further simplifications & memory reductions to refinement check

Author: nunoplopes

ir/state.h

@@ -220,6 +220,7 @@ class State {
   void finishInitializer();
 
   auto& getFn() const { return f; }
+  auto& getMemory() const { return memory; }
   auto& getMemory() { return memory; }
   auto& getAxioms() const { return axioms; }
   auto& getPre() const { return precondition; }

ir/type.cpp

@@ -289,7 +289,7 @@ void VoidType::fixup(const Model &m) {
 }
 
 pair<expr, expr>
-VoidType::refines(State &src_s, State &tgt_s, const StateValue &src,
+VoidType::refines(const State &src_s, const State &tgt_s, const StateValue &src,
                   const StateValue &tgt) const {
   return { true, true };
 }
@@ -299,7 +299,7 @@ expr VoidType::mkInput(State &s, const char *name,
   UNREACHABLE();
 }
 
-void VoidType::printVal(ostream &os, State &s, const expr &e) const {
+void VoidType::printVal(ostream &os, const State &s, const expr &e) const {
   UNREACHABLE();
 }
 
@@ -347,7 +347,7 @@ expr IntType::enforceIntType(unsigned bits) const {
 }
 
 pair<expr, expr>
-IntType::refines(State &src_s, State &tgt_s, const StateValue &src,
+IntType::refines(const State &src_s, const State &tgt_s, const StateValue &src,
                  const StateValue &tgt) const {
   return { src.non_poison.implies(tgt.non_poison),
            (src.non_poison && tgt.non_poison).implies(src.value == tgt.value) };
@@ -358,7 +358,7 @@ expr IntType::mkInput(State &s, const char *name,
   return expr::mkVar(name, bits());
 }
 
-void IntType::printVal(ostream &os, State &s, const expr &e) const {
+void IntType::printVal(ostream &os, const State &s, const expr &e) const {
   e.printHexadecimal(os);
   os << " (";
   e.printUnsigned(os);
@@ -533,8 +533,8 @@ expr FloatType::enforceFloatType() const {
 }
 
 pair<expr, expr>
-FloatType::refines(State &src_s, State &tgt_s, const StateValue &src,
-                   const StateValue &tgt) const {
+FloatType::refines(const State &src_s, const State &tgt_s,
+                   const StateValue &src, const StateValue &tgt) const {
   expr non_poison = src.non_poison && tgt.non_poison;
   return { src.non_poison.implies(tgt.non_poison),
            (src.non_poison && tgt.non_poison).implies(src.value == tgt.value) };
@@ -552,7 +552,7 @@ expr FloatType::mkInput(State &s, const char *name,
   UNREACHABLE();
 }
 
-void FloatType::printVal(ostream &os, State &s, const expr &e) const {
+void FloatType::printVal(ostream &os, const State &s, const expr &e) const {
   if (e.isNaN().isTrue()) {
     os << "NaN";
     return;
@@ -652,7 +652,7 @@ StateValue PtrType::fromInt(StateValue v) const {
 }
 
 pair<expr, expr>
-PtrType::refines(State &src_s, State &tgt_s, const StateValue &src,
+PtrType::refines(const State &src_s, const State &tgt_s, const StateValue &src,
                  const StateValue &tgt) const {
   auto sm = src_s.returnMemory(), tm = tgt_s.returnMemory();
   Pointer p(sm, src.value);
@@ -672,7 +672,7 @@ PtrType::mkUndefInput(State &s, const ParamAttrs &attrs) const {
   return s.getMemory().mkUndefInput(attrs);
 }
 
-void PtrType::printVal(ostream &os, State &s, const expr &e) const {
+void PtrType::printVal(ostream &os, const State &s, const expr &e) const {
   os << Pointer(s.getMemory(), e);
 }
 
@@ -926,8 +926,8 @@ StateValue AggregateType::fromInt(StateValue v) const {
 }
 
 pair<expr, expr>
-AggregateType::refines(State &src_s, State &tgt_s, const StateValue &src,
-                       const StateValue &tgt) const {
+AggregateType::refines(const State &src_s, const State &tgt_s,
+                       const StateValue &src, const StateValue &tgt) const {
   set<expr> poison, value;
   for (unsigned i = 0; i < elements; ++i) {
     auto [p, v] = children[i]->refines(src_s, tgt_s, extract(src, i),
@@ -954,7 +954,7 @@ unsigned AggregateType::numPointerElements() const {
   return count;
 }
 
-void AggregateType::printVal(ostream &os, State &s, const expr &e) const {
+void AggregateType::printVal(ostream &os, const State &s, const expr &e) const {
   UNREACHABLE();
 }
 
@@ -1360,8 +1360,8 @@ StateValue SymbolicType::fromInt(StateValue val) const {
 }
 
 pair<expr, expr>
-SymbolicType::refines(State &src_s, State &tgt_s, const StateValue &src,
-                      const StateValue &tgt) const {
+SymbolicType::refines(const State &src_s, const State &tgt_s,
+                      const StateValue &src, const StateValue &tgt) const {
   DISPATCH(refines(src_s, tgt_s, src, tgt), UNREACHABLE());
 }
 
@@ -1375,7 +1375,7 @@ SymbolicType::mkUndefInput(State &st, const ParamAttrs &attrs) const {
   DISPATCH(mkUndefInput(st, attrs), UNREACHABLE());
 }
 
-void SymbolicType::printVal(ostream &os, State &st, const expr &e) const {
+void SymbolicType::printVal(ostream &os, const State &st, const expr &e) const {
   DISPATCH(printVal(os, st, e), UNREACHABLE());
 }
 

ir/type.h

@@ -107,15 +107,15 @@ class Type {
 
   // returns pair of refinement constraints for <poison, !poison && value>
   virtual std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const = 0;
 
   virtual smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const = 0;
   virtual std::pair<smt::expr, smt::expr>
     mkUndefInput(State &s, const ParamAttrs &attrs) const;
 
-  virtual void printVal(std::ostream &os, State &s,
+  virtual void printVal(std::ostream &os, const State &s,
                         const smt::expr &e) const = 0;
 
   virtual void print(std::ostream &os) const = 0;
@@ -136,11 +136,12 @@ class VoidType final : public Type {
   smt::expr getTypeConstraints() const override;
   void fixup(const smt::Model &m) override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const override;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   void print(std::ostream &os) const override;
 };
 
@@ -163,11 +164,12 @@ class IntType final : public Type {
   bool isIntType() const override;
   smt::expr enforceIntType(unsigned bits = 0) const override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const override;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   void print(std::ostream &os) const override;
 };
 
@@ -208,11 +210,12 @@ class FloatType final : public Type {
   smt::expr fromInt(smt::expr v) const override;
   IR::StateValue fromInt(IR::StateValue v) const override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const override;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   void print(std::ostream &os) const override;
 };
 
@@ -240,13 +243,14 @@ class PtrType final : public Type {
   smt::expr fromInt(smt::expr v) const override;
   IR::StateValue fromInt(IR::StateValue v) const override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const override;
   std::pair<smt::expr, smt::expr>
     mkUndefInput(State &s, const ParamAttrs &attrs) const override;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   void print(std::ostream &os) const override;
 };
 
@@ -296,12 +300,13 @@ class AggregateType : public Type {
   smt::expr fromInt(smt::expr v) const override;
   IR::StateValue fromInt(IR::StateValue v) const override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs) const override;
   unsigned numPointerElements() const;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   const AggregateType* getAsAggregateType() const override;
 };
 
@@ -402,14 +407,15 @@ class SymbolicType final : public Type {
   smt::expr fromInt(smt::expr v) const override;
   IR::StateValue fromInt(IR::StateValue v) const override;
   std::pair<smt::expr, smt::expr>
-    refines(State &src_s, State &tgt_s, const StateValue &src,
+    refines(const State &src_s, const State &tgt_s, const StateValue &src,
             const StateValue &tgt) const override;
   smt::expr
     mkInput(State &s, const char *name, const ParamAttrs &attrs)
     const override;
   std::pair<smt::expr, smt::expr>
     mkUndefInput(State &s, const ParamAttrs &attrs) const override;
-  void printVal(std::ostream &os, State &s, const smt::expr &e) const override;
+  void printVal(std::ostream &os, const State &s,
+                const smt::expr &e) const override;
   void print(std::ostream &os) const override;
 };
 

smt/solver.cpp

@@ -9,6 +9,7 @@
 #include <iomanip>
 #include <iostream>
 #include <optional>
+#include <string_view>
 #include <utility>
 #include <vector>
 #include <z3.h>
@@ -208,15 +209,6 @@ ostream& operator<<(ostream &os, const Model &m) {
 }
 
 
-SolverPush::SolverPush(Solver &s) : s(s) {
-  Z3_solver_push(ctx(), s.s);
-}
-
-SolverPush::~SolverPush() {
-  Z3_solver_pop(ctx(), s.s, 1);
-}
-
-
 static bool print_queries = false;
 void solver_print_queries(bool yes) {
   print_queries = yes;
@@ -238,7 +230,9 @@ Solver::~Solver() {
 }
 
 void Solver::add(const expr &e) {
-  if (e.isValid()) {
+  if (e.isFalse()) {
+    is_unsat = true;
+  } else if (e.isValid()) {
     auto ast = e();
     Z3_solver_assert(ctx(), s, ast);
     tactic->add(ast);
@@ -288,16 +282,21 @@ expr Solver::assertions() const {
 }
 
 Result Solver::check() const {
-  if (config::skip_smt) {
-    ++num_skips;
-    return Result::SKIP;
-  }
-
   if (!valid) {
     ++num_invalid;
     return Result::INVALID;
   }
 
+  if (is_unsat) {
+    ++num_trivial;
+    return Result::UNSAT;
+  }
+
+  if (config::skip_smt) {
+    ++num_skips;
+    return Result::SKIP;
+  }
+
   ++num_queries;
   if (print_queries)
     cout << "\nSMT query:\n" << Z3_solver_to_string(ctx(), s) << endl;
@@ -312,48 +311,35 @@ Result Solver::check() const {
     ++num_sats;
     return Z3_solver_get_model(ctx(), s);
   case Z3_L_UNDEF: {
-    string reason = Z3_solver_get_reason_unknown(ctx(), s);
+    string_view reason = Z3_solver_get_reason_unknown(ctx(), s);
     if (reason == "timeout") {
       ++num_timeout;
       return Result::TIMEOUT;
     }
     ++num_errors;
-    return { Result::ERROR, move(reason) };
+    return { Result::ERROR, string(reason) };
   }
   default:
     UNREACHABLE();
   }
 }
 
-bool Solver::check(expr &&q, std::function<void(const Result &r)> &&error) {
-  if (!q.isValid()) {
-    ++num_invalid;
-    error(Result::INVALID);
-    return false;
-  }
-
-  if (q.isFalse()) {
-    ++num_trivial;
-    return true;
-  }
-
-  // TODO: benchmark: reset() or new solver every time?
-  Solver s;
-  s.add(q);
-  auto res = s.check();
-  if (!res.isUnsat()) {
-    error(res);
-    return false;
-  }
-  return true;
-}
-
 Result check_expr(const expr &e) {
   Solver s;
   s.add(e);
   return s.check();
 }
 
+
+SolverPush::SolverPush(Solver &s) : s(s) {
+  Z3_solver_push(ctx(), s.s);
+}
+
+SolverPush::~SolverPush() {
+  Z3_solver_pop(ctx(), s.s, 1);
+}
+
+
 void solver_print_stats(ostream &os) {
   float total = num_queries / 100.0;
   float trivial_pc = num_queries == 0 ? 0 :