symbolic execution: assumptions just alter the path condition

Author: tautschnig

src/cbmc/bmc.cpp

@@ -353,22 +353,6 @@ void bmct::show_program()
 
       count++;
     }
-    else if(step.is_assume())
-    {
-      std::string string_value;
-      languages.from_expr(step.cond_expr, string_value);
-      std::cout << "(" << count << ") ASSUME("
-                << string_value <<") " << "\n";
-
-      if(!step.guard.is_true())
-      {
-        languages.from_expr(step.guard, string_value);
-        std::cout << std::string(std::to_string(count).size()+3, ' ');
-        std::cout << "guard: " << string_value << "\n";
-      }
-
-      count++;
-    }
     else if(step.is_constraint())
     {
       std::string string_value;

src/cbmc/bmc_cover.cpp

@@ -192,19 +192,6 @@ void bmc_covert::satisfying_assignment()
   build_goto_trace(bmc.equation, bmc.equation.SSA_steps.end(),
                    solver, bmc.ns, test.goto_trace);
 
-  goto_tracet &goto_trace=test.goto_trace;
-
-  // Now delete anything after first failed assumption
-  for(goto_tracet::stepst::iterator
-      s_it1=goto_trace.steps.begin();
-      s_it1!=goto_trace.steps.end();
-      s_it1++)
-    if(s_it1->is_assume() && !s_it1->cond_value)
-    {
-      goto_trace.steps.erase(++s_it1, goto_trace.steps.end());
-      break;
-    }
-
   #if 0
   show_goto_trace(std::cout, bmc.ns, test.goto_trace);
   #endif

src/cbmc/show_vcc.cpp

@@ -62,7 +62,7 @@ void bmct::show_vcc_plain(std::ostream &out)
       last_it=has_threads?equation.SSA_steps.end():s_it;
 
     for(unsigned count=1; p_it!=last_it; p_it++)
-      if(p_it->is_assume() || p_it->is_assignment() || p_it->is_constraint())
+      if(p_it->is_assignment() || p_it->is_constraint())
       {
         if(!p_it->ignore)
         {
@@ -141,8 +141,7 @@ void bmct::show_vcc_json(std::ostream &out)
           =equation.SSA_steps.begin();
         p_it!=last_it; p_it++)
     {
-      if((p_it->is_assume() ||
-         p_it->is_assignment() ||
+      if((p_it->is_assignment() ||
          p_it->is_constraint()) &&
          !p_it->ignore)
       {

src/goto-programs/goto_trace.cpp

@@ -60,7 +60,6 @@ void goto_trace_stept::output(
   switch(type)
   {
   case goto_trace_stept::ASSERT: out << "ASSERT"; break;
-  case goto_trace_stept::ASSUME: out << "ASSUME"; break;
   case goto_trace_stept::LOCATION: out << "LOCATION"; break;
   case goto_trace_stept::ASSIGNMENT: out << "ASSIGNMENT"; break;
   case goto_trace_stept::GOTO: out << "GOTO"; break;
@@ -73,10 +72,14 @@ void goto_trace_stept::output(
   case goto_trace_stept::SHARED_WRITE: out << "SHARED WRITE"; break;
   case goto_trace_stept::FUNCTION_CALL: out << "FUNCTION CALL"; break;
   case goto_trace_stept::FUNCTION_RETURN: out << "FUNCTION RETURN"; break;
-  default: assert(false);
+  case goto_trace_stept::DEAD: assert(false);
+  case goto_trace_stept::CONSTRAINT: assert(false);
+  case goto_trace_stept::MEMORY_BARRIER: assert(false);
+  case goto_trace_stept::SPAWN: assert(false);
+  case goto_trace_stept::NONE: assert(false);
   }
 
-  if(type==ASSERT || type==ASSUME || type==GOTO)
+  if(type==ASSERT || type==GOTO)
     out << " (" << cond_value << ")";
 
   if(hidden)
@@ -348,21 +351,6 @@ void show_goto_trace(
       }
       break;
 
-    case goto_trace_stept::ASSUME:
-      if(!step.cond_value)
-      {
-        out << "\n";
-        out << "Violated assumption:" << "\n";
-        if(!step.pc->source_location.is_nil())
-          out << "  " << step.pc->source_location << "\n";
-
-        if(step.pc->is_assume())
-          out << "  " << from_expr(ns, "", step.pc->guard) << "\n";
-
-        out << "\n";
-      }
-      break;
-
     case goto_trace_stept::LOCATION:
       break;
 

src/goto-programs/goto_trace.h

@@ -34,7 +34,6 @@ class goto_trace_stept
   unsigned step_nr;
 
   bool is_assignment() const      { return type==ASSIGNMENT; }
-  bool is_assume() const          { return type==ASSUME; }
   bool is_assert() const          { return type==ASSERT; }
   bool is_goto() const            { return type==GOTO; }
   bool is_constraint() const      { return type==CONSTRAINT; }
@@ -52,7 +51,7 @@ class goto_trace_stept
   bool is_atomic_begin() const    { return type==ATOMIC_BEGIN; }
   bool is_atomic_end() const      { return type==ATOMIC_END; }
 
-  typedef enum { NONE, ASSIGNMENT, ASSUME, ASSERT, GOTO,
+  typedef enum { NONE, ASSIGNMENT, ASSERT, GOTO,
                  LOCATION, INPUT, OUTPUT, DECL, DEAD,
                  FUNCTION_CALL, FUNCTION_RETURN,
                  CONSTRAINT,
@@ -72,7 +71,7 @@ class goto_trace_stept
   // this transition done by given thread number
   unsigned thread_nr;
 
-  // for assume, assert, goto
+  // for assert, goto
   bool cond_value;
   exprt cond_expr;
 

src/goto-programs/graphml_witness.cpp

@@ -378,7 +378,6 @@ void graphml_witnesst::operator()(const goto_tracet &goto_trace)
     case goto_trace_stept::FUNCTION_CALL:
     case goto_trace_stept::FUNCTION_RETURN:
     case goto_trace_stept::LOCATION:
-    case goto_trace_stept::ASSUME:
     case goto_trace_stept::INPUT:
     case goto_trace_stept::OUTPUT:
     case goto_trace_stept::SHARED_READ:
@@ -550,7 +549,6 @@ void graphml_witnesst::operator()(const symex_target_equationt &equation)
     case goto_trace_stept::FUNCTION_CALL:
     case goto_trace_stept::FUNCTION_RETURN:
     case goto_trace_stept::LOCATION:
-    case goto_trace_stept::ASSUME:
     case goto_trace_stept::INPUT:
     case goto_trace_stept::OUTPUT:
     case goto_trace_stept::SHARED_READ:

src/goto-symex/build_goto_trace.cpp

@@ -279,7 +279,6 @@ void build_goto_trace(
     }
 
     if(SSA_step.is_assert() ||
-       SSA_step.is_assume() ||
        SSA_step.is_goto())
     {
       goto_trace_step.cond_expr=SSA_step.cond_expr;

src/goto-symex/slice.cpp

@@ -117,10 +117,6 @@ void symex_slicet::slice(symex_target_equationt::SSA_stept &SSA_step)
     get_symbols(SSA_step.cond_expr);
     break;
 
-  case goto_trace_stept::ASSUME:
-    get_symbols(SSA_step.cond_expr);
-    break;
-
   case goto_trace_stept::GOTO:
     get_symbols(SSA_step.cond_expr);
     break;
@@ -252,10 +248,6 @@ void symex_slicet::collect_open_variables(
       get_symbols(SSA_step.cond_expr);
       break;
 
-    case goto_trace_stept::ASSUME:
-      get_symbols(SSA_step.cond_expr);
-      break;
-
     case goto_trace_stept::LOCATION:
       // ignore
       break;

src/goto-symex/slice_by_trace.cpp

@@ -119,7 +119,7 @@ void symex_slice_by_tracet::slice_by_trace(
   SSA_step.guard=t_guard.as_expr();
   SSA_step.ssa_lhs.make_nil();
   SSA_step.cond_expr.swap(trace_condition);
-  SSA_step.type=goto_trace_stept::ASSUME;
+  SSA_step.type=goto_trace_stept::CONSTRAINT;
   SSA_step.source=empty_source;
 
   assign_merges(equation); // Now add the merge variable assignments to eqn

src/goto-symex/symex_goto.cpp

@@ -223,16 +223,14 @@ void goto_symext::symex_step_goto(statet &state, bool taken)
   const goto_programt::instructiont &instruction=*state.source.pc;
 
   exprt guard(instruction.guard);
-  dereference(guard, state, false);
+  clean_expr(guard, state, false);
   state.rename(guard, ns);
 
   if(!taken)
     guard.make_not();
 
-  state.guard.guard_expr(guard);
   do_simplify(guard);
-
-  target.assumption(state.guard.as_expr(), guard, state.source);
+  state.guard.add(guard);
 }
 
 /*******************************************************************\

src/goto-symex/symex_main.cpp

@@ -68,10 +68,13 @@ void goto_symext::vcc(
   if(expr.is_true())
     return;
 
-  state.guard.guard_expr(expr);
+  exprt gexpr=expr;
+  state.guard.guard_expr(gexpr);
 
   remaining_vccs++;
-  target.assertion(state.guard.as_expr(), expr, msg, state.source);
+  target.assertion(state.guard.as_expr(), gexpr, msg, state.source);
+
+  state.guard.add(expr);
 }
 
 /*******************************************************************\
@@ -95,20 +98,7 @@ void goto_symext::symex_assume(statet &state, const exprt &cond)
   if(simplified_cond.is_true())
     return;
 
-  if(state.threads.size()==1)
-  {
-    exprt tmp=simplified_cond;
-    state.guard.guard_expr(tmp);
-    target.assumption(state.guard.as_expr(), tmp, state.source);
-  }
-  // symex_target_equationt::convert_assertions would fail to
-  // consider assumptions of threads that have a thread-id above that
-  // of the thread containing the assertion:
-  // T0                     T1
-  // x=0;                   assume(x==1);
-  // assert(x!=42);         x=42;
-  else
-    state.guard.add(simplified_cond);
+  state.guard.add(simplified_cond);
 
   if(state.atomic_section_id!=0 &&
      state.guard.is_false())

src/goto-symex/symex_target.h

@@ -132,12 +132,6 @@ class symex_targett
     const irep_idt &input_id,
     const std::list<exprt> &args)=0;
 
-  // record an assumption
-  virtual void assumption(
-    const exprt &guard,
-    const exprt &cond,
-    const sourcet &source)=0;
-
   // record an assertion
   virtual void assertion(
     const exprt &guard,