Difference in behavior of cbmc --unwind N and goto-instrument --unwind N #6432
Description
CBMC version: 5.42.0 (cbmc-5.42.0-2-g038a53b50)
Operating system: Debian
Exact command line resulting in the issue: cbmc --unwind 8 --unwinding-assertions test.c --function foo
What behaviour did you expect: No assertions should fail
What happened instead: Assertions fail, unless I use --unwind 9 instead of --unwind 8
I have the following code in test.c:
int foo(void) {
int sum = 0;
for (int i = 0; i < 8; i++) {
sum += i;
}
return sum;
}
The loop should iterate 8 times. If I perform the unwinding with goto-instrument, everything works as expected:
goto-cc test.c -o test.gb
goto-instrument --unwind 8 --unwinding-assertions test.gb test-unwinding.gb
cbmc test-unwinding.gb --function foo
In the output I have no verification errors and I see [foo.1] line 3 assertion: SUCCESS. If I use --unwind 7 instead it fails as expected.
But when I use CBMC directly, this fails:
cbmc --unwind 8 --unwinding-assertions test.c --function foo
I see [foo.unwind.0] line 3 unwinding assertion loop 0: FAILURE. However, using --unwind 9 works.
Is there an off-by-one issue here, or am I misunderstanding something?