Engine heuristic: fix for assumptions unsupported by k-induction

kroening · kroening · commit 05174ba289ef · 2025-01-14T11:13:25.000-08:00
The k-induction engine now correctly reports unsupported assumptions, and is then skipped by the engine selection heuristic. Fixes #921.
diff --git a/regression/ebmc/k-induction/k-induction6.desc b/regression/ebmc/k-induction/k-induction6.desc
@@ -1,9 +1,10 @@
-KNOWNBUG
+CORE
 k-induction6.sv
-
+--k-induction
+^\[main\.a0\] always not s_eventually !main\.x: FAILURE: property unsupported by k-induction$
+^\[main\.p0\] always main\.x: INCONCLUSIVE$
 ^EXIT=10$
 ^SIGNAL=0$
 --
 ^warning: ignoring
 --
-The property should hold, but is reported as refuted.
diff --git a/regression/ebmc/k-induction/k-induction7.desc b/regression/ebmc/k-induction/k-induction7.desc
@@ -0,0 +1,11 @@
+CORE
+k-induction7.sv
+--k-induction
+^\[main\.a0\] always not s_eventually !main\.y: FAILURE: property unsupported by k-induction$
+^\[main\.a1\] always !main\.x: ASSUMED$
+^\[main\.p0\] always !main\.z: PROVED$
+^EXIT=0$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
diff --git a/regression/ebmc/k-induction/k-induction7.sv b/regression/ebmc/k-induction/k-induction7.sv
@@ -0,0 +1,15 @@
+module main(input clk, input x, input y);
+
+  reg z = 0;
+  always_ff @(posedge clk) z <= z || x;
+
+  // unsupported assumption
+  a0: assume property (not s_eventually !y);
+
+  // supported assumption
+  a1: assume property (!x);
+
+  // inductive property
+  p0: assert property (!z);
+
+endmodule
diff --git a/src/ebmc/ebmc_properties.cpp b/src/ebmc/ebmc_properties.cpp
@@ -78,9 +78,9 @@ ebmc_propertiest ebmc_propertiest::from_transition_system(
         id2string(symbol.location.get_comment());
 
       // Don't try to prove assumption properties.
-      if(symbol.value.id() == ID_sva_assume)
+      if(properties.properties.back().is_assumption())
       {
-        properties.properties.back().status = propertyt::statust::ASSUMED;
+        properties.properties.back().assumed();
         properties.properties.back().normalized_expr =
           normalize_property(to_sva_assume_expr(symbol.value).op());
       }
diff --git a/src/ebmc/ebmc_properties.h b/src/ebmc/ebmc_properties.h
@@ -103,6 +103,11 @@ class ebmc_propertiest
       return status == statust::INCONCLUSIVE;
     }
 
+    void assumed()
+    {
+      status = statust::ASSUMED;
+    }
+
     void unknown()
     {
       status = statust::UNKNOWN;
@@ -164,6 +169,11 @@ class ebmc_propertiest
     {
       return ::is_exists_path(original_expr);
     }
+
+    bool is_assumption() const
+    {
+      return original_expr.id() == ID_sva_assume;
+    }
   };
 
   typedef std::list<propertyt> propertiest;
@@ -209,11 +219,18 @@ class ebmc_propertiest
     return result;
   }
 
-  void reset_failure_to_unknown()
+  /// Resets properties/assumptions in FAILURE state to
+  /// ASSUMED/UNKNOWN respectively.
+  void reset_failure()
   {
     for(auto &p : properties)
       if(p.is_failure())
-        p.unknown();
+      {
+        if(p.is_assumption())
+          p.assumed();
+        else
+          p.unknown();
+      }
   }
 };
 
diff --git a/src/ebmc/k_induction.cpp b/src/ebmc/k_induction.cpp
@@ -170,16 +170,39 @@ Function: k_inductiont::operator()
 
 void k_inductiont::operator()()
 {
+  // Unsupported assumption? Mark as such.
+  bool assumption_unsupported = false;
+  for(auto &property : properties.properties)
+  {
+    if(!supported(property) && property.is_assumed())
+    {
+      assumption_unsupported = true;
+      property.failure("assumption unsupported by k-induction");
+    }
+  }
+
   // Fail unsupported properties
   for(auto &property : properties.properties)
   {
-    if(!supported(property))
+    if(!supported(property) && !property.is_assumed())
       property.failure("property unsupported by k-induction");
   }
 
   // do induction base
   induction_base();
 
+  // Any refuted properties are really inconclusive if there are
+  // unsupported assumptions, as the assumption might have
+  // proven the property.
+  if(assumption_unsupported)
+  {
+    for(auto &property : properties.properties)
+    {
+      if(property.is_refuted())
+        property.unknown();
+    }
+  }
+
   // do induction step
   induction_step();
 }
diff --git a/src/ebmc/property_checker.cpp b/src/ebmc/property_checker.cpp
@@ -384,12 +384,13 @@ property_checker_resultt engine_heuristic(
   k_induction(
     1, transition_system, properties, solver_factory, message_handler);
 
-  properties.reset_failure_to_unknown();
+  properties.reset_failure();
 
   if(!properties.has_unknown_property())
     return property_checker_resultt{properties}; // done
 
   // Now try BMC with bound 5, word-level
+  message.status() << "Attempting BMC with bound 5" << messaget::eom;
 
   bmc(
     5,     // bound
@@ -400,7 +401,7 @@ property_checker_resultt engine_heuristic(
     solver_factory,
     message_handler);
 
-  properties.reset_failure_to_unknown();
+  properties.reset_failure();
 
   if(!properties.has_unknown_property())
     return property_checker_resultt{properties}; // done
diff --git a/src/ebmc/property_checker.h b/src/ebmc/property_checker.h
@@ -50,12 +50,18 @@ class property_checker_resultt
   bool all_properties_proved() const
   {
     for(const auto &p : properties)
-      if(
+    {
+      if(p.is_assumption())
+      {
+        // ignore
+      }
+      else if(
         !p.is_proved() && !p.is_proved_with_bound() && !p.is_disabled() &&
         !p.is_assumed())
       {
         return false;
       }
+    }
 
     return true;
   }

Original file line number	Diff line number	Diff line change
`@@ -78,9 +78,9 @@ ebmc_propertiest ebmc_propertiest::from_transition_system(`
`78`	`78`	`id2string(symbol.location.get_comment());`
`79`	`79`
`80`	`80`	`// Don't try to prove assumption properties.`
`81`		`- if(symbol.value.id() == ID_sva_assume)`
	`81`	`+ if(properties.properties.back().is_assumption())`
`82`	`82`	`{`
`83`		`- properties.properties.back().status = propertyt::statust::ASSUMED;`
	`83`	`+ properties.properties.back().assumed();`
`84`	`84`	`properties.properties.back().normalized_expr =`
`85`	`85`	`normalize_property(to_sva_assume_expr(symbol.value).op());`
`86`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,11 @@ class ebmc_propertiest`
`103`	`103`	`return status == statust::INCONCLUSIVE;`
`104`	`104`	`}`
`105`	`105`
	`106`	`+ void assumed()`
	`107`	`+ {`
	`108`	`+ status = statust::ASSUMED;`
	`109`	`+ }`
	`110`	`+`
`106`	`111`	`void unknown()`
`107`	`112`	`{`
`108`	`113`	`status = statust::UNKNOWN;`
`@@ -164,6 +169,11 @@ class ebmc_propertiest`
`164`	`169`	`{`
`165`	`170`	`return ::is_exists_path(original_expr);`
`166`	`171`	`}`
	`172`	`+`
	`173`	`+ bool is_assumption() const`
	`174`	`+ {`
	`175`	`+ return original_expr.id() == ID_sva_assume;`
	`176`	`+ }`
`167`	`177`	`};`
`168`	`178`
`169`	`179`	`typedef std::list<propertyt> propertiest;`
`@@ -209,11 +219,18 @@ class ebmc_propertiest`
`209`	`219`	`return result;`
`210`	`220`	`}`
`211`	`221`
`212`		`- void reset_failure_to_unknown()`
	`222`	`+ /// Resets properties/assumptions in FAILURE state to`
	`223`	`+ /// ASSUMED/UNKNOWN respectively.`
	`224`	`+ void reset_failure()`
`213`	`225`	`{`
`214`	`226`	`for(auto &p : properties)`
`215`	`227`	`if(p.is_failure())`
`216`		`- p.unknown();`
	`228`	`+ {`
	`229`	`+ if(p.is_assumption())`
	`230`	`+ p.assumed();`
	`231`	`+ else`
	`232`	`+ p.unknown();`
	`233`	`+ }`
`217`	`234`	`}`
`218`	`235`	`};`
`219`	`236`
Original file line number	Diff line number	Diff line change
`@@ -50,12 +50,18 @@ class property_checker_resultt`
`50`	`50`	`bool all_properties_proved() const`
`51`	`51`	`{`
`52`	`52`	`for(const auto &p : properties)`
`53`		`- if(`
	`53`	`+ {`
	`54`	`+ if(p.is_assumption())`
	`55`	`+ {`
	`56`	`+ // ignore`
	`57`	`+ }`
	`58`	`+ else if(`
`54`	`59`	`!p.is_proved() && !p.is_proved_with_bound() && !p.is_disabled() &&`
`55`	`60`	`!p.is_assumed())`
`56`	`61`	`{`
`57`	`62`	`return false;`
`58`	`63`	`}`
	`64`	`+ }`
`59`	`65`
`60`	`66`	`return true;`
`61`	`67`	`}`