Skip to content

Commit f47f6b9

Browse files
NlightNFotisNlightNFotis
committed
[DOCS] Add documentation for the new --cover assume coverage criterion.
1 parent 5f0bb03 commit f47f6b9

File tree

2 files changed

+35
-0
lines changed

2 files changed

+35
-0
lines changed

doc/cprover-manual/modeling-assumptions.md

+34
Original file line numberDiff line numberDiff line change
@@ -71,3 +71,37 @@ int main() {
7171
This code fails, as there is a choice of x and y which results in a counterexample
7272
(any choice in which x and y are different).
7373

74+
## Coverage
75+
76+
You can ask CBMC to give coverage information regarding `__CPROVER_assume` statements.
77+
This is useful when you need, for example, to check which assume statements may have
78+
led to an emptying of the search state space, resulting in `assert` statements being
79+
vaccuously passed.
80+
81+
To use that invoke CBMC with the `--cover assume` option. For example, for a file:
82+
83+
```c
84+
#include <assert.h>
85+
86+
int main()
87+
{
88+
int x;
89+
__CPROVER_assume(x > 0);
90+
__CPROVER_assume(x < 0);
91+
assert(0 == 1);
92+
}
93+
```
94+
95+
CBMC invoked with `cbmc --cover assume test.c` will report:
96+
97+
```sh
98+
[main.1] file assume_assert.c line 6 function main assert(false) before assume(x > 0): SATISFIED
99+
[main.2] file assume_assert.c line 6 function main assert(false) after assume(x > 0): SATISFIED
100+
[main.3] file assume_assert.c line 7 function main assert(false) before assume(x < 0): SATISFIED
101+
[main.4] file assume_assert.c line 7 function main assert(false) after assume(x < 0): FAILED
102+
```
103+
104+
When an `assert(false)` statement before the assume has the property status `SATISFIED`,
105+
but is followed by an `assert(false)` statement *after* the assume statement that has status
106+
`FAILED`, this is an indication that this specific assume statement (on the line reported)
107+
is one that is emptying the search space for model checking.

doc/cprover-manual/test-suite.md

+1
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,7 @@ The table below summarizes the coverage criteria that CBMC supports.
213213
Criterion |Definition
214214
----------|----------
215215
assertion |For every assertion, generate a test that reaches it
216+
assume |For every assume, generate tests before and after the assume statement to indicate coverage before and after it
216217
location |For every location, generate a test that reaches it
217218
branch |Generate a test for every branch outcome
218219
decision |Generate a test for both outcomes of every Boolean expression that is not an operand of a propositional connective

0 commit comments

Comments
 (0)