Skip to content

Location fixes for YAML witness generation/validation #1372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 31 commits into from
Apr 4, 2024
Merged

Location fixes for YAML witness generation/validation #1372

merged 31 commits into from
Apr 4, 2024

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Feb 27, 2024
edited
Loading

Closes #1355.

Changes

  1. Adapt compilation to location fixes from Location fixes for Goblint YAML witness generation/validation cil#167.
  2. Deduplicate witness node identification logic to WitnessUtil. This prevents various copies going out of sync and makes them easier to test.
  3. Extend the CFG cram test output with information about witness node identification. This makes it easy to see which CFG nodes can have which witness invariants.
  4. Fix loop invariant locations. Loop heads for witnesses are not identified by back edges in CFG, but by checking for the Loop statement in the corresponding CIL AST. Loop statements are not part of our CFG nodes, so this lookup happens through skippedByEdge. This has two benefits:
    1. Loop invariants are no longer emitted for goto-loops. This matches YAML witness specification.
    2. Locations for loop heads now correctly point to the beginning of the structural loop keyword. This also works for do-while loops because the Loop node contains the location for the do.
  5. Fix location for first initializer assignment. Previously initializer assignments in declarations used expression locations in the middle of the statement. Now the first assignment has its location before the entire declaration, which is a valid point before any initializers execute.
  6. Make precondition_loop_invariant match loop nodes not arbitrary location nodes. This is our thing and not really used for anything, but at least the name matches the behavior now. This is from the time when loop_invariant was confused with location invariants in YAML witness specification.
  7. Mark YAML witnesses incompatible with loop unrolling for now.

TODO

sim642 added 17 commits February 14, 2024 17:19
@sim642
Add expression location to return
c743366
@sim642
Fix initializer locations
854f47d
@sim642
Move YAML witness node predicates to WitnessUtil
8dfd8fa
@sim642
Move YAML witness validation node predicates to WitnessUtil
39f0535
@sim642
Extract Server.is_server_node
cfaeda3
@sim642
Add node predicate output to cfgDot
994d287
@sim642
Merge branch 'cfg-test-pred' into fix-locations-pred
1e134df
@sim642
Allow YAML location invariants before first initializer
2b54e34
@sim642
Add test for loop CFG locations
e07fad0
@sim642
Make first for initializer loc non-synthetic
471d9b5
@sim642
Test for loop locations with two initializers
3764aa6
@sim642
Find syntactic loop heads in cfgDot
2de8dad
@sim642
Hide empty loop in cfgDot
01809f9
@sim642
Move skippedByEdge into CFG module
db297e2
@sim642
Move find_syntactic_loop_head to WitnessUtil
7181c19
@sim642
Make CFG skippedByEdge functional
ac1d813
@sim642
Fix GobView with CfgBidirSkip
f91b76c
@sim642 sim642 added bug sv-comp SV-COMP (analyses, results), witnesses labels Feb 27, 2024
@sim642 sim642 self-assigned this Feb 27, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 28, 2024
View reviewed changes
src/transform/expressionEvaluation.ml
|> List.concat_map (fun (f : Cil.fundec) -> f.sallstmts |> List.map (fun s -> f, s))
(* Add locations *)
|> List.map (fun (f, (s : Cil.stmt)) -> (Cilfacade.get_stmtLoc s, f, s))
|> List.map (fun (f, (s : Cil.stmt)) -> (Cil.get_stmtLoc s.skind, f, s)) (* nosemgrep: cilfacade *) (* Must use CIL's because syntactic search is in CIL. *)

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.cilfacade

use Cilfacade instead
src/transform/expressionEvaluation.ml
succeeding_statement := Some s;
(* Evaluate at (directly before) a succeeding location *)
Some(self#try_ask (Cilfacade.get_stmtLoc s) expression)
Some(self#try_ask (Cil.get_stmtLoc s.skind) expression) (* nosemgrep: cilfacade *) (* Must use CIL's because syntactic search is in CIL. *)

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.cilfacade

use Cilfacade instead
@sim642 sim642 force-pushed the fix-locations-pred branch from c22c775 to 02bba93 Compare February 28, 2024 13:26
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 28, 2024
View reviewed changes
src/framework/control.ml
);
iter (fun (node, v) ->
let loc = match node with
| Statement s -> Cil.get_stmtLoc s.skind (* nosemgrep: cilfacade *) (* Must use CIL's because syntactic search is in CIL. *)

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.cilfacade

use Cilfacade instead
@sim642 sim642 marked this pull request as ready for review February 28, 2024 14:53
@sim642 sim642 added this to the SV-COMP 2025 milestone Feb 28, 2024
@sim642 sim642 mentioned this pull request Feb 29, 2024
Merged
7 tasks
@michael-schwarz michael-schwarz self-requested a review March 11, 2024 13:58
@sim642 sim642 mentioned this pull request Mar 12, 2024
Open
michael-schwarz
michael-schwarz requested changes Mar 15, 2024
View reviewed changes
Copy link
Member

@michael-schwarz michael-schwarz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's a step forward, there are a few things that we should still discuss before merging though.
It might make sense to pull out the loop unrolling and sv-comp default config discussion and discuss that separately?

src/witness/yamlWitness.ml
in

(* Generate precondition invariants.
(* Generate precondition loop invariants.
Copy link
Member

@michael-schwarz michael-schwarz Mar 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jerhard How does this change affect our planned usage for precondition invariants for the project with LMU? We need general precondition invariants there iirc?

Copy link
Member Author

@sim642 sim642 Mar 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having precondition_location_invariant entries is just a matter of defining the corresponding types and doing what we already have for location_invariant vs loop_invariant: use a different predicate for filtering nodes.

@michael-schwarz michael-schwarz requested a review from jerhard March 18, 2024 10:06
@sim642 sim642 mentioned this pull request Mar 26, 2024
Merged
sim642 added a commit that referenced this pull request Apr 2, 2024
@sim642
Disable SV-COMP loop unrolling in preparation for PR #1372
6201b38 
Partial cherry-pick of 0bf0407.
@sim642 sim642 mentioned this pull request Apr 2, 2024
Closed
@sim642
Copy link
Member Author

sim642 commented Apr 2, 2024

It might make sense to pull out the loop unrolling and sv-comp default config discussion and discuss that separately?

It's now extracted to #1402.

@sim642 sim642 mentioned this pull request Apr 3, 2024
Merged
1 task
@sim642 sim642 mentioned this pull request Apr 4, 2024
Merged
@sim642 sim642 requested a review from michael-schwarz April 4, 2024 08:37
michael-schwarz
michael-schwarz approved these changes Apr 4, 2024
View reviewed changes
@sim642 sim642 merged commit 58ce3e6 into master Apr 4, 2024
@sim642 sim642 deleted the fix-locations-pred branch April 4, 2024 12:43
sim642 added a commit to sim642/opam-repository that referenced this pull request Aug 2, 2024
@sim642
[new release] goblint (2.4.0)
38186e2 
CHANGES:

* Remove unmaintained analyses: spec, file (goblint/analyzer#1281).
* Add linear two-variable equalities analysis (goblint/analyzer#1297, goblint/analyzer#1412, goblint/analyzer#1466).
* Add callstring, loopfree callstring and context gas analyses (goblint/analyzer#1038, goblint/analyzer#1340, goblint/analyzer#1379, goblint/analyzer#1427, goblint/analyzer#1439).
* Add non-relational thread-modular value analyses with thread IDs (goblint/analyzer#1366, goblint/analyzer#1398, goblint/analyzer#1399).
* Add NULL byte array domain (goblint/analyzer#1076).
* Fix spurious overflow warnings from internal evaluations (goblint/analyzer#1406, goblint/analyzer#1411, goblint/analyzer#1511).
* Refactor non-definite mutex handling to fix unsoundness (goblint/analyzer#1430, goblint/analyzer#1500, goblint/analyzer#1503, goblint/analyzer#1409).
* Fix non-relational thread-modular value analysis unsoundness with ambiguous points-to sets (goblint/analyzer#1457, goblint/analyzer#1458).
* Fix mutex type analysis unsoundness and enable it by default (goblint/analyzer#1414, goblint/analyzer#1416, goblint/analyzer#1510).
* Add points-to set refinement on mutex path splitting (goblint/analyzer#1287, goblint/analyzer#1343, goblint/analyzer#1374, goblint/analyzer#1396, goblint/analyzer#1407).
* Improve narrowing operators (goblint/analyzer#1502, goblint/analyzer#1540, goblint/analyzer#1543).
* Extract automatic configuration tuning for soundness (goblint/analyzer#1369).
* Fix many locations in witnesses (goblint/analyzer#1355, goblint/analyzer#1372, goblint/analyzer#1400, goblint/analyzer#1403).
* Improve output readability (goblint/analyzer#1294, goblint/analyzer#1312, goblint/analyzer#1405, goblint/analyzer#1497).
* Refactor logging (goblint/analyzer#1117).
* Modernize all library function specifications (goblint/analyzer#1029, goblint/analyzer#688, goblint/analyzer#1174, goblint/analyzer#1289, goblint/analyzer#1447, goblint/analyzer#1487).
* Remove OCaml 4.10, 4.11, 4.12 and 4.13 support (goblint/analyzer#1448).
@sim642 sim642 mentioned this pull request Aug 2, 2024
Merged
avsm pushed a commit to avsm/opam-repository that referenced this pull request Sep 5, 2024
@sim642 @avsm
[new release] goblint (2.4.0)
2afe816 
CHANGES:

* Remove unmaintained analyses: spec, file (goblint/analyzer#1281).
* Add linear two-variable equalities analysis (goblint/analyzer#1297, goblint/analyzer#1412, goblint/analyzer#1466).
* Add callstring, loopfree callstring and context gas analyses (goblint/analyzer#1038, goblint/analyzer#1340, goblint/analyzer#1379, goblint/analyzer#1427, goblint/analyzer#1439).
* Add non-relational thread-modular value analyses with thread IDs (goblint/analyzer#1366, goblint/analyzer#1398, goblint/analyzer#1399).
* Add NULL byte array domain (goblint/analyzer#1076).
* Fix spurious overflow warnings from internal evaluations (goblint/analyzer#1406, goblint/analyzer#1411, goblint/analyzer#1511).
* Refactor non-definite mutex handling to fix unsoundness (goblint/analyzer#1430, goblint/analyzer#1500, goblint/analyzer#1503, goblint/analyzer#1409).
* Fix non-relational thread-modular value analysis unsoundness with ambiguous points-to sets (goblint/analyzer#1457, goblint/analyzer#1458).
* Fix mutex type analysis unsoundness and enable it by default (goblint/analyzer#1414, goblint/analyzer#1416, goblint/analyzer#1510).
* Add points-to set refinement on mutex path splitting (goblint/analyzer#1287, goblint/analyzer#1343, goblint/analyzer#1374, goblint/analyzer#1396, goblint/analyzer#1407).
* Improve narrowing operators (goblint/analyzer#1502, goblint/analyzer#1540, goblint/analyzer#1543).
* Extract automatic configuration tuning for soundness (goblint/analyzer#1369).
* Fix many locations in witnesses (goblint/analyzer#1355, goblint/analyzer#1372, goblint/analyzer#1400, goblint/analyzer#1403).
* Improve output readability (goblint/analyzer#1294, goblint/analyzer#1312, goblint/analyzer#1405, goblint/analyzer#1497).
* Refactor logging (goblint/analyzer#1117).
* Modernize all library function specifications (goblint/analyzer#1029, goblint/analyzer#688, goblint/analyzer#1174, goblint/analyzer#1289, goblint/analyzer#1447, goblint/analyzer#1487).
* Remove OCaml 4.10, 4.11, 4.12 and 4.13 support (goblint/analyzer#1448).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michael-schwarz michael-schwarz michael-schwarz approved these changes

@jerhard jerhard Awaiting requested review from jerhard

Assignees

@sim642 sim642

Labels

bug sv-comp SV-COMP (analyses, results), witnesses

Projects

None yet

Milestone

SV-COMP 2025

Development

Successfully merging this pull request may close these issues.

for loop invariant location in YAML witness

3 participants

@sim642 @michael-schwarz