[RFC] Two new failing tests demonstrating updates outside member bounds

[tautschnig]

These examples write to a member different from the access path being
used, yet within the object bounds.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #6101 (b980f1f) into develop (4c14789) will decrease coverage by 0.20%.
The diff coverage is 57.50%.

@@             Coverage Diff             @@
##           develop    #6101      +/-   ##
===========================================
- Coverage    74.52%   74.32%   -0.21%     
===========================================
  Files         1447     1447              
  Lines       157808   157913     +105     
===========================================
- Hits        117610   117370     -240     
- Misses       40198    40543     +345     

Impacted Files	Coverage Δ
src/goto-symex/symex_config.h	100.00% <ø> (ø)
src/goto-symex/symex_assign.cpp	65.17% <47.95%> (-14.37%)	⬇️
src/cbmc/cbmc_parse_options.cpp	77.27% <100.00%> (+0.09%)	⬆️
src/goto-symex/symex_main.cpp	86.04% <100.00%> (+0.03%)	⬆️
src/solvers/flattening/boolbv_index.cpp	89.72% <100.00%> (+10.77%)	⬆️
src/solvers/lowering/byte_operators.cpp	92.13% <100.00%> (+0.34%)	⬆️
src/util/cmdline.cpp	69.94% <0.00%> (-25.44%)	⬇️
src/ansi-c/c_typecheck_base.cpp	55.92% <0.00%> (-22.32%)	⬇️
src/ansi-c/scanner.l	40.45% <0.00%> (-21.28%)	⬇️
src/ansi-c/literals/convert_character_literal.cpp	53.84% <0.00%> (-17.95%)	⬇️
... and 21 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f30441...b980f1f. Read the comment docs.

[tautschnig]

I'm marking this RFC as I'd appreciate some thoughts about those tests. While they work perfectly fine with both gcc and clang, I'm not sure they are covered by the C standard.

[martin-cs]

I think this falls in the general area of "defining undefined behaviour". The out-of-bound write is UB so, as much as ISO 9899 has anything to say... whatever we do after is correct. I think the most important thing is that we can detect this happening. Apart from that ... emulating popular compilers is probably not a bad idea.

[martin-cs]

Pretty sure this is undefined behaviour...

[kroening]

I am afraid that "access beyond member bounds" needs to be enabled by default. It's not an uncommon idiom at all.

[tautschnig]

I am afraid that "access beyond member bounds" needs to be enabled by default. It's not an uncommon idiom at all.

I'll try to work out a fix. The proposed patch only partly addresses the problem, we'll need to disable field sensitivity when detecting such an access beyond member bounds.