Skip to content

CBMC should have a assert-false-undefined-functions option #6404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
danielsn opened this issue Oct 20, 2021 · 5 comments
Closed

CBMC should have a assert-false-undefined-functions option #6404

danielsn opened this issue Oct 20, 2021 · 5 comments
Assignees
@thomasspriggs
Labels
aws Bugs or features of importance to AWS CBMC users aws-medium wontfix

Comments

@danielsn
Copy link
Contributor

Currently, CBMC by default has a nondet return value for undefined functions, which is unsound if they have side-effects.
goto-instrument offers more fine grained control, but is difficult to use correctly, and requires customers to use a goto-instrument flow #6393
CBMC offers --havoc-undefined-functions which is better, but still not ideal. It does not support any of the other options goto-instrument has for undefined functions.

Proposal: CBMC should allow users to control what happens with undefined functions.
Minimal solution: support assert(false).

--havoc-undefined-functions
                              for any function that has no body, assign non-deterministic values to
                              any parameters passed as non-const pointers and the return value
@danielsn danielsn added aws Bugs or features of importance to AWS CBMC users aws-medium labels Oct 20, 2021
@thomasspriggs thomasspriggs self-assigned this Dec 1, 2021
@thomasspriggs
Copy link
Contributor

I think it would be useful to make goto-instrument's --generate-function-body argument available as an argument to CBMC. That way it will be more straight forward to make sure this pass is carried out after linking is complete. I can take a look at implementing this, assuming no one else has any objections.

@kroening
Copy link
Member

kroening commented Dec 3, 2021

I object strongly. Every option that goto-instrument has is useful to somebody. We want to reduce the number of CBMC options, not increase them.

@thomasspriggs
Copy link
Contributor

I object strongly. Every option that goto-instrument has is useful to somebody. We want to reduce the number of CBMC options, not increase them.

In which case I am happy with the idea of closing out this ticket as "won't do". Is this intended architectural direction documented anywhere? It seems like the sort of thing which would be nice to have in - doc/ADR/README.md

As an aside - Do we expect more or less all users eventually to be using goto-instrument as part of their work flow?

@thomasspriggs
Copy link
Contributor

@danielsn Are you ok with us closing out this issue, or do you want to make more arguments in favour of this feature?

@thomasspriggs
Copy link
Contributor

Ok. I am going to close this out, due to lack of further arguments in favour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomasspriggs thomasspriggs

Labels
aws Bugs or features of importance to AWS CBMC users aws-medium wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tautschnig @kroening @danielsn @thomasspriggs