Implement ana.apron.invariant.diff-box directly in domain

sim642 · sim642 · commit f4826301651c · 2025-11-12T11:50:15.000+02:00
This should be faster, because it doesn't require box domain analysis in parallel.
The domain is converted to box and back only during invariant generation.

It's also more precise in some sense because it can exclude box-like constraints, which cannot be inferred by box alone.
But maybe that's also a downside because it can exclude constraints, which still need the more precise domain.
diff --git a/src/analyses/apron/apronAnalysis.apron.ml b/src/analyses/apron/apronAnalysis.apron.ml
@@ -8,8 +8,6 @@ let spec_module: (module MCPSpec) Lazy.t =
   lazy (
     let module Man = (val ApronDomain.get_manager ()) in
     let module AD = ApronDomain.D2 (Man) in
-    let diff_box = GobConfig.get_bool "ana.apron.invariant.diff-box" in
-    let module AD = (val if diff_box then (module ApronDomain.BoxProd (AD): RelationDomain.RD) else (module AD)) in
     let module Priv = (val RelationPriv.get_priv ()) in
     let module Spec =
     struct
diff --git a/src/cdomains/apron/apronDomain.apron.ml b/src/cdomains/apron/apronDomain.apron.ml
@@ -544,17 +544,37 @@ struct
           d
       end
 
-  let invariant x =
+  (** Keep only box-representable constraints.
+      Used for [diff-box] in {!invariant}. *)
+  let boxify d =
+    let {box1_env; interval_array}: A.box1 = A.to_box Man.mgr d in
+    let ivs, fvs = Environment.vars box1_env in
+    assert (Array.length fvs = 0); (* shouldn't ever contain floats *)
+    A.of_box Man.mgr box1_env ivs interval_array
+
+  let to_lincons_set d =
+    Lincons1Set.of_earray (A.to_lincons_array Man.mgr d)
+
+  let invariant d =
     (* Would like to minimize to get rid of multi-var constraints directly derived from one-var constraints,
        but not implemented in Apron at all: https://github.com/antoinemine/apron/issues/44 *)
-    (* let x = A.copy Man.mgr x in
-       A.minimize Man.mgr x; *)
-    let {lincons0_array; array_env}: Lincons1.earray = A.to_lincons_array Man.mgr x in
-    Array.to_seq lincons0_array
-    |> Seq.map (fun (lincons0: Lincons0.t) -> Lincons1.{lincons0; env = array_env})
-    |> Lincons1Set.of_seq
+    (* let d = A.copy Man.mgr d in
+       A.minimize Man.mgr d; *)
+    let lcd = to_lincons_set d in
+    if GobConfig.get_bool "ana.apron.invariant.diff-box" then (
+      (* diff via lincons *)
+      (* TODO: is there benefit to also Lincons1Set.simplify before diff? might make a difference if y=0 is represented as y>=0 && y<=0 or not *)
+      let b = boxify d in (* convert back to same Apron domain (instead of box) to make lincons use the same format (e.g. oct doesn't return equalities, but box does) *)
+      let lcb = to_lincons_set b in
+      Lincons1Set.diff lcd lcb
+    )
+    else
+      lcd
+
+  let invariant d =
+    invariant d
     |> (if Oct.manager_is_oct Man.mgr then Lincons1Set.simplify else Fun.id)
-    |> Lincons1Set.elements
+    |> Lincons1Set.elements (* TODO: remove list conversion? *)
 end
 
 (** With heterogeneous environments. *)
@@ -840,7 +860,7 @@ end
 (** Lift [D] to a non-reduced product with box.
     Both are updated in parallel, but [D] answers to queries.
     Box domain is used to filter out non-relational invariants for output. *)
-module BoxProd0 (D: S3) =
+module BoxProd0 (D: S3) = (* TODO: remove? *)
 struct
   module BoxD = D2 (IntervalManager)
 
diff --git a/tests/regression/36-apron/01-octagon_simple.t b/tests/regression/36-apron/01-octagon_simple.t
@@ -196,7 +196,7 @@ With diff-box:
   [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (01-octagon_simple.c:44:10-44:11)
   [Info][Witness] witness generation summary:
     location invariants: 0
-    loop invariants: 6
+    loop invariants: 2
     flow-insensitive invariants: 0
     total generation entries: 1
 
@@ -212,24 +212,6 @@ With diff-box:
           function: main
         value: (long long )N >= (long long )X
         format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 01-octagon_simple.c
-          line: 10
-          column: 3
-          function: main
-        value: 2147483647LL >= (long long )X
-        format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 01-octagon_simple.c
-          line: 10
-          column: 3
-          function: main
-        value: 4294967294LL >= (long long )X + (long long )N
-        format: c_expression
     - invariant:
         type: loop_invariant
         location:
@@ -239,29 +221,29 @@ With diff-box:
           function: two
         value: (long long )N >= (long long )X
         format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 01-octagon_simple.c
-          line: 44
-          column: 3
-          function: two
-        value: 2147483647LL >= (long long )X
-        format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 01-octagon_simple.c
-          line: 44
-          column: 3
-          function: two
-        value: 4294967294LL >= (long long )X + (long long )N
-        format: c_expression
 
 Compare witnesses:
 
   $ yamlWitnessStripDiff witness-disable-diff-box.yml witness-enable-diff-box.yml
   # Left-only invariants:
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 01-octagon_simple.c
+        line: 44
+        column: 3
+        function: two
+      value: 4294967294LL >= (long long )X + (long long )N
+      format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 01-octagon_simple.c
+        line: 44
+        column: 3
+        function: two
+      value: 2147483647LL >= (long long )X
+      format: c_expression
   - invariant:
       type: loop_invariant
       location:
@@ -307,6 +289,24 @@ Compare witnesses:
         function: two
       value: (long long )N >= 0LL
       format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 01-octagon_simple.c
+        line: 10
+        column: 3
+        function: main
+      value: 4294967294LL >= (long long )X + (long long )N
+      format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 01-octagon_simple.c
+        line: 10
+        column: 3
+        function: main
+      value: 2147483647LL >= (long long )X
+      format: c_expression
   - invariant:
       type: loop_invariant
       location:
diff --git a/tests/regression/36-apron/52-queuesize.t b/tests/regression/36-apron/52-queuesize.t
@@ -160,7 +160,7 @@ With diff-box:
   [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:56:10-56:11)
   [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:78:12-78:13)
   [Info][Witness] witness generation summary:
-    location invariants: 6
+    location invariants: 4
     loop invariants: 0
     flow-insensitive invariants: 0
     total generation entries: 1
@@ -170,6 +170,7 @@ With diff-box:
     unsafe: 0
     total memory locations: 3
 
+TODO: Should (long long )free >= 0LL somehow still remain, because it cannot be inferred by box alone?
   $ yamlWitnessStrip < witness.yml | tee witness-enable-diff-box.yml
   - entry_type: invariant_set
     content:
@@ -182,15 +183,6 @@ With diff-box:
           function: pop
         value: (long long )capacity >= (long long )free
         format: c_expression
-    - invariant:
-        type: location_invariant
-        location:
-          file_name: 52-queuesize.c
-          line: 15
-          column: 3
-          function: pop
-        value: (long long )free >= 0LL
-        format: c_expression
     - invariant:
         type: location_invariant
         location:
@@ -209,15 +201,6 @@ With diff-box:
           function: push
         value: (long long )capacity >= (long long )free
         format: c_expression
-    - invariant:
-        type: location_invariant
-        location:
-          file_name: 52-queuesize.c
-          line: 36
-          column: 3
-          function: push
-        value: (long long )free >= 0LL
-        format: c_expression
     - invariant:
         type: location_invariant
         location:
@@ -241,6 +224,15 @@ Compare witnesses:
         function: push
       value: 2147483647LL >= (long long )capacity
       format: c_expression
+  - invariant:
+      type: location_invariant
+      location:
+        file_name: 52-queuesize.c
+        line: 36
+        column: 3
+        function: push
+      value: (long long )free >= 0LL
+      format: c_expression
   - invariant:
       type: location_invariant
       location:
@@ -250,4 +242,13 @@ Compare witnesses:
         function: pop
       value: 2147483647LL >= (long long )capacity
       format: c_expression
+  - invariant:
+      type: location_invariant
+      location:
+        file_name: 52-queuesize.c
+        line: 15
+        column: 3
+        function: pop
+      value: (long long )free >= 0LL
+      format: c_expression
   ---
diff --git a/tests/regression/89-apron3/03-octagon_simplest.t b/tests/regression/89-apron3/03-octagon_simplest.t
@@ -179,11 +179,10 @@ With diff-box:
   [Warning][Deadcode][CWE-570] condition 'N < 0' is always false (03-octagon_simplest.c:9:6-9:11)
   [Info][Witness] witness generation summary:
     location invariants: 0
-    loop invariants: 5
+    loop invariants: 1
     flow-insensitive invariants: 0
     total generation entries: 1
 
-TODO: diff-box isn't enough to get rid of invariants with Y (which is known to be 0)
   $ yamlWitnessStrip < witness.yml | tee witness-enable-diff-box.yml
   - entry_type: invariant_set
     content:
@@ -196,47 +195,29 @@ TODO: diff-box isn't enough to get rid of invariants with Y (which is known to b
           function: main
         value: (long long )N >= (long long )X
         format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 03-octagon_simplest.c
-          line: 11
-          column: 3
-          function: main
-        value: (long long )Y + 2147483647LL >= (long long )X
-        format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 03-octagon_simplest.c
-          line: 11
-          column: 3
-          function: main
-        value: 2147483647LL >= (long long )X
-        format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 03-octagon_simplest.c
-          line: 11
-          column: 3
-          function: main
-        value: 2147483647LL >= (long long )Y + (long long )X
-        format: c_expression
-    - invariant:
-        type: loop_invariant
-        location:
-          file_name: 03-octagon_simplest.c
-          line: 11
-          column: 3
-          function: main
-        value: 4294967294LL >= (long long )X + (long long )N
-        format: c_expression
 
 Compare witnesses:
 
   $ yamlWitnessStripDiff witness-disable-diff-box.yml witness-enable-diff-box.yml
   # Left-only invariants:
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 03-octagon_simplest.c
+        line: 11
+        column: 3
+        function: main
+      value: 4294967294LL >= (long long )X + (long long )N
+      format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 03-octagon_simplest.c
+        line: 11
+        column: 3
+        function: main
+      value: 2147483647LL >= (long long )Y + (long long )X
+      format: c_expression
   - invariant:
       type: loop_invariant
       location:
@@ -246,6 +227,15 @@ Compare witnesses:
         function: main
       value: 2147483647LL >= (long long )Y + (long long )N
       format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 03-octagon_simplest.c
+        line: 11
+        column: 3
+        function: main
+      value: 2147483647LL >= (long long )X
+      format: c_expression
   - invariant:
       type: loop_invariant
       location:
@@ -264,6 +254,15 @@ Compare witnesses:
         function: main
       value: (long long )Y == 0LL
       format: c_expression
+  - invariant:
+      type: loop_invariant
+      location:
+        file_name: 03-octagon_simplest.c
+        line: 11
+        column: 3
+        function: main
+      value: (long long )Y + 2147483647LL >= (long long )X
+      format: c_expression
   - invariant:
       type: loop_invariant
       location:
