Feature #7272
openReimplement Multiple Error Analysis method
0%
Description
The feature seems useful but it still wasn't implemented well - see description of the original issue and the related discussion below.
Updated by Vitaly Mordan over 8 years ago
In branch mav this issue was also revealed.
In order to solve it the following steps were taken:
1. All error traces are printed immediately after they have been found by CPAchecker by means of specific option (cpa.arg.errorPath.exportImmediately=true). By default all found error traces are printed in the coarse of printing all statistics, which may take a lot of time. In case of specifying the suggested option error traces will be printed before that part.
2. Recommendation. It is suggested to use "soft" and "hard" time limits in CPAchecker, so the verifier get time to print statistics. Currently in klever configuration only "hard" time limit can be specified (in ms):
"resource limits": {
"CPU time": 1000000...
In order to specify "soft" time limit one can use option in CPAchecker (limits.time.cpu=900s).
3. Do not correct the Unknown verdict into the Unsafe verdict in case of finding an error trace unless multiple error analysis was specified.
4. But this problem may take place even in multiple error analysis (for example, the last found error trace was about 1Gb and could not be printed in 100s). In order to solve this a new try block was added to intercept such exceptions and output warnings for such traces without further processing them.
As I understand, this issue will be resolved in master as soon as the branch mav will be merged.
Updated by Evgeny Novikov over 8 years ago
BTW, I have used that option and it also didn't help.
Specifying soft time limits will not always help as well as you pointed out. It will just help to get more complete logs. Just in case of finding several bugs it can help a bit.
Catching and ignoring exceptions when parsing error traces is very bad since you will miss important issues one day.
You suggested the proper solution: when we don't try to find multiple error traces then parse error traces just in case of the verification status is Unsafe (as it was before).
But note that this status is likely specified by the BenchExec wrapper around CPAchecker on the basis of its log (examine source code). And this should be done when one tries to find multiple bugs. You should specify a special verification status if the overall status is Unknown, e.g. Incomplete Unsafe and specify in it the number of successfully printed error traces (it should be calculated on the basis of logs).
Updated by Vitaly Mordan over 8 years ago
Catching and ignoring exceptions is proposed to use for MEA only, because there are examples of very big and useless error traces.
If we do not use option for MEA and got incomplete trace for any reason, then VTG most likely should fail.
Updated by Evgeny Novikov over 8 years ago
I understood that well, but this a dirty workaround. One shouldn't understand what error traces weren't outputted successfully on the basis of exceptions during their parsing.
Please, discuss with Philipp, how to properly update the CPAchecker tool info in BenchExec to meet multiple error traces well. I am sure that he will veru glad if you will implement everything required by yourself.
Updated by Evgeny Novikov over 8 years ago
- Category changed from Program fragments generation to Tasks generation
Updated by Evgeny Novikov over 8 years ago
BTW, here is the place in the CPAchecker tool info where they understand that the final verdict is Unsafe that corresponds to the only properly printed error trace (witness). You need to do something like that for several error traces perhaps when the final verdict is Unknown, e.g. due to resource limits.
Updated by Evgeny Novikov over 8 years ago
- Priority changed from High to Normal
Reduce the issue priority since after dbe0c67 one error trace (witness) is properly outputted and processed since it is done just when the CPAchecker tool info reports Unsafe.
Updated by Evgeny Novikov over 8 years ago
From 036a882 when several witnesses are found but some of them aren't printed successfully and the final verdict is Unknown there will be the exception like in the issue description.
Pavel is also interested in the proper decision of this issue since his analysis always finds for many bugs by its nature.
Updated by Evgeny Novikov almost 8 years ago
- Priority changed from Normal to Urgent
After #7617 will be fixed this should be done as well.
Before that you need to suggest changes to BenchExec, the tool info and CPAchecker. I advice to do this together with Vadim and Pavel. Others should be in touch as well. As far as I know, there are following issues:- CPAchecker doesn't report about multiple witnesses fairly since it even doesn't report about one witness. It just doesn't need this. If it founds Unsafe and has enough time to output everything required it just do that and says that it founds Unsafe. After all the correct witness can be found in the specified path.
- Tool info computes a final verdict on the basis of the verdict outputted by CPAchecker rather than by some witnesses.
- BenchExec doesn't support so called incomplete Unsafe. Also it can't fairly report multiple witnesses even if the final verdict is Unsafe.
Since this touches fundamentals of software verification all changes should be discussed with SV-COMP participants after all. Until they won't agree and accept them we shouldn't move further.
Updated by Evgeny Novikov almost 8 years ago
- Tracker changed from Bug to Feature
- Subject changed from Avoid incomplete error traces (witnesses) of CPAchecker when reach time limit to Add fair support for finding multiple violations of the same property
- Description updated (diff)
Reformulate the issue since after fixing of #7617 there won't be the original issue in master (there will be just nothing related with this feature at all).
Updated by Vitaly Mordan almost 8 years ago
- Subject changed from Add fair support for finding multiple violations of the same property to Reimplement Multiple Error Analysis method
Reimplementation of MEA will take 3 steps:
1. Add support of MEA method in BenchExec, so it could provide additional verdict (Unsafe-incomplete) and all found error traces.
2. Integrate new version of BenchExec in master (minimal functionality).
3. Implement new filters (automatic and manual) based on new error trace implementation in master and filters from "new_format_of_strategies" branch.
Note, that it as not a new method, just another implementation of the old one.
Updated by Evgeny Novikov almost 8 years ago
I hope that you clearly understand that we will not use a fork of BenchExec like we used a fork of CPAchecker with MAV for some time. Just when the community will agree with your improvements and they will be in BenchExec master, we will start review of your related changes in Klever. This is a very nice filter, isn't it?
Updated by Vitaly Mordan almost 8 years ago
Yes, I am going to wait for a new version of BenchExec, which also make implementation in our system much more easier.
we will start review of your related changes in Klever
If you are going to review it, please, read at least my documentation first.
Updated by Vitaly Mordan almost 8 years ago
Evgeny Novikov wrote:
This is a very nice filter, isn't it?
It is not nice for our system, that I will have to reimplement the same method second time, which was not changed in a few years, instead of doing something more important (for example, improve methods or their implementations or even suggest some new methods).
Updated by Vitaly Mordan almost 8 years ago
After discussion it was decided, that BenchExec does not require specific changes to support MEA, because such changes are pretty minor and can be (and should be) implemented in our system (for example, what the point of adding in general tool -- BenchExec -- list of found witnesses if we can search in output directory by the same pattern).
The real change, which should be done in MEA implementation, is to add support for any verifier, which can be used in BenchExec. In particular, the way of determine Unsafe-incomplete verdict should be generalized. This task is related to issue #7800.
Therefore, I suggest the following schema:
1. Refactor all strategies (as they are in master) according to #7800, so they could operate (or fail if not supported) with any verifier.
2. Reimplement MEA method (by generalizing implementation in master).
3. Step-by-step refactor each strategy in master in accordance with their correct implementation in branch "new_format_of_strategies".
4. Merge this in master without waiting for review from those, who completely do not accept ideas of this method.
If there will be problems with merge again, it all will be a waste of resources and it is better to ignore this issue. It is enough that this year I had to reimplement the same methods twice, because they were not merged in time, since reviewer simply did not accept ideas of methods for some unknown reasons, instead of improving them. Maybe we need different reviewers for different components for better development of our system.
Updated by Evgeny Novikov over 7 years ago
- Priority changed from Urgent to High
This issue does not have such the high priority.