Docs

Leo Alt · Leo Alt · commit 1a878a6bd5f5 · 2021-10-19T20:50:34.000+02:00
diff --git a/docs/smtchecker.rst b/docs/smtchecker.rst
@@ -412,7 +412,7 @@ is already "locked", so it would not be possible to change the value of ``x``,
 regardless of what the unknown called code does.
 
 If we "forget" to use the ``mutex`` modifier on function ``set``, the
-SMTChecker is able to synthesize the behavior of the externally called code so
+SMTChecker is able to synthesize the behaviour of the externally called code so
 that the assertion fails:
 
 .. code-block:: text
@@ -518,6 +518,23 @@ which has the following form:
         "source2.sol": ["contract2", "contract3"]
     }
 
+Reported Inferred Inductive Invariants
+======================================
+
+For properties that were proved safe with the CHC engine,
+the SMTChecker can retrieve inductive invariants that were inferred by the Horn
+solver as part of the proof.
+Currently two types of invariants can be reported to the user:
+
+- Contract Invariants: these are properties over the contract's state variables
+  that are true before and after every possible transaction that the contract may ever run. For example, ``x >= y``, where ``x`` and ``y`` are a contract's state variables.
+- Reentrancy Properties: they represent the behavior of the contract
+  in the presence of external calls to unknown code. These properties can express a relation
+  between the value of the state variables before and after the external call, where the external call is free to do anything, including making reentrant calls to the analyzed contract. Primed variables represent the state variables' values after said external call. Example: ``lock -> x = x'``.
+
+The user can choose the type of invariants to be reported using the CLI option ``--model-checker-invariants "contract,reentrancy"`` or as an array in the field ``settings.modelChecker.invariants`` in the :ref:`JSON input<compiler-api>`.
+By default the SMTChecker does not report invariants.
+
 Division and Modulo With Slack Variables
 ========================================
 
diff --git a/docs/using-the-compiler.rst b/docs/using-the-compiler.rst
@@ -418,6 +418,8 @@ Input Description
           "divModWithSlacks": true,
           // Choose which model checker engine to use: all (default), bmc, chc, none.
           "engine": "chc",
+          // Choose which types of invariants should be reported to the user: contract, reentrancy.
+          "invariants": ["contract", "reentrancy"],
           // Choose whether to output all unproved targets. The default is `false`.
           "showUnproved": true,
           // Choose which solvers should be used, if available.
