Skip to content

Simplify witness invariants for bitfield domain #1897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sim642 merged 8 commits into from
Jan 8, 2026
Merged

Simplify witness invariants for bitfield domain #1897

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d34aeeb
Add witness invariant tests for bitfield domain
sim642 Dec 10, 2025
e6f1fa8
Add more cram tests for bitfield witness invariants
sim642 Dec 11, 2025
65c8505
Add SV-COMP cram test for bitfield witness invariants
sim642 Dec 19, 2025
61d85ee
Fix bitfield domain producing trivial witness invariants
sim642 Dec 11, 2025
9a7c13d
Simplify bitfield witness invariant for definite zeroes
sim642 Dec 11, 2025
44d2b76
Fix bitfield witness invariants for _Bool and unsigned types
sim642 Dec 19, 2025
f5bbd38
Merge branch 'master' into witness-invariant-bitfield
sim642 Dec 19, 2025
e031370
Assert valid state in bitfield domain witness invariant
sim642 Jan 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 31 additions & 11 deletions src/cdomain/value/cdomains/int/bitfieldDomain.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -624,19 +624,39 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): Bitfield_SOverflow with type in

(* Invariant *)

let invariant_ikind e ik (z,o) =
if z =: BArith.one_mask && o =: BArith.one_mask then
Invariant.top ()
else if BArith.is_invalid (z,o) then
Invariant.none
else
let open GoblintCil.Cil in
let invariant_ikind e ik (z, o) =
assert (not (BArith.is_invalid (z, o)));
let open GoblintCil.Cil in
let ik_type = TInt (ik, []) in
let i1 =
let def0 = z &: (!: o) in
if def0 =: BArith.zero_mask then
Invariant.none
else (
let def0 = Ints_t.to_bigint def0 in
if fitsInInt ik def0 then ( (* At least for _Bool and unsigned types, kintegerCilint can give an incorrect mask if doesn't fit. See https://github.com/goblint/analyzer/pull/1897/changes#r2610251390. *)
let def0 = kintegerCilint ik def0 in
Invariant.of_exp (BinOp (Eq, (BinOp (BAnd, e, def0, ik_type)), kintegerCilint ik Z.zero, intType))
)
else
Invariant.none
)
in
let i2 =
let def1 = o &: (!: z) in
let (def0, def1) = BatTuple.Tuple2.mapn (kintegerCilint ik) (Ints_t.to_bigint def0, Ints_t.to_bigint def1) in
let exp0 = Invariant.of_exp (BinOp (Eq, (BinOp (BAnd, (UnOp (BNot, e, TInt(ik,[]))), def0, TInt(ik,[]))), def0, intType)) in
let exp1 = Invariant.of_exp (BinOp (Eq, (BinOp (BAnd, e, def1, TInt(ik,[]))), def1, intType)) in
Invariant.meet exp0 exp1
if def1 =: BArith.zero_mask then
Invariant.none
else (
let def1 = Ints_t.to_bigint def1 in
if fitsInInt ik def1 then ( (* At least for _Bool and unsigned types, kintegerCilint can give an incorrect mask if doesn't fit. See https://github.com/goblint/analyzer/pull/1897/changes#r2610251390. *)
let def1 = kintegerCilint ik def1 in
Invariant.of_exp (BinOp (Eq, (BinOp (BAnd, e, def1, ik_type)), def1, intType))
)
else
Invariant.none
)
in
Invariant.(i1 && i2)

let starting ik n =
let (min_ik, max_ik) = Size.range ik in
Expand Down
49 changes: 42 additions & 7 deletions tests/regression/56-witness/46-top-bool-invariant.t
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
def_exc only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -35,7 +35,7 @@ def_exc only:

interval only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --enable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --enable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -70,7 +70,7 @@ interval only:

enums only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --enable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --enable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand All @@ -96,7 +96,7 @@ enums only:

congruence only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --enable ana.int.congruence --disable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --enable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand All @@ -113,7 +113,42 @@ congruence only:

interval_set only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --enable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --enable ana.int.interval_set --disable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
total lines: 2
[Info][Witness] witness generation summary:
location invariants: 2
loop invariants: 0
flow-insensitive invariants: 0
total generation entries: 1

$ yamlWitnessStrip < witness.yml
- entry_type: invariant_set
content:
- invariant:
type: location_invariant
location:
file_name: 46-top-bool-invariant.c
line: 5
column: 3
function: main
value: (_Bool)0 <= x
format: c_expression
- invariant:
type: location_invariant
location:
file_name: 46-top-bool-invariant.c
line: 5
column: 3
function: main
value: x <= (_Bool)1
format: c_expression

bitfield only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --enable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -148,7 +183,7 @@ interval_set only:

all:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --enable ana.int.bitfield 46-top-bool-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand All @@ -174,7 +209,7 @@ all:

all without inexact-type-bounds:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set 46-top-bool-invariant.c --disable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --enable ana.int.bitfield 46-top-bool-invariant.c --disable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down
31 changes: 24 additions & 7 deletions tests/regression/56-witness/47-top-int-invariant.t
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
def_exc only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -35,7 +35,7 @@ def_exc only:

interval only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --enable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --enable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -70,7 +70,7 @@ interval only:

enums only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --enable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --enable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -105,7 +105,7 @@ enums only:

congruence only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --enable ana.int.congruence --disable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --enable ana.int.congruence --disable ana.int.interval_set --disable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand All @@ -122,7 +122,7 @@ congruence only:

interval_set only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --enable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --enable ana.int.interval_set --disable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -155,9 +155,26 @@ interval_set only:
value: x <= 2147483647
format: c_expression

bitfield only:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --disable ana.int.def_exc --disable ana.int.interval --disable ana.int.enums --disable ana.int.congruence --disable ana.int.interval_set --enable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
total lines: 2
[Info][Witness] witness generation summary:
location invariants: 0
loop invariants: 0
flow-insensitive invariants: 0
total generation entries: 1

$ yamlWitnessStrip < witness.yml
- entry_type: invariant_set
content: []

all:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --enable ana.int.bitfield 47-top-int-invariant.c --enable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down Expand Up @@ -192,7 +209,7 @@ all:

all without inexact-type-bounds:

$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set 47-top-int-invariant.c --disable witness.invariant.inexact-type-bounds
$ goblint --enable witness.yaml.enabled --set witness.yaml.invariant-types '["location_invariant"]' --enable ana.int.def_exc --enable ana.int.interval --enable ana.int.enums --enable ana.int.congruence --enable ana.int.interval_set --enable ana.int.bitfield 47-top-int-invariant.c --disable witness.invariant.inexact-type-bounds
[Info][Deadcode] Logical lines of code (LLoC) summary:
live: 2
dead: 0
Expand Down
Loading
Loading