Skip to content

Add abstract interface to Invariant #1668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Add abstract interface to Invariant #1668

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
85b4249
Add interface to Invariant
sim642 Jan 31, 2025
0287995
Abstract Invariant.t
sim642 Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion src/cdomain/value/domains/invariant.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
(** Invariants for witnesses. *)


open GoblintCil

Expand Down Expand Up @@ -37,6 +37,9 @@ include Lattice.LiftConf (N) (ExpLat)

let none = top ()
let of_exp = lift
let to_exp = function
| `Lifted x -> Some x
| `Top | `Bot -> None

let ( && ) = meet
let ( || ) = join
Expand Down
19 changes: 19 additions & 0 deletions src/cdomain/value/domains/invariant.mli
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
(** Invariants for witnesses. *)

include Lattice.S

val none: t
val of_exp: GoblintCil.exp -> t

val to_exp: t -> GoblintCil.exp option

val (&&): t -> t -> t
val (||): t -> t -> t


type context = {
path: int option;
lvals: Lval.Set.t;
}

val default_context : context
6 changes: 3 additions & 3 deletions src/transform/evalAssert.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@ struct
| Some lval -> Lval.(Set.singleton lval)
in
let context = {Invariant.default_context with lvals} in
match (ask ~node loc).f (Queries.Invariant context) with
| `Lifted e ->
match Invariant.to_exp ((ask ~node loc).f (Queries.Invariant context)) with
| Some e ->
let es = WitnessUtil.InvariantExp.process_exp e in
let asserts = List.map (fun e -> cInstr ("%v:assert (%e:exp);") loc [("assert", Fv assert_function); ("exp", Fe e)]) es in
if surroundByAtomic then
Expand All @@ -68,7 +68,7 @@ struct
abegin :: (asserts @ [aend])
else
asserts
| _ -> []
| None -> []
in

let instrument_instructions il s =
Expand Down
9 changes: 5 additions & 4 deletions src/witness/witness.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ open Svcomp
open GobConfig

module M = Messages
module OuterInvariant = Invariant

module type WitnessTaskResult = TaskResult with module Arg.Edge = MyARG.InlineEdge

Expand Down Expand Up @@ -38,8 +39,8 @@ let write_file filename (module Task:Task) (module TaskResult:WitnessTaskResult)
| MyARG.CFGEdge (Test _) -> true
| _ -> false
end || begin if Invariant.is_invariant_node to_cfgnode then
match to_cfgnode, TaskResult.invariant to_node with
| Statement _, `Lifted _ -> true
match to_cfgnode, OuterInvariant.to_exp (TaskResult.invariant to_node) with
| Statement _, Some _ -> true
| _, _ -> false
else
false
Expand Down Expand Up @@ -137,8 +138,8 @@ let write_file filename (module Task:Task) (module TaskResult:WitnessTaskResult)
end;
begin
if Invariant.is_invariant_node cfgnode then
match cfgnode, TaskResult.invariant node with
| Statement _, `Lifted i ->
match cfgnode, OuterInvariant.to_exp (TaskResult.invariant node) with
| Statement _, Some i ->
let i = InvariantCil.exp_replace_original_name i in
[("invariant", CilType.Exp.show i);
("invariant.scope", (Node.find_fundec cfgnode).svar.vname)]
Expand Down
64 changes: 32 additions & 32 deletions src/witness/yamlWitness.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,8 +293,8 @@ struct
Invariant.(acc || R.ask_local_node n ~local (Invariant {Invariant.default_context with lvals})) [@coverage off] (* bisect_ppx cannot handle redefined (||) *)
) (Invariant.bot ()) ns
in
match inv with
| `Lifted inv ->
match Invariant.to_exp inv with
| Some inv ->
let fundec = Node.find_fundec (List.hd ns) in (* TODO: fix location hack *)
let location_function = fundec.svar.vname in
let location = Entry.location ~location:loc ~location_function in
Expand All @@ -305,7 +305,7 @@ struct
incr cnt_location_invariant;
entry :: acc
) acc invs
| `Bot | `Top -> (* TODO: 0 for bot (dead code)? *)
| None -> (* TODO: 0 for bot (dead code)? *)
acc
) (Lazy.force location_nodes) entries
)
Expand All @@ -323,8 +323,8 @@ struct
Invariant.(acc || R.ask_local_node n ~local (Invariant Invariant.default_context)) [@coverage off] (* bisect_ppx cannot handle redefined (||) *)
) (Invariant.bot ()) ns
in
match inv with
| `Lifted inv ->
match Invariant.to_exp inv with
| Some inv ->
let fundec = Node.find_fundec (List.hd ns) in (* TODO: fix location hack *)
let location_function = fundec.svar.vname in
let location = Entry.location ~location:loc ~location_function in
Expand All @@ -335,7 +335,7 @@ struct
incr cnt_loop_invariant;
entry :: acc
) acc invs
| `Bot | `Top -> (* TODO: 0 for bot (dead code)? *)
| None -> (* TODO: 0 for bot (dead code)? *)
acc
)
else
Expand Down Expand Up @@ -372,24 +372,24 @@ struct
GHT.fold (fun g v acc ->
match g with
| `Left g -> (* global unknown from analysis Spec *)
begin match R.ask_global (InvariantGlobal (Obj.repr g)), GobConfig.get_string "witness.invariant.flow_insensitive-as" with
| `Lifted inv, "flow_insensitive_invariant" ->
begin match Invariant.to_exp (R.ask_global (InvariantGlobal (Obj.repr g))), GobConfig.get_string "witness.invariant.flow_insensitive-as" with
| Some inv, "flow_insensitive_invariant" ->
let invs = WitnessUtil.InvariantExp.process_exp inv in
List.fold_left (fun acc inv ->
let invariant = Entry.invariant (CilType.Exp.show inv) in
let entry = Entry.flow_insensitive_invariant ~task ~invariant in
incr cnt_flow_insensitive_invariant;
entry :: acc
) acc invs
| `Lifted inv, "location_invariant" ->
| Some inv, "location_invariant" ->
fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc ->
let invariant = Entry.invariant (CilType.Exp.show inv) in
let entry = Entry.location_invariant ~task ~location ~invariant in
incr cnt_location_invariant;
entry :: acc
) acc
| `Lifted _, _
| `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *)
| Some _, _
| None, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *)
acc
end
| `Right _ -> (* global unknown for FromSpec contexts *)
Expand Down Expand Up @@ -450,11 +450,11 @@ struct
let fc_map : con_inv list FCMap.t = FCMap.create 103 in
FMap.iter (fun f con_invs ->
List.iter (fun current_c ->
begin match current_c.invariant with
| `Lifted c_inv ->
begin match Invariant.to_exp current_c.invariant with
| Some c_inv ->
(* Collect all start states that may satisfy the invariant of current_c *)
List.iter (fun c ->
let x = R.ask_local (c.node, c.context) ~local:c.state (Queries.EvalInt c_inv) in
let x = R.ask_local (c.node, c.context) ~local:c.state (Queries.EvalInt c_inv) in (* TODO: illegal query *)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The generation of our proposed precondition loop invariants performs EvalInt queries with witness invariants, assuming they have implicit casts, etc like expressions from the program.
This would no longer be the case with #1665.

So we have to decide what to do here:

  1. If we don't want to pursue precondition loop invariants and keep them, they could be removed, avoiding the issue.
  2. Otherwise, Invariant.t might need to be turned into a pair of CIL expressions (with and without implicit casts) behind the abstraction. This might be desirable in the long run for Linear Two Variable Equality Domain Refining Value Domain #1635, although that uses separate expression construction from invariant anyway.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep them, especially if we intend to work with LMU to extend the witness format.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This probably needs some separate discussion if this is still the kind of entry/invariant we want to propose. LMU+Freiburg have recently proposed function contracts as well: https://arxiv.org/abs/2501.12313.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah! At first glance, I think we can basically encode these in the invariants as a conjunction of implications of the form pre_i \implies post_i where pre_i uses these \at(_, Pre) predicates (which would mean we need an ACSL parser, or some hacks such as functions at and a constant Pre).

if Queries.ID.is_bot x || Queries.ID.is_bot_ikind x then (* dead code *)
failwith "Bottom not expected when querying context state" (* Maybe this is reachable, failwith for now so we see when this happens *)
else if Queries.ID.to_bool x = Some false then () (* Nothing to do, the c does definitely not satisfy the predicate of current_c *)
Expand All @@ -463,7 +463,7 @@ struct
FCMap.modify_def [] (f, current_c.context) (fun cs -> c::cs) fc_map;
end
) con_invs;
| `Bot | `Top ->
| None ->
(* If the context invariant is None, we will not generate a precondition invariant. Nothing to do here. *)
()
end
Expand All @@ -484,25 +484,25 @@ struct
let fundec = Node.find_fundec n in
let pre_lvar = (Node.FunctionEntry fundec, c) in
let query = Queries.Invariant Invariant.default_context in
begin match R.ask_local pre_lvar query with
| `Lifted c_inv ->
begin match Invariant.to_exp (R.ask_local pre_lvar query) with
| Some c_inv ->
(* Find unknowns for which the preceding start state satisfies the precondtion *)
let xs = find_matching_states lvar in

(* Generate invariants. Give up in case one invariant could not be generated. *)
let invs = GobList.fold_while_some (fun acc local ->
let lvals = local_lvals n local in
match R.ask_local_node n ~local (Invariant {Invariant.default_context with lvals}) with
| `Lifted c -> Some ((`Lifted c)::acc)
| `Bot | `Top -> None
match Invariant.to_exp (R.ask_local_node n ~local (Invariant {Invariant.default_context with lvals})) with
| Some c -> Some ((Invariant.of_exp c)::acc)
| None -> None
) [] xs
in
begin match invs with
| None
| Some [] -> acc
| Some (x::xs) ->
begin match List.fold_left (fun acc inv -> Invariant.(acc || inv) [@coverage off]) x xs with (* bisect_ppx cannot handle redefined (||) *)
| `Lifted inv ->
begin match Invariant.to_exp (List.fold_left (fun acc inv -> Invariant.(acc || inv) [@coverage off]) x xs) with (* bisect_ppx cannot handle redefined (||) *)
| Some inv ->
let invs = WitnessUtil.InvariantExp.process_exp inv in
let c_inv = InvariantCil.exp_replace_original_name c_inv in (* cannot be split *)
List.fold_left (fun acc inv ->
Expand All @@ -513,7 +513,7 @@ struct
let entry = Entry.precondition_loop_invariant ~task ~location ~precondition ~invariant in
entry :: acc
) acc invs
| `Bot | `Top -> acc
| None -> acc
end
end
| _ -> (* Do not construct precondition invariants if we cannot express precondition *)
Expand Down Expand Up @@ -542,8 +542,8 @@ struct
Invariant.(acc || R.ask_local_node n ~local (Invariant {Invariant.default_context with lvals})) [@coverage off] (* bisect_ppx cannot handle redefined (||) *)
) (Invariant.bot ()) ns
in
match inv with
| `Lifted inv ->
match Invariant.to_exp inv with
| Some inv ->
let fundec = Node.find_fundec (List.hd ns) in (* TODO: fix location hack *)
let location_function = fundec.svar.vname in
let location = Entry.location ~location:loc ~location_function in
Expand All @@ -554,7 +554,7 @@ struct
incr cnt_location_invariant;
invariant :: acc
) acc invs
| `Bot | `Top -> (* TODO: 0 for bot (dead code)? *)
| None -> (* TODO: 0 for bot (dead code)? *)
acc
) (Lazy.force location_nodes) invariants
)
Expand All @@ -572,8 +572,8 @@ struct
Invariant.(acc || R.ask_local_node n ~local (Invariant Invariant.default_context)) [@coverage off] (* bisect_ppx cannot handle redefined (||) *)
) (Invariant.bot ()) ns
in
match inv with
| `Lifted inv ->
match Invariant.to_exp inv with
| Some inv ->
let fundec = Node.find_fundec (List.hd ns) in (* TODO: fix location hack *)
let location_function = fundec.svar.vname in
let location = Entry.location ~location:loc ~location_function in
Expand All @@ -584,7 +584,7 @@ struct
incr cnt_loop_invariant;
invariant :: acc
) acc invs
| `Bot | `Top -> (* TODO: 0 for bot (dead code)? *)
| None -> (* TODO: 0 for bot (dead code)? *)
acc
)
else
Expand All @@ -601,15 +601,15 @@ struct
GHT.fold (fun g v acc ->
match g with
| `Left g -> (* global unknown from analysis Spec *)
begin match R.ask_global (InvariantGlobal (Obj.repr g)) with
| `Lifted inv ->
begin match Invariant.to_exp (R.ask_global (InvariantGlobal (Obj.repr g))) with
| Some inv ->
fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc ->
let invariant = CilType.Exp.show inv in
let invariant = Entry.location_invariant' ~location ~invariant in
incr cnt_location_invariant;
invariant :: acc
) acc
| `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *)
| None -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *)
acc
end
| `Right _ -> (* global unknown for FromSpec contexts *)
Expand Down
Loading