-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
saw-core
: Fix bug involving incorrect maximum values in selectV
#1808
base: master
Are you sure you want to change the base?
Conversation
The `selectV` function had a `maxValue` argument that, in principle, was supposed to represent the largest possible value of the index argument (treated as a big-endian list of bits). In practice, however, this was always given the length of the vector being indexed into minus 1! This led to subtle issues where indexing vectors with seemingly out-of-bounds indices would succeed, since the index value would be clamped to the length of the vector minus 1, which is always in bounds. This patch fixes the bug. Moreover, it turns out that the `maxValue` argument is not actually needed to do `selectV`'s job, as its implementation always upholds the invariant that the bitmask that it computes never exceeds the largest possible value of the index argument. To make the code simpler, I have removed the `maxValue` argument entirely, and I have added some more comments in `selectV` in `saw-core`, as well as its cousins in `saw-core-sbv` and `saw-core-what4`, to explain why this works. Fixes #1807.
It looks like this isn't quite right, as there are now some integration tests that are failing, e.g.,
I will mark this as a draft until I figure out what is going on. |
Here is a relatively small example of the bug, which has been extracted from // set.c
void set(int *a, int i, int v) {
a[i] = v;
}
|
Another bug (which I suspect is unrelated to the one in #1808 (comment)) is taken from
There is another occurrence of this |
This has ended up being a much deeper rabbit-hole than I expected. After looking further, I think that the implementation in this PR is actually correct, but implementing it has expected an entirely different bug in #1820. I've left some commentary on that issue about how it related to the main issue at hand, namely #1807. I'm not sure of how we can fix these issues without first addressing #1820. |
The
selectV
function had amaxValue
argument that, in principle, was supposed to represent the largest possible value of the index argument (treated as a big-endian list of bits). In practice, however, this was always given the length of the vector being indexed into minus 1! This led to subtle issues where indexing vectors with seemingly out-of-bounds indices would succeed, since the index value would be clamped to the length of the vector minus 1, which is always in bounds.This patch fixes the bug. Moreover, it turns out that the
maxValue
argument is not actually needed to doselectV
's job, as its implementation always upholds the invariant that the bitmask that it computes never exceeds the largest possible value of the index argument. To make the code simpler, I have removed themaxValue
argument entirely, and I have added some more comments inselectV
insaw-core
, as well as its cousins insaw-core-sbv
andsaw-core-what4
, to explain why this works.Fixes #1807.