Skip to content

Remove duplicate binop handling from memOutOfBounds#2066

Open
sim642 wants to merge 4 commits into
masterfrom
memOutOfBounds-binop
Open

Remove duplicate binop handling from memOutOfBounds#2066
sim642 wants to merge 4 commits into
masterfrom
memOutOfBounds-binop

Conversation

@sim642

@sim642 sim642 commented Jun 25, 2026

Copy link
Copy Markdown
Member

After inspecting the dashboard checks, turns out this also fixes a soundness issue. The previous handling for Mem strangely only covered dereferencing of variables and binops but nothing else.
The extracted tests contain dereferences of other expressions like *(unsigned char *) s and *--(*s0) (this one is wild!).

I think some redundancy/incorrectness might still remain: Mem does two different bounds checks, one doesn't account for offsets of the Mem, the other doesn't account for offsets of the address under Mem. I suspect these should be one combined check to be tried out in a future PR.

@sim642 sim642 added this to the SV-COMP 2027 milestone Jun 25, 2026
@sim642 sim642 self-assigned this Jun 25, 2026
@sim642 sim642 added cleanup Refactoring, clean-up sv-comp SV-COMP (analyses, results), witnesses labels Jun 25, 2026
@sim642 sim642 force-pushed the memOutOfBounds-binop branch from f6dce37 to af1e6a1 Compare June 25, 2026 13:59
@sim642

sim642 commented Jun 26, 2026

Copy link
Copy Markdown
Member Author

This makes no difference to SV-COMP valid-memsafety verdicts but it does slightly change the dashboard checks:

Before\After Warning Error Safe Unreached
Warning 5843 0 0 0
Error 3 68 0 0
Safe 15 0 17346 0
Unreached 0 0 0 0

I'll look into the cases which change from safe/error into warnings.

@sim642 sim642 removed their assignment Jun 26, 2026
@sim642 sim642 marked this pull request as ready for review June 26, 2026 15:04
Copilot AI review requested due to automatic review settings June 26, 2026 15:04

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cleanup Refactoring, clean-up sv-comp SV-COMP (analyses, results), witnesses unsound

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants