Skip to content
Documentation
C and C++
CPP Support

CPP Support

Supported features:

ESBMC v7 supports the following C++ features:

  • Class

  • C++ New and Delete: Dangling pointer, Double delete and Mismatched operators

  • constructors and destructors

  • lvalue reference

  • rvalue reference

  • Move semantics: Move constructor, Move assignment operator.

  • C++ OM fixed: string_view, algorithm, vector, Typeinfo, iterator, string, queue, numeric, set

  • Standard lib: <type_traits>

  • Improved references and Temporary object

  • New Clang node

    • DefaultInit Expr
    • sizeof Expr
    • C++ 11 nullptr_t Expr
    • C++ 17 variable template declarations

  • template

  • inheritance and polymorphism:

    • single-level polymorhism
    • multi-level polymorhism
    • pure virtual method
    • virtual inheritance (the diamond problem)
    • correct order of ctors/dtors:
      • tracked by the umbrella issue issue 940, affected features are listed below:
        • Virtual destructor
        • Base initialization for the most-derivied class
        • Order of destruction in case of object composition (part-whole relationship)

  • (TODO) Exception handling:

    • try-catch, throw

Recently added language and library support

The following features have been added since the support summary above and are each covered by passing regression tests (under regression/esbmc-cpp*). The standard given is the one the test exercises (--std).

C++11

  • Inheriting constructors — using Base::Base;, including multi-base and chained forms (regression/esbmc-cpp11/constructors/UsingConstructor*)

C++17

  • Structured bindings — auto [a, b] = …, including binding by reference (regression/esbmc-cpp17/cpp/github_4377_structured_binding*)

C++20

  • Concepts and requires clauses (github_4190_concept_combo)
  • Three-way comparison <=> and the <compare> operational model, including pointer and side-effecting operands (github_4377_spaceship*, github_4377_compare)
  • Class template argument deduction (CTAD) (github_4377_ctad)
  • Parenthesized aggregate initialization (github_4377_paren_init*)
  • using enum declarations (regression/esbmc-cpp/bug_fixes/github_4195*)
  • char8_t (github_4377_char8)
  • Library: std::span (github_4190_span, github_4248_span_bit), std::optional (github_4245_optional_*), <chrono> durations (github_4245_chrono_*, github_4264_chrono_max_*), std::source_location (github_4377_source_location)

C++23

  • Explicit object parameter (“deducing this”), including mutating receivers (github_4377_deducing_this*)
  • static operator() — static call operator, with the implicit object argument skipped (github_4377_static_call)
  • Library: std::expected (github_4377_expected)

Exceptions and destructors

  • noexcept / throw() exception specifications are lowered under --lower-exceptions (regression/esbmc-cpp/try_catch/lower-exceptions_noexcept_*, exception_spec_noexcept_*)
  • dynamic_cast<T&> throws std::bad_cast on a failed reference cast
  • Virtual base destructor and member/base destructor-chain synthesis fixes
  • <exception> operational model: std::exception_ptr with current_exception / rethrow_exception / make_exception_ptr, and nested exceptions (throw_with_nested / rethrow_if_nested). The per-thread handled-exception stack and uncaught counter are instrumented pay-per-use — only when the program touches them (lower-exceptions_make_exception_ptr, lower-exceptions_exception_ptr_rethrow, lower-exceptions_nested_rethrow)
  • std::uncaught_exception / std::uncaught_exceptions via a lowered per-thread count (lower-exceptions_uncaught_count)
  • std::vector::at throws std::out_of_range instead of asserting (try-catch_vector_02_bug); std::bad_cast / std::bad_typeid derive from std::exception with a virtual what()
  • Concurrent exceptions: the exception-state globals are thread-local, so each thread raises, catches, and clears its own in-flight exception independently — concurrently-throwing programs are lowered directly rather than rejected (lower-exceptions_concurrent). A pthread start routine reached through a computed pointer (or also called directly) cannot get a sound per-function uncaught-escape check and is declined as unsupported; declining is sound — it never validates a buggy program (lower-exceptions_concurrent_dualuse)

Features WIP:

Backlog:

Issues are listed from high to low priority in each subsection:

Development Tracking:

The new clang-based frontend is under development. We are currently working to pass the benchmark regression/esbmc-cpp/cpp which contains 370 test cases. Please see benchmark stats in each subsection.

The stats are generated by applying the following commands in the benchmark logs from Github workflow “Run a Benchmark”:

To generate stats about error signatures:

egrep "Assertion|ERROR" * -rn | egrep -v "//" | cut -d':' -f3- | sort | uniq -c

To generate stats about passes:

egrep "VERIFICATION FAILED|VERIFICATION SUCCESSFUL" * -rn | rev | cut -d ':' -f 1 | rev | sort | uniq -c

Summary of Pass Rate in Each Test Suite:

Note: the figures below are a historical snapshot from June 2024 and are retained for reference only. Pass rates have since improved (see Recently added language and library support above); for the current state, run the esbmc-cpp* regression suites or consult the CI results.

Test SuitePass RateDateRemarks
cpp333/376, 88.56%24/06/2024Last run: result link
inheritance_bringup14/15, 93.3%24/06/2024Skipped as the last TC is not passable even by the old esbmc-v2.1
polymorphism_bringup39/45, 86.7%24/06/20241x TC failure is caused by issue 938. 2x TC failures are caused by issue 940. The remaining failures are skipped as they are not passable even by the old esbmc-v2.1
cbmc119/120, 99%24/06/2024This suite contains ‘Template_XXX’ TCs only. Last run: result link The failed TC is covered by https://github.com/esbmc/esbmc/issues/940
gcc-template-tests26/32, 81.25%24/06/2024Last run: result link - apart from arg6, const1, spec26, union1 and vtable1, the remaining failed TCs are not passable by v2.1
template17/27, 62.96%24/06/2024Last run: result link - the remaining failed TCs are either OM dependent or not passable by v2.1
stream57/65, 86.15%24/06/2024Last run: result link
string206/233, 88%24/06/2024Last run: result link
algorithm135/168, 80%24/06/2024Last run: result link
deque38/43, 88%24/06/2024Last run: result link
list47/72, 65%24/06/2024Last run: result link
map38/47, 81%24/06/2024Last run: result link
multimap41/45, 91%24/06/2024Last run: result link
multiset8/43, 18%24/06/2024Last run: result link
priority_queue13/15, 87%24/06/2024Last run: result link
set30/48, 62%24/06/2024Last run: result link
stack12/14, 85%24/06/2024Last run: result link
vector133/149, 89%24/06/2024Last run: result link
try_catch73/83, 88%24/06/2024Last run: result link

The following lines are used to fix the TCs, and added here for future reference: The commands below are for future reference: Fix the include path for Linux CIs:

egrep "\-I ~/libraries" . -rl | xargs sed -i 's/-I \~\/libraries/-I \/__w\/esbmc\/esbmc\/src\/cpp\/library/g'

Add tag for each TC in a test suite:

from pathlib import Path
for path in Path('./').rglob('test.desc'):
    print(path)
    f = open(path,'r')
    lines = f.readlines()[:-1]
    lines.append("<item_10_mode>KNOWNBUG</item_10_mode>" + "\n")
    lines.append("</test-case>")
    f.close()
    f = open(path,'w')
    f.writelines(lines)

Tracking Error Signatures for esbmc-cpp/cpp test suite:

Since we’ve added the support for most of the key features, most, if not all, errors are of the type PARSE ERRORS in our OMs for STL test suites. There’s no need to track parse errors for those test suites. See section Summary of Pass Rate in Each Test Suite for the most up-to-date pass rate.

Build LLVM from source:

Using a debug build of clang greatly helps debugging the clang-based C++ converter in ESBMC. See Rafael’s guide in https://github.com/esbmc/esbmc/wiki/Windows-Build#llvm

C/C++ CTest Test Case GenerationCPP Workflow and Resource