Skip to content

VSD pointer arithmetic, differencing, and comparisons #5678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Aug 3, 2021
Merged

VSD pointer arithmetic, differencing, and comparisons #5678

merged 24 commits into from
Aug 3, 2021

Conversation

jezhiggins
Copy link
Contributor

@jezhiggins jezhiggins commented Dec 19, 2020
edited
Loading

Pointer arithmetic fixes

  • Evaluates (p - q) correctly, when p and q point to the same base object
  • Pointer manipulation evaluates correctly when the result points to the base object. eg
int* p = array;
++p;
--p;
assert (p == array);

Assertion is now SUCCESS, when previously it was UNKNOWN.

A pointer difference or comparison expression is slightly unusual - the type of the expression is a number (or boolean), but the two operands are pointer types. Generally, the expression type is the same as the first operand (if not all of them). Because of this type mismatch, the abstract environment was dispatching the expression to the wrong abstract type for evaluation, so the result was TOP and therefore unhelpful.

The changes to evaluate pointer differences are small - an additional case in abstract_environmentt::eval to pick up a pointer difference and dispatch it to abstract_pointer_object, and then the corresponding changes in abstract_pointer_object to calculate the difference.

Pointer comparisons are a little more involved. Again, we have an additional case in abstract_environmentt::eval to dispatch the expression to abstract_pointer_object. If the two pointers point to the same base object we can rewrite the comparison in terms of the pointer offset and evaluate that. If the two pointers point to different objects, we can evaluate == and !=, but other comparisons go top.

@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch 2 times, most recently from 314828d to fdea979 Compare December 19, 2020 15:23
@codecov
Copy link

codecov bot commented Dec 19, 2020
edited
Loading

Codecov Report

Merging #5678 (4844d22) into develop (3a2de48) will increase coverage by 0.00%.
The diff coverage is 87.72%.

Impacted file tree graph

@@            Coverage Diff            @@
##           develop    #5678    +/-   ##
=========================================
  Coverage    76.16%   76.17%            
=========================================
  Files         1484     1484            
  Lines       162164   162317   +153     
=========================================
+ Hits        123516   123646   +130     
- Misses       38648    38671    +23
Impacted Files Coverage Δ
...alyses/variable-sensitivity/abstract_environment.h 100.00% <ø> (ø)
...ses/variable-sensitivity/abstract_pointer_object.h 0.00% <ø> (ø)
...ble-sensitivity/constant_pointer_abstract_object.h 100.00% <ø> (ø)
...s/variable-sensitivity/context_abstract_object.cpp 64.00% <ø> (ø)
...le-sensitivity/value_set_pointer_abstract_object.h 100.00% <ø> (ø)
src/analyses/variable-sensitivity/write_stack.h 0.00% <ø> (ø)
...-sensitivity/two_value_pointer_abstract_object.cpp 74.07% <74.07%> (ø)
src/analyses/variable-sensitivity/write_stack.cpp 87.00% <76.92%> (-1.51%) ⬇️
...s/variable-sensitivity/abstract_pointer_object.cpp 82.97% <83.33%> (-0.36%) ⬇️
...e-sensitivity/constant_pointer_abstract_object.cpp 83.70% <86.51%> (-0.56%) ⬇️
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 932d41d...4844d22. Read the comment docs.

@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch 5 times, most recently from 0fac00e to c844d94 Compare December 20, 2020 13:20
@jezhiggins
Copy link
Contributor Author

Build Xen with CPROVER tools / CompileXen (pull_request) is failing for unrelated reasons.

Fetched 6178 kB in 1s (5261 kB/s)
E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.27-3ubuntu1.3_amd64.deb  404  Not Found [IP: 52.147.219.192 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

@jezhiggins jezhiggins changed the title Vsd pointer arithmetic VSD pointer arithmetic and differencing Dec 20, 2020
@jezhiggins jezhiggins marked this pull request as ready for review December 20, 2020 15:46
martin-cs
martin-cs requested changes Jan 4, 2021
View reviewed changes
Copy link
Collaborator

@martin-cs martin-cs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like what this is doing, there are a few places where I feel how it is doing it could be better. I suspect "better" here means deeper and more intrusive changes to the write_stack parts and constant_pointer_abstract_objectt which are only obviously "better" when taking into account a load of other things so why don't we have a chat and see what can be done?

regression/goto-analyzer/pointer-difference-after-decrements/main.c
offset = (q - p);
assert(offset == 0);
assert(q == p);
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice test!

src/analyses/variable-sensitivity/pointer_abstract_object.h Outdated
@@ -97,6 +97,15 @@ class pointer_abstract_objectt : public abstract_objectt
protected:
CLONE

virtual bool same_target(abstract_object_pointert other) const
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not entirely opposed to adding to the interface for pointers if it is necessary. However there is a general move towards making the interface of abstract_objectt and children more uniform so I wonder if there is another way.

@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch 10 times, most recently from d93594a to 5fedaf1 Compare March 9, 2021 16:26
@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch from 5fedaf1 to e092e9f Compare July 27, 2021 10:00
jezhiggins added 12 commits August 2, 2021 10:37
@jezhiggins
Pointer differencing and arithmetic tests
13b8806
@jezhiggins
Don't simplify (T*)p+a when a is a number.
503d932 
If a pointer addition simplifies to p+a, if we continue to simplify we
risk incorrectly eliminating zeros from the expression, erroneously
going to TOP when we would otherwise have a correct pointer to the base
object.
@jezhiggins
Add switch to make pointer simplication changes VSD only
43c33de
@jezhiggins
Remove ptr_diff_exprt
3e0769f 
Detect case by checking expr has ID_minus and the operands are both
pointers
@jezhiggins
Pulled functions out of abstract_pointer_object::expression_transform
e5bac98
@jezhiggins
Additional pointer comparison regression test
efa56d2
@jezhiggins
Clarifying helper functions in abstract_environment::eval
269ce89
@jezhiggins
Dispatch pointer comparisons to abstract_pointer_object
c09c8a7
@jezhiggins
Evaluate pointer comparisons, when both pointers have same target
39ce19b
@jezhiggins
Move behaviour out of abstract_pointer_object
019ddcc 
It implements some of what should be two_value_pointer_abstract_object,
so moved that out.
@jezhiggins
Make abstract_pointer_object::ptr_comparison_expr pure virtual.
3682292 
Representation specific implementations in derived classes.
value_set_pointer currently a stub.
@jezhiggins
pointer comparisons for value-set of pointers
47db3c8
@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch 2 times, most recently from 483f564 to 11880d1 Compare August 2, 2021 10:00
@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch from 11880d1 to 6f2f117 Compare August 2, 2021 10:05
@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch 4 times, most recently from 617a5b5 to 908e599 Compare August 2, 2021 14:19
@jezhiggins
Unwind vsd customisation from simply_exprt.
4844d22 
We can pick up the special case for pointer addition in
abstract_object::expression_transform.
@jezhiggins jezhiggins force-pushed the vsd-pointer-arithmetic branch from 908e599 to 4844d22 Compare August 3, 2021 09:32
martin-cs
martin-cs approved these changes Aug 3, 2021
View reviewed changes
Copy link
Collaborator

@martin-cs martin-cs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for removing the changes to util/ I think it is a better PR for the extra passes.

@martin-cs martin-cs merged commit e6f6970 into diffblue:develop Aug 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-cs martin-cs martin-cs approved these changes

@chrisr-diffblue chrisr-diffblue Awaiting requested review from chrisr-diffblue

@kroening kroening Awaiting requested review from kroening

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

@smowton smowton Awaiting requested review from smowton

@tautschnig tautschnig Awaiting requested review from tautschnig

Assignees

@jezhiggins jezhiggins

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jezhiggins @martin-cs