Skip to content

Commit dbec7d0

Browse files
karkhazkarkhaz
committed
Add --halt-on-bug flag
When doing path exploration, one sometimes wants CBMC to halt as soon as it encounters a single bug, rather than exploring for all bugs. This flag enables that behaviour.
1 parent acaeb24 commit dbec7d0

File tree

4 files changed

+50
-0
lines changed

4 files changed

+50
-0
lines changed

src/cbmc/bmc.cpp

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -588,6 +588,12 @@ int bmct::do_language_agnostic_bmc(
588588
if(driver_configure_bmc)
589589
driver_configure_bmc(bmc, symbol_table);
590590
tmp_result = bmc.run(model);
591+
592+
if(
593+
tmp_result == safety_checkert::resultt::UNSAFE &&
594+
opts.get_bool_option("halt-on-bug"))
595+
return CPROVER_EXIT_VERIFICATION_UNSAFE;
596+
591597
if(tmp_result != safety_checkert::resultt::PAUSED)
592598
final_result = tmp_result;
593599
}
@@ -637,6 +643,12 @@ int bmct::do_language_agnostic_bmc(
637643
if(driver_configure_bmc)
638644
driver_configure_bmc(pe, symbol_table);
639645
tmp_result = pe.run(model);
646+
647+
if(
648+
tmp_result == safety_checkert::resultt::UNSAFE &&
649+
opts.get_bool_option("halt-on-bug"))
650+
return CPROVER_EXIT_VERIFICATION_UNSAFE;
651+
640652
if(tmp_result != safety_checkert::resultt::PAUSED)
641653
final_result &= tmp_result;
642654
worklist->pop();

src/cbmc/bmc.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,7 @@ class path_explorert : public bmct
304304
"(no-pretty-names)" \
305305
"(no-self-loops-to-assumptions)" \
306306
"(partial-loops)" \
307+
"(halt-on-bug)" \
307308
"(paths):" \
308309
"(show-symex-strategies)" \
309310
"(depth):" \
@@ -326,6 +327,7 @@ class path_explorert : public bmct
326327
" --unwinding-assertions generate unwinding assertions (cannot be\n" \
327328
" used with --cover or --partial-loops)\n" \
328329
" --partial-loops permit paths with partial loops\n" \
330+
" --halt-on-bug with --paths, halt on first buggy path\n" \
329331
" --no-self-loops-to-assumptions\n" \
330332
" do not simplify while(1){} to assume(0)\n" \
331333
" --no-pretty-names do not simplify identifiers\n" \

src/goto-symex/path_storage.cpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,9 @@ void path_strategy_choosert::set_path_strategy_options(
9898
exit(CPROVER_EXIT_USAGE_ERROR);
9999
}
100100
options.set_option("exploration-strategy", strategy);
101+
102+
if(cmdline.isset("halt-on-bug"))
103+
options.set_option("halt-on-bug", true);
101104
}
102105
else
103106
options.set_option("exploration-strategy", default_strategy());

unit/path_strategies.cpp

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,39 @@ SCENARIO("path strategies")
223223
symex_eventt::resume(symex_eventt::enumt::JUMP, 9),
224224
symex_eventt::result(symex_eventt::enumt::FAILURE),
225225
});
226+
227+
GIVEN("program to check for halt-on-unsafe")
228+
{
229+
std::function<void(optionst &)> halt_callback = [](optionst &opts) {
230+
opts.set_option("halt-on-unsafe", true);
231+
};
232+
std::function<void(optionst &)> no_halt_callback = [](optionst &opts) {};
233+
234+
c =
235+
"/* 1 */ int main() \n"
236+
"/* 2 */ { \n"
237+
"/* 3 */ int x, y; \n"
238+
"/* 4 */ if(x) \n"
239+
"/* 5 */ y = 5 / 0; \n"
240+
"/* 6 */ else \n"
241+
"/* 7 */ y = 5 / 0; \n"
242+
"/* 8 */ } \n";
243+
244+
check_with_strategy(
245+
"lifo",
246+
no_halt_callback,
247+
c,
248+
{symex_eventt::resume(symex_eventt::enumt::NEXT, 4),
249+
symex_eventt::result(symex_eventt::enumt::FAILURE),
250+
symex_eventt::resume(symex_eventt::enumt::NEXT, 6),
251+
symex_eventt::result(symex_eventt::enumt::FAILURE)});
252+
check_with_strategy(
253+
"lifo",
254+
halt_callback,
255+
c,
256+
{symex_eventt::resume(symex_eventt::enumt::NEXT, 4),
257+
symex_eventt::result(symex_eventt::enumt::FAILURE)});
258+
}
226259
}
227260
}
228261

0 commit comments

Comments
 (0)