Incremental unwinding of one specified loop #4361
Conversation
peterschrammel
requested review from
chrisr-diffblue,
kroening,
martin-cs,
smowton and
tautschnig
as code owners
peterschrammel
force-pushed
the
incremental-one-loop
branch
from
66a2e73 to
df73a7b
Compare
regression/test.pl
Outdated
| @@ -65,7 +65,7 @@ ($$) | |||
|
|
|||
| chomp @data; | |||
| if($exit_signal_checks) { | |||
| grep { /^\^EXIT=[\(\|\d]*\d+\)?\$$/ } @data or die "$fname: Missing EXIT test\n"; | |||
| grep { /^\^?EXIT=[\(\|\d]*\d+\)?\$$/ } @data or die "$fname: Missing EXIT test\n"; | |||
There was a problem hiding this comment.
I'm aware this is work-in-progress, but I'd really like to get a better understanding of what's going on here. The EXIT=... output is generated by test.pl itself. If that isn't at the beginning of a line, then something else has gone wrong.
There was a problem hiding this comment.
Still experimenting with that. I have some tests that succeed when they are killed by a timeout. In that case the EXIT output can get appended to whatever line is being printed at that moment. Surprisingly, printing \nEXIT... in test.pl doesn't put it on a new line either...
There was a problem hiding this comment.
Is that a race condition with some buffers only being flushed? You might try doing
$| = 1;
print "\n";before it's printing EXIT.
There was a problem hiding this comment.
Just noting: this change no longer appears in #5217
peterschrammel
force-pushed
the
incremental-one-loop
branch
from
df73a7b to
55e695c
Compare
peterschrammel
force-pushed
the
incremental-one-loop
branch
2 times, most recently
from
e85459d to
5fadf38
Compare
peterschrammel
requested review from
allredj,
cesaro,
cristina-david,
danpoe,
hannes-steffenhagen-diffblue,
pkesseli and
romainbrenguier
as code owners
peterschrammel
force-pushed
the
incremental-one-loop
branch
2 times, most recently
from
ff84207 to
49606e6
Compare
peterschrammel
changed the title
peterschrammel
force-pushed
the
incremental-one-loop
branch
2 times, most recently
from
012f82a to
d3b9962
Compare
There was a problem hiding this comment.
This PR failed Diffblue compatibility checks (cbmc commit: d3b9962).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/106452418
Status will be re-evaluated on next push.
Common spurious failures include: the cbmc commit has disappeared in the mean time (e.g. in a force-push); the author is not in the list of contributors (e.g. first-time contributors); compatibility was already broken by an earlier merge.
Allows ignoring assertions until a certain condition is satisfied (e.g. a certain unwinding is reached). Used for implementation of ignore-assertions-before-unwind-min.
This enables the caller to handle assertion conversion differently, e.g. for incremental loop unwinding.
We can ignore already failed properties.
Required for incremental loop unwinding.
Implement callback that decides on when to interrupt goto-symex during incremental unwinding.
Checks the assertions after each iteration of a specified loop.
for incremental unwinding and assertion checking of a specified loop.
for incremental unwinding and assertion checking of a specified loop.
Otherwise single quotes get incorrectly stripped off.
This seems to work when calling bash again. Otherwise, we can get something like: This is half a liEXIT=123
Option name has changed.
These require more options that have not been implemented yet.
Allows to check assertions only between unwind-min and unwind-max iterations of a specified loop.
peterschrammel
force-pushed
the
incremental-one-loop
branch
from
3f41327 to
20613e8
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 20613e8).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/114721432
| @@ -1,6 +1,6 @@ | |||
| CORE | |||
| main.c | |||
| --incremental-check main.0 --unwind-max 25 --no-unwinding-assertions | |||
| --incremental-loop main.0 --unwind-max 15 | |||
There was a problem hiding this comment.
Is --increment-check still needed/tested somewhere?
There was a problem hiding this comment.
The tests have been in the codebase without the actual implementation (= this PR). We decided to give the option a different name now.
| -- | ||
| Tests whether goto-symex does not stop early when it cannot figure out the | ||
| loop bound and there is no error in the loop. | ||
| Mac OS exit code is 14 |
There was a problem hiding this comment.
Why are the exit codes different? Is the exit code not under our control in this situation? What process is receiving the SIGALRM - perl, or cbmc? or something else?
There was a problem hiding this comment.
perl - the exit codes seem to be different on linux vs mac os.
| print $FH "EXIT=$exit_value\n"; | ||
| print $FH "SIGNAL=$signal_num\n"; | ||
| close $FH; | ||
| system("bash", "-c", "cd '$name' ; echo '\nEXIT=$exit_value\nSIGNAL=$signal_num\n' >> '$output'"); |
There was a problem hiding this comment.
This seems annoyingly messy and fragile - why has this not shown up before now - or is it related to the signal handling for sigalrm?
There was a problem hiding this comment.
It's related to sigalrm. That was the only robust way of getting the second output appended to the file without losing the leading newline (see discussion with @tautschnig above).
In the end I'm not sure it's worth the hassle. Probably I should just remove these two tests.
| symbol_tablet symex_symbol_table; | ||
| namespacet ns; | ||
| symex_target_equationt equation; | ||
| path_fifot path_storage; // should go away |
There was a problem hiding this comment.
Is this something that should be tracked as a github Issue? If so, a reference to that issue here would nice :-)
| @@ -197,6 +197,10 @@ class goto_symext | |||
| /// symbolic execution from that state. | |||
| bool should_pause_symex; | |||
|
|
|||
| /// If this flag is set to true then assertions will be temporarily ignored | |||
| /// by the symbolic executions. | |||
There was a problem hiding this comment.
What exactly does "ignored" mean? Any why is this ever the right thing to do?
| @@ -468,7 +468,7 @@ void symex_target_equationt::convert_assertions( | |||
| { | |||
| // ignore already converted assertions in the error trace | |||
| if(step.is_assert() && step.converted) | |||
| step.ignore = true; | |||
| step.hidden = true; | |||
There was a problem hiding this comment.
That makes the comment above seem rather odd?
| @@ -495,7 +495,7 @@ void symex_target_equationt::convert_assertions( | |||
| { | |||
| // ignore already converted assertions in the error trace | |||
| if(step.is_assert() && step.converted) | |||
| step.ignore = true; | |||
| step.hidden = true; | |||
| convert_function_calls(decision_procedure); | ||
| convert_io(decision_procedure); | ||
| convert_constraints(decision_procedure); | ||
| } |
There was a problem hiding this comment.
Could this be refactored so that we don't have almost-the-same-code twice?
| bool is_function, | ||
| statet &state, | ||
| const exprt &cond, | ||
| unsigned unwind); |
| if(check_break(loop_id, false, state, new_guard, unwind)) | ||
| { | ||
| should_pause_symex = true; | ||
| } |
There was a problem hiding this comment.
Why is this only done in the new_guard.is_true() case? What about a non-constant guard for a backwards-goto?
| @@ -188,7 +188,10 @@ void run_property_decider( | |||
| "(unwind):" \ | |||
| "(unwindset):" \ | |||
| "(graphml-witness):" \ | |||
| "(unwindset):" | |||
There was a problem hiding this comment.
I was confused at first - maybe we should have a separate commit that cleans up this duplicate (unwindset):?
| @@ -1,10 +1,10 @@ | |||
| default: tests.log | |||
|
|
|||
| test: | |||
| @../test.pl -c "perl -e 'alarm shift @ARGV; exec @ARGV' 30 ../../../src/cbmc/cbmc --slice-formula" | |||
| @../test.pl -c "perl -e 'alarm shift @ARGV; exec @ARGV' 8 ../../../src/cbmc/cbmc --slice-formula" | |||
There was a problem hiding this comment.
Why is there a perl -e wrapper for those tests?
There was a problem hiding this comment.
I think a comment would be nice to have.
| @@ -35,6 +35,8 @@ symex_bmc_incremental_one_loopt::symex_bmc_incremental_one_loopt( | |||
| options.is_set("unwind-min") ? options.get_signed_int_option("unwind-min") | |||
| : 0) | |||
| { | |||
| ignore_assertions = | |||
| options.get_bool_option("ignore-properties-before-unwind-min"); | |||
There was a problem hiding this comment.
When was this option introduced and where is it documented?
|
@peterschrammel Is there still anything left to be merged here? |
|
No, this has been fully merged by another PR. |
Incremental unwinding and assertion checking of a specified loop.
Based on #4054