|
| 1 | +# Unsound CLI options for various tools |
| 2 | + |
| 3 | +Be advised that the following command line options to `cbmc` and `goto-instrument` |
| 4 | +have been reported to be unsound: |
| 5 | + |
| 6 | +* `--full-slice` has been reported to be unsound in issue [cbmc#260](https://github.com/diffblue/cbmc/issues/260) |
| 7 | + In particular, `--full-slice` appears to lead to spurious counter examples, |
| 8 | + because values that get assigned by a function whose body gets sliced out are |
| 9 | + no longer present in the trace, but still result in flipped verification results. |
| 10 | + |
| 11 | +`cbmc` and `goto-instrument` have also been modified to warn that options used |
| 12 | +are unsound as part of their output. An example of how that output looks is shown |
| 13 | +below: |
| 14 | + |
| 15 | +```sh |
| 16 | +$ cbmc --full-slice ~/Devel/cbmc_bugs/6394/before-slice.out |
| 17 | +CBMC version 5.45.0 (cbmc-5.43.0-77-g99c5a92de1-dirty) 64-bit arm64 macos |
| 18 | +Reading GOTO program from file |
| 19 | +Reading: ~/Devel/cbmc_bugs/6394/before-slice.out |
| 20 | +Generating GOTO Program |
| 21 | +Adding CPROVER library (x86_64) |
| 22 | +Removal of function pointers and virtual functions |
| 23 | +Generic Property Instrumentation |
| 24 | +WARNING: Unsound option --full-slice |
| 25 | +Performing a full slice |
| 26 | +Running with 8 object bits, 56 offset bits (default) |
| 27 | +Starting Bounded Model Checking |
| 28 | +[...] |
| 29 | +``` |
| 30 | + |
| 31 | +Be advised some of these options may be activated by auxiliary options, for instance, |
| 32 | +`--aggressive-slice` seems to lead to a path that performs the transformations that |
| 33 | +`--reachability-slice` does in `goto-instrument`. |
0 commit comments