Generate function bodies that nondet havoc the function arguments [blocks: #3457] #3455
Conversation
danpoe
commented
Nov 22, 2018
•
danpoe
commented
- Each commit message has a non-empty body, explaining why the change was made.
- Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
- The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
- Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
- n/a My commit message includes data points confirming performance improvements (if claimed).
- My PR is restricted to a single feature or bugfix.
- White-space or formatting changes outside the feature-related changed lines are in commits of their own.
danpoe
requested review from
cesaro,
chrisr-diffblue,
cristina-david,
kroening,
martin-cs,
NathanJPhillips,
peterschrammel,
pkesseli,
smowton,
tautschnig and
thk123
as code owners
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
44c1de2 to
f4e7c0c
Compare
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
2 times, most recently
from
6066ba1 to
71185a1
Compare
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
7e828df to
a9ba6ac
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: a9ba6ac).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/92410007
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
tautschnig
changed the title
danpoe
changed the title
|
Needs a rebase on top of #3443 by the looks of it - 3443 has 4 commits, only the top 5 commits of this branch should be reviewed according to the description of this PR - yet this PR has 23 commits :-) |
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
a9ba6ac to
c3076a7
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: c3076a7).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/93054013
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
c3076a7 to
e66793d
Compare
…ation-from-object-factories Factor out object allocation from object factories [blocks: #3455]
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
2 times, most recently
from
fe3bcb3 to
19e3122
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 19e3122).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/95290559
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
19e3122 to
3257165
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 3257165).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/95394796
| @@ -1185,6 +1185,19 @@ void goto_instrument_parse_optionst::instrument_goto_program() | |||
| remove_skip(goto_model); | |||
| } | |||
|
|
|||
| if(cmdline.isset("generate-function-body")) | |||
There was a problem hiding this comment.
Could you please explain the "Why?" in the commit message?
regression/goto-instrument/generate-function-body-havoc-params-simple/test.desc
Show resolved
Hide resolved
| @@ -15,6 +15,8 @@ Author: Daniel Kroening, [email protected] | |||
| #include <iostream> | |||
| #include <memory> | |||
|
|
|||
| #include <ansi-c/c_object_factory_parameters.h> | |||
There was a problem hiding this comment.
Please move this a few lines down, with the other ansi-c include.
| @@ -1187,8 +1189,13 @@ void goto_instrument_parse_optionst::instrument_goto_program() | |||
|
|
|||
| if(cmdline.isset("generate-function-body")) | |||
| { | |||
| optionst options; | |||
There was a problem hiding this comment.
Please use a different name, this shadows the existing options object in this method.
| @@ -1187,8 +1189,13 @@ void goto_instrument_parse_optionst::instrument_goto_program() | |||
|
|
|||
| if(cmdline.isset("generate-function-body")) | |||
| { | |||
| optionst options; | |||
| parse_c_object_factory_options(cmdline, options); | |||
| c_object_factory_parameterst object_factory_parameters(options); | |||
There was a problem hiding this comment.
Do we know for sure that the "C" object factory is the right one?
There was a problem hiding this comment.
The function body generation is currently hardcoded to use the c_nondet_symbol_factory. I'm not sure at this point how difficult it would be to also make it work with the java object factory. I'd rather have this PR only include the C feature for now.
| @@ -104,6 +104,8 @@ Author: Daniel Kroening, [email protected] | |||
| OPT_REPLACE_CALLS \ | |||
| "(validate-goto-binary)" \ | |||
| OPT_VALIDATE \ | |||
| "(max-nondet-tree-depth):" \ | |||
| "(min-null-tree-depth):" \ | |||
There was a problem hiding this comment.
Don't we have/shouldn't we have some OPT_... for those?
| @@ -42,7 +42,8 @@ exprt::operandst build_function_environment( | |||
| base_name, | |||
| p.type(), | |||
| p.source_location(), | |||
| object_factory_parameters); | |||
| object_factory_parameters, | |||
| lifetimet::AUTOMATIC_LOCAL); | |||
There was a problem hiding this comment.
Random place for comment: it would be nice if the commit message could explain why the existing symbol factory wasn't usable as-is.
| symbol_factory.declare_created_symbols(init_code); | ||
| init_code.append(assignments); | ||
|
|
||
| null_message_handlert nmh; |
There was a problem hiding this comment.
I'm not sure that's a good idea.
There was a problem hiding this comment.
Ok, I'm using a real one now.
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
from
3257165 to
a0c1701
Compare
|
@tautschnig I've now addressed all the comments. |
tautschnig
assigned peterschrammel, martin-cs and chrisr-diffblue and unassigned tautschnig
danpoe
force-pushed
the
feature/nondet-function-argument-targets
branch
2 times, most recently
from
136f584 to
ade4e66
Compare
This is because we want to use the c nondet symbol factory from the ansi-c directory, and code in goto-programs should not depend on code in ansi-c.
This is so we can use the goto_check() features (such as --pointer-check) in the regression tests for the function body generation feature (e.g., to ensure that the generated code for a function does not dereference a null pointer passed to the function, by using --pointer-check). A potential drawback is that goto check instrumentation code is also added to the code generated by the function body generation feature, which could affect performance.
Parse the c object factory command line parameters when the function body generation is enabled, and pass the resulting c_object_factory_parameterst object along to an appropriate subclass of generate_function_bodiest.
We essentially make two changes to the c nondet symbol factory: - A parameter assign_const is added to gen_nondet_init(). When false, an object of const type is not nondet assigned. This will be used in the function body generation feature to not havoc const arguments (e.g., the targets of pointers to const int) - A parameter lifetime (an enum of type lifetimet) is added to the constructor of symbol_factoryt. It indicates whether it uses lifetimet::AUTOMATIC_LOCAL, lifetimet::STATIC_GLOBAL, or lifetimet::DYNAMIC when allocating new objects with allocate_object(). Previously this was hardcoded to behave like lifetime::AUTOMATIC_LOCAL. However, in the function body generation we need to add code to a function to allocate dynamic objects. This is because the function may be called multiple times, hence using local or global variables does not work.
This removes the existing code in the function body generation for havoc-ing objects (in havoc_expr_rec()) and replaces it with calls to the c nondet symbol factory (gen_nondet_init()).
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: ade4e66).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/97372790
