2 // errorcheck -0 -d=ssa/prove/debug=1
4 // Copyright 2016 The Go Authors. All rights reserved.
5 // Use of this source code is governed by a BSD-style
6 // license that can be found in the LICENSE file.
12 func f0(a []int) int {
14 a[0] = 1 // ERROR "Proved IsInBounds$"
16 a[6] = 1 // ERROR "Proved IsInBounds$"
17 a[5] = 1 // ERROR "Proved IsInBounds$"
18 a[5] = 1 // ERROR "Proved IsInBounds$"
22 func f1(a []int) int {
26 a[0] = 1 // ERROR "Proved IsInBounds$"
27 a[0] = 1 // ERROR "Proved IsInBounds$"
29 a[6] = 1 // ERROR "Proved IsInBounds$"
30 a[5] = 1 // ERROR "Proved IsInBounds$"
31 a[5] = 1 // ERROR "Proved IsInBounds$"
35 func f1b(a []int, i int, j uint) int {
36 if i >= 0 && i < len(a) {
37 return a[i] // ERROR "Proved IsInBounds$"
39 if i >= 10 && i < len(a) {
40 return a[i] // ERROR "Proved IsInBounds$"
42 if i >= 10 && i < len(a) {
43 return a[i] // ERROR "Proved IsInBounds$"
45 if i >= 10 && i < len(a) {
46 return a[i-10] // ERROR "Proved IsInBounds$"
49 return a[j] // ERROR "Proved IsInBounds$"
54 func f1c(a []int, i int64) int {
55 c := uint64(math.MaxInt64 + 10) // overflows int
57 if i >= d && i < int64(len(a)) {
58 // d overflows, should not be handled.
64 func f2(a []int) int {
65 for i := range a { // ERROR "Induction variable: limits \[0,\?\), increment 1$"
67 a[i+1] = i // ERROR "Proved IsInBounds$"
72 func f3(a []uint) int {
73 for i := uint(0); i < uint(len(a)); i++ {
74 a[i] = i // ERROR "Proved IsInBounds$"
79 func f4a(a, b, c int) int {
81 if a == b { // ERROR "Disproved Eq64$"
84 if a > b { // ERROR "Disproved Greater64$"
87 if a < b { // ERROR "Proved Less64$"
90 // We can't get to this point and prove knows that, so
91 // there's no message for the next (obvious) branch.
100 func f4b(a, b, c int) int {
103 if a == b { // ERROR "Proved Eq64$"
113 func f4c(a, b, c int) int {
116 if a != b { // ERROR "Disproved Neq64$"
126 func f4d(a, b, c int) int {
129 if a < b { // ERROR "Proved Less64$"
130 if a < c { // ERROR "Proved Less64$"
142 func f4e(a, b, c int) int {
144 if b > a { // ERROR "Proved Greater64$"
152 func f4f(a, b, c int) int {
155 if b == a { // ERROR "Disproved Eq64$"
160 if b >= a { // ERROR "Proved Geq64$"
161 if b == a { // ERROR "Proved Eq64$"
171 func f5(a, b uint) int {
173 if a <= b { // ERROR "Proved Leq64U$"
181 // These comparisons are compile time constants.
182 func f6a(a uint8) int {
183 if a < a { // ERROR "Disproved Less8U$"
189 func f6b(a uint8) int {
190 if a < a { // ERROR "Disproved Less8U$"
196 func f6x(a uint8) int {
197 if a > a { // ERROR "Disproved Greater8U$"
203 func f6d(a uint8) int {
204 if a <= a { // ERROR "Proved Leq8U$"
210 func f6e(a uint8) int {
211 if a >= a { // ERROR "Proved Geq8U$"
217 func f7(a []int, b int) int {
220 if b < len(a) { // ERROR "Proved Less64$"
221 a[b] = 5 // ERROR "Proved IsInBounds$"
227 func f8(a, b uint) int {
234 if a < b { // ERROR "Proved Less64U$"
240 func f9(a, b bool) int {
244 if a || b { // ERROR "Disproved Arg$"
250 func f10(a string) int {
252 // We optimize comparisons with small constant strings (see cmd/compile/internal/gc/walk.go),
253 // so this string literal must be long.
254 if a[:n>>1] == "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" {
260 func f11a(a []int, i int) {
262 useInt(a[i]) // ERROR "Proved IsInBounds$"
265 func f11b(a []int, i int) {
267 useSlice(a[i:]) // ERROR "Proved IsSliceInBounds$"
270 func f11c(a []int, i int) {
272 useSlice(a[:i]) // ERROR "Proved IsSliceInBounds$"
275 func f11d(a []int, i int) {
277 useInt(a[2*i+7]) // ERROR "Proved IsInBounds$"
280 func f12(a []int, b int) {
284 func f13a(a, b, c int, x bool) int {
287 if a < 12 { // ERROR "Disproved Less64$"
292 if a <= 12 { // ERROR "Disproved Leq64$"
297 if a == 12 { // ERROR "Disproved Eq64$"
302 if a >= 12 { // ERROR "Proved Geq64$"
307 if a > 12 { // ERROR "Proved Greater64$"
316 func f13b(a int, x bool) int {
319 if a < -9 { // ERROR "Disproved Less64$"
324 if a <= -9 { // ERROR "Proved Leq64$"
329 if a == -9 { // ERROR "Proved Eq64$"
334 if a >= -9 { // ERROR "Proved Geq64$"
339 if a > -9 { // ERROR "Disproved Greater64$"
348 func f13c(a int, x bool) int {
351 if a < 90 { // ERROR "Proved Less64$"
356 if a <= 90 { // ERROR "Proved Leq64$"
361 if a == 90 { // ERROR "Disproved Eq64$"
366 if a >= 90 { // ERROR "Disproved Geq64$"
371 if a > 90 { // ERROR "Disproved Greater64$"
380 func f13d(a int) int {
382 if a < 9 { // ERROR "Proved Less64$"
389 func f13e(a int) int {
391 if a > 5 { // ERROR "Proved Greater64$"
398 func f13f(a int64) int64 {
399 if a > math.MaxInt64 {
400 if a == 0 { // ERROR "Disproved Eq64$"
407 func f13g(a int) int {
414 if a == 3 { // ERROR "Proved Eq64$"
420 func f13h(a int) int {
423 if a == 2 { // ERROR "Proved Eq64$"
431 func f13i(a uint) int {
435 if a > 0 { // ERROR "Proved Greater64U$"
441 func f14(p, q *int, a []int) {
442 // This crazy ordering usually gives i1 the lowest value ID,
443 // j the middle value ID, and i2 the highest value ID.
444 // That used to confuse CSE because it ordered the args
445 // of the two + ops below differently.
446 // That in turn foiled bounds check elimination.
451 useInt(a[i2+j]) // ERROR "Proved IsInBounds$"
454 func f15(s []int, x int) {
456 useSlice(s[:x]) // ERROR "Proved IsSliceInBounds$"
459 func f16(s []int) []int {
461 return s[:10] // ERROR "Proved IsSliceInBounds$"
467 for i := 0; i < len(b); i++ { // ERROR "Induction variable: limits \[0,\?\), increment 1$"
468 // This tests for i <= cap, which we can only prove
469 // using the derived relation between len and cap.
470 // This depends on finding the contradiction, since we
471 // don't query this condition directly.
472 useSlice(b[:i]) // ERROR "Proved IsSliceInBounds$"
476 func f18(b []int, x int, y uint) {
480 if x > len(b) { // ERROR "Disproved Greater64$"
483 if y > uint(len(b)) { // ERROR "Disproved Greater64U$"
486 if int(y) > len(b) { // ERROR "Disproved Greater64$"
491 func f19() (e int64, err error) {
492 // Issue 29502: slice[:0] is incorrectly disproved.
494 stack = append(stack, 123)
496 panic("too many elements")
498 last := len(stack) - 1
500 // Buggy compiler prints "Disproved Geq64" for the next line.
501 stack = stack[:last] // ERROR "Proved IsSliceInBounds"
505 func sm1(b []int, x int) {
506 // Test constant argument to slicemask.
507 useSlice(b[2:8]) // ERROR "Proved slicemask not needed$"
508 // Test non-constant argument with known limits.
510 useSlice(b[2:]) // ERROR "Proved slicemask not needed$"
514 func lim1(x, y, z int) {
515 // Test relations between signed and unsigned limits.
517 if uint(x) > 5 { // ERROR "Proved Greater64U$"
522 if uint(y) > 4 { // ERROR "Disproved Greater64U$"
525 if uint(y) < 5 { // ERROR "Proved Less64U$"
530 if uint(z) > 4 { // Not provable without disjunctions.
536 // fence1–4 correspond to the four fence-post implications.
538 func fence1(b []int, x, y int) {
539 // Test proofs that rely on fence-post implications.
541 if x < y { // ERROR "Disproved Less64$"
546 // This eliminates the growslice path.
547 b = append(b, 1) // ERROR "Disproved Greater64U$"
551 func fence2(x, y int) {
553 if x > y { // ERROR "Disproved Greater64$"
559 func fence3(b, c []int, x, y int64) {
561 if x <= y { // Can't prove because x may have wrapped.
566 if x != math.MinInt64 && x-1 >= y {
567 if x <= y { // ERROR "Disproved Leq64$"
572 c[len(c)-1] = 0 // Can't prove because len(c) might be 0
574 if n := len(b); n > 0 {
575 b[n-1] = 0 // ERROR "Proved IsInBounds$"
579 func fence4(x, y int64) {
585 if y != math.MaxInt64 && x >= y+1 {
586 if x <= y { // ERROR "Disproved Leq64$"
592 // Check transitive relations
593 func trans1(x, y int64) {
596 if y > 2 { // ERROR "Proved Greater64$"
600 if y > 5 { // ERROR "Proved Greater64$"
607 if y > 10 { // ERROR "Proved Greater64$"
614 func trans2(a, b []int, i int) {
615 if len(a) != len(b) {
620 _ = b[i] // ERROR "Proved IsInBounds$"
623 func trans3(a, b []int, i int) {
629 _ = b[i] // ERROR "Proved IsInBounds$"
632 // Derived from nat.cmp
633 func natcmp(x, y []uint) (r int) {
636 if m != n || m == 0 {
641 for i > 0 && // ERROR "Induction variable: limits \(0,\?\], increment 1$"
642 x[i] == // ERROR "Proved IsInBounds$"
643 y[i] { // ERROR "Proved IsInBounds$"
648 case x[i] < // todo, cannot prove this because it's dominated by i<=0 || x[i]==y[i]
649 y[i]: // ERROR "Proved IsInBounds$"
651 case x[i] > // ERROR "Proved IsInBounds$"
652 y[i]: // ERROR "Proved IsInBounds$"
658 func suffix(s, suffix string) bool {
659 // todo, we're still not able to drop the bound check here in the general case
660 return len(s) >= len(suffix) && s[len(s)-len(suffix):] == suffix
663 func constsuffix(s string) bool {
664 return suffix(s, "abc") // ERROR "Proved IsSliceInBounds$"
667 // oforuntil tests the pattern created by OFORUNTIL blocks. These are
668 // handled by addLocalInductiveFacts rather than findIndVar.
669 func oforuntil(b []int) {
673 println(b[i]) // ERROR "Induction variable: limits \[0,\?\), increment 1$" "Proved IsInBounds$"
681 // The range tests below test the index variable of range loops.
683 // range1 compiles to the "efficiently indexable" form of a range loop.
684 func range1(b []int) {
685 for i, v := range b { // ERROR "Induction variable: limits \[0,\?\), increment 1$"
686 b[i] = v + 1 // ERROR "Proved IsInBounds$"
687 if i < len(b) { // ERROR "Proved Less64$"
690 if i >= 0 { // ERROR "Proved Geq64$"
696 // range2 elements are larger, so they use the general form of a range loop.
697 func range2(b [][32]int) {
698 for i, v := range b {
699 b[i][0] = v[0] + 1 // ERROR "Induction variable: limits \[0,\?\), increment 1$" "Proved IsInBounds$"
700 if i < len(b) { // ERROR "Proved Less64$"
703 if i >= 0 { // ERROR "Proved Geq64$"
714 func useSlice(a []int) {