Regression tests for the SMT bitvector arithmetic operator conversion #6648
Conversation
NlightNFotis
requested review from
kroening,
peterschrammel and
tautschnig
as code owners
There was a problem hiding this comment.
The mixing in of the Windows pipe fix is kind of separate, I understand the motivation for adding it here, but I'm not sure it's the best idea.
There are three things I think would improve this PR a lot.
- Regression tests for the unary arithmetic operators as well.
- Splitting the tests of the behaviour/outcome from the tests of the translation. At the moment there is no check of the actual results, only
VERIFICATION FAILEDfor all of them. - The detailed checking of the translation is very brittle, I can see this easily failing if we make a minor tweak or improvement somewhere, and I don't think the detail of the verbose SMT form is the main thing to test?
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/overflow_behaviour.desc
Outdated
Show resolved
Hide resolved
Codecov Report
@@ Coverage Diff @@
## develop #6648 +/- ##
===========================================
+ Coverage 76.73% 76.74% +0.01%
===========================================
Files 1579 1579
Lines 181999 182171 +172
===========================================
+ Hits 139652 139806 +154
- Misses 42347 42365 +18
Continue to review full report at Codecov.
|
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/polynomial.desc
Outdated
Show resolved
Hide resolved
| Sending command to SMT2 solver - \(check-sat\) | ||
| Sending command to SMT2 solver - \(get-value \(|B9|\)\) | ||
| Sending command to SMT2 solver - \(get-value \(|B10|\)\) | ||
| ^VERIFICATION FAILED$ |
There was a problem hiding this comment.
For VERIFICATION FAILED tests we should add --trace to the arguments add use regexes to check the values of interest assigned in the trace.
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/polynomial.c
Outdated
Show resolved
Hide resolved
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/polynomial.desc
Show resolved
Hide resolved
| @@ -0,0 +1,16 @@ | |||
| #include <stdbool.h> | |||
There was a problem hiding this comment.
⛏️ Comment on the commit title - "second-degree polynomial" is a pretty long-winded way of saying "quadratic".
| Sending command to SMT2 solver - \(get-value \(|B7|\)\) | ||
| Sending command to SMT2 solver - \(get-value \(|B8|\)\) | ||
| Sending command to SMT2 solver - \(get-value \(|B9|\)\) | ||
| ^VERIFICATION FAILED$ |
There was a problem hiding this comment.
As this test stands with multiple assertions where we (presumably) expect all of them to be refutable we should add regexes for each of them. Otherwise the test could still pass with a single assertion being refuted only.
| int a; | ||
|
|
||
| // Simple algebraic identities - expected to drive the SMT backend | ||
| __CPROVER_assert(!(a + a == a * 2), "a plus a always equals two times a"); |
There was a problem hiding this comment.
💡 This might be a better/stronger regression test if we remove the ! and check the properties we expect to hold cannot be refuted and that CBMC reports VERIFICATION SUCCESS.
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/overflow_behaviour.desc
Outdated
Show resolved
Hide resolved
| unsigned int b = 12; | ||
| __CPROVER_assume(a > 15); | ||
|
|
||
| // expected to fail by assigning a = 4294967284u in the trace |
There was a problem hiding this comment.
These values appear to be platform specific, given that the width of unsigned int is platform specific. I think it would be better if we included <stdint.h> and used types such as uint32_t, so that the values are the same across all platforms.
regression/cbmc-incr-smt2/bitvector-arithmetic-operators/overflow_behaviour.c
Outdated
Show resolved
Hide resolved
NlightNFotis
force-pushed
the
smt_arithops_regression_tests
branch
3 times, most recently
from
de68b68 to
0fbca50
Compare
NlightNFotis
force-pushed
the
smt_arithops_regression_tests
branch
from
0fbca50 to
1519d40
Compare
These are expected to exercise that implements conversion of arithmetic operators for signed ints, including integers of multiple bit widths (using `long long` and `char` for now, because `stdint.h` introduces typecasts and we don't support them yet).
NlightNFotis
force-pushed
the
smt_arithops_regression_tests
branch
from
1519d40 to
b900b19
Compare
| const auto write_file = [&]() { | ||
| return WriteFile( | ||
| child_std_IN_Wr, message.c_str(), message_size, &bytes_written, NULL); | ||
| }; | ||
| if(!write_file()) | ||
| { | ||
| // Error handling with GetLastError ? | ||
| return send_responset::FAILED; | ||
| } | ||
| // `WriteFile` can return a success status but write 0 bytes if we write | ||
| // messages quickly enough. This problem has been observed when using a | ||
| // release build, but resolved when using a debug build or `--verbosity 10`. | ||
| // Presumably this happens if cbmc gets too far ahead of the sub process. | ||
| // Flushing the buffer and retrying should then succeed to write the message | ||
| // in this case. | ||
| if(bytes_written == 0) | ||
| { | ||
| FlushFileBuffers(child_std_IN_Wr); | ||
| if(!write_file()) | ||
| { | ||
| // Error handling with GetLastError ? | ||
| return send_responset::FAILED; | ||
| } | ||
| } | ||
| INVARIANT( | ||
| message_size == bytes_written, | ||
| "Number of bytes written to sub process must match message size."); |
There was a problem hiding this comment.
It seems this part needs more work as regression tests are repeatedly failing that invariant.
There was a problem hiding this comment.
Follow-up PR is here -#6675
This PR adds regression tests for the code added in #6614 .
Previously the code was exercises by unit tests. Regression tests
are allowing for more comfort around the correctness of the implementation
by testing in an end-to-end manner (from source code to verification result)