You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cbmc/proofs/proof_guide.md
+16Lines changed: 16 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -218,12 +218,28 @@ Edit the Makefile and update the definition of the following variables:
218
218
* PROJECT_SOURCES - should the files containing the source code of XXX
219
219
* CHECK_FUNCTION_CONTRACTS - set to the `XXX`, but _with_ the `$(MLKEM_NAMESPACE)` prefix if required
220
220
* USE_FUNCTION_CONTRACTS - a list of functions that `XXX` calls where you want CBMC to use the contracts of the called function for proof, rather than 'inlining' the called function for proof. Include the `$(MLKEM_NAMESPACE)` prefix if required
221
+
* EXTERNAL_SAT_SOLVER - should _always_ be "nothing" to prevent CBMC selecting a SAT backend over the selected SMT backend.
221
222
* CBMCFLAGS - additional flags to pass to the final run of CBMC. This is normally set to `--smt2` which tells cbmc to run Z3 as its underlying solver. Can also be set to `--bitwuzla` which is sometimes better at generaing counter-examples when Z3 fails.
222
223
* FUNCTION_NAME - set to `XXX` with the `$(MLKEM_NAMESPACE)` prefix if required
223
224
* CBMC_OBJECT_BITS. Normally set to 8, but might need to be increased if CBMC runs out of memory for this proof.
224
225
225
226
For documentation of these (and the other) options, see the `cbmc/proofs/Makefile.common` file.
226
227
228
+
#### Z3 or Bitwuzla?
229
+
230
+
I have found that it's better to use Bitwuzla in the initial stages of developing and debugging a new proof.
231
+
232
+
When Z3 finds that a proof is "sat" (i.e. not true), it tries to produce a counter-example to show you what's wrong. Unfortunately, recent versions of Z3 can produce quantified expressions as output that cannot be currently understood by CBMC. This leads CBMC to fail with an error such as
233
+
234
+
```
235
+
SMT2 solver returned non-constant value for variable Bxxx
236
+
```
237
+
238
+
This is not helpful when trying to understand a failed proof. Bitwuzla works better and produces reliable counter-examples.
239
+
240
+
Once a proof is working OK, I revert to Z3 to check it _also_ works with Z3. If it does, then I keep Z3 as the selected prover. If not, then stick with Bitwuzla.
241
+
242
+
227
243
### Update harness function
228
244
229
245
The file `XXX_harness.c` should declare a single function called `XXX_harness()` that calls `XXX` exactly one, with appropriately typed parameters. Using contracts, this harness function should not need to contain any CBMC `ASSUME` or `ASSERT` statements at all.
0 commit comments