Skip to content

Conversion of pointer_object_exprt and pointer_offset_exprt for new SMT backend #6815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Apr 28, 2022
Merged

Conversion of pointer_object_exprt and pointer_offset_exprt for new SMT backend #6815

merged 8 commits into from
Apr 28, 2022

Conversation

NlightNFotis
Copy link
Contributor

@NlightNFotis NlightNFotis commented Apr 19, 2022
edited
Loading

This PR adds the implementation (along with unit and regression tests)
for the conversion of pointer_object_exprts and pointer_offset_exprts for the new SMT backend.

(Because of some limitations for now in our support for arrays, pointer arithmetic, pointer_offset_exprts are covered by unit tests only)

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@NlightNFotis NlightNFotis self-assigned this Apr 19, 2022
TGWDB
TGWDB approved these changes Apr 19, 2022
View reviewed changes
unit/solvers/smt2_incremental/convert_expr_to_smt.cpp
{
// Prelude similar to the one used for address-of expression conversion.

// The config lines are necessary to ensure that pointer width in configured.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in -> is

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this still needs fixing.

thomasspriggs
thomasspriggs suggested changes Apr 19, 2022
View reviewed changes
@thomasspriggs
Copy link
Contributor

The SAT back end can produce a counter example for the following input. Whereas the SMT back end in your branch cannot -

#include <assert.h>
#include <stdbool.h>

int main()
{
	int x;
	int y;
	int z;
	bool nondet1;
	bool nondet2;
	int *a = nondet1 ? &x : &y;
	int *b = nondet2 ? &y : &z;
	__CPROVER_assert(!__CPROVER_same_object(a, b), "Can be violated.");
}

@NlightNFotis NlightNFotis force-pushed the pointer_objects_smt branch 5 times, most recently from 4a49085 to 0685591 Compare April 20, 2022 08:43
@NlightNFotis NlightNFotis changed the title Conversion of pointer_object_exprt for new SMT backend Conversion of pointer_object_exprt and pointer_offset_exprt for new SMT backend Apr 20, 2022
@codecov
Copy link

codecov bot commented Apr 20, 2022
edited
Loading

Codecov Report

Merging #6815 (eaea1de) into develop (7e785d0) will increase coverage by 0.01%.
The diff coverage is 88.56%.

❗ Current head eaea1de differs from pull request most recent head e5f91f2. Consider uploading reports for the commit e5f91f2 to get more accurate results

@@             Coverage Diff             @@
##           develop    #6815      +/-   ##
===========================================
+ Coverage    77.03%   77.04%   +0.01%     
===========================================
  Files         1594     1594              
  Lines       185011   185276     +265     
===========================================
+ Hits        142514   142748     +234     
- Misses       42497    42528      +31
Impacted Files Coverage Δ
src/ansi-c/ansi_c_convert_type.h 100.00% <ø> (ø)
src/ansi-c/c_typecheck_base.h 100.00% <ø> (ø)
src/goto-instrument/contracts/contracts.h 100.00% <ø> (ø)
src/ansi-c/c_typecheck_code.cpp 77.15% <43.75%> (-2.89%) ⬇️
src/goto-instrument/contracts/contracts.cpp 94.42% <93.47%> (-0.07%) ⬇️
...c/solvers/smt2_incremental/convert_expr_to_smt.cpp 85.31% <96.96%> (+0.77%) ⬆️
src/ansi-c/ansi_c_convert_type.cpp 80.69% <100.00%> (+0.55%) ⬆️
src/ansi-c/c_expr.h 100.00% <100.00%> (ø)
src/ansi-c/c_typecheck_base.cpp 78.88% <100.00%> (+0.55%) ⬆️
src/ansi-c/parser.y 80.22% <100.00%> (+0.18%) ⬆️
... and 9 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 142db0b...e5f91f2. Read the comment docs.

thomasspriggs
thomasspriggs suggested changes Apr 20, 2022
View reviewed changes
src/solvers/smt2_incremental/convert_expr_to_smt.cpp Outdated
smt_bit_vector_theoryt::extract(offset_bits - 1, 0)(converted_expr);
if(pointer_width > offset_bits)
{
return smt_bit_vector_theoryt::zero_extend(pointer_width - offset_bits)(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 The result type of pointer_offset_exprt is usually signed. Therefore we should probably be using sign_extend instead of zero_extend. Note that the old SMT2 back end may may wrong in this case. Note also that the signed-ness is currently set in pointer_predicates.cpp but we have no guarantees that these expressions will always have signed/unsigned results (unless we add appropriate invariants).
ℹ️ Negative offsets may occur in the the case of pointer offset overflows.

src/solvers/smt2_incremental/convert_expr_to_smt.cpp Outdated
const auto converted_expr = converted.at(pointer_expr);
const std::size_t pointer_width = type->get_width();
std::size_t offset_bits = pointer_width - config.bv_encoding.object_bits;
if(offset_bits > pointer_width)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ Are we actually truncating the result in this case? Might be worth adding a comment to that effect as this is slightly surprising and it might be worth just adding an invariant to avoid surprise truncation instead.

@NlightNFotis NlightNFotis force-pushed the pointer_objects_smt branch 2 times, most recently from 7b0b681 to 71ad410 Compare April 28, 2022 10:45
thomasspriggs
thomasspriggs reviewed Apr 28, 2022
View reviewed changes
regression/cbmc-incr-smt2/pointers/pointer_offset.c

// *q = p + 2;

// __CPROVER_assert(__CPROVER_POINTER_OFFSET(p) != __CPROVER_POINTER_OFFSET(q), "expected failure");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ This assertion looks like it should pass once we have support for integer arithmetic. The assignment above will give q an offset of 2 * sizeof(int) and p will still have an offset of zero.

@NlightNFotis NlightNFotis merged commit da7edc5 into diffblue:develop Apr 28, 2022
@NlightNFotis NlightNFotis deleted the pointer_objects_smt branch April 28, 2022 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasspriggs thomasspriggs thomasspriggs approved these changes

@TGWDB TGWDB TGWDB approved these changes

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

@chris-ryder chris-ryder Awaiting requested review from chris-ryder

Assignees

@NlightNFotis NlightNFotis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NlightNFotis @thomasspriggs @TGWDB