Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide limited visibility into the Crucible state while inside a CrucibleSetup () #705

Closed
weaversa opened this issue May 9, 2020 · 4 comments
Assignees
Labels
better-in-python Will be fixed by switching to python frontend type: enhancement Issues describing an improvement to an existing feature or capability usability An issue that impedes efficient understanding and use wontfix Closed issues that we decided not to fix, but are still potentially relevant

Comments

@weaversa
Copy link
Contributor

weaversa commented May 9, 2020

I often find myself writing two functions to describe each struct or set of conditions, i.e. one to be used in the pre-state and one to be used in the post-state. If it were possible to know whether we were in a pre or post state (via some flag --- Are we above the crucible_execute_func line, or below it?) I would only have to write one function for each and test on this flag.

Here is an example. The notable differences here are crucible_precond vs. crucible_postcond and the bitvector_t_setup function taking slightly different arguments.

let bitvector_t_struct (rw : Term) (n : Int) (name : String) = do {
  bv <- bitvector_t_setup rw n name;
  let bvt = bv.t;
  precond {{ bvt.bits.nLength_max >= bvt.bits.nLength }};
  return {s=bv.s, bucket=bv.t};
};

let bitvector_t_struct' (n : Int) (name : String) = do {
  bv <- bitvector_t_setup CONST n name;
  let bvt = bv.t;
  postcond {{ bvt.bits.nLength_max >= bvt.bits.nLength }};
  return {s=bv.s, bucket=bv.t};
};
@weaversa weaversa added type: enhancement Issues describing an improvement to an existing feature or capability usability An issue that impedes efficient understanding and use labels May 9, 2020
@weaversa
Copy link
Contributor Author

weaversa commented May 9, 2020

Of course, if I got this capability I’d immediately write:

let assert = if (eval_bool {{ `in_crucible_prestate == True }}) then crucible_precond else crucible_postcond;

So, what is the reason for separating the pre and post conditions into different functions? Crucible already knows whether a condition is happening in the pre or post state. If I write a condition before crucible_execute_func it’s a precondition, etc. Why not just have one function instead of 2?

@atomb
Copy link
Contributor

atomb commented May 11, 2020

Complex operations like this, and some of the things you recently committed to the saw-demos repo, are likely to be much easier using the RPC API to SAW, and the Python client, since you'll have a fully-featured programming language available, and because contracts in that interface are purely data structures.

We actually had a single assert function for a little while, and had comments from users that it was confusing, and that they understood pre- and postconditions better, so we adopted the two-function approach. They do, indeed, do exactly the same thing in the implementation. One approach that could potentially be viable would be to provide three functions: one that works in either state, and the two current ones that check their state and produce an error if used in the wrong state.

@atomb atomb self-assigned this May 15, 2020
@atomb atomb added this to the 0.6 milestone May 15, 2020
@weaversa weaversa added the better-in-python Will be fixed by switching to python frontend label May 23, 2020
@atomb atomb modified the milestones: 0.6, 0.7 Aug 13, 2020
@atomb atomb removed this from the 0.7 milestone Oct 16, 2020
@atomb atomb added the wontfix Closed issues that we decided not to fix, but are still potentially relevant label Oct 8, 2021
@atomb
Copy link
Contributor

atomb commented Oct 8, 2021

It seems as though there's consensus that Python is the better way to go for verification scripts that need this sort of flexibility, and that this would be an awkward thing to implement in SAWScript, so I'm going to close this issue.

@atomb atomb closed this as completed Oct 8, 2021
@pnwamk
Copy link
Contributor

pnwamk commented Oct 8, 2021

N.B., currently the __state field on a Contract reports what state things are in. We could make this more "publicly" visible, and/or add an assert that chooses "pre" or "post" condition as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
better-in-python Will be fixed by switching to python frontend type: enhancement Issues describing an improvement to an existing feature or capability usability An issue that impedes efficient understanding and use wontfix Closed issues that we decided not to fix, but are still potentially relevant
Projects
None yet
Development

No branches or pull requests

3 participants