pax_global_header00006660000000000000000000000064137706724440014530gustar00rootroot0000000000000052 comment=728456d3726971423751f2ace36fc314c0ee35ab java-cprover-api-master/000077500000000000000000000000001377067244400155335ustar00rootroot00000000000000java-cprover-api-master/.travis.yml000066400000000000000000000002601377067244400176420ustar00rootroot00000000000000language: java script: - mvn package notifications: webhooks: on_success: always on_failure: always on_start: never on_cancel: never on_error: always java-cprover-api-master/LICENSE000066400000000000000000000026661377067244400165520ustar00rootroot00000000000000Copyright 2016-2020 Diffblue Ltd. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.java-cprover-api-master/README.md000066400000000000000000000006351377067244400170160ustar00rootroot00000000000000CProver Java API of JBMC ======================== This repository contains the sources for building a Java library (`cprover-api.jar`) that allows access to the CProver API of the Java model checking tool [JBMC](https://github.com/diffblue/cbmc/tree/develop/jbmc). This library exposes functionality such as _assume_ or _nondetInt_, which are useful for modelling verification harnesses for Java applications. java-cprover-api-master/pom.xml000066400000000000000000000150151377067244400170520ustar00rootroot00000000000000 4.0.0 org.cprover.util cprover-api 1.1.0-SNAPSHOT jar CProver-API CProver Java API https://github.com/diffblue/java-cprover-api BSD-3-Clause-License https://opensource.org/licenses/BSD-3-Clause repo Diffblue info@diffblue.com Diffblue http://www.diffblue.com https://github.com/diffblue/java-cprover-api scm:git:git://github.com/diffblue/java-cprover-api.git ossrh https://oss.sonatype.org/content/repositories/snapshots UTF-8 sign false org.apache.maven.plugins maven-gpg-plugin 1.6 sign-artifacts verify sign build-extras false org.apache.maven.plugins maven-source-plugin 3.0.1 attach-sources jar-no-fork org.apache.maven.plugins maven-javadoc-plugin 3.0.01 attach-javadocs jar stdbuild true cprover-api org.apache.maven.plugins maven-checkstyle-plugin 2.17 validate validate google_checks.xml UTF-8 true warning false check org.apache.maven.plugins maven-compiler-plugin 3.6.1 1.8 1.8 org.apache.maven.plugins maven-javadoc-plugin 3.0.0 private true org.apache.maven.plugins maven-surefire-plugin 2.22.1 org.sonatype.plugins nexus-staging-maven-plugin 1.6.8 true ossrh https://oss.sonatype.org/ false java-cprover-api-master/scripts/000077500000000000000000000000001377067244400172225ustar00rootroot00000000000000java-cprover-api-master/scripts/mvnsettingsPlainText.xml.enc000066400000000000000000000003401377067244400247170ustar00rootroot00000000000000Salted__⋝q1E_PY[ݻgTzP4ieY/x䌊]Lpsާvz2~\G4zXbv͘{zT/ڼ2on]6E;,~C2Tܦ|bVbx\h\iN}yhS6HF did,s5Xm8?Ov\MMaC> uTRjava-cprover-api-master/scripts/private.gpg.enc000066400000000000000000000047201377067244400221420ustar00rootroot00000000000000Salted__f;_/Et%(mgXXȘOPP"Q(tRT,n<|*+X&+31N;,epC6?m/dn %?el,ϘP ؂R 7gpQC%ҰLEorl #C6Oe=j]M8pJV}AgeOkm?Ѱ; %N%FV*RSBŖi.n!u* ؛o:㕏g9s1ks+Hu5u~ȑaj`>.9#{,# =6'0v/kؘ[GU)<-D#BT[P٫d ;G{4ggHs^!Jc՞ U+ 9%NW`A 2Wv#=*O 'c]u"K}NuedR4!oii#:}ETk| %V?xu{&!ySyQ0R#ͮG 3YkqqU .W? 6;d?<(Ȗ+f5ؕ*n"#jß+䍚>(>'h$] Hq<> Rgx*)`n>lj6ی(mjQkQh1>IX3W> 2*y"zK(K3X `׀r هfBLelՇPowKKW7ŝ.+フ89? 0il.r$<3>SvligǸcxFbK(cЌ˗.G=;6t=7o;_G_uT`&cj是X2ZRsP[vִk /͐W2>5r\9&ᗊ[3  '}¾xBi=\KYE0HXueQȠf ]4LЅDJ7q,)bq!TUœ&>;ao %p U: CeHݒGz:T$Je»#9A,mTxs}3}ѪE!;:[8B{^Q{(UብBO hrEHAЕLEQXvرh6~F3/$0?y#\gUa.(>ő5Ú}dCڿnHLk營(GEZy2+2^לQXSL>cQY{+"E^Q{셹*.KXJ w!aOPw4{Vml:Qi7PP$4-s1UGYs rhLڗ]Lث}ic{!hsmNlCT^,S>`妺r6V_ &"4fѼztpl(!Egc@'3C䠔yޠ^˃@u;J 6ݑ 3# la]oA=3DI s; š{ C䭝"U@CDPQSveĕr [;(V^W0`[a[WoC?rD~krrH5~% p?x8H.瑱[Fol9ߡ^e5)T{4h_*!_GBqf L\%K1A|_'o<$ `i Vc([Zw':eY D2V„?ň|Iֽ!w3S:-"qk [@^ )}iƵ5^DGBm̤QEjyV2w8efi~_h&DX ךVAnR3鐿hL]I{L4P5(1G&XZv7ßWOklW ! N0nӵ? <u ( iPee|+]Ж)Y'l_|:R:SuIӾ)*{$w+ 1B5^RC.}iX4.xhq2lhjava-cprover-api-master/scripts/release_util_script__deploy_to_maven_central.sh000077500000000000000000000060031377067244400307340ustar00rootroot00000000000000#!/bin/bash set -euo pipefail #------------------------------------------------------------ VERSION=$(mvn help:evaluate -Dexpression=project.version | grep -v -e "^\\[") RELEASE="true" GPG_KEY_ENC_FILENAME="scripts/private.gpg.enc" RELEASE_KEY_TO_PUBLIC_SERVER="false" #------------------------------------------------------------ SSL_PWD="$1" ## encoding command used of form "echo "$var" | openssl aes-256-cbc -a -salt -pass pass:${SSL_PWD} | openssl enc -A -base64" SONATYPETOKEN_USER_ENC="VTJGc2RHVmtYMThXUlJTa0hRNzZOK1pReU9wanFpSVBDQ2VWQTFxWDlpZ3Boa0R4clBhd29hakgzRUxrNS9adgo=" SONATYPETOKEN_PWD_ENC="VTJGc2RHVmtYMThOdUduSmg1MEtjRE56R3lQd2hxdVVrd1pScDNFSXpNaVNud1UwUksrakRSTTY2RVVYUDlnQwo=" GPG_KEYID_ENC="VTJGc2RHVmtYMSs5dTVQaW9QS3RCTGhRV2hrTEx0a2FXbHVaMjVqQ05yZlc3QmR6UC9TWGRPWXVtRzFFN2FCagpqeTlJU0Z6eHpjajBlSDlHWThSd0JRPT0K=" decrypt_fn(){ echo "$1" | openssl enc -A -base64 -d | openssl aes-256-cbc -d -a -pass pass:"$SSL_PWD" } SONATYPETOKENUSER=$(decrypt_fn "${SONATYPETOKEN_USER_ENC}") export SONATYPETOKENUSER SONATYPETOKENPWD=$(decrypt_fn "${SONATYPETOKEN_PWD_ENC}") export SONATYPETOKENPWD GPG_KEYID=$(decrypt_fn "${GPG_KEYID_ENC}") export GPG_KEYID #------------------------------------------------------------ openssl enc -aes-256-cbc -d -pass pass:"${SSL_PWD}" -in ${GPG_KEY_ENC_FILENAME} -out private.gpg gpg --fast-import private.gpg rm private.gpg # Following section is in case a key is provided which has not already been # shared to a pgp public server - and documents that process. # NB if script 'release_util_script_create_gpg.sh' is used to create a new key, # this procedure will have already been done. if [[ "${RELEASE_KEY_TO_PUBLIC_SERVER}" == "true" ]] then gpg --keyserver keys.openpgp.org --send-keys "${GPG_KEYID}" ## wait for the key to be accessible while(true); do date gpg --keyserver keys.openpgp.org --recv-keys "${GPG_KEYID}" && break || sleep 20 done echo "wait for 2 minutes to let the key be synced" sleep 120 fi ## encoding command is of form 'openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc' - nb 'salt' openssl enc -aes-256-cbc -d -pass pass:"${SSL_PWD}" -in scripts/mvnsettingsPlainText.xml.enc -out mvnsettingsPlainText.xml #------------------------------------------------------------ if [[ "${RELEASE}" == "false" ]] then echo "This is a 'snapshot' release of cprover-api.jar, version ${VERSION}" mvn clean install -DskipTests=true -B -V else echo "this is a 'release' version of cprover-api.jar, version ${VERSION}, this will be uploaded to the maven central staging ground" mvn clean deploy -DskipTests=true -P sign,build-extras,stdbuild --settings mvnsettingsPlainText.xml -B -V -Dgpg.keyname="${GPG_KEYID}" fi #------------------------------------------------------------ rm mvnsettingsPlainText.xml ## remove key from keyring, if this was a gpg key generated on the fly - then it would be gone forever. gpg --delete-secret-keys "${GPG_KEYID}" gpg --delete-key "${GPG_KEYID}" #------------------------------------------------------------ release_util_script__deploy_to_maven_central_remove_staged_artifact.sh000077500000000000000000000004371377067244400354430ustar00rootroot00000000000000java-cprover-api-master/scripts#!/bin/bash set -euo pipefail SSL_PWD=$1 openssl enc -aes-256-cbc -d -pass pass:"${SSL_PWD}" -in mvnsettingsPlainText.xml.enc -out mvnsettingsPlainText.xml mvn nexus-staging:drop -DstagingDescription="No longer required" --settings mvnsettingsPlainText.xml rm mvnsettingsPlainText.xml java-cprover-api-master/scripts/release_util_script_create_gpg.sh000077500000000000000000000050751377067244400260110ustar00rootroot00000000000000#!/bin/bash set -euo pipefail #-------------------------------------------------------------------------------- SSL_PWD="$1" RELEASE_KEY_TO_PUBLIC_SERVER="true" #-------------------------------------------------------------------------------- cat >gen-key-script <' #-------------------------------------------------------------------------------- ## get key id GPG_KEYID=$( gpg --list-keys --with-colons "Peter Schrammel" | grep "pub" | head -n1 | cut -d ':' -f5 ) echo "key id is: ${GPG_KEYID}" echo "encrypted key id is:" GPG_KEYID_ENC=$(echo "${GPG_KEYID}" | openssl aes-256-cbc -a -salt -pass pass:"${SSL_PWD}" | openssl enc -A -base64) echo "${GPG_KEYID_ENC}" #-------------------------------------------------------------------------------- ## list keys public echo "------- list public keys ------------------" gpg --list-keys ## list keys private echo "------- list private keys -----------------" gpg --list-secret-keys #-------------------------------------------------------------------------------- if [[ "${RELEASE_KEY_TO_PUBLIC_SERVER}" == "true" ]] then #gpg --keyserver keyserver.ubuntu.com --send-keys ${GPG_KEYID} gpg --keyserver pgp.mit.edu --send-keys "${GPG_KEYID}" ## wait for the key to be accessible while(true); do date #gpg --keyserver keyserver.ubuntu.com --recv-keys ${GPG_KEYID} && break || sleep 15 gpg --keyserver pgp.mit.edu --recv-keys "${GPG_KEYID}" && break || sleep 20 done fi #-------------------------------------------------------------------------------- ## export key # gpg --batch --export-secret-key ${GPG_KEYID} -a --passphrase "" > private1.gpg gpg --batch -a --export-secret-key "${GPG_KEYID}" > private1.gpg #gpg --armor --export-secret-key 'Peter Schrammel ' ## encode key to file openssl enc -aes-256-cbc -pass pass:"${SSL_PWD}" -in private1.gpg -out private1.gpg.enc rm private1.gpg ## remove generated key gpg --delete-secret-keys "${GPG_KEYID}" gpg --delete-key "${GPG_KEYID}" ## cleanup local configuration rm gen-key-script #-------------------------------------------------------------------------------- java-cprover-api-master/scripts/release_util_script_decrypt_file.sh000077500000000000000000000002241377067244400263510ustar00rootroot00000000000000#!/bin/bash set -euo pipefail SSL_PWD="$1" FILE="$2" openssl enc -aes-256-cbc -salt -pass pass:"${SSL_PWD}" -d -in ${FILE} -out ${FILE}.decrypted java-cprover-api-master/scripts/release_util_script_decrypt_var.sh000077500000000000000000000012021377067244400262170ustar00rootroot00000000000000#!/bin/bash # -------------------------------------------------------------------------------- # This script can be used to double check that an encrypted variable found in a # file (e.g. gpg key id) is correct (e.g. no misspellings have occurred). # It is the peer of 'release_util_script_encrypt_var.sh' - which is used for # encrypting a variable (e.g. a gpg key id). # -------------------------------------------------------------------------------- set -euo pipefail SSL_PWD="$1" VAR_ENC="$2" echo "decrypted var is:" VAR=$(echo "${VAR_ENC}" | openssl enc -A -base64 -d | openssl aes-256-cbc -d -a -pass pass:"$SSL_PWD") echo "${VAR}" java-cprover-api-master/scripts/release_util_script_encrypt_file.sh000077500000000000000000000002261377067244400263650ustar00rootroot00000000000000#!/bin/bash set -euo pipefail SSL_PWD="$1" FILE="$2" openssl enc -aes-256-cbc -salt -pass pass:"${SSL_PWD}" -in "${FILE}" -out "${FILE}".encrypted java-cprover-api-master/scripts/release_util_script_encrypt_var.sh000077500000000000000000000013761377067244400262450ustar00rootroot00000000000000#!/bin/bash # -------------------------------------------------------------------------------- # This script can be used to encrypt a variable (e.g. gpg key id, if a key is # provided by someone else) # NB release_util_script_create_gpg provides both the key id and also its # encrypted form. # This script is the peer of 'release_util_script_decrypt_var.sh' - which can be used to # double check that an encrypted variable (e.g. gpg key id) is correct (e.g. no # misspellings have occurred). # -------------------------------------------------------------------------------- set -euo pipefail SSL_PWD="$1" VAR="$2" echo "encrypted var is:" VAR_ENC=$(echo "${VAR}" | openssl aes-256-cbc -a -salt -pass pass:"${SSL_PWD}" | openssl enc -A -base64) echo "${VAR_ENC}" java-cprover-api-master/src/000077500000000000000000000000001377067244400163225ustar00rootroot00000000000000java-cprover-api-master/src/main/000077500000000000000000000000001377067244400172465ustar00rootroot00000000000000java-cprover-api-master/src/main/java/000077500000000000000000000000001377067244400201675ustar00rootroot00000000000000java-cprover-api-master/src/main/java/org/000077500000000000000000000000001377067244400207565ustar00rootroot00000000000000java-cprover-api-master/src/main/java/org/cprover/000077500000000000000000000000001377067244400224365ustar00rootroot00000000000000java-cprover-api-master/src/main/java/org/cprover/CProver.java000066400000000000000000000303151377067244400246630ustar00rootroot00000000000000package org.cprover; import java.io.BufferedInputStream; import java.io.PrintStream; import java.lang.reflect.Array; /** * This class provides the interface to functions implemented internally * in CProver, such as assume and nondetInt. */ public final class CProver { private CProver() { } /** * Flag to control the behavior of the {@link #assume} function * when executed in the JVM. * If true {@link #assume} will throw an exception; * otherwise it will be a nop. * The flag has no influence on the analysis in CProver. */ public static boolean enableAssume = true; /** * Flag to control the behavior of the nondetX functions, * e.g. {@link #nondetInt}, when executed in the JVM. * If true nondetX will throw an exception; * otherwise it will take the default value of the domain of X. * The flag has no influence on the analysis in CProver. */ public static boolean enableNondet = true; /** * Flag to control the behavior of concurrency-related functions, * e.g. {@link #startThread}. * If true this functions will throw an exception; * otherwise they will be a nop. * The flag has no influence on the analysis in CProver. */ public static boolean enableConcurrency = true; /** * In an analysis in CProver the return value can take any value * of the domain of Booleans (true, false). */ public static boolean nondetBoolean() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetBoolean()"); } return false; } /** * In an analysis in CProver the return value can take any value * of the domain of byte (8-bit signed integers). */ public static byte nondetByte() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetByte()"); } return 0; } /** * In an analysis in CProver the return value can take any value * of the domain of UTF-16 characters. */ public static char nondetChar() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetChar()"); } return '\0'; } /** * In an analysis in CProver the return value can take any value * of the domain of short (16-bit signed integers). */ public static short nondetShort() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetShort()"); } return 0; } /** * In an analysis in CProver the return value can take any value * of the domain of int (32-bit signed integers). */ public static int nondetInt() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetInt()"); } return 0; } /** * In an analysis in CProver the return value can take any value * of the domain of long (64-bit signed integers). */ public static long nondetLong() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetLong()"); } return 0; } /** * In an analysis in CProver the return value can take any value * of the domain of float (IEEE-754 binary32). */ public static float nondetFloat() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetFloat()"); } return 0; } /** * In an analysis in CProver the return value can take any value * of the domain of double (IEEE-754 binary64). */ public static double nondetDouble() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetDouble()"); } return 0; } private static T nondetWithNull() { if (enableNondet) { throw new RuntimeException( "Cannot execute program with CProver.nondetWithNull(T)"); } return null; } /** * @param instance an instance of the type T, this is not used but is there * to make sure the class T is loaded. The parameter should * not be `null`. * @param class of the object to return * @return a non-deterministic object of type T, possibly `null`. */ public static T nondetWithNull(T instance) { return nondetWithNull(); } private static T nondetWithoutNull() { T retVal = nondetWithNull(); assume(retVal != null); return retVal; } /** * @param instance an instance of the type T, this is not used but is there * to make sure the class T is loaded. The parameter should * not be `null`. * @param class of the object to return * @return a non-deterministic object of type T, assumed to be non-null. */ public static T nondetWithoutNull(T instance) { return nondetWithoutNull(); } /** * Method to indicate that a library method with return value T * is not modeled. * @return a non-deterministic object of type T, possibly `null`. */ public static T nondetWithNullForNotModelled() { return nondetWithNull(); } /** * Method to indicate that a library method with return value T * is not modeled. * @return a non-deterministic object of type T, assumed to be non-null. */ public static T nondetWithoutNullForNotModelled() { return nondetWithoutNull(); } /** * Method to indicate that a library method with return value void * is not modeled. */ public static void notModelled() { assume(false); } /** * Return a non-deterministic PrintStream. * It is not recommended to use it, since it will not enforce that * PrintStreamis loaded, but is necessary for initializing System.out * and System.err. */ public static PrintStream nondetPrintStream() { return nondetWithoutNull(); } /** * Return a non-deterministic BufferedInputStream. * It is not recommended to use it, since it will not enforce that * BufferedInputStream is loaded, but is necessary for initializing * System.in. */ public static BufferedInputStream nondetBufferedInputStream() { return nondetWithoutNull(); } /** * @param condition to be assumed to hold true on any execution. */ public static void assume(boolean condition) { if (enableAssume) { throw new RuntimeException( "Cannot execute program with CProver.assume()"); } } /** * This method is used by JBMC to detect the start of a new thread and * create a multithreaded bmc equation. * Refer to the method `start` in the model for the class `java.lang.Thread` * in the JBMC sources to see an example of usage */ public static void startThread(int id) { if (enableConcurrency) { throw new RuntimeException( "Cannot execute program with CProver.startThread()"); } } /** * This method is used by JBMC to detect the end of a new thread to * manage a multithreaded bmc equation * Refer to the method `start` in the model for the class `java.lang.Thread` * in the JBMC sources to see an example of usage */ public static void endThread(int id) { if (enableConcurrency) { throw new RuntimeException( "Cannot execute program with CProver.endThread()"); } } /** * This method is used by JBMC to return the ID of the executing thread. */ public static int getCurrentThreadId() { if (enableConcurrency) { throw new RuntimeException( "Cannot execute program with CProver.getCurrentThreadId()"); } return 0; } /** * This method is used by JBMC to indicate an atomic section. * This avoids any thread interleavings of the code inside the section. */ public static void atomicBegin() { if (enableConcurrency) { throw new RuntimeException( "Cannot execute program with CProver.atomicBegin()"); } } /** * This method is used by JBMC to indicate the end of an atomic section * (see atomicBegin). */ public static void atomicEnd() { if (enableConcurrency) { throw new RuntimeException( "Cannot execute program with CProver.atomicEnd()"); } } /** * Array copy for byte arrays. Does not check for exceptions. * Use instead of System.arraycopy when the bounds are ensured to be * respected, that is, the following should be false: * srcPos < 0 || destPos < 0 || length < 0 || * srcPos + length > src.length || destPos + length > dest.length * * @param src the source array. * @param srcPos starting position in the source array. * @param dest the destination array. * @param destPos starting position in the destination data. * @param length the number of array elements to be copied. */ public static void arraycopy( byte[] src, int srcPos, byte[] dest, int destPos, int length) { byte[] temp = new byte[length]; for (int i = 0; i < length; i++) { temp[i] = src[srcPos + i]; } for (int i = 0; i < length; i++) { dest[destPos + i] = temp[i]; } } /** * Array copy for byte arrays. Does not check for exceptions, * and assumes that `src` and `dest`. * Use instead of System.arraycopy when `src` and `dest` are guaranteed to * be different and the bounds are ensured to be * respected, that is, the following should be false: * src == dest || srcPos < 0 || destPos < 0 || length < 0 || * srcPos + length > src.length || destPos + length > dest.length * * @param src the source array. * @param srcPos starting position in the source array. * @param dest the destination array. * @param destPos starting position in the destination data. * @param length the number of array elements to be copied. */ public static void arraycopyInPlace( byte[] src, int srcPos, byte[] dest, int destPos, int length) { for (int i = 0; i < length; i++) { dest[destPos + i] = src[srcPos + i]; } } /** * Retrieves the current locking count for 'object'. */ public static int getMonitorCount(Object object) { // Dummy implementation. // The actual implementation is in JBMC itself. return 0; } /** * Class identifier of an Object. For instance "java.lang.String", * "java.lang.Integer". This gives direct read access to the * {@code @class_identifier} field used internally by JBMC. * The body of this function is replaced by preprocessing of the java * bytecode, it is only meant to give meaningful output in case the model is * executed. */ public static String classIdentifier(Object object) { return object.getClass().getCanonicalName(); } /** * This method converts a double to a float and adds assumes that the * conversion did not result any loss of precision. Calling this method is * useful when weneed to call a certain complicated operation on double, * but we only have it implemented for floats. * *

The method is a workaround for the current limitations of the string * solver, which is able to convert float to String but not double to * String. Once this limitation goes away, the method and its usages can be * removed. * *

The method itself has limitations: * * There are doubles that can't be converted to float and back without * loss of precision, so the assertion will sometimes be violated * * Even if the assertion is satisfied for numbers d and converted, these * might not have the same String representation. */ public static float doubleToFloat(double value) { float converted = nondetFloat(); CProver.assume(value == (double) converted); return converted; } /** * Instantiates (but does not populate) an array with type matching a given * array, but with a potentially different length. Used by * ArrayList.toArray, for example, whose internal array is an Object[] but * must provide that array as a user-supplied T[], copying the runtime type * of whatever array the user provided as a template. * *

The implementation given here is correct, but JBMC cannot currently * understand these reflective methods and therefore replaces this function * with its own implementation. */ public static T[] createArrayWithType(int length, T[] type) { Class typeClass = type.getClass(); return (T[])Array.newInstance(typeClass.getComponentType(), length); } } java-cprover-api-master/src/main/java/org/cprover/CProverString.java000066400000000000000000000365411377067244400260610ustar00rootroot00000000000000package org.cprover; /** * This class provides an interface with string functions modeled internally * in CProver, for which the CProver model differs from the JDK actual behavior. * This is in particular the case for functions that throw exceptions. */ public final class CProverString { private CProverString() { } /** * Returns the character (Unicode code point) at the specified * index. * * @param instance The String instance * @param index The index to the {@code char} values * @return The code point value of the character at the {@code index} */ public static int codePointAt(String instance, int index) { return CProver.nondetInt(); } /** * Returns the character (Unicode code point) before the specified * index. * * @param instance The String instance * @param index The index following the code point that should be returned * @return The code point value of the character before the {@code index} */ public static int codePointBefore(String instance, int index) { return CProver.nondetInt(); } /** * Returns the number of Unicode code points in the specified text * range of this {@code String}. * * @param instance The String instance * @param start The index to the first {@code char} of the text range. * @param end The index after the last {@code char} of the text range. * @return The number of Unicode code points in the specified text range */ public static int codePointCount( String instance, int start, int end) { return CProver.nondetInt(); } /** * Returns the index within this {@code String} that is * offset from the given {@code index} by * {@code codePointOffset} code points. * * @param instance The String instance * @param index The index to be offset * @param codePointOffset The offset in code points * @return The index within this {@code String} */ public static int offsetByCodePoints( String instance, int index, int codePointOffset) { return CProver.nondetInt(); } /** * Modeled internally in CBMC. * @return '\u0000' if index is out of bounds and behave as s.charAt(i) * otherwise. */ public static char charAt(String string, int index) { return CProver.nondetChar(); } /** * Returns the {@code char} value in this sequence at the specified index. * * @param instance The StringBuffer instance * @param index The index of the desired {@code char} value. * @return The {@code char} value at the specified index. */ public static char charAt(StringBuffer instance, int index) { return CProver.nondetChar(); } /** * Modeled internally in CBMC. * @return Empty string if index is too large, s if index too small and * behave as s.substring(i) otherwise. */ public static String substring(String string, int index) { return CProver.nondetWithoutNullForNotModelled(); } /** * Modeled internally in CBMC. * @return Empty string if start >= end, s.substring(k, l) * where k = max(0, start) * and l = min(string.length() - 1, end) otherwise. */ public static String substring(String string, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a new {@code String} that contains a subsequence of * characters currently contained in this sequence. * * @param instance The StringBuffer instance. * @param start The beginning index, inclusive. * @param end The ending index, exclusive. * @return The new string. */ public static String substring(StringBuffer instance, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a character sequence that is a subsequence of this sequence. * * @param instance the String instance * @param start the begin index, inclusive. * @param end the end index, exclusive. * @return the specified subsequence. */ public static CharSequence subSequence( String instance, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Appends a subsequence of the specified {@code CharSequence} to this * sequence. * * @param instance the StringBuilder instance * @param cs the sequence to append. * @param start the starting index of the subsequence to be appended. * @param end the end index of the subsequence to be appended. * @return the modified StringBuilder. */ public static StringBuilder append( StringBuilder instance, CharSequence cs, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Removes the characters in a substring of this sequence. * * @param instance The StringBuilder instance * @param start The beginning index, inclusive. * @param end The ending index, exclusive. * @return The modified StringBuilder. */ public static StringBuilder delete( StringBuilder instance, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Removes the characters in a substring of this sequence. * * @param instance The StringBuffer instance * @param start The beginning index, inclusive. * @param end The ending index, exclusive. * @return The modified StringBuffer. */ public static StringBuffer delete( StringBuffer instance, int start, int end) { return CProver.nondetWithoutNullForNotModelled(); } /** * Removes the {@code char} at the specified position in this * sequence. This sequence is shortened by one {@code char}. * * @param instance The StringBuilder instance * @param index Index of {@code char} to remove * @return The modified StringBuilder. */ public static StringBuilder deleteCharAt( StringBuilder instance, int index) { return CProver.nondetWithoutNullForNotModelled(); } /** * Removes the {@code char} at the specified position in this * sequence. This sequence is shortened by one {@code char}. * *

Note: If the character at the given index is a supplementary * character, this method does not remove the entire character. If * correct handling of supplementary characters is required, * determine the number of {@code char}s to remove by calling * {@code Character.charCount(thisSequence.codePointAt(index))}, * where {@code thisSequence} is this sequence. * * @param instance The StringBuffer instance. * @param index Index of {@code char} to remove * @return This object. */ public static StringBuffer deleteCharAt(StringBuffer instance, int index) { return CProver.nondetWithoutNullForNotModelled(); } /** * Equality of two strings. Should be much more efficient * than String.equals because the type is known at * compilation time. */ public static boolean equals(String str1, String str2) { if (str1 == null) { return str2 == null; } return str1.length() == str2.length() && str1.startsWith(str2); } /** * Inserts the string into this character sequence. * * @param instance The StringBuilder instance * @param offset The offset. * @param str A string. * @return The modified StringBuilder. */ public static StringBuilder insert( StringBuilder instance, int offset, String str) { return CProver.nondetWithoutNullForNotModelled(); } /** * Inserts the string into this character sequence. * * @param instance The StringBuffer instance. * @param offset The offset. * @param str A string. * @return The modified StringBuffer. */ public static StringBuffer insert( StringBuffer instance, int offset, String str) { return CProver.nondetWithoutNullForNotModelled(); } /** * Inserts the string representation of the {@code boolean} * argument into this sequence. * * @param offset The offset. * @param boolVal A {@code boolean}. * @return A reference to this object. */ public static StringBuffer insert( StringBuffer instance, int offset, boolean boolVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Inserts the string representation of the {@code char} * argument into this sequence. * * @param offset The offset. * @param character A {@code char}. * @return A reference to this object. */ public static StringBuffer insert( StringBuffer instance, int offset, char character) { return CProver.nondetWithoutNullForNotModelled(); } /** * Inserts the string representation of the {@code int} * argument into this sequence. * * @param offset The offset. * @param intVal A {@code int}. * @return A reference to this object. */ public static StringBuffer insert( StringBuffer instance, int offset, int intVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Inserts the string representation of the {@code long} * argument into this sequence. * * @param offset The offset. * @param longVal A {@code long}. * @return A reference to this object. */ public static StringBuffer insert( StringBuffer instance, int offset, long longVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Sets the length of the character sequence. * * @param instance The StringBuffer instance * @param newLength The new length */ public static void setLength(StringBuffer instance, int newLength) { } /** * Sets the length of the character sequence. * * @param instance The StringBuilder instance * @param newLength The new length */ public static void setLength(StringBuilder instance, int newLength) { } /** * The character at the specified index is set to {@code ch}. * * @param instance The StringBuffer instance * @param index The index of the character to modify. * @param character The new character. */ public static void setCharAt( StringBuffer instance, int index, char character) { } /** * The character at the specified index is set to {@code ch}. * * @param instance The StringBuilder instance * @param index The index of the character to modify. * @param character The new character. */ public static void setCharAt( StringBuilder instance, int index, char character) { } /** * Converts an array of characters to a string. This uses a loop and * therefore in test-generation the {@code count} will be limited by the * unwind parameter. * This constrains {@code value} to not be null, its length to be greater * or equal to {@code offset + count} and {@code offset} and {@code count} * to be non-negative. * * @param value Array of characters which is the source to copy from * @param offset Index in {@code value} of the first character to copy * @param count Number of characters to copy * @return The created String */ public static String ofCharArray(char[] value, int offset, int count) { CProver.assume(value != null); CProver.assume(value.length - count >= offset && offset >= 0 && count >= 0); StringBuilder builder = new StringBuilder(); for (int i = 0; i < count; i++) { builder.append(value[offset + i]); } return builder.toString(); } /** * Format a string according to the given {@code formatString}. * Unlike the JDK version, all arguments are given by strings, there is * a fixed number of them and they should not be null. * This fixed number corresponds to the constant {@code MAX_FORMAT_ARGS} * defined in {@code java_string_library_preprocess.h} from JBMC. */ public static String format( String formatString, String arg0, String arg1, String arg2, String arg3, String arg4, String arg5, String arg6, String arg7, String arg8, String arg9) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a {@code String} object representing the * specified integer. The argument is converted to signed decimal * representation and returned as a string. * * @param intVal An integer to be converted. * @return A string representation of the argument in base 10. */ public static String toString(int intVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a string representation of the first argument in the * radix specified by the second argument. * * @param intVal An integer to be converted to a string. * @param radix The radix to use in the string representation. * @return A string representation of the argument in the specified radix. */ public static String toString(int intVal, int radix) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a {@code String} object representing the specified * {@code long}. The argument is converted to signed decimal * representation and returned as a string. * * @param longVal A {@code long} to be converted. * @return A string representation of the argument in base 10. */ public static String toString(long longVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a string representation of the first argument in the * radix specified by the second argument. * * @param longVal A {@code long} to be converted to a string. * @param radix The radix to use in the string representation. * @return A string representation of the argument in the specified radix. */ public static String toString(long longVal, int radix) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a string representation of the {@code float} * argument. * * @param floatVal The float to be converted. * @return A string representation of the argument. */ public static String toString(float floatVal) { return CProver.nondetWithoutNullForNotModelled(); } /** * Returns a string representation of the {@code double} * argument. * *

The double is converted to a float first as the string solver currently * can convert float to String but not double to String. * * @param doubleVal The double to be converted. * @return A string representation of the argument. */ public static String toString(double doubleVal) { return toString(CProver.doubleToFloat(doubleVal)); } /** * Exactly as Integer.parseInt, except str is already checked non-null, the * radix is already checked in-range and 'str' is known to be a valid integer * according to isValidInt below */ public static int parseInt(String str, int radix) { return CProver.nondetInt(); } /** * Exactly as Long.parseLong, except str is already checked non-null, the * radix is already checked in-range and 'str' is known to be a valid integer * according to isValidLong below */ public static long parseLong(String str, int radix) { return CProver.nondetLong(); } /** * Returns true if string 'str' is a valid integer: contains at least one * digit, perhaps a leading '+' or '-', and doesn't contain invalid chars * for the given radix. */ public static boolean isValidInt(String str, int radix) { return CProver.nondetBoolean(); } /** * Returns true if string 'str' is a valid long: contains at least one * digit, perhaps a leading '+' or '-', and doesn't contain invalid chars * for the given radix. */ public static boolean isValidLong(String str, int radix) { return CProver.nondetBoolean(); } } java-cprover-api-master/src/main/java/org/cprover/MustNotThrow.java000066400000000000000000000004071377067244400257370ustar00rootroot00000000000000package org.cprover; /** * This can be added to methods to indicate they aren't allowed to throw * exceptions. JBMC and related tools will truncate any execution path on which * they do with an ASSUME FALSE instruction. */ public @interface MustNotThrow { } java-cprover-api-master/src/main/java/org/cprover/package-info.java000066400000000000000000000000251377067244400256220ustar00rootroot00000000000000package org.cprover;