Skip to content

byte_update against a pointer shouldn't be fatal #4185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

byte_update against a pointer shouldn't be fatal #4185

wants to merge 1 commit into from

Conversation

smowton
Copy link
Contributor

@smowton smowton commented Feb 13, 2019

This can happen in inaccessible code, so it doesn't seem necessary to kill the whole process.

For example, a program might do something like

f(bool unknown) {
  int i = 0;
  void *ptr = nullptr;
  void *i_or_ptr = unknown ? &i : &ptr;
  if(unknown)
    ((int*)i_or_ptr) = 1;
}

This doesn't do anything unsafe, but symex might produce a byte-update against ptr regardless based on the incorrect assumption that unknown may have changed between lines 4 and 5. Therefore I argue we shouldn't unconditionally reject such an expression.

I raise this now because with #3725 applied we get byte-update expressions against pointers which were previously hidden as byte-extract + with. The meaning of the expression is the same, but it trips this path, indicating the invariant also fails to find all cases where pointers are updated byte-wise.

@smowton
byte_update against a pointer shouldn't be fatal
b778bea 
This can happen in inaccessible code, so it doesn't seem necessary to kill the whole process
@smowton smowton mentioned this pull request Feb 13, 2019
Closed
3 tasks
@tautschnig
Copy link
Collaborator

Hmm, maybe I could instead get #4121 reviewed so that I can make progress on #2068 and the PRs I'm factoring out from it? Once #2068 is in we shouldn't have any byte operations on pointers hitting the back-end anymore. Let's please not allow unsoundness creep back in.

allredj
allredj reviewed Feb 13, 2019
View reviewed changes
Copy link
Contributor

@allredj allredj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️
Passed Diffblue compatibility checks (cbmc commit: b778bea).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/100824571

@smowton
Copy link
Contributor Author

smowton commented Feb 14, 2019

Marking do not merge on the assumption #2068 makes this redundant

@smowton
Copy link
Contributor Author

smowton commented Feb 19, 2019

It did indeed

@smowton smowton closed this Feb 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@allredj allredj allredj left review comments

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@martin-cs martin-cs Awaiting requested review from martin-cs martin-cs is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

@tautschnig tautschnig Awaiting requested review from tautschnig tautschnig is a code owner

Assignees
No one assigned
Labels
do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smowton @tautschnig @allredj