Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Proof Guide to cover use of OBJECT_UPTO rather than OBJECT_WHOLE #382

Closed
rod-chapman opened this issue Nov 12, 2024 · 2 comments · Fixed by #636
Closed

Update Proof Guide to cover use of OBJECT_UPTO rather than OBJECT_WHOLE #382

rod-chapman opened this issue Nov 12, 2024 · 2 comments · Fixed by #636
Assignees
Labels
CBMC documentation Improvements or additions to documentation enhancement New feature or request
Milestone

Comments

@rod-chapman
Copy link
Contributor

The Proof Guide document (cbmc/proofs/proof_guide.md) talks of using the OBJECT_WHOLE macro within ASSIGNS contracts. We now know this is unwise, and that the OBJECT_UPTO macro is almost always a better choice.

The guide should be updated to explain why this is so, and update the existing examples to use OBJECT_UPTO where appropriate.

I also suggest adding a sub-section under "proof patterns" called "Updating composite objects" that gives guidance on how to write contracts for functions that update a composite object (e.g. an array or a struct) via a mutable by-reference parameter.

@rod-chapman rod-chapman added enhancement New feature or request documentation Improvements or additions to documentation CBMC labels Nov 12, 2024
@rod-chapman
Copy link
Contributor Author

Also remember to mention the use of

--slice-formula
--no-array-field-sensitivity
--arrays-uf-always

switches and where/when to try these.

@hanno-becker
Copy link
Contributor

@rod-chapman I'm assining you to this, ok?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CBMC documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants