Incremental unwinding of one specified loop -- rebase #5217
Conversation
xbauch
requested review from
chrisr-diffblue,
kroening,
peterschrammel,
romainbrenguier,
smowton and
tautschnig
as code owners
Codecov Report
@@ Coverage Diff @@
## develop #5217 +/- ##
===========================================
+ Coverage 67.43% 67.51% +0.07%
===========================================
Files 1157 1161 +4
Lines 95351 95495 +144
===========================================
+ Hits 64303 64476 +173
+ Misses 31048 31019 -29
Continue to review full report at Codecov.
|
xbauch
changed the title
|
@tautschnig Were your comments from #4361 addressed? |
There was a problem hiding this comment.
Comments from @tautschnig on original PR that are still outstanding
| : 0) | ||
| { | ||
| ignore_assertions = | ||
| options.get_bool_option("ignore-properties-before-unwind-min"); |
There was a problem hiding this comment.
Perhaps a question for @peterschrammel
When was this option introduced and where is it documented?
There was a problem hiding this comment.
It has been introduced as part of this PR. Maybe it hasn't been documented as part of thIs PR, though.
There was a problem hiding this comment.
Hmm, seems to be documented here @tautschnig : https://github.com/diffblue/cbmc/pull/5217/files#diff-e58a25459f0e8ca5a6c351b1d9d75167R225
There was a problem hiding this comment.
| options.get_bool_option("ignore-properties-before-unwind-min"); | |
| incr_min_unwind >= 2 && options.get_bool_option("ignore-properties-before-unwind-min"); |
@peterschrammel or at least this way it was in 5.4.
There was a problem hiding this comment.
Any observable effect of adding this?
There was a problem hiding this comment.
Well since the test(s) in question do not set the unwind-min I assume it is 1 by default. So the ignoring would not even occur. So yes, the test passes, but rather trivially.
There was a problem hiding this comment.
On the other hand, the test is still wrong if you set the unwind-min (to 10 for example) even with the suggested change.
|
Niavely looking at coverage we should add the following tests:
(dunno how you exercise those last two options) Also, we should add a trivial test for checking exit with non-zero exit code if ran with --paths as well as --incremental-loop just to stop any boneheaded mistakes in future Also, less nit picky, but it seems like |
Cannot be used with incremental loop unwinding.
not 'ignore' (which is used for slicing).
Allows ignoring assertions until a certain condition is satisfied (e.g. a certain unwinding is reached). Used for implementation of ignore-assertions-before-unwind-min.
This enables the caller to handle assertion conversion differently, e.g. for incremental loop unwinding.
We can ignore already failed properties.
Required for incremental loop unwinding.
Implement callback that decides on when to interrupt goto-symex during incremental unwinding.
Checks the assertions after each iteration of a specified loop.
for incremental unwinding and assertion checking of a specified loop.
for incremental unwinding and assertion checking of a specified loop.
Otherwise single quotes get incorrectly stripped off.
This seems to work when calling bash again. Otherwise, we can get something like: This is half a liEXIT=123
Option name has changed.
These require more options that have not been implemented yet.
Allows to check assertions only between unwind-min and unwind-max iterations of a specified loop.
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
2 times, most recently
from
46dad61 to
3bcb5ff
Compare
There was a problem hiding this comment.
AFAICT all of @tautschnig comments from #4361 have been addressed.
src/goto-symex/goto_symex.h
Outdated
| /// \param unwind: current unwinding counter | ||
| /// \return true if the symbolic execution is to be interrupted for checking | ||
| virtual bool check_break( | ||
| const irep_idt &id, |
There was a problem hiding this comment.
⛏️ is this the loop id? given how frequent ids are used in this code base, I'd probably call it loop_id
It seems that the refinement solver does not support beatification |
I have a suspicion that some of the |
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
3bcb5ff to
efd8ffe
Compare
`check_break` is now documented in `goto_symex.h` as well (I removed the parameters that were not used anywhere).
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
efd8ffe to
6db9447
Compare
|
@peterschrammel In an attempt to improve coverage, the last commit adds a test for trace production. I've also suggested commenting out the implementation of the "beautified" trace and the "full" trace since I don't think they can be exercised by any of the current verifier combinations. Is it change acceptable? |
| goto_trace); | ||
|
|
||
| return goto_trace; | ||
| UNREACHABLE; |
There was a problem hiding this comment.
🚫 Write a test for it if you want to cover it.
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
6db9447 to
d91d9d9
Compare
1: working test for the standard trace. 2: failing test for the beautified shortest trace.
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
d91d9d9 to
39c5ac8
Compare
| @@ -0,0 +1,14 @@ | |||
| int main() | |||
There was a problem hiding this comment.
⛏️ typo in commit message KNOWBUG -> KNOWNBUG
| -- | ||
| ^warning: ignoring | ||
| -- | ||
| This will fail the invariant on `build_goto_trace.cpp:320` asserting certain |
There was a problem hiding this comment.
Could you raise a bug on cbmc and put the issue number here.
| ^VERIFICATION FAILED$ | ||
| ^State \d+ file main.c function havocIO line 501 thread \d+$ | ||
| -- | ||
| ^warning: ignoring |
There was a problem hiding this comment.
A description of why you added this test (e.g. tests the trace production for ??)
|
Maybe you already knew this, but the key flag is |
|
|
||
| while(1) | ||
| { | ||
| __CPROVER_assume(property == 1); |
There was a problem hiding this comment.
What is the purpose of the unused assumption variable?
There was a problem hiding this comment.
Hard to say, but if you comment it out, it suddenly starts to work.
There was a problem hiding this comment.
I mean the assumption variable, not the assumption statement.
There was a problem hiding this comment.
Sorry, yes, that one is irrelevant.
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
3e2ad1c to
dff27a3
Compare
Basically, if unwind-min is zero (by default) the first loop iterations should not be ignored (even if requested). Tests show the problem.
xbauch
force-pushed
the
incremental-one-loop-rebase
branch
from
dff27a3 to
eebfcd9
Compare
|
@peterschrammel I've added the check for when to start ignoring properties (eebfcd9) and cleaned up the test. |
|
Just noting the travis job has passed, but for some reason the icon has not refreshed on here |
| ^Unwinding loop main\.3 iteration 3 | ||
| -- | ||
| ^warning: ignoring | ||
| ^Unwinding loop main\.0 iteration 6 |
There was a problem hiding this comment.
Missing new line at end of file
There was a problem hiding this comment.
Fixed (I had to rerun the CI anyway).
to a test description file.
Incremental unwinding and assertion checking of a specified loop.
This is a rebase of #4361.