Bug #566
closedUseful block sets are SAT on some of generic test drivers
0%
Description
In commit:6a34a370 I added description of a new problem. A set of interesting blocks should be UNSAT, but sometimes the algorithm returns SAT sets. It's not a regression of bug #514, it's been there all the time.
Why is that? It's not solver's imprecision: these errors appear even on CVC3 solver in its precise mode. In a nutshell, I don't know.
We should investigate this problem, and fix the algorithm if the error is in its design rather than in an implementation.
Files
Updated by Pavel Shved over 13 years ago
For 32_7 rule, the 2.6.31.6 kernel doesn't have any such drivers.
A good example to debug the problem is drivers/usb/atm/cxacru.ko on 32_1 rule (persists through several kernels).
Updated by Pavel Shved over 13 years ago
- Project changed from Linux Driver Verification to BLAST
- Category deleted (
BLAST)
Updated by Pavel Shved about 13 years ago
- File s3_srvr.blast.08.BUG.i.cil.c s3_srvr.blast.08.BUG.i.cil.c added
- Status changed from New to Open
- Priority changed from Normal to Urgent
- Target version set to 2.7
Okay, I think it's a bug with SMT formula parts caching.
In one of the competition drivers, we see that one of the "true" predicates was cached as (not (= S8 0)), which prevents useful blockset from being UNSAT.
Region of the first block 42: bs_assert: And [Primed(cb@ssl3_accept, cb@ssl3_accept0) != 0, Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).info_callback, (* (s@ssl3_accept)).info_callback0) != 0, -(Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).state, 2088_)) > -8656, true] Blocks fetched so far: bs_assert: Primed(Primed(* (Primed(s@ssl3_accept, s@ssl3_accept0) ), * (s@ssl3_accept)0).debug, (* (s@ssl3_accept)).debug0) == 0 SMT conv key ub_123! bs_assert: true // this one (?) is cached as (not (= S8 0)) Adding end_cons: bs_assert: true Asserting trace up to 161: Calling SMT solver for conj of 4 predicates ( benchmark Blast_query_25989 :logic AUFLIA :extrafuns((S32 Int )) :extrafuns((S31 Int )) :extrafuns((S33 Int )) .... :formula (and true true (not (= S8 0)) (= S8 0) (and true (not (= S7 0)) (not (= S70 0)) (> (~ S50) (~ 8656)) true )) )
The file is attached, the runtime options are
pblast.opt -alias bdd -cref -cldepth 3 -nomusts -debug -bddprint -lattice -include-lattice symb -stop-sep -merge bdd -skipnorm -ialias -iclos -nolabelmeanssafe file.i
Updated by Pavel Shved about 13 years ago
11 SSH drivers end with this exception. We should fix it, I guess.
Updated by Pavel Shved about 13 years ago
- Status changed from Open to Resolved
Fixed in a73abb4 in competition branch.
The only reason for the useful blocksets to be SAT for now is that they're satisfiable with real numbers, and unsat with integers.
Updated by Pavel Shved about 13 years ago
- Status changed from Resolved to Closed
The problems with satisfiable useful block sets are gone.