Well formedness checking goto #3188
Conversation
xbauch
requested review from
cesaro,
chrisr-diffblue,
cristina-david,
forejtv,
kroening,
martin-cs,
NathanJPhillips,
peterschrammel,
pkesseli,
romainbrenguier,
smowton,
tautschnig and
thk123
as code owners
|
Only the last 4 commits are relevant. Feel free to have a look/review/comments but form my still be adopted to potential changes to #3123. |
src/util/std_code.h
Outdated
| void check(const validation_modet vm = validation_modet::INVARIANT) const | ||
| { | ||
| DATA_CHECK( | ||
| operands().size() == 3, "function calls must have three operands"); |
There was a problem hiding this comment.
A little more documentation? What are these three?
|
Looks much better. |
xbauch
force-pushed
the
well-formedness-checking-goto
branch
from
7c2e774 to
37e570b
Compare
xbauch
force-pushed
the
well-formedness-checking-goto
branch
from
66ed960 to
9447d2b
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 9447d2b).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/91978074
src/goto-programs/goto_program.cpp
Outdated
| source_location); | ||
| DATA_CHECK_WITH_DIAGNOSTICS( | ||
| !ns.lookup(to_code_decl(code).get_identifier(), table_symbol), | ||
| "declaring unknown symbol: " + |
There was a problem hiding this comment.
These texts seem to sometimes follow the style of "this property should hold" and other times "this property was violated". I think we should choose the same one every time (and probably prefer the former).
src/goto-programs/goto_program.cpp
Outdated
| DATA_CHECK_WITH_DIAGNOSTICS( | ||
| !ns.lookup(to_code_dead(code).get_identifier(), table_symbol), | ||
| "removing unknown symbol: " + | ||
| id2string(to_code_dead(code).get_identifier()) + " from scope", |
There was a problem hiding this comment.
This part should go into the diagnostics bits instead of being part of the description (same applies to several other places).
| #include <testing-utils/catch.hpp> | ||
| #include <util/arith_tools.h> | ||
|
|
||
| SCENARIO( |
There was a problem hiding this comment.
We add a unit test for the decl checks here, but not for the dead checks which were also added in the same commit
src/util/std_expr.cpp
Outdated
| if(e.type().id() != ID_bool) | ||
| return false; | ||
| if(e.id() == ID_typecast) | ||
| return e.type().id() == ID_bool; |
There was a problem hiding this comment.
This is always true because of the previous if
src/util/std_expr.cpp
Outdated
| if(e.id() == ID_exists || e.id() == ID_forall) | ||
| return true; | ||
|
|
||
| //weird |
There was a problem hiding this comment.
These are for floating point numbers I think
src/util/std_expr.cpp
Outdated
| @@ -211,3 +211,47 @@ const exprt &object_descriptor_exprt::root_object() const | |||
|
|
|||
| return *p; | |||
| } | |||
|
|
|||
| bool evaluates_to_boolean(const exprt &e) | |||
There was a problem hiding this comment.
This function is defined here, but not actually used anywhere?
There was a problem hiding this comment.
Yes, Michael wanted it in util but Martin did not want it to be used (in this PR).
There was a problem hiding this comment.
So maybe it should also be removed from this PR and be added to whichever PR actually does make use of it?
src/util/std_code.h
Outdated
| @@ -1080,6 +1080,47 @@ class code_function_callt:public codet | |||
| { | |||
| return op2().operands(); | |||
| } | |||
|
|
|||
| static void check(const codet& code, | |||
There was a problem hiding this comment.
What's the difference between check, validate and validate_full?
There was a problem hiding this comment.
xbauch
force-pushed
the
well-formedness-checking-goto
branch
from
9447d2b to
6db85da
Compare
|
Addressed comments by @hannes-steffenhagen-diffblue, rebased. Will squash the excessive commits once approved. |
src/util/std_expr.cpp
Outdated
| @@ -211,3 +211,47 @@ const exprt &object_descriptor_exprt::root_object() const | |||
|
|
|||
| return *p; | |||
| } | |||
|
|
|||
| bool evaluates_to_boolean(const exprt &e) | |||
There was a problem hiding this comment.
So maybe it should also be removed from this PR and be added to whichever PR actually does make use of it?
| goto-programs/goto_program_dead.cpp \ | ||
| goto-programs/goto_program_declaration.cpp \ | ||
| goto-programs/goto_program_function_call.cpp \ | ||
| goto-programs/goto_program_goto_target.cpp \ |
There was a problem hiding this comment.
Lexicographic ordering, please. (goto_program*<goto_trace_output)
There was a problem hiding this comment.
@tautschnig I fixed the ordering. As to the above evaluates_to_boolean function: that PR hasn't been made yet. I removed it from here, and will put it to a PR once we actually make it.
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 6db85da).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/93396736
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
Check that declared/removed symbol is known and the statement is valid.
Check that the guard evaluates to a Boolean value.
Check that returned types are matching.
Check that targets are well-formed and consistent.
xbauch
force-pushed
the
well-formedness-checking-goto
branch
from
6db85da to
2c9a5c3
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 2c9a5c3).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/93477996
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
Fills the skeleton of #3123 with additional checks of goto instructions. Each commit contains a unit test for its instruction.