Skip to content

Unexpected Clauses for SSA Expression #6333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
luke-croak opened this issue Sep 6, 2021 · 0 comments · Fixed by #7309
Closed

Unexpected Clauses for SSA Expression #6333

luke-croak opened this issue Sep 6, 2021 · 0 comments · Fixed by #7309
Labels
pending merge

Comments

@luke-croak
Copy link

CBMC version: 5.28.0
Operating system: Ubuntu 20.04.3 LTS
Exact command line resulting in the issue: cbmc --slice-formula --write-solver-stats-to out.json code.c

What behaviour did you expect: I expected the formula to be sliced which I thought would remove unnecessary components from the CNF and not introduce new components to the CNF in comparison to running it without --slice-formula; i.e., cbmc --write-solver-stats-to out.json code.c.

What happened instead: It introduced clauses that corresponded to an SSA expressions of the form "true" which seemed to be used to refer to a GOTO statement. This was unexpected because:

  1. It seemed to introduce clauses which didn't exist previously to capture the "true" SSA expression, and
  2. The SSA expression "true" didn't make much sense to me as I thought the formula was formed by converting the expressions found in cbmc --show-vcc --slice-formula code.c into a SAT form, none of which have the expression "true", and
  3. It also doesn't make much sense to me to have an SSA expression "true" for a GOTO statement. I wasn't aware of such a conversion.

With the --slice-formula option the output json file contains the following:

    {
        "GOTO": "GOTO 4",
        "GOTO_ID": 17088,
        "SAT_hardness": {
            "ClauseSet": [
                1,
                2,
                3
            ],
            "Clauses": 3,
            "Literals": 7,
            "Variables": 3
        },
        "SSA_expr": "true",
        "Source": {
            "file": "code.c",
            "function": "compare_arrays",
            "line": "225",
            "workingDirectory": (REMOVED)
        }
    }

The above SSA expression did not have any clauses associated with it when the program was run without --slice-formula.

Attached is the program from which this unexpected behaviour was generated.

code.zip
@tautschnig tautschnig self-assigned this Nov 5, 2022
tautschnig added a commit to tautschnig/cbmc that referenced this issue Nov 8, 2022
@tautschnig
Solver stats reporting: fix expression mapping for guards
557624c 
When converting guards we convert `SSA_stept::guard`, and not
`SSA_stept::cond_expr`. This needs to be accounted for in solver stats
reporting as we would otherwise misleadingly report that expressions
like "true" yield a non-empty set of clauses.

Fixes: diffblue#6333
@tautschnig tautschnig mentioned this issue Nov 8, 2022
Merged
3 tasks
@tautschnig tautschnig removed their assignment Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Solver stats reporting: fix expression mapping for guards tautschnig/cbmc
2 participants
@tautschnig @luke-croak