Skip to content

Fix variable initialization order in snapshot-harness aliasing pointers#8798

Open
tautschnig wants to merge 1 commit intodiffblue:developfrom
tautschnig:fix-4978-snapshot-init
Open

Fix variable initialization order in snapshot-harness aliasing pointers#8798
tautschnig wants to merge 1 commit intodiffblue:developfrom
tautschnig:fix-4978-snapshot-init

Conversation

@tautschnig
Copy link
Copy Markdown
Collaborator

@tautschnig tautschnig commented Dec 9, 2025

The root cause was in the topological sort implementation. The dfs() method enforced that seen and inserted sets must be empty on entry (via PRECONDITION) and would clear them on exit. However, topological_sort() calls dfs() multiple times in a loop for each item in the input collection. This meant only the first item was sorted correctly; subsequent items would fail the precondition or produce incorrect results.

The fix moves the set clearing logic to the beginning of topological_sort(), ensuring a fresh DFS traversal for the entire collection while allowing the DFS to maintain state across recursive calls within a single item's dependency graph.

Co-authored-by: Kiro autonomous agent

Fixes: #4978

  • Each commit message has a non-empty body, explaining why the change was made.
  • n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • n/a My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@tautschnig tautschnig force-pushed the fix-4978-snapshot-init branch from 1e25c00 to f154c3e Compare December 9, 2025 14:59
@tautschnig tautschnig self-assigned this Feb 24, 2026
@tautschnig
Fix variable initialization order in snapshot-harness aliasing pointers
9a3d481 
The root cause was in the topological sort implementation. The dfs()
method enforced that seen and inserted sets must be empty on entry (via
PRECONDITION) and would clear them on exit. However,
topological_sort() calls dfs() multiple times in a loop for each
item in the input collection. This meant only the first item was sorted
correctly; subsequent items would fail the precondition or produce
incorrect results.

The fix moves the set clearing logic to the beginning of
topological_sort(), ensuring a fresh DFS traversal for the entire
collection while allowing the DFS to maintain state across recursive
calls within a single item's dependency graph.

The regression test descriptors are updated to use flexible property
numbering (\d+ instead of hardcoded 27) since the corrected
initialization order changes the numbering of pointer dereference
checks.

Co-authored-by: Kiro (autonomous agent) <kiro-agent@users.noreply.github.com>

Fixes: diffblue#4978
@tautschnig tautschnig force-pushed the fix-4978-snapshot-init branch from f154c3e to 9a3d481 Compare March 17, 2026 13:27
@tautschnig tautschnig marked this pull request as ready for review March 17, 2026 13:28
Copilot AI review requested due to automatic review settings March 17, 2026 13:28
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR stabilizes the memory-snapshot harness symbol ordering traversal and re-enables two snapshot-harness regression tests as CORE by making their output matching less brittle.

Changes:

  • Reset preordert traversal state once per sort() call (instead of per dfs() invocation) to ensure a fresh, consistent traversal across the full input.
  • Promote snapshot-harness regression tests from KNOWNBUG to CORE.
  • Relax regression output matching for pointer dereference IDs from a fixed number to \d+, and remove outdated known-bug commentary blocks.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
src/goto-harness/memory_snapshot_harness_generator.h Clears seen/inserted at the start of preordert::sort() to ensure traversal state is reset once per sort.
regression/snapshot-harness/dynamic-array-int/test.desc Marks test as CORE and makes pointer-dereference property ID matching robust to numbering changes.
regression/snapshot-harness/dynamic-array-int-ordering/test.desc Same as above for the ordering-focused variant.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@martin-cs martin-cs Awaiting requested review from martin-cs martin-cs is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@tautschnig tautschnig

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Snapshot-harness may initialise variables in the wrong order

2 participants

@tautschnig