Skip to content

Fix var_eq analysis not invalidating escaped variable #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 24, 2020
Merged

Fix var_eq analysis not invalidating escaped variable #142

merged 4 commits into from
Nov 24, 2020

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Nov 23, 2020

This is the source of unsoundness for SV-COMP goblint-regression/28-race_reach_45-escape_racing.yml (issue #141), which is actually from our regression suite. There it doesn't fail because it's run without var_eq.

var_eq keeps the equality i == 0 after i escapes through the 4th argument of pthread_create. Changing LibraryFunctions to invalidate that argument also fixes this test, but breaks 05/17. Because of this I'm not sure if this is the right fix or maybe there's something better to do.

I suspect not because our invalidation and var_eq are quite ignorant about passing pointers. In one case &i is passed, in the other only p. The thing is that the argument (which is a pointer) itself wouldn't be changed by such pthread_create but only whatever the argument points to.

Another oddity is that base also doesn't invalidate i in that example. But only later when it is read (for the assertion), the global invariant is used instead because according to escape it has escaped.

@sim642
Add simplified test from 28/45 where var_eq analysis is unaware of es…
227eed1 
…caped variable (issue #141)
@sim642
Fix pthread_create invalidation (issue #141)
80abe48 
Last argument of pthread_create may also be invalidated.
@sim642 sim642 added bug unsound sv-comp SV-COMP (analyses, results), witnesses labels Nov 23, 2020
@sim642 sim642 mentioned this pull request Nov 23, 2020
Closed
9 tasks
@sim642
Copy link
Member Author

sim642 commented Nov 23, 2020

Hard-coding the pthread_create argument invalidation only to var_eq seems to fix the issue without introducing a regression.

I guess it wasn't set to invalidate in LibraryFunctions to avoid generating a spurious write access directly on pthread_create itself.

@sim642 sim642 merged commit 725b7f4 into master Nov 24, 2020
@sim642 sim642 deleted the fix/var_eq-escape branch November 24, 2020 09:55
@sim642 sim642 added this to the SV-COMP 2021 milestone Nov 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug sv-comp SV-COMP (analyses, results), witnesses unsound

Projects

None yet

Milestone

SV-COMP 2021

Development

Successfully merging this pull request may close these issues.

2 participants

@sim642