Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework of the support for builtins #1435

Merged
merged 28 commits into from
Dec 24, 2023
Merged

Rework of the support for builtins #1435

merged 28 commits into from
Dec 24, 2023

Conversation

mikhailramalho
Copy link
Member

@mikhailramalho mikhailramalho commented Oct 30, 2023
edited
Loading

This PR is part of a series of PRs derived from #876: although that PR was accepted, it's been a nightmare to rebase, so I decided to split it.

This PR changes how esbmc handles builtins: we no longer need to define new names in the preprocessor (via -D), but instead check for the functions we support or abort, similar to how intrinsics are handled.

As the first implementation, this PR changes how the __sync_fetch_and_*, atomic_store/_load, and the builtin_*_overflows functions are handled. Bonus that we got rid of the 1238 defines to support all the builtin_*_overflows in the frontend.

For the polymorphic builtins (like atomic_store/load, sync_fetch_*) the implementation creates the new function bodies in the frontend. I implemented about half of them, so some are missing. I've added a __builtin_unreachable(); call to the missing implementations so esbmc will crash on unsupported calls. It should be easy to implement these new functions and it's left as an exercise to the reader.

There are also new tests for builtin_*_overflows function and atomic_load/store, which we didn't have before (these functions are used in the aws benchmarks).

@mikhailramalho mikhailramalho changed the title [NFC} Rework of the support for builtins Rework of the support for builtins Oct 30, 2023
fbrausse
fbrausse approved these changes Oct 31, 2023
View reviewed changes
Copy link
Collaborator

@fbrausse fbrausse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have one suggestion for improvement.

src/goto-symex/builtin_functions.cpp Show resolved Hide resolved
@mikhailramalho
Copy link
Member Author

@fbrausse @rafaelsamenezes @lucasccordeiro folks, how do I run this on sv-comp?

It's a pretty big change, so I think we should validate this PR there, specially since it changes code related to concurrency (which I know very little about).

@fbrausse
Copy link
Collaborator

fbrausse commented Nov 1, 2023
edited
Loading

When you go to "Actions" in Github, select "Run Benchexec" and press "Run workflow" on the right, you can choose the branch to run it over. The defaults run the entire sv-benchmarks with a 30s timeout.

@mikhailramalho
Copy link
Member Author

When you go to "Actions" in Github, select "Run Benchexec" and press "Run workflow" on the right, you can choose the branch to run it over. The defaults run the entire sv-benchmarks with a 30s timeout.

got it working but the generate diff action doesn't seem to be working. How do you folks check the results? I downloaded the output but it only contains a bunch of witnesses.

@lucasccordeiro
Copy link
Contributor

This PR:

Statistics:          23805 Files
  correct:           14187
    correct true:     7799
    correct false:    6388
  incorrect:            21
    incorrect true:      5
    incorrect false:    16
  unknown:            959
  Score:             21570 (max: 3482)

Master:

Statistics:          23805 Files
  correct:           14205
    correct true:     7820
    correct false:    6385
  incorrect:            20
    incorrect true:      5
    incorrect false:    15
  unknown:            9580
  Score:             21625 (max: 38482)

GitHub actions: https://github.com/esbmc/esbmc/actions/runs/6710604417

@mikhailramalho
Copy link
Member Author

Yeah, I need to know which ones failed :/

My guess is that the __builtin_unreachable() calls in the frontend are prematurely aborting verification: esbmc will crash even if the unsupported functions are never called

@mikhailramalho
Copy link
Member Author

@rafaelsamenezes lucas told me you have a script to find out which test failed, can you share it?

@rafaelsamenezes
Copy link
Contributor

@rafaelsamenezes lucas told me you have a script to find out which test failed, can you share it?

I just download the artifacts and run table-generator on them. So:

  1. Download your PR artifacts from here: https://github.com/esbmc/esbmc/actions/runs/6715400579
  2. Download the master artifacts from here: https://github.com/esbmc/esbmc/actions/runs/6710604417
  3. Select the category that you want to compare, let's say unreach-call: table-generator $OLD-unreach-call.xml.bz2 $NEW-unreach-call.xml.bz2

@fbrausse
Copy link
Collaborator

fbrausse commented Nov 1, 2023
edited
Loading

I have these 3 helper scripts to work with the sv-comp results: sv-comp-scripts.tar.gz

  • unpack.sh: unpacks both, the esbmc release .zip, and the benchmark results
  • run-tg: runs the table generator on all (hardcoded) categories creating a new "diff-$OLD-$NEW" directory for given OLD and NEW
  • wrong.sh: applied to one of the *.xml.bz2 it just prints the incorrect ones to stdout

@fbrausse
Copy link
Collaborator

fbrausse commented Nov 3, 2023

The Windows build fails on __sync_fetch_and_add with

D:\a\esbmc\esbmc\unit\c2goto\library\builtin_libs.test.cpp(36,5): error C3861: '__sync_fetch_and_add': identifier not found [D:\a\esbmc\esbmc\build\unit\c2goto\library\builtin_libstest.vcxproj]
D:\a\esbmc\esbmc\unit\c2goto\library\builtin_libs.test.cpp(41,5): error C3861: '__sync_fetch_and_add': identifier not found [D:\a\esbmc\esbmc\build\unit\c2goto\library\builtin_libstest.vcxproj]
D:\a\esbmc\esbmc\unit\c2goto\library\builtin_libs.test.cpp(46,5): error C3861: '__sync_fetch_and_add': identifier not found [D:\a\esbmc\esbmc\build\unit\c2goto\library\builtin_libstest.vcxproj]
D:\a\esbmc\esbmc\unit\c2goto\library\builtin_libs.test.cpp(51,5): error C3861: '__sync_fetch_and_add': identifier not found [D:\a\esbmc\esbmc\build\unit\c2goto\library\builtin_libstest.vcxproj]
D:\a\esbmc\esbmc\unit\c2goto\library\builtin_libs.test.cpp(56,5): error C3861: '__sync_fetch_and_add': identifier not found [D:\a\esbmc\esbmc\build\unit\c2goto\library\builtin_libstest.vcxproj]

@mikhailramalho
Copy link
Member Author

This PR:

Statistics:          23805 Files
  correct:           14509
    correct true:     8066
    correct false:    6443
  incorrect:            37
    incorrect true:     14
    incorrect false:    23
  unknown:            9259
  Score:             21759 (max: 38482)

Master:

Statistics:          23805 Files
  correct:           14431
    correct true:     8004
    correct false:    6427
  incorrect:            26
    incorrect true:     15
    incorrect false:    11
  unknown:            9348
  Score:             21779 (max: 38482)

Nice improvement over master on correct results, but too many incorrect results still

@mikhailramalho
Copy link
Member Author

I've tested all the new incorrect false and they are also reported by the master branch; this branch is just faster.

I'll rerun the master branch on sv-comp, but otherwise, this should be good to go.

lucasccordeiro
lucasccordeiro approved these changes Dec 23, 2023
View reviewed changes
Copy link
Contributor

@lucasccordeiro lucasccordeiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this PR, @mikhailramalho.

Can I ask you please to provide the names of the benchmarks that are giving incorrect results?

@mikhailramalho @lucasccordeiro
Improve builtin function calls
d78b92b 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Added __ESBMC_ prefix to intrinsic functions
867a265 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
No one is using __ESBMC_*abs
04e7246 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Got rid of define to change builtin_*_overflows
cd12a18 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Move __builtin_constant_p to new run_builtin
8a6e815 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Get rid of the old sync_fetch_add model
38fda76 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Moved type2name to utils
66720d0 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
New conversion function
0d946f0 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Fix type2name path
d49a149 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Fix type of atomicExpr, they are expression, not function declaration…
8eb2692 
…, so their type shouldn't be the function type, but the return type

Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
New file to generate polymorphic function symbols
31c03d8 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Handle new atomic/sync in the frontend to create the unique symbols
a685b34 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Implement atomic_load_n and atomic_store_n
8fb2680 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Moved the implementation of sync/atomics back to frontend, since it's…
8d82118 
… easier to define an atomic scope there

Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Test cases for atomic_load and atomic_store
d43ee2f 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Fix location function name of the new models
4a8331e 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
we need to first check if the function identifier is an poly atomic, …
527eb4e 
…since its symbol was already added in during convert

Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Code style
6f598e4 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Removed lambda from intrinsic_memset
5f87a09 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Don't abort when we see an unsupported builtin
9fda0a0 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
Code style fixes
870e814 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho @lucasccordeiro
More code style
fb635b7 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@lucasccordeiro
Copy link
Contributor

@rafaelsamenezes: Is our windows CI broken?

@mikhailramalho
Copy link
Member Author

@rafaelsamenezes: Is our windows CI broken?

Not really, the issue is that the failing test is calling __sync_fetch_and_add, which is gcc specific.

@mikhailramalho
Copy link
Member Author

Latest result:
This PR:

Statistics:          23805 Files
  correct:           14509
    correct true:     8066
    correct false:    6443
  incorrect:            37
    incorrect true:     14
    incorrect false:    23
  unknown:            9259
  Score:             21759 (max: 38482)

Master:

Statistics:          23805 Files
  correct:           14533
    correct true:     8089
    correct false:    6444
  incorrect:            36
    incorrect true:     14
    incorrect false:    22
  unknown:            9236
  Score:             21822 (max: 38482)

Closer results now, I'll check the missing correct true but I guess it's only noise.

@mikhailramalho
Unify __atomic_fetch* and __sync_fetch*
c436998 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho
Use standard atomic_fetch in windows, since __sync_fetch_and_* is a g…
e5cd7a3 
…cc builtin

Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho
Missing header
54b8fdd 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho
Forgot namespace
0cfdd05 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho
Disable test on windows since this is a gcc builtin
9c75882 
Signed-off-by: Mikhail R. Gadelha <mikhail@igalia.com>
@mikhailramalho mikhailramalho mentioned this pull request Dec 23, 2023
Open
@mikhailramalho
Copy link
Member Author

The CI is broken due to issue #1559, I submitted another PR to fix that first.

@mikhailramalho
Copy link
Member Author

This should be good to go now

@lucasccordeiro lucasccordeiro merged commit 74c1cc8 into master Dec 24, 2023
10 checks passed
@lucasccordeiro lucasccordeiro deleted the rework-builtins branch December 24, 2023 23:26
@lucasccordeiro
Copy link
Contributor

Thanks for submitting this PR, @mikhailramalho.

@intrigus-lgtm intrigus-lgtm mentioned this pull request Feb 3, 2025
Merged
lucasccordeiro pushed a commit that referenced this pull request Feb 3, 2025
@intrigus-lgtm @intrigus
[symex] only increment pc if builtin is actually handled (#2276)
c6e7da2 
Otherwise, `symex_function_call` would also increment pc, when a body
for a builtin is not available.

Bug appears to have been introduced in #1435.

---------

Co-authored-by: intrigus <abc123zeus@live.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucasccordeiro lucasccordeiro lucasccordeiro approved these changes

@fbrausse fbrausse fbrausse approved these changes

@rafaelsamenezes rafaelsamenezes Awaiting requested review from rafaelsamenezes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mikhailramalho @fbrausse @lucasccordeiro @rafaelsamenezes