Instruments a program by inserting asserts either:
- After an assignment to a variable (unless witness.invariant.full is activated) and
- At join points about all local variables
OR
- Only after pthread_mutex_lock (witness.invariant.after-lock), about all locals and globals
Limitations without witness.invariant.after-lock:
- Currently only works for top-level variables (not inside an array, a struct, ...)
- Does not work for accesses through pointers
- At join points asserts all locals, but ideally should only assert ones that are modified in one of the branches
Limitations in general:
- Removes comments, so if the original program had //UNKNOWN assertions, the annotation will be removed and they will fail on the next iteration