Integrate fault localizer into goto checker [blocks: 4215] #3970
Conversation
peterschrammel
requested review from
cesaro,
chrisr-diffblue,
cristina-david,
kroening,
NathanJPhillips,
pkesseli,
smowton,
tautschnig and
thk123
as code owners
tautschnig
changed the title
peterschrammel
force-pushed
the
fault-localizer
branch
from
9476ab3 to
2ca57a4
Compare
peterschrammel
changed the title
peterschrammel
force-pushed
the
fault-localizer
branch
2 times, most recently
from
dc881ce to
eca9530
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: eca9530).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/101371546
peterschrammel
changed the title
src/goto-checker/report_util.cpp
Outdated
| { | ||
| log.debug() << score_pair.first->source_location | ||
| << "\n score: " << score_pair.second << messaget::eom; | ||
| } |
There was a problem hiding this comment.
Use messaget::conditional_output to avoid doing a lot of work when it most likely won't be of any value.
| log.status() << "Localizing fault" << messaget::eom; | ||
|
|
||
| // pick localization method | ||
| // if(options.get_option("localize-faults-method")=="TBD") |
There was a problem hiding this comment.
I suppose this is copy&paste?
There was a problem hiding this comment.
Yes, I am inclined to remove this option altogether as nobody has ever implemented any alternative method in 3 years.
| if(solver() == decision_proceduret::resultt::D_SATISFIABLE) | ||
| return false; | ||
|
|
||
| return true; |
There was a problem hiding this comment.
return solver() != decision_proceduret::resultt::D_SATISFIABLE;
| v.resize(localization_points.size()); | ||
|
|
||
| for(std::size_t i = 0; i < localization_points.size(); ++i) | ||
| v[i] = tvt(tvt::tv_enumt::TV_UNKNOWN); |
There was a problem hiding this comment.
localization_points_valuet v(localization_points.size(), tvt::unknown());
src/goto-checker/report_util.cpp
Outdated
| { | ||
| PRECONDITION(!fault_location.scores.empty()); | ||
|
|
||
| auto max_it = fault_location.scores.begin(); |
There was a problem hiding this comment.
Use std::max and a comparator?
| { | ||
| l.second->second++; | ||
| } | ||
| else if(solver.l_get(l.first).is_false() && l.second->second > 0) |
There was a problem hiding this comment.
l.second->second is a bit opaque -- comment on what that is?
| if(properties.at(property_id).status == property_statust::FAIL) | ||
| { | ||
| // get correctly truncated error trace for property and store it | ||
| (void)traces.insert( |
There was a problem hiding this comment.
Are these both expected to be insert-new-key? If so suggest cross-checking with a CHECK_RETURN that they are indeed new.
There was a problem hiding this comment.
(If not, suggest inserting a dummy value and only calling the expensive build / localize functions if they really are new)
There was a problem hiding this comment.
I've added an invariant in the trace storage.
peterschrammel
force-pushed
the
fault-localizer
branch
from
eca9530 to
469c522
Compare
Make sure a failed property only occurs once in updated_properties so that storing its trace is only attempted once.
Utility function to freeze all guards, as e.g. needed for fault localization.
Print information about the likely fault location.
Can be implemented by an incremental goto checker to provide information about the likely fault location.
Requires prop_convt, symex_target_equationt and frozen guards.
Uses goto_symex_fault_localizert to provide the functionality.
Variant that reports fault localization information.
Variant that reports fault localization information.
Available by using multi-path symex checker
Available by using multi-path symex checker
peterschrammel
force-pushed
the
fault-localizer
branch
from
469c522 to
b1d9072
Compare
Uh oh!
There was an error while loading. Please reload this page.