Skip to content

CONTRACTS: handle locals with composite types when checking assigns clauses #6818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 22, 2022
Merged

CONTRACTS: handle locals with composite types when checking assigns clauses #6818

merged 1 commit into from
Apr 22, 2022

Conversation

remi-delmas-3000
Copy link
Collaborator

@remi-delmas-3000 remi-delmas-3000 commented Apr 20, 2022
edited
Loading

We now detect and skip checking assignments to members of local symbols that have composite types (i.e. local objects are not explicitly tracked and assignments to them are implicitly allowed).
As a results OOB accesses to locals must be checked using --pointer-checks.

Before, these assignments would cause assigns clause checking to systematically fail, because the targets are not tracked in the write set.

Added debug output prints (when --verbosity 10) to give users insight into which targets are tracked, which local statics are automatically included in the write set, which assignments are checked or skipped.

  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@remi-delmas-3000 remi-delmas-3000 force-pushed the assigns-clause-local-arrays branch from 9766e9f to 78f92c9 Compare April 20, 2022 22:29
tautschnig
tautschnig approved these changes Apr 20, 2022
View reviewed changes
src/goto-instrument/contracts/utils.h Outdated
@@ -190,6 +190,34 @@ class cfg_infot
return locals.is_local(ident) || symbol.is_parameter;
}

/// Returns true iff `expr` is a composite type access on a locally declared
/// or parameter symbol, without any dereference operations.
bool is_access_to_local_composite(const exprt &expr) const
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe typecasts and byte extract expressions are also possible left-hand sides in goto programs.

@remi-delmas-3000 remi-delmas-3000 force-pushed the assigns-clause-local-arrays branch from 78f92c9 to 4bc8724 Compare April 20, 2022 22:42
@codecov
Copy link

codecov bot commented Apr 20, 2022
edited
Loading

Codecov Report

Merging #6818 (d0b5fb4) into develop (bf66073) will increase coverage by 0.00%.
The diff coverage is 89.15%.

@@           Coverage Diff            @@
##           develop    #6818   +/-   ##
========================================
  Coverage    77.00%   77.01%           
========================================
  Files         1594     1594           
  Lines       184345   184417   +72     
========================================
+ Hits        141957   142021   +64     
- Misses       42388    42396    +8
Impacted Files Coverage Δ
...oto-instrument/contracts/instrument_spec_assigns.h 94.73% <ø> (ø)
src/goto-instrument/contracts/utils.h 83.01% <66.66%> (-16.99%) ⬇️
...o-instrument/contracts/instrument_spec_assigns.cpp 97.42% <100.00%> (+0.27%) ⬆️
src/ansi-c/anonymous_member.cpp 97.43% <0.00%> (+2.56%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d608d2...d0b5fb4. Read the comment docs.

@jimgrundy jimgrundy added aws Bugs or features of importance to AWS CBMC users aws-high labels Apr 20, 2022
@remi-delmas-3000 remi-delmas-3000 force-pushed the assigns-clause-local-arrays branch 2 times, most recently from 4838f54 to 632828a Compare April 21, 2022 16:56
feliperodri
feliperodri approved these changes Apr 22, 2022
View reviewed changes
Copy link
Collaborator

@feliperodri feliperodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @remi-delmas-3000! Only minor comments.

src/goto-instrument/contracts/utils.h
@@ -11,6 +11,7 @@ Date: September 2021
#ifndef CPROVER_GOTO_INSTRUMENT_CONTRACTS_UTILS_H
#define CPROVER_GOTO_INSTRUMENT_CONTRACTS_UTILS_H

// clang-format off
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to add this only in this file? Our https://github.com/diffblue/cbmc/blob/develop/.clang-format doesn't handle includes properly already?

src/goto-instrument/contracts/utils.h
Comment on lines +218 to +248
else
{
throw unsupported_operation_exceptiont(
"is_local_composite_access: unexpected assignment to member of '" +
type.id_string() + "'");
}
}
else if(expr.id() == ID_if)
{
return is_local_composite_access(to_if_expr(expr).true_case()) &&
is_local_composite_access(to_if_expr(expr).false_case());
}
else if(expr.id() == ID_typecast)
{
return is_local_composite_access(to_typecast_expr(expr).op());
}
else if(
expr.id() == ID_byte_extract_little_endian ||
expr.id() == ID_byte_extract_big_endian)
{
return is_local_composite_access(to_byte_extract_expr(expr).op());
}
else if(expr.id() == ID_complex_real)
{
return is_local_composite_access(to_complex_real_expr(expr).op());
}
else if(expr.id() == ID_complex_imag)
{
return is_local_composite_access(to_complex_imag_expr(expr).op());
}
else
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we not express this cases using regression tests?

@feliperodri feliperodri added the Code Contracts Function and loop contracts label Apr 22, 2022
CONTRACTS: handle locals with composite types
d0b5fb4 
Detect and skip checking assignments to members of local
symbols that have composite types.

Added debug output prints about tracked locations, detected local
statics, checked or skipped assignments.
@remi-delmas-3000 remi-delmas-3000 force-pushed the assigns-clause-local-arrays branch from 632828a to d0b5fb4 Compare April 22, 2022 17:30
@feliperodri feliperodri merged commit 65c42a3 into diffblue:develop Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@feliperodri feliperodri feliperodri approved these changes

@SaswatPadhi SaswatPadhi Awaiting requested review from SaswatPadhi

Assignees

@remi-delmas-3000 remi-delmas-3000

Labels
aws Bugs or features of importance to AWS CBMC users aws-high Code Contracts Function and loop contracts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@remi-delmas-3000 @tautschnig @feliperodri @jimgrundy