between len and cap.
470 // This depends on finding the contradiction, since we
471 // don't query this condition directly.
472 useSlice(b[:i]) // ERROR "Proved IsSliceInBounds$"
476 func f18(b []int, x int, y uint) {
480 if x > len(b) { // ERROR "Disproved Greater64$"
483 if y > uint(len(b)) { // ERROR "Disproved Greater64U$"
486 if int(y) > len(b) { // ERROR "Disproved Greater64$"
491 func sm1(b []int, x int) {
492 // Test constant argument to slicemask.
493 useSlice(b[2:8]) // ERROR "Proved slicemask not needed$"
494 // Test non-constant argument with known limits.
496 useSlice(b[2:]) // ERROR "Proved slicemask not needed$"
500 func lim1(x, y, z int) {
501 // Test relations between signed and unsigned limits.
503 if uint(x) > 5 { // ERROR "Proved Greater64U$"
508 if uint(y) > 4 { // ERROR "Disproved Greater64U$"
511 if uint(y) < 5 { // ERROR "Proved Less64U$"
516 if uint(z) > 4 { // Not provable without disjunctions.
522 // fence1–4 correspond to the four fence-post implications.
524 func fence1(b []int, x, y int) {
525 // Test proofs that rely on fence-post implications.
527 if x < y { // ERROR "Disproved Less64$"
532 // This eliminates the growslice path.
533 b = append(b, 1) // ERROR "Disproved Greater64$"
537 func fence2(x, y int) {
539 if x > y { // ERROR "Disproved Greater64$"
545 func fence3(b, c []int, x, y int64) {
547 if x <= y { // Can't prove because x may have wrapped.
552 if x != math.MinInt64 && x-1 >= y {
553 if x <= y { // ERROR "Disproved Leq64$"
558 c[len(c)-1] = 0 // Can't prove because len(c) might be 0
560 if n := len(b); n > 0 {
561 b[n-1] = 0 // ERROR "Proved IsInBounds$"
565 func fence4(x, y int64) {
571 if y != math.MaxInt64 && x >= y+1 {
572 if x <= y { // ERROR "Disproved Leq64$"
578 // Check transitive relations
579 func trans1(x, y int64) {
582 if y > 2 { // ERROR "Proved Greater64"
586 if y > 5 { // ERROR "Proved Greater64"
593 if y > 10 { // ERROR "Proved Greater64"
600 func trans2(a, b []int, i int) {
601 if len(a) != len(b) {
606 _ = b[i] // ERROR "Proved IsInBounds$"
609 func trans3(a, b []int, i int) {
615 _ = b[i] // ERROR "Proved IsInBounds$"
618 // Derived from nat.cmp
619 func natcmp(x, y []uint) (r int) {
622 if m != n || m == 0 {
627 for i > 0 && // ERROR "Induction variable: limits \(0,\?\], increment 1"
628 x[i] == // ERROR "Proved IsInBounds$"
629 y[i] { // ERROR "Proved IsInBounds$"
634 case x[i] < // todo, cannot prove this because it's dominated by i<=0 || x[i]==y[i]
635 y[i]: // ERROR "Proved IsInBounds$"
637 case x[i] > // ERROR "Proved IsInBounds$"
638 y[i]: // ERROR "Proved IsInBounds$"
644 func suffix(s, suffix string) bool {
645 // todo, we're still not able to drop the bound check here in the general case
646 return len(s) >= len(suffix) && s[len(s)-len(suffix):] == suffix
649 func constsuffix(s string) bool {
650 return suffix(s, "abc") // ERROR "Proved IsSliceInBounds$"
653 // oforuntil tests the pattern created by OFORUNTIL blocks. These are
654 // handled by addLocalInductiveFacts rather than findIndVar.
655 func oforuntil(b []int) {
659 println(b[i]) // ERROR "Induction variable: limits \[0,\?\), increment 1$" "Proved IsInBounds$"
667 // The range tests below test the index variable of range loops.
669 // range1 compiles to the "efficiently indexable" form of a range loop.
670 func range1(b []int) {
671 for i, v := range b { // ERROR "Induction variable: limits \[0,\?\), increment 1$"
672 b[i] = v + 1 // ERROR "Proved IsInBounds$"
673 if i < len(b) { // ERROR "Proved Less64$"
676 if i >= 0 { // ERROR "Proved Geq64$"
682 // range2 elements are larger, so they use the general form of a range loop.
683 func range2(b [][32]int) {
684 for i, v := range b {
685 b[i][0] = v[0] + 1 // ERROR "Induction variable: limits \[0,\?\), increment 1$" "Proved IsInBounds$"
686 if i < len(b) { // ERROR "Proved Less64$"
689 if i >= 0 { // ERROR "Proved Geq64"
700 func useSlice(a []int) {