Skip to content

Move CPROVER_{r,w,rw}_ok processing to back-end #7395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 15, 2023
Merged

Move CPROVER_{r,w,rw}_ok processing to back-end #7395

merged 3 commits into from
Sep 15, 2023

Conversation

tautschnig
Copy link
Collaborator

@tautschnig tautschnig commented Nov 28, 2022
edited by feliperodri
Loading

Please review commit-by-commit.

Fixes #7377.

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@tautschnig tautschnig self-assigned this Nov 28, 2022
@tautschnig tautschnig mentioned this pull request Nov 28, 2022
Closed
@codecov
Copy link

codecov bot commented Nov 28, 2022
edited
Loading

Codecov Report

Patch coverage: 84.18% and project coverage change: +0.65% 🎉

Comparison is base (92581d1) 78.27% compared to head (e261217) 78.92%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #7395      +/-   ##
===========================================
+ Coverage    78.27%   78.92%   +0.65%     
===========================================
  Files         1699     1700       +1     
  Lines       195410   195594     +184     
===========================================
+ Hits        152953   154370    +1417     
+ Misses       42457    41224    -1233
Files Changed Coverage Δ
src/ansi-c/expr2c_class.h 100.00% <ø> (ø)
...c/solvers/smt2_incremental/convert_expr_to_smt.cpp 88.76% <0.00%> (-0.83%) ⬇️
src/util/simplify_expr_class.h 90.47% <ø> (ø)
src/ansi-c/expr2c.cpp 67.80% <53.57%> (-0.24%) ⬇️
src/solvers/smt2/smt2_conv.cpp 70.63% <76.92%> (-0.07%) ⬇️
src/solvers/flattening/bv_pointers.cpp 86.24% <83.33%> (-0.04%) ⬇️
src/util/pointer_expr.h 96.39% <84.84%> (-0.36%) ⬇️
...ncremental/smt2_incremental_decision_procedure.cpp 95.68% <92.30%> (-0.15%) ⬇️
src/ansi-c/goto_check_c.cpp 91.24% <100.00%> (-0.34%) ⬇️
src/cbmc/cbmc_parse_options.cpp 80.00% <100.00%> (+0.04%) ⬆️
... and 9 more

... and 55 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@remi-delmas-3000 remi-delmas-3000 mentioned this pull request Nov 28, 2022
Merged
3 tasks
remi-delmas-3000
remi-delmas-3000 reviewed Nov 28, 2022
View reviewed changes
@remi-delmas-3000 remi-delmas-3000 mentioned this pull request Dec 7, 2022
Merged
7 tasks
@jimgrundy
Copy link
Collaborator

Looks like we need to add __CPROVER_is_in_range to the mix

@tautschnig tautschnig force-pushed the feature/rw_ok-back-end branch from fabc2a1 to 6e1c30e Compare December 9, 2022 01:05
@tautschnig
Copy link
Collaborator Author

Looks like we need to add __CPROVER_is_in_range to the mix

This is done (including a few fixes specific to just that).

@tautschnig tautschnig force-pushed the feature/rw_ok-back-end branch from 6e1c30e to e34dbee Compare December 9, 2022 16:00
@tautschnig tautschnig marked this pull request as ready for review December 9, 2022 16:01
kroening
kroening reviewed Dec 12, 2022
View reviewed changes
src/ansi-c/c_typecheck_expr.cpp Outdated
@@ -2684,8 +2683,15 @@ exprt c_typecheck_baset::do_special_functions(

typecheck_function_call_arguments(expr);

symbol_exprt deallocated =
lookup(CPROVER_PREFIX "deallocated").symbol_expr();
symbol_exprt dead = lookup(CPROVER_PREFIX "dead_object").symbol_expr();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's something wrong here. The connection to deallocated is very much a mechanism for implementing the predicate, and that shouldn't happen in the front-end.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, I really just moved (while also making it more obvious) something from goto_check_ct to type checking. Both of which are in the front-end...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it help if we lowered the side-effecty function to a predicate in the built-in library?
The C implementation of the function can refer to the global state to call the built-in predicate.

kroening
kroening requested changes Dec 12, 2022
View reviewed changes
Copy link
Member

@kroening kroening left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a fundamental architectural problem with this PR.
Just imagine you had to write an SMT-LIB standard proposal for a theory like this.

@tautschnig tautschnig force-pushed the feature/rw_ok-back-end branch from bfa3212 to d015c9d Compare August 23, 2023 10:54
@tautschnig tautschnig requested a review from esteffin as a code owner August 23, 2023 10:54
@feliperodri
Copy link
Collaborator

@NlightNFotis could you give a final look?

@TGWDB
Copy link
Contributor

TGWDB commented Sep 6, 2023

@NlightNFotis could you give a final look?

If you specifically want Fotis it will take a couple of weeks, but others here can take a look much sooner than that.

@tautschnig
Copy link
Collaborator Author

@NlightNFotis could you give a final look?

If you specifically want Fotis it will take a couple of weeks, but others here can take a look much sooner than that.

I believe I have addressed all of Fotis's comments, so it should likely be just any code owner for the incremental SMT2 back-end. Will update assignments accordingly.

thomasspriggs
thomasspriggs approved these changes Sep 7, 2023
View reviewed changes
Copy link
Contributor

@thomasspriggs thomasspriggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving for the incremental SMT2 changes.

@tautschnig tautschnig force-pushed the feature/rw_ok-back-end branch from d015c9d to 6248e6e Compare September 7, 2023 11:05
@tautschnig
r/w/rw_ok and pointer_in_range depend on deallocated and dead_object
e68aefa 
The evaluation of these expressions depends on the specific values of
__CPROVER_deallocated and __CPROVER_dead_object at the time the
expression is used. Therefore, create new prophecy_* variants of these
expressions to retain the properties expected of an expression (as
opposed to a statement/function call).

These prophecy_* expressions can safely be passed on to back-ends, be
simplified, and do not need to be rewritten during instrumentation. For
now, they are just handled by lowering the expressions (in the SAT and
SMT back-ends). We may, in future, decide to have back-end specific (and
possibly more efficient) handling of these.
@tautschnig
Remove {r,w,rw}_ok and pointer_in_range expansion from C front-end
a699145 
These expressions are now rewritten to their prophecy_* counterparts by
goto-program conversion, and back-ends directly handle these prophecy_*
expressions. Unconditional rewrites by goto_check_ct (even when no
checks are enabled) are no longer necessary.

Fixes: diffblue#7377
@tautschnig
Move rw_ok rewriting to separate pass
e261217 
This reverts selected changes from "r/w/rw_ok and pointer_in_range
depend on deallocated and dead_object" for transformations of goto
programs can now safely introduce rw_ok expressions into the goto
program. Not all analyses, however, are able to cope with these
expressions. Dependence graphs (and any analyses building upon these),
for example, also require this rewriting. goto-instrument is adjusted
accordingly.
@tautschnig tautschnig force-pushed the feature/rw_ok-back-end branch from 6248e6e to e261217 Compare September 7, 2023 11:43
martin-cs
martin-cs approved these changes Sep 8, 2023
View reviewed changes
Copy link
Collaborator

@martin-cs martin-cs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that the changes have been implemented correctly and do not raise any issues in the parts of the code that I am "owner" for.

I am as yet unsure why this is needed or why this is a good design to meet that need. However, judging by the comment history, this has been considered and it is something that I should resolve with a chat with @tautschnig rather than via github.

@tautschnig
Copy link
Collaborator Author

I am as yet unsure why this is needed or why this is a good design to meet that need. However, judging by the comment history, this has been considered and it is something that I should resolve with a chat with @tautschnig rather than via github.

Let me try to clarify publicly nonetheless (the why-is-this-needed part):

  1. Not all middle-ends agree on how __CPROVER_{r,w,rw}_ok ought to be processed. Notably, the cprover tool has its own way of handling these. So we shouldn't prematurely expand them in the C front-end.
  2. Early expansion leads to redundant checks, which result in a performance penalty. See Performance problem with --pointer-checks, --pointer-primitive-checks #7378 (and related issues linked from there).
  3. In the status before the changes in this PR, this early expansion was necessary (as not all middle-ends were able to cope with these expressions), and this was silently done as part of the property instrumentation code (even when no property checks were requested). This is surprising behaviour.

@peterschrammel peterschrammel removed their assignment Sep 15, 2023
@tautschnig tautschnig merged commit f0fad5e into diffblue:develop Sep 15, 2023
@tautschnig tautschnig deleted the feature/rw_ok-back-end branch September 15, 2023 20:21
@martin-cs martin-cs mentioned this pull request Sep 18, 2023
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NlightNFotis NlightNFotis NlightNFotis left review comments

@kroening kroening kroening approved these changes

@remi-delmas-3000 remi-delmas-3000 remi-delmas-3000 approved these changes

@peterschrammel peterschrammel peterschrammel approved these changes

@martin-cs martin-cs martin-cs approved these changes

@thomasspriggs thomasspriggs thomasspriggs approved these changes

@TGWDB TGWDB Awaiting requested review from TGWDB TGWDB is a code owner

@chris-ryder chris-ryder Awaiting requested review from chris-ryder

@feliperodri feliperodri Awaiting requested review from feliperodri feliperodri is a code owner

@qinheping qinheping Awaiting requested review from qinheping qinheping is a code owner

@esteffin esteffin Awaiting requested review from esteffin

Assignees
No one assigned
Labels
aws Bugs or features of importance to AWS CBMC users aws-high
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Silent transformation of __CPROVER_{r,w,rw}_ok causing surprising behaviour