Skip to content

Pass Escaped Locals to Callee as They Need to Be Considered Globals #779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michael-schwarz merged 5 commits into from
Jul 12, 2022
Merged

Pass Escaped Locals to Callee as They Need to Be Considered Globals #779

michael-schwarz merged 5 commits into from
Jul 12, 2022

Conversation

@michael-schwarz
Copy link
Member

@michael-schwarz michael-schwarz commented Jul 12, 2022
edited
Loading

Currently, escaped locals (pointer was saved into globals) are not correctly passed to callees, as enter filters via Basetype.Variables.is_global k instead of is_global (Analyses.ask_of_ctx ctx) k.

Looking up the corresponding value in the local state then leads to bot, which is ignored when merging over all possible addresses that a pointer may point to.

Minimal example:

#include <assert.h>
int* ptr;
int nine = 9;

int other() {
    assert(*ptr == 8); //UNKNOWN!
}

int main()
{
    int g = 8;
    int top;

    if(top) {
        ptr = &g;
    } else {
        ptr = &nine;
    }

    other();
}

TODO: Investigate if this fixes the unsoundnesses for SV-Comp.

@michael-schwarz michael-schwarz added this to the SV-COMP 2023 milestone Jul 12, 2022
@michael-schwarz michael-schwarz requested a review from sim642 July 12, 2022 06:47
@michael-schwarz michael-schwarz linked an issue Jul 12, 2022 that may be closed by this pull request
Values of escaped globals unsoundly not passed to callee #755
Closed
sim642
sim642 approved these changes Jul 12, 2022
View reviewed changes
Copy link
Member

@sim642 sim642 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! I had forgotten that the escaping into globals applies to singlethreaded mode as well. Although the module name is still ThreadEscape and its top comment also just mentions escaping to threads. Maybe we should bring that up to date.

@michael-schwarz michael-schwarz requested a review from sim642 July 12, 2022 11:57
@michael-schwarz michael-schwarz merged commit eb265b0 into master Jul 12, 2022
@michael-schwarz michael-schwarz deleted the issue_755 branch July 12, 2022 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sim642 sim642 sim642 approved these changes

Assignees

No one assigned

Labels

unsound

Projects

None yet

Milestone

SV-COMP 2023

Development

Successfully merging this pull request may close these issues.

Values of escaped globals unsoundly not passed to callee

2 participants

@michael-schwarz @sim642