Skip to content

Structhack support is broken #5213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xbauch opened this issue Jan 15, 2020 · 2 comments
Open

Structhack support is broken #5213

xbauch opened this issue Jan 15, 2020 · 2 comments
Labels
wontfix

Comments

@xbauch
Copy link
Contributor

xbauch commented Jan 15, 2020 

#include <malloc.h>
#include <assert.h>

struct Foo
{
  int i;
  char data[1];
};

int main()
{
  struct Foo* foo = malloc(sizeof(struct Foo) + sizeof(char)*2);
  assert(foo);
  foo->data[0]='a';
  assert(foo->data[0]=='a'); // always succeeds
  foo->data[1]='b'; // set data[1]
  assert(foo->data[1]=='b'); // check data[1] -- should succeed
  foo->data[2]='c'; // set data[2]
  assert(foo->data[1]=='b'); //check data[1] again (same test, but fails)

  return 0;
}

CBMC version: 5.12 (develop)
Operating system: ubuntu 18.04
Exact command line resulting in the issue: $> cbmc main.c
What behaviour did you expect: all assert succed
What happened instead: the last assert fails

We already have a regression test (cbmc/Pointer_byte_extract5) that expoits the undefined behaviour (originating from SV-COMP), so I guess if we want to keep it around we should fix it properly.
@hannes-steffenhagen-diffblue
Copy link
Contributor

FWIW the C standard only really allows this sort of thing for flexible array members, which can not have a size.

xbauch pushed a commit to xbauch/cbmc that referenced this issue Jan 17, 2020
@petr-bauch
Re-implement inside stdlib.c
c7a0d53 
will be squashed.

Note: this also introduces some new overflow checks. Also the pre-structhack in
test `cbmc/Pointer_byte_extract5` no longer works with `--no-simplify`. But as
the issue diffblue#5213 shows, CBMC has a much bigger problem with that. So we propose
the rewrite the test to use the standard, flexible-array, approach.
@tautschnig
Copy link
Collaborator

I've tagged this "wontfix" for now and will leave it open for documentation purposes: This test works fine when using an array of size zero or leaving the array size unspecified (making it a proper flexible array member).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tautschnig @xbauch @hannes-steffenhagen-diffblue