Skip to content

make_binary must not mess up types when dealing with pointers #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 3, 2017
Merged

make_binary must not mess up types when dealing with pointers #31

merged 1 commit into from
Apr 3, 2017

Conversation

tautschnig
Copy link
Collaborator

No description provided.

@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 2bcdf73 to 03155c0 Compare April 3, 2016 09:49
@kroening kroening self-assigned this Apr 18, 2016
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 03155c0 to bf2126d Compare May 18, 2016 17:11
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from bf2126d to 53600dd Compare May 30, 2016 11:43
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 53600dd to 62f200e Compare June 21, 2016 07:12
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 62f200e to dbc63b1 Compare July 20, 2016 15:22
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from dbc63b1 to 299f33d Compare November 5, 2016 22:23
@peterschrammel
Copy link
Member

@tautschnig, @kroening, anything controversial about merging this?

@tautschnig
Copy link
Collaborator Author

The only question I'm aware of was a missing regression test or any kind of example where errors had been triggered. As far as I recall, this would only become necessary when using dereferencet (pointer-analysis/dereference.h).

@kroening
Copy link
Member

I looked at this; I'd say that the multi-ary expressions should not be used for pointer arithmetic to begin with. The rule should be that all operands in a multi-ary expression must have the same type.

@tautschnig
Copy link
Collaborator Author

@kroening make_binary isn't used widely, git grep -l make_binary suggests that 3/8 users are pointer-related:

analyses/goto_check.cpp
analyses/local_bitvector_analysis.cpp
analyses/local_may_alias.cpp
goto-symex/adjust_float_expressions.cpp
pointer-analysis/dereference.cpp
solvers/prop/bdd_expr.cpp
solvers/refinement/refine_arithmetic.cpp
solvers/smt2/smt2_conv.cpp
util/expr_util.cpp
util/expr_util.h

I'll try to clean this up and remove the source of multi-ary pointer expressions (that should be the simplifier).

@kroening
Copy link
Member

Thank you! If we wanted to be very conservative, we could check the rule "all operands must have same type" with an assertion, while at it.

@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch 2 times, most recently from bcc5503 to 04c5c73 Compare January 25, 2017 22:11
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 04c5c73 to 9ca475b Compare February 22, 2017 13:19
@tautschnig tautschnig assigned kroening and unassigned tautschnig Feb 22, 2017
@tautschnig
Copy link
Collaborator Author

I haven't tweaked the simplifier, but instead removed all uses of make_binary in contexts where such would not be safe - and added a check in make_binary to make sure no future such use creeps in.

@tautschnig
make_binary is not safe to use when types are mixed
13dfd5a 
Removed use of make_binary in pointer contexts, as pointer arithmetic
yields expressions that include pointer and non-pointer type operands,
with the overall expression type being that of the pointer.
@tautschnig tautschnig force-pushed the make_binary-vs-pointers branch from 9ca475b to 13dfd5a Compare March 27, 2017 17:07
@kroening kroening merged commit 0889178 into diffblue:master Apr 3, 2017
@tautschnig tautschnig deleted the make_binary-vs-pointers branch April 4, 2017 13:43
smowton added a commit to smowton/cbmc that referenced this pull request May 9, 2018
@smowton
Merge pull request diffblue#31 from diffblue/smowton/bugfix/init_evs
ef01039 
Fix external value set init
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kroening kroening

Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tautschnig @peterschrammel @kroening