Packages/c/cbmc-doc-6.9.0-1.fc45.x86_64.rpm

/*******************************************************************\


Module:


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "bv_refinement.h"


#ifdef DEBUG

#include <iostream>

#endif


#include <util/std_expr.h>

#include <util/find_symbols.h>


#include <solvers/sat/satcheck.h>


void bv_refinementt::finish_eager_conversion_arrays()

{

  collect_indices();

  // at this point all indices should in the index set


  // just build the data structure

  update_index_map(true);


  // we don't actually add any constraints

  lazy_arrays=config_.refine_arrays;

  add_array_constraints();

  freeze_lazy_constraints();

}


void bv_refinementt::arrays_overapproximated()

{

  if(!config_.refine_arrays)

    return;


  unsigned nb_active=0;


  // Evaluate all lazy constraints while the solver is still in SAT state.

  // We must not interleave get_value() calls with modifications to the

  // main solver (prop) because some SAT solvers (e.g., CaDiCaL) only

  // permit reading model values while in the satisfied state, and adding

  // clauses invalidates that state.

  struct evaluated_constraintt

  {

    exprt constraint;

    exprt simplified;

    std::list<lazy_constraintt>::iterator list_it;

  };

  std::vector<evaluated_constraintt> to_check;

  to_check.reserve(lazy_array_constraints.size());


  for(auto it = lazy_array_constraints.begin();

      it != lazy_array_constraints.end();

      ++it)

  {

    const exprt &current = it->lazy;


    // some minor simplifications

    // check if they are worth having

    if(current.id()==ID_implies)

    {

      implies_exprt imp=to_implies_expr(current);

      exprt implies_simplified = get_value(imp.op0());

      if(implies_simplified==false_exprt())

      {

        continue;

      }

    }


    if(current.id()==ID_or)

    {

      or_exprt orexp=to_or_expr(current);

      INVARIANT(

        orexp.operands().size() == 2, "only treats the case of a binary or");

      exprt o1 = get_value(orexp.op0());

      exprt o2 = get_value(orexp.op1());

      if(o1==true_exprt() || o2 == true_exprt())

      {

        continue;

      }

    }


    to_check.push_back({current, get_value(current), it});

  }


  // Now check each evaluated constraint using a local solver and activate

  // violated ones. This phase may modify the main solver (prop).

  for(auto &entry : to_check)

  {

    satcheck_no_simplifiert sat_check{log.get_message_handler()};

    bv_pointerst solver{ns, sat_check, log.get_message_handler()};

    solver.unbounded_array = bv_pointerst::unbounded_arrayt::U_ALL;


    solver << entry.simplified;


    switch(static_cast<decision_proceduret::resultt>(sat_check.prop_solve()))

    {

    case decision_proceduret::resultt::D_SATISFIABLE:

      break;

    case decision_proceduret::resultt::D_UNSATISFIABLE:

      prop.l_set_to_true(convert(entry.constraint));

      nb_active++;

      lazy_array_constraints.erase(entry.list_it);

      break;

    case decision_proceduret::resultt::D_ERROR:

      INVARIANT(false, "error in array over approximation check");

    }

  }


  log.debug() << "BV-Refinement: " << nb_active

              << " array expressions become active" << messaget::eom;

  log.debug() << "BV-Refinement: " << lazy_array_constraints.size()

              << " inactive array expressions" << messaget::eom;

  if(nb_active > 0)

    progress=true;

}


void bv_refinementt::freeze_lazy_constraints()

{

  if(!lazy_arrays)

    return;


  for(const auto &constraint : lazy_array_constraints)

  {

    // Freeze all symbols in the constraint

    for(const auto &symbol : find_symbols(constraint.lazy))

    {

      if(!bv_width.get_width_opt(symbol.type()).has_value())

        continue;

      const bvt bv=convert_bv(symbol);

      for(const auto &literal : bv)

        if(!literal.is_constant())

          prop.set_frozen(literal);

    }


    // Also freeze the full constraint literal and its sub-expressions

    // so that convert() during refinement does not hit eliminated

    // variables.

    literalt constraint_lit = convert(constraint.lazy);

    if(!constraint_lit.is_constant())

      prop.set_frozen(constraint_lit);

  }

}


convert
static bool convert(const irep_idt &identifier, const std::ostringstream &s, symbol_table_baset &symbol_table, message_handlert &message_handler)
Definition builtin_factory.cpp:42

bv_refinement.h
Abstraction Refinement Loop.

arrayst::lazy_array_constraints
std::list< lazy_constraintt > lazy_array_constraints
Definition arrays.h:122

arrayst::ns
const namespacet & ns
Definition arrays.h:63

arrayst::lazy_arrays
bool lazy_arrays
Definition arrays.h:119

arrayst::collect_indices
void collect_indices()
Definition arrays.cpp:96

arrayst::add_array_constraints
void add_array_constraints()
Definition arrays.cpp:290

arrayst::update_index_map
void update_index_map(bool update_all)
Definition arrays.cpp:417

arrayst::log
messaget log
Definition arrays.h:64

binary_exprt::op0
exprt & op0()
Definition expr.h:134

boolbvt::convert_bv
virtual const bvt & convert_bv(const exprt &expr, const std::optional< std::size_t > expected_width={})
Convert expression to vector of literalts, using an internal cache to speed up conversion if availabl...
Definition boolbv.cpp:40

boolbvt::unbounded_arrayt::U_ALL
@ U_ALL
Definition boolbv.h:91

boolbvt::bv_width
boolbv_widtht bv_width
Definition boolbv.h:120

boolbvt::get_value
mp_integer get_value(const bvt &bv)
Definition boolbv.h:94

bv_pointerst::bv_pointerst
bv_pointerst(const namespacet &, propt &, message_handlert &, bool get_array_constraints=false)
Definition bv_pointers.cpp:227

bv_refinementt::progress
bool progress
Definition bv_refinement.h:107

bv_refinementt::config_
configt config_
Definition bv_refinement.h:112

bv_refinementt::freeze_lazy_constraints
void freeze_lazy_constraints()
freeze symbols for incremental solving
Definition refine_arrays.cpp:125

bv_refinementt::arrays_overapproximated
void arrays_overapproximated()
check whether counterexample is spurious
Definition refine_arrays.cpp:36

bv_refinementt::finish_eager_conversion_arrays
void finish_eager_conversion_arrays() override
generate array constraints
Definition refine_arrays.cpp:21

decision_proceduret::resultt
resultt
Result of running the decision procedure.
Definition decision_procedure.h:45

decision_proceduret::resultt::D_ERROR
@ D_ERROR
Definition decision_procedure.h:48

decision_proceduret::resultt::D_UNSATISFIABLE
@ D_UNSATISFIABLE
Definition decision_procedure.h:47

decision_proceduret::resultt::D_SATISFIABLE
@ D_SATISFIABLE
Definition decision_procedure.h:46

exprt
Base class for all expressions.
Definition expr.h:57

exprt::operands
operandst & operands()
Definition expr.h:95

false_exprt
The Boolean constant false.
Definition std_expr.h:3125

implies_exprt
Boolean implication.
Definition std_expr.h:2144

irept::id
const irep_idt & id() const
Definition irep.h:388

literalt
Definition literal.h:26

literalt::is_constant
bool is_constant() const
Definition literal.h:166

messaget::eom
static eomt eom
Definition message.h:289

multi_ary_exprt::op1
exprt & op1()
Definition std_expr.h:932

multi_ary_exprt::op0
exprt & op0()
Definition std_expr.h:926

or_exprt
Boolean OR All operands must be boolean, and the result is always boolean.
Definition std_expr.h:2183

prop_conv_solvert::prop
propt & prop
Definition prop_conv_solver.h:130

true_exprt
The Boolean constant true.
Definition std_expr.h:3116

find_symbols
static bool find_symbols(symbol_kindt, const typet &, std::function< bool(const symbol_exprt &)>, std::unordered_set< irep_idt > &bindings, const std::vector< irep_idt > &subs_to_find)
Find identifiers with id ID_symbol of the sub expressions and the subs with ID in subs_to_find consid...
Definition find_symbols.cpp:152

find_symbols.h

bvt
std::vector< literalt > bvt
Definition literal.h:201

satcheck.h

solver
void solver(std::vector< framet > &frames, const std::unordered_set< symbol_exprt, irep_hash > &address_taken, const solver_optionst &solver_options, const namespacet &ns, std::vector< propertyt > &properties, std::size_t property_index)
Definition solver.cpp:44

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

std_expr.h
API to expression classes.

to_or_expr
const or_exprt & to_or_expr(const exprt &expr)
Cast an exprt to a or_exprt.
Definition std_expr.h:2230

to_implies_expr
const implies_exprt & to_implies_expr(const exprt &expr)
Cast an exprt to a implies_exprt.
Definition std_expr.h:2164