A new implementation for assigns clauses #6377
Conversation
feliperodri
added
do not review
aws
SaswatPadhi
force-pushed
the
car
branch
5 times, most recently
from
3808cdd to
fdfbece
Compare
Codecov Report
@@ Coverage Diff @@
## develop #6377 +/- ##
========================================
Coverage 75.90% 75.91%
========================================
Files 1517 1517
Lines 163893 163936 +43
========================================
+ Hits 124406 124451 +45
+ Misses 39487 39485 -2
Continue to review full report at Codecov.
|
SaswatPadhi
changed the title
SaswatPadhi
requested review from
chrisr-diffblue,
kroening,
martin-cs,
peterschrammel,
SaswatPadhi and
tautschnig
as code owners
SaswatPadhi
changed the title
|
Depends on #6371 -- must be merged after that is merged. |
| // TODO: Fix this. | ||
| // The CAR snapshot should be made only once at the beginning. |
There was a problem hiding this comment.
This comment should map to a GitHub issue and we should add the link here
TODO: <link>| // FIXME: Refactor these checks out to a common function that can be | ||
| // used both in compilation and instrumentation stages |
There was a problem hiding this comment.
This should map to a GitHub issue, and we should add the link here.
| @@ -13,7 +13,7 @@ Author: Daniel Kroening, [email protected] | |||
|
|
|||
| #include <util/c_types.h> | |||
| #include <util/config.h> | |||
| #include <util/expr_util.h> | |||
| #include <util/std_code.h> | |||
There was a problem hiding this comment.
Why do we need this include?
| // FIXME: Refactor these checks out to a common function that can be | ||
| // used both in compilation and instrumentation stages |
There was a problem hiding this comment.
Are we tracking this request somewhere?
| typecast_exprt::conditional_cast(arg, pointer_type(char_type())), | ||
| pointer_offset(arg)}, |
There was a problem hiding this comment.
Shall we add a comment about why do we cast this to char here?
| @@ -8,3 +8,5 @@ main.c | |||
| -- | |||
| Check that Elvis operator expressions of form '(cond ? *if_true : *if_false)' | |||
| are supported in assigns clauses. | |||
|
|
|||
| BUG: `is_lvalue` in goto is not consistent with `target.get_bool(ID_C_lvalue)`. | |||
There was a problem hiding this comment.
We should open a GitHub issue for this bug. This is outside the contract implementation.
This change is a complete rewrite of the assigns clause, based on a new formalization. Each assigns clause target represents a "conditional address range" (CAR) that an address range guarded by a validity constraint. In this commit we also add support for __CPROVER_POINTER_OBJECT expressions in assigns clauses.
SaswatPadhi
changed the title
| @@ -3,21 +3,18 @@ main.c | |||
| --enforce-contract foo --enforce-contract bar --enforce-contract baz _ --pointer-primitive-check | |||
| ^EXIT=10$ | |||
| ^SIGNAL=0$ | |||
| ^\[bar.\d+\] line \d+ Check that \*a is assignable: SUCCESS$ | |||
| ^\[bar.\d+\] line \d+ Check that POINTER_OBJECT\(\(void \*\)a\) is assignable: SUCCESS$ | |||
There was a problem hiding this comment.
The new message is a downgrade in terms of user experience.
| // clang-format off | ||
| __CPROVER_requires(b->size == 5) | ||
| __CPROVER_assigns(__CPROVER_POINTER_OBJECT(b->buf)) | ||
| __CPROVER_assigns(__CPROVER_POINTER_OBJECT(value)) |
There was a problem hiding this comment.
This overloaded use of __CPROVER_POINTER_OBJECT will confuse. I would advise to use a different identifier.
| @@ -53,10 +53,10 @@ class havoc_if_validt : public havoc_utilst | |||
| /// over all dereferenced pointer expressions *(pexpr_1), *(pexpr_2), ... | |||
| /// found in the AST of `expr`. | |||
| /// | |||
| /// \param expr The expression that contains dereferences to be validated | |||
| /// \param ns The namespace that defines all symbols appearing in `expr` | |||
| /// \param expr: The expression that contains dereferences to be validated. | |||
There was a problem hiding this comment.
Extra docs are always nice :-) But the addition of ':' following parameter names is unusual and adds a bit of noise to the diff. Not a blocking comment at all - just an observation to be aware of.
There was a problem hiding this comment.
I thought that's the convention in this repo (variable name followed by a colon in the docs). I saw that in several files, so changed this accordingly.
For example: https://github.com/diffblue/cbmc/blob/48893287099cb5780302fe9dc415eb6888354fd6/src/util/expr_cast.h
This change is a complete rewrite of the assigns clause, based on a new formalization. Each assigns clause target is modeled as a "conditional address range" (CAR) that is an address range guarded by a validity condition.
My commit message includes data points confirming performance improvements (if claimed).