CBMC在我的Pthreads程序中检测到断言错误，是否正确？_C_Pthreads_Cbmc

CBMC在我的Pthreads程序中检测到断言错误，是否正确？

CBMC在我的Pthreads程序中检测到断言错误，是否正确？,c,pthreads,cbmc,C,Pthreads,Cbmc,我使用CBMC验证我的Pthreads程序，它检测到一些断言错误，我认为这些错误不存在。只有当我同时运行两个线程时，才会发生错误。也就是说，当我将调用线程函数（func或func1）的语句之一放入注释中时，CBMC可以验证它是否成功。数组a和b的赋值是否有冲突 int a[4], b[4]; static void * func(void * me) { int i; for(i=0; i<2; i++){ a[i] = b[i] = i; assert( a[i

我使用CBMC验证我的Pthreads程序，它检测到一些断言错误，我认为这些错误不存在。只有当我同时运行两个线程时，才会发生错误。也就是说，当我将调用线程函数（
func
或
func1
）的语句之一放入注释中时，CBMC可以验证它是否成功。数组
a
和
b
的赋值是否有冲突

int a[4], b[4]; static void * func(void * me) { int i; for(i=0; i<2; i++){ a[i] = b[i] = i; assert( a[i] == i ); //failed } return ((void *) 0); } static void * func1(void * me) { int i; for(i=2; i<4; i++){ a[i] = b[i] = i; assert( a[i] == i ); //failed } return ((void *) 0); } int main(){ pthread_t thr1; pthread_create(&thr1, NULL, func1, (void *)0); (*func)(0); pthread_join(thr1,NULL); return 0; }

这看起来是CBMC方面的假阳性
我们可以看到主线程将修改
a[0]
，
a[1]
，
b[0]
，以及
b[1]
线程thr1修改
a[2]
、
a[3]
、
b[2]
和
b[3]
实际上，线程之间并没有重叠的访问，所以这个程序的行为应该像是按顺序运行一样
CBMC产生的错误跟踪也没有多大意义：

Counterexample: State 19 file test.c line 27 function main thread 0 ---------------------------------------------------- thr1=1ul (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001) State 22 file test.c line 28 function main thread 0 ---------------------------------------------------- thread=&thr1!0@1 (00000010 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 23 file test.c line 28 function main thread 0 ---------------------------------------------------- attr=((union pthread_attr_t { char __size[56l]; signed long int __align; } *)NULL) (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 24 file test.c line 28 function main thread 0 ---------------------------------------------------- start_routine=func1 (00000011 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 25 file test.c line 28 function main thread 0 ---------------------------------------------------- arg=NULL (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 47 file test.c line 29 function main thread 0 ---------------------------------------------------- me=NULL (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 48 file test.c line 8 function func thread 0 ---------------------------------------------------- i=0 (00000000 00000000 00000000 00000000) State 49 file test.c line 9 function func thread 0 ---------------------------------------------------- i=0 (00000000 00000000 00000000 00000000) State 51 file test.c line 10 function func thread 0 ---------------------------------------------------- b[0l]=0 (00000000 00000000 00000000 00000000) State 52 file test.c line 10 function func thread 0 ---------------------------------------------------- a[0l]=0 (00000000 00000000 00000000 00000000) State 54 file test.c line 9 function func thread 0 ---------------------------------------------------- i=1 (00000000 00000000 00000000 00000001) State 57 file test.c line 10 function func thread 0 ---------------------------------------------------- b[1l]=1 (00000000 00000000 00000000 00000001) State 58 file test.c line 20 function func1 thread 1 ---------------------------------------------------- b[2l]=2 (00000000 00000000 00000000 00000010) State 59 file test.c line 20 function func1 thread 1 ---------------------------------------------------- a[2l]=2 (00000000 00000000 00000000 00000010) State 61 file test.c line 19 function func1 thread 1 ---------------------------------------------------- i=3 (00000000 00000000 00000000 00000011) State 64 file test.c line 10 function func thread 0 ---------------------------------------------------- a[1l]=0 (00000000 00000000 00000000 00000000) Violated property: file test.c line 11 function func assertion a[i] == i a[(signed long int)i] == i VERIFICATION FAILED
这个反例声称
a[1]==0
。然而，状态64显示
0
被分配给
a[1]
，即使在状态57中
b[1]
的最后写入值是
1

Counterexample: State 19 file test.c line 27 function main thread 0 ---------------------------------------------------- thr1=1ul (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001) State 22 file test.c line 28 function main thread 0 ---------------------------------------------------- thread=&thr1!0@1 (00000010 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 23 file test.c line 28 function main thread 0 ---------------------------------------------------- attr=((union pthread_attr_t { char __size[56l]; signed long int __align; } *)NULL) (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 24 file test.c line 28 function main thread 0 ---------------------------------------------------- start_routine=func1 (00000011 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 25 file test.c line 28 function main thread 0 ---------------------------------------------------- arg=NULL (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 47 file test.c line 29 function main thread 0 ---------------------------------------------------- me=NULL (00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000) State 48 file test.c line 8 function func thread 0 ---------------------------------------------------- i=0 (00000000 00000000 00000000 00000000) State 49 file test.c line 9 function func thread 0 ---------------------------------------------------- i=0 (00000000 00000000 00000000 00000000) State 51 file test.c line 10 function func thread 0 ---------------------------------------------------- b[0l]=0 (00000000 00000000 00000000 00000000) State 52 file test.c line 10 function func thread 0 ---------------------------------------------------- a[0l]=0 (00000000 00000000 00000000 00000000) State 54 file test.c line 9 function func thread 0 ---------------------------------------------------- i=1 (00000000 00000000 00000000 00000001) State 57 file test.c line 10 function func thread 0 ---------------------------------------------------- b[1l]=1 (00000000 00000000 00000000 00000001) State 58 file test.c line 20 function func1 thread 1 ---------------------------------------------------- b[2l]=2 (00000000 00000000 00000000 00000010) State 59 file test.c line 20 function func1 thread 1 ---------------------------------------------------- a[2l]=2 (00000000 00000000 00000000 00000010) State 61 file test.c line 19 function func1 thread 1 ---------------------------------------------------- i=3 (00000000 00000000 00000000 00000011) State 64 file test.c line 10 function func thread 0 ---------------------------------------------------- a[1l]=0 (00000000 00000000 00000000 00000000) Violated property: file test.c line 11 function func assertion a[i] == i a[(signed long int)i] == i VERIFICATION FAILED