diff --git a/regression/cbmc/path-branch-pointer-call/main.c b/regression/cbmc/path-branch-pointer-call/main.c new file mode 100644 index 00000000000..fcca74e6fec --- /dev/null +++ b/regression/cbmc/path-branch-pointer-call/main.c @@ -0,0 +1,17 @@ +int foo(int *x) +{ + if(*x) + { + int y = 9; + } + else + { + int z = 4; + } +} + +int main() +{ + int x; + foo(&x); +} diff --git a/regression/cbmc/path-branch-pointer-call/test.desc b/regression/cbmc/path-branch-pointer-call/test.desc new file mode 100644 index 00000000000..5ea1d977cab --- /dev/null +++ b/regression/cbmc/path-branch-pointer-call/test.desc @@ -0,0 +1,8 @@ +CORE +main.c +--paths lifo +^EXIT=0$ +^SIGNAL=0$ +^VERIFICATION SUCCESSFUL$ +-- +^warning: ignoring diff --git a/src/goto-symex/goto_symex.h b/src/goto-symex/goto_symex.h index 5f763d1559d..e13bf576cab 100644 --- a/src/goto-symex/goto_symex.h +++ b/src/goto-symex/goto_symex.h @@ -12,8 +12,6 @@ Author: Daniel Kroening, kroening@kroening.com #ifndef CPROVER_GOTO_SYMEX_GOTO_SYMEX_H #define CPROVER_GOTO_SYMEX_GOTO_SYMEX_H -#include - #include #include @@ -468,8 +466,6 @@ class goto_symext void rewrite_quantifiers(exprt &, statet &); path_storaget &path_storage; - - std::unordered_map safe_pointers; }; #endif // CPROVER_GOTO_SYMEX_GOTO_SYMEX_H diff --git a/src/goto-symex/goto_symex_state.h b/src/goto-symex/goto_symex_state.h index 6051d034ac9..60623bfc26f 100644 --- a/src/goto-symex/goto_symex_state.h +++ b/src/goto-symex/goto_symex_state.h @@ -16,6 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include +#include #include #include @@ -197,6 +198,8 @@ class goto_symex_statet final l1_typest l1_types; public: + std::unordered_map safe_pointers; + // uses level 1 names, and is used to // do dereferencing value_sett value_set; @@ -211,6 +214,7 @@ class goto_symex_statet final symex_targett::sourcet source; propagationt propagation; unsigned atomic_section_id; + std::unordered_map safe_pointers; explicit goto_statet(const goto_symex_statet &s): depth(s.depth), @@ -219,7 +223,8 @@ class goto_symex_statet final guard(s.guard), source(s.source), propagation(s.propagation), - atomic_section_id(s.atomic_section_id) + atomic_section_id(s.atomic_section_id), + safe_pointers(s.safe_pointers) { } @@ -247,6 +252,7 @@ class goto_symex_statet final guard(s.guard), source(s.source), propagation(s.propagation), + safe_pointers(s.safe_pointers), value_set(s.value_set), atomic_section_id(s.atomic_section_id) { diff --git a/src/goto-symex/symex_dereference.cpp b/src/goto-symex/symex_dereference.cpp index 26c8a5bccc4..7fcec279a2c 100644 --- a/src/goto-symex/symex_dereference.cpp +++ b/src/goto-symex/symex_dereference.cpp @@ -247,7 +247,7 @@ void goto_symext::dereference_rec( state.get_original_name(to_check); expr_is_not_null = - safe_pointers.at(expr_function).is_safe_dereference( + state.safe_pointers.at(expr_function).is_safe_dereference( to_check, state.source.pc); } } diff --git a/src/goto-symex/symex_function_call.cpp b/src/goto-symex/symex_function_call.cpp index c54cff92849..073f58daf2c 100644 --- a/src/goto-symex/symex_function_call.cpp +++ b/src/goto-symex/symex_function_call.cpp @@ -225,7 +225,7 @@ void goto_symext::symex_function_call_code( state.dirty.populate_dirty_for_function(identifier, goto_function); auto emplace_safe_pointers_result = - safe_pointers.emplace(identifier, local_safe_pointerst{ns}); + state.safe_pointers.emplace(identifier, local_safe_pointerst{ns}); if(emplace_safe_pointers_result.second) emplace_safe_pointers_result.first->second(goto_function.body); diff --git a/src/goto-symex/symex_main.cpp b/src/goto-symex/symex_main.cpp index 3123a5f1d5c..587c4305e1c 100644 --- a/src/goto-symex/symex_main.cpp +++ b/src/goto-symex/symex_main.cpp @@ -136,7 +136,7 @@ void goto_symext::initialize_entry_point( const goto_functiont &entry_point_function = get_goto_function(pc->function); auto emplace_safe_pointers_result = - safe_pointers.emplace(pc->function, local_safe_pointerst{ns}); + state.safe_pointers.emplace(pc->function, local_safe_pointerst{ns}); if(emplace_safe_pointers_result.second) emplace_safe_pointers_result.first->second(entry_point_function.body);