@@ -41,9 +41,10 @@ static const slicet normalize_to_slice(const exprt &expr, const namespacet &ns)
4141 size.has_value (),
4242 " `sizeof` must always be computable on l-value assigns clause targets."
4343
44- return {typecast_exprt::conditional_cast (
45- address_of_exprt{expr}, pointer_type (char_type ())),
46- typecast_exprt::conditional_cast (size.value (), signed_size_type ())};
44+ return {
45+ typecast_exprt::conditional_cast (
46+ address_of_exprt{expr}, pointer_type (char_type ())),
47+ typecast_exprt::conditional_cast (size.value (), signed_size_type ())};
4748 }
4849
4950 UNREACHABLE;
@@ -72,9 +73,11 @@ assigns_clauset::conditional_address_ranget::conditional_address_ranget(
7273 validity_condition_var(
7374 generate_new_symbol (" __car_valid"
7475 lower_bound_address_var(
75- generate_new_symbol (" __car_lb"
76+ generate_new_symbol (" __car_lb"
77+ .symbol_expr()),
7678 upper_bound_address_var(
77- generate_new_symbol (" __car_ub"
79+ generate_new_symbol (" __car_ub"
80+ .symbol_expr())
7881{
7982}
8083
@@ -90,9 +93,12 @@ assigns_clauset::conditional_address_ranget::generate_snapshot_instructions()
9093 location_no_checks.add_pragma (" disable:pointer-primitive-check"
9194 location_no_checks.add_pragma (" disable:pointer-overflow-check"
9295
93- instructions.add (goto_programt::make_decl (validity_condition_var, location_no_checks));
94- instructions.add (goto_programt::make_decl (lower_bound_address_var, location_no_checks));
95- instructions.add (goto_programt::make_decl (upper_bound_address_var, location_no_checks));
96+ instructions.add (
97+ goto_programt::make_decl (validity_condition_var, location_no_checks));
98+ instructions.add (
99+ goto_programt::make_decl (lower_bound_address_var, location_no_checks));
100+ instructions.add (
101+ goto_programt::make_decl (upper_bound_address_var, location_no_checks));
96102
97103 instructions.add (goto_programt::make_assignment (
98104 lower_bound_address_var,
@@ -104,7 +110,8 @@ assigns_clauset::conditional_address_ranget::generate_snapshot_instructions()
104110 location_no_checks));
105111
106112 goto_programt skip_program;
107- const auto skip_target = skip_program.add (goto_programt::make_skip (location_no_checks));
113+ const auto skip_target =
114+ skip_program.add (goto_programt::make_skip (location_no_checks));
108115
109116 const auto validity_check_expr = and_exprt{
110117 all_dereferences_are_valid (source_expr, parent.ns ),
@@ -118,14 +125,16 @@ assigns_clauset::conditional_address_ranget::generate_snapshot_instructions()
118125 instructions.add (goto_programt::make_assignment (
119126 lower_bound_address_var, slice.first , location_no_checks));
120127
128+ source_locationt location_overflow_check = location;
129+ location_overflow_check.add_pragma (" enable:pointer-overflow-check"
130+
121131 instructions.add (goto_programt::make_assignment (
122132 upper_bound_address_var,
123133 minus_exprt{
124134 plus_exprt{slice.first , slice.second },
125135 from_integer (1 , slice.second .type ())},
126- // TODO activate pointer-overflow checks
127- // keeping checks since the pointer addition can overflow
128- location));
136+ // activate pointer-overflow checks to guard against overflow on this addition
137+ location_overflow_check));
129138 instructions.destructive_append (skip_program);
130139 return instructions;
131140}
@@ -137,8 +146,8 @@ assigns_clauset::conditional_address_ranget::generate_unsafe_inclusion_check(
137146 return conjunction (
138147 {validity_condition_var,
139148 same_object (lower_bound_address_var, lhs.lower_bound_address_var ),
140- // should become redudant if they are derived from the same object and no pointer overflow
141- same_object (lhs.upper_bound_address_var , upper_bound_address_var),
149+ // redudant now that we guard against pointer overflow
150+ // same_object(lhs.upper_bound_address_var, upper_bound_address_var),
142151 less_than_or_equal_exprt{
143152 pointer_offset (lower_bound_address_var),
144153 pointer_offset (lhs.lower_bound_address_var )},
0 commit comments