Reachability slice requires function bodies

tautschnig · tautschnig · commit b2d7f31421e1 · 2021-12-04T21:14:27.000Z
Reachability slicing relies on the CFG. The CFG, however, will not contain edges from a function call to the next instruction when no body is available for the function call. Therefore, reachability slicing requires two steps: - The model library needs to be applied. CBMC already did so, goto-instrument now does with this commit. - Remaining function calls without body need to be replaced by nondet-return-value assignments. Fixes: #6394
diff --git a/regression/goto-instrument/reachability-slice/main.c b/regression/goto-instrument/reachability-slice/main.c
@@ -0,0 +1,21 @@
+#include <stdlib.h>
+
+void undefined_function();
+
+void a()
+{
+  undefined_function();
+}
+
+void b()
+{
+  int should_be_sliced_away;
+}
+
+int main()
+{
+  int *p = malloc(sizeof(int));
+  a();
+  __CPROVER_assert(0, "reach me");
+  b();
+}
diff --git a/regression/goto-instrument/reachability-slice/test.desc b/regression/goto-instrument/reachability-slice/test.desc
@@ -0,0 +1,8 @@
+CORE
+main.c
+--reachability-slice
+^VERIFICATION FAILED$
+^EXIT=10$
+^SIGNAL=0$
+--
+should_be_sliced_away
diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp
@@ -1067,8 +1067,11 @@ void goto_instrument_parse_optionst::instrument_goto_program()
 
   // we add the library in some cases, as some analyses benefit
 
-  if(cmdline.isset("add-library") ||
-     cmdline.isset("mm"))
+  if(
+    cmdline.isset("add-library") || cmdline.isset("mm") ||
+    cmdline.isset("reachability-slice") ||
+    cmdline.isset("reachability-slice-fb") ||
+    cmdline.isset("fp-reachability-slice"))
   {
     if(cmdline.isset("show-custom-bitvector-analysis") ||
        cmdline.isset("custom-bitvector-analysis"))
diff --git a/src/goto-instrument/reachability_slicer.cpp b/src/goto-instrument/reachability_slicer.cpp
@@ -32,6 +32,13 @@ void reachability_slicert::operator()(
   const slicing_criteriont &criterion,
   bool include_forward_reachability)
 {
+  // Replace function calls without body by non-deterministic return values to
+  // ensure the CFG does not consider instructions after such a call to be
+  // unreachable.
+  remove_calls_no_bodyt remove_calls_no_body;
+  remove_calls_no_body(goto_functions);
+  goto_functions.update();
+
   cfg(goto_functions);
   for(const auto &gf_entry : goto_functions.function_map)
   {

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,13 @@ void reachability_slicert::operator()(`
`32`	`32`	`const slicing_criteriont &criterion,`
`33`	`33`	`bool include_forward_reachability)`
`34`	`34`	`{`
	`35`	`+ // Replace function calls without body by non-deterministic return values to`
	`36`	`+ // ensure the CFG does not consider instructions after such a call to be`
	`37`	`+ // unreachable.`
	`38`	`+ remove_calls_no_bodyt remove_calls_no_body;`
	`39`	`+ remove_calls_no_body(goto_functions);`
	`40`	`+ goto_functions.update();`
	`41`	`+`
`35`	`42`	`cfg(goto_functions);`
`36`	`43`	`for(const auto &gf_entry : goto_functions.function_map)`
`37`	`44`	`{`