diff --git a/regression/cbmc/Malloc11/slice-formula.desc b/regression/cbmc/Malloc11/slice-formula.desc new file mode 100644 index 00000000000..e95d6008560 --- /dev/null +++ b/regression/cbmc/Malloc11/slice-formula.desc @@ -0,0 +1,7 @@ +CORE broken-smt-backend +main.c +--pointer-check --slice-formula +^EXIT=0$ +^SIGNAL=0$ +^VERIFICATION SUCCESSFUL$ +-- diff --git a/src/goto-symex/show_program.cpp b/src/goto-symex/show_program.cpp index df69d775aa8..06f0ea71840 100644 --- a/src/goto-symex/show_program.cpp +++ b/src/goto-symex/show_program.cpp @@ -38,7 +38,10 @@ static void show_step( std::string string_value = (step.is_shared_read() || step.is_shared_write()) ? from_expr(ns, function_id, step.ssa_lhs) : from_expr(ns, function_id, step.cond_expr); - std::cout << '(' << count << ") "; + if(step.ignore) + std::cout << "(sliced) "; + else + std::cout << '(' << count << ") "; if(annotation.empty()) std::cout << string_value; else diff --git a/src/goto-symex/slice.cpp b/src/goto-symex/slice.cpp index 24f4a44a964..edb2821fc89 100644 --- a/src/goto-symex/slice.cpp +++ b/src/goto-symex/slice.cpp @@ -10,25 +10,14 @@ Author: Daniel Kroening, kroening@kroening.com /// Slicer for symex traces #include "slice.h" +#include "symex_slice_class.h" +#include #include -#include "symex_slice_class.h" - void symex_slicet::get_symbols(const exprt &expr) { - get_symbols(expr.type()); - - forall_operands(it, expr) - get_symbols(*it); - - if(expr.id()==ID_symbol) - depends.insert(to_symbol_expr(expr).get_identifier()); -} - -void symex_slicet::get_symbols(const typet &) -{ - // TODO + find_symbols(expr, depends); } void symex_slicet::slice( @@ -44,17 +33,20 @@ void symex_slicet::slice( void symex_slicet::slice(symex_target_equationt &equation) { + simple_slice(equation); + for(symex_target_equationt::SSA_stepst::reverse_iterator it=equation.SSA_steps.rbegin(); it!=equation.SSA_steps.rend(); it++) - slice(*it); + { + if(!it->ignore) + slice(*it); + } } void symex_slicet::slice(SSA_stept &SSA_step) { - get_symbols(SSA_step.guard); - switch(SSA_step.type) { case goto_trace_stept::typet::ASSERT: @@ -66,7 +58,7 @@ void symex_slicet::slice(SSA_stept &SSA_step) break; case goto_trace_stept::typet::GOTO: - get_symbols(SSA_step.cond_expr); + // ignore break; case goto_trace_stept::typet::LOCATION: @@ -114,13 +106,18 @@ void symex_slicet::slice_assignment(SSA_stept &SSA_step) PRECONDITION(SSA_step.ssa_lhs.id() == ID_symbol); const irep_idt &id=SSA_step.ssa_lhs.get_identifier(); - if(depends.find(id)==depends.end()) + auto entry = depends.find(id); + if(entry == depends.end()) { // we don't really need it SSA_step.ignore=true; } else + { + // we have resolved this dependency + depends.erase(entry); get_symbols(SSA_step.ssa_rhs); + } } void symex_slicet::slice_decl(SSA_stept &SSA_step) @@ -163,6 +160,10 @@ void symex_slicet::collect_open_variables( get_symbols(SSA_step.cond_expr); break; + case goto_trace_stept::typet::GOTO: + // ignore + break; + case goto_trace_stept::typet::LOCATION: // ignore break; @@ -175,7 +176,6 @@ void symex_slicet::collect_open_variables( case goto_trace_stept::typet::OUTPUT: case goto_trace_stept::typet::INPUT: case goto_trace_stept::typet::DEAD: - case goto_trace_stept::typet::NONE: break; case goto_trace_stept::typet::DECL: @@ -191,7 +191,7 @@ void symex_slicet::collect_open_variables( // ignore for now break; - case goto_trace_stept::typet::GOTO: + case goto_trace_stept::typet::NONE: UNREACHABLE; } } diff --git a/src/goto-symex/symex_slice_class.h b/src/goto-symex/symex_slice_class.h index 2c265c47589..5853e3e545e 100644 --- a/src/goto-symex/symex_slice_class.h +++ b/src/goto-symex/symex_slice_class.h @@ -30,7 +30,6 @@ class symex_slicet symbol_sett depends; void get_symbols(const exprt &expr); - void get_symbols(const typet &type); void slice(SSA_stept &SSA_step); void slice_assignment(SSA_stept &SSA_step);