@@ -588,6 +588,8 @@ optionalt<cext> cegis_verifiert::verify()
588
588
// 3. construct the formatted counterexample from the violated property and
589
589
// its trace.
590
590
591
+ const namespacet ns (goto_model.symbol_table );
592
+
591
593
// Store the original functions. We will restore them after the verification.
592
594
for (const auto &fun_entry : goto_model.goto_functions .function_map )
593
595
{
@@ -652,38 +654,48 @@ optionalt<cext> cegis_verifiert::verify()
652
654
}
653
655
654
656
properties = checker->get_properties ();
655
- bool target_violation_found = false ;
656
- auto target_violation_info = properties.begin ()->second ;
657
+ auto target_violation = properties.end ();
657
658
658
659
// Find target violation---the violation we want to fix next.
659
660
// A target violation is an assignable violation or the first violation that
660
661
// is not assignable violation.
661
- for (const auto &property : properties)
662
+ for (auto it_property = properties.begin (); it_property != properties.end ();
663
+ it_property++)
662
664
{
663
- if (property. second .status != property_statust::FAIL)
665
+ if (it_property-> second .status != property_statust::FAIL)
664
666
continue ;
665
667
666
668
// assignable violation found
667
- if (property. second .description .find (" assignable" ) != std::string::npos)
669
+ if (it_property-> second .description .find (" assignable" ) != std::string::npos)
668
670
{
669
- target_violation = property.first ;
670
- target_violation_info = property.second ;
671
+ target_violation = it_property;
671
672
break ;
672
673
}
673
674
674
675
// Store the violation that we want to fix with synthesized
675
676
// assigns/invariant.
676
- if (!target_violation_found)
677
+ // ignore ASSERT FALSE
678
+ if (
679
+ target_violation == properties.end () &&
680
+ simplify_expr (it_property->second .pc ->condition (), ns) != false_exprt ())
677
681
{
678
- target_violation = property.first ;
679
- target_violation_info = property.second ;
680
- target_violation_found = true ;
682
+ target_violation = it_property;
681
683
}
682
684
}
683
685
686
+ // All violations are
687
+ // ASSERT FALSE
688
+ if (target_violation == properties.end ())
689
+ {
690
+ restore_functions ();
691
+ return optionalt<cext>();
692
+ }
693
+
694
+ target_violation_id = target_violation->first ;
695
+
684
696
// Decide the violation type from the description of violation
685
697
cext::violation_typet violation_type =
686
- extract_violation_type (target_violation_info .description );
698
+ extract_violation_type (target_violation-> second .description );
687
699
688
700
// Compute the cause loop---the loop for which we synthesize loop contracts,
689
701
// and the counterexample.
@@ -698,17 +710,17 @@ optionalt<cext> cegis_verifiert::verify()
698
710
// although there can be multiple ones.
699
711
700
712
log.debug () << " Start to compute cause loop ids." << messaget::eom;
701
- log.debug () << " Violation description: " << target_violation_info. description
702
- << messaget::eom;
713
+ log.debug () << " Violation description: "
714
+ << target_violation-> second . description << messaget::eom;
703
715
704
- const auto &trace = checker->get_traces ()[target_violation];
716
+ const auto &trace = checker->get_traces ()[target_violation-> first ];
705
717
// Doing assigns-synthesis or invariant-synthesis
706
718
if (violation_type == cext::violation_typet::cex_assignable)
707
719
{
708
720
cext result (violation_type);
709
721
result.cause_loop_ids = get_cause_loop_id_for_assigns (trace);
710
722
result.checked_pointer = static_cast <const exprt &>(
711
- target_violation_info .pc ->condition ().find (ID_checked_assigns));
723
+ target_violation-> second .pc ->condition ().find (ID_checked_assigns));
712
724
restore_functions ();
713
725
return result;
714
726
}
@@ -719,7 +731,7 @@ optionalt<cext> cegis_verifiert::verify()
719
731
// Although there can be multiple cause loop ids. We only synthesize
720
732
// loop invariants for the first cause loop.
721
733
const std::list<loop_idt> cause_loop_ids =
722
- get_cause_loop_id (trace, target_violation_info .pc );
734
+ get_cause_loop_id (trace, target_violation-> second .pc );
723
735
724
736
if (cause_loop_ids.empty ())
725
737
{
@@ -743,7 +755,7 @@ optionalt<cext> cegis_verifiert::verify()
743
755
violation_location = get_violation_location (
744
756
cause_loop_ids.front (),
745
757
goto_model.get_goto_function (cause_loop_ids.front ().function_id ),
746
- target_violation_info .pc ->location_number );
758
+ target_violation-> second .pc ->location_number );
747
759
}
748
760
749
761
restore_functions ();
@@ -755,7 +767,7 @@ optionalt<cext> cegis_verifiert::verify()
755
767
goto_model.goto_functions
756
768
.function_map [cause_loop_ids.front ().function_id ])
757
769
->source_location ());
758
- return_cex.violated_predicate = target_violation_info .pc ->condition ();
770
+ return_cex.violated_predicate = target_violation-> second .pc ->condition ();
759
771
return_cex.cause_loop_ids = cause_loop_ids;
760
772
return_cex.violation_location = violation_location;
761
773
return_cex.violation_type = violation_type;
@@ -764,7 +776,7 @@ optionalt<cext> cegis_verifiert::verify()
764
776
if (violation_type == cext::violation_typet::cex_null_pointer)
765
777
{
766
778
return_cex.checked_pointer = get_checked_pointer_from_null_pointer_check (
767
- target_violation_info .pc ->condition ());
779
+ target_violation-> second .pc ->condition ());
768
780
}
769
781
770
782
return return_cex;
0 commit comments