Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate flow-insensitive YAML witness invariants with ghosts for privatized variables #1394

Draft
wants to merge 73 commits into
base: master
Choose a base branch
from
Draft

Generate flow-insensitive YAML witness invariants with ghosts for privatized variables #1394

wants to merge 73 commits into from

Conversation

sim642
Copy link
Member

@sim642 sim642 commented Mar 14, 2024
edited

This is a quick implementation of the idea we had a long time ago for exporting our protected invariants into YAML witnesses with ghosts.

protection privatization

For the Freiburg mutex.c example, we essentially generate the same witness with ghosts as the example:

  • A ghost variable m_locked is declared and updated to match lock and unlock operations of the mutex m.
  • A flow-insensitive invariant used == 0 || m_locked is generated using the ghost variable.

This is still our special flow_insensitive_invariant because there's the question where one would place the location_invariant when our result in fact holds at every point.

Currently tested only manually with:

./goblint ~/Documents/concurrency-witnesses/examples/VEWIT2023/mutex.c --enable ana.sv-comp.functions --set pre.cppflags[+] "-DGOBLINT_NO_PTHREAD_ONCE" --html --set ana.activated[+] mutexGhosts --enable witness.yaml.enabled --set witness.yaml.entry-types[+] flow_insensitive_invariant

mutex-meet privatization

For this example, the result is the same, but one invariant is generated per-mutex with a conjunction for all the protected variables. Also for the relational privatization.

TODO

  • Add tests using Add cram tests for YAML witnesses #1357.
  • Clean ghost variable management up to not be string-based.
  • What is the right invariant for multiple protecting mutexes?
  • What to do about ambiguous/unknown mutex lock and unlock operations? When do we have to generate a ghost update to which ghost variable?
    • Detect ambiguity and give up on those mutexes and globals.
  • Valid C names for ghost variables, in particular for (alloc@...) locks.
  • Add ghost variable for multi-threaded mode to avoid needing earlyglobs.
  • Prune unused ghost variables.
  • Are mutex-meet multiple-protecting invariants even right?
  • Adapt ghost update locations to Change YAML witness columns to 1-indexed #1400.
  • Unlock updates are on wrong node (but lock updates are right)?
  • e235ba7 broke OSX only
  • Options to disable ghost_variable and ghost_update entry types.
  • Relational mutex-meet.
  • Option to output __VERIFIER_atomic invariants unconditionally: they should not be observable anyway, but those ghost updates can be technically tricky to work with.

@sim642 sim642 self-assigned this Mar 14, 2024
@sim642
Document MutexGhosts
2eafa69
@sim642
Fix coverage build
470ddbc
@sim642
Make mutex-meet privatization more precise with earlyglobs
0d5ef63
@sim642
Generate mutex-meet flow-insensitive invariants with ghosts
a714dc6
@sim642
Add ghost variable for multithreaded mode
652aeae
@sim642
Reorder disjuncts in privatized invariants in implication order
7c33c72 
This also means that the global variable is (lazily) not accessed when the condition isn't met.
@sim642
Fix MustProtectingLocks query crash with top
4381e9f 
Happened on 13-privatized/01-priv_nr
@sim642
Fix protection privatization protected invariant with no protecting m…
60a51b9 
…utexes

Happened on 13-privatized/02-priv_rc.
@sim642
Fix mutex-meet privatization protected invariant with no protecting m…
fd84cd9 
…utexes

Happened on 13-privatized/02-priv_rc.
@sim642
Use RichVarinfo for witness ghost variables
516e3ad
@sim642
Deduplicate witness ghost entry creation
a10c973
@sim642
Allow non-void types for RichVarinfo
932ac3b
@sim642 sim642 added the pr-dependency Depends or builds on another PR, which should be merged before label Mar 18, 2024
@sim642 sim642 mentioned this pull request Apr 2, 2024
Merged
1 task
@sim642
Avoid emitting useless protected invariants from protection privatiza…
4ada6eb 
…tion
@sim642
Avoid useless work in mutex-meet invariant_global if ghost variable i…
a7d43a9 
…sn't available
@sim642
Fix struct field mutex ghost variable name
d6abc0b
@sim642
Fix definite array index mutex ghost variable name
6db1d04
@sim642
Make non-definite ghost variables unavailable
53a714f
@sim642
Disable mutex ghosts with indices
413b2e1
@sim642
Detect thread create nodes in mutexGhosts
ea849fb
@sim642
Refactor mutexGhosts thread creation collection
594beac
@sim642
Add option to emit flow_insensitive_invariant-s as location_invariant-s
584b788
@sim642
Add svcomp-ghost conf
8d5cc12
@sim642
Use YAML witness format-version 0.1 for svcomp-ghost
96d862e
@sim642
Test witness.invariant.flow_insensitive-as-location with for loop
257fa8c
@sim642
Fix witness.invariant.flow_insensitive-as-location at loop node
10dfba1
@sim642
Add cram test for relational mutex-meet flow-insensitive invariants
16c97fd
@sim642
Add InvariantGlobal interface to relational privatizations
5650784
@sim642
Implement relational mutex-meet flow-insensitive invariants
d3565cb
@sim642
Filter relational mutex-meet ghost invariant with keep_only_protected…
1aa35d8 
…_globals

lock does it too, so let's be safe.
@sim642
Add filters to relational InvariantGlobal
c4a8936
@sim642 sim642 mentioned this pull request Apr 30, 2024
Open
5 tasks
@sim642 sim642 mentioned this pull request May 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sim642 sim642

Labels
feature sv-comp
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sim642