Skip to content

goto-symex: expand unknown points-to values to all objects #6442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 13 commits into
base: develop
Choose a base branch
from
Draft

goto-symex: expand unknown points-to values to all objects #6442

wants to merge 13 commits into from

Conversation

tautschnig
Copy link
Collaborator

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • n/a My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@tautschnig tautschnig self-assigned this Nov 5, 2021
tautschnig and others added 13 commits November 29, 2021 11:53
@tautschnig
Extend unit test of bits2expr/expr2bits with struct type
1066d2c 
Structs with sub-byte bit fields demonstrate that big-endian ordering
also re-orders the bits within a byte. An executable variant of this
unit test was validated on mips (using qemu-mips), demonstrating the
same bit ordering.

No bug fixes/code changes required, this test just confirms that our
endianness interpretation matches actual hardware.
@tautschnig
bv_typet is also sensitive to endianness
5a57241 
The bits within an object of bv_typet are ordered depending on
endianness. This is consistent with typecasts to/from bv_typet of some
other bitvector type, which do not alter the sequence of bits.
@kroening @tautschnig
enable nondeterministic pointers
62a4f13 
This commit enables the use of nondeterministic pointers, to allow
declarative modeling of states that include pointers.
@tautschnig
Support extractbits with out-of-bounds limits
abb0f34 
Byte extract already supports access beyond the bounds of the object
being extracted from. Any bits outside bounds are free variables.
extractbits now equally supports this case (via free variables).
@tautschnig
goto-symex: expand unknown points-to values to all objects
8b5e938 
Non-deterministic pointers should consider all possible objects.
goto-symex is aware of all current objects, and can thus expand
points-to values of "unknown" to all current objects (leaving the
pointer offset unconstrained).
@tautschnig
goto-symex: initialisation of pointers is no longer necessary
6cc4f98 
goto-symex now treats empty value sets as dereferences to all current
objects. Therefore, there is no need to initialise the value set for
pointer-typed objects upon declaration.
@tautschnig
Fix for nondet pointers all objects
bce9228
@tautschnig
Revert "Fix for nondet pointers all objects"
1c1126a 
This reverts commit 5723e39725bb59bcd55536f8a8c495226de88949.
@tautschnig
Revert "goto-symex: initialisation of pointers is no longer necessary"
d67b538 
This reverts commit be0770dbe596d69a134ef08cdaa6a95962e46ee2.
@tautschnig
Revert "goto-symex: expand unknown points-to values to all objects"
df48549 
This reverts commit f105968f58e481b29afc82c1f237c0eceef2028d.
@tautschnig
Unit test lower_byte_extract to/from an array of bits
bd41e25 
Byte operator lowering made several assumptions about array elements
being byte aligned, which may be true for ANSI C, but isn't the case for
our C front-end (which supports arrays of single bits), and not true for
the overall framework in general.
@tautschnig
Unit test lower_byte_update of/from an array of bits
18ac0b4 
Byte operator lowering made several assumptions about array elements
being byte aligned, which may be true for ANSI C, but isn't the case for
our C front-end (which supports arrays of single bits), and not true for
the overall framework in general.
@tautschnig
bits WIP
84d6532
@tautschnig tautschnig mentioned this pull request Nov 29, 2021
Merged
3 tasks
@codecov
Copy link

codecov bot commented Nov 29, 2021

Codecov Report

Merging #6442 (84d6532) into develop (f5789d0) will increase coverage by 0.00%.
The diff coverage is 91.71%.

Impacted file tree graph

@@            Coverage Diff            @@
##           develop    #6442    +/-   ##
=========================================
  Coverage    76.04%   76.04%            
=========================================
  Files         1546     1546            
  Lines       165485   165610   +125     
=========================================
+ Hits        125836   125932    +96     
- Misses       39649    39678    +29
Impacted Files Coverage Δ
src/solvers/flattening/boolbv_extractbits.cpp 62.85% <47.61%> (-26.04%) ⬇️
src/solvers/lowering/byte_operators.cpp 91.33% <92.79%> (-0.91%) ⬇️
src/pointer-analysis/value_set.cpp 82.94% <100.00%> (+1.75%) ⬆️
src/util/endianness_map.cpp 62.06% <100.00%> (-14.60%) ⬇️
unit/solvers/lowering/byte_operators.cpp 100.00% <100.00%> (ø)
unit/util/simplify_expr.cpp 99.66% <100.00%> (+0.01%) ⬆️
src/big-int/bigint.cc 87.36% <0.00%> (-1.49%) ⬇️
src/big-int/bigint.hh 97.29% <0.00%> (-0.21%) ⬇️
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0d62ff5...84d6532. Read the comment docs.

martin-cs
martin-cs reviewed Nov 30, 2021
View reviewed changes
Copy link
Collaborator

@martin-cs martin-cs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that this is being split out and merged as separate PRs. Is it worth reviewing?

@tautschnig
Copy link
Collaborator Author

It seems that this is being split out and merged as separate PRs. Is it worth reviewing?

Not quite, I'm afraid. But ultimately the only interesting commits to remain should be "goto-symex: expand unknown points-to values to all objects" and "goto-symex: initialisation of pointers is no longer necessary". Feel free to look at these and comment! Everything else will go in PRs of its own/has already been PR'ed.

@kroening kroening mentioned this pull request Dec 1, 2021
Merged
4 tasks
@tautschnig tautschnig mentioned this pull request Dec 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-cs martin-cs martin-cs left review comments

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel will be requested when the pull request is marked ready for review peterschrammel is a code owner

@kroening kroening Awaiting requested review from kroening kroening will be requested when the pull request is marked ready for review kroening is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@tautschnig tautschnig

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tautschnig @martin-cs @kroening