Let consider the code given below, may I know why CBMC is unwinding more than the upper bound limit while we have assumed the initial value of io is greater then 2.
#include<assert.h>
void main()
{
int i0;
int o1;
__CPROVER_assume(i0>=2);
//assert(i0>=0);
while(i0<=10)
{
i0=i0+1;
}
o1=i0+1;
assert((o1 <= 1));
}
CBMC Output:
CBMC version 5.8 64-bit x86_64 linux
Parsing /tmp/in1_1524461553_1936466587.c
Converting
Type-checking in1_1524461553_1936466587
Generating GOTO Program
Adding CPROVER library (x86_64)
Removal of function pointers and virtual functions
Partial Inlining
Generic Property Instrumentation
Starting Bounded Model Checking
Unwinding loop main.0 iteration 1 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 2 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 3 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 4 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 5 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 6 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 7 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 8 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 9 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 10 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 11 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 12 file /tmp/in1_1524461553_1936466587.c line 9 function main thread 0
Unwinding loop main.0 iteration 13 file /tmp/in1_1524461553_1936466587.c
I guess symex hasn't been smart enough to see that the condition on the loop will always be false beyond a certain iteration. It tries to simplify expressions a bit as it goes along, but not all that much. When this is converted to a formula and passed to the SAT solver, the SAT solver will quickly see that the conditions for those iterations of the loop can never be satisfied and discard those parts of the formula, so it shouldn't affect correctness (though of course it may mean that CBMC takes a long time to run).