Additional goto-symex documentation #3975
Conversation
JohnDumbell
requested review from
chrisr-diffblue,
kroening,
martin-cs,
peterschrammel,
pkesseli,
smowton,
tautschnig and
thk123
as code owners
There was a problem hiding this comment.
Looks good except for the "loop id" part. It may also be worth linking to the documentation that @johanneskloos has put together about symbolic execution, where the SSA renaming is already being explained (doc/architectural/background-concepts.md).
src/goto-symex/goto_symex_state.h
Outdated
| guardt guard{true_exprt{}}; | ||
| symex_targett::sourcet source; | ||
| symex_target_equationt *symex_target; | ||
|
|
||
| // we remember all L1 renamings | ||
| std::set<irep_idt> l1_history; | ||
|
|
||
| // Objects which hold the separate renaming logic for each level that a | ||
| // symex variable can be on. L0 relates to thread ID, L1 relates to loop ID, |
There was a problem hiding this comment.
No, L1 is the frame id (the number of times a function has been called).
src/goto-symex/goto_symex_state.h
Outdated
| // symex variable can be on. L0 relates to thread ID, L1 relates to loop ID, | ||
| // and L2 relates to generation ID. | ||
| // | ||
| // If looking at the VCC they are shown as !{threadID}@{loopID}#{generationID} |
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
dc04d7e to
1a9a2ad
Compare
There was a problem hiding this comment.
Patch 1, the comment changes, are good and I would support. Patch 2, s/pc/program_counter/ TBH I'm not sure it is worth the churn. Would a comment / description where it is declared suffice? I'm not sure that there are many people who know what a program counter is but don't know that it is often abbreviated to PC.
|
It helps in reading the code if you don't know the terminology but are relatively comfortable with how code like this should work. Just reading 'pc' as you scan a method gives very little information, but 'program_counter' combined with it being an iterator gives a few solid guesses about what it's doing without going any deeper. This may be a niche situation though, and once you know the abbreviation you're all good anyway. I have no strong opinions either way - I just felt it helped clarity. |
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
1a9a2ad to
a16bf20
Compare
src/analyses/dirty.h
Outdated
| @@ -20,6 +20,10 @@ Date: March 2013 | |||
| #include <util/invariant.h> | |||
| #include <goto-programs/goto_functions.h> | |||
|
|
|||
| /// Dirty variables are ones which have their address taken so we can't | |||
| /// reliably work out where they may be assigned. All variables of this sort | |||
| /// escape their local scope and are also considered shared state in the | |||
There was a problem hiding this comment.
Nitpick: usually "escape" would mean live longer than the scope, which isn't true here -- they just might be accessed indirectly and/or by callees
src/goto-symex/goto_symex_state.h
Outdated
| /// executes. As we walk over each instruction, state will be updated reflecting | ||
| /// their effects until a branch occurs (such as an if), where parts of the | ||
| /// state will be copied into a \ref goto_statet, stored in a map for later | ||
| /// reference and then merged again once it reaches a control-flow graph |
There was a problem hiding this comment.
Mention the name of the merge function
src/goto-symex/goto_symex_state.h
Outdated
| // Map L1 names to (L2) constants | ||
| // Map L1 names to (L2) constants. Values will be evicted from this map | ||
| // when they become non-constant. This is used to propagate values that have | ||
| // been worked out to only have one viable value. |
src/goto-symex/goto_symex_state.h
Outdated
| // | ||
| // "constants" can include symbols, but only in the context of an address-of | ||
| // op (i.e. &x can be propagated), and an address-taken thing should only be | ||
| // L1. Actual integer literals (for example) aren't symbols, and so aren't |
There was a problem hiding this comment.
I'd drop the mention of integer literals, it adds more confusion than it removes imo
src/goto-symex/goto_symex_state.h
Outdated
| /// guards, dynamic objects and anything not considered thread-local) | ||
| /// L1. Applies a suffix giving the current loop iteration or recursive | ||
| /// function invocation. | ||
| /// L2. Applies a suffix giving the latest generation of this variable. |
There was a problem hiding this comment.
strike "latest" (writes are always to the latest / fresh generation, but reads can be from past generations, especially in phi nodes)
src/goto-symex/goto_symex_state.h
Outdated
| @@ -115,6 +156,10 @@ class goto_symex_statet final | |||
| // do dereferencing | |||
| value_sett value_set; | |||
|
|
|||
| /// Container for data that varies per program point, e.g. the constant | |||
| /// propagator state, when state needs to branch. This is copied out of | |||
| /// goto_symex_statet at a control-flow fork and then back into it (at some | |||
There was a problem hiding this comment.
back into it at a control-flow merge
Strike "and not the other way around," since we've just said state goes into it and out of it
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
a16bf20 to
956d240
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: a16bf20).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98846560
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 956d240).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98858825
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
956d240 to
7e9158d
Compare
|
@peterschrammel Done. |
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
7e9158d to
c352c90
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: c352c90).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98957513
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
c352c90 to
663f6e3
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 663f6e3).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98983334
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
663f6e3 to
dd518a9
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: dd518a9).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/99143224
JohnDumbell
force-pushed
the
jd/doc/symex
branch
from
dd518a9 to
20a84fb
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 20a84fb).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/99462351
Added some comments around areas in symex where it wasn't immediately obvious from a relative newcomer to the code about what precisely they did and why it was important (I was the newcomer in this situation). The field rename touches quite a bit of code, but there's nothing in there beside the rename and required clang-format changes.
Feel free to mention if there's another important area that I should try and document, as I mostly focused on areas that would've been useful to me when I originally started looking around.