Skip to content

Fix var_eq from keeping equalities with pointers to globals #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 24, 2020
Merged

Fix var_eq from keeping equalities with pointers to globals #143

merged 7 commits into from
Nov 24, 2020

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Nov 23, 2020

@sim642 sim642 added bug sv-comp SV-COMP (analyses, results), witnesses unsound labels Nov 23, 2020
@sim642
Copy link
Member Author

sim642 commented Nov 23, 2020

The original pthread-driver-races/char_generic_nvram_read_nvram_write_nvram.i has following in the global invariant:

  • whoop_loff_t -> Address {&(alloc@...)}
  • &(alloc@...) -> Blob (Int)
    I don't understand how NULL isn't in the address set of whoop_loff_t anymore, because it is zero-initialized to that.

In both of the minimized versions I've committed here, the NULL remains there and the malloc also adds unknown pointer:

  • whoop_loff_t -> Address {NULL, ?}
  • &(alloc@...) -> Blob (Bot)
    The PR handles both cases but it'd be great to actually also test that but I'm very confused how the original behavior is even possible.

@sim642 sim642 mentioned this pull request Nov 23, 2020
Closed
9 tasks
@michael-schwarz
Copy link
Member

michael-schwarz commented Nov 23, 2020

I don't understand how NULL isn't in the address set of whoop_loff_t anymore, because it is zero-initialized to that.

We don't have early globals on in sv-comp. And it only goes to multithreading after whoop_loff_t is set if I see it correctly? So this should be the expected behavior, no?

@sim642
Copy link
Member Author

sim642 commented Nov 23, 2020

But the 29/20 I committed should then behave the same way, by starting out single threaded as well, but for whatever reason it doesn't.

@michael-schwarz
Copy link
Member

michael-schwarz commented Nov 24, 2020

But the 29/20 I committed should then behave the same way, by starting out single threaded as well, but for whatever reason it doesn't.

True, that is indeed strange! I'll take a look maybe, I can see what's going on.

@michael-schwarz
Copy link
Member

michael-schwarz commented Nov 24, 2020

If you add #include <stdlib.h> to your example program, it behaves just like the big example.

@michael-schwarz
Copy link
Member

michael-schwarz commented Nov 24, 2020

I think we can merge this now

@sim642
Copy link
Member Author

sim642 commented Nov 24, 2020

If you add #include <stdlib.h> to your example program, it behaves just like the big example.

Of course, thanks for noticing that! I now remember fixing a similar thing in a previous regression test.

It's so annoying though that due to malloc being so specialized we don't have any warnings about it even lacking a declaration and that int is implicitly assumed to be the return type, which really screws with base analysis.

@sim642 sim642 merged commit 82b9093 into master Nov 24, 2020
@sim642 sim642 deleted the fix/var_eq-ptr-global branch November 24, 2020 09:56
@sim642 sim642 added this to the SV-COMP 2021 milestone Nov 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug sv-comp SV-COMP (analyses, results), witnesses unsound

Projects

None yet

Milestone

SV-COMP 2021

Development

Successfully merging this pull request may close these issues.

3 participants

@sim642 @michael-schwarz