Skip to content

Add experimental generation and validation of YAML witness invariants with preconditions #752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sim642 merged 37 commits into from
Aug 4, 2022
Merged

Add experimental generation and validation of YAML witness invariants with preconditions #752

sim642 merged 37 commits into from
Aug 4, 2022

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Jun 6, 2022

Adds the experimental YAML witness entry type precondition_loop_invariant, which is like loop_invariant, but has a second precondition expression to match contexts.
Current validation semantics is that the invariant is only checked for contexts where the precondition must hold.

Additionally refactors all the YAML witness type definitions etc to be more type-safe and extensible.

@sim642 sim642 added cleanup Refactoring, clean-up feature type-safety Type-safety improvements sv-comp SV-COMP (analyses, results), witnesses precision labels Jun 6, 2022
@sim642
Copy link
Member Author

sim642 commented Jun 15, 2022

Although the entry type for invariants with preconditions is currently unofficial, it would be good to get this merged for its refactoring of the YAML witnesses. The refactoring makes it easy to work with different entry types, possibly including location_invariant, which is to be added as well.

@sim642 sim642 marked this pull request as ready for review June 15, 2022 10:45
jerhard
jerhard reviewed Jul 13, 2022
View reviewed changes
jerhard
jerhard reviewed Jul 13, 2022
View reviewed changes
Copy link
Member

@jerhard jerhard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed this here a bit in Munich, with @michael-schwarz, @stilscher.
It probably makes sense to implement this grouping of preconditions before merging this, as otherwise the produced precondition-witnesses could be misleading.

For a function, one would first generate all the invariant expressions for the contexts, and then check which of the start states may satisfy the condition and group them. Subsequently one would generate the precondition-invariants for these groups of contexts.

jerhard
jerhard reviewed Jul 13, 2022
View reviewed changes
jerhard added 6 commits July 14, 2022 12:27
@jerhard
Add example where the generated witnesses are unsound.
f58c4ec 
In this example, among others, the following precondition_loop_invariants are generated:

loop_invariant:
    string: result == 1
    [...]
  precondition:
    string: '*ptr1 == 5 && *ptr2 == 5'

and:

loop_invariant:
    string: result == 0
    [...]
  precondition:
    string: '*ptr1 == 5 && *ptr2 == 5'

To fix this issue, grouping of precondition_loop_invariants is required.
@jerhard
Extract common function for creating contexts
2114d85
@jerhard
Extract check whether node is Statement out of node_context
4b85cca
@jerhard
Collect contexts that may satiesfy context invariants
1c23167
@jerhard
PreconditionInvariants: Create postcondition as disjunction of matchi…
0b7dca4 
…ng states.
@jerhard
Fix indentation
e109d60
@jerhard jerhard mentioned this pull request Jul 18, 2022
Merged
jerhard and others added 13 commits July 18, 2022 17:30
@jerhard
Fix comments
8240a09
@jerhard
Precondition invariants: Handle case when invariant cannot be generat…
e4fb856 
…ed for one state.

In case that an invariant for a state  could not be generated, no precondition_loop_invariant is generated. Reason: The invariant (that failed to be generated) must be part of the postcondition.
@jerhard
Add missing word in comment
13dbcc3
@jerhard
Fix comments and indentation
470c126
@jerhard
Use start state instead of context for generating preconditions
dc260c0
@sim642
Merge branch 'master' into yaml-witness-precondition
dd244a5
@sim642
Remove commented-out yaml witness code
4f5ba97
@sim642
Merge branch 'yaml-witness-precondition' into yaml-witness-preconditi…
2b6abe4 
…on-groups
@sim642
Move ask_local_node into YamlWitness.Query
da65728
@sim642
Prefer ask_local over ask_local_node in YamlWitness
948cd31
@jerhard
Explicitely use BatHashtbl instead of doing it via Prelude.Hashtbl.
b50801e
@jerhard
Move comment about why we do not generate invariants for FunctionEntr…
8f4cffc 
…y and Function(-return) nodes to is_invariant_node
@jerhard
Add comment to use IterSysVars when #391 (interactive) is merged
b5ce4ba
@sim642 sim642 mentioned this pull request Jul 27, 2022
Merged
6 tasks
jerhard
jerhard approved these changes Aug 3, 2022
View reviewed changes
Copy link
Member

@jerhard jerhard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@sim642 sim642 merged commit f0e71e3 into master Aug 4, 2022
@sim642 sim642 deleted the yaml-witness-precondition branch August 4, 2022 09:05
sim642 added a commit that referenced this pull request Aug 4, 2022
@sim642
Fix indentation (PR #752)
0769cfd
@sim642 sim642 added this to the v2.0.0 milestone Aug 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerhard jerhard jerhard approved these changes

Assignees

No one assigned

Labels

cleanup Refactoring, clean-up feature precision sv-comp SV-COMP (analyses, results), witnesses type-safety Type-safety improvements

Projects

None yet

Milestone

v2.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@sim642 @jerhard