Each entry consists of three key-value pairs, namely the key entry_type
with value violation_sequence
,
the key metadata, and the key content.
The entry_type
defines what content is available in the content field.
The only allowed entry type for a correctness witness is violation_sequence
.
The meta data describe the provenance of the data.
The version
of the format is given as a string (currently "2.0").
The uuid
is a unique identifier of the entry;
it uses the UUID format defined in RFC4122.
The creation_time
describes the date and time when the entry was created;
it uses the format given by ISO 8601.
The key producer
describes the tool that produced the entry.
The name of the tool that produced the witness.
The version of the tool.
The configuration in which the tool ran.
The command line with which the tool ran;
it should be a bash-compliant command.
Any information not fitting in the previous items.
The task describes the verification task to which the entry is related.
The list of files given as input to the verifier,
e.g. ["path/f1.c", "path/f2.c"].
The SHA-256 hashes of all files in input_files,
e.g. {"path/f1.c": 511..., "path/f2.c": f70...}
Each additional property must conform to the following schema
Type: stringThe specification considered by the verifier;
it uses the SV-COMP format given at
https://sv-comp.sosy-lab.org/2023/rules.php.
The data model assumed for the input program.
The programming language of the input files;
the format currently supports only C.
The content represents the semantical content of the violation witness.
It is a sequence of one or more segments.
The content contains a sequence of zero or more normal segments and exactly one final segment at the end.
A segment
is a sequence of one or more waypoints.
They are used to structure the waypoints into segments.
Each segment
is a sequence of zero or more waypoints with action avoid
and
exactly one waypoint of action follow
at the end.
A segment is called final if it ends with the target
waypoint and it is called normal otherwise.
The waypoint
elements are the basic building block of violation witnesses.
They have the form of simple restrictions on program executions.
Technically, a waypoint is a mapping with four keys, namely type, location, constraint, and action.
The values of the first three keys specify the requirement on a program execution to pass a waypoint:
type
describes the type of the requirement,
location
specifies the program location where the requirement is evaluated, and
constraint
gives the requirement itself and is not allowed for waypoints of type function_enter
and target
.
The key action
then states whether the executions represented by the witness should
pass through the waypoint (value follow
) or avoid it (value avoid
).
The format currently supports two possible values of type with the following meanings:
assumption
:format
specifies the language of the assumption andvalue
contains a side-effect-free assumption over variables in the current scope.format
is c_expression
as C expressions are the only assumptions currently supported.target
:follow
and it marks the program location where the property is violated.target
.function_enter
:function_return
:\result <op> <const_expression>
,<op>
is one of ==
, !=
, <=
, <
, >
, >=
and <const_expression>
is a constant expression.acsl_expression
. branching
:if
, while
, switch
, or to the character ?
?:
). The constraint is then a mapping with only one key value.true
or false
saying whether the true branchAn assumption
waypoint is evaluated at the sequence point
immediately before the waypoint location. The waypoint is passed if
the given constraint evaluates to true. A branching
waypoint
is evaluated at the sequence point immediately after evaluation of the
controlling expression of the corresponding branching statement. The
waypoint is passed if the resulting value of the controlling
expression corresponds to the given constraint. A
function_enter
waypoint is evaluated at the sequence point
immediately after evaluation of all arguments of the function
call. The waypoint is passed without any additional constraint. A
function_return
waypoint is evaluated immediately after
evaluation of the corresponding function call. The waypoint is passed
if the returned value satisfies the given constraint.
The constraint of the waypoint.
A constraint is not allowed for type target
.
The location
is a mapping with mandatory keys file_name and line.
All other keys are optional.
If the location provides an inconsistent information
(e.g., identifier specifies a function that is not called at the given column on the given line ),
the witness is syntactically invalid.
The name of the file of the location.
The line number pf the program location in the file.
Value must be greater or equal to 1
The key column
specifies the column number of the location,
i.e., the position of the column
-th character in the line that the location points to
(value 1 is the position of the first character).
If the column is not given, then it is interpreted as the leftmost suitable position on the line,
where suitability is given by type
.
Value must be greater or equal to 1
The key function
gives the name of the function containing the location.
It is usually determined by the file_name
and line
, but the information can improve human readability of the witness.
Action follow
means that the waypoint should be passed through.
Action avoid
means that the waypoint should be avoided.