use __CPROVER_r/w_ok in string.c library

Daniel Kroening · Daniel Kroening · commit b07710aa6f31 · 2018-07-27T13:22:05.000+01:00
diff --git a/regression/cbmc/memcpy1/test.desc b/regression/cbmc/memcpy1/test.desc
@@ -4,7 +4,7 @@ main.c
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
-\[(__builtin___memcpy_chk|memcpy)\.pointer_dereference\.16\] dereference failure: pointer outside object bounds in \*\(\(\(const char \*\)src \+ \(signed (long (long )?)?int\)n\) - (\(signed long (long )?int\))?1\): FAILURE$
-\*\* 1 of 17 failed
+\[main\.precondition_instance\..*\] memcpy source region readable: FAILURE$
+\*\* 1 of .* failed
 --
 ^warning: ignoring
diff --git a/regression/cbmc/memset1/test.desc b/regression/cbmc/memset1/test.desc
@@ -4,7 +4,7 @@ main.c
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
-\[main.assertion.7\] assertion A\[1\]==0x01010111: FAILURE
-\*\* 1 of 12 failed 
+^\[main.assertion.7\] assertion A\[1\]==0x01010111: FAILURE$
+\*\* 1 of .* failed
 --
 ^warning: ignoring
diff --git a/regression/cbmc/memset3/test.desc b/regression/cbmc/memset3/test.desc
@@ -4,7 +4,7 @@ main.c
 ^EXIT=10$
 ^SIGNAL=0$
 ^VERIFICATION FAILED$
-\[.*] dereference failure: pointer outside dynamic object bounds in .*: FAILURE
-\*\* 2 of .* failed \(.*\)
+^\[main\.precondition_instance\..*] memset destination region writeable: FAILURE$
+\*\* 1 of .* failed \(.*\)
 --
 ^warning: ignoring
diff --git a/src/ansi-c/library/string.c b/src/ansi-c/library/string.c
@@ -597,13 +597,13 @@ void *memcpy(void *dst, const void *src, size_t n)
   __CPROVER_precondition(__CPROVER_POINTER_OBJECT(dst)!=
                          __CPROVER_POINTER_OBJECT(src),
                          "memcpy src/dst overlap");
+  __CPROVER_precondition(__CPROVER_r_ok(src, n),
+                         "memcpy source region readable");
+  __CPROVER_precondition(__CPROVER_w_ok(dst, n),
+                         "memcpy destination region writeable");
 
   if(n > 0)
   {
-    (void)*(char *)dst; // check that the memory is accessible
-    (void)*(const char *)src; // check that the memory is accessible
-    (void)*(((char *)dst) + n - 1);       // check that the memory is accessible
-    (void)*(((const char *)src) + n - 1); // check that the memory is accessible
     //for(__CPROVER_size_t i=0; i<n ; i++) ((char *)dst)[i]=((const char *)src)[i];
     char src_n[n];
     __CPROVER_array_copy(src_n, (char *)src);
@@ -639,14 +639,14 @@ void *__builtin___memcpy_chk(void *dst, const void *src, __CPROVER_size_t n, __C
   __CPROVER_precondition(__CPROVER_POINTER_OBJECT(dst)!=
                          __CPROVER_POINTER_OBJECT(src),
                          "memcpy src/dst overlap");
+  __CPROVER_precondition(__CPROVER_r_ok(src, n),
+                         "memcpy source region readable");
+  __CPROVER_precondition(__CPROVER_w_ok(dst, n),
+                         "memcpy destination region writeable");
   (void)size;
 
   if(n > 0)
   {
-    (void)*(char *)dst; // check that the memory is accessible
-    (void)*(const char *)src; // check that the memory is accessible
-    (void)*(((char *)dst) + n - 1);       // check that the memory is accessible
-    (void)*(((const char *)src) + n - 1); // check that the memory is accessible
     //for(__CPROVER_size_t i=0; i<n ; i++) ((char *)dst)[i]=((const char *)src)[i];
     char src_n[n];
     __CPROVER_array_copy(src_n, (char *)src);
@@ -685,11 +685,11 @@ void *memset(void *s, int c, size_t n)
   else
     __CPROVER_is_zero_string(s)=0;
   #else
+  __CPROVER_precondition(__CPROVER_w_ok(s, n),
+                         "memset destination region writeable");
 
   if(n > 0)
   {
-    (void)*(char *)s; // check that the memory is accessible
-    (void)*(((char *)s) + n - 1); // check that the memory is accessible
     //char *sp=s;
     //for(__CPROVER_size_t i=0; i<n ; i++) sp[i]=c;
     unsigned char s_n[n];
@@ -724,11 +724,11 @@ void *__builtin_memset(void *s, int c, __CPROVER_size_t n)
     __CPROVER_is_zero_string(s)=0;
   }
   #else
+  __CPROVER_precondition(__CPROVER_w_ok(s, n),
+                         "memset destination region writeable");
 
   if(n > 0)
   {
-    (void)*(char *)s; // check that the memory is accessible
-    (void)*(((char *)s) + n - 1); // check that the memory is accessible
     //char *sp=s;
     //for(__CPROVER_size_t i=0; i<n ; i++) sp[i]=c;
     unsigned char s_n[n];
@@ -763,12 +763,12 @@ void *__builtin___memset_chk(void *s, int c, __CPROVER_size_t n, __CPROVER_size_
   else
     __CPROVER_is_zero_string(s)=0;
   #else
+  __CPROVER_precondition(__CPROVER_w_ok(s, n),
+                         "memset destination region writeable");
   (void)size;
 
   if(n > 0)
   {
-    (void)*(char *)s; // check that the memory is accessible
-    (void)*(((char *)s) + n - 1); // check that the memory is accessible
     //char *sp=s;
     //for(__CPROVER_size_t i=0; i<n ; i++) sp[i]=c;
     unsigned char s_n[n];
@@ -804,13 +804,13 @@ void *memmove(void *dest, const void *src, size_t n)
   else
     __CPROVER_is_zero_string(dest)=0;
   #else
+  __CPROVER_precondition(__CPROVER_r_ok(src, n),
+                         "memmove source region readable");
+  __CPROVER_precondition(__CPROVER_w_ok(dest, n),
+                         "memmove destination region writeable");
 
   if(n > 0)
   {
-    (void)*(char *)dest; // check that the memory is accessible
-    (void)*(const char *)src;  // check that the memory is accessible
-    (void)*(((char *)dest) + n - 1);      // check that the memory is accessible
-    (void)*(((const char *)src) + n - 1); // check that the memory is accessible
     char src_n[n];
     __CPROVER_array_copy(src_n, (char *)src);
     __CPROVER_array_replace((char *)dest, src_n);
@@ -848,14 +848,14 @@ void *__builtin___memmove_chk(void *dest, const void *src, size_t n, __CPROVER_s
     __CPROVER_is_zero_string(dest)=0;
   }
   #else
+  __CPROVER_precondition(__CPROVER_r_ok(src, n),
+                         "memmove source region readable");
+  __CPROVER_precondition(__CPROVER_w_ok(dest, n),
+                         "memmove destination region writeable");
   (void)size;
 
   if(n > 0)
   {
-    (void)*(char *)dest; // check that the memory is accessible
-    (void)*(const char *)src;  // check that the memory is accessible
-    (void)*(((char *)dest) + n - 1);      // check that the memory is accessible
-    (void)*(((const char *)src) + n - 1); // check that the memory is accessible
     char src_n[n];
     __CPROVER_array_copy(src_n, (char *)src);
     __CPROVER_array_replace((char *)dest, src_n);
@@ -883,6 +883,11 @@ inline int memcmp(const void *s1, const void *s2, size_t n)
   __CPROVER_precondition(__CPROVER_buffer_size(s2)>=n,
                          "memcmp buffer overflow of 2nd argument");
   #else
+  __CPROVER_precondition(__CPROVER_r_ok(s1, n),
+                         "memcmp region 1 readable");
+  __CPROVER_precondition(__CPROVER_r_ok(s2, n),
+                         "memcpy region 2 readable");
+
   const unsigned char *sc1=s1, *sc2=s2;
   for(; n!=0; n--)
   {
