Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate flow-insensitive YAML witness invariants with ghosts for privatized variables #1394

Merged
merged 115 commits into from
Nov 29, 2024
Merged

Generate flow-insensitive YAML witness invariants with ghosts for privatized variables #1394

merged 115 commits into from
Nov 29, 2024

Conversation

sim642
Copy link
Member

@sim642 sim642 commented Mar 14, 2024
edited
Loading

This is a quick implementation of the idea we had a long time ago for exporting our protected invariants into YAML witnesses with ghosts.

protection privatization

For the Freiburg mutex.c example, we essentially generate the same witness with ghosts as the example:

  • A ghost variable m_locked is declared and updated to match lock and unlock operations of the mutex m.
  • A flow-insensitive invariant used == 0 || m_locked is generated using the ghost variable.

This is still our special flow_insensitive_invariant because there's the question where one would place the location_invariant when our result in fact holds at every point.

Currently tested only manually with:

./goblint ~/Documents/concurrency-witnesses/examples/VEWIT2023/mutex.c --enable ana.sv-comp.functions --set pre.cppflags[+] "-DGOBLINT_NO_PTHREAD_ONCE" --html --set ana.activated[+] mutexGhosts --enable witness.yaml.enabled --set witness.yaml.entry-types[+] flow_insensitive_invariant

mutex-meet privatization

For this example, the result is the same, but one invariant is generated per-mutex with a conjunction for all the protected variables. Also for the relational privatization.

TODO

  • Add tests using Add cram tests for YAML witnesses #1357.
  • Clean ghost variable management up to not be string-based.
  • What is the right invariant for multiple protecting mutexes?
  • What to do about ambiguous/unknown mutex lock and unlock operations? When do we have to generate a ghost update to which ghost variable?
    • Detect ambiguity and give up on those mutexes and globals.
  • Valid C names for ghost variables, in particular for (alloc@...) locks.
  • Add ghost variable for multi-threaded mode to avoid needing earlyglobs.
  • Prune unused ghost variables.
  • Are mutex-meet multiple-protecting invariants even right?
  • Adapt ghost update locations to Change YAML witness columns to 1-indexed #1400.
  • Unlock updates are on wrong node (but lock updates are right)?
  • e235ba7 broke OSX only
  • Options to disable ghost_variable and ghost_update entry types.
  • Relational mutex-meet.
  • Option to output __VERIFIER_atomic invariants unconditionally: they should not be observable anyway, but those ghost updates can be technically tricky to work with.

@sim642 sim642 added feature sv-comp SV-COMP (analyses, results), witnesses labels Mar 14, 2024
@sim642 sim642 self-assigned this Mar 14, 2024
@sim642
Document MutexGhosts
2eafa69
@sim642
Fix coverage build
470ddbc
@sim642
Make mutex-meet privatization more precise with earlyglobs
0d5ef63
@sim642
Generate mutex-meet flow-insensitive invariants with ghosts
a714dc6
@sim642
Add ghost variable for multithreaded mode
652aeae
@sim642
Reorder disjuncts in privatized invariants in implication order
7c33c72 
This also means that the global variable is (lazily) not accessed when the condition isn't met.
@sim642
Fix MustProtectingLocks query crash with top
4381e9f 
Happened on 13-privatized/01-priv_nr
@sim642
Fix protection privatization protected invariant with no protecting m…
60a51b9 
…utexes

Happened on 13-privatized/02-priv_rc.
@sim642
Fix mutex-meet privatization protected invariant with no protecting m…
fd84cd9 
…utexes

Happened on 13-privatized/02-priv_rc.
@sim642
Use RichVarinfo for witness ghost variables
516e3ad
@sim642
Deduplicate witness ghost entry creation
a10c973
@sim642
Allow non-void types for RichVarinfo
932ac3b
@sim642 sim642 added the pr-dependency Depends or builds on another PR, which should be merged before label Mar 18, 2024
@sim642 sim642 mentioned this pull request Apr 2, 2024
Merged
1 task
jerhard
jerhard reviewed Nov 20, 2024
View reviewed changes
Copy link
Member

@jerhard jerhard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks mostly good! I left some comments with questions and remarks.

src/config/options.schema.json Show resolved Hide resolved
src/config/options.schema.json Outdated Show resolved Hide resolved
src/domains/queries.ml Outdated Show resolved Hide resolved
src/analyses/basePriv.ml Outdated Show resolved Hide resolved
src/analyses/mutexGhosts.ml Outdated Show resolved Hide resolved
src/witness/yamlWitness.ml Outdated Show resolved Hide resolved
src/witness/yamlWitnessType.ml Outdated Show resolved Hide resolved
src/witness/yamlWitnessType.ml Outdated Show resolved Hide resolved
src/analyses/mutexGhosts.ml Show resolved Hide resolved
src/analyses/base.ml Show resolved Hide resolved
@sim642 sim642 modified the milestones: v2.5.0, v2.6.0 Nov 21, 2024
jerhard
jerhard reviewed Nov 22, 2024
View reviewed changes
conf/svcomp-ghost.json Outdated Show resolved Hide resolved
@sim642 sim642 merged commit 393f897 into master Nov 29, 2024
20 of 21 checks passed
@sim642 sim642 deleted the yaml-witness-ghost branch November 29, 2024 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-schwarz michael-schwarz michael-schwarz left review comments

@jerhard jerhard jerhard left review comments

Assignees

@sim642 sim642

Labels
feature sv-comp SV-COMP (analyses, results), witnesses
Projects
None yet
Milestone
v2.6.0
Development

Successfully merging this pull request may close these issues.
3 participants
@sim642 @jerhard @michael-schwarz