Skip to content

Fix base Invariant query lval and offset handling #861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 19, 2022
Merged

Fix base Invariant query lval and offset handling #861

merged 3 commits into from
Oct 19, 2022

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Oct 19, 2022

In #855 (comment) an issue was revealed with base invariant dereferenced pointer offsets. The behavior of appending offsets to lvals as they're traversed was added in #819, but due to messy lval and offset handling in this code, I believe I did it incorrectly at the time.

Behavior before #819

  • An invariant query for the lval s.f (field on a struct) started from variable s traversing to .f and starting from lval s. The field was not appended to lval, so field invariant was incorrectly about s.
  • An invariant query for all variables, but containing a pointer p = &s.f started dereferencing from variable s traversing to .f and starting from lval *p. The field was not appended to lval, so dereferenced invariant was correctly about s.f.

Current behavior after #819

  • An invariant query for the lval s.f (field on a struct) started from variable s traversing to .f and starting from lval s. The field was appended to lval, so field invariant was correctly about s.f.
  • An invariant query for all variables, but containing a pointer p = &s.f started dereferencing from variable s traversing to .f and starting from lval *p. The field was appended to lval, so dereferenced invariant was incorrectly about s.f.f, which is non-existent.

Behavior after this PR

  • An invariant query for the lval s.f (field on a struct) starts from variable s traversing to .f and starting from lval s.f (note change). The field is not appended to lval, so field invariant is correctly about s.f.
  • An invariant query for all variables, but containing a pointer p = &s.f starts dereferencing from variable s traversing to .f and starting from lval *p. The field is not appended to lval, so dereferenced invariant is correctly about s.f.

In conclusion, the fix is to revert back to not appending offsets to lvals when traversing them for the invariant, so dereferenced invariants are correct. But to fix queries for specific lvals, the key is to start with the precise lval (and not append offsets) instead of starting with just the variable (and appending offsets).
The situation should be analogous with unions.

@sim642 sim642 added the bug label Oct 19, 2022
@sim642 sim642 requested a review from jerhard October 19, 2022 10:06
@sim642 sim642 mentioned this pull request Oct 19, 2022
Merged
5 tasks
@sim642 sim642 merged commit 3456d30 into master Oct 19, 2022
@sim642 sim642 deleted the base-invariant-lvals branch October 19, 2022 11:15
@sim642 sim642 added the hacktoberfest-accepted https://hacktoberfest.digitalocean.com/ label Oct 19, 2022
@sim642 sim642 added this to the SV-COMP 2023 milestone Oct 19, 2022
jerhard added a commit that referenced this pull request Oct 19, 2022
@jerhard
Merge #861
d85be1f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerhard jerhard jerhard approved these changes

Assignees

No one assigned

Labels

bug hacktoberfest-accepted https://hacktoberfest.digitalocean.com/

Projects

None yet

Milestone

SV-COMP 2023

Development

Successfully merging this pull request may close these issues.

3 participants

@sim642 @jerhard