Upstream slice functions #2758
Upstream slice functions #2758
Conversation
nmanthey
requested review from
chrisr-diffblue,
martin-cs and
peterschrammel
as code owners
|
(I'll get someone to produce a set of tests) |
|
I can certainly add a test case here, I just learned from #2748 that I can show the goto-program to compare it in the test case. |
nmanthey
force-pushed
the
upstream-slice-functions
branch
from
f9edad3 to
392cdf5
Compare
nmanthey
force-pushed
the
upstream-slice-functions
branch
from
392cdf5 to
19f303a
Compare
nmanthey
requested review from
pkesseli,
smowton and
tautschnig
as code owners
|
3 small fixes:
|
xbauch
force-pushed
the
upstream-slice-functions
branch
from
78cabc8 to
3091abd
Compare
| --fp-reachability-slice c | ||
| ^EXIT=0$ | ||
| ^SIGNAL=0$ | ||
| -- |
There was a problem hiding this comment.
This is a bit easy to pass at the moment, especially if the precise pretty-printing of "dead f" were to change. Suggest adding some positive requirements too, to make the test more robust.
| --fp-reachability-slice a,c | ||
| ^EXIT=0$ | ||
| ^SIGNAL=0$ | ||
| dead d; |
There was a problem hiding this comment.
(for comparison, this is better)
| main.c | ||
| --fp-reachability-slice b,c | ||
| ^EXIT=0$ | ||
| ^SIGNAL=0$ |
There was a problem hiding this comment.
No meaningful positive conditions
| stack.emplace_back(edge.first, true); | ||
| stack.emplace_back( | ||
| cfg.entry_map[std::prev(node.PC)], caller_is_known); | ||
| if(std::prev(node.PC)->is_function_call()) |
There was a problem hiding this comment.
Comment about when this might be false?
There was a problem hiding this comment.
It really shouldn't happen, but something broke in the slicer during multiple calls and the cfg-predecessor of a successor-of-callsite was not a function call. Now that a new slicer is created it does not happen, so I replaced it back with the original invariant.
| if( | ||
| !e.reaches_assertion && !e.reachable_from_assertion && | ||
| !i_it->is_end_function()) | ||
| i_it->make_assumption(false_exprt()); | ||
| e.reaches_assertion = e.reachable_from_assertion = false; |
There was a problem hiding this comment.
Comment in-inline about why these are reset here?
There was a problem hiding this comment.
(It looks like the slicer might be run more than once, in which case perhaps it should be reset before use, rather than upon executing the transformation?)
There was a problem hiding this comment.
It seems that slicer is not really supposed to be called multiple times; or it would require a much more thorough resetting that just the reachability flags. I changed the code to build a new slicer before every call.
| goto_modelt &goto_model, | ||
| const std::string &functions_list) | ||
| { | ||
| reachability_slicert s; |
There was a problem hiding this comment.
This (and the following) were renamed as suggested. Thanks.
| { | ||
| reachability_slicert s; | ||
|
|
||
| std::istringstream multiple_functions(functions_list); |
There was a problem hiding this comment.
multiple_functions->functions_stream?
| std::string single_function; | ||
| while(std::getline(multiple_functions, single_function, ',')) | ||
| { | ||
| in_function_criteriont p(single_function); |
|
This is nearly there; it needs a bit of commit squashing, i.e., the tests should come with the code that is tested. |
This criterion marks all instructions of a given function as slicer starting point. This is useful when the slicing does not aim at properties, but path that hit a certain function.
This slicer keeps any function in the program, in case it is backward or forward reachable from the target function. The analysis can be repeated for multiple functions. Note: This implementation cannot deal with order of function calls, e.g. if functions a,b and c should be kept, then a path that has a, which calls c, which calls b will also be kept. However, path where not all functions will be called, will be dropped.
xbauch
force-pushed
the
upstream-slice-functions
branch
from
424e30e to
ed85c7f
Compare
There was a problem hiding this comment.
This PR failed Diffblue compatibility checks (cbmc commit: ed85c7f).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86137585
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
| @@ -1610,6 +1619,9 @@ void goto_instrument_parse_optionst::help() | |||
| " --render-cluster-function clusterises the dot by functions\n" | |||
| "\n" | |||
| "Slicing:\n" | |||
| " --fp-reachability-slice <f> remove instructions that cannot appear on a\n" // NOLINT(*) | |||
There was a problem hiding this comment.
--fp-reachability-slice f
The list of functions has to be given as a comma-separated list f.
There was a problem hiding this comment.
Shouldn't this use HELP_REACHABILITY_SLICER from below?
There was a problem hiding this comment.
It seems that this help macro is for CBMC options, e.g. --reachability-slice-fb is not a valid option for goto-instrument.
| { | ||
| std::istringstream functions_stream(functions_list); | ||
| std::string single_function; | ||
| while(std::getline(functions_stream, single_function, ',')) |
There was a problem hiding this comment.
It would be better to provide the splitting as a list<string> cmdlinet::get_comma_separated_values(string) function.
|
|
||
| #define HELP_REACHABILITY_SLICER \ | ||
| " --fp-reachability-slice <f> remove instructions that cannot appear on a " \ | ||
| "trace that visits all given functions. The list of functions has to be " \ |
There was a problem hiding this comment.
The text help text should be broken after 80 chars and properly aligned (e.g. trace should start below remove).
| /// Perform reachability slicing on goto_model for selected functions. | ||
| /// \param goto_model Goto program to slice | ||
| /// \param functions_list The functions relevant for the slicing (i.e. starting | ||
| /// point for the search in the cfg). Anything that is reachable in the CFG |
There was a problem hiding this comment.
This PR failed Diffblue compatibility checks (cbmc commit: bfe3dd2).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86266130
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
|
|
||
| #define HELP_REACHABILITY_SLICER \ | ||
| " --fp-reachability-slice f remove instructions that cannot appear on a " \ | ||
| "trace\n that visits all given functions. The " \ |
There was a problem hiding this comment.
The layout looks a bit odd. Since clang-format is already off for this section, I'm sure you can make this nicer manually.
This commit adds the command line argument handling for the function path slicer. To keep all possible exeuction traces that hit both function a and b, an example invocation could look as follows: goto-instrument --fp-reachability-slice a,b input output Note, any trace that touches only a, but not b, will not be kept in the program.
xbauch
force-pushed
the
upstream-slice-functions
branch
from
bfe3dd2 to
d86701c
Compare
There was a problem hiding this comment.
Passed Diffblue compatibility checks (cbmc commit: d86701c).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86571560
This change allows to slice based on functions remaining reachable. This slicing allows to reduce the search space to a user chosen subset of the prorgam.