Do not turn trivially diverging loops into assume(false)

CBMC's symbolic execution by default turns `while(true) {}` loops into `assume(false)` to counter trivial non-termination of symbolic execution. When unwinding assertions are enabled, however, we should report the non-termination of such loops.
tautschnig · Jun 4, 2024 · b32df89 · b32df89
1 parent 7bf23a2
commit b32df89
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/kani-driver/src/call_cbmc.rs b/kani-driver/src/call_cbmc.rs
@@ -183,6 +183,7 @@ impl KaniSession {
 
         if self.args.checks.unwinding_on() {
             args.push("--unwinding-assertions".into());
+            args.push("--no-self-loops-to-assumptions".into());
         }
 
         if self.args.extra_pointer_checks {

diff --git a/tests/expected/function-contract/diverging_loop.expected b/tests/expected/function-contract/diverging_loop.expected
@@ -0,0 +1,3 @@
+Failed Checks: unwinding assertion loop 0
+
+VERIFICATION:- FAILED
diff --git a/tests/expected/function-contract/diverging_loop.rs b/tests/expected/function-contract/diverging_loop.rs
@@ -0,0 +1,11 @@
+#[kani::ensures(result == 1)]
+fn foo() -> i32 {
+    loop {};
+    2
+}
+
+#[kani::proof_for_contract(foo)]
+#[kani::unwind(1)]
+fn check_foo() {
+    let _ = foo();
+}