Skip to content

Fixes around pc freshness and reachability #737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Fixes around pc freshness and reachability #737

wants to merge 5 commits into from

Conversation

krtab
Copy link
Collaborator

@krtab krtab commented Jul 10, 2025
edited
Loading

  1. Ensure that we are reachable before adding and slicing (2nd commit)
  2. Ensure we are reachable before failing an assert

Fix: #566 (both reproducing examples)

@zapashcanon zapashcanon mentioned this pull request Jul 10, 2025
Merged
zapashcanon
zapashcanon reviewed Jul 11, 2025
View reviewed changes
zapashcanon
zapashcanon reviewed Jul 11, 2025
View reviewed changes
src/symbolic/symbolic_choice.ml
| hd :: tl -> begin
let pc_to_check = List.fold_left Symbolic_value.Bool.and_ hd tl in
let pc_to_check =
Symbolic_path_condition.slice (Thread.pc thread) pc_to_check
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A call to slice can only be done if there was a call to Symbolic_path_condition.add before.

zapashcanon
zapashcanon reviewed Jul 11, 2025
View reviewed changes
src/symbolic/symbolic_choice.ml
false
in
let* () = check_reachability in
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand the purpose one this check

zapashcanon
zapashcanon reviewed Jul 11, 2025
View reviewed changes
src/symbolic/symbolic_choice.ml
@@ -484,18 +495,22 @@ module Make (Thread : Thread_intf.S) = struct
in
let this_val_branch =
let* () = add_breadcrumb (Int32.to_int i) in
let+ () = add_pc this_value_cond in
let* () = add_pc this_value_cond in
let+ () = modify_thread Thread.mark_pending_pc_done in
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is adding something to the pending PC and then emptying the pending PC immediately?

@zapashcanon zapashcanon mentioned this pull request Jul 22, 2025
Open
@zapashcanon
Copy link
Member

I decided to merge #739 instead. It makes reasoning easier, as eager pruning of infeasible path is much more easier to explain and maintain as an invariant. I think it may makes sense to explore lazy pruning in the future, but I'd prefer to start with the easier version for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zapashcanon zapashcanon zapashcanon left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

assert false reached
2 participants
@krtab @zapashcanon