Add --expand-pointer-predicates to goto-instrument #4332
Conversation
karkhaz
requested review from
chrisr-diffblue,
danpoe,
hannes-steffenhagen-diffblue,
martin-cs,
peterschrammel,
pkesseli and
smowton
as code owners
karkhaz
force-pushed
the
kk-expand-pointer-predicates
branch
2 times, most recently
from
9deb9dd to
8cf8e62
Compare
karkhaz
force-pushed
the
kk-expand-pointer-predicates
branch
2 times, most recently
from
e5222d7 to
c844655
Compare
The --expand-pointer-predicates pass resolves pointer predicates
(util/pointer_predicates.{cpp, h}) which have side effects and
so require expanding into multiple instructions.
Currently, the only such predicate that needs to be expanded is
__CPROVER_points_to_valid_memory (name subject to change).
The __CPROVER_points_to_valid_memory predicates takes two parameters,
a pointer and a size. Semantically,
__CPROVER_points_to_valid_memory(p, size) should be true if and only
if p points to a memory object which is valid to read/write for at
least size bytes past p. When used in assertions, this will be checked
in a similar manner to how --pointer-check checks validity of a
dereference. When used in assumptions, this predicate creates (if none
exists already) an object for p to refer to, using
local_bitvector_analysis to make that determination, and then makes
assumptions (again corresponding to the assertions made by
--pointer-check) about that object.
This commit adds support for a one-argument form of __CPROVER_points_to_valid_memory, taking only a pointer, with no size. If ptr has type T*, then __CPROVER_points_to_valid_memory(ptr) is equivalent to __CPROVER_points_to_valid_memory(ptr, sizeof(T)).
karkhaz
force-pushed
the
kk-expand-pointer-predicates
branch
from
c844655 to
bc07b78
Compare
|
@karkhaz This is still failing CI. |
karkhaz
force-pushed
the
kk-expand-pointer-predicates
branch
from
bc07b78 to
2ddb39b
Compare
This commit ensures that the second argument to the __CPROVER_points_to_valid_memory directive can be coerced to a size_t, and adds a test to check for the failing case.
karkhaz
force-pushed
the
kk-expand-pointer-predicates
branch
from
2ddb39b to
f53b62b
Compare
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 2ddb39b).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/104266680
|
@tautschnig do you know why the AWS CodeBuild build is failing? I tried re-pushing, it doesn't help. Also, if I want to diagnose this problem in the future, what should I do? I can't currently see the results of that build. |
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: f53b62b).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/104280806
| CORE | ||
| main.c | ||
| --apply-code-contracts | ||
| ^EXIT=1$ |
There was a problem hiding this comment.
This is the cause of the Windows failure: goto-cl exits with exit code 64 on errors (cf. other intentionally-failing tests, git grep -w 64 regression/ansi-c).
| @@ -34,6 +34,8 @@ Author: Daniel Kroening, kroening@kroening.com | |||
| #include "anonymous_member.h" | |||
| #include "padding.h" | |||
|
|
|||
| bool is_lvalue(const exprt &expr); | |||
There was a problem hiding this comment.
This shouldn't be necessary, use #include <util/expr_util.h>
| } | ||
|
|
||
| exprt same_object_expr; | ||
| if(expr.arguments().size() == 2) |
There was a problem hiding this comment.
This is established above, no need to check again.
| { | ||
| UNREACHABLE; | ||
| } | ||
| same_object_expr.add_source_location() = source_location; |
There was a problem hiding this comment.
Maybe points_to_valid_memory should actually take a source_locationt as an additional argument?
| new_tmp_symbol(const typet &type, const source_locationt &source_location); | ||
| }; | ||
|
|
||
| bool is_lvalue(const exprt &expr); |
There was a problem hiding this comment.
This shouldn't be necessary, use #include <util/expr_util.h>
| d->source_location = assume_expr.source_location(); | ||
| const symbol_exprt obj = | ||
| new_tmp_symbol(object_type, d->source_location).symbol_expr(); | ||
| d->code = code_declt(obj); |
There was a problem hiding this comment.
Please use the recently added API doing assume_code.add(goto_programt::make_decl(...)); to combine most of the above into a single instruction.
| goto_programt::targett a = assume_code.add_instruction(ASSIGN); | ||
| a->source_location = assume_expr.source_location(); | ||
| a->code = code_assignt(pointer_expr, rhs); | ||
| a->code.add_source_location() = assume_expr.source_location(); |
There was a problem hiding this comment.
Use assume_code.add(goto_programt::make_assign(...));
| { | ||
| return get_fresh_aux_symbol( | ||
| type, | ||
| id2string(source_location.get_function()), |
There was a problem hiding this comment.
If possible, please use the actual function identifier as found in the function map instead of this user-level name. This will require passing in such an additional irep_idt to new_tmp_symbol.
| #include "namespace.h" | ||
| #include "arith_tools.h" | ||
| #include <algorithm> | ||
| #include <unordered_set> |
There was a problem hiding this comment.
Leave the STL includes where they were, separated by a blank line.
| { | ||
| err_location(f_op); | ||
| error().source_location = f_op.source_location(); |
There was a problem hiding this comment.
I'd prefer for those changes to be squashed into the earlier commit as otherwise that code wouldn't compile (which makes bisecting hard).
|
Closing as this has been untouched for a couple of years. Please feel free to re-open/update if you believe this closure is erroneous. |
This patchset adds
__CPROVER_points_to_valid_memory. It tells CBMC that an object of a particular size is pointed to by a pointer, and can be used in assertions and assumptions.It also adds the
--expand-pointer-predicatesflag to goto-instrument, which expands the__CPROVER_points_to_valid_memorydirective. This is in preparation for future commits that will introduce more pointer predicates having side effects, which will need to be expanded into multiple instructions.