Project

General

Profile

Actions

Bug #566

closed

Useful block sets are SAT on some of generic test drivers

Added by Pavel Shved about 14 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
-
Target version:
Start date:
11/16/2010
Due date:
% Done:

0%

Estimated time:
Detected in build:
6a34a370
Platform:
Published in build:

Description

In commit:6a34a370 I added description of a new problem. A set of interesting blocks should be UNSAT, but sometimes the algorithm returns SAT sets. It's not a regression of bug #514, it's been there all the time.

Why is that? It's not solver's imprecision: these errors appear even on CVC3 solver in its precise mode. In a nutshell, I don't know.

We should investigate this problem, and fix the algorithm if the error is in its design rather than in an implementation.


Files

s3_srvr.blast.08.BUG.i.cil.c (70.6 KB) s3_srvr.blast.08.BUG.i.cil.c Pavel Shved, 09/22/2011 05:52 PM

Related issues 1 (0 open1 closed)

Related to BLAST - Bug #514: BLAST's useful blocks generation algorithm is suboptimal for SMT solversClosedPavel Shved10/30/2010

Actions
Actions #1

Updated by Pavel Shved almost 14 years ago

  • Priority changed from High to Normal
Actions #2

Updated by Pavel Shved over 13 years ago

For 32_7 rule, the 2.6.31.6 kernel doesn't have any such drivers.

A good example to debug the problem is drivers/usb/atm/cxacru.ko on 32_1 rule (persists through several kernels).

Actions #3

Updated by Pavel Shved over 13 years ago

  • Project changed from Linux Driver Verification to BLAST
  • Category deleted (BLAST)
Actions #4

Updated by Pavel Shved about 13 years ago

Okay, I think it's a bug with SMT formula parts caching.

In one of the competition drivers, we see that one of the "true" predicates was cached as (not (= S8 0)), which prevents useful blockset from being UNSAT.

Region of the first block 42:
bs_assert:
And [Primed(cb@ssl3_accept, cb@ssl3_accept0)  !=  0,
Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).info_callback, (* (s@ssl3_accept)).info_callback0)  !=  0,
-(Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).state, 2088_)) >  -8656,
true]
Blocks fetched so far:
bs_assert:
Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).debug, (* (s@ssl3_accept)).debug0) ==  0
SMT conv key ub_123!
bs_assert:
true       // this one (?) is cached as (not (= S8 0))
Adding end_cons:
bs_assert:
true
Asserting trace up to 161:
Calling SMT solver for conj of 4 predicates
( benchmark Blast_query_25989
:logic AUFLIA
:extrafuns((S32 Int ))
:extrafuns((S31 Int ))
:extrafuns((S33 Int ))
....
:formula (and true true  (not (= S8 0)) (= S8 0) (and true (not (= S7 0)) (not (= S70 0)) (> (~ S50) (~ 8656)) true  ))
)

The file is attached, the runtime options are

pblast.opt -alias bdd -cref -cldepth 3 -nomusts -debug -bddprint -lattice -include-lattice symb -stop-sep -merge bdd -skipnorm -ialias -iclos -nolabelmeanssafe file.i
Actions #5

Updated by Pavel Shved about 13 years ago

11 SSH drivers end with this exception. We should fix it, I guess.

Actions #6

Updated by Pavel Shved about 13 years ago

  • Status changed from Open to Resolved

Fixed in a73abb4 in competition branch.

The only reason for the useful blocksets to be SAT for now is that they're satisfiable with real numbers, and unsat with integers.

Actions #7

Updated by Pavel Shved about 13 years ago

  • Status changed from Resolved to Closed

The problems with satisfiable useful block sets are gone.

Actions

Also available in: Atom PDF