Static cone-of-influence analysis #75
Conversation
There was a problem hiding this comment.
Looks good to me. Thanks or working on this! I just left a few minor comments that could be addressed if you have a chance. In addition, I'm not sure how I feel about removing all the const specifiers, but it's fine for now. Tbh, the const stuff was causing some headaches in other areas as well. Maybe later we can discuss possible refactors that could clean that up.
I'm going to wait to merge this. I think it would be easier on me to merge the other features first and merge this on top of them.
| collect_coi_term(inputvars_in_coi_, sv); | ||
| } | ||
|
|
||
| new_coi_state_vars.clear(); |
There was a problem hiding this comment.
Do new_coi_state_vars and new_coi_input_vars need to be parameters? It looks to me like they are only used in a local way. At least in this method because they are cleared.
There was a problem hiding this comment.
Good catch! This part was left over from a previous version. I will update it.
| assert(!ts_.is_next_var(cur)); | ||
| logger.log(3, "collect COI inputvar {}", cur); | ||
| collect_coi_term(new_coi_input_vars, cur); | ||
| } |
There was a problem hiding this comment.
What about the next state variable case? Constraints can have next state variables because if it's an invariant, the constraint is added both over current vars and next vars. Is it safe to ignore those cases because there's always a current state version of the same invariant?
There was a problem hiding this comment.
Is it safe to ignore those cases because there's always a current state version of the same invariant?
Yes, that is exactly what I was thinking. That should work since we collect all state variables in all constraints unconditionally, i.e., without checking whether they are syntactically related to the bad-state term.
|
|
||
| /* Use global set 'coi_visited_terms' here to avoid visiting terms | ||
| multiple times when we call this function on different terms. */ | ||
| if (coi_visited_terms_.find(cur) == coi_visited_terms_.end()) { |
There was a problem hiding this comment.
If it would be easier, you can use this method to get all the free symbolic (i.e. uninterpreted) constants: https://github.com/makaimann/smt-switch/blob/8725a64ba57ce1cddb822d9a527a5ace223271b4/include/utils.h#L58
There was a problem hiding this comment.
Thanks for the pointer to that function, I was not aware of it!
As far as I see, get_free_symbolic_consts(...) uses a local cache to avoid visiting terms multiple times, whereas coi_visited_terms_ is a global cache that is maintained during the entire COI computation. That would make it a bit tricky to achieve the same functionality using get_free_symbolic_consts(...), I think.
| const smt::Term prop() const { return prop_; } | ||
|
|
||
| const TransitionSystem & transition_system() const { return ts_; } | ||
| TransitionSystem & transition_system() { return ts_; } |
There was a problem hiding this comment.
do we need this change?
There was a problem hiding this comment.
We need it for the current version but we will refactor the design and revert that change.
| ProverResult Prover::prove() { return check_until(INT_MAX); } | ||
|
|
||
| /* For debugging only. */ | ||
| void Prover::print_term_dfs(const Term & term) |
There was a problem hiding this comment.
this could be a static non-member function
There was a problem hiding this comment.
I agree. I suggest to leave it for now as it will change during refactoring.
| } | ||
|
|
||
| /* Add 'term' to 'set' if it does not already appear there. */ | ||
| void Prover::collect_coi_term(UnorderedTermSet & set, const Term & term) |
There was a problem hiding this comment.
this could be a static non-member function
There was a problem hiding this comment.
Like above, I agree. I suggest to leave it for now as it will change during refactoring.
| { | ||
| assert(term != NULL); | ||
| TermVec open_terms; | ||
| open_terms.push_back (term); |
There was a problem hiding this comment.
can a term contain a next state variable?
There was a problem hiding this comment.
Yes, term could contain a next-state variable depending on the context in which this function is called.
- if
termis the bad-state term, then it cannot contain a next-state variable. - if
termis a next-state function, then it cannot contain a next-state variable because the transition system is functional (not yet supporting relational ones). - if
termis a constraint, then it could contain a next-state variable, which we ignore because there exists always the corresponding constraint over current-state variables, which we will collect. That is related to the comment by @makaimann above.
|
Thanks for your feedback @makaimann and @ahmed-irfan! I just pushed an update to address your comments. |
One-time application of cone-of-influence (COI) analysis. We collect state/input variables that appear
Then we collect all state/input variables that appear in the next-state functions of all previously collected state variables. This process is iterated until saturation.
Finally, we rebuild the transition relation of the transition system by adding all the global constraints and the next-state functions of the collected state-variables.
COI computation is done in the Prover class in the initialization function. Hence COI can basically be combined with any model checking algorithm (i.e. classes inheriting from Prover).
A new public function was added to the TransitionSystem class to rebuild the transition relation based on collected COI information (to make that possible,
constqualifiers were removed e.g. from the transition system member variable in the Property class).Command line usage:
./pono --static-coiwhere verbosity level 1 prints basic information and a statistics summary of remaining state variables, and verbosity level 3 prints in-depth information (recommended for debugging only).COI currently is only compatible with functional transition system (when called on relational ones, an exception is thrown.)
TO BE ADDED: printing of full witnesses.