Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for sliceable assumptions #1634

Open
rafaelsamenezes opened this issue Jan 31, 2024 · 2 comments · May be fixed by #1668
Open

Support for sliceable assumptions #1634

rafaelsamenezes opened this issue Jan 31, 2024 · 2 comments · May be fixed by #1668
Labels
discussion

Comments

@rafaelsamenezes
Copy link
Contributor

In interval analysis, we have support for adding Invariants based on the current abstract state of the statement. For example:

int a = * ? 0 : 10;
//> ASSUME(a >= 0 && a <= 10);

These invariants, however, can cause unexpected effects on the slicer. Let's say for instance:

int a = * ? 0 : 10;
//> ASSUME(a >= 0 && a <= 10);
ASSERT(b == 1);

We can't slice a even though it does not affect the property. This is because the assumption adds it as a dependency. Also, we can't just slice assumptions. These assumptions might create some contradiction:

int a = 0;
int  b = 0;
assume(a != 0);
assert(b != 0);

However, this is different for the intervals. We know that the abstract state is reachable and does not have a contradiction in the invariant. This means that they are safe to slice.

I guess the easiest solution is to create a new boolean flag for assumptions. What do you think?
@emanino
Copy link
Collaborator

emanino commented Feb 2, 2024
edited

I support this feature. However, just one consideration from the user side:

Would it be possible to expose the sliceable assumptions to the programmer?

For instance, if I had access to a new annotation instruction like __ESBMC__sliceable_assume(x>=10), I could test all sort of externally-provided invariants (such as from FRAMA-C) by plugging them at the C code level. However, I have no clue how much extra work would be to do that, instead of a simple internal flag. I will let the ESBMC experts decide ;-)

@rafaelsamenezes
Copy link
Contributor Author

Would it be possible to expose the sliceable assumptions to the programmer?

Yeah, it should be simple.

@rafaelsamenezes rafaelsamenezes linked a pull request Feb 12, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support for explicit sliceable assumes esbmc/esbmc
2 participants
@rafaelsamenezes @emanino