|
| 1 | +# CBMC Feature Ideas |
| 2 | + |
| 3 | +The following are features that would be good to add to CBMC. They are |
| 4 | +listed here to gather information on them and also as a starting point |
| 5 | +for contributors who are interested in undertaking a more comprehensive |
| 6 | +project. |
| 7 | + |
| 8 | +## Refinement-Based Slicing |
| 9 | + |
| 10 | +**Task**: Implement refinement-based slicing to improve the slicing |
| 11 | +of CBMC. |
| 12 | + |
| 13 | +**Background**: |
| 14 | +Some patches have been considered for this, but there is not yet |
| 15 | +evidence of performance improvement. See |
| 16 | +https://github.com/diffblue/cbmc/issues/28 |
| 17 | + |
| 18 | +## Refinement-based reduction of partial order constraints |
| 19 | + |
| 20 | +**Task**: Implement refinement-based reduction of partial order |
| 21 | +constraints. |
| 22 | + |
| 23 | +**Background**: |
| 24 | +Some patches have been considered for this, but there needs to also be |
| 25 | +work on the performance. See |
| 26 | +https://github.com/diffblue/cbmc/issues/29 |
| 27 | + |
| 28 | + |
| 29 | +## Advanced goto-diff |
| 30 | + |
| 31 | +**Task**: Improve the goto-diff utility to have both syntactic and |
| 32 | +semantic diff options for goto programs. |
| 33 | + |
| 34 | +**Background**: The current `goto-diff` program performs only syntatic |
| 35 | +diff of goto programs. Extensions to also consider semantic differences |
| 36 | +would be desirable. It would be nice to include: |
| 37 | +* deltacheck's change impact analysis |
| 38 | +* cemc equivalence checker |
| 39 | + |
| 40 | +See also https://github.com/diffblue/cbmc/issues/40 |
| 41 | + |
| 42 | +## Function Summaries |
| 43 | + |
| 44 | +**Task**: Create function summaries that simplify analysis. The main |
| 45 | +goals of the function summaries are: |
| 46 | +* context insensitivity (there is one summary applicable in any |
| 47 | +context the function is called from) |
| 48 | +* transitive closure (effects of all callees are captured in summaries |
| 49 | +of the root caller function) |
| 50 | +* generalised interface (suitable for many different concrete |
| 51 | +summary-computing algorithms) |
| 52 | +* language independent (should work for Java, C, C++, ...) |
| 53 | + |
| 54 | +This also has links to other projects (albeit some may be out of date |
| 55 | +at this stage): |
| 56 | +* test_gen (our summaries should fit to needs of this tests generation |
| 57 | +task) |
| 58 | +* 2ls (their summaries should also be expressible in our summaries) |
| 59 | +* path-symex (summaries must also be usable for path-based symbolic |
| 60 | +execution) |
| 61 | + |
| 62 | +There are also complexities related to over/under-approximation |
| 63 | +for the function summaries. For more details see |
| 64 | +https://github.com/diffblue/cbmc/issues/218 |
| 65 | + |
| 66 | + |
| 67 | +## --cover array |
| 68 | + |
| 69 | +**Task**: Extend the `--cover` option to add coverage goals for each |
| 70 | +possible entry of fixed size arrays. For more details see |
| 71 | +https://github.com/diffblue/cbmc/issues/265 |
| 72 | + |
0 commit comments