CHC encoder #6717
CHC encoder #6717
Conversation
Codecov ReportBase: 77.87% // Head: 77.79% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## develop #6717 +/- ##
===========================================
- Coverage 77.87% 77.79% -0.09%
===========================================
Files 1576 1578 +2
Lines 181829 182079 +250
===========================================
+ Hits 141605 141653 +48
- Misses 40224 40426 +202
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
kroening
force-pushed
the
set_encoding
branch
3 times, most recently
from
be4d4e0 to
f207870
Compare
kroening
force-pushed
the
set_encoding
branch
2 times, most recently
from
2b7ff7d to
00bf87c
Compare
kroening
force-pushed
the
set_encoding
branch
3 times, most recently
from
08f5250 to
0b0d8dd
Compare
kroening
force-pushed
the
set_encoding
branch
15 times, most recently
from
f9c9bfb to
e8dedf1
Compare
kroening
force-pushed
the
set_encoding
branch
from
bc9e9ff to
1392c76
Compare
| @@ -0,0 +1,13 @@ | |||
| int x; | |||
There was a problem hiding this comment.
Random place for comment: isn't this commit also a PR of its own?
src/util/simplify_expr_pointer.cpp
Outdated
| exprt pointer_offset_expr = simplify_pointer_offset( | ||
| to_pointer_offset_expr(pointer_offset(ptr_expr.front()))); | ||
| exprt pointer_offset_expr = simplify_pointer_offset(to_pointer_offset_expr( | ||
| pointer_offset_exprt(ptr_expr.front(), expr.type()))); |
There was a problem hiding this comment.
I don't understand this change: why do we do to_pointer_offset_expr when the argument (now) is a pointer_offset_exprt? And when we're now constructing the expression with expr.type(), does the comment still apply? If the comment no longer applies, why was it previously ok to change the type, and why is it now the right thing not to change the type?
There was a problem hiding this comment.
- Removed the comment, this is indeed no longer the case.
- Removed the cast.
| /*******************************************************************\ | ||
|
|
||
| Module: Help Formatter | ||
|
|
||
| Author: Daniel Kroening, [email protected] | ||
|
|
||
| \*******************************************************************/ | ||
|
|
||
| /// \file | ||
| /// Help Formatter | ||
|
|
||
| #ifndef CPROVER_CPROVER_HELP_FORMATTER_H | ||
| #define CPROVER_CPROVER_HELP_FORMATTER_H |
There was a problem hiding this comment.
How does this differ from help_entry, and why is it part of the cprover tool (only)? I can see that the implementation does handle help strings with some markup, but can't we please instead have this for everyone rather than having it buried in some commit? I had put together #6931, which perhaps could be done in a more human-readable fashion using this facility.
|
|
||
| #include <util/pointer_expr.h> | ||
|
|
||
| #include "state.h" |
There was a problem hiding this comment.
Does this code actually use anything from that include, and should the entire code not be part of find_symbols.{h,cpp} instead?
There was a problem hiding this comment.
I am adding a comment -- note that this is materially different to any variant of find_symbols.
There was a problem hiding this comment.
I understand, yet this is a concern of mine for several pieces of code being added here: they are different from existing functionality, but the absence of documentation makes it impossible for a potential user to tell what exactly the difference is without putting the code side-by-side.
kroening
force-pushed
the
set_encoding
branch
2 times, most recently
from
46195d3 to
9f97a49
Compare
kroening
force-pushed
the
set_encoding
branch
from
14da6d6 to
523dcb7
Compare
|
Will email to you |
This commit adds a function to extend the expression formatter at runtime.
The Makefile is extended to compile plain C code.
substitute_symbols is useful beyond the specific use case in std_expr.cpp (instantiating binding_exprt). This commit makes it available outside.
Instead of building a completely new binding_exprt, make a copy of the previous one, and then change the operand. The key benefit is that comments (source locations and the like) are preserved.
object_address expressions have pointer type, and hence, the conversion must happen in bv_pointerst::convert_pointer_type.
The SMT2 backend constructs strings to disambiguate overloaded operations using types, and now supports generating strings for array types.
The SMT2 backend constructs strings to disambiguate overloaded operations using types, and now supports generating strings for union_tag types.
This introduces C syntax for a multi-ary predicate that implies that the given pointers point to pairwise different objects.
This adds the predicate __CPROVER_pointer_in_range to the C frontend. The expression __CPROVER_pointer_in_range(a, b, c) evaluates to true iff the following conditions are met: 1) The three pointers a, b, c point to the same object. 2) The object is readable from a to (but not including) c, i.e., c may point just beyond the end of the sequence. 3) a <= b 4) b <= c This predicate is an invariant for the standard loop pattern in which a pointer is used to iterate over an object, stopping when the pointer points one beyond the end of the sequence. The benefit over using a<=b && b<=c is that ANSI-C's <= operator is undefined when the two pointers related by <= do not point into the same object.
This adds a CHC encoding that uses the concept of an abstract "program state", in contrast to the usual explicit enumeration of the variables that the state comprises.
kroening
force-pushed
the
set_encoding
branch
from
523dcb7 to
e54a0ee
Compare
There was a problem hiding this comment.
Approving so as not to block experimenting, but documenting my remaining concerns:
- There is a bunch of code that is similar-but-not-quite-the-same and not documented.
- There is no documentation at all, as also noted by @peterschrammel .
So, really, this code is only usable by a very small group of people. It would be great to learn about a path towards fixing this.
This adds a major new feature, a state-based CHC encoder and solver. It is delivered as a separate binary.