Originally, symbolic paths were meant to handle the situation when a heap invariant containing addresses of dynamic objects would be used for cases when the dynamic objects were not allocated.
Thanks to the new dynamic object management class, this problem can be solved in a better way by adding a loop guard (guarding the object allocation) directly to the heap invariant. In particular, if a heap template row value contains a pointer-object equality (stating that the pointer may point to the object), this adds (conjuncts) a loop-select guard of the object allocation loop.
Originally, symbolic paths were meant to handle the situation when a heap invariant containing addresses of dynamic objects would be used for cases when the dynamic objects were not allocated.
Thanks to the new dynamic object management class, this problem can be solved in a better way by adding a loop guard (guarding the object allocation) directly to the heap invariant. In particular, if a heap template row value contains a pointer-object equality (stating that the pointer may point to the object), this adds (conjuncts) a loop-select guard of the object allocation loop.
For example, if the original row value was e.g.:
where
dynamic_object$16is allocated in a loop with$guard#ls30anddynamic_object$32is allocated in a loop with$guard#ls50, the new row value is:This makes sure that invariants for the dynamic object are used only if the objects were actually allocated.
This new approach brings some considerable speedup, e.g. for the
heap-dataregression suite: