Report safe properties in BMC and CHC

Changelog.md

@@ -4,6 +4,7 @@ Language Features:
 
 
 Compiler Features:
+ * SMTChecker: Properties that are proved safe are now reported explicitly at the end of the analysis. By default, only the number of safe properties is shown. The CLI option ``--model-checker-show-proved-safe`` and the JSON option ``settings.modelChecker.showProvedSafe`` can be enabled to show the full list of safe properties.
 
 
 Bugfixes:

docs/smtchecker.rst

@@ -483,6 +483,14 @@ All targets are checked by default, except underflow and overflow for Solidity >
 There is no precise heuristic on how and when to split verification targets,
 but it can be useful especially when dealing with large contracts.
 
+Proved Targets
+==============
+
+If there are any proved targets, the SMTChecker issues one warning per engine stating
+how many targets were proved. If the user wishes to see all the specific
+proved targets, the CLI option ``--model-checker-show-proved`` and
+the JSON option ``settings.modelChecker.showProved = true`` can be used.
+
 Unproved Targets
 ================
 

docs/using-the-compiler.rst

@@ -439,6 +439,8 @@ Input Description
           "extCalls": "trusted",
           // Choose which types of invariants should be reported to the user: contract, reentrancy.
           "invariants": ["contract", "reentrancy"],
+          // Choose whether to output all proved targets. The default is `false`.
+          "showProved": true,
           // Choose whether to output all unproved targets. The default is `false`.
           "showUnproved": true,
           // Choose which solvers should be used, if available.

libsolidity/formal/BMC.cpp

@@ -99,6 +99,26 @@ void BMC::analyze(SourceUnit const& _source, map<ASTNode const*, set<Verificatio
 			" Consider increasing the timeout per query."
 		);
 
+	if (!m_settings.showProvedSafe && !m_safeTargets.empty())
+		m_errorReporter.info(
+			6002_error,
+			"BMC: " +
+			to_string(m_safeTargets.size()) +
+			" verification condition(s) proved safe!" +
+			" Enable the model checker option \"show proved safe\" to see all of them."
+		);
+	else if (m_settings.showProvedSafe)
+		for (auto const& [node, targets]: m_safeTargets)
+			for (auto const& target: targets)
+				m_errorReporter.info(
+					2961_error,
+					node->location(),
+					"BMC: " +
+					targetDescription(target) +
+					" check is safe!"
+				);
+
+
 	// If this check is true, Z3 and CVC4 are not available
 	// and the query answers were not provided, since SMTPortfolio
 	// guarantees that SmtLib2Interface is the first solver, if enabled.
@@ -694,6 +714,30 @@ pair<vector<smtutil::Expression>, vector<string>> BMC::modelExpressions()
 
 /// Verification targets.
 
+string BMC::targetDescription(BMCVerificationTarget const& _target)
+{
+	if (
+		_target.type == VerificationTargetType::Underflow ||
+		_target.type == VerificationTargetType::Overflow
+	)
+	{
+		auto const* intType = dynamic_cast<IntegerType const*>(_target.expression->annotation().type);
+		if (!intType)
+			intType = TypeProvider::uint256();
+
+		if (_target.type == VerificationTargetType::Underflow)
+			return "Underflow (resulting value less than " + formatNumberReadable(intType->minValue()) + ")";
+		return "Overflow (resulting value larger than " + formatNumberReadable(intType->maxValue()) + ")";
+	}
+	else if (_target.type == VerificationTargetType::DivByZero)
+		return "Division by zero";
+	else if (_target.type == VerificationTargetType::Assert)
+		return "Assertion violation";
+	else if (_target.type == VerificationTargetType::Balance)
+		return "Insufficient funds";
+	solAssert(false);
+}
+
 void BMC::checkVerificationTargets()
 {
 	for (auto& target: m_verificationTargets)
@@ -762,13 +806,13 @@ void BMC::checkUnderflow(BMCVerificationTarget& _target)
 		intType = TypeProvider::uint256();
 
 	checkCondition(
+		_target,
 		_target.constraints && _target.value < smt::minValue(*intType),
 		_target.callStack,
 		_target.modelExpressions,
 		_target.expression->location(),
 		4144_error,
 		8312_error,
-		"Underflow (resulting value less than " + formatNumberReadable(intType->minValue()) + ")",
 		"<result>",
 		&_target.value
 	);
@@ -795,13 +839,13 @@ void BMC::checkOverflow(BMCVerificationTarget& _target)
 		intType = TypeProvider::uint256();
 
 	checkCondition(
+		_target,
 		_target.constraints && _target.value > smt::maxValue(*intType),
 		_target.callStack,
 		_target.modelExpressions,
 		_target.expression->location(),
 		2661_error,
 		8065_error,
-		"Overflow (resulting value larger than " + formatNumberReadable(intType->maxValue()) + ")",
 		"<result>",
 		&_target.value
 	);
@@ -818,13 +862,13 @@ void BMC::checkDivByZero(BMCVerificationTarget& _target)
 		return;
 
 	checkCondition(
+		_target,
 		_target.constraints && (_target.value == 0),
 		_target.callStack,
 		_target.modelExpressions,
 		_target.expression->location(),
 		3046_error,
 		5272_error,
-		"Division by zero",
 		"<result>",
 		&_target.value
 	);
@@ -834,13 +878,13 @@ void BMC::checkBalance(BMCVerificationTarget& _target)
 {
 	solAssert(_target.type == VerificationTargetType::Balance, "");
 	checkCondition(
+		_target,
 		_target.constraints && _target.value,
 		_target.callStack,
 		_target.modelExpressions,
 		_target.expression->location(),
 		1236_error,
 		4010_error,
-		"Insufficient funds",
 		"address(this).balance"
 	);
 }
@@ -856,13 +900,13 @@ void BMC::checkAssert(BMCVerificationTarget& _target)
 		return;
 
 	checkCondition(
+		_target,
 		_target.constraints && !_target.value,
 		_target.callStack,
 		_target.modelExpressions,
 		_target.expression->location(),
 		4661_error,
-		7812_error,
+		7812_error
-		"Assertion violation"
 	);
 }
 
@@ -894,13 +938,13 @@ void BMC::addVerificationTarget(
 /// Solving.
 
 void BMC::checkCondition(
+	BMCVerificationTarget const& _target,
 	smtutil::Expression _condition,
 	vector<SMTEncoder::CallStackEntry> const& _callStack,
 	pair<vector<smtutil::Expression>, vector<string>> const& _modelExpressions,
 	SourceLocation const& _location,
 	ErrorId _errorHappens,
 	ErrorId _errorMightHappen,
-	string const& _description,
 	string const& _additionalValueName,
 	smtutil::Expression const* _additionalValue
 )
@@ -942,7 +986,7 @@ void BMC::checkCondition(
 	{
 		solAssert(!_callStack.empty(), "");
 		std::ostringstream message;
-		message << "BMC: " << _description << " happens here.";
+		message << "BMC: " << targetDescription(_target) << " happens here.";
 
 		std::ostringstream modelMessage;
 		// Sometimes models have complex smtlib2 expressions that SMTLib2Interface fails to parse.
@@ -969,12 +1013,15 @@ void BMC::checkCondition(
 		break;
 	}
 	case smtutil::CheckResult::UNSATISFIABLE:
+	{
+		m_safeTargets[_target.expression].insert(_target);
 		break;
+	}
 	case smtutil::CheckResult::UNKNOWN:
 	{
 		++m_unprovedAmt;
 		if (m_settings.showUnproved)
-			m_errorReporter.warning(_errorMightHappen, _location, "BMC: " + _description + " might happen here.", secondaryLocation);
+			m_errorReporter.warning(_errorMightHappen, _location, "BMC: " + targetDescription(_target) + " might happen here.", secondaryLocation);
 		break;
 	}
 	case smtutil::CheckResult::CONFLICTING:

libsolidity/formal/BMC.h

@@ -135,8 +135,15 @@ private:
 		Expression const* expression;
 		std::vector<CallStackEntry> callStack;
 		std::pair<std::vector<smtutil::Expression>, std::vector<std::string>> modelExpressions;
+
+		friend bool operator<(BMCVerificationTarget const& _a, BMCVerificationTarget const& _b)
+		{
+			return _a.expression->id() < _b.expression->id();
+		}
 	};
 
+	std::string targetDescription(BMCVerificationTarget const& _target);
+
 	void checkVerificationTargets();
 	void checkVerificationTarget(BMCVerificationTarget& _target);
 	void checkConstantCondition(BMCVerificationTarget& _target);
@@ -156,13 +163,13 @@ private:
 	//@{
 	/// Check that a condition can be satisfied.
 	void checkCondition(
+		BMCVerificationTarget const& _target,
 		smtutil::Expression _condition,
 		std::vector<CallStackEntry> const& _callStack,
 		std::pair<std::vector<smtutil::Expression>, std::vector<std::string>> const& _modelExpressions,
 		langutil::SourceLocation const& _location,
 		langutil::ErrorId _errorHappens,
 		langutil::ErrorId _errorMightHappen,
-		std::string const& _description,
 		std::string const& _additionalValueName = "",
 		smtutil::Expression const* _additionalValue = nullptr
 	);
@@ -188,7 +195,10 @@ private:
 
 	std::vector<BMCVerificationTarget> m_verificationTargets;
 
-	/// Targets that were already proven.
+	/// Targets proved safe by this engine.
+	std::map<ASTNode const*, std::set<BMCVerificationTarget>, smt::EncodingContext::IdCompare> m_safeTargets;
+
+	/// Targets that were already proven before this engine started.
 	std::map<ASTNode const*, std::set<VerificationTargetType>, smt::EncodingContext::IdCompare> m_solvedTargets;
 
 	/// Number of verification conditions that could not be proved.

libsolidity/formal/CHC.cpp

@@ -1882,6 +1882,48 @@ void CHC::verificationTargetEncountered(
 	m_context.addAssertion(errorFlag().currentValue() == previousError);
 }
 
+pair<string, ErrorId> CHC::targetDescription(CHCVerificationTarget const& _target)
+{
+	if (_target.type == VerificationTargetType::PopEmptyArray)
+	{
+		solAssert(dynamic_cast<FunctionCall const*>(_target.errorNode), "");
+		return {"Empty array \"pop\"", 2529_error};
+	}
+	else if (_target.type == VerificationTargetType::OutOfBounds)
+	{
+		solAssert(dynamic_cast<IndexAccess const*>(_target.errorNode), "");
+		return {"Out of bounds access", 6368_error};
+	}
+	else if (
+		_target.type == VerificationTargetType::Underflow ||
+		_target.type == VerificationTargetType::Overflow
+	)
+	{
+		auto const* expr = dynamic_cast<Expression const*>(_target.errorNode);
+		solAssert(expr, "");
+		auto const* intType = dynamic_cast<IntegerType const*>(expr->annotation().type);
+		if (!intType)
+			intType = TypeProvider::uint256();
+
+		if (_target.type == VerificationTargetType::Underflow)
+			return {
+				"Underflow (resulting value less than " + formatNumberReadable(intType->minValue()) + ")",
+				3944_error
+			};
+
+		return {
+			"Overflow (resulting value larger than " + formatNumberReadable(intType->maxValue()) + ")",
+			4984_error
+		};
+	}
+	else if (_target.type == VerificationTargetType::DivByZero)
+		return {"Division by zero", 4281_error};
+	else if (_target.type == VerificationTargetType::Assert)
+		return {"Assertion violation", 6328_error};
+	else
+		solAssert(false);
+}
+
 void CHC::checkVerificationTargets()
 {
 	// The verification conditions have been collected per function where they have been encountered (m_verificationTargets).
@@ -1900,57 +1942,8 @@ void CHC::checkVerificationTargets()
 	set<unsigned> checkedErrorIds;
 	for (auto const& [targetId, placeholders]: targetEntryPoints)
 	{
-		string errorType;
-		ErrorId errorReporterId;
-
 		auto const& target = m_verificationTargets.at(targetId);
-
+		auto [errorType, errorReporterId] = targetDescription(target);
-		if (target.type == VerificationTargetType::PopEmptyArray)
-		{
-			solAssert(dynamic_cast<FunctionCall const*>(target.errorNode), "");
-			errorType = "Empty array \"pop\"";
-			errorReporterId = 2529_error;
-		}
-		else if (target.type == VerificationTargetType::OutOfBounds)
-		{
-			solAssert(dynamic_cast<IndexAccess const*>(target.errorNode), "");
-			errorType = "Out of bounds access";
-			errorReporterId = 6368_error;
-		}
-		else if (
-			target.type == VerificationTargetType::Underflow ||
-			target.type == VerificationTargetType::Overflow
-		)
-		{
-			auto const* expr = dynamic_cast<Expression const*>(target.errorNode);
-			solAssert(expr, "");
-			auto const* intType = dynamic_cast<IntegerType const*>(expr->annotation().type);
-			if (!intType)
-				intType = TypeProvider::uint256();
-
-			if (target.type == VerificationTargetType::Underflow)
-			{
-				errorType = "Underflow (resulting value less than " + formatNumberReadable(intType->minValue()) + ")";
-				errorReporterId = 3944_error;
-			}
-			else if (target.type == VerificationTargetType::Overflow)
-			{
-				errorType = "Overflow (resulting value larger than " + formatNumberReadable(intType->maxValue()) + ")";
-				errorReporterId = 4984_error;
-			}
-		}
-		else if (target.type == VerificationTargetType::DivByZero)
-		{
-			errorType = "Division by zero";
-			errorReporterId = 4281_error;
-		}
-		else if (target.type == VerificationTargetType::Assert)
-		{
-			errorType = "Assertion violation";
-			errorReporterId = 6328_error;
-		}
-		else
-			solAssert(false, "");
 
 		checkAndReportTarget(target, placeholders, errorReporterId, errorType + " happens here.", errorType + " might happen here.");
 		checkedErrorIds.insert(target.errorId);
@@ -1982,6 +1975,25 @@ void CHC::checkVerificationTargets()
 			" Consider increasing the timeout per query."
 		);
 
+	if (!m_settings.showProvedSafe && !m_safeTargets.empty())
+		m_errorReporter.info(
+			1391_error,
+			"CHC: " +
+			to_string(m_safeTargets.size()) +
+			" verification condition(s) proved safe!" +
+			" Enable the model checker option \"show proved safe\" to see all of them."
+		);
+	else if (m_settings.showProvedSafe)
+		for (auto const& [node, targets]: m_safeTargets)
+			for (auto const& target: targets)
+				m_errorReporter.info(
+					9576_error,
+					node->location(),
+					"CHC: " +
+					targetDescription(target).first +
+					" check is safe!"
+				);
+
 	if (!m_settings.invariants.invariants.empty())
 	{
 		string msg;
@@ -2040,7 +2052,7 @@ void CHC::checkVerificationTargets()
 		inserter(unreachableErrorIds, unreachableErrorIds.begin())
 	);
 	for (auto id: unreachableErrorIds)
-		m_safeTargets[m_verificationTargets.at(id).errorNode].insert(m_verificationTargets.at(id).type);
+		m_safeTargets[m_verificationTargets.at(id).errorNode].insert(m_verificationTargets.at(id));
 }
 
 void CHC::checkAndReportTarget(
@@ -2065,7 +2077,7 @@ void CHC::checkAndReportTarget(
 	auto [result, invariant, model] = query(error(), location);
 	if (result == CheckResult::UNSATISFIABLE)
 	{
-		m_safeTargets[_target.errorNode].insert(_target.type);
+		m_safeTargets[_target.errorNode].insert(_target);
 		set<Predicate const*> predicates;
 		for (auto const* pred: m_interfaces | ranges::views::values)
 			predicates.insert(pred);

libsolidity/formal/CHC.h

@@ -65,13 +65,25 @@ public:
 
 	void analyze(SourceUnit const& _sources);
 
+	struct CHCVerificationTarget: VerificationTarget
+	{
+		unsigned const errorId;
+		ASTNode const* const errorNode;
+
+		friend bool operator<(CHCVerificationTarget const& _a, CHCVerificationTarget const& _b)
+		{
+			return _a.errorId < _b.errorId;
+		}
+	};
+
 	struct ReportTargetInfo
 	{
 		langutil::ErrorId error;
 		langutil::SourceLocation location;
 		std::string message;
 	};
-	std::map<ASTNode const*, std::set<VerificationTargetType>, smt::EncodingContext::IdCompare> const& safeTargets() const { return m_safeTargets; }
+
+	std::map<ASTNode const*, std::set<CHCVerificationTarget>, smt::EncodingContext::IdCompare> const& safeTargets() const { return m_safeTargets; }
 	std::map<ASTNode const*, std::map<VerificationTargetType, ReportTargetInfo>, smt::EncodingContext::IdCompare> const& unsafeTargets() const { return m_unsafeTargets; }
 
 	/// This is used if the Horn solver is not directly linked into this binary.
@@ -261,8 +273,6 @@ private:
 	void verificationTargetEncountered(ASTNode const* const _errorNode, VerificationTargetType _type, smtutil::Expression const& _errorCondition);
 
 	void checkVerificationTargets();
-	// Forward declarations. Definitions are below.
-	struct CHCVerificationTarget;
 	struct CHCQueryPlaceholder;
 	void checkAssertTarget(ASTNode const* _scope, CHCVerificationTarget const& _target);
 	void checkAndReportTarget(
@@ -273,6 +283,8 @@ private:
 		std::string _unknownMsg = ""
 	);
 
+	std::pair<std::string, langutil::ErrorId> targetDescription(CHCVerificationTarget const& _target);
+
 	std::optional<std::string> generateCounterexample(smtutil::CHCSolverInterface::CexGraph const& _graph, std::string const& _root);
 
 	/// @returns a call graph for function summaries in the counterexample graph.
@@ -370,12 +382,6 @@ private:
 
 	/// Verification targets.
 	//@{
-	struct CHCVerificationTarget: VerificationTarget
-	{
-		unsigned const errorId;
-		ASTNode const* const errorNode;
-	};
-
 	/// Query placeholder stores information necessary to create the final query edge in the CHC system.
 	/// It is combined with the unique error id (and error type) to create a complete Verification Target.
 	struct CHCQueryPlaceholder
@@ -398,7 +404,7 @@ private:
 	std::map<unsigned, CHCVerificationTarget> m_verificationTargets;
 
 	/// Targets proved safe.
-	std::map<ASTNode const*, std::set<VerificationTargetType>, smt::EncodingContext::IdCompare> m_safeTargets;
+	std::map<ASTNode const*, std::set<CHCVerificationTarget>, smt::EncodingContext::IdCompare> m_safeTargets;
 	/// Targets proved unsafe.
 	std::map<ASTNode const*, std::map<VerificationTargetType, ReportTargetInfo>, smt::EncodingContext::IdCompare> m_unsafeTargets;
 	/// Targets not proved.

libsolidity/formal/ModelChecker.cpp

@@ -125,7 +125,12 @@ void ModelChecker::analyze(SourceUnit const& _source)
 	if (m_settings.engine.chc)
 		m_chc.analyze(_source);
 
-	auto solvedTargets = m_chc.safeTargets();
+	map<ASTNode const*, set<VerificationTargetType>, smt::EncodingContext::IdCompare> solvedTargets;
+
+	for (auto const& [node, targets]: m_chc.safeTargets())
+		for (auto const& target: targets)
+			solvedTargets[node].insert(target.type);
+
 	for (auto const& [node, targets]: m_chc.unsafeTargets())
 		solvedTargets[node] += targets | ranges::views::keys;
 

libsolidity/formal/ModelCheckerSettings.h

@@ -168,6 +168,7 @@ struct ModelCheckerSettings
 	ModelCheckerEngine engine = ModelCheckerEngine::None();
 	ModelCheckerExtCalls externalCalls = {};
 	ModelCheckerInvariants invariants = ModelCheckerInvariants::Default();
+	bool showProvedSafe = false;
 	bool showUnproved = false;
 	smtutil::SMTSolverChoice solvers = smtutil::SMTSolverChoice::Z3();
 	ModelCheckerTargets targets = ModelCheckerTargets::Default();
@@ -182,6 +183,7 @@ struct ModelCheckerSettings
 			engine == _other.engine &&
 			externalCalls.mode == _other.externalCalls.mode &&
 			invariants == _other.invariants &&
+			showProvedSafe == _other.showProvedSafe &&
 			showUnproved == _other.showUnproved &&
 			solvers == _other.solvers &&
 			targets == _other.targets &&

libsolidity/interface/StandardCompiler.cpp

@@ -445,7 +445,7 @@ std::optional<Json::Value> checkSettingsKeys(Json::Value const& _input)
 
 std::optional<Json::Value> checkModelCheckerSettingsKeys(Json::Value const& _input)
 {
-	static set<string> keys{"contracts", "divModNoSlacks", "engine", "extCalls", "invariants", "showUnproved", "solvers", "targets", "timeout"};
+	static set<string> keys{"contracts", "divModNoSlacks", "engine", "extCalls", "invariants", "showProvedSafe", "showUnproved", "solvers", "targets", "timeout"};
 	return checkKeys(_input, keys, "modelChecker");
 }
 
@@ -1047,6 +1047,14 @@ std::variant<StandardCompiler::InputsAndSettings, Json::Value> StandardCompiler:
 		ret.modelCheckerSettings.invariants = invariants;
 	}
 
+	if (modelCheckerSettings.isMember("showProvedSafe"))
+	{
+		auto const& showProvedSafe = modelCheckerSettings["showProvedSafe"];
+		if (!showProvedSafe.isBool())
+			return formatFatalError(Error::Type::JSONError, "settings.modelChecker.showProvedSafe must be a Boolean value.");
+		ret.modelCheckerSettings.showProvedSafe = showProvedSafe.asBool();
+	}
+
 	if (modelCheckerSettings.isMember("showUnproved"))
 	{
 		auto const& showUnproved = modelCheckerSettings["showUnproved"];

scripts/error_codes.py

@@ -202,7 +202,10 @@ def examine_id_coverage(top_dir, source_id_to_file_names, new_ids_only=False):
         "4591", # "There are more than 256 warnings. Ignoring the rest."
                 # Due to 3805, the warning lists look different for different compiler builds.
         "1834", # Unimplemented feature error, as we do not test it anymore via cmdLineTests
-        "5430"  # basefee being used in inline assembly for EVMVersion < london
+        "5430", # basefee being used in inline assembly for EVMVersion < london
+        "1180", # SMTChecker, covered by CL tests
+        "2961", # SMTChecker, covered by CL tests
+        "9576", # SMTChecker, covered by CL tests
     }
     assert len(test_ids & white_ids) == 0, "The sets are not supposed to intersect"
     test_ids |= white_ids

solc/CommandLineParser.cpp

@@ -71,6 +71,7 @@ static string const g_strModelCheckerDivModNoSlacks = "model-checker-div-mod-no-
 static string const g_strModelCheckerEngine = "model-checker-engine";
 static string const g_strModelCheckerExtCalls = "model-checker-ext-calls";
 static string const g_strModelCheckerInvariants = "model-checker-invariants";
+static string const g_strModelCheckerShowProvedSafe = "model-checker-show-proved-safe";
 static string const g_strModelCheckerShowUnproved = "model-checker-show-unproved";
 static string const g_strModelCheckerSolvers = "model-checker-solvers";
 static string const g_strModelCheckerTargets = "model-checker-targets";
@@ -845,6 +846,10 @@ General Information)").c_str(),
 			" Multiple types of invariants can be selected at the same time, separated by a comma and no spaces."
 			" By default no invariants are reported."
 		)
+		(
+			g_strModelCheckerShowProvedSafe.c_str(),
+			"Show all targets that were proved safe separately."
+		)
 		(
 			g_strModelCheckerShowUnproved.c_str(),
 			"Show all unproved targets separately."
@@ -953,6 +958,7 @@ void CommandLineParser::processArgs()
 		{g_strMetadataLiteral, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
 		{g_strNoCBORMetadata, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
 		{g_strMetadataHash, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
+		{g_strModelCheckerShowProvedSafe, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
 		{g_strModelCheckerShowUnproved, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
 		{g_strModelCheckerDivModNoSlacks, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
 		{g_strModelCheckerEngine, {InputMode::Compiler, InputMode::CompilerWithASTImport}},
@@ -1314,6 +1320,9 @@ void CommandLineParser::processArgs()
 		m_options.modelChecker.settings.invariants = *invs;
 	}
 
+	if (m_args.count(g_strModelCheckerShowProvedSafe))
+		m_options.modelChecker.settings.showProvedSafe = true;
+
 	if (m_args.count(g_strModelCheckerShowUnproved))
 		m_options.modelChecker.settings.showUnproved = true;
 
@@ -1345,6 +1354,7 @@ void CommandLineParser::processArgs()
 		m_args.count(g_strModelCheckerEngine) ||
 		m_args.count(g_strModelCheckerExtCalls) ||
 		m_args.count(g_strModelCheckerInvariants) ||
+		m_args.count(g_strModelCheckerShowProvedSafe) ||
 		m_args.count(g_strModelCheckerShowUnproved) ||
 		m_args.count(g_strModelCheckerSolvers) ||
 		m_args.count(g_strModelCheckerTargets) ||

test/cmdlineTests/model_checker_divModSlacks_default_all/err

@@ -0,0 +1 @@
+Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_divModSlacks_default_bmc/err

@@ -0,0 +1 @@
+Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_divModSlacks_default_chc/err

@@ -0,0 +1 @@
+Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_divModSlacks_false_all/err

@@ -11,3 +11,5 @@ Warning: CHC: Error trying to invoke SMT solver.
   | 		               ^^^^^
 
 Warning: CHC: 2 verification condition(s) could not be proved. Enable the model checker option "show unproved" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.
+
+Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_divModSlacks_false_bmc/err

@@ -0,0 +1 @@
+Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_ext_calls_trusted_chc/err

@@ -3,3 +3,5 @@ Warning: Function state mutability can be restricted to pure
   |
 5 | 	function f() public view returns (uint) {
   | 	^ (Relevant source part starts here and spans across multiple lines).
+
+Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_invariants_all/err

@@ -4,6 +4,8 @@ Warning: Return value of low-level calls not used.
 6 | 		_a.call("");
   | 		^^^^^^^^^^^
 
+Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
+
 Info: Contract invariant(s) for model_checker_invariants_all/input.sol:test:
 (!(x >= 1) || true)
 Reentrancy property(ies) for model_checker_invariants_all/input.sol:test:

test/cmdlineTests/model_checker_invariants_contract/err

@@ -1,2 +1,4 @@
+Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
+
 Info: Contract invariant(s) for model_checker_invariants_contract/input.sol:test:
 (!(x >= 1) || true)

test/cmdlineTests/model_checker_invariants_contract_reentrancy/err

@@ -4,6 +4,8 @@ Warning: Return value of low-level calls not used.
 6 | 		_a.call("");
   | 		^^^^^^^^^^^
 
+Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
+
 Info: Contract invariant(s) for model_checker_invariants_contract_reentrancy/input.sol:test:
 (!(x >= 1) || true)
 Reentrancy property(ies) for model_checker_invariants_contract_reentrancy/input.sol:test:

test/cmdlineTests/model_checker_invariants_reentrancy/err

@@ -4,6 +4,8 @@ Warning: Return value of low-level calls not used.
 6 | 		_a.call("");
   | 		^^^^^^^^^^^
 
+Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
+
 Info: Reentrancy property(ies) for model_checker_invariants_reentrancy/input.sol:test:
 (((!(x <= 0) || !(x' >= 1)) && (!(x <= 0) || !(<errorCode> >= 1))) || true)
 <errorCode> = 0 -> no errors

test/cmdlineTests/model_checker_show_proved_safe_default_all_engines/args

@@ -0,0 +1 @@
+--model-checker-engine all

test/cmdlineTests/model_checker_show_proved_safe_default_all_engines/err

@@ -0,0 +1,7 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_default_all_engines/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_show_proved_safe_default_all_engines/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_show_proved_safe_default_bmc/args

@@ -0,0 +1 @@
+--model-checker-engine bmc

test/cmdlineTests/model_checker_show_proved_safe_default_bmc/err

@@ -0,0 +1,7 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_default_bmc/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_show_proved_safe_default_bmc/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_show_proved_safe_default_chc/args

@@ -0,0 +1 @@
+--model-checker-engine chc

test/cmdlineTests/model_checker_show_proved_safe_default_chc/err

@@ -0,0 +1,7 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_default_chc/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_show_proved_safe_default_chc/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_show_proved_safe_true_all_engines/args

@@ -0,0 +1 @@
+--model-checker-engine all --model-checker-show-proved-safe

test/cmdlineTests/model_checker_show_proved_safe_true_all_engines/err

@@ -0,0 +1,17 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_true_all_engines/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: CHC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_all_engines/input.sol:5:9:
+  |
+5 |         assert(x >= 0);
+  |         ^^^^^^^^^^^^^^
+
+Info: CHC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_all_engines/input.sol:6:9:
+  |
+6 |         assert(x < 1000);
+  |         ^^^^^^^^^^^^^^^^

test/cmdlineTests/model_checker_show_proved_safe_true_all_engines/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_show_proved_safe_true_bmc/args

@@ -0,0 +1 @@
+--model-checker-engine bmc --model-checker-show-proved-safe

test/cmdlineTests/model_checker_show_proved_safe_true_bmc/err

@@ -0,0 +1,17 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_true_bmc/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: BMC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_bmc/input.sol:5:9:
+  |
+5 |         assert(x >= 0);
+  |         ^^^^^^^^^^^^^^
+
+Info: BMC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_bmc/input.sol:6:9:
+  |
+6 |         assert(x < 1000);
+  |         ^^^^^^^^^^^^^^^^

test/cmdlineTests/model_checker_show_proved_safe_true_bmc/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_show_proved_safe_true_chc/args

@@ -0,0 +1 @@
+--model-checker-engine chc --model-checker-show-proved-safe

test/cmdlineTests/model_checker_show_proved_safe_true_chc/err

@@ -0,0 +1,17 @@
+Warning: Function state mutability can be restricted to pure
+ --> model_checker_show_proved_safe_true_chc/input.sol:4:5:
+  |
+4 |     function f(uint8 x) public {
+  |     ^ (Relevant source part starts here and spans across multiple lines).
+
+Info: CHC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_chc/input.sol:5:9:
+  |
+5 |         assert(x >= 0);
+  |         ^^^^^^^^^^^^^^
+
+Info: CHC: Assertion violation check is safe!
+ --> model_checker_show_proved_safe_true_chc/input.sol:6:9:
+  |
+6 |         assert(x < 1000);
+  |         ^^^^^^^^^^^^^^^^

test/cmdlineTests/model_checker_show_proved_safe_true_chc/input.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+contract C {
+    function f(uint8 x) public {
+        assert(x >= 0);
+        assert(x < 1000);
+    }
+}

test/cmdlineTests/model_checker_timeout_all/err

@@ -1,3 +1,5 @@
 Warning: CHC: 1 verification condition(s) could not be proved. Enable the model checker option "show unproved" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.
 
+Info: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
+
 Warning: BMC: 1 verification condition(s) could not be proved. Enable the model checker option "show unproved" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.

test/cmdlineTests/model_checker_timeout_bmc/err

@@ -1 +1,3 @@
 Warning: BMC: 1 verification condition(s) could not be proved. Enable the model checker option "show unproved" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.
+
+Info: BMC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/model_checker_timeout_chc/err

@@ -1 +1,3 @@
 Warning: CHC: 1 verification condition(s) could not be proved. Enable the model checker option "show unproved" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.
+
+Info: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/cmdlineTests/standard_model_checker_divModSlacks_default_all/output.json

@@ -1,4 +1,17 @@
 {
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
     "sources":
     {
         "A":

test/cmdlineTests/standard_model_checker_divModSlacks_default_bmc/output.json

@@ -1,4 +1,17 @@
 {
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
     "sources":
     {
         "A":

test/cmdlineTests/standard_model_checker_divModSlacks_default_chc/output.json

@@ -1,4 +1,17 @@
 {
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
     "sources":
     {
         "A":

test/cmdlineTests/standard_model_checker_divModSlacks_false_all/output.json

@@ -50,6 +50,16 @@
             "message": "CHC: 2 verification condition(s) could not be proved. Enable the model checker option \"show unproved\" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.",
             "severity": "warning",
             "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
         }
     ],
     "sources":

test/cmdlineTests/standard_model_checker_divModSlacks_false_bmc/output.json

@@ -1,4 +1,17 @@
 {
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
     "sources":
     {
         "A":

test/cmdlineTests/standard_model_checker_ext_calls_trusted_chc/output.json

@@ -20,6 +20,16 @@
                 "start": 85
             },
             "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
         }
     ],
     "sources":

test/cmdlineTests/standard_model_checker_invariants_contract/output.json

@@ -1,6 +1,16 @@
 {
     "errors":
     [
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        },
         {
             "component": "general",
             "errorCode": "1180",

test/cmdlineTests/standard_model_checker_invariants_reentrancy/output.json

@@ -21,6 +21,16 @@
             },
             "type": "Warning"
         },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 1 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        },
         {
             "component": "general",
             "errorCode": "1180",

test/cmdlineTests/standard_model_checker_show_proved_safe_default_all_engines/input.json

@@ -0,0 +1,22 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "all"
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_default_all_engines/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_default_bmc/input.json

@@ -0,0 +1,22 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "bmc"
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_default_bmc/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_default_chc/input.json

@@ -0,0 +1,22 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "chc"
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_default_chc/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_all_engines/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "all",
+			"showProvedSafe": false
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_all_engines/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_bmc/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "bmc",
+			"showProvedSafe": false
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_bmc/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_chc/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "chc",
+			"showProvedSafe": false
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_false_chc/output.json

@@ -0,0 +1,42 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 2 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_all_engines/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "all",
+			"showProvedSafe": true
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_all_engines/output.json

@@ -0,0 +1,72 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "9576",
+            "formattedMessage": "Info: CHC: Assertion violation check is safe!
+ --> A:6:7:
+  |
+6 | \t\t\t\t\t\tassert(x >= 0);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^
+
+",
+            "message": "CHC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 130,
+                "file": "A",
+                "start": 116
+            },
+            "type": "Info"
+        },
+        {
+            "component": "general",
+            "errorCode": "9576",
+            "formattedMessage": "Info: CHC: Assertion violation check is safe!
+ --> A:7:7:
+  |
+7 | \t\t\t\t\t\tassert(x < 1000);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^^^
+
+",
+            "message": "CHC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 154,
+                "file": "A",
+                "start": 138
+            },
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_bmc/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "bmc",
+			"showProvedSafe": true
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_bmc/output.json

@@ -0,0 +1,72 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "2961",
+            "formattedMessage": "Info: BMC: Assertion violation check is safe!
+ --> A:6:7:
+  |
+6 | \t\t\t\t\t\tassert(x >= 0);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^
+
+",
+            "message": "BMC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 130,
+                "file": "A",
+                "start": 116
+            },
+            "type": "Info"
+        },
+        {
+            "component": "general",
+            "errorCode": "2961",
+            "formattedMessage": "Info: BMC: Assertion violation check is safe!
+ --> A:7:7:
+  |
+7 | \t\t\t\t\t\tassert(x < 1000);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^^^
+
+",
+            "message": "BMC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 154,
+                "file": "A",
+                "start": 138
+            },
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_chc/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "chc",
+			"showProvedSafe": true
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_true_chc/output.json

@@ -0,0 +1,72 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "errorCode": "2018",
+            "formattedMessage": "Warning: Function state mutability can be restricted to pure
+ --> A:5:6:
+  |
+5 | \t\t\t\t\tfunction f(uint8 x) public {
+  | \t\t\t\t\t^ (Relevant source part starts here and spans across multiple lines).
+
+",
+            "message": "Function state mutability can be restricted to pure",
+            "severity": "warning",
+            "sourceLocation":
+            {
+                "end": 162,
+                "file": "A",
+                "start": 81
+            },
+            "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "9576",
+            "formattedMessage": "Info: CHC: Assertion violation check is safe!
+ --> A:6:7:
+  |
+6 | \t\t\t\t\t\tassert(x >= 0);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^
+
+",
+            "message": "CHC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 130,
+                "file": "A",
+                "start": 116
+            },
+            "type": "Info"
+        },
+        {
+            "component": "general",
+            "errorCode": "9576",
+            "formattedMessage": "Info: CHC: Assertion violation check is safe!
+ --> A:7:7:
+  |
+7 | \t\t\t\t\t\tassert(x < 1000);
+  | \t\t\t\t\t\t^^^^^^^^^^^^^^^^
+
+",
+            "message": "CHC: Assertion violation check is safe!",
+            "severity": "info",
+            "sourceLocation":
+            {
+                "end": 154,
+                "file": "A",
+                "start": 138
+            },
+            "type": "Info"
+        }
+    ],
+    "sources":
+    {
+        "A":
+        {
+            "id": 0
+        }
+    }
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_wrong/input.json

@@ -0,0 +1,23 @@
+{
+	"language": "Solidity",
+	"sources":
+	{
+		"A":
+		{
+			"content": "// SPDX-License-Identifier: GPL-3.0\npragma solidity >=0.0;\n\ncontract test {
+					function f(uint8 x) public {
+						assert(x >= 0);
+						assert(x < 1000);
+					}
+				}"
+		}
+	},
+	"settings":
+	{
+		"modelChecker":
+		{
+			"engine": "all",
+			"showProvedSafe": "aaa"
+		}
+	}
+}

test/cmdlineTests/standard_model_checker_show_proved_safe_wrong/output.json

@@ -0,0 +1,12 @@
+{
+    "errors":
+    [
+        {
+            "component": "general",
+            "formattedMessage": "settings.modelChecker.showProvedSafe must be a Boolean value.",
+            "message": "settings.modelChecker.showProvedSafe must be a Boolean value.",
+            "severity": "error",
+            "type": "JSONError"
+        }
+    ]
+}

test/cmdlineTests/standard_model_checker_timeout_all/output.json

@@ -11,6 +11,16 @@
             "severity": "warning",
             "type": "Warning"
         },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
+        },
         {
             "component": "general",
             "errorCode": "2788",

test/cmdlineTests/standard_model_checker_timeout_bmc/output.json

@@ -10,6 +10,16 @@
             "message": "BMC: 1 verification condition(s) could not be proved. Enable the model checker option \"show unproved\" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.",
             "severity": "warning",
             "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "6002",
+            "formattedMessage": "Info: BMC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "BMC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
         }
     ],
     "sources":

test/cmdlineTests/standard_model_checker_timeout_chc/output.json

@@ -10,6 +10,16 @@
             "message": "CHC: 1 verification condition(s) could not be proved. Enable the model checker option \"show unproved\" to see all of them. Consider choosing a specific contract to be verified in order to reduce the solving problems. Consider increasing the timeout per query.",
             "severity": "warning",
             "type": "Warning"
+        },
+        {
+            "component": "general",
+            "errorCode": "1391",
+            "formattedMessage": "Info: CHC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.
+
+",
+            "message": "CHC: 4 verification condition(s) proved safe! Enable the model checker option \"show proved safe\" to see all of them.",
+            "severity": "info",
+            "type": "Info"
         }
     ],
     "sources":

test/libsolidity/smtCheckerTests/abi/abi_decode_array.sol

@@ -42,3 +42,4 @@ contract C {
 // Warning 6328: (1009-1037): CHC: Assertion violation happens here.
 // Warning 6328: (1056-1084): CHC: Assertion violation happens here.
 // Warning 6328: (1103-1131): CHC: Assertion violation happens here.
+// Info 1391: CHC: 6 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_decode_simple.sol

@@ -28,3 +28,4 @@ contract C {
 // Warning 6328: (425-434): CHC: Assertion violation happens here.
 // Warning 6328: (505-519): CHC: Assertion violation happens here.
 // Warning 6328: (538-552): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_call_simple_1.sol

@@ -20,3 +20,4 @@ contract C {
 // Warning 6368: (354-359): CHC: Out of bounds access happens here.
 // Warning 6368: (363-368): CHC: Out of bounds access happens here.
 // Warning 6328: (451-481): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_call_simple_2.sol

@@ -19,3 +19,4 @@ contract C {
 // Warning 6368: (329-334): CHC: Out of bounds access happens here.
 // Warning 6368: (338-343): CHC: Out of bounds access happens here.
 // Warning 6328: (426-456): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_call_simple_3.sol

@@ -19,3 +19,4 @@ contract C {
 // Warning 6368: (323-328): CHC: Out of bounds access happens here.
 // Warning 6368: (332-337): CHC: Out of bounds access happens here.
 // Warning 6328: (417-447): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_call_simple_4.sol

@@ -23,3 +23,4 @@ contract C {
 // Warning 6368: (377-382): CHC: Out of bounds access happens here.
 // Warning 6368: (386-391): CHC: Out of bounds access happens here.
 // Warning 6328: (462-492): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_call_simple_5.sol

@@ -23,3 +23,4 @@ contract C {
 // Warning 6368: (382-387): CHC: Out of bounds access happens here.
 // Warning 6368: (391-396): CHC: Out of bounds access happens here.
 // Warning 6328: (467-497): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_hash.sol

@@ -9,3 +9,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_no_arguments.sol

@@ -20,3 +20,4 @@ contract C {
 // Warning 6328: (231-253): CHC: Assertion violation happens here.
 // Warning 6328: (307-330): CHC: Assertion violation happens here.
 // Warning 6328: (423-446): CHC: Assertion violation happens here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_packed_hash.sol

@@ -13,4 +13,5 @@ contract C {
 // SMTEngine: all
 // SMTIgnoreOS: macos
 // ----
-// Warning 6328: (281-319): CHC: Assertion violation happens here.\nCounterexample:\n\na = 0\nb = 0\n\nTransaction trace:\nC.constructor()\nC.abiencodePackedHash(0, 0)
+// Warning 6328: (281-319): CHC: Assertion violation happens here.
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_packed_simple.sol

@@ -23,7 +23,8 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
-// Warning 6328: (322-352): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb4 = []\nb5 = []\n\nTransaction trace:\nC.constructor()\nC.abiencodePackedSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (322-352): CHC: Assertion violation happens here.
-// Warning 6328: (419-449): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb5 = []\n\nTransaction trace:\nC.constructor()\nC.abiencodePackedSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (419-449): CHC: Assertion violation happens here.
-// Warning 6328: (528-558): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\n\nTransaction trace:\nC.constructor()\nC.abiencodePackedSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (528-558): CHC: Assertion violation happens here.
-// Warning 6328: (577-607): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\n\nTransaction trace:\nC.constructor()\nC.abiencodePackedSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (577-607): CHC: Assertion violation happens here.
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_simple.sol

@@ -21,6 +21,7 @@ contract C {
 // SMTEngine: all
 // SMTIgnoreOS: macos
 // ----
-// Warning 6328: (298-328): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb4 = []\nb5 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (298-328): CHC: Assertion violation happens here.
-// Warning 6328: (389-419): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb5 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (389-419): CHC: Assertion violation happens here.
-// Warning 6328: (492-522): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb1 = []\nb2 = []\nb5 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(false, 0, 0, 0, a, b)
+// Warning 6328: (492-522): CHC: Assertion violation happens here.
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_selector_array_slice.sol

@@ -29,4 +29,5 @@ contract C {
 // Warning 6328: (325-355): CHC: Assertion violation happens here.
 // Warning 6328: (578-608): CHC: Assertion violation happens here.
 // Warning 6328: (1079-1109): CHC: Assertion violation might happen here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
 // Warning 4661: (1079-1109): BMC: Assertion violation happens here.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_selector_array_slice_2.sol

@@ -29,4 +29,5 @@ contract C {
 // Warning 6328: (326-356): CHC: Assertion violation happens here.
 // Warning 6328: (579-609): CHC: Assertion violation happens here.
 // Warning 6328: (1080-1110): CHC: Assertion violation might happen here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
 // Warning 4661: (1080-1110): BMC: Assertion violation happens here.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_selector_string_literal_2.sol

@@ -9,3 +9,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_sig_array_slice.sol

@@ -29,4 +29,5 @@ contract C {
 // Warning 6328: (334-364): CHC: Assertion violation happens here.
 // Warning 6328: (588-618): CHC: Assertion violation happens here.
 // Warning 6328: (1086-1116): CHC: Assertion violation might happen here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
 // Warning 4661: (1086-1116): BMC: Assertion violation happens here.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_sig_array_slice_2.sol

@@ -29,4 +29,5 @@ contract C {
 // Warning 6328: (335-365): CHC: Assertion violation happens here.
 // Warning 6328: (589-619): CHC: Assertion violation happens here.
 // Warning 6328: (1087-1117): CHC: Assertion violation might happen here.
+// Info 1391: CHC: 2 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.
 // Warning 4661: (1087-1117): BMC: Assertion violation happens here.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_sig_hash.sol

@@ -14,5 +14,6 @@ contract C {
 // SMTEngine: all
 // SMTIgnoreOS: macos
 // ----
-// Warning 6328: (337-375): CHC: Assertion violation happens here.\nCounterexample:\n\na = 0\nb = 0\nb1 = [0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d]\nb2 = [0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d, 0x1d]\n\nTransaction trace:\nC.constructor()\nC.abiEncodeHash(sig, 0, 0)
+// Warning 6328: (337-375): CHC: Assertion violation happens here.
-// Warning 6328: (394-432): CHC: Assertion violation happens here.\nCounterexample:\n\na = 0\nb = 0\n\nTransaction trace:\nC.constructor()\nC.abiEncodeHash(sig, 0, 0)
+// Warning 6328: (394-432): CHC: Assertion violation happens here.
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/abi/abi_encode_with_sig_simple.sol

@@ -25,7 +25,8 @@ contract C {
 // SMTIgnoreOS: macos
 // ----
 // Warning 5667: (107-122): Unused function parameter. Remove or comment out the variable name to silence this warning.
-// Warning 6328: (543-573): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb5 = []\nb6 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(sig, false, 0, 0, 0, a, b)
+// Warning 6328: (543-573): CHC: Assertion violation happens here.
-// Warning 6328: (664-694): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb6 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(sig, false, 0, 0, 0, a, b)
+// Warning 6328: (664-694): CHC: Assertion violation happens here.
-// Warning 6328: (713-743): CHC: Assertion violation happens here.\nCounterexample:\n\nt = false\nx = 0\ny = 0\nz = 0\nb6 = []\n\nTransaction trace:\nC.constructor()\nC.abiEncodeSimple(sig, false, 0, 0, 0, a, b)
+// Warning 6328: (713-743): CHC: Assertion violation happens here.
 // Warning 6328: (824-854): CHC: Assertion violation happens here.
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/array_pop_length_7.sol

@@ -8,3 +8,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
+// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/array_pop_length_8.sol

@@ -13,4 +13,5 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
-// Warning 2529: (49-56): CHC: Empty array "pop" happens here.\nCounterexample:\na = []\n\nTransaction trace:\nC.constructor()\nState: a = []\nC.f()
+// Warning 2529: (49-56): CHC: Empty array "pop" happens here.
+// Info 1391: CHC: 3 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/array_push_string_literal.sol

@@ -15,5 +15,6 @@ contract C {
 // SMTEngine: all
 // SMTIgnoreOS: macos
 // ----
-// Warning 6328: (139-161): CHC: Assertion violation happens here.\nCounterexample:\ndata = [0x62]\n\nTransaction trace:\nC.constructor()\nState: data = []\nC.g()
+// Warning 6328: (139-161): CHC: Assertion violation happens here.
-// Warning 6328: (263-290): CHC: Assertion violation happens here.\nCounterexample:\ndata = [0x01]\n\nTransaction trace:\nC.constructor()\nState: data = []\nC.g()
+// Warning 6328: (263-290): CHC: Assertion violation happens here.
+// Info 1391: CHC: 6 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/length_1d_assignment_2d_memory_to_memory.sol

@@ -11,3 +11,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
+// Info 1391: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/length_1d_assignment_2d_storage_to_storage.sol

@@ -18,4 +18,4 @@ contract C {
 // SMTEngine: all
 // SMTIgnoreOS: macos
 // ----
-// Info 1180: Contract invariant(s) for :C:\n!(arr.length <= 0)\n!(arr2.length <= 0)\n(((arr.length + ((- 1) * arr2.length)) <= 0) && ((arr2.length + ((- 1) * arr.length)) <= 0))\n(((arr2[0].length + ((- 1) * arr[0].length)) >= 0) && ((arr2[0].length + ((- 1) * arr[0].length)) <= 0))\n
+// Info 1391: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/length_1d_copy_2d_memory_to_storage.sol

@@ -12,3 +12,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
+// Info 1391: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/array_members/length_1d_copy_2d_storage_to_memory.sol

@@ -17,4 +17,4 @@ contract C {
 // ====
 // SMTEngine: all
 // ----
-// Info 1180: Contract invariant(s) for :C:\n!(arr.length <= 1)\n
+// Info 1391: CHC: 4 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.