Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CONTRACTS: separation checks using nondet demonic variable #8576

Merged
merged 1 commit into from
Jan 29, 2025
Merged

CONTRACTS: separation checks using nondet demonic variable #8576

merged 1 commit into from
Jan 29, 2025

Conversation

remi-delmas-3000
Copy link
Collaborator

@remi-delmas-3000 remi-delmas-3000 commented Jan 25, 2025
edited
Loading

replace bool array indexed by object ID with nondet demonic tracker for __CPROVER_is_fresh separation checks

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@remi-delmas-3000 remi-delmas-3000 marked this pull request as draft January 25, 2025 19:50
CONTRACTS: separation checks using nondet demonic variable
d490670 
- Replace bool array indexed by object ID with nondet
  demonic variable to implement separation checks.
- Fix test: don't use is fresh under negation

format
@remi-delmas-3000 remi-delmas-3000 force-pushed the contracts-is-fresh-demonic branch from 5372a0c to d490670 Compare January 25, 2025 21:22
@codecov Codecov
Copy link

codecov bot commented Jan 25, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 82.05128% with 7 lines in your changes missing coverage. Please review.

Project coverage is 78.85%. Comparing base (3d79560) to head (d490670).
Report is 2 commits behind head on develop.

Files with missing lines Patch % Lines
.../contracts/dynamic-frames/dfcc_wrapper_program.cpp 70.00% 6 Missing ⚠️
...strument/contracts/dynamic-frames/dfcc_library.cpp 93.75% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #8576      +/-   ##
===========================================
- Coverage    78.92%   78.85%   -0.07%     
===========================================
  Files         1732     1732              
  Lines       198953   199119     +166     
  Branches     18560    18560              
===========================================
+ Hits        157021   157023       +2     
- Misses       41932    42096     +164

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@remi-delmas-3000 remi-delmas-3000 mentioned this pull request Jan 25, 2025
Merged
6 tasks
remi-delmas-3000
remi-delmas-3000 commented Jan 26, 2025
View reviewed changes
regression/contracts-dfcc/test_aliasing_ensure/main.c
Comment on lines -9 to -26
__CPROVER_assigns(z, *x)
__CPROVER_requires(
__CPROVER_is_fresh(x, sizeof(int)) &&
*x > 0 &&
*x < 4)
__CPROVER_ensures(
__CPROVER_is_fresh(y, sizeof(int)) &&
!__CPROVER_is_fresh(x, sizeof(int)) &&
x != NULL &&
x != y &&
__CPROVER_return_value == *x + 5)
int *foo()
// clang-format off
__CPROVER_ensures(__CPROVER_is_fresh(__CPROVER_return_value, sizeof(int)))
// clang-format on
{
*x = *x + 4;
y = malloc(sizeof(*y));
*y = *x;
z = *y;
return (*x + 5);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Precision : I rewrote this test to make it do what the test description says, i.e testing is_fresh in a post condition on the return value.

remi-delmas-3000
remi-delmas-3000 commented Jan 26, 2025
View reviewed changes
src/ansi-c/library/cprover_contracts.c
Comment on lines +73 to +84
typedef struct
{
/// \brief Nondet variable ranging over the set of objects allocated
/// by __CPROVER_contracts_is_fresh. Used to check separation constraints
/// in __CPROVER_contracts_is_fresh.
void *fresh_ptr;
} __CPROVER_contracts_ptr_pred_ctx_t;

/// \brief Type of pointers to \ref __CPROVER_contracts_ptr_pred_ctx_t.
typedef __CPROVER_contracts_ptr_pred_ctx_t
*__CPROVER_contracts_ptr_pred_ctx_ptr_t;

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new structure encapsulates context info that's used by pointer predicates and shared across requires and ensures clauses. It is going to be expanded in the future with more fields to support more predicates

Copy link
Collaborator Author

@remi-delmas-3000 remi-delmas-3000 Jan 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name is ptr_pret_ctx means "pointer predicate context", it is not specific to is_fresh anymore (will be used by all predicates).

remi-delmas-3000
remi-delmas-3000 commented Jan 26, 2025
View reviewed changes
src/ansi-c/library/cprover_contracts.c
@@ -84,7 +99,7 @@ typedef struct
__CPROVER_contracts_obj_set_t deallocated;
/// \brief Pointer to object set supporting the is_fresh predicate checks
/// (indexed mode)
__CPROVER_contracts_obj_set_ptr_t linked_is_fresh;
__CPROVER_contracts_ptr_pred_ctx_ptr_t linked_ptr_pred_ctx;
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name is ptr_pret_ctx means "pointer predicate context", it is not specific to is_fresh anymore (will be used by all predicates).

@remi-delmas-3000 remi-delmas-3000 marked this pull request as ready for review January 26, 2025 06:12
@feliperodri feliperodri added the Code Contracts Function and loop contracts label Jan 26, 2025
@remi-delmas-3000
Copy link
Collaborator Author

@tautschnig this one is ready to merge

@tautschnig tautschnig merged commit 1cc4bc2 into diffblue:develop Jan 29, 2025
39 of 40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@feliperodri feliperodri Awaiting requested review from feliperodri feliperodri is a code owner

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

Assignees
No one assigned
Labels
Code Contracts Function and loop contracts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@remi-delmas-3000 @tautschnig @feliperodri