Skip to content

Difference in output of --enum-range-check in goto-instrument and cbmc #6451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gsingh93 opened this issue Nov 10, 2021 · 2 comments
Closed

Difference in output of --enum-range-check in goto-instrument and cbmc #6451

gsingh93 opened this issue Nov 10, 2021 · 2 comments
Labels
pending merge

Comments

@gsingh93
Copy link

gsingh93 commented Nov 10, 2021
edited
Loading

CBMC version: 5.43.0
Operating system: Debian
Exact command line resulting in the issue: ~/cbmc/build/bin/cbmc out.gb --function bar
What behaviour did you expect: No violations
What happened instead: One violation

From other issues I've filed on here, I'm finding that while goto-instrument and cbmc share many options, the behavior between them sometimes differs. Can we document these differences on the website?

In this particular case, this is the problematic code:

typedef enum {
  SUCCESS,
  FAILURE,
} Foo;

Foo foo() {
  return SUCCESS;
}

void bar() {
  Foo f = foo();
}

The following works as expected, and all checks pass:

$ cbmc test.c --function bar --enum-range-check
...
** Results:
/path/to/test.c function bar
[bar.enum-range-check.1] line 11 enum range check in foo#return_value: SUCCESS
[bar.enum-range-check.2] line 11 enum range check in return_value_foo: SUCCESS

** 0 of 2 failed (1 iterations)
VERIFICATION SUCCESSFUL

However, if I add the check with goto-instrument, I see a violation reported:

$ goto-cc test.c -o test.gb
$ goto-instrument --enum-range-check test.gb test-instrumented.gb
$ cbmc test-instrumented.gb --function bar
...
** Results:
/path/to/test.c function bar
[bar.enum-range-check.1] line 11 enum range check in return_value_foo: FAILURE
[bar.enum-range-check.2] line 11 enum range check in return_value_foo: SUCCESS

** 1 of 2 failed (2 iterations)
VERIFICATION FAILED

Any thoughts on why this is happening? Is there a general recommendation about where I should add any check? Should I always add them in the cbmc call or are there times where it's beneficial to add them to the goto-instrument call?
@tautschnig
Copy link
Collaborator

With apologies for taking this long to respond: more recent versions of CBMC will also yield this (spurious!) verification failure, because CBMC no longer performs return-value removal (as of 80fe6ff). The bug will be fixed once #6594 is merged.

tautschnig added a commit to tautschnig/cbmc that referenced this issue Jan 19, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
d3f7c6a 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
tautschnig added a commit to tautschnig/cbmc that referenced this issue Jan 27, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
ba1fa6a 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
tautschnig added a commit to tautschnig/cbmc that referenced this issue Jan 28, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
04af3af 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
tautschnig added a commit to tautschnig/cbmc that referenced this issue Feb 1, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
249a07e 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
tautschnig added a commit to tautschnig/cbmc that referenced this issue Feb 1, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
b8585bf 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
tautschnig added a commit to tautschnig/cbmc that referenced this issue Feb 6, 2022
@tautschnig @ilvn
Do not generate enum-value checks for function call left-hand sides
7597f90 
We already disabled these checks for assignment left-hand sides, but
need to do the same for function calls. Else we'd be asserting validity
before the value has been assigned.

Fixes: diffblue#6586, diffblue#6451

Co-authored-by: Ilia Levin <[email protected]>
@tautschnig
Copy link
Collaborator

Closing as #6594 has been merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending merge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gsingh93 @tautschnig