Merge pull request #54 from goblint/setjmp

Add setjmp benchmarks

Author: michael-schwarz

.gitignore

@@ -21,3 +21,5 @@ increment/
 result/
 cfgs/
 .goblint/
+*.prec
+

setjmp/README.md

@@ -0,0 +1,85 @@
+# Long Jumps Falling Short - Control-Flow Tracking & Misuse Detection for Non-Local Jumps in C
+
+This page gives additional information on the experiments & implementation
+that accompanies our manuscript.
+
+# Basic Setup
+
+On top of this repository, the Goblint Static Analyzer is needed.
+The relevant tag is this one: https://github.com/goblint/analyzer/tree/v2.1.0-longjmp
+
+Please follow the installation guide given in https://github.com/goblint/analyzer/tree/v2.1.0-longjmp#readme
+
+# Small Litmus Tests
+## General
+
+The set of 40-ish small examples is integrated into the set of regression tests for the Goblint.
+To run all regression tests, one may simply (in the analyzer directory) call
+
+~~~console
+make test
+~~~
+
+In order to run one specific example, one may run
+
+~~~console
+./regtest.sh 68 NN
+~~~
+
+where `NN` is the number at the beginning of the testcase in folder `tests/regression/68-longjmp/NN-one.c`.
+One may then inspect a visual representation of the results by serving the
+`result` directory and accessing it via a browser. For details, refer to https://goblint.readthedocs.io/en/latest/user-guide/inspecting/.
+The runtime for all these litmus tests is negligible.
+
+## Abstract Stack Unwinding
+
+We would like to particularly point out test `68/22` that demonstrates the need for abstract stack unwinding:
+ - `main` calls `setjmp`
+ - A pointer to `val` is passed to `fun` which sets `val` to `1`.
+ - `fun` then calls `foo`. `foo` is not passed a pointer to `val`, and thus `val` does not appear in its local state.
+ - `foo` causes a `longjmp` back to `main`
+
+Here, in order to account for the modification of `val`, it is necessary to pass values up the callstack, and calling $\textsf{combine}^\sharp$ while unwinding the stack.
+
+# `Libpng` example
+
+## Current Version
+
+We have used Goblint's support for compilation DBs and the merger that comes with CIL to produce a single program, making it easier to run these tests.
+
+This program can be found inside the libpng folder.
+
+To run the program, execute from within this folder/
+
+~~~console
+../path/to/analyzer/repo/goblint pngtest_combined.c  --conf config.json &> pngtest_out.log
+~~~
+
+Such a run takes about 55min and 26GB of RAM.
+
+Among other warnings about internal issues of the analyzer related to precision loss, six warnings related to the usage of
+setjmp/longjmp are produced.
+
+- The warnings that we believe to be indicative of a real bug are the two warnings `[Warning][Behavior > Undefined > Other] Reading poisonous variable row_buf`.
+- The three warnings about longjmps leading to potentially invalid targets start with `[Warning][Behavior > Undefined > Other] Longjmp to potentially invalid target [...]` or `[Warning][Imprecise] Longjmp to potentially invalid target [...]`.
+- The warning about jumping to a jump buffer that may receive its value by copying memory is `[Warning][Behavior > Undefined > Other] The jump buffer *(png_ptr->jmp_buf_ptr) contains values that were copied here instead of being set by setjmp. This is Undefined Behavior.`.
+
+## Bug Injection
+
+We have also injected a bug akin to the one in ImageMagick described in
+[this blog post](https://patrakov.blogspot.com/2009/07/dangers-of-setjmplongjmp.html).
+The corresponding program is also in the libpng folder (`pngtest_seeded_bug.c`).
+To understand the way in which the bug was introduced, it may be helpful to use a diff tool and compare
+`pngtest_combined.c` and `pngtest_seeded_bug.c`.
+
+Goblint can be run on it in the same way as the unmodified program.
+
+The inserted bug is that the variable `png_pixels` is accessed when it has indeterminate value.
+This is reflected in the extra warnings `[Warning][Unknown] accessing poisonous variable png_pixels`.
+
+
+
+# Helpful Links
+
+- https://goblint.readthedocs.io/
+- https://goblint.in.tum.de/

setjmp/libpng/LICENSE

@@ -0,0 +1,134 @@
+COPYRIGHT NOTICE, DISCLAIMER, and LICENSE
+=========================================
+
+PNG Reference Library License version 2
+---------------------------------------
+
+ * Copyright (c) 1995-2022 The PNG Reference Library Authors.
+ * Copyright (c) 2018-2022 Cosmin Truta.
+ * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson.
+ * Copyright (c) 1996-1997 Andreas Dilger.
+ * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
+
+The software is supplied "as is", without warranty of any kind,
+express or implied, including, without limitation, the warranties
+of merchantability, fitness for a particular purpose, title, and
+non-infringement.  In no event shall the Copyright owners, or
+anyone distributing the software, be liable for any damages or
+other liability, whether in contract, tort or otherwise, arising
+from, out of, or in connection with the software, or the use or
+other dealings in the software, even if advised of the possibility
+of such damage.
+
+Permission is hereby granted to use, copy, modify, and distribute
+this software, or portions hereof, for any purpose, without fee,
+subject to the following restrictions:
+
+ 1. The origin of this software must not be misrepresented; you
+    must not claim that you wrote the original software.  If you
+    use this software in a product, an acknowledgment in the product
+    documentation would be appreciated, but is not required.
+
+ 2. Altered source versions must be plainly marked as such, and must
+    not be misrepresented as being the original software.
+
+ 3. This Copyright notice may not be removed or altered from any
+    source or altered source distribution.
+
+
+PNG Reference Library License version 1 (for libpng 0.5 through 1.6.35)
+-----------------------------------------------------------------------
+
+libpng versions 1.0.7, July 1, 2000, through 1.6.35, July 15, 2018 are
+Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson, are
+derived from libpng-1.0.6, and are distributed according to the same
+disclaimer and license as libpng-1.0.6 with the following individuals
+added to the list of Contributing Authors:
+
+    Simon-Pierre Cadieux
+    Eric S. Raymond
+    Mans Rullgard
+    Cosmin Truta
+    Gilles Vollant
+    James Yu
+    Mandar Sahastrabuddhe
+    Google Inc.
+    Vadim Barkov
+
+and with the following additions to the disclaimer:
+
+    There is no warranty against interference with your enjoyment of
+    the library or against infringement.  There is no warranty that our
+    efforts or the library will fulfill any of your particular purposes
+    or needs.  This library is provided with all faults, and the entire
+    risk of satisfactory quality, performance, accuracy, and effort is
+    with the user.
+
+Some files in the "contrib" directory and some configure-generated
+files that are distributed with libpng have other copyright owners, and
+are released under other open source licenses.
+
+libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are
+Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from
+libpng-0.96, and are distributed according to the same disclaimer and
+license as libpng-0.96, with the following individuals added to the
+list of Contributing Authors:
+
+    Tom Lane
+    Glenn Randers-Pehrson
+    Willem van Schaik
+
+libpng versions 0.89, June 1996, through 0.96, May 1997, are
+Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88,
+and are distributed according to the same disclaimer and license as
+libpng-0.88, with the following individuals added to the list of
+Contributing Authors:
+
+    John Bowler
+    Kevin Bracey
+    Sam Bushell
+    Magnus Holmgren
+    Greg Roelofs
+    Tom Tanner
+
+Some files in the "scripts" directory have other copyright owners,
+but are released under this license.
+
+libpng versions 0.5, May 1995, through 0.88, January 1996, are
+Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
+
+For the purposes of this copyright and license, "Contributing Authors"
+is defined as the following set of individuals:
+
+    Andreas Dilger
+    Dave Martindale
+    Guy Eric Schalnat
+    Paul Schmidt
+    Tim Wegner
+
+The PNG Reference Library is supplied "AS IS".  The Contributing
+Authors and Group 42, Inc. disclaim all warranties, expressed or
+implied, including, without limitation, the warranties of
+merchantability and of fitness for any purpose.  The Contributing
+Authors and Group 42, Inc. assume no liability for direct, indirect,
+incidental, special, exemplary, or consequential damages, which may
+result from the use of the PNG Reference Library, even if advised of
+the possibility of such damage.
+
+Permission is hereby granted to use, copy, modify, and distribute this
+source code, or portions hereof, for any purpose, without fee, subject
+to the following restrictions:
+
+ 1. The origin of this source code must not be misrepresented.
+
+ 2. Altered versions must be plainly marked as such and must not
+    be misrepresented as being the original source.
+
+ 3. This Copyright notice may not be removed or altered from any
+    source or altered source distribution.
+
+The Contributing Authors and Group 42, Inc. specifically permit,
+without fee, and encourage the use of this source code as a component
+to supporting the PNG file format in commercial products.  If you use
+this source code in a product, acknowledgment is not required but would
+be appreciated.

setjmp/libpng/config.json

@@ -0,0 +1,40 @@
+{
+    "ana" : {
+        "base" : {
+            "context" : {
+                "non-ptr" : false
+            }
+        },
+        "malloc" : {
+            "wrappers" : ["png_malloc","png_malloc_warn","png_malloc_default",
+                "png_malloc_base","png_malloc_array","png_malloc_array_checked",
+                "png_calloc","png_zalloc","png_create_png_struct"],
+            "unique_address_count" : 1
+        },
+        "dead-code" :{
+            "branches" : false
+        }
+    },
+    "sem": {
+        "unknown_function" : {
+            "spawn" : false,
+            "invalidate" : {
+                "globals" : false,
+                "args" : false
+            }
+        }
+    },
+    "dbg" : {
+        "timing" : {
+            "enabled" : true
+        }
+    },
+    "exp" : {
+        "volatiles_are_top" : false
+    },
+    "warn" : {
+        "info" : false,
+        "imprecise" : true,
+        "behavior" : true
+    }
+}