Skip to content

Witness invariants for arrays and principled handling of unknown indices #1045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
May 18, 2023
Merged

Witness invariants for arrays and principled handling of unknown indices #1045

merged 13 commits into from
May 18, 2023

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented May 12, 2023

Closes #1044.

Turns out all_array_index_exp was a misnomer and that has bit us in the past:

analyzer/src/cdomains/arrayDomain.ml

Lines 428 to 433 in 997f9ae

if i = Some MyCFG.all_array_index_exp then
(assert !Goblintutil.global_initialization; (* just joining with xm here assumes that all values will be set, which is guaranteed during inits *)
(* the join is needed here! see e.g 30/04 *)
let o = match x with Partitioned (_, (_, xm, _)) -> xm | Joint v -> v in
let r = Val.join o a in
Joint r)

That is because exp.fast_global_inits converts

int g[10] = {1, 2, 3};

into

g[all_array_index_exp] = 1;
g[all_array_index_exp] = 2;
g[all_array_index_exp] = 3;

But it doesn't actually mean assigning to all indices, but rather assigning to some indices. Thus the weak update with join.

For the Goblint-specific array invariants, we actually want all indices and thus a strong update. Soundness of unassume is still ensured by a final join of the environments, but when unassuming g[all_index] >= 0 && g[all_index] <= 3 we don't want the two subinvariants to be joined, rather acting as refinements which allow complete overwriting.

Thus this introduces any_index_exp, which is used for exp.fast_global_inits and all kinds of unknown_exp or "unknown" indices, to make everything consistent. And all_index_exp, which is used for array invariants.

@sim642 sim642 added cleanup Refactoring, clean-up feature sv-comp SV-COMP (analyses, results), witnesses labels May 12, 2023
@sim642 sim642 requested a review from michael-schwarz May 12, 2023 08:45
@sim642 sim642 added this to the v2.2.0 milestone May 18, 2023
@sim642 sim642 merged commit a94ac7f into master May 18, 2023
@sim642 sim642 deleted the array-witness-invariant branch May 18, 2023 09:18
@sim642 sim642 mentioned this pull request Sep 13, 2023
Closed
sim642 added a commit to sim642/opam-repository that referenced this pull request Sep 13, 2023
@sim642
[new release] goblint (2.2.0)
eb80bce 
CHANGES:

* Add `setjmp`/`longjmp` analysis (goblint/analyzer#887, goblint/analyzer#970, goblint/analyzer#1015, goblint/analyzer#1019).
* Refactor race analysis to lazy distribution (goblint/analyzer#1084, goblint/analyzer#1089, goblint/analyzer#1136, goblint/analyzer#1016).
* Add thread-unsafe library function call analysis (goblint/analyzer#723, goblint/analyzer#1082).
* Add mutex type analysis and mutex API analysis (goblint/analyzer#800, goblint/analyzer#839, goblint/analyzer#1073).
* Add interval set domain and string literals domain (goblint/analyzer#901, goblint/analyzer#966, goblint/analyzer#994, goblint/analyzer#1048).
* Add affine equalities analysis (goblint/analyzer#592).
* Add use-after-free analysis (goblint/analyzer#1050, goblint/analyzer#1114).
* Add dead code elimination transformation (goblint/analyzer#850, goblint/analyzer#979).
* Add taint analysis for partial contexts (goblint/analyzer#553, goblint/analyzer#952).
* Add YAML witness validation via unassume (goblint/analyzer#796, goblint/analyzer#977, goblint/analyzer#1044, goblint/analyzer#1045, goblint/analyzer#1124).
* Add incremental analysis rename detection (goblint/analyzer#774, goblint/analyzer#777).
* Fix address sets unsoundness (goblint/analyzer#822, goblint/analyzer#967, goblint/analyzer#564, goblint/analyzer#1032, goblint/analyzer#998, goblint/analyzer#1031).
* Fix thread escape analysis unsoundness (goblint/analyzer#939, goblint/analyzer#984, goblint/analyzer#1074, goblint/analyzer#1078).
* Fix many incremental analysis issues (goblint/analyzer#627, goblint/analyzer#836, goblint/analyzer#835, goblint/analyzer#841, goblint/analyzer#932, goblint/analyzer#678, goblint/analyzer#942, goblint/analyzer#949, goblint/analyzer#950, goblint/analyzer#957, goblint/analyzer#955, goblint/analyzer#954, goblint/analyzer#960, goblint/analyzer#959, goblint/analyzer#1004, goblint/analyzer#558, goblint/analyzer#1010, goblint/analyzer#1091).
* Fix server mode for abstract debugging (goblint/analyzer#983, goblint/analyzer#990, goblint/analyzer#997, goblint/analyzer#1000, goblint/analyzer#1001, goblint/analyzer#1013, goblint/analyzer#1018, goblint/analyzer#1017, goblint/analyzer#1026, goblint/analyzer#1027).
* Add documentation for configuration JSON schema and OCaml API (goblint/analyzer#999, goblint/analyzer#1054, goblint/analyzer#1055, goblint/analyzer#1053).
* Add many library function specifications (goblint/analyzer#962, goblint/analyzer#996, goblint/analyzer#1028, goblint/analyzer#1079, goblint/analyzer#1121, goblint/analyzer#1135, goblint/analyzer#1138).
* Add OCaml 5.0 support (goblint/analyzer#1003, goblint/analyzer#945, goblint/analyzer#1162).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerhard jerhard jerhard approved these changes

@michael-schwarz michael-schwarz Awaiting requested review from michael-schwarz

Assignees

No one assigned

Labels

cleanup Refactoring, clean-up feature sv-comp SV-COMP (analyses, results), witnesses

Projects

None yet

Milestone

v2.2.0

Development

Successfully merging this pull request may close these issues.

Witness invariants for trivial arrays with all_array_index_exp

3 participants

@sim642 @jerhard