Skip to content

v0.9

Compare
Choose a tag to compare
@atomb atomb released this 08 Oct 00:34
· 2144 commits to master since this release

New Features

Several improvements have been made to JVM verification:

  • For method specs that do not specify a final value for a field or array element, it is now enforced that the method must leave that field or element unmodified. This ensures soundness of the resulting override for use in compositional verification.

  • New JVM setup commands have been introduced for writing partial specifications: jvm_modifies_field, jvm_modifies_static_field, jvm_modifies_elem, and jvm_modifies_array. Used in the post-condition section of a spec, these declare that the field or array in question may be modified by the method in an unspecified manner.

  • All jvm_ functions have all been promoted from "experimental" to "current" status, so that enable_experimental is no longer necessary for JVM verification.

  • The RPC API now includes methods for Java verification, as described here.

A new enable_lax_pointer_ordering function exists, which relaxes the restrictions that Crucible imposes on comparisons between pointers from different allocation blocks.

A SAW value of type Bool can now be brought into scope in Cryptol expressions as a value of type Bit.

A new hoist_ifs_in_goal proof tactic works like hoist_ifs but on the current goal in a proof script.

The verification summaries produced when specifying the -s flag now contain much more detailed information. When producing JSON output (-f json), the tool in the verif-viewer directory can be used to translate it to GraphViz format.

Two new experimental functions can evaluate SAWCore terms into simpler forms. The normalize_term function simplifies the given term by fully evaluating it with the SAWCore symbolic simulator but keeping it in SAWCore format. The extract_uninterp function allows certain uninterpreted functions to be replaced with extra inputs and constraints on those inputs, allowing propositional solvers to prove goals involving uninterpreted functions.

Changes

  • The linked-in version of ABC (based on the Haskell abcBridge library) has been removed. During the original planning for this removal, we marked commands based on this library as deprecated. In the end, we replaced all of them except cec with Haskell implementations, so no other commands have been removed, and the following commands are now "current" again:

    • abc (which now is the same as w4_abc_verilog)
    • load_aig
    • save_aig
    • save_aig_as_cnf
    • bitblast
    • write_aiger
    • write_cnf

    We have also implemented a w4_abc_aiger command that writes a Term in AIGER format and invokes ABC on it as an external process. This should be very similar to the original abc command. Note that the pure Haskell AIGER and CNF generation code has not been heavily tuned for performance, and could likely be made more efficient. Please file issues for performance regressions you encounter!

    The removal of the linked-in ABC version means that the abc tactic now requires an external abc executable. You can get this by downloading a with-solvers package from the releases page, by downloading a solver package from the what4-solvers repository, or by building it yourself from the ABC repository.

  • The LLVM bitcode reader now should support files from any LLVM version between 3.6 and 12.

  • Experimental Windows builds are again available. The --no-color option may be useful if you encounter I/O trouble running the REPL.

Bug Fixes