Comments (3)
hmm. Can you make this produce an unsound verification result (i.e., a case where verification fails when actually it should pass)? If not, I think this might just be a problem parsing the counterexample back but I'll take a look.
from uclid.
from uclid.
Here's an example. The invariant done
should express the same logic as the assert
statement in the next
block, but the invariant passes while the assertion fails.
module fsm {
type op_t = enum { SET_T, SET_F };
input imem : [bv3]op_t;
var pc : bv3;
var reg : boolean;
init {
pc = 0bv3;
}
next {
case
(imem[pc] == SET_T) : { reg' = true; }
(imem[pc] == SET_F) : { reg' = false; }
esac
pc' = pc + 1bv3;
}
}
module main {
type * = fsm.*;
var imem : [bv3]op_t;
var step : integer;
instance fsm_0 : fsm (imem : (imem));
init {
assume (imem[0bv3] == SET_T);
assume (imem[1bv3] == SET_F);
step = 0;
}
next {
next (fsm_0);
step' = step + 1;
case
(step == 1): {
assert (fsm_0.reg == true);
}
esac
}
invariant done : (step == 1) ==> fsm_0.reg == true;
control {
vobj = bmc_noLTL(4);
check;
print_results;
vobj.print_cex(step, imem, fsm_0.pc, fsm_0.reg);
}
}
Output:
Successfully instantiated 2 module(s).
8 assertions passed.
1 assertions failed.
0 assertions indeterminate.
PASSED -> vobj [Step #0] property done @ no_update_unsound.ucl, line 45
PASSED -> vobj [Step #1] assertion @ no_update_unsound.ucl, line 40
PASSED -> vobj [Step #1] property done @ no_update_unsound.ucl, line 45
PASSED -> vobj [Step #2] property done @ no_update_unsound.ucl, line 45
PASSED -> vobj [Step #3] assertion @ no_update_unsound.ucl, line 40
PASSED -> vobj [Step #3] property done @ no_update_unsound.ucl, line 45
PASSED -> vobj [Step #4] assertion @ no_update_unsound.ucl, line 40
PASSED -> vobj [Step #4] property done @ no_update_unsound.ucl, line 45
FAILED -> vobj [Step #2] assertion @ no_update_unsound.ucl, line 40
CEX for vobj [Step #2] assertion @ no_update_unsound.ucl, line 40
=================================
Step #0
step : 0
imem :
1 : SET_F
- : SET_T
fsm_0.pc : 0
fsm_0.reg : false
=================================
=================================
Step #1
step : 1
imem :
1 : SET_F
- : SET_T
fsm_0.pc : 1
fsm_0.reg : true
=================================
=================================
Step #2
step : 1
imem :
1 : SET_F
- : SET_T
fsm_0.pc : 2
fsm_0.reg : false
=================================
Finished execution for module: main.
As you can see in the provided counterexample, step
's value fails to update while the values within the fsm_0
instance do update. It's possible this is related in some way to #156, since verification seems to pass when the transition logic + state for the fsm
module is inlined into main
instead.
from uclid.
Related Issues (20)
- The counterexample of induction with k > 1 shows one less state in the induction_step. HOT 1
- using past and history function in invariants HOT 3
- synthesis test 7
- synthesis test 7
- Enum variants in modules not recognized without importing type in main module HOT 1
- Record literals not type-checking properly
- instance procedure calls use modified values HOT 1
- Z3 array not converted to string in counterexample HOT 2
- Assertions on values of variables changed by child modules in `next` block have inconsistent values
- tutorial/ex4.4 embeded assertions not working as expected HOT 2
- Assumption on array causes malfunctioning checks HOT 5
- The `bmc` command currently ignores `assert` statements. HOT 1
- error splitting commands HOT 1
- TODO: printing of enums in synth functions
- Different verification results produced when there is only a variable name difference HOT 4
- Record Rewriter's Bugs
- RewriteRecordSelect conflicts with printing individual fields in counterexamples HOT 5
- Simple liveness checks incorrectly passing HOT 1
- Counterexample doesn't make sense HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uclid.