Skip to content

WIP: Incremental symbolic execution with eager solving #7178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

WIP: Incremental symbolic execution with eager solving #7178

wants to merge 3 commits into from

Conversation

tautschnig
Copy link
Collaborator

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@tautschnig
WIP: Incremental symbolic execution with eager solving
f4dcaa7 
Using the new option --eager-solving, runs symbolic execution only up
until an assertion is encountered and then queries the solver. Continues
doing so until symbolic execution is complete.
@tautschnig
Checking multiple properties in parallel
59f4589 
NEXT STEPS
- debug eager_multi_path_symex_checker CEX
- solve in background using pool of solvers (worklist?)

Overall goal: reducing the overhead when checking multiple properties in
parallel.
High-level idea: each time an assertion is encountered during symbolic
execution, create a new thread to process this assertion (which is part
of a property); the parent thread will continue doing symbolic
execution.
Expected savings: all the steps up to (and including) symbolic execution
will be done no more often than when doing all-properties-at-once.

The following development tasks need to be completed:

1) Make the solver available to symbolic execution (via a parameter or
   via a call-back).
2) Generate local copies or overlays of the equation system to annotate
   these with slicing information.
3) Maintain a map that not only maps expressions to literals, but also
   makes available the entire formula behind these literals.
4) Run solvers in separate threads, collect their results.
5) Produce output once all results have been obtained.
6) Make output available as soon as possible. This requires to clearly
   communicate that a property may be revisited (for example, via
   further loop unwindings) and may change its status from "SUCCESS" to
   "FAILURE." Ensure output is written by a single thread or under some
   global lock.
@tautschnig
WIP: Post-process incrementally
7a41d7d 
Incremental symbolic execution requires post-processing in each step,
and not just after the first one.
@codecov
Copy link

codecov bot commented Sep 30, 2022

Codecov Report

Base: 77.82% // Head: 77.76% // Decreases project coverage by -0.06% ⚠️

Coverage data is based on head (7a41d7d) compared to base (3108086).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #7178      +/-   ##
===========================================
- Coverage    77.82%   77.76%   -0.07%     
===========================================
  Files         1578     1581       +3     
  Lines       182209   182377     +168     
===========================================
+ Hits        141805   141826      +21     
- Misses       40404    40551     +147
Impacted Files Coverage Δ
src/goto-instrument/dump_c.cpp 80.00% <0.00%> (-0.87%) ⬇️
src/cbmc/cbmc_parse_options.cpp 79.45% <0.00%> (-0.70%) ⬇️
...rc/goto-checker/symex_bmc_incremental_properties.h 0.00% <0.00%> (ø)
.../goto-checker/symex_bmc_incremental_properties.cpp 0.00% <0.00%> (ø)
...rc/goto-checker/eager_multi_path_symex_checker.cpp 0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@tautschnig tautschnig self-assigned this Oct 3, 2022
@feliperodri feliperodri added the aws Bugs or features of importance to AWS CBMC users label Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kroening kroening Awaiting requested review from kroening kroening will be requested when the pull request is marked ready for review kroening is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel will be requested when the pull request is marked ready for review peterschrammel is a code owner

@martin-cs martin-cs Awaiting requested review from martin-cs martin-cs will be requested when the pull request is marked ready for review martin-cs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@tautschnig tautschnig

Labels
aws Bugs or features of importance to AWS CBMC users work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tautschnig @feliperodri