Unwinding options --unwinding-assertions and --partial-loops do not conflict

[tautschnig]

By default, bounded loop unwinding will yield an assumption to ensure
that all counterexamples are genuine.
Option --unwinding-assertions requests that an additional assertion be
generated, which will furthermore ensure that successful verification
does not constitute spurious proof.
Option --partial-loops disables generating the unwinding assumption.

Therefore, --unwinding-assertions and --partial-loops each control (not)
generating one instruction, but there is no overlap in the instructions
that they are (not) generating. It is, thus, safe to use these options
together.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[chris-ryder]

Code changes look fine, just a minor typo in the docs update and my general "hard of understanding" which might be more a reflection on me than on the new docs...

[codecov]

Codecov Report

Merging #6644 (836f04b) into develop (2e306c6) will increase coverage by 0.71%.
The diff coverage is 92.99%.

@@             Coverage Diff             @@
##           develop    #6644      +/-   ##
===========================================
+ Coverage    77.04%   77.76%   +0.71%     
===========================================
  Files         1594     1568      -26     
  Lines       185276   179628    -5648     
===========================================
- Hits        142748   139684    -3064     
+ Misses       42528    39944    -2584     

Impacted Files	Coverage Δ
jbmc/src/jbmc/jbmc_parse_options.cpp	76.38% <ø> (+0.41%)	⬆️
src/cbmc/cbmc_parse_options.cpp	79.75% <ø> (+0.72%)	⬆️
src/goto-instrument/cover_basic_blocks.h	100.00% <ø> (ø)
src/goto-instrument/source_lines.h	100.00% <ø> (ø)
src/goto-instrument/unwind.h	100.00% <ø> (ø)
src/goto-programs/allocate_objects.h	100.00% <ø> (ø)
src/goto-programs/builtin_functions.cpp	58.35% <0.00%> (ø)
src/jsil/jsil_convert.cpp	0.00% <0.00%> (ø)
src/solvers/smt2_incremental/object_tracking.h	100.00% <ø> (ø)
..._incremental/smt2_incremental_decision_procedure.h	75.00% <ø> (ø)
... and 70 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e38ca2e...836f04b. Read the comment docs.

[peterschrammel]

If --unwinding-assertions is also used [together with --partial-loops] and all unwinding assertions pass

I can't quite see the example where this would happen. Does the following statement hold? Whenever a failing assertion becomes reachable due to the use of --partial-loops, there must be a failing unwinding assertion. ❓

[tautschnig]

Fair point. I have now reworded the text as follows:

If `--unwinding-assertions` is also used, and the particular counterexample
trace does not include a report of a violated unwinding assertion, then that
counterexample is not impacted by insufficient loop unwinding.