-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uclid5-based LF Verifier #1271
Uclid5-based LF Verifier #1271
Conversation
…ctions, and DSL-related things.
The new setup for the verifier test works now. However, the tests revealed a problem in the generator:
This wasn't observed before, because assertions are only enabled during testing. |
Coverage is back to 75%! |
That's great news! |
Has this been fixed, @lsk567? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Thanks for addressing the code coverage issue!
Yes, this has been fixed. Now, if any of the dependencies is not found when running
|
The only thing preventing this from getting merged is lf-lang/epoch#19. |
Yes, I am working on it. I also consulted @a-sr for help on this. It will probably take some extra time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't done a careful code review, but I am Ok with merging this as soon as we have a strategy for fixing lf-lang/epoch#19.
lf-lang/epoch#19 is now ready to go. All credits go to @a-sr! I think we should merge this PR (#1271 ) first, since epoch depends on it? |
cleanIfNeeded(lfContext); | ||
|
||
// If @property annotations are used, run the LF verifier. | ||
runVerifierIfPropertiesDetected(resource, lfContext); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason for calling the verifier here instead of in GeneratorBase?
I spend some time today wondering why the verifier tests pass on my machine, although I don't have uclid installed. Turns out that the errors reported by the verifier are ignored, because the message reporter is reset at the beginning of doGenerate()
in GeneratorBase. So it seems like the verifier should be called in GeneratorBase, after cleaning and resetting the message reporter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the time when I implemented this, it felt a bit more natural to call the verifier outside of GeneratorBase, because it focuses on generating target source code.
But I am certainly not against moving it into GeneratorBase
. :-)
This is a PR for an LF verifier built on top of Uclid5, which analyzes an LF program with the C target and checks whether the program violates a user-specified property. Currently, this feature is enabled when the
@property
annotation is used.A corresponding benchmark suite can be found here: https://github.com/lf-lang/lf-verifier-benchmarks.
Here is a list of remaining TODOs for this PR:
.dot
file for the state space diagram.lf_schedule_int
call (which takes 3 params).uclid
andz3
.Major feature TODOs:
Minor features / bugs TODOs:
startup
and other triggers. For example inPingPong.lf
.Actions
axioms should reference these additional delay variables.MS(100)
).TrafficLight.lf
, if an action is visible, not using it blocks the model. So if one branch of an if statement is not using it, the entire model is blocked.Election.lf
).timer t(1 nsec)
currently send the explorer into an infinite loop.ADASModel_l_reaction_0 ==> (F[0, 50 msec]( ADASModel_b_reaction_0 ))
, returns trivially true.X()
is sometimes problematic.For logical time-based semantics:
Notes on maintaining this feature:
Debugging tips:
AstUtils.java
,printStackTraceAndMatchedText()
, that can print the string matched by ANTLR as well as the stack trace of the visitor functions.