Description
To the best of my knowledge, what an OTHER instruction does is not well documented. goto-programs/goto_program.h:132 says:
"Execute the code (an instance of codet of kind ID_fence, ID_printf, ID_array_copy, ID_array_set, ID_input, ID_output, ...)."
goto-symex/symex_other.cpp:77 seems to have one of the most comprehensive lists of possibilities including ID_output (so it can manipulate the external environment), ID_decl (marked as UNREACHABLE -- no idea what this once was supposed to do), ID_nondet ("like skip"), ID_asm ("we ignore this for now"), ID_array_{copy,replace,set,equal}, ID_user_specified_{predicate,parameter_predicates,return_predicates} (???). Elsewhere there are references to ID_skip (???), ID_printf (not clear why this is different to ID_output), ID_havoc_object, {set,clear}_{may,must}, ID_expression and various fences.
Possibly relevant to #3191 maybe we should have an actual explicit list of what it could be?
To get the abstract domains to handle OTHER correctly it would be good to be clear exactly what we can assume about them.
*. It seems likely that they "read" from any variable they include ( analyses/goto_rw.cpp:784 seems to think so ).
*. In some cases they can "write" to some of the variables they include. This does not seem well supported in the various abstract domains.
*. Some instructions can modify the external state of the program so they have to be considered for anything concurrent.
*. I have yet to see that they change the flow of control, although frankly, ID_asm makes me nervous.
*. I am unsure as to whether they can affect termination or run-time. Are the CPROVER model of fences guaranteed to return? Is ID_output blocking?
Thoughts, opinions, pointers to specific behaviours in the code, historical reminiscences, suggestions, etc. all most welcome.