This commit is contained in:
Leo Alt 2021-10-06 11:53:20 +02:00
parent 4f823c6342
commit d04ad57ee7
2 changed files with 20 additions and 1 deletions

View File

@ -412,7 +412,7 @@ is already "locked", so it would not be possible to change the value of ``x``,
regardless of what the unknown called code does. regardless of what the unknown called code does.
If we "forget" to use the ``mutex`` modifier on function ``set``, the If we "forget" to use the ``mutex`` modifier on function ``set``, the
SMTChecker is able to synthesize the behavior of the externally called code so SMTChecker is able to synthesize the behaviour of the externally called code so
that the assertion fails: that the assertion fails:
.. code-block:: text .. code-block:: text
@ -518,6 +518,23 @@ which has the following form:
"source2.sol": ["contract2", "contract3"] "source2.sol": ["contract2", "contract3"]
} }
Reported Inferred Inductive Invariants
======================================
For properties that were proved safe with the CHC engine,
the SMTChecker can retrieve inductive invariants that were inferred by the Horn
solver as part of the proof.
Currently two types of invariants can be reported to the user:
- Contract Invariants: these are properties over the contract's state variables
that are true before and after every possible transaction that the contract may ever run. For example, ``x >= y``, where ``x`` and ``y`` are a contract's state variables.
- Reentrancy Properties: they represent the behavior of the contract
in the presence of external calls to unknown code. These properties can express a relation
between the value of the state variables before and after the external call, where the external call is free to do anything, including making reentrant calls to the analyzed contract. Primed variables represent the state variables' values after said external call. Example: ``lock -> x = x'``.
The user can choose the type of invariants to be reported using the CLI option ``--model-checker-invariants "contract,reentrancy"`` or as an array in the field ``settings.modelChecker.invariants`` in the :ref:`JSON input<compiler-api>`.
By default the SMTChecker does not report invariants.
Division and Modulo With Slack Variables Division and Modulo With Slack Variables
======================================== ========================================

View File

@ -418,6 +418,8 @@ Input Description
"divModWithSlacks": true, "divModWithSlacks": true,
// Choose which model checker engine to use: all (default), bmc, chc, none. // Choose which model checker engine to use: all (default), bmc, chc, none.
"engine": "chc", "engine": "chc",
// Choose which types of invariants should be reported to the user: contract, reentrancy.
"invariants": ["contract", "reentrancy"],
// Choose whether to output all unproved targets. The default is `false`. // Choose whether to output all unproved targets. The default is `false`.
"showUnproved": true, "showUnproved": true,
// Choose which solvers should be used, if available. // Choose which solvers should be used, if available.