Explain unsound options in documentation.

NlightNFotis · NlightNFotis · commit 9b25186c2352 · 2022-02-09T10:48:08.000Z
diff --git a/doc/cprover-manual/unsound_options.md b/doc/cprover-manual/unsound_options.md
@@ -0,0 +1,32 @@
+# Unsound CLI options for various tools
+
+Be advised that the following command line options to `cbmc` and `goto-instrument`
+have been reported to be unsound:
+
+* `--reachability-slice` has been reported to flip verification results from
+  failed to successful. For more information, please have a look at [cbmc#6394](https://github.com/diffblue/cbmc/issues/6394)
+* `--full-slice` has been reported to be unsound in issue [cbmc#260](https://github.com/diffblue/cbmc/issues/260)
+
+`cbmc` and `goto-instrument` have also been modified to warn that options used
+are unsound as part of their output. An example of how that output looks is shown
+below:
+
+```sh
+$ cbmc --reachability-slice ~/Devel/cbmc_bugs/6394/before-slice.out
+CBMC version 5.45.0 (cbmc-5.43.0-77-g99c5a92de1-dirty) 64-bit arm64 macos
+Reading GOTO program from file
+Reading: ~/Devel/cbmc_bugs/6394/before-slice.out
+Generating GOTO Program
+Adding CPROVER library (x86_64)
+Removal of function pointers and virtual functions
+Generic Property Instrumentation
+WARNING: Unsound option --reachability-slice
+Performing a reachability slice
+Running with 8 object bits, 56 offset bits (default)
+Starting Bounded Model Checking
+[...]
+```
+
+Be advised some of these options may be activated by auxiliary options, for instance,
+`--aggressive-slice` seems to lead to a path that performs the transformations that
+`--reachability-slice` does in `goto-instrument`.
