Merge pull request #1932 from goblint/calloc-speculating

Fix spurious `*` overflow check in `calloc` implementation

Author: sim642

src/analyses/base.ml

@@ -2763,7 +2763,11 @@ struct
             let blob_set = Option.map_default (fun heap_var -> [heap_var, TVoid [], VD.Blob (VD.bot (), sizeval, ZeroInit.calloc)]) [] heap_var in
             set_many ~man st ((eval_lv ~man st lv, (Cilfacade.typeOfLval lv), Address addr):: blob_set)
           else
-            let blobsize = ID.mul (ID.cast_to ~kind:Internal ik @@ sizeval) (ID.cast_to ~kind:Internal ik @@ countval) in (* TODO: proper castkind *)
+            let blobsize = (* only speculative during ID.mul *)
+              (* TODO: Since C23, calloc returns NULL when this multiplication would overflow, but int domains don't return overflow information here currently; needs refactor to not produce overflow warnings inside domains *)
+              let@ () = GobRef.wrap AnalysisState.executing_speculative_computations true in
+              ID.mul (ID.cast_to ~kind:Internal ik @@ sizeval) (ID.cast_to ~kind:Internal ik @@ countval) (* TODO: proper castkind *)
+            in
             let offset = `Index (IdxDom.of_int (Cilfacade.ptrdiff_ikind ()) Z.zero, `NoOffset) in
             (* the heap_var is the base address of the allocated memory, but we need to keep track of the offset for the blob *)
             let addr_offset = AD.map (fun a -> Addr.add_offset a offset) addr in

tests/regression/39-signed-overflows/17-calloc-mult-speculating.c

@@ -0,0 +1,8 @@
+// PARAM: --enable ana.int.interval
+#include <stdlib.h>
+
+int main() {
+  size_t a, b;
+  unsigned char *randomString = (unsigned char *)calloc(a,b); // NOWARN (signed integer overflow in *)
+  return 0;
+}