Merge pull request #5714 from tautschnig/cover-trace

tautschnig · web-flow · commit 4820ec3c8404 · 2021-01-21T23:59:24.000+01:00
CBMC/JBMC --cover: only store traces with --trace to avoid memory exhaustion
diff --git a/doc/cprover-manual/test-suite.md b/doc/cprover-manual/test-suite.md
@@ -128,10 +128,11 @@ and outputs of interest for generating test suites.
 To demonstrate the automatic test suite generation in CBMC, we call the
 following command:
 
-    cbmc pid.c --cover mcdc --unwind 6 --xml-ui
+    cbmc pid.c --cover mcdc --show-test-suite --unwind 6 --xml-ui
 
 We'll describe those command line options one by one. The option `--cover mcdc`
-specifies the code coverage criterion. There
+specifies the code coverage criterion, and --show-test-suite requests that a
+test suite be printed. There
 are four conditional statements in the PID function: in lines 41,
 44, 48, and 49. To satisfy MC/DC, the test suite has to meet
 multiple requirements. For instance, each conditional statement needs to
diff --git a/regression/cbmc-cover/branch-loop1/test.desc b/regression/cbmc-cover/branch-loop1/test.desc
@@ -1,6 +1,6 @@
 CORE
 main.c
---xml-ui --cover branch
+--xml-ui --cover branch --show-test-suite
 activate-multi-line-match
 ^EXIT=0$
 ^SIGNAL=0$
diff --git a/regression/cbmc-cover/pointer-function-parameters-2/test.desc b/regression/cbmc-cover/pointer-function-parameters-2/test.desc
@@ -1,6 +1,6 @@
 CORE
 main.c
---function fun --cover branch
+--function fun --cover branch --show-test-suite
 ^\*\* 7 of 7 covered \(100.0%\)$
 ^Test suite:$
 a=\(\(signed int \*\*\)NULL\)
diff --git a/regression/cbmc-cover/pointer-function-parameters/test.desc b/regression/cbmc-cover/pointer-function-parameters/test.desc
@@ -1,6 +1,6 @@
 CORE
 main.c
---function fun --cover branch
+--function fun --cover branch --show-test-suite
 ^\*\* 5 of 5 covered \(100\.0%\)$
 ^Test suite:$
 ^(tmp(\$\d+)?=[^,]*, a=\(\(signed int \*\)NULL\))|(a=\(\(signed int \*\)NULL\), tmp(\$\d+)?=[^,]*)$
diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp
@@ -726,8 +726,11 @@ int cbmc_parse_optionst::doit()
     (void)verifier();
     verifier.report();
 
-    c_test_input_generatort test_generator(ui_message_handler, options);
-    test_generator(verifier.get_traces());
+    if(options.get_bool_option("show-test-suite"))
+    {
+      c_test_input_generatort test_generator(ui_message_handler, options);
+      test_generator(verifier.get_traces());
+    }
 
     return CPROVER_EXIT_SUCCESS;
   }
diff --git a/src/goto-checker/cover_goals_verifier_with_trace_storage.h b/src/goto-checker/cover_goals_verifier_with_trace_storage.h
@@ -41,9 +41,14 @@ class cover_goals_verifier_with_trace_storaget : public goto_verifiert
     while(incremental_goto_checker(properties).progress !=
           incremental_goto_checkert::resultt::progresst::DONE)
     {
-      // we've got a trace; store it and link it to the covered goals
-      message_building_error_trace(log);
-      (void)traces.insert_all(incremental_goto_checker.build_full_trace());
+      if(
+        options.get_bool_option("show-test-suite") ||
+        options.get_bool_option("trace"))
+      {
+        // we've got a trace; store it and link it to the covered goals
+        message_building_error_trace(log);
+        (void)traces.insert_all(incremental_goto_checker.build_full_trace());
+      }
 
       ++iterations;
     }
diff --git a/src/goto-checker/goto_trace_storage.cpp b/src/goto-checker/goto_trace_storage.cpp
@@ -27,6 +27,10 @@ const goto_tracet &goto_trace_storaget::insert(goto_tracet &&trace)
     emplace_result.second,
     "cannot associate more than one error trace with property " +
       id2string(last_step.property_id));
+
+  for(auto &step : traces.back().steps)
+    step.merge_ireps(merge_ireps);
+
   return traces.back();
 }
 
@@ -40,10 +44,14 @@ const goto_tracet &goto_trace_storaget::insert_all(goto_tracet &&trace)
   {
     property_id_to_trace_index.emplace(property_id, traces.size() - 1);
   }
+
+  for(auto &step : traces.back().steps)
+    step.merge_ireps(merge_ireps);
+
   return traces.back();
 }
 
-const std::vector<goto_tracet> &goto_trace_storaget::all() const
+const std::list<goto_tracet> &goto_trace_storaget::all() const
 {
   return traces;
 }
@@ -53,8 +61,9 @@ operator[](const irep_idt &property_id) const
 {
   const auto trace_found = property_id_to_trace_index.find(property_id);
   PRECONDITION(trace_found != property_id_to_trace_index.end());
+  CHECK_RETURN(trace_found->second < traces.size());
 
-  return traces.at(trace_found->second);
+  return *(std::next(traces.begin(), trace_found->second));
 }
 
 const namespacet &goto_trace_storaget::get_namespace() const
diff --git a/src/goto-checker/goto_trace_storage.h b/src/goto-checker/goto_trace_storage.h
@@ -14,6 +14,10 @@ Author: Daniel Kroening, Peter Schrammel
 
 #include <goto-programs/goto_trace.h>
 
+#include <util/merge_irep.h>
+
+#include <list>
+
 class goto_trace_storaget
 {
 public:
@@ -28,7 +32,7 @@ class goto_trace_storaget
   ///   are mapped to the given trace.
   const goto_tracet &insert_all(goto_tracet &&);
 
-  const std::vector<goto_tracet> &all() const;
+  const std::list<goto_tracet> &all() const;
   const goto_tracet &operator[](const irep_idt &property_id) const;
 
   const namespacet &get_namespace() const;
@@ -38,10 +42,13 @@ class goto_trace_storaget
   const namespacet &ns;
 
   /// stores the traces
-  std::vector<goto_tracet> traces;
+  std::list<goto_tracet> traces;
 
   // maps property ID to index in traces
   std::unordered_map<irep_idt, std::size_t> property_id_to_trace_index;
+
+  /// irep container for shared ireps
+  merge_irept merge_ireps;
 };
 
 #endif // CPROVER_GOTO_CHECKER_GOTO_TRACE_STORAGE_H
diff --git a/src/goto-instrument/cover.cpp b/src/goto-instrument/cover.cpp
@@ -166,6 +166,8 @@ void parse_cover_options(const cmdlinet &cmdline, optionst &options)
     cmdline.isset("cover-traces-must-terminate"));
   options.set_option(
     "cover-failed-assertions", cmdline.isset("cover-failed-assertions"));
+
+  options.set_option("show-test-suite", cmdline.isset("show-test-suite"));
 }
 
 /// Build data structures controlling coverage from command-line options.
diff --git a/src/goto-instrument/cover.h b/src/goto-instrument/cover.h
@@ -24,15 +24,18 @@ class optionst;
 
 #define OPT_COVER                                                              \
   "(cover):"                                                                   \
-  "(cover-failed-assertions)"
+  "(cover-failed-assertions)"                                                  \
+  "(show-test-suite)"
 
 #define HELP_COVER                                                             \
   " --cover CC                   create test-suite with coverage criterion "   \
   "CC\n"                                                                       \
   " --cover-failed-assertions    do not stop coverage checking at failed "     \
   "assertions\n"                                                               \
   "                              (this is the default for --cover "            \
-  "assertions)\n"
+  "assertions)\n"                                                              \
+  " --show-test-suite            print test suite for coverage criterion "     \
+  "(requires --cover)"
 
 enum class coverage_criteriont
 {
diff --git a/src/goto-programs/goto_trace.cpp b/src/goto-programs/goto_trace.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening
 #include <util/arith_tools.h>
 #include <util/byte_operators.h>
 #include <util/format_expr.h>
+#include <util/merge_irep.h>
 #include <util/range.h>
 #include <util/string_utils.h>
 #include <util/symbol.h>
@@ -133,6 +134,20 @@ void goto_trace_stept::output(
 
   out << '\n';
 }
+
+void goto_trace_stept::merge_ireps(merge_irept &dest)
+{
+  dest(cond_expr);
+  dest(full_lhs);
+  dest(full_lhs_value);
+
+  for(auto &io_arg : io_args)
+    dest(io_arg);
+
+  for(auto &function_arg : function_arguments)
+    dest(function_arg);
+}
+
 /// Returns the numeric representation of an expression, based on
 /// options. The default is binary without a base-prefix. Setting
 /// options.hex_representation to be true outputs hex format. Setting
diff --git a/src/goto-programs/goto_trace.h b/src/goto-programs/goto_trace.h
@@ -24,6 +24,8 @@ Date: July 2005
 
 #include <goto-programs/goto_program.h>
 
+class merge_irept;
+
 /// Step of the trace of a GOTO program
 ///
 /// A step is either:
@@ -162,6 +164,10 @@ class goto_trace_stept
     full_lhs_value.make_nil();
     cond_expr.make_nil();
   }
+
+  /// Use \p dest to establish sharing among ireps.
+  /// \param [out] dest: irep storage container.
+  void merge_ireps(merge_irept &dest);
 };
 
 /// Trace of a GOTO program.

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,10 @@ const goto_tracet &goto_trace_storaget::insert(goto_tracet &&trace)`
`27`	`27`	`emplace_result.second,`
`28`	`28`	`"cannot associate more than one error trace with property " +`
`29`	`29`	`id2string(last_step.property_id));`
	`30`	`+`
	`31`	`+ for(auto &step : traces.back().steps)`
	`32`	`+ step.merge_ireps(merge_ireps);`
	`33`	`+`
`30`	`34`	`return traces.back();`
`31`	`35`	`}`
`32`	`36`
`@@ -40,10 +44,14 @@ const goto_tracet &goto_trace_storaget::insert_all(goto_tracet &&trace)`
`40`	`44`	`{`
`41`	`45`	`property_id_to_trace_index.emplace(property_id, traces.size() - 1);`
`42`	`46`	`}`
	`47`	`+`
	`48`	`+ for(auto &step : traces.back().steps)`
	`49`	`+ step.merge_ireps(merge_ireps);`
	`50`	`+`
`43`	`51`	`return traces.back();`
`44`	`52`	`}`
`45`	`53`
`46`		`-const std::vector<goto_tracet> &goto_trace_storaget::all() const`
	`54`	`+const std::list<goto_tracet> &goto_trace_storaget::all() const`
`47`	`55`	`{`
`48`	`56`	`return traces;`
`49`	`57`	`}`
`@@ -53,8 +61,9 @@ operator[](const irep_idt &property_id) const`
`53`	`61`	`{`
`54`	`62`	`const auto trace_found = property_id_to_trace_index.find(property_id);`
`55`	`63`	`PRECONDITION(trace_found != property_id_to_trace_index.end());`
	`64`	`+ CHECK_RETURN(trace_found->second < traces.size());`
`56`	`65`
`57`		`- return traces.at(trace_found->second);`
	`66`	`+ return *(std::next(traces.begin(), trace_found->second));`
`58`	`67`	`}`
`59`	`68`
`60`	`69`	`const namespacet &goto_trace_storaget::get_namespace() const`
Original file line number	Diff line number	Diff line change
`@@ -166,6 +166,8 @@ void parse_cover_options(const cmdlinet &cmdline, optionst &options)`
`166`	`166`	`cmdline.isset("cover-traces-must-terminate"));`
`167`	`167`	`options.set_option(`
`168`	`168`	`"cover-failed-assertions", cmdline.isset("cover-failed-assertions"));`
	`169`	`+`
	`170`	`+ options.set_option("show-test-suite", cmdline.isset("show-test-suite"));`
`169`	`171`	`}`
`170`	`172`
`171`	`173`	`/// Build data structures controlling coverage from command-line options.`