Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CONTRACTS: ensure at most one predicate per pointer #8577

Merged
merged 2 commits into from
Jan 31, 2025
Merged

CONTRACTS: ensure at most one predicate per pointer #8577

merged 2 commits into from
Jan 31, 2025

Conversation

remi-delmas-3000
Copy link
Collaborator

@remi-delmas-3000 remi-delmas-3000 commented Jan 25, 2025
edited
Loading

Please ignore the first commit, it is from #8576 and will disappear when rebasing.

Fixes a discrepancy between assert and assume behaviour for pointer predicates, by ensuring
that at most one predicate occurrence can be established at all times, in both assume and assert
contexts.

Before, is_fresh(p, n) && is_fresh(p, n) would fail in assert contexts but pass in assume contexts
by allocating twice.

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • [ x White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@codecov Codecov
Copy link

codecov bot commented Jan 25, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.85%. Comparing base (d490670) to head (bb3307a).
Report is 4 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #8577   +/-   ##
========================================
  Coverage    78.85%   78.85%           
========================================
  Files         1732     1732           
  Lines       199119   199119           
  Branches     18560    18560           
========================================
  Hits        157023   157023           
  Misses       42096    42096

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@feliperodri feliperodri added the Code Contracts Function and loop contracts label Jan 26, 2025
@remi-delmas-3000
Copy link
Collaborator Author

@tautschnig this one is also ready to merge

tautschnig
tautschnig approved these changes Jan 29, 2025
View reviewed changes
src/ansi-c/library/cprover_contracts.c Outdated
Comment on lines 1268 to 1275
// __CPROVER_assert(
// write_set->linked_ptr_pred_ctx->ptr_pred != ptr1,
// "__CPROVER_pointer_equals does not conflict with other pointer "
// "predicate");
// write_set->linked_ptr_pred_ctx->ptr_pred =
// __VERIFIER_nondet___CPROVER_bool()
// ? ptr1
// : write_set->linked_ptr_pred_ctx->ptr_pred;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What to take away from this commented-out part?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this. I need to fix that and add more tests for predicates used in ensures clauses in contract replacement mode.

CONTRACTS: at most one predicate occurence per pointer
bb3307a 
Ensures that at most one pointer predicate is positively
asserted/assumed per pointer.
 Before, `is_fresh(p, n) && is_fresh(p, n)` would
fail in assertion contexts as expected but pass in
assumption contexts by allocating twice.
@remi-delmas-3000
Copy link
Collaborator Author

remi-delmas-3000 commented Jan 31, 2025
edited
Loading

@tautschnig test suite now check every combination of conflicting predicates in both requires and ensures clauses for both contract checking and replacement, we're good to go

@remi-delmas-3000 remi-delmas-3000 merged commit c66ffbe into diffblue:develop Jan 31, 2025
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@feliperodri feliperodri Awaiting requested review from feliperodri feliperodri is a code owner

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

Assignees
No one assigned
Labels
Code Contracts Function and loop contracts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@remi-delmas-3000 @tautschnig @feliperodri