Factor out goto model processing and default options #2049
Conversation
karkhaz
requested review from
kroening,
peterschrammel,
smowton and
tautschnig
as code owners
There was a problem hiding this comment.
This refactoring is great, and my requests-for-more-work are all only possible because you started this line of work. Sorry that it means there is even more work to do... @peterschrammel @kroening could you comment on whether some of that work is also useful to simplify/reduce redundancy with other *_parse_optionst instances?
src/cbmc/cbmc_parse_options.cpp
Outdated
| @@ -111,6 +130,8 @@ void cbmc_parse_optionst::get_command_line_options(optionst &options) | |||
| if(cmdline.isset("paths")) | |||
| options.set_option("paths", true); | |||
|
|
|||
| cbmc_parse_optionst::set_default_options(options); | |||
|
|
|||
There was a problem hiding this comment.
Nit pick: may I suggest to move this up by three lines to be the very first step before doing if(cmdline.isset...?
src/cbmc/cbmc_parse_options.cpp
Outdated
| options.set_option("simplify-if", true); | ||
|
|
||
| // Default false | ||
| options.set_option("stop-on-fail", false); |
There was a problem hiding this comment.
Could you please add unwinding-assertions, partial-loops, slice-formula in here and refactor their current command-line/options code to use if(cmdline.isset...)?
src/cbmc/cbmc_parse_options.cpp
Outdated
| const optionst &options) | ||
| goto_modelt &goto_model, | ||
| const optionst &options, | ||
| const cmdlinet &cmdline, |
There was a problem hiding this comment.
Your change highlights one existing poor design: this function should not be using cmdline anymore, anything it cares about ought to have been placed in options. Could you please clean this up as well?
src/cbmc/cbmc_parse_options.cpp
Outdated
| const cmdlinet &cmdline, | ||
| messaget &log, | ||
| ui_message_handlert &ui_message_handler, | ||
| message_handlert &mh) |
There was a problem hiding this comment.
mh and ui_message_handler will actually be the same in the context of cbmc_parse_optionst, and both of which you'd get by doing log.get_message_handler(). What you wouldn't be able to get, though, is ui_message_handler.get_ui() so maybe pass that in addition to just a messaget?
src/cbmc/cbmc_parse_options.cpp
Outdated
| const optionst &options, | ||
| const cmdlinet &cmdline, | ||
| messaget &log, | ||
| message_handlert &mh) |
There was a problem hiding this comment.
As above: just pass log, and obtain mh via log.get_message_handler().
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
2 times, most recently
from
20594cf to
0859693
Compare
|
Just pushed some changes. Please could you confirm that the hunk at cbmc_parse_options.cpp:224 captures the right intention? I think this is a bit more explicit than before, even, since the code before would silently ignore At the severe risk of creating more work for myself...there are queries to I think eventually it might be desirable to avoid passing |
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
from
0859693 to
85e8d63
Compare
There was previously no public interface to check whether an option had been set in an optionst object; this meant that clients were instead using the isset() method of cmdlinet. This change allows us to set the options from the cmdlinet near the beginning of the front-end, and not refer to the cmdlinet afterward.
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
from
85e8d63 to
9af0a1c
Compare
CBMC parse options that have default values are all set in a single
place---a static method that may also be called from any client that
needs to emulate CBMC's default options (e.g. unit tests). Previous to
this commit, there were a lot of
if(cmdline.isset("no-foo"))
options.set_option("foo", false);
else
options.set_option("foo", true);
This commit removes all the else cases.
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
from
9af0a1c to
b7b9ad9
Compare
|
All checks passed. I implemented your suggestion of changing |
src/cbmc/cbmc_parse_options.cpp
Outdated
| options.set_option("bounds-check", true); | ||
|
|
||
| if(cmdline.isset("pointer-check")) | ||
| options.set_option("pointer-check", true); |
There was a problem hiding this comment.
"pointer-check" and "bounds-check" are actually covered by PARSE_OPTIONS_GOTO_CHECK below so those two can be skipped here.
src/cbmc/cbmc_parse_options.cpp
Outdated
| cmdline.isset("unwinding-assertions")); | ||
| error() << "--cover and --unwinding-assertions " | ||
| << "must not be given together" << eom; | ||
| exit(CPROVER_EXIT_USAGE_ERROR); |
There was a problem hiding this comment.
It's probably a good idea to communicate this to users explicitly.
| nondet_static(goto_model); | ||
| } | ||
|
|
||
| if(cmdline.isset("string-abstraction")) | ||
| if(options.get_bool_option("string-abstraction")) |
There was a problem hiding this comment.
I don't think this option is getting set above?
| @@ -777,21 +806,21 @@ bool cbmc_parse_optionst::process_goto_program( | |||
| // add loop ids | |||
| goto_model.goto_functions.compute_loop_numbers(); | |||
|
|
|||
| if(cmdline.isset("drop-unused-functions")) | |||
| if(options.get_bool_option("drop-unused-functions")) | |||
There was a problem hiding this comment.
This needs to be checked as well above, I think.
src/cbmc/cbmc_parse_options.cpp
Outdated
| { | ||
| error() << "--reachability-slice and --reachability-slice-fb " | ||
| << "must not be given together" << eom; | ||
| log.error() << "--reachability-slice and --reachability-slice-fb " |
There was a problem hiding this comment.
May I suggest moving this options-collision checking up with the cmdline parsing? Errors should be flagged as early as possible.
|
sigh thanks for pointing these out. My strategy was to set the option for each command-line that was causing a test somewhere to fail. So all of the ones you pointed out don't have sufficient test coverage that it made a difference that I missed setting their option 😞 I now feel that this is fragile and prone to drift apart in the future---in both directions: where somebody misses setting an option, or where an option is accidentally set twice like in I'll sort these out tomorrow, need to sleep now, but maybe I'll think of a more robust way of doing this (or I'd appreciate any suggestions). I've often fantasied about writing a new |
Is #1521 of some help in this regard? Not that it specifies one single solution, but at least there is discussion - please do chime in! Other than that: yes, better test coverage is needed, or really just a record of current test coverage. There has been some work on that, but AFAIK that got put on the backlog. |
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
2 times, most recently
from
8aa1ea1 to
3e4a77e
Compare
|
Comments are addressed, all checks are passing. I'll wait until I at least have a skeleton implementation before chiming in, I want to see if my ideas are practical. (One other thing that I wanted to have is a command line interface that could dump itself as {ba,z}sh completion files, man pages, etc...there's already a script that does this, but it would be nice to do it programatically rather than parsing cmdline text, since then we could also pass type information to zsh completion and so on) |
|
This looks great -- one question, to what degree can this be factored with JBMC? |
|
@smowton my feeling is that it might end up becoming a mess of front-end specific checks if we used the same static method? E.g. JBMC needs a I haven't actually tried it, but it looks like there would have to be e.g. a |
|
Fair enough, leave it then |
src/cbmc/cbmc_parse_options.cpp
Outdated
| options.set_option("simplify", true); | ||
| options.set_option("simplify-if", true); | ||
|
|
||
| // Default false |
There was a problem hiding this comment.
I am wondering: should this part actually be omitted completely? It does make a difference if the (new) is_set is used, but for get_bool_option setting them to false is as good as not setting them.
Edit: many other options also default to false, but are not being set here. I'm always after consistency...
CBMC's methods for getting a goto-model from a source file, and processing that goto-model to be ready for bounded model checking, are now static so that they can be called from clients that wish to set up a goto-model the same way that CBMC does.
karkhaz
force-pushed
the
kk-factor-goto-model-processing
branch
from
3e4a77e to
014d151
Compare
|
@tautschnig I removed the default-false options. |
This PR introduces a static method for setting CBCM's default options, and makes two of
cbmc_parse_optiont's methods static (for getting and processing a goto-model). This is so that clients that wish to emulate CBMC's functionality can do so by calling into these static methods, rather than duplicating code that is currently scattered through the file.