From 9ee9ce7ac842fdbc61fe9b6e6e158f7dff14c4cc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 15:31:46 +0200 Subject: [PATCH 001/164] Add reach_error to library functions --- src/util/library/libraryFunctions.ml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/util/library/libraryFunctions.ml b/src/util/library/libraryFunctions.ml index 53bf804b1d..92355ca89c 100644 --- a/src/util/library/libraryFunctions.ml +++ b/src/util/library/libraryFunctions.ml @@ -1029,6 +1029,7 @@ let svcomp_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[ ("__VERIFIER_nondet_int", unknown []); (* declare invalidate actions to prevent invalidating globals when extern in regression tests *) ("__VERIFIER_nondet_size_t", unknown []); (* cannot give it in sv-comp.c without including stdlib or similar *) ("__VERIFIER_assert", special [__ "exp" []] @@ fun exp -> Assert { exp; check = true; refine = get_bool "sem.assert.refine" }); (* only used if definition missing (e.g. in evalAssert transformed output) or extraspecial *) + ("reach_error", special [] @@ Abort); (* only used if definition missing (e.g. in evalAssert transformed output) or extraspecial *) ] [@@coverage off] From 4752ddf320351654aa13e8beb831736d535a2280 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 15:32:03 +0200 Subject: [PATCH 002/164] Make some YAML witness validation messages more severe --- src/analyses/unassumeAnalysis.ml | 4 ++-- src/witness/yamlWitness.ml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/analyses/unassumeAnalysis.ml b/src/analyses/unassumeAnalysis.ml index 5895f242c9..9ec69727c0 100644 --- a/src/analyses/unassumeAnalysis.ml +++ b/src/analyses/unassumeAnalysis.ml @@ -252,13 +252,13 @@ struct | false, (LocationInvariant _ | LoopInvariant _ | PreconditionLoopInvariant _ | InvariantSet _) -> M.info_noloc ~category:Witness "disabled entry of type %s" target_type | _ -> - M.info_noloc ~category:Witness "cannot unassume entry of type %s" target_type + M.warn_noloc ~category:Witness "cannot unassume entry of type %s" target_type in List.iter (fun yaml_entry -> match YamlWitnessType.Entry.of_yaml yaml_entry with | Ok entry -> unassume_entry entry - | Error (`Msg e) -> M.info_noloc ~category:Witness "couldn't parse entry: %s" e + | Error (`Msg e) -> M.error_noloc ~category:Witness "couldn't parse entry: %s" e ) yaml_entries let emit_unassume ctx = diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index d9d39ccee1..2969997906 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -829,7 +829,7 @@ struct None | _ -> incr cnt_unsupported; - M.info_noloc ~category:Witness "cannot validate entry of type %s" target_type; + M.warn_noloc ~category:Witness "cannot validate entry of type %s" target_type; None in @@ -841,7 +841,7 @@ struct Option.to_list yaml_certificate_entry @ yaml_entry :: yaml_entries' | Error (`Msg e) -> incr cnt_error; - M.info_noloc ~category:Witness "couldn't parse entry: %s" e; + M.error_noloc ~category:Witness "couldn't parse entry: %s" e; yaml_entry :: yaml_entries' ) [] yaml_entries in From 2e22af7d31bcaaf6ca04e8337f357d2d9282aade Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 15:51:57 +0200 Subject: [PATCH 003/164] Add ghost_variable and ghost_update to YAML witness types --- src/witness/yamlWitness.ml | 19 ++++++++++ src/witness/yamlWitnessType.ml | 68 +++++++++++++++++++++++++++++++++- 2 files changed, 86 insertions(+), 1 deletion(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 2969997906..213dd26f6f 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -141,6 +141,25 @@ struct }; metadata = metadata (); } + + let ghost_variable ~task ~variable ~type_ ~(initial): Entry.t = { + entry_type = GhostVariable { + variable; + scope = "global"; + type_; + initial; + }; + metadata = metadata ~task (); + } + + let ghost_update ~task ~location ~variable ~(expression): Entry.t = { + entry_type = GhostUpdate { + variable; + expression; + location; + }; + metadata = metadata ~task (); + } end let yaml_entries_to_file yaml_entries file = diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index de9fa151d8..6412c3e7b4 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -413,6 +413,60 @@ struct let entry_type = "precondition_loop_invariant_certificate" end +module GhostVariable = +struct + type t = { + variable: string; + scope: string; + type_: string; + initial: string; + } + + let entry_type = "ghost_variable" + + let to_yaml' {variable; scope; type_; initial} = + [ + ("variable", `String variable); + ("scope", `String scope); + ("type", `String type_); + ("initial", `String initial); + ] + + let of_yaml y = + let open GobYaml in + let+ variable = y |> find "variable" >>= to_string + and+ scope = y |> find "scope" >>= to_string + and+ type_ = y |> find "type" >>= to_string + and+ initial = y |> find "initial" >>= to_string in + {variable; scope; type_; initial} +end + +module GhostUpdate = +struct + type t = { + variable: string; + expression: string; + location: Location.t; + (* TODO: branching? *) + } + + let entry_type = "ghost_update" + + let to_yaml' {variable; expression; location} = + [ + ("variable", `String variable); + ("expression", `String expression); + ("location", Location.to_yaml location); + ] + + let of_yaml y = + let open GobYaml in + let+ variable = y |> find "variable" >>= to_string + and+ expression = y |> find "expression" >>= to_string + and+ location = y |> find "location" >>= Location.of_yaml in + {variable; expression; location} +end + (* TODO: could maybe use GADT, but adds ugly existential layer to entry type pattern matching *) module EntryType = struct @@ -424,6 +478,8 @@ struct | LoopInvariantCertificate of LoopInvariantCertificate.t | PreconditionLoopInvariantCertificate of PreconditionLoopInvariantCertificate.t | InvariantSet of InvariantSet.t + | GhostVariable of GhostVariable.t + | GhostUpdate of GhostUpdate.t let entry_type = function | LocationInvariant _ -> LocationInvariant.entry_type @@ -433,6 +489,8 @@ struct | LoopInvariantCertificate _ -> LoopInvariantCertificate.entry_type | PreconditionLoopInvariantCertificate _ -> PreconditionLoopInvariantCertificate.entry_type | InvariantSet _ -> InvariantSet.entry_type + | GhostVariable _ -> GhostVariable.entry_type + | GhostUpdate _ -> GhostUpdate.entry_type let to_yaml' = function | LocationInvariant x -> LocationInvariant.to_yaml' x @@ -442,6 +500,8 @@ struct | LoopInvariantCertificate x -> LoopInvariantCertificate.to_yaml' x | PreconditionLoopInvariantCertificate x -> PreconditionLoopInvariantCertificate.to_yaml' x | InvariantSet x -> InvariantSet.to_yaml' x + | GhostVariable x -> GhostVariable.to_yaml' x + | GhostUpdate x -> GhostUpdate.to_yaml' x let of_yaml y = let open GobYaml in @@ -467,8 +527,14 @@ struct else if entry_type = InvariantSet.entry_type then let+ x = y |> InvariantSet.of_yaml in InvariantSet x + else if entry_type = GhostVariable.entry_type then + let+ x = y |> GhostVariable.of_yaml in + GhostVariable x + else if entry_type = GhostUpdate.entry_type then + let+ x = y |> GhostUpdate.of_yaml in + GhostUpdate x else - Error (`Msg "entry_type") + Error (`Msg ("entry_type " ^ entry_type)) end module Entry = From 688c4dc2914897d72bcf8595286d2a49257ebef6 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 17:07:24 +0200 Subject: [PATCH 004/164] Add mutexGhosts analysis --- src/analyses/mutexGhosts.ml | 41 +++++++++++++++++++++++++++++++++++++ src/cdomains/lockDomain.ml | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 src/analyses/mutexGhosts.ml diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml new file mode 100644 index 0000000000..fd5f9b5f00 --- /dev/null +++ b/src/analyses/mutexGhosts.ml @@ -0,0 +1,41 @@ +(** ([mutexGhosts]). *) + +open Analyses + + +module Spec = +struct + include UnitAnalysis.Spec + let name () = "mutexGhosts" + + module V = + struct + include Node + let is_write_only _ = true + end + + module Locked = + struct + include LockDomain.Mutexes + let name () = "locked" + end + module Unlocked = + struct + include LockDomain.Mutexes + let name () = "unlocked" + end + module G = Lattice.Prod (Locked) (Unlocked) + + let event ctx e octx = + begin match e with + | Events.Lock (l, _) -> + ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot ()) + | Events.Unlock l -> + ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l) + | _ -> () + end; + ctx.local +end + +let _ = + MCP.register_analysis ~dep:["mutexEvents"] (module Spec : MCPSpec) diff --git a/src/cdomains/lockDomain.ml b/src/cdomains/lockDomain.ml index 107c1c0692..a7b3c93571 100644 --- a/src/cdomains/lockDomain.ml +++ b/src/cdomains/lockDomain.ml @@ -8,7 +8,7 @@ module IdxDom = ValueDomain.IndexDomain open GoblintCil module Mutexes = SetDomain.ToppedSet (Addr) (struct let topname = "All mutexes" end) (* TODO: AD? *) -module Simple = Lattice.Reverse (Mutexes) +module Simple = SetDomain.Reverse (Mutexes) module Priorities = IntDomain.Lifted module Lockset = From 45be1644d407c182fd2919b1403eb09ca3af2413 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 17:30:09 +0200 Subject: [PATCH 005/164] Add YamlEntryGlobal query --- src/analyses/mCP.ml | 4 ++++ src/domains/queries.ml | 9 +++++++++ src/framework/constraints.ml | 24 ++++++++++++++++++++++++ src/witness/yamlWitness.ml | 20 ++++++++++++++++++++ src/witness/yamlWitnessType.ml | 30 ++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+) diff --git a/src/analyses/mCP.ml b/src/analyses/mCP.ml index a3943651c0..8f66f8049d 100644 --- a/src/analyses/mCP.ml +++ b/src/analyses/mCP.ml @@ -283,6 +283,10 @@ struct (* InvariantGlobal is special: it only goes to corresponding analysis and the argument variant is unlifted for it *) let (n, g): V.t = Obj.obj g in f ~q:(InvariantGlobal (Obj.repr g)) (Result.top ()) (n, spec n, assoc n ctx.local) + | Queries.YamlEntryGlobal (g, task) -> + (* YamlEntryGlobal is special: it only goes to corresponding analysis and the argument variant is unlifted for it *) + let (n, g): V.t = Obj.obj g in + f ~q:(YamlEntryGlobal (Obj.repr g, task)) (Result.top ()) (n, spec n, assoc n ctx.local) | Queries.PartAccess a -> Obj.repr (access ctx a) | Queries.IterSysVars (vq, fi) -> diff --git a/src/domains/queries.ml b/src/domains/queries.ml index f5fc832a9e..cc63e5fc0d 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -63,6 +63,8 @@ type invariant_context = Invariant.context = { } [@@deriving ord, hash] +module YS = SetDomain.ToppedSet (YamlWitnessType.Entry) (struct let topname = "Top" end) + (** GADT for queries with specific result type. *) type _ t = @@ -126,6 +128,7 @@ type _ t = | MustTermAllLoops: MustBool.t t | IsEverMultiThreaded: MayBool.t t | TmpSpecial: Mval.Exp.t -> ML.t t + | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t type 'a result = 'a @@ -195,6 +198,7 @@ struct | MustTermAllLoops -> (module MustBool) | IsEverMultiThreaded -> (module MayBool) | TmpSpecial _ -> (module ML) + | YamlEntryGlobal _ -> (module YS) (** Get bottom result for query. *) let bot (type a) (q: a t): a result = @@ -263,6 +267,7 @@ struct | MustTermAllLoops -> MustBool.top () | IsEverMultiThreaded -> MayBool.top () | TmpSpecial _ -> ML.top () + | YamlEntryGlobal _ -> YS.top () end (* The type any_query can't be directly defined in Any as t, @@ -328,6 +333,7 @@ struct | Any IsEverMultiThreaded -> 55 | Any (TmpSpecial _) -> 56 | Any (IsAllocVar _) -> 57 + | Any (YamlEntryGlobal _) -> 58 let rec compare a b = let r = Stdlib.compare (order a) (order b) in @@ -375,6 +381,7 @@ struct | Any (WarnGlobal vi1), Any (WarnGlobal vi2) -> Stdlib.compare (Hashtbl.hash vi1) (Hashtbl.hash vi2) | Any (Invariant i1), Any (Invariant i2) -> compare_invariant_context i1 i2 | Any (InvariantGlobal vi1), Any (InvariantGlobal vi2) -> Stdlib.compare (Hashtbl.hash vi1) (Hashtbl.hash vi2) + | Any (YamlEntryGlobal (vi1, task1)), Any (YamlEntryGlobal (vi2, task2)) -> Stdlib.compare (Hashtbl.hash vi1) (Hashtbl.hash vi2) (* TODO: compare task *) | Any (IterSysVars (vq1, vf1)), Any (IterSysVars (vq2, vf2)) -> VarQuery.compare vq1 vq2 (* not comparing fs *) | Any (MutexType m1), Any (MutexType m2) -> Mval.Unit.compare m1 m2 | Any (MustProtectedVars m1), Any (MustProtectedVars m2) -> compare_mustprotectedvars m1 m2 @@ -418,6 +425,7 @@ struct | Any (Invariant i) -> hash_invariant_context i | Any (MutexType m) -> Mval.Unit.hash m | Any (InvariantGlobal vi) -> Hashtbl.hash vi + | Any (YamlEntryGlobal (vi, task)) -> Hashtbl.hash vi (* TODO: hash task *) | Any (MustProtectedVars m) -> hash_mustprotectedvars m | Any (MayBeModifiedSinceSetjmp e) -> JmpBufDomain.BufferEntry.hash e | Any (MustBeSingleThreaded {since_start}) -> Hashtbl.hash since_start @@ -474,6 +482,7 @@ struct | Any (WarnGlobal vi) -> Pretty.dprintf "WarnGlobal _" | Any (IterSysVars _) -> Pretty.dprintf "IterSysVars _" | Any (InvariantGlobal i) -> Pretty.dprintf "InvariantGlobal _" + | Any (YamlEntryGlobal (i, task)) -> Pretty.dprintf "YamlEntryGlobal _" | Any (MutexType (v,o)) -> Pretty.dprintf "MutexType _" | Any (EvalMutexAttr a) -> Pretty.dprintf "EvalMutexAttr _" | Any MayAccessed -> Pretty.dprintf "MayAccessed" diff --git a/src/framework/constraints.ml b/src/framework/constraints.ml index 52022b8aee..367386c6f1 100644 --- a/src/framework/constraints.ml +++ b/src/framework/constraints.ml @@ -1250,6 +1250,14 @@ struct | `Right g -> Queries.Result.top q end + | YamlEntryGlobal (g, task) -> + let g: V.t = Obj.obj g in + begin match g with + | `Left g -> + S.query (conv ctx) (YamlEntryGlobal (Obj.repr g, task)) + | `Right g -> + Queries.Result.top q + end | IterSysVars (vq, vf) -> (* vars for S *) let vf' x = vf (Obj.repr (V.s (Obj.obj x))) in @@ -1365,6 +1373,14 @@ struct | _ -> Queries.Result.top q end + | YamlEntryGlobal (g, task) -> + let g: V.t = Obj.obj g in + begin match g with + | `Left g -> + S.query (conv ctx) (YamlEntryGlobal (Obj.repr g, task)) + | _ -> + Queries.Result.top q + end | IterSysVars (vq, vf) -> (* vars for S *) let vf' x = vf (Obj.repr (V.s (Obj.obj x))) in @@ -1650,6 +1666,14 @@ struct | `Right v -> Queries.Result.top q end + | YamlEntryGlobal (v, task) -> + let v: V.t = Obj.obj v in + begin match v with + | `Left v -> + S.query (conv ctx) (YamlEntryGlobal (Obj.repr v, task)) + | `Right v -> + Queries.Result.top q + end | _ -> S.query (conv ctx) q let branch ctx = S.branch (conv ctx) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 213dd26f6f..6ea8cc6c78 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -359,6 +359,26 @@ struct entries in + (* Generate flow-insensitive invariants *) + let entries = + if true then ( + GHT.fold (fun g v acc -> + match g with + | `Left g -> (* Spec global *) + begin match R.ask_global (YamlEntryGlobal (Obj.repr g, task)) with + | `Lifted _ as inv -> + Queries.YS.fold List.cons inv acc + | `Top -> + acc + end + | `Right _ -> (* contexts global *) + acc + ) gh entries + ) + else + entries + in + (* Generate precondition invariants. We do this in three steps: 1. Collect contexts for each function diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 6412c3e7b4..823fc993ce 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -9,6 +9,7 @@ struct command_line: string option; (* TODO: description *) } + [@@deriving eq, ord, hash] let to_yaml {name; version; command_line} = `O ([ @@ -39,6 +40,7 @@ struct language: string; specification: string option; } + [@@deriving eq, ord, hash] let to_yaml {input_files; input_file_hashes; data_model; language; specification} = `O ([ @@ -78,6 +80,7 @@ struct producer: Producer.t; task: Task.t option; } + [@@deriving eq, ord, hash] let to_yaml {format_version; uuid; creation_time; producer; task} = `O ([ @@ -111,6 +114,7 @@ struct column: int; function_: string; } + [@@deriving eq, ord, hash] let to_yaml {file_name; file_hash; line; column; function_} = `O [ @@ -138,6 +142,7 @@ struct type_: string; format: string; } + [@@deriving eq, ord, hash] let to_yaml {string; type_; format} = `O [ @@ -160,6 +165,7 @@ struct location: Location.t; loop_invariant: Invariant.t; } + [@@deriving eq, ord, hash] let entry_type = "loop_invariant" @@ -182,6 +188,7 @@ struct location: Location.t; location_invariant: Invariant.t; } + [@@deriving eq, ord, hash] let entry_type = "location_invariant" @@ -203,6 +210,7 @@ struct type t = { flow_insensitive_invariant: Invariant.t; } + [@@deriving eq, ord, hash] let entry_type = "flow_insensitive_invariant" @@ -224,6 +232,7 @@ struct loop_invariant: Invariant.t; precondition: Invariant.t; } + [@@deriving eq, ord, hash] let entry_type = "precondition_loop_invariant" @@ -251,6 +260,7 @@ struct value: string; format: string; } + [@@deriving eq, ord, hash] let invariant_type = "loop_invariant" @@ -282,6 +292,7 @@ struct type t = | LocationInvariant of LocationInvariant.t | LoopInvariant of LoopInvariant.t + [@@deriving eq, ord, hash] let invariant_type = function | LocationInvariant _ -> LocationInvariant.invariant_type @@ -309,6 +320,7 @@ struct type t = { invariant_type: InvariantType.t; } + [@@deriving eq, ord, hash] let to_yaml {invariant_type} = `O [ @@ -327,6 +339,7 @@ struct type t = { content: Invariant.t list; } + [@@deriving eq, ord, hash] let entry_type = "invariant_set" @@ -346,6 +359,7 @@ struct type_: string; file_hash: string; } + [@@deriving eq, ord, hash] let to_yaml {uuid; type_; file_hash} = `O [ @@ -369,6 +383,7 @@ struct type_: string; format: string; } + [@@deriving eq, ord, hash] let to_yaml {string; type_; format} = `O [ @@ -391,6 +406,7 @@ struct target: Target.t; certification: Certification.t; } + [@@deriving eq, ord, hash] let entry_type = "loop_invariant_certificate" @@ -421,6 +437,7 @@ struct type_: string; initial: string; } + [@@deriving eq, ord, hash] let entry_type = "ghost_variable" @@ -449,6 +466,7 @@ struct location: Location.t; (* TODO: branching? *) } + [@@deriving eq, ord, hash] let entry_type = "ghost_update" @@ -480,6 +498,7 @@ struct | InvariantSet of InvariantSet.t | GhostVariable of GhostVariable.t | GhostUpdate of GhostUpdate.t + [@@deriving eq, ord, hash] let entry_type = function | LocationInvariant _ -> LocationInvariant.entry_type @@ -539,10 +558,21 @@ end module Entry = struct + include Printable.StdLeaf + type t = { entry_type: EntryType.t; metadata: Metadata.t; } + [@@deriving eq, ord, hash] + + let name () = "YAML entry" + + let show _ = "TODO" + include Printable.SimpleShow (struct + type nonrec t = t + let show = show + end) let to_yaml {entry_type; metadata} = `O ([ From 5d3f5fe61d6d444d23deeb4ff91016689a3d8cfe Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 13 Mar 2024 17:38:02 +0200 Subject: [PATCH 006/164] Generate YAML witness ghosts for mutexes --- src/analyses/mutexGhosts.ml | 37 ++++++++++++++++++++++++++++++++++ src/witness/yamlWitness.ml | 7 ++++++- src/witness/yamlWitnessType.ml | 2 +- 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index fd5f9b5f00..fe708b8cac 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -35,6 +35,43 @@ struct | _ -> () end; ctx.local + + let query ctx (type a) (q: a Queries.t): a Queries.result = + match q with + | YamlEntryGlobal (g, task) -> + let g: V.t = Obj.obj g in + let (locked, unlocked) = ctx.global g in + let loc = Node.location g in + let location_function = (Node.find_fundec g).svar.vname in + let location = YamlWitness.Entry.location ~location:loc ~location_function in + let entries = + (* TODO: do ghost_variable-s only once *) + Locked.fold (fun l acc -> + let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let type_ = "int" in + let initial = "0" in + let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in + Queries.YS.add entry acc + ) (Locked.union locked unlocked) (Queries.YS.empty ()) + in + let entries = + Locked.fold (fun l acc -> + let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let expression = "1" in + let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + Queries.YS.add entry acc + ) locked entries + in + let entries = + Unlocked.fold (fun l acc -> + let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let expression = "0" in + let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + Queries.YS.add entry acc + ) unlocked entries + in + entries + | _ -> Queries.Result.top q end let _ = diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 6ea8cc6c78..e04a4c9744 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -367,7 +367,12 @@ struct | `Left g -> (* Spec global *) begin match R.ask_global (YamlEntryGlobal (Obj.repr g, task)) with | `Lifted _ as inv -> - Queries.YS.fold List.cons inv acc + Queries.YS.fold (fun entry acc -> + if BatList.mem_cmp YamlWitnessType.Entry.compare entry acc then (* TODO: be efficient *) + acc + else + entry :: acc + ) inv acc | `Top -> acc end diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 823fc993ce..4bdb730b82 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -562,7 +562,7 @@ struct type t = { entry_type: EntryType.t; - metadata: Metadata.t; + metadata: Metadata.t [@equal fun _ _ -> true] [@compare fun _ _ -> 0] [@hash fun _ -> 1]; } [@@deriving eq, ord, hash] From a80242ae55587538f78e4ff4c3d1b5ee6601a776 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 10:52:05 +0200 Subject: [PATCH 007/164] Make protection privatization more precise with earlyglobs --- src/analyses/basePriv.ml | 4 +-- tests/regression/13-privatized/74-mutex.t | 32 +++++++++++++++++++++++ tests/regression/13-privatized/dune | 2 ++ 3 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 tests/regression/13-privatized/74-mutex.t create mode 100644 tests/regression/13-privatized/dune diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 125429231e..f08e7d710e 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -687,8 +687,8 @@ struct if not invariant then ( if not (Param.handle_atomic && ask.f MustBeAtomic) then sideg (V.unprotected x) v; (* Delay publishing unprotected write in the atomic section. *) - if !earlyglobs then (* earlyglobs workaround for 13/60 *) - sideg (V.protected x) v + if !earlyglobs && not (ThreadFlag.is_currently_multi ask) then (* earlyglobs workaround for 13/60 *) + sideg (V.protected x) v (* Also side to protected because with earlyglobs enter_multithreaded does not side everything to protected *) (* Unlock after invariant will still side effect refined value (if protected) from CPA, because cannot distinguish from non-invariant write since W is implicit. *) ); if Param.handle_atomic && ask.f MustBeAtomic then diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t new file mode 100644 index 0000000000..21c89cd524 --- /dev/null +++ b/tests/regression/13-privatized/74-mutex.t @@ -0,0 +1,32 @@ + $ goblint --enable ana.sv-comp.functions 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 1 + total lines: 15 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + +Should also work with earlyglobs. +Earlyglobs shouldn't cause protected writes in multithreaded mode from being immediately published to protected invariant. + + $ goblint --enable ana.sv-comp.functions --enable exp.earlyglobs 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 1 + total lines: 15 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 diff --git a/tests/regression/13-privatized/dune b/tests/regression/13-privatized/dune new file mode 100644 index 0000000000..23c0dd3290 --- /dev/null +++ b/tests/regression/13-privatized/dune @@ -0,0 +1,2 @@ +(cram + (deps (glob_files *.c))) From 086e60d9dc2c81c718e78f1b444ec63467d7bdf9 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 11:51:12 +0200 Subject: [PATCH 008/164] Add ask argument to BasePriv invariant_global-s --- src/analyses/base.ml | 2 +- src/analyses/basePriv.ml | 14 +++++++------- src/analyses/basePriv.mli | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 9aca9e2079..7c6b2bf73f 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1243,7 +1243,7 @@ struct (* TODO: account for single-threaded values without earlyglobs. *) match g with | `Left g' -> (* priv *) - Priv.invariant_global (priv_getg ctx.global) g' + Priv.invariant_global (Analyses.ask_of_ctx ctx) (priv_getg ctx.global) g' | `Right _ -> (* thread return *) Invariant.none ) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index f08e7d710e..ea46e25689 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -42,7 +42,7 @@ sig val thread_join: ?force:bool -> Q.ask -> (V.t -> G.t) -> Cil.exp -> BaseComponents (D).t -> BaseComponents (D).t val thread_return: Q.ask -> (V.t -> G.t) -> (V.t -> G.t -> unit) -> ThreadIdDomain.Thread.t -> BaseComponents (D).t -> BaseComponents (D).t - val invariant_global: (V.t -> G.t) -> V.t -> Invariant.t + val invariant_global: Q.ask -> (V.t -> G.t) -> V.t -> Invariant.t val invariant_vars: Q.ask -> (V.t -> G.t) -> BaseComponents (D).t -> varinfo list val init: unit -> unit @@ -131,7 +131,7 @@ struct let thread_join ?(force=false) ask get e st = st let thread_return ask get set tid st = st - let invariant_global getg g = + let invariant_global ask getg g = ValueDomain.invariant_global getg g let invariant_vars ask getg st = [] @@ -211,7 +211,7 @@ struct let thread_join ?(force=false) ask get e st = st let thread_return ask get set tid st = st - let invariant_global getg = function + let invariant_global ask getg = function | `Right g' -> (* global *) ValueDomain.invariant_global (read_unprotected_global getg) g' | _ -> (* mutex *) @@ -621,7 +621,7 @@ struct let get_mutex_inits' = CPA.find x get_mutex_inits in VD.join get_mutex_global_x' get_mutex_inits' - let invariant_global getg = function + let invariant_global ask getg = function | `Middle g -> (* global *) ValueDomain.invariant_global (read_unprotected_global getg) g | `Left _ @@ -777,7 +777,7 @@ struct vf (V.protected g); | _ -> () - let invariant_global getg g = + let invariant_global ask getg g = match g with | `Left g' -> (* unprotected *) ValueDomain.invariant_global (fun g -> getg (V.unprotected g)) g' @@ -841,7 +841,7 @@ struct open Locksets - let invariant_global getg = function + let invariant_global ask getg = function | `Right g' -> (* global *) ValueDomain.invariant_global (fun x -> GWeak.fold (fun s' tm acc -> @@ -1633,7 +1633,7 @@ struct let threadenter ask st = time "threadenter" (Priv.threadenter ask) st let threadspawn ask get set st = time "threadspawn" (Priv.threadspawn ask get set) st let iter_sys_vars getg vq vf = time "iter_sys_vars" (Priv.iter_sys_vars getg vq) vf - let invariant_global getg v = time "invariant_global" (Priv.invariant_global getg) v + let invariant_global ask getg v = time "invariant_global" (Priv.invariant_global ask getg) v let invariant_vars ask getg st = time "invariant_vars" (Priv.invariant_vars ask getg) st let thread_join ?(force=false) ask get e st = time "thread_join" (Priv.thread_join ~force ask get e) st diff --git a/src/analyses/basePriv.mli b/src/analyses/basePriv.mli index 6906e6e4e1..e176a450fa 100644 --- a/src/analyses/basePriv.mli +++ b/src/analyses/basePriv.mli @@ -31,7 +31,7 @@ sig val thread_join: ?force:bool -> Queries.ask -> (V.t -> G.t) -> Cil.exp -> BaseDomain.BaseComponents (D).t -> BaseDomain.BaseComponents (D).t val thread_return: Queries.ask -> (V.t -> G.t) -> (V.t -> G.t -> unit) -> ThreadIdDomain.Thread.t -> BaseDomain.BaseComponents (D).t -> BaseDomain.BaseComponents (D).t - val invariant_global: (V.t -> G.t) -> V.t -> Invariant.t + val invariant_global: Queries.ask -> (V.t -> G.t) -> V.t -> Invariant.t (** Provides [Queries.InvariantGlobal] result for base. Should account for all unprotected/weak values of global variables. *) From b2d09da76450c1f57909247904bb828f5cf407df Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 12:07:56 +0200 Subject: [PATCH 009/164] Add MustProtectingLocks query --- src/analyses/mutexAnalysis.ml | 3 +++ src/domains/queries.ml | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/src/analyses/mutexAnalysis.ml b/src/analyses/mutexAnalysis.ml index 138f65ab47..1d134425f1 100644 --- a/src/analyses/mutexAnalysis.ml +++ b/src/analyses/mutexAnalysis.ml @@ -233,6 +233,9 @@ struct true else *) Mutexes.leq mutex_lockset protecting + | Queries.MustProtectingLocks g -> + let protecting = protecting ~write:true Strong g in + Mutexes.fold Queries.AD.add protecting (Queries.AD.empty ()) | Queries.MustLockset -> let held_locks = Lockset.export_locks (Lockset.filter snd ls) in Mutexes.fold (fun addr ls -> Queries.AD.add addr ls) held_locks (Queries.AD.empty ()) diff --git a/src/domains/queries.ml b/src/domains/queries.ml index cc63e5fc0d..3fd8c1fc87 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -117,6 +117,7 @@ type _ t = | MustJoinedThreads: ConcDomain.MustThreadSet.t t | ThreadsJoinedCleanly: MustBool.t t | MustProtectedVars: mustprotectedvars -> VS.t t + | MustProtectingLocks: CilType.Varinfo.t -> AD.t t | Invariant: invariant_context -> Invariant.t t | InvariantGlobal: Obj.t -> Invariant.t t (** Argument must be of corresponding [Spec.V.t]. *) | WarnGlobal: Obj.t -> Unit.t t (** Argument must be of corresponding [Spec.V.t]. *) @@ -187,6 +188,7 @@ struct | MustJoinedThreads -> (module ConcDomain.MustThreadSet) | ThreadsJoinedCleanly -> (module MustBool) | MustProtectedVars _ -> (module VS) + | MustProtectingLocks _ -> (module AD) | Invariant _ -> (module Invariant) | InvariantGlobal _ -> (module Invariant) | WarnGlobal _ -> (module Unit) @@ -256,6 +258,7 @@ struct | MustJoinedThreads -> ConcDomain.MustThreadSet.top () | ThreadsJoinedCleanly -> MustBool.top () | MustProtectedVars _ -> VS.top () + | MustProtectingLocks _ -> AD.top () | Invariant _ -> Invariant.top () | InvariantGlobal _ -> Invariant.top () | WarnGlobal _ -> Unit.top () @@ -334,6 +337,7 @@ struct | Any (TmpSpecial _) -> 56 | Any (IsAllocVar _) -> 57 | Any (YamlEntryGlobal _) -> 58 + | Any (MustProtectingLocks _) -> 59 let rec compare a b = let r = Stdlib.compare (order a) (order b) in @@ -385,6 +389,7 @@ struct | Any (IterSysVars (vq1, vf1)), Any (IterSysVars (vq2, vf2)) -> VarQuery.compare vq1 vq2 (* not comparing fs *) | Any (MutexType m1), Any (MutexType m2) -> Mval.Unit.compare m1 m2 | Any (MustProtectedVars m1), Any (MustProtectedVars m2) -> compare_mustprotectedvars m1 m2 + | Any (MustProtectingLocks g1), Any (MustProtectingLocks g2) -> CilType.Varinfo.compare g1 g2 | Any (MayBeModifiedSinceSetjmp e1), Any (MayBeModifiedSinceSetjmp e2) -> JmpBufDomain.BufferEntry.compare e1 e2 | Any (MustBeSingleThreaded {since_start=s1;}), Any (MustBeSingleThreaded {since_start=s2;}) -> Stdlib.compare s1 s2 | Any (TmpSpecial lv1), Any (TmpSpecial lv2) -> Mval.Exp.compare lv1 lv2 @@ -427,6 +432,7 @@ struct | Any (InvariantGlobal vi) -> Hashtbl.hash vi | Any (YamlEntryGlobal (vi, task)) -> Hashtbl.hash vi (* TODO: hash task *) | Any (MustProtectedVars m) -> hash_mustprotectedvars m + | Any (MustProtectingLocks g) -> CilType.Varinfo.hash g | Any (MayBeModifiedSinceSetjmp e) -> JmpBufDomain.BufferEntry.hash e | Any (MustBeSingleThreaded {since_start}) -> Hashtbl.hash since_start | Any (TmpSpecial lv) -> Mval.Exp.hash lv @@ -478,6 +484,7 @@ struct | Any MustJoinedThreads -> Pretty.dprintf "MustJoinedThreads" | Any ThreadsJoinedCleanly -> Pretty.dprintf "ThreadsJoinedCleanly" | Any (MustProtectedVars m) -> Pretty.dprintf "MustProtectedVars _" + | Any (MustProtectingLocks g) -> Pretty.dprintf "MustProtectingLocks _" | Any (Invariant i) -> Pretty.dprintf "Invariant _" | Any (WarnGlobal vi) -> Pretty.dprintf "WarnGlobal _" | Any (IterSysVars _) -> Pretty.dprintf "IterSysVars _" From 526d88aac4ee38d350d8a17b0691766c8dc37e31 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 12:08:31 +0200 Subject: [PATCH 010/164] Generate protected flow-insensitive invariants with ghosts --- src/analyses/basePriv.ml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index ea46e25689..1863625546 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -777,12 +777,18 @@ struct vf (V.protected g); | _ -> () - let invariant_global ask getg g = + let invariant_global (ask: Q.ask) getg g = match g with | `Left g' -> (* unprotected *) ValueDomain.invariant_global (fun g -> getg (V.unprotected g)) g' - | `Right g -> (* protected *) - Invariant.none + | `Right g' -> (* protected *) + let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) + let locks = ask.f (Q.MustProtectingLocks g') in + Q.AD.fold (fun m acc -> + let variable = LockDomain.Addr.show m in (* TODO: valid C name *) + let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + Invariant.(acc || of_exp (Lval (Var var, NoOffset))) + ) locks inv let invariant_vars ask getg st = protected_vars ask end From d536db4708977e10d9946c68fb69effb56e69b24 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 12:10:20 +0200 Subject: [PATCH 011/164] Make mutex ghost variable names distinct from mutex variables --- src/analyses/basePriv.ml | 2 +- src/analyses/mutexGhosts.ml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 1863625546..c34808522b 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -785,7 +785,7 @@ struct let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) let locks = ask.f (Q.MustProtectingLocks g') in Q.AD.fold (fun m acc -> - let variable = LockDomain.Addr.show m in (* TODO: valid C name *) + let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in Invariant.(acc || of_exp (Lval (Var var, NoOffset))) ) locks inv diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index fe708b8cac..1cc3cdca02 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -47,7 +47,7 @@ struct let entries = (* TODO: do ghost_variable-s only once *) Locked.fold (fun l acc -> - let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) let type_ = "int" in let initial = "0" in let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in @@ -56,7 +56,7 @@ struct in let entries = Locked.fold (fun l acc -> - let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) let expression = "1" in let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in Queries.YS.add entry acc @@ -64,7 +64,7 @@ struct in let entries = Unlocked.fold (fun l acc -> - let variable = LockDomain.Addr.show l in (* TODO: valid C name *) + let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) let expression = "0" in let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in Queries.YS.add entry acc From 2eafa692f26d25897f67748a89b5c1aa9e1e9da1 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 12:26:34 +0200 Subject: [PATCH 012/164] Document MutexGhosts --- src/analyses/mutexGhosts.ml | 2 +- src/goblint_lib.ml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 1cc3cdca02..b8792a2bf8 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -1,4 +1,4 @@ -(** ([mutexGhosts]). *) +(** Analysis for generating ghost variables corresponding to mutexes ([mutexGhosts]). *) open Analyses diff --git a/src/goblint_lib.ml b/src/goblint_lib.ml index e06cc8fa08..c0de408f05 100644 --- a/src/goblint_lib.ml +++ b/src/goblint_lib.ml @@ -106,6 +106,7 @@ module MutexAnalysis = MutexAnalysis module MayLocks = MayLocks module SymbLocks = SymbLocks module Deadlock = Deadlock +module MutexGhosts = MutexGhosts (** {3 Threads} From 470ddbc8490d6daaaee397288e328a3f249ca333 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 12:36:15 +0200 Subject: [PATCH 013/164] Fix coverage build --- src/analyses/basePriv.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index c34808522b..a24c686a3a 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -787,7 +787,7 @@ struct Q.AD.fold (fun m acc -> let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in - Invariant.(acc || of_exp (Lval (Var var, NoOffset))) + Invariant.(acc || of_exp (Lval (GoblintCil.var var))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) locks inv let invariant_vars ask getg st = protected_vars ask From 0d5ef634d8c2b0bd3adac807b4b65e726e2d03b0 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 13:38:57 +0200 Subject: [PATCH 014/164] Make mutex-meet privatization more precise with earlyglobs --- src/analyses/basePriv.ml | 7 +++-- tests/regression/13-privatized/74-mutex.t | 38 +++++++++++++++++++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index a24c686a3a..6e9384389b 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -329,8 +329,11 @@ struct in if not invariant then ( if M.tracing then M.tracel "priv" "WRITE GLOBAL SIDE %a = %a\n" CilType.Varinfo.pretty x VD.pretty v; - sideg (V.global x) (CPA.singleton x v) - (* Unlock after invariant will still side effect refined value (if protected) from CPA, because cannot distinguish from non-invariant write. *) + let side_cpa = CPA.singleton x v in + sideg (V.global x) side_cpa; + if !earlyglobs && not (ThreadFlag.is_currently_multi ask) then + sideg V.mutex_inits side_cpa (* Also side to inits because with earlyglobs enter_multithreaded does not side everything to inits *) + (* Unlock after invariant will still side effect refined value (if protected) from CPA, because cannot distinguish from non-invariant write. *) ); {st with cpa = cpa'} (* let write_global ask getg sideg cpa x v = diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 21c89cd524..810352de44 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -16,7 +16,41 @@ Should also work with earlyglobs. Earlyglobs shouldn't cause protected writes in multithreaded mode from being immediately published to protected invariant. - $ goblint --enable ana.sv-comp.functions --enable exp.earlyglobs 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable exp.earlyglobs 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 1 + total lines: 15 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + +Same with mutex-meet. + + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 1 + total lines: 15 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + +Should also work with earlyglobs. + + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable exp.earlyglobs 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) From a714dc6d512773c046a1c5dd1f937723623d0c21 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 13:47:17 +0200 Subject: [PATCH 015/164] Generate mutex-meet flow-insensitive invariants with ghosts --- src/analyses/basePriv.ml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 6e9384389b..b28381f9c6 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -294,6 +294,20 @@ module PerMutexMeetPrivBase = struct include PerMutexPrivBase + let invariant_global ask getg = function + | `Left m' as m -> (* mutex *) + let cpa = getg m in + let inv = CPA.fold (fun v _ acc -> + let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in + Invariant.(acc && inv) + ) cpa Invariant.none + in + let variable = LockDomain.Addr.show m' ^ "_locked" in (* TODO: valid C name *) + let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + Invariant.(inv || of_exp (Lval (GoblintCil.var var))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + | g -> (* global *) + invariant_global ask getg g + let invariant_vars ask getg (st: _ BaseDomain.basecomponents_t) = (* Mutex-meet local states contain precisely the protected global variables, so we can do fewer queries than {!protected_vars}. *) From 652aeaeaca2c07f03265024ad751ca0a83e41fe5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 17:02:54 +0200 Subject: [PATCH 016/164] Add ghost variable for multithreaded mode --- src/analyses/base.ml | 11 +++++++++-- src/analyses/mutexGhosts.ml | 28 ++++++++++++++++++++++++---- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 7c6b2bf73f..7f73fd42af 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1237,13 +1237,20 @@ struct Invariant.none let query_invariant_global ctx g = - if GobConfig.get_bool "ana.base.invariant.enabled" && get_bool "exp.earlyglobs" then ( + if GobConfig.get_bool "ana.base.invariant.enabled" then ( (* Currently these global invariants are only sound with earlyglobs enabled for both single- and multi-threaded programs. Otherwise, the values of globals in single-threaded mode are not accounted for. *) (* TODO: account for single-threaded values without earlyglobs. *) match g with | `Left g' -> (* priv *) - Priv.invariant_global (Analyses.ask_of_ctx ctx) (priv_getg ctx.global) g' + let inv = Priv.invariant_global (Analyses.ask_of_ctx ctx) (priv_getg ctx.global) g' in + if get_bool "exp.earlyglobs" then + inv + else ( + let variable = "multithreaded" in + let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + Invariant.(inv || of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) | `Right _ -> (* thread return *) Invariant.none ) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index b8792a2bf8..6a0b8d56e4 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -24,14 +24,21 @@ struct include LockDomain.Mutexes let name () = "unlocked" end - module G = Lattice.Prod (Locked) (Unlocked) + module MultiThread = + struct + include BoolDomain.MayBool + let name () = "multithread" + end + module G = Lattice.Prod3 (Locked) (Unlocked) (MultiThread) let event ctx e octx = begin match e with | Events.Lock (l, _) -> - ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot ()) + ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ()) | Events.Unlock l -> - ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l) + ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ()) + | Events.EnterMultiThreaded -> + ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.bot (), true) | _ -> () end; ctx.local @@ -40,7 +47,7 @@ struct match q with | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in - let (locked, unlocked) = ctx.global g in + let (locked, unlocked, multithread) = ctx.global g in let loc = Node.location g in let location_function = (Node.find_fundec g).svar.vname in let location = YamlWitness.Entry.location ~location:loc ~location_function in @@ -70,6 +77,19 @@ struct Queries.YS.add entry acc ) unlocked entries in + let entries = + if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( + let variable = "multithreaded" in + let type_ = "int" in + let initial = "0" in + let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in + let expression = "1" in + let entry' = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + Queries.YS.add entry (Queries.YS.add entry' entries) + ) + else + entries + in entries | _ -> Queries.Result.top q end From 7c33c72abe086f984afa16439af06518063e5ed8 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 17:07:53 +0200 Subject: [PATCH 017/164] Reorder disjuncts in privatized invariants in implication order This also means that the global variable is (lazily) not accessed when the condition isn't met. --- src/analyses/base.ml | 2 +- src/analyses/basePriv.ml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 7f73fd42af..a4e5ab412a 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1249,7 +1249,7 @@ struct else ( let variable = "multithreaded" in let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in - Invariant.(inv || of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) | `Right _ -> (* thread return *) Invariant.none diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index b28381f9c6..1950c6219d 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -304,7 +304,7 @@ struct in let variable = LockDomain.Addr.show m' ^ "_locked" in (* TODO: valid C name *) let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in - Invariant.(inv || of_exp (Lval (GoblintCil.var var))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) | g -> (* global *) invariant_global ask getg g @@ -804,7 +804,7 @@ struct Q.AD.fold (fun m acc -> let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in - Invariant.(acc || of_exp (Lval (GoblintCil.var var))) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) locks inv let invariant_vars ask getg st = protected_vars ask From 4381e9fafa8108af5baf3d49e6e560fae0e7b7cc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 17:22:28 +0200 Subject: [PATCH 018/164] Fix MustProtectingLocks query crash with top Happened on 13-privatized/01-priv_nr --- src/analyses/basePriv.ml | 14 +++++++++----- src/analyses/mutexAnalysis.ml | 5 ++++- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 1950c6219d..a26ed3bac3 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -801,11 +801,15 @@ struct | `Right g' -> (* protected *) let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) let locks = ask.f (Q.MustProtectingLocks g') in - Q.AD.fold (fun m acc -> - let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) - let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in - Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) - ) locks inv + if Q.AD.is_top locks then + Invariant.none + else ( + Q.AD.fold (fun m acc -> + let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) + let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) locks inv + ) let invariant_vars ask getg st = protected_vars ask end diff --git a/src/analyses/mutexAnalysis.ml b/src/analyses/mutexAnalysis.ml index 1d134425f1..7e877d7dad 100644 --- a/src/analyses/mutexAnalysis.ml +++ b/src/analyses/mutexAnalysis.ml @@ -235,7 +235,10 @@ struct Mutexes.leq mutex_lockset protecting | Queries.MustProtectingLocks g -> let protecting = protecting ~write:true Strong g in - Mutexes.fold Queries.AD.add protecting (Queries.AD.empty ()) + if Mutexes.is_top protecting then + Queries.AD.top () + else + Mutexes.fold Queries.AD.add protecting (Queries.AD.empty ()) | Queries.MustLockset -> let held_locks = Lockset.export_locks (Lockset.filter snd ls) in Mutexes.fold (fun addr ls -> Queries.AD.add addr ls) held_locks (Queries.AD.empty ()) From 60a51b986900e2efa77924fb6fb83c689e6917f2 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 17:27:01 +0200 Subject: [PATCH 019/164] Fix protection privatization protected invariant with no protecting mutexes Happened on 13-privatized/02-priv_rc. --- src/analyses/basePriv.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index a26ed3bac3..891e8d2183 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -799,11 +799,11 @@ struct | `Left g' -> (* unprotected *) ValueDomain.invariant_global (fun g -> getg (V.unprotected g)) g' | `Right g' -> (* protected *) - let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) let locks = ask.f (Q.MustProtectingLocks g') in - if Q.AD.is_top locks then + if Q.AD.is_top locks || Q.AD.is_empty locks then Invariant.none else ( + let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in From fd84cd95f93b82b0f062e82f5683b011a52fc09e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Mar 2024 17:31:19 +0200 Subject: [PATCH 020/164] Fix mutex-meet privatization protected invariant with no protecting mutexes Happened on 13-privatized/02-priv_rc. --- src/analyses/basePriv.ml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 891e8d2183..94f0f4092b 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -294,12 +294,15 @@ module PerMutexMeetPrivBase = struct include PerMutexPrivBase - let invariant_global ask getg = function + let invariant_global (ask: Q.ask) getg = function | `Left m' as m -> (* mutex *) let cpa = getg m in let inv = CPA.fold (fun v _ acc -> - let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in - Invariant.(acc && inv) + if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then + let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in + Invariant.(acc && inv) + else + acc ) cpa Invariant.none in let variable = LockDomain.Addr.show m' ^ "_locked" in (* TODO: valid C name *) From 516e3adc1128fef03ec49ec9bb1b03814914f462 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 15 Mar 2024 12:31:06 +0200 Subject: [PATCH 021/164] Use RichVarinfo for witness ghost variables --- src/analyses/base.ml | 3 +-- src/analyses/basePriv.ml | 6 ++---- src/analyses/mutexGhosts.ml | 8 ++++---- src/goblint_lib.ml | 1 + src/witness/witnessGhost.ml | 21 +++++++++++++++++++++ 5 files changed, 29 insertions(+), 10 deletions(-) create mode 100644 src/witness/witnessGhost.ml diff --git a/src/analyses/base.ml b/src/analyses/base.ml index a4e5ab412a..7ba0d5f706 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1247,8 +1247,7 @@ struct if get_bool "exp.earlyglobs" then inv else ( - let variable = "multithreaded" in - let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + let var = WitnessGhost.to_varinfo Multithreaded in Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) | `Right _ -> (* thread return *) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 94f0f4092b..deb603a110 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -305,8 +305,7 @@ struct acc ) cpa Invariant.none in - let variable = LockDomain.Addr.show m' ^ "_locked" in (* TODO: valid C name *) - let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + let var = WitnessGhost.to_varinfo (Locked m') in Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) | g -> (* global *) invariant_global ask getg g @@ -808,8 +807,7 @@ struct else ( let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> - let variable = LockDomain.Addr.show m ^ "_locked" in (* TODO: valid C name *) - let var = Cilfacade.create_var (GoblintCil.makeGlobalVar variable GoblintCil.intType) in + let var = WitnessGhost.to_varinfo (Locked m) in Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) locks inv ) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 6a0b8d56e4..aedbeac0d4 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -54,7 +54,7 @@ struct let entries = (* TODO: do ghost_variable-s only once *) Locked.fold (fun l acc -> - let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) + let variable = WitnessGhost.name_varinfo (Locked l) in let type_ = "int" in let initial = "0" in let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in @@ -63,7 +63,7 @@ struct in let entries = Locked.fold (fun l acc -> - let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) + let variable = WitnessGhost.name_varinfo (Locked l) in let expression = "1" in let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in Queries.YS.add entry acc @@ -71,7 +71,7 @@ struct in let entries = Unlocked.fold (fun l acc -> - let variable = LockDomain.Addr.show l ^ "_locked" in (* TODO: valid C name *) + let variable = WitnessGhost.name_varinfo (Locked l) in let expression = "0" in let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in Queries.YS.add entry acc @@ -79,7 +79,7 @@ struct in let entries = if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( - let variable = "multithreaded" in + let variable = WitnessGhost.name_varinfo Multithreaded in let type_ = "int" in let initial = "0" in let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in diff --git a/src/goblint_lib.ml b/src/goblint_lib.ml index c0de408f05..18a5d72aa7 100644 --- a/src/goblint_lib.ml +++ b/src/goblint_lib.ml @@ -333,6 +333,7 @@ module Graphml = Graphml module YamlWitness = YamlWitness module YamlWitnessType = YamlWitnessType +module WitnessGhost = WitnessGhost module WideningTokens = WideningTokens (** {3 Violation} diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml new file mode 100644 index 0000000000..a9d177a569 --- /dev/null +++ b/src/witness/witnessGhost.ml @@ -0,0 +1,21 @@ +(** Ghost variables for YAML witnesses. *) + +module Var = +struct + type t = + | Locked of LockDomain.Addr.t + | Multithreaded + [@@deriving eq, hash] + + let name_varinfo = function + | Locked l -> LockDomain.Addr.show l ^ "_locked" (* TODO: valid C name *) + | Multithreaded -> "multithreaded" + + (* TODO: define correct types *) +end + +include Var + +module Map = RichVarinfo.Make (Var) + +include Map From a10c973d2712c7b36a28fb176f72fcf99117e958 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 15 Mar 2024 12:54:52 +0200 Subject: [PATCH 022/164] Deduplicate witness ghost entry creation --- src/analyses/mutexGhosts.ml | 26 ++++++-------------------- src/witness/witnessGhost.ml | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index aedbeac0d4..0b11355d57 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -48,43 +48,29 @@ struct | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in let (locked, unlocked, multithread) = ctx.global g in - let loc = Node.location g in - let location_function = (Node.find_fundec g).svar.vname in - let location = YamlWitness.Entry.location ~location:loc ~location_function in let entries = - (* TODO: do ghost_variable-s only once *) + (* TODO: do variable_entry-s only once *) Locked.fold (fun l acc -> - let variable = WitnessGhost.name_varinfo (Locked l) in - let type_ = "int" in - let initial = "0" in - let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in + let entry = WitnessGhost.variable_entry ~task (Locked l) in Queries.YS.add entry acc ) (Locked.union locked unlocked) (Queries.YS.empty ()) in let entries = Locked.fold (fun l acc -> - let variable = WitnessGhost.name_varinfo (Locked l) in - let expression = "1" in - let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in Queries.YS.add entry acc ) locked entries in let entries = Unlocked.fold (fun l acc -> - let variable = WitnessGhost.name_varinfo (Locked l) in - let expression = "0" in - let entry = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in Queries.YS.add entry acc ) unlocked entries in let entries = if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( - let variable = WitnessGhost.name_varinfo Multithreaded in - let type_ = "int" in - let initial = "0" in - let entry = YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial in - let expression = "1" in - let entry' = YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression in + let entry = WitnessGhost.variable_entry ~task Multithreaded in + let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in Queries.YS.add entry (Queries.YS.add entry' entries) ) else diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index a9d177a569..dd4181e467 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -12,6 +12,14 @@ struct | Multithreaded -> "multithreaded" (* TODO: define correct types *) + + let type_ = function + | Locked _ -> GoblintCil.intType + | Multithreaded -> GoblintCil.intType + + let initial = function + | Locked _ -> GoblintCil.zero + | Multithreaded -> GoblintCil.zero end include Var @@ -19,3 +27,17 @@ include Var module Map = RichVarinfo.Make (Var) include Map + +let variable_entry ~task x = + let variable = name_varinfo x in + let type_ = String.trim (CilType.Typ.show (type_ x)) in (* CIL printer puts space at the end of some types *) + let initial = CilType.Exp.show (initial x) in + YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial + +let update_entry ~task ~node x e = + let loc = Node.location node in + let location_function = (Node.find_fundec node).svar.vname in + let location = YamlWitness.Entry.location ~location:loc ~location_function in + let variable = name_varinfo x in + let expression = CilType.Exp.show e in + YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression From 932ac3b312a77d09a683fa651ab114e30aec1b1e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 15 Mar 2024 13:00:59 +0200 Subject: [PATCH 023/164] Allow non-void types for RichVarinfo --- src/analyses/basePriv.ml | 2 +- src/analyses/wrapperFunctionAnalysis.ml | 2 ++ src/common/util/richVarinfo.ml | 9 +++++---- src/common/util/richVarinfo.mli | 3 ++- src/witness/witnessGhost.ml | 6 ++---- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index deb603a110..cafa84eb79 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -951,7 +951,7 @@ struct (* sync: M -> (2^M -> (G -> D)) *) include AbstractLockCenteredBase (ThreadMap) (LockCenteredBase.CPA) - let global_init_thread = RichVarinfo.single ~name:"global_init" + let global_init_thread = RichVarinfo.single ~name:"global_init" ~typ:GoblintCil.voidType let current_thread (ask: Q.ask): Thread.t = if !AnalysisState.global_initialization then ThreadIdDomain.Thread.threadinit (global_init_thread ()) ~multiple:false diff --git a/src/analyses/wrapperFunctionAnalysis.ml b/src/analyses/wrapperFunctionAnalysis.ml index 9510304e56..f3cf05c94d 100644 --- a/src/analyses/wrapperFunctionAnalysis.ml +++ b/src/analyses/wrapperFunctionAnalysis.ml @@ -144,6 +144,8 @@ module MallocWrapper : MCPSpec = struct Format.dprintf "@tid:%s" (ThreadLifted.show t) in Format.asprintf "(alloc@sid:%s%t%t)" (Node.show_id node) tid uniq_count + + let typ _ = GoblintCil.voidType end module NodeVarinfoMap = RichVarinfo.BiVarinfoMap.Make(ThreadNode) diff --git a/src/common/util/richVarinfo.ml b/src/common/util/richVarinfo.ml index d1918c40a6..6a27339eed 100644 --- a/src/common/util/richVarinfo.ml +++ b/src/common/util/richVarinfo.ml @@ -1,9 +1,9 @@ open GoblintCil -let create_var name = Cilfacade.create_var @@ makeGlobalVar name voidType +let create_var name typ = Cilfacade.create_var @@ makeGlobalVar name typ -let single ~name = - let vi = lazy (create_var name) in +let single ~name ~typ = + let vi = lazy (create_var name typ) in fun () -> Lazy.force vi @@ -21,6 +21,7 @@ module type G = sig include Hashtbl.HashedType val name_varinfo: t -> string + val typ: t -> typ end module type H = @@ -47,7 +48,7 @@ struct try XH.find !xh x with Not_found -> - let vi = create_var (X.name_varinfo x) in + let vi = create_var (X.name_varinfo x) (X.typ x) in store_f x vi; vi diff --git a/src/common/util/richVarinfo.mli b/src/common/util/richVarinfo.mli index 4e682734ee..d1c002bf84 100644 --- a/src/common/util/richVarinfo.mli +++ b/src/common/util/richVarinfo.mli @@ -2,7 +2,7 @@ open GoblintCil -val single: name:string -> (unit -> varinfo) +val single: name:string -> typ:typ -> (unit -> varinfo) module type VarinfoMap = sig @@ -18,6 +18,7 @@ module type G = sig include Hashtbl.HashedType val name_varinfo: t -> string + val typ: t -> typ end module type H = diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index dd4181e467..a0d25c5be6 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -11,9 +11,7 @@ struct | Locked l -> LockDomain.Addr.show l ^ "_locked" (* TODO: valid C name *) | Multithreaded -> "multithreaded" - (* TODO: define correct types *) - - let type_ = function + let typ = function | Locked _ -> GoblintCil.intType | Multithreaded -> GoblintCil.intType @@ -30,7 +28,7 @@ include Map let variable_entry ~task x = let variable = name_varinfo x in - let type_ = String.trim (CilType.Typ.show (type_ x)) in (* CIL printer puts space at the end of some types *) + let type_ = String.trim (CilType.Typ.show (typ x)) in (* CIL printer puts space at the end of some types *) let initial = CilType.Exp.show (initial x) in YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial From b0182659a02387cb57a32c67f65a4fa9331b4821 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 2 Apr 2024 12:19:24 +0300 Subject: [PATCH 024/164] Add cram test for privatized witness ghosts --- tests/regression/13-privatized/74-mutex.t | 142 +++++++++++++++++++++- 1 file changed, 140 insertions(+), 2 deletions(-) diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 810352de44..1be888426c 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -7,12 +7,81 @@ dead: 1 total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Witness] witness generation summary: + total generation entries: 9 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 unsafe: 0 total memory locations: 1 + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 4 + function: producer + - entry_type: ghost_update + variable: m_locked + expression: "0" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "0" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 4 + function: producer + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m_locked || used == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= used && used <= 1)' + type: assertion + format: C + Should also work with earlyglobs. Earlyglobs shouldn't cause protected writes in multithreaded mode from being immediately published to protected invariant. @@ -33,7 +102,7 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm Same with mutex-meet. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -42,12 +111,81 @@ Same with mutex-meet. dead: 1 total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Witness] witness generation summary: + total generation entries: 9 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 unsafe: 0 total memory locations: 1 + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "1" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 4 + function: producer + - entry_type: ghost_update + variable: m_locked + expression: "0" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 2 + function: main + - entry_type: ghost_update + variable: m_locked + expression: "0" + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 4 + function: producer + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m_locked || used == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= used && used <= 1)' + type: assertion + format: C + Should also work with earlyglobs. $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable exp.earlyglobs 74-mutex.c From 7992462268c057f2a26a1f5cfeeab7c0c704e5e4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 2 Apr 2024 13:42:29 +0300 Subject: [PATCH 025/164] Add cram test for witness ghosts with multiple protecting locks --- .../56-witness/64-ghost-multiple-protecting.c | 30 ++ .../56-witness/64-ghost-multiple-protecting.t | 450 ++++++++++++++++++ 2 files changed, 480 insertions(+) create mode 100644 tests/regression/56-witness/64-ghost-multiple-protecting.c create mode 100644 tests/regression/56-witness/64-ghost-multiple-protecting.t diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.c b/tests/regression/56-witness/64-ghost-multiple-protecting.c new file mode 100644 index 0000000000..0485cd124e --- /dev/null +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.c @@ -0,0 +1,30 @@ +#include + +int g1, g2; +pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; +pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER; + +void *t_fun(void *arg) { + pthread_mutex_lock(&m1); + pthread_mutex_lock(&m2); + g1 = 1; + g1 = 0; + pthread_mutex_unlock(&m2); + pthread_mutex_unlock(&m1); + + pthread_mutex_lock(&m1); + pthread_mutex_lock(&m2); + g2 = 1; + pthread_mutex_unlock(&m2); + pthread_mutex_lock(&m2); + g2 = 0; + pthread_mutex_unlock(&m2); + pthread_mutex_unlock(&m1); + return NULL; +} + +int main() { + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + return 0; +} diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t new file mode 100644 index 0000000000..7a413332a2 --- /dev/null +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -0,0 +1,450 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 19 + dead: 0 + total lines: 19 + [Info][Witness] witness generation summary: + total generation entries: 18 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + +protection doesn't have precise protected invariant for g2. + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 28 + column: 2 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 21 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 18 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 12 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 15 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 8 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 2 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m2_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || (m1_locked || g1 == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || (m1_locked || (0 <= g2 && g2 <= 1)))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g2 && g2 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C + + $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 19 + dead: 0 + total lines: 19 + [Info][Witness] witness generation summary: + total generation entries: 18 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + +protection-read has precise protected invariant for g2. + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 28 + column: 2 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 21 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 18 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 12 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 15 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 8 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 2 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m2_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || (m1_locked || g2 == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || (m1_locked || g1 == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g2 && g2 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C + + $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 19 + dead: 0 + total lines: 19 + [Info][Witness] witness generation summary: + total generation entries: 18 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 28 + column: 2 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 21 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 18 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 12 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 15 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 8 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 2 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 2 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m2_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || ((0 <= g2 && g2 <= 1) && g1 == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m1_locked || (g1 == 0 && g2 == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g2 && g2 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C From 01c9b98fc839e3591d2111b279a99765e34af6ff Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 2 Apr 2024 14:55:35 +0300 Subject: [PATCH 026/164] mutex-meet ghost invariants are maybe unsound --- .../56-witness/64-ghost-multiple-protecting.c | 11 +++ .../56-witness/64-ghost-multiple-protecting.t | 68 ++++++++++--------- 2 files changed, 46 insertions(+), 33 deletions(-) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.c b/tests/regression/56-witness/64-ghost-multiple-protecting.c index 0485cd124e..b19ab18ad5 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.c +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.c @@ -1,4 +1,5 @@ #include +#include int g1, g2; pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; @@ -26,5 +27,15 @@ void *t_fun(void *arg) { int main() { pthread_t id; pthread_create(&id, NULL, t_fun, NULL); + + /* pthread_mutex_lock(&m1); + __goblint_check(g1 == 0); + __goblint_check(g2 == 0); + pthread_mutex_unlock(&m1); + + pthread_mutex_lock(&m2); + __goblint_check(g1 == 0); + __goblint_check(g2 == 0); + pthread_mutex_unlock(&m2); */ return 0; } diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index 7a413332a2..b221d65ef1 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -20,7 +20,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 28 + line: 29 column: 2 function: main - entry_type: ghost_update @@ -29,7 +29,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 19 + line: 20 column: 2 function: t_fun - entry_type: ghost_update @@ -38,7 +38,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 16 + line: 17 column: 2 function: t_fun - entry_type: ghost_update @@ -47,7 +47,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 9 + line: 10 column: 2 function: t_fun - entry_type: ghost_update @@ -56,7 +56,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 21 + line: 22 column: 2 function: t_fun - entry_type: ghost_update @@ -65,7 +65,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 18 + line: 19 column: 2 function: t_fun - entry_type: ghost_update @@ -74,7 +74,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 12 + line: 13 column: 2 function: t_fun - entry_type: ghost_update @@ -83,7 +83,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 15 + line: 16 column: 2 function: t_fun - entry_type: ghost_update @@ -92,7 +92,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 8 + line: 9 column: 2 function: t_fun - entry_type: ghost_update @@ -101,7 +101,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 22 + line: 23 column: 2 function: t_fun - entry_type: ghost_update @@ -110,7 +110,7 @@ protection doesn't have precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 13 + line: 14 column: 2 function: t_fun - entry_type: ghost_variable @@ -171,7 +171,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 28 + line: 29 column: 2 function: main - entry_type: ghost_update @@ -180,7 +180,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 19 + line: 20 column: 2 function: t_fun - entry_type: ghost_update @@ -189,7 +189,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 16 + line: 17 column: 2 function: t_fun - entry_type: ghost_update @@ -198,7 +198,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 9 + line: 10 column: 2 function: t_fun - entry_type: ghost_update @@ -207,7 +207,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 21 + line: 22 column: 2 function: t_fun - entry_type: ghost_update @@ -216,7 +216,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 18 + line: 19 column: 2 function: t_fun - entry_type: ghost_update @@ -225,7 +225,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 12 + line: 13 column: 2 function: t_fun - entry_type: ghost_update @@ -234,7 +234,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 15 + line: 16 column: 2 function: t_fun - entry_type: ghost_update @@ -243,7 +243,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 8 + line: 9 column: 2 function: t_fun - entry_type: ghost_update @@ -252,7 +252,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 22 + line: 23 column: 2 function: t_fun - entry_type: ghost_update @@ -261,7 +261,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 13 + line: 14 column: 2 function: t_fun - entry_type: ghost_variable @@ -313,6 +313,8 @@ protection-read has precise protected invariant for g2. unsafe: 0 total memory locations: 2 +TODO: Are the mutex-meet invariants sound? + $ yamlWitnessStrip < witness.yml - entry_type: ghost_update variable: multithreaded @@ -320,7 +322,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 28 + line: 29 column: 2 function: main - entry_type: ghost_update @@ -329,7 +331,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 19 + line: 20 column: 2 function: t_fun - entry_type: ghost_update @@ -338,7 +340,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 16 + line: 17 column: 2 function: t_fun - entry_type: ghost_update @@ -347,7 +349,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 9 + line: 10 column: 2 function: t_fun - entry_type: ghost_update @@ -356,7 +358,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 21 + line: 22 column: 2 function: t_fun - entry_type: ghost_update @@ -365,7 +367,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 18 + line: 19 column: 2 function: t_fun - entry_type: ghost_update @@ -374,7 +376,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 12 + line: 13 column: 2 function: t_fun - entry_type: ghost_update @@ -383,7 +385,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 15 + line: 16 column: 2 function: t_fun - entry_type: ghost_update @@ -392,7 +394,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 8 + line: 9 column: 2 function: t_fun - entry_type: ghost_update @@ -401,7 +403,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 22 + line: 23 column: 2 function: t_fun - entry_type: ghost_update @@ -410,7 +412,7 @@ protection-read has precise protected invariant for g2. location: file_name: 64-ghost-multiple-protecting.c file_hash: $FILE_HASH - line: 13 + line: 14 column: 2 function: t_fun - entry_type: ghost_variable From d3a5a0a3f1f864652788ed6852a019566efead3a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 4 Apr 2024 17:05:34 +0300 Subject: [PATCH 027/164] Add NOWARNs to commented out checks in 56-witness/64-ghost-multiple-protecting --- .../regression/56-witness/64-ghost-multiple-protecting.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.c b/tests/regression/56-witness/64-ghost-multiple-protecting.c index b19ab18ad5..012318ac49 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.c +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.c @@ -29,13 +29,13 @@ int main() { pthread_create(&id, NULL, t_fun, NULL); /* pthread_mutex_lock(&m1); - __goblint_check(g1 == 0); - __goblint_check(g2 == 0); + __goblint_check(g1 == 0); // NOWARN (commented out) + __goblint_check(g2 == 0); // NOWARN (commented out) pthread_mutex_unlock(&m1); pthread_mutex_lock(&m2); - __goblint_check(g1 == 0); - __goblint_check(g2 == 0); + __goblint_check(g1 == 0); // NOWARN (commented out) + __goblint_check(g2 == 0); // NOWARN (commented out) pthread_mutex_unlock(&m2); */ return 0; } From 612c1ccd4fe756af60fde77d837781fe800493ae Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 15 Apr 2024 12:37:18 +0300 Subject: [PATCH 028/164] Remove TODO about mutex-meet unsound witness invariants --- tests/regression/56-witness/64-ghost-multiple-protecting.t | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index b221d65ef1..619438b3e3 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -313,8 +313,6 @@ protection-read has precise protected invariant for g2. unsafe: 0 total memory locations: 2 -TODO: Are the mutex-meet invariants sound? - $ yamlWitnessStrip < witness.yml - entry_type: ghost_update variable: multithreaded From e235ba70d1b187a0395f83729ef53f667fc41e6e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 15 Apr 2024 16:25:14 +0300 Subject: [PATCH 029/164] Rewrite mutexGhosts with may locksets per node This makes 56-witness/65-ghost-ambiguous-lock have sensible ghost updates. --- src/analyses/mutexGhosts.ml | 83 +++++---- tests/regression/13-privatized/74-mutex.c | 4 +- tests/regression/13-privatized/74-mutex.t | 20 +-- .../56-witness/64-ghost-multiple-protecting.t | 6 +- .../56-witness/65-ghost-ambiguous-lock.c | 44 +++++ .../56-witness/65-ghost-ambiguous-lock.t | 166 ++++++++++++++++++ 6 files changed, 278 insertions(+), 45 deletions(-) create mode 100644 tests/regression/56-witness/65-ghost-ambiguous-lock.c create mode 100644 tests/regression/56-witness/65-ghost-ambiguous-lock.t diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 0b11355d57..ad40915e7f 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -5,49 +5,72 @@ open Analyses module Spec = struct - include UnitAnalysis.Spec - let name () = "mutexGhosts" - - module V = + (* Copied & modified from MayLocks. *) + module Arg = struct - include Node - let is_write_only _ = true - end + module D = LockDomain.MayLocksetNoRW + module V = + struct + include Node + let is_write_only _ = true + end - module Locked = - struct - include LockDomain.Mutexes - let name () = "locked" - end - module Unlocked = - struct - include LockDomain.Mutexes - let name () = "unlocked" - end - module MultiThread = - struct - include BoolDomain.MayBool - let name () = "multithread" + module Locked = + struct + include D + let name () = "locked" + end + module MultiThread = + struct + include BoolDomain.MayBool + let name () = "multithread" + end + module G = Lattice.Prod (Locked) (MultiThread) + + let add ctx (l,r) = + D.add l ctx.local + + let remove ctx l = + match D.Addr.to_mval l with + | Some (v,o) -> + (let mtype = ctx.ask (Queries.MutexType (v, Offset.Unit.of_offs o)) in + match mtype with + | `Lifted MutexAttrDomain.MutexKind.NonRec -> D.remove l ctx.local + | _ -> ctx.local (* we cannot remove them here *)) + | None -> ctx.local (* we cannot remove them here *) end - module G = Lattice.Prod3 (Locked) (Unlocked) (MultiThread) + + include LocksetAnalysis.MakeMay (Arg) + let name () = "mutexGhosts" + + open Arg + + let sync ctx reason = + if !AnalysisState.postsolving then + ctx.sideg ctx.prev_node (ctx.local, MultiThread.bot ()); + ctx.local let event ctx e octx = begin match e with - | Events.Lock (l, _) -> - ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ()) - | Events.Unlock l -> - ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ()) | Events.EnterMultiThreaded -> - ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.bot (), true) + ctx.sideg ctx.prev_node (Locked.bot (), true) | _ -> () end; - ctx.local + event ctx e octx (* delegate to must lockset analysis *) let query ctx (type a) (q: a Queries.t): a Queries.result = match q with | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in - let (locked, unlocked, multithread) = ctx.global g in + let module Cfg = (val !MyCFG.current_cfg) in + let next_lockset = List.fold_left (fun acc (_, next_node) -> + let (locked, _) = ctx.global next_node in + D.join acc locked + ) (D.bot ()) (Cfg.next g) + in + let (lockset, multithread) = ctx.global g in + let unlocked = D.diff lockset next_lockset in + let locked = D.diff next_lockset lockset in let entries = (* TODO: do variable_entry-s only once *) Locked.fold (fun l acc -> @@ -62,7 +85,7 @@ struct ) locked entries in let entries = - Unlocked.fold (fun l acc -> + Locked.fold (fun l acc -> let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in Queries.YS.add entry acc ) unlocked entries diff --git a/tests/regression/13-privatized/74-mutex.c b/tests/regression/13-privatized/74-mutex.c index 8ed9448b7b..7c57688238 100644 --- a/tests/regression/13-privatized/74-mutex.c +++ b/tests/regression/13-privatized/74-mutex.c @@ -29,8 +29,8 @@ void* producer() int main() { pthread_t tid; - - pthread_mutex_init(&m, 0); + pthread_mutexattr_t mutexattr; pthread_mutexattr_settype(&mutexattr, PTHREAD_MUTEX_NORMAL); + pthread_mutex_init(&m, &mutexattr); pthread_create(&tid, 0, producer, 0); pthread_mutex_lock(&m); diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index d6d7c237e4..6f84aa184f 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,11 +1,11 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 14 + live: 15 dead: 1 - total lines: 15 + total lines: 16 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: total generation entries: 9 @@ -90,9 +90,9 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 14 + live: 15 dead: 1 - total lines: 15 + total lines: 16 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Race] Memory locations race summary: safe: 1 @@ -102,14 +102,14 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm Same with mutex-meet. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 14 + live: 15 dead: 1 - total lines: 15 + total lines: 16 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: total generation entries: 9 @@ -193,9 +193,9 @@ Should also work with earlyglobs. [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 14 + live: 15 dead: 1 - total lines: 15 + total lines: 16 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Race] Memory locations race summary: safe: 1 diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index 17a0a3c600..d51db2285e 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -149,7 +149,7 @@ protection doesn't have precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -300,7 +300,7 @@ protection-read has precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.c b/tests/regression/56-witness/65-ghost-ambiguous-lock.c new file mode 100644 index 0000000000..b1df0ee2e8 --- /dev/null +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.c @@ -0,0 +1,44 @@ +// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType +#include +#include + +int g1, g2; +pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; +pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER; + +void *t_fun(void *arg) { + pthread_mutex_lock(&m1); + g1 = 1; + g1 = 0; + pthread_mutex_unlock(&m1); + pthread_mutex_lock(&m2); + g2 = 1; + g2 = 0; + pthread_mutex_unlock(&m2); + return NULL; +} + +void fun(pthread_mutex_t *m) { + pthread_mutex_lock(m); + // what g2 can read? + pthread_mutex_unlock(m); +} + +int main() { + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + + pthread_mutex_t *m; + int r; // rand + m = r ? &m1 : &m2; + + pthread_mutex_lock(m); + // what g1 can read? + pthread_mutex_unlock(m); + + if (r) + fun(&m1); + else + fun(&m2); + return 0; +} diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t new file mode 100644 index 0000000000..ee586bd531 --- /dev/null +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -0,0 +1,166 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 65-ghost-ambiguous-lock.c + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 23 + dead: 0 + total lines: 23 + [Info][Witness] witness generation summary: + total generation entries: 20 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 29 + column: 3 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 35 + column: 3 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: fun + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 37 + column: 3 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 24 + column: 3 + function: fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 35 + column: 3 + function: main + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 37 + column: 3 + function: main + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 24 + column: 3 + function: fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m2_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || g2 == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m1_locked || g1 == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g2 && g2 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C From 726f646eb85ed399955cf11d78c60db56217b9d4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 15 Apr 2024 17:49:52 +0300 Subject: [PATCH 030/164] Add test for mutex ghosts for alloc variables --- .../56-witness/66-ghost-alloc-lock.c | 37 +++++ .../56-witness/66-ghost-alloc-lock.t | 134 ++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 tests/regression/56-witness/66-ghost-alloc-lock.c create mode 100644 tests/regression/56-witness/66-ghost-alloc-lock.t diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.c b/tests/regression/56-witness/66-ghost-alloc-lock.c new file mode 100644 index 0000000000..75d405f1ab --- /dev/null +++ b/tests/regression/56-witness/66-ghost-alloc-lock.c @@ -0,0 +1,37 @@ +// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 +#include +#include + +int g1, g2; +pthread_mutex_t *m1; +pthread_mutex_t *m2; + +void *t_fun(void *arg) { + pthread_mutex_lock(m1); + g1 = 1; + g1 = 0; + pthread_mutex_unlock(m1); + pthread_mutex_lock(m2); + g2 = 1; + g2 = 0; + pthread_mutex_unlock(m2); + return NULL; +} + +int main() { + m1 = malloc(sizeof(pthread_mutex_t)); + pthread_mutex_init(m1, NULL); + m2 = malloc(sizeof(pthread_mutex_t)); + pthread_mutex_init(m2, NULL); + + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + + pthread_mutex_lock(m1); + __goblint_check(g1 == 0); + pthread_mutex_unlock(m1); + pthread_mutex_lock(m2); + __goblint_check(g2 == 0); + pthread_mutex_unlock(m2); + return 0; +} diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t new file mode 100644 index 0000000000..84c1589317 --- /dev/null +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -0,0 +1,134 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 66-ghost-alloc-lock.c + [Success][Assert] Assertion "g1 == 0" will succeed (66-ghost-alloc-lock.c:31:3-31:27) + [Success][Assert] Assertion "g2 == 0" will succeed (66-ghost-alloc-lock.c:34:3-34:27) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 23 + dead: 0 + total lines: 23 + [Info][Witness] witness generation summary: + total generation entries: 16 + [Info][Race] Memory locations race summary: + safe: 4 + vulnerable: 0 + unsafe: 0 + total memory locations: 4 + +TODO: valid C names for alloc mutex ghosts + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + - entry_type: ghost_update + variable: (alloc@sid:14@tid:[main](#0))_locked + expression: "1" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 33 + column: 3 + function: main + - entry_type: ghost_update + variable: (alloc@sid:14@tid:[main](#0))_locked + expression: "1" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: (alloc@sid:14@tid:[main](#0))_locked + expression: "0" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 36 + column: 10 + function: main + - entry_type: ghost_update + variable: (alloc@sid:14@tid:[main](#0))_locked + expression: "0" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 18 + column: 10 + function: t_fun + - entry_type: ghost_update + variable: (alloc@sid:11@tid:[main](#0))_locked + expression: "1" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 30 + column: 3 + function: main + - entry_type: ghost_update + variable: (alloc@sid:11@tid:[main](#0))_locked + expression: "1" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: (alloc@sid:11@tid:[main](#0))_locked + expression: "0" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 36 + column: 10 + function: main + - entry_type: ghost_update + variable: (alloc@sid:11@tid:[main](#0))_locked + expression: "0" + location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 18 + column: 10 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: (alloc@sid:14@tid:[main](#0))_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: (alloc@sid:11@tid:[main](#0))_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g2 && g2 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || ((alloc@sid:14@tid:[main](#0))_locked || g2 == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || ((alloc@sid:11@tid:[main](#0))_locked || g1 == 0)' + type: assertion + format: C From 3e9d7c32daffe2f818e5fa5ebf81b5a459fb40bc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 15 Apr 2024 18:05:38 +0300 Subject: [PATCH 031/164] Add valid names to alloc mutex ghosts --- src/witness/witnessGhost.ml | 10 ++++++- .../56-witness/66-ghost-alloc-lock.t | 30 +++++++++---------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index a0d25c5be6..2aca886e78 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -8,7 +8,15 @@ struct [@@deriving eq, hash] let name_varinfo = function - | Locked l -> LockDomain.Addr.show l ^ "_locked" (* TODO: valid C name *) + | Locked (Addr (v, _) as l) -> + let name = + if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then + Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) + else + LockDomain.Addr.show l (* TODO: valid names with interval offsets, etc *) + in + name ^ "_locked" + | Locked _ -> assert false | Multithreaded -> "multithreaded" let typ = function diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t index 84c1589317..bc3236d5a9 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.t +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -13,8 +13,6 @@ unsafe: 0 total memory locations: 4 -TODO: valid C names for alloc mutex ghosts - $ yamlWitnessStrip < witness.yml - entry_type: ghost_update variable: multithreaded @@ -26,7 +24,7 @@ TODO: valid C names for alloc mutex ghosts column: 3 function: main - entry_type: ghost_update - variable: (alloc@sid:14@tid:[main](#0))_locked + variable: alloc_m861095507_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -35,7 +33,7 @@ TODO: valid C names for alloc mutex ghosts column: 3 function: main - entry_type: ghost_update - variable: (alloc@sid:14@tid:[main](#0))_locked + variable: alloc_m861095507_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -44,7 +42,7 @@ TODO: valid C names for alloc mutex ghosts column: 3 function: t_fun - entry_type: ghost_update - variable: (alloc@sid:14@tid:[main](#0))_locked + variable: alloc_m861095507_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -53,7 +51,7 @@ TODO: valid C names for alloc mutex ghosts column: 10 function: main - entry_type: ghost_update - variable: (alloc@sid:14@tid:[main](#0))_locked + variable: alloc_m861095507_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -62,7 +60,7 @@ TODO: valid C names for alloc mutex ghosts column: 10 function: t_fun - entry_type: ghost_update - variable: (alloc@sid:11@tid:[main](#0))_locked + variable: alloc_m559918035_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -71,7 +69,7 @@ TODO: valid C names for alloc mutex ghosts column: 3 function: main - entry_type: ghost_update - variable: (alloc@sid:11@tid:[main](#0))_locked + variable: alloc_m559918035_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -80,7 +78,7 @@ TODO: valid C names for alloc mutex ghosts column: 3 function: t_fun - entry_type: ghost_update - variable: (alloc@sid:11@tid:[main](#0))_locked + variable: alloc_m559918035_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -89,7 +87,7 @@ TODO: valid C names for alloc mutex ghosts column: 10 function: main - entry_type: ghost_update - variable: (alloc@sid:11@tid:[main](#0))_locked + variable: alloc_m559918035_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -103,32 +101,32 @@ TODO: valid C names for alloc mutex ghosts type: int initial: "0" - entry_type: ghost_variable - variable: (alloc@sid:14@tid:[main](#0))_locked + variable: alloc_m861095507_locked scope: global type: int initial: "0" - entry_type: ghost_variable - variable: (alloc@sid:11@tid:[main](#0))_locked + variable: alloc_m559918035_locked scope: global type: int initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (0 <= g2 && g2 <= 1)' + string: '! multithreaded || (alloc_m861095507_locked || g2 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (0 <= g1 && g1 <= 1)' + string: '! multithreaded || (alloc_m559918035_locked || g1 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || ((alloc@sid:14@tid:[main](#0))_locked || g2 == 0)' + string: '! multithreaded || (0 <= g2 && g2 <= 1)' type: assertion format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || ((alloc@sid:11@tid:[main](#0))_locked || g1 == 0)' + string: '! multithreaded || (0 <= g1 && g1 <= 1)' type: assertion format: C From b19cc2d23ae27f5692c69da724caa703a0e12660 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 16 Apr 2024 14:01:42 +0300 Subject: [PATCH 032/164] Fix mutexGhosts indentation --- src/analyses/mutexGhosts.ml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index ad40915e7f..1c1a05b3b7 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -33,10 +33,11 @@ struct let remove ctx l = match D.Addr.to_mval l with | Some (v,o) -> - (let mtype = ctx.ask (Queries.MutexType (v, Offset.Unit.of_offs o)) in - match mtype with - | `Lifted MutexAttrDomain.MutexKind.NonRec -> D.remove l ctx.local - | _ -> ctx.local (* we cannot remove them here *)) + let mtype = ctx.ask (Queries.MutexType (v, Offset.Unit.of_offs o)) in + begin match mtype with + | `Lifted MutexAttrDomain.MutexKind.NonRec -> D.remove l ctx.local + | _ -> ctx.local (* we cannot remove them here *) + end | None -> ctx.local (* we cannot remove them here *) end From 885d0cf4b96d3aec64d90d68cd27e82867001f2a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 16 Apr 2024 14:03:09 +0300 Subject: [PATCH 033/164] Use non-recursive mutex in 56-witness/66-ghost-alloc-lock This fixes unlock ghost update locations. --- .../56-witness/66-ghost-alloc-lock.c | 6 +-- .../56-witness/66-ghost-alloc-lock.t | 40 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.c b/tests/regression/56-witness/66-ghost-alloc-lock.c index 75d405f1ab..2c1028564a 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.c +++ b/tests/regression/56-witness/66-ghost-alloc-lock.c @@ -18,11 +18,11 @@ void *t_fun(void *arg) { return NULL; } -int main() { +int main() { pthread_mutexattr_t attr; pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL); // https://github.com/goblint/analyzer/pull/1414 m1 = malloc(sizeof(pthread_mutex_t)); - pthread_mutex_init(m1, NULL); + pthread_mutex_init(m1, &attr); m2 = malloc(sizeof(pthread_mutex_t)); - pthread_mutex_init(m2, NULL); + pthread_mutex_init(m2, &attr); pthread_t id; pthread_create(&id, NULL, t_fun, NULL); diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t index bc3236d5a9..e4d128b71e 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.t +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -24,7 +24,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m861095507_locked + variable: alloc_m817990718_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -33,7 +33,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m861095507_locked + variable: alloc_m817990718_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -42,25 +42,25 @@ column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m861095507_locked + variable: alloc_m817990718_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c file_hash: $FILE_HASH - line: 36 - column: 10 + line: 35 + column: 3 function: main - entry_type: ghost_update - variable: alloc_m861095507_locked + variable: alloc_m817990718_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c file_hash: $FILE_HASH - line: 18 - column: 10 + line: 17 + column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m559918035_locked + variable: alloc_m334174073_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -69,7 +69,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m559918035_locked + variable: alloc_m334174073_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -78,22 +78,22 @@ column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m559918035_locked + variable: alloc_m334174073_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c file_hash: $FILE_HASH - line: 36 - column: 10 + line: 32 + column: 3 function: main - entry_type: ghost_update - variable: alloc_m559918035_locked + variable: alloc_m334174073_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c file_hash: $FILE_HASH - line: 18 - column: 10 + line: 13 + column: 3 function: t_fun - entry_type: ghost_variable variable: multithreaded @@ -101,23 +101,23 @@ type: int initial: "0" - entry_type: ghost_variable - variable: alloc_m861095507_locked + variable: alloc_m817990718_locked scope: global type: int initial: "0" - entry_type: ghost_variable - variable: alloc_m559918035_locked + variable: alloc_m334174073_locked scope: global type: int initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (alloc_m861095507_locked || g2 == 0)' + string: '! multithreaded || (alloc_m817990718_locked || g2 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (alloc_m559918035_locked || g1 == 0)' + string: '! multithreaded || (alloc_m334174073_locked || g1 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant From 21ae83a40215d181e92d31fa81b962c0937b0534 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 16 Apr 2024 17:22:50 +0300 Subject: [PATCH 034/164] Fix mutexGhosts unlocking everything at function return --- src/analyses/mutexGhosts.ml | 21 ++++-- .../56-witness/67-ghost-no-unlock.c | 27 +++++++ .../56-witness/67-ghost-no-unlock.t | 71 +++++++++++++++++++ 3 files changed, 112 insertions(+), 7 deletions(-) create mode 100644 tests/regression/56-witness/67-ghost-no-unlock.c create mode 100644 tests/regression/56-witness/67-ghost-no-unlock.t diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 1c1a05b3b7..934b2a0c0e 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -47,8 +47,11 @@ struct open Arg let sync ctx reason = - if !AnalysisState.postsolving then - ctx.sideg ctx.prev_node (ctx.local, MultiThread.bot ()); + if !AnalysisState.postsolving then ( + match reason with + | `Return -> ctx.sideg ctx.node (ctx.local, MultiThread.bot ()) + | _ -> ctx.sideg ctx.prev_node (ctx.local, MultiThread.bot ()) + ); ctx.local let event ctx e octx = @@ -64,12 +67,16 @@ struct | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in let module Cfg = (val !MyCFG.current_cfg) in - let next_lockset = List.fold_left (fun acc (_, next_node) -> - let (locked, _) = ctx.global next_node in - D.join acc locked - ) (D.bot ()) (Cfg.next g) - in let (lockset, multithread) = ctx.global g in + let next_lockset = + match Cfg.next g with + | [] -> lockset (* HACK for return nodes *) + | nexts -> + List.fold_left (fun acc (_, next_node) -> + let (locked, _) = ctx.global next_node in + D.join acc locked + ) (D.bot ()) nexts + in let unlocked = D.diff lockset next_lockset in let locked = D.diff next_lockset lockset in let entries = diff --git a/tests/regression/56-witness/67-ghost-no-unlock.c b/tests/regression/56-witness/67-ghost-no-unlock.c new file mode 100644 index 0000000000..fc10b919d0 --- /dev/null +++ b/tests/regression/56-witness/67-ghost-no-unlock.c @@ -0,0 +1,27 @@ +// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType +#include +#include + +int g1; +pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; + +void *t_fun(void *arg) { + pthread_mutex_lock(&m1); + g1 = 1; + g1 = 0; + pthread_mutex_unlock(&m1); + return NULL; +} + +int main() { + + + + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + + pthread_mutex_lock(&m1); + __goblint_check(g1 == 0); + // no unlock + return 0; // there should be no ghost updates for unlock here +} diff --git a/tests/regression/56-witness/67-ghost-no-unlock.t b/tests/regression/56-witness/67-ghost-no-unlock.t new file mode 100644 index 0000000000..491dd9cf44 --- /dev/null +++ b/tests/regression/56-witness/67-ghost-no-unlock.t @@ -0,0 +1,71 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 67-ghost-no-unlock.c + [Success][Assert] Assertion "g1 == 0" will succeed (67-ghost-no-unlock.c:24:3-24:27) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 11 + dead: 0 + total lines: 11 + [Info][Witness] witness generation summary: + total generation entries: 8 + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 21 + column: 3 + function: main + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 9 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 12 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m1_locked || g1 == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g1 && g1 <= 1)' + type: assertion + format: C From d67c083ba9755e6d1ecc38daaf28d3a266a1ee38 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 18 Apr 2024 14:49:58 +0300 Subject: [PATCH 035/164] Revert "Rewrite mutexGhosts with may locksets per node" This partially reverts commits e235ba70d1b187a0395f83729ef53f667fc41e6e and 21ae83a40215d181e92d31fa81b962c0937b0534. --- src/analyses/mutexGhosts.ml | 91 ++++++++++++------------------------- 1 file changed, 30 insertions(+), 61 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 934b2a0c0e..0b11355d57 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -5,80 +5,49 @@ open Analyses module Spec = struct - (* Copied & modified from MayLocks. *) - module Arg = - struct - module D = LockDomain.MayLocksetNoRW - module V = - struct - include Node - let is_write_only _ = true - end - - module Locked = - struct - include D - let name () = "locked" - end - module MultiThread = - struct - include BoolDomain.MayBool - let name () = "multithread" - end - module G = Lattice.Prod (Locked) (MultiThread) - - let add ctx (l,r) = - D.add l ctx.local - - let remove ctx l = - match D.Addr.to_mval l with - | Some (v,o) -> - let mtype = ctx.ask (Queries.MutexType (v, Offset.Unit.of_offs o)) in - begin match mtype with - | `Lifted MutexAttrDomain.MutexKind.NonRec -> D.remove l ctx.local - | _ -> ctx.local (* we cannot remove them here *) - end - | None -> ctx.local (* we cannot remove them here *) - end - - include LocksetAnalysis.MakeMay (Arg) + include UnitAnalysis.Spec let name () = "mutexGhosts" - open Arg + module V = + struct + include Node + let is_write_only _ = true + end - let sync ctx reason = - if !AnalysisState.postsolving then ( - match reason with - | `Return -> ctx.sideg ctx.node (ctx.local, MultiThread.bot ()) - | _ -> ctx.sideg ctx.prev_node (ctx.local, MultiThread.bot ()) - ); - ctx.local + module Locked = + struct + include LockDomain.Mutexes + let name () = "locked" + end + module Unlocked = + struct + include LockDomain.Mutexes + let name () = "unlocked" + end + module MultiThread = + struct + include BoolDomain.MayBool + let name () = "multithread" + end + module G = Lattice.Prod3 (Locked) (Unlocked) (MultiThread) let event ctx e octx = begin match e with + | Events.Lock (l, _) -> + ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ()) + | Events.Unlock l -> + ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ()) | Events.EnterMultiThreaded -> - ctx.sideg ctx.prev_node (Locked.bot (), true) + ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.bot (), true) | _ -> () end; - event ctx e octx (* delegate to must lockset analysis *) + ctx.local let query ctx (type a) (q: a Queries.t): a Queries.result = match q with | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in - let module Cfg = (val !MyCFG.current_cfg) in - let (lockset, multithread) = ctx.global g in - let next_lockset = - match Cfg.next g with - | [] -> lockset (* HACK for return nodes *) - | nexts -> - List.fold_left (fun acc (_, next_node) -> - let (locked, _) = ctx.global next_node in - D.join acc locked - ) (D.bot ()) nexts - in - let unlocked = D.diff lockset next_lockset in - let locked = D.diff next_lockset lockset in + let (locked, unlocked, multithread) = ctx.global g in let entries = (* TODO: do variable_entry-s only once *) Locked.fold (fun l acc -> @@ -93,7 +62,7 @@ struct ) locked entries in let entries = - Locked.fold (fun l acc -> + Unlocked.fold (fun l acc -> let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in Queries.YS.add entry acc ) unlocked entries From c472adff1fdf72a6da6142d07f55e59069f91aeb Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 18 Apr 2024 18:00:05 +0300 Subject: [PATCH 036/164] Add lock global unknowns to mutexGhosts --- src/analyses/mutexGhosts.ml | 92 +++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 35 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 0b11355d57..d80291532f 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -10,8 +10,12 @@ struct module V = struct - include Node - let is_write_only _ = true + include Printable.Either (Node) (LockDomain.Addr) + let node x = `Left x + let lock x = `Right x + let is_write_only = function + | `Left _ -> false + | `Right _ -> true end module Locked = @@ -29,16 +33,29 @@ struct include BoolDomain.MayBool let name () = "multithread" end - module G = Lattice.Prod3 (Locked) (Unlocked) (MultiThread) + module G = + struct + include Lattice.Lift2 (Lattice.Prod3 (Locked) (Unlocked) (MultiThread)) (Lattice.Unit) + let node = function + | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot ()) + | `Lifted1 x -> x + | _ -> failwith "MutexGhosts.node" + let lock = function + | `Bot -> Lattice.Unit.bot () + | `Lifted2 x -> x + | _ -> failwith "MutexGhosts.lock" + let create_node node = `Lifted1 node + let create_lock lock = `Lifted2 lock + end let event ctx e octx = begin match e with | Events.Lock (l, _) -> - ctx.sideg ctx.prev_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ()) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())) | Events.Unlock l -> - ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ()) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())) | Events.EnterMultiThreaded -> - ctx.sideg ctx.prev_node (Locked.bot (), Unlocked.bot (), true) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)) | _ -> () end; ctx.local @@ -47,36 +64,41 @@ struct match q with | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in - let (locked, unlocked, multithread) = ctx.global g in - let entries = - (* TODO: do variable_entry-s only once *) - Locked.fold (fun l acc -> - let entry = WitnessGhost.variable_entry ~task (Locked l) in - Queries.YS.add entry acc - ) (Locked.union locked unlocked) (Queries.YS.empty ()) - in - let entries = - Locked.fold (fun l acc -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in - Queries.YS.add entry acc - ) locked entries - in - let entries = - Unlocked.fold (fun l acc -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in - Queries.YS.add entry acc - ) unlocked entries - in - let entries = - if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( - let entry = WitnessGhost.variable_entry ~task Multithreaded in - let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in - Queries.YS.add entry (Queries.YS.add entry' entries) - ) - else + begin match g with + | `Left g' -> + let (locked, unlocked, multithread) = G.node (ctx.global g) in + let g = g' in + let entries = + (* TODO: do variable_entry-s only once *) + Locked.fold (fun l acc -> + let entry = WitnessGhost.variable_entry ~task (Locked l) in + Queries.YS.add entry acc + ) (Locked.union locked unlocked) (Queries.YS.empty ()) + in + let entries = + Locked.fold (fun l acc -> + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in + Queries.YS.add entry acc + ) locked entries + in + let entries = + Unlocked.fold (fun l acc -> + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in + Queries.YS.add entry acc + ) unlocked entries + in + let entries = + if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( + let entry = WitnessGhost.variable_entry ~task Multithreaded in + let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in + Queries.YS.add entry (Queries.YS.add entry' entries) + ) + else + entries + in entries - in - entries + | `Right _ -> assert false + end | _ -> Queries.Result.top q end From fd64898163e98115a3d3dfd253856005796c68a9 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:34:37 +0300 Subject: [PATCH 037/164] Add PARAM to 56-witness/64-ghost-multiple-protecting --- tests/regression/56-witness/64-ghost-multiple-protecting.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.c b/tests/regression/56-witness/64-ghost-multiple-protecting.c index 012318ac49..589aa92bff 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.c +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.c @@ -1,6 +1,6 @@ +// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType #include #include - int g1, g2; pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER; From e3ded4e20de4790baf9d9bf5b6fad2904d3ae598 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:34:55 +0300 Subject: [PATCH 038/164] Find ambiguous mutexes in mutexGhosts --- src/analyses/mutexGhosts.ml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index d80291532f..083763f41b 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -35,7 +35,7 @@ struct end module G = struct - include Lattice.Lift2 (Lattice.Prod3 (Locked) (Unlocked) (MultiThread)) (Lattice.Unit) + include Lattice.Lift2 (Lattice.Prod3 (Locked) (Unlocked) (MultiThread)) (BoolDomain.MayBool) let node = function | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot ()) | `Lifted1 x -> x @@ -51,9 +51,25 @@ struct let event ctx e octx = begin match e with | Events.Lock (l, _) -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())); + if !AnalysisState.postsolving then ( + let (locked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in + if Locked.cardinal locked > 1 then ( + Locked.iter (fun lock -> + ctx.sideg (V.lock lock) (G.create_lock true) + ) locked + ); + ) | Events.Unlock l -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())); + if !AnalysisState.postsolving then ( + let (_, unlocked, _) = G.node (ctx.global (V.node ctx.prev_node)) in + if Locked.cardinal unlocked > 1 then ( + Locked.iter (fun lock -> + ctx.sideg (V.lock lock) (G.create_lock true) + ) unlocked + ); + ) | Events.EnterMultiThreaded -> ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)) | _ -> () @@ -97,7 +113,7 @@ struct entries in entries - | `Right _ -> assert false + | `Right _ -> Queries.Result.top q end | _ -> Queries.Result.top q end From b96f8a210c18fa6f1380f29d90fe53f7ad77efbe Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:50:04 +0300 Subject: [PATCH 039/164] Avoid emitting witness ghosts for ambiguous mutexes --- src/analyses/base.ml | 5 +- src/analyses/basePriv.ml | 10 +- src/analyses/mutexGhosts.ml | 42 ++++-- src/domains/queries.ml | 7 + src/witness/witnessGhost.ml | 4 +- .../56-witness/65-ghost-ambiguous-lock.t | 130 +----------------- 6 files changed, 55 insertions(+), 143 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 4cc5c51262..ac31e29163 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1248,7 +1248,10 @@ struct inv else ( let var = WitnessGhost.to_varinfo Multithreaded in - Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + if ctx.ask (GhostVarAvailable var) then + Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + else + Invariant.none ) | `Right _ -> (* thread return *) Invariant.none diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 832aaf54c1..129d0d5d69 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -343,7 +343,10 @@ struct ) cpa Invariant.none in let var = WitnessGhost.to_varinfo (Locked m') in - Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + if ask.f (GhostVarAvailable var) then + Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + else + Invariant.none | g -> (* global *) invariant_global ask getg g @@ -859,7 +862,10 @@ struct let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> let var = WitnessGhost.to_varinfo (Locked m) in - Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + if ask.f (GhostVarAvailable var) then + Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + else + Invariant.none ) locks inv ) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 083763f41b..21a12db7a1 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -41,7 +41,7 @@ struct | `Lifted1 x -> x | _ -> failwith "MutexGhosts.node" let lock = function - | `Bot -> Lattice.Unit.bot () + | `Bot -> BoolDomain.MayBool.bot () | `Lifted2 x -> x | _ -> failwith "MutexGhosts.lock" let create_node node = `Lifted1 node @@ -76,8 +76,14 @@ struct end; ctx.local + let ghost_var_available ctx = function + | WitnessGhost.Var.Locked lock -> not (G.lock (ctx.global (V.lock lock)): bool) + | Multithreaded -> true + let query ctx (type a) (q: a Queries.t): a Queries.result = match q with + | GhostVarAvailable vi -> + GobOption.exists (ghost_var_available ctx) (WitnessGhost.from_varinfo vi) | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in begin match g with @@ -87,27 +93,43 @@ struct let entries = (* TODO: do variable_entry-s only once *) Locked.fold (fun l acc -> - let entry = WitnessGhost.variable_entry ~task (Locked l) in - Queries.YS.add entry acc + if ghost_var_available ctx (Locked l) then ( + let entry = WitnessGhost.variable_entry ~task (Locked l) in + Queries.YS.add entry acc + ) + else + acc ) (Locked.union locked unlocked) (Queries.YS.empty ()) in let entries = Locked.fold (fun l acc -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in - Queries.YS.add entry acc + if ghost_var_available ctx (Locked l) then ( + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in + Queries.YS.add entry acc + ) + else + acc ) locked entries in let entries = Unlocked.fold (fun l acc -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in - Queries.YS.add entry acc + if ghost_var_available ctx (Locked l) then ( + let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in + Queries.YS.add entry acc + ) + else + acc ) unlocked entries in let entries = if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( - let entry = WitnessGhost.variable_entry ~task Multithreaded in - let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in - Queries.YS.add entry (Queries.YS.add entry' entries) + if ghost_var_available ctx Multithreaded then ( + let entry = WitnessGhost.variable_entry ~task Multithreaded in + let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in + Queries.YS.add entry (Queries.YS.add entry' entries) + ) + else + entries ) else entries diff --git a/src/domains/queries.ml b/src/domains/queries.ml index b9b13a7584..9a50af1907 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -130,6 +130,7 @@ type _ t = | TmpSpecial: Mval.Exp.t -> ML.t t | MaySignedOverflow: exp -> MayBool.t t | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t + | GhostVarAvailable: varinfo -> MustBool.t t type 'a result = 'a @@ -202,6 +203,7 @@ struct | TmpSpecial _ -> (module ML) | MaySignedOverflow _ -> (module MayBool) | YamlEntryGlobal _ -> (module YS) + | GhostVarAvailable _ -> (module MustBool) (** Get bottom result for query. *) let bot (type a) (q: a t): a result = @@ -273,6 +275,7 @@ struct | TmpSpecial _ -> ML.top () | MaySignedOverflow _ -> MayBool.top () | YamlEntryGlobal _ -> YS.top () + | GhostVarAvailable _ -> MustBool.top () end (* The type any_query can't be directly defined in Any as t, @@ -341,6 +344,7 @@ struct | Any (MaySignedOverflow _) -> 58 | Any (YamlEntryGlobal _) -> 59 | Any (MustProtectingLocks _) -> 60 + | Any (GhostVarAvailable _) -> 61 let rec compare a b = let r = Stdlib.compare (order a) (order b) in @@ -397,6 +401,7 @@ struct | Any (MustBeSingleThreaded {since_start=s1;}), Any (MustBeSingleThreaded {since_start=s2;}) -> Stdlib.compare s1 s2 | Any (TmpSpecial lv1), Any (TmpSpecial lv2) -> Mval.Exp.compare lv1 lv2 | Any (MaySignedOverflow e1), Any (MaySignedOverflow e2) -> CilType.Exp.compare e1 e2 + | Any (GhostVarAvailable vi1), Any (GhostVarAvailable vi2) -> CilType.Varinfo.compare vi1 vi2 (* only argumentless queries should remain *) | _, _ -> Stdlib.compare (order a) (order b) @@ -441,6 +446,7 @@ struct | Any (MustBeSingleThreaded {since_start}) -> Hashtbl.hash since_start | Any (TmpSpecial lv) -> Mval.Exp.hash lv | Any (MaySignedOverflow e) -> CilType.Exp.hash e + | Any (GhostVarAvailable vi) -> CilType.Varinfo.hash vi (* IterSysVars: *) (* - argument is a function and functions cannot be compared in any meaningful way. *) (* - doesn't matter because IterSysVars is always queried from outside of the analysis, so MCP's query caching is not done for it. *) @@ -506,6 +512,7 @@ struct | Any IsEverMultiThreaded -> Pretty.dprintf "IsEverMultiThreaded" | Any (TmpSpecial lv) -> Pretty.dprintf "TmpSpecial %a" Mval.Exp.pretty lv | Any (MaySignedOverflow e) -> Pretty.dprintf "MaySignedOverflow %a" CilType.Exp.pretty e + | Any (GhostVarAvailable vi) -> Pretty.dprintf "GhostVarAvailable %a" CilType.Varinfo.pretty vi end let to_value_domain_ask (ask: ask) = diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index 2aca886e78..010f450954 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -19,6 +19,8 @@ struct | Locked _ -> assert false | Multithreaded -> "multithreaded" + let describe_varinfo _ _ = "" + let typ = function | Locked _ -> GoblintCil.intType | Multithreaded -> GoblintCil.intType @@ -30,7 +32,7 @@ end include Var -module Map = RichVarinfo.Make (Var) +module Map = RichVarinfo.BiVarinfoMap.Make (Var) include Map diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t index ee586bd531..708e27ca64 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.t +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -4,7 +4,7 @@ dead: 0 total lines: 23 [Info][Witness] witness generation summary: - total generation entries: 20 + total generation entries: 4 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -21,139 +21,11 @@ line: 29 column: 3 function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 35 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 37 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 24 - column: 3 - function: fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 35 - column: 3 - function: main - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 37 - column: 3 - function: main - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 24 - column: 3 - function: fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - entry_type: ghost_variable variable: multithreaded scope: global type: int initial: "0" - - entry_type: ghost_variable - variable: m2_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m2_locked || g2 == 0)' - type: assertion - format: C - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m1_locked || g1 == 0)' - type: assertion - format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= g2 && g2 <= 1)' From c6f12a60491f6650fcb07ba01dd54344a4a30fe3 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:57:06 +0300 Subject: [PATCH 040/164] Move LockDomain.Symbolic to SymbLocksDomain --- src/analyses/symbLocks.ml | 4 +-- src/cdomains/lockDomain.ml | 50 -------------------------------- src/cdomains/symbLocksDomain.ml | 51 +++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 52 deletions(-) diff --git a/src/analyses/symbLocks.ml b/src/analyses/symbLocks.ml index 6fd18de6ff..b1727ace81 100644 --- a/src/analyses/symbLocks.ml +++ b/src/analyses/symbLocks.ml @@ -23,8 +23,8 @@ struct exception Top - module D = LockDomain.Symbolic - module C = LockDomain.Symbolic + module D = SymbLocksDomain.Symbolic + module C = SymbLocksDomain.Symbolic let name () = "symb_locks" diff --git a/src/cdomains/lockDomain.ml b/src/cdomains/lockDomain.ml index b22931001b..5aaa441428 100644 --- a/src/cdomains/lockDomain.ml +++ b/src/cdomains/lockDomain.ml @@ -74,53 +74,3 @@ module MayLocksetNoRW = struct include PreValueDomain.AD end - -module Symbolic = -struct - (* TODO: use SetDomain.Reverse *) - module S = SetDomain.ToppedSet (Exp) (struct let topname = "All mutexes" end) - include Lattice.Reverse (S) - - let rec eq_set (ask: Queries.ask) e = - S.union - (match ask.f (Queries.EqualSet e) with - | es when not (Queries.ES.is_bot es) -> - Queries.ES.fold S.add es (S.empty ()) - | _ -> S.empty ()) - (match e with - | SizeOf _ - | SizeOfE _ - | SizeOfStr _ - | AlignOf _ - | Const _ - | AlignOfE _ - | UnOp _ - | BinOp _ - | Question _ - | Real _ - | Imag _ - | AddrOfLabel _ -> S.empty () - | AddrOf (Var _,_) - | StartOf (Var _,_) - | Lval (Var _,_) -> S.singleton e - | AddrOf (Mem e,ofs) -> S.map (fun e -> AddrOf (Mem e,ofs)) (eq_set ask e) - | StartOf (Mem e,ofs) -> S.map (fun e -> StartOf (Mem e,ofs)) (eq_set ask e) - | Lval (Mem e,ofs) -> S.map (fun e -> Lval (Mem e,ofs)) (eq_set ask e) - | CastE (_,e) -> eq_set ask e - ) - - let add (ask: Queries.ask) e st = - let no_casts = S.map Expcompare.stripCastsDeepForPtrArith (eq_set ask e) in - let addrs = S.filter (function AddrOf _ -> true | _ -> false) no_casts in - S.union addrs st - let remove ask e st = - (* TODO: Removing based on must-equality sets is not sound! *) - let no_casts = S.map Expcompare.stripCastsDeepForPtrArith (eq_set ask e) in - let addrs = S.filter (function AddrOf _ -> true | _ -> false) no_casts in - S.diff st addrs - let remove_var v st = S.filter (fun x -> not (SymbLocksDomain.Exp.contains_var v x)) st - - let filter = S.filter - let fold = S.fold - -end diff --git a/src/cdomains/symbLocksDomain.ml b/src/cdomains/symbLocksDomain.ml index ba2b96e8d0..bb260ad412 100644 --- a/src/cdomains/symbLocksDomain.ml +++ b/src/cdomains/symbLocksDomain.ml @@ -317,3 +317,54 @@ struct let of_mval (v, o) = of_mval (v, conv_const_offset o) end + + +module Symbolic = +struct + (* TODO: use SetDomain.Reverse *) + module S = SetDomain.ToppedSet (Exp) (struct let topname = "All mutexes" end) + include Lattice.Reverse (S) + + let rec eq_set (ask: Queries.ask) e = + S.union + (match ask.f (Queries.EqualSet e) with + | es when not (Queries.ES.is_bot es) -> + Queries.ES.fold S.add es (S.empty ()) + | _ -> S.empty ()) + (match e with + | SizeOf _ + | SizeOfE _ + | SizeOfStr _ + | AlignOf _ + | Const _ + | AlignOfE _ + | UnOp _ + | BinOp _ + | Question _ + | Real _ + | Imag _ + | AddrOfLabel _ -> S.empty () + | AddrOf (Var _,_) + | StartOf (Var _,_) + | Lval (Var _,_) -> S.singleton e + | AddrOf (Mem e,ofs) -> S.map (fun e -> AddrOf (Mem e,ofs)) (eq_set ask e) + | StartOf (Mem e,ofs) -> S.map (fun e -> StartOf (Mem e,ofs)) (eq_set ask e) + | Lval (Mem e,ofs) -> S.map (fun e -> Lval (Mem e,ofs)) (eq_set ask e) + | CastE (_,e) -> eq_set ask e + ) + + let add (ask: Queries.ask) e st = + let no_casts = S.map Expcompare.stripCastsDeepForPtrArith (eq_set ask e) in + let addrs = S.filter (function AddrOf _ -> true | _ -> false) no_casts in + S.union addrs st + let remove ask e st = + (* TODO: Removing based on must-equality sets is not sound! *) + let no_casts = S.map Expcompare.stripCastsDeepForPtrArith (eq_set ask e) in + let addrs = S.filter (function AddrOf _ -> true | _ -> false) no_casts in + S.diff st addrs + let remove_var v st = S.filter (fun x -> not (Exp.contains_var v x)) st + + let filter = S.filter + let fold = S.fold + +end From 8985d64633a0b3d0f6812df8ee784c87f332f499 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:57:37 +0300 Subject: [PATCH 041/164] Extract WitnessGhostVar to break dependency cycle --- src/witness/witnessGhost.ml | 30 +---------------------------- src/witness/witnessGhostVar.ml | 35 ++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 29 deletions(-) create mode 100644 src/witness/witnessGhostVar.ml diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index 010f450954..cdd26b36aa 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -1,34 +1,6 @@ (** Ghost variables for YAML witnesses. *) -module Var = -struct - type t = - | Locked of LockDomain.Addr.t - | Multithreaded - [@@deriving eq, hash] - - let name_varinfo = function - | Locked (Addr (v, _) as l) -> - let name = - if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then - Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) - else - LockDomain.Addr.show l (* TODO: valid names with interval offsets, etc *) - in - name ^ "_locked" - | Locked _ -> assert false - | Multithreaded -> "multithreaded" - - let describe_varinfo _ _ = "" - - let typ = function - | Locked _ -> GoblintCil.intType - | Multithreaded -> GoblintCil.intType - - let initial = function - | Locked _ -> GoblintCil.zero - | Multithreaded -> GoblintCil.zero -end +module Var = WitnessGhostVar include Var diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml new file mode 100644 index 0000000000..afcf5d4dba --- /dev/null +++ b/src/witness/witnessGhostVar.ml @@ -0,0 +1,35 @@ +(** Ghost variables for YAML witnesses. *) + +type t = + | Locked of LockDomain.Addr.t + | Multithreaded +[@@deriving eq, ord, hash] + +let name_varinfo = function + | Locked (Addr (v, _) as l) -> + let name = + if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then + Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) + else + LockDomain.Addr.show l (* TODO: valid names with interval offsets, etc *) + in + name ^ "_locked" + | Locked _ -> assert false + | Multithreaded -> "multithreaded" + +let show = name_varinfo + +include Printable.SimpleShow (struct + type nonrec t = t + let show = show + end) + +let describe_varinfo _ _ = "" + +let typ = function + | Locked _ -> GoblintCil.intType + | Multithreaded -> GoblintCil.intType + +let initial = function + | Locked _ -> GoblintCil.zero + | Multithreaded -> GoblintCil.zero From b04af51f2d86bb20d7908a72948fd97275fdce14 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 13:58:55 +0300 Subject: [PATCH 042/164] Refactor GhostVarAvailable query --- src/analyses/base.ml | 5 +++-- src/analyses/basePriv.ml | 10 ++++++---- src/analyses/mutexGhosts.ml | 3 +-- src/domains/queries.ml | 12 ++++++------ 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index ac31e29163..c1001f8b80 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1247,9 +1247,10 @@ struct if get_bool "exp.earlyglobs" then inv else ( - let var = WitnessGhost.to_varinfo Multithreaded in - if ctx.ask (GhostVarAvailable var) then + if ctx.ask (GhostVarAvailable Multithreaded) then ( + let var = WitnessGhost.to_varinfo Multithreaded in Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) else Invariant.none ) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 129d0d5d69..7a667c9c43 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -342,9 +342,10 @@ struct acc ) cpa Invariant.none in - let var = WitnessGhost.to_varinfo (Locked m') in - if ask.f (GhostVarAvailable var) then + if ask.f (GhostVarAvailable (Locked m')) then ( + let var = WitnessGhost.to_varinfo (Locked m') in Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) else Invariant.none | g -> (* global *) @@ -861,9 +862,10 @@ struct else ( let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> - let var = WitnessGhost.to_varinfo (Locked m) in - if ask.f (GhostVarAvailable var) then + if ask.f (GhostVarAvailable (Locked m)) then ( + let var = WitnessGhost.to_varinfo (Locked m) in Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) else Invariant.none ) locks inv diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 21a12db7a1..5ffdac6110 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -82,8 +82,7 @@ struct let query ctx (type a) (q: a Queries.t): a Queries.result = match q with - | GhostVarAvailable vi -> - GobOption.exists (ghost_var_available ctx) (WitnessGhost.from_varinfo vi) + | GhostVarAvailable v -> ghost_var_available ctx v | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in begin match g with diff --git a/src/domains/queries.ml b/src/domains/queries.ml index 9a50af1907..44a0402a93 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -130,7 +130,7 @@ type _ t = | TmpSpecial: Mval.Exp.t -> ML.t t | MaySignedOverflow: exp -> MayBool.t t | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t - | GhostVarAvailable: varinfo -> MustBool.t t + | GhostVarAvailable: WitnessGhostVar.t -> MayBool.t t type 'a result = 'a @@ -203,7 +203,7 @@ struct | TmpSpecial _ -> (module ML) | MaySignedOverflow _ -> (module MayBool) | YamlEntryGlobal _ -> (module YS) - | GhostVarAvailable _ -> (module MustBool) + | GhostVarAvailable _ -> (module MayBool) (** Get bottom result for query. *) let bot (type a) (q: a t): a result = @@ -275,7 +275,7 @@ struct | TmpSpecial _ -> ML.top () | MaySignedOverflow _ -> MayBool.top () | YamlEntryGlobal _ -> YS.top () - | GhostVarAvailable _ -> MustBool.top () + | GhostVarAvailable _ -> MayBool.top () end (* The type any_query can't be directly defined in Any as t, @@ -401,7 +401,7 @@ struct | Any (MustBeSingleThreaded {since_start=s1;}), Any (MustBeSingleThreaded {since_start=s2;}) -> Stdlib.compare s1 s2 | Any (TmpSpecial lv1), Any (TmpSpecial lv2) -> Mval.Exp.compare lv1 lv2 | Any (MaySignedOverflow e1), Any (MaySignedOverflow e2) -> CilType.Exp.compare e1 e2 - | Any (GhostVarAvailable vi1), Any (GhostVarAvailable vi2) -> CilType.Varinfo.compare vi1 vi2 + | Any (GhostVarAvailable v1), Any (GhostVarAvailable v2) -> WitnessGhostVar.compare v1 v2 (* only argumentless queries should remain *) | _, _ -> Stdlib.compare (order a) (order b) @@ -446,7 +446,7 @@ struct | Any (MustBeSingleThreaded {since_start}) -> Hashtbl.hash since_start | Any (TmpSpecial lv) -> Mval.Exp.hash lv | Any (MaySignedOverflow e) -> CilType.Exp.hash e - | Any (GhostVarAvailable vi) -> CilType.Varinfo.hash vi + | Any (GhostVarAvailable v) -> WitnessGhostVar.hash v (* IterSysVars: *) (* - argument is a function and functions cannot be compared in any meaningful way. *) (* - doesn't matter because IterSysVars is always queried from outside of the analysis, so MCP's query caching is not done for it. *) @@ -512,7 +512,7 @@ struct | Any IsEverMultiThreaded -> Pretty.dprintf "IsEverMultiThreaded" | Any (TmpSpecial lv) -> Pretty.dprintf "TmpSpecial %a" Mval.Exp.pretty lv | Any (MaySignedOverflow e) -> Pretty.dprintf "MaySignedOverflow %a" CilType.Exp.pretty e - | Any (GhostVarAvailable vi) -> Pretty.dprintf "GhostVarAvailable %a" CilType.Varinfo.pretty vi + | Any (GhostVarAvailable v) -> Pretty.dprintf "GhostVarAvailable %a" WitnessGhostVar.pretty v end let to_value_domain_ask (ask: ask) = From d8bd13d7a6770e75fc14958a69510b964bdc4937 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 19 Apr 2024 16:23:05 +0300 Subject: [PATCH 043/164] Exclude WitnessGhostVar from docs check --- scripts/goblint-lib-modules.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/goblint-lib-modules.py b/scripts/goblint-lib-modules.py index 017530f838..98b8acd39f 100755 --- a/scripts/goblint-lib-modules.py +++ b/scripts/goblint-lib-modules.py @@ -44,6 +44,7 @@ "MessageCategory", # included in Messages "PreValueDomain", # included in ValueDomain + "WitnessGhostVar", # included in WitnessGhost "ConfigVersion", "ConfigProfile", From 947d6bc4382c36778c5f6de2d07b07be9637a7ab Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 12:51:14 +0300 Subject: [PATCH 044/164] Fix __VERIFIER_atomic special mutex ghost varialbe name --- src/witness/witnessGhostVar.ml | 5 +- tests/regression/29-svcomp/16-atomic_priv.t | 88 +++++++++++++++++++++ 2 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 tests/regression/29-svcomp/16-atomic_priv.t diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml index afcf5d4dba..bc0f98f915 100644 --- a/src/witness/witnessGhostVar.ml +++ b/src/witness/witnessGhostVar.ml @@ -8,10 +8,13 @@ type t = let name_varinfo = function | Locked (Addr (v, _) as l) -> let name = + if CilType.Varinfo.equal v LibraryFunctions.verifier_atomic_var then + "__VERIFIER_atomic" + else if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) else - LockDomain.Addr.show l (* TODO: valid names with interval offsets, etc *) + LockDomain.Addr.show l (* TODO: valid names with fields, interval offsets, etc *) in name ^ "_locked" | Locked _ -> assert false diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t new file mode 100644 index 0000000000..98584b96d0 --- /dev/null +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -0,0 +1,88 @@ + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 16-atomic_priv.c + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) + [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:24:3-24:33) + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:26:3-26:33) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 17 + dead: 0 + total lines: 17 + [Warning][Race] Memory location myglobal (race with conf. 110): (16-atomic_priv.c:8:5-8:17) + write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:13:3-13:13) + write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) + read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 0 + vulnerable: 0 + unsafe: 1 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "0" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 27 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "0" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: __VERIFIER_atomic_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || myglobal == 5' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (__VERIFIER_atomic_locked || myglobal == 5)' + type: assertion + format: C From 4ada6eb2ced86b2021bde12937a237d716b6daa4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 12:55:56 +0300 Subject: [PATCH 045/164] Avoid emitting useless protected invariants from protection privatization --- src/analyses/basePriv.ml | 2 ++ tests/regression/29-svcomp/16-atomic_priv.t | 7 +------ tests/regression/56-witness/64-ghost-multiple-protecting.t | 7 +------ 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 7a667c9c43..7cadf637ad 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -859,6 +859,8 @@ struct let locks = ask.f (Q.MustProtectingLocks g') in if Q.AD.is_top locks || Q.AD.is_empty locks then Invariant.none + else if VD.equal (getg (V.protected g')) (getg (V.unprotected g')) then + Invariant.none (* don't output protected invariant because it's the same as unprotected *) else ( let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index 98584b96d0..15425f68dd 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -13,7 +13,7 @@ write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 8 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -81,8 +81,3 @@ string: '! multithreaded || myglobal == 5' type: assertion format: C - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (__VERIFIER_atomic_locked || myglobal == 5)' - type: assertion - format: C diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index d51db2285e..53323355c5 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -4,7 +4,7 @@ dead: 0 total lines: 19 [Info][Witness] witness generation summary: - total generation entries: 18 + total generation entries: 17 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -133,11 +133,6 @@ protection doesn't have precise protected invariant for g2. string: '! multithreaded || (m2_locked || (m1_locked || g1 == 0))' type: assertion format: C - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m2_locked || (m1_locked || (0 <= g2 && g2 <= 1)))' - type: assertion - format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= g2 && g2 <= 1)' From a7d43a938181ca404666147d2fc705c09a0fa8e4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 13:04:26 +0300 Subject: [PATCH 046/164] Avoid useless work in mutex-meet invariant_global if ghost variable isn't available --- src/analyses/basePriv.ml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 7cadf637ad..799290c4fe 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -333,16 +333,16 @@ struct let invariant_global (ask: Q.ask) getg = function | `Left m' as m -> (* mutex *) - let cpa = getg m in - let inv = CPA.fold (fun v _ acc -> - if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then - let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in - Invariant.(acc && inv) - else - acc - ) cpa Invariant.none - in if ask.f (GhostVarAvailable (Locked m')) then ( + let cpa = getg m in + let inv = CPA.fold (fun v _ acc -> + if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then + let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in + Invariant.(acc && inv) + else + acc + ) cpa Invariant.none + in let var = WitnessGhost.to_varinfo (Locked m') in Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) From d6abc0b4f14dccbd1c500ce3a9e23f72497aa966 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 13:44:29 +0300 Subject: [PATCH 047/164] Fix struct field mutex ghost variable name --- src/witness/witnessGhostVar.ml | 11 ++- tests/regression/13-privatized/25-struct_nr.t | 83 +++++++++++++++++++ 2 files changed, 91 insertions(+), 3 deletions(-) create mode 100644 tests/regression/13-privatized/25-struct_nr.t diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml index bc0f98f915..cac48050de 100644 --- a/src/witness/witnessGhostVar.ml +++ b/src/witness/witnessGhostVar.ml @@ -6,7 +6,7 @@ type t = [@@deriving eq, ord, hash] let name_varinfo = function - | Locked (Addr (v, _) as l) -> + | Locked (Addr (v, os)) -> let name = if CilType.Varinfo.equal v LibraryFunctions.verifier_atomic_var then "__VERIFIER_atomic" @@ -14,9 +14,14 @@ let name_varinfo = function if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) else - LockDomain.Addr.show l (* TODO: valid names with fields, interval offsets, etc *) + Basetype.Variables.show v in - name ^ "_locked" + let rec offs: LockDomain.Addr.Offs.t -> string = function + | `NoOffset -> "" + | `Field (f, os') -> "_" ^ f.fname ^ offs os' + | `Index (i, os') -> failwith "TODO" (* TODO: valid names with interval offsets, etc *) + in + name ^ offs os ^ "_locked" | Locked _ -> assert false | Multithreaded -> "multithreaded" diff --git a/tests/regression/13-privatized/25-struct_nr.t b/tests/regression/13-privatized/25-struct_nr.t new file mode 100644 index 0000000000..f3ebcd1c52 --- /dev/null +++ b/tests/regression/13-privatized/25-struct_nr.t @@ -0,0 +1,83 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 25-struct_nr.c + [Success][Assert] Assertion "glob1 == 5" will succeed (25-struct_nr.c:26:3-26:30) + [Success][Assert] Assertion "t == 5" will succeed (25-struct_nr.c:16:3-16:26) + [Success][Assert] Assertion "glob1 == -10" will succeed (25-struct_nr.c:18:3-18:32) + [Success][Assert] Assertion "glob1 == 6" will succeed (25-struct_nr.c:30:3-30:30) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 19 + dead: 0 + total lines: 19 + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 27 + column: 3 + function: main + - entry_type: ghost_update + variable: lock1_mutex_locked + expression: "1" + location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + - entry_type: ghost_update + variable: lock1_mutex_locked + expression: "1" + location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: lock1_mutex_locked + expression: "0" + location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 32 + column: 3 + function: main + - entry_type: ghost_update + variable: lock1_mutex_locked + expression: "0" + location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: lock1_mutex_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (lock1_mutex_locked || glob1 == 5)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || ((-128 <= glob1 && glob1 <= 127) && glob1 != 0)' + type: assertion + format: C From 6db1d04eeb551a5726bb373e7cc6e6e0394a4368 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 14:34:05 +0300 Subject: [PATCH 048/164] Fix definite array index mutex ghost variable name --- src/witness/witnessGhostVar.ml | 5 +- tests/regression/13-privatized/80-idx_priv.c | 26 +++++++ tests/regression/13-privatized/80-idx_priv.t | 80 ++++++++++++++++++++ 3 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 tests/regression/13-privatized/80-idx_priv.c create mode 100644 tests/regression/13-privatized/80-idx_priv.t diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml index cac48050de..cec61b0e2d 100644 --- a/src/witness/witnessGhostVar.ml +++ b/src/witness/witnessGhostVar.ml @@ -19,7 +19,10 @@ let name_varinfo = function let rec offs: LockDomain.Addr.Offs.t -> string = function | `NoOffset -> "" | `Field (f, os') -> "_" ^ f.fname ^ offs os' - | `Index (i, os') -> failwith "TODO" (* TODO: valid names with interval offsets, etc *) + | `Index (i, os') -> + match ValueDomain.ID.to_int i with + | Some i -> assert Z.Compare.(i >= Z.zero); "_" ^ Z.to_string i + | _ -> assert false (* must locksets cannot have ambiguous indices *) in name ^ offs os ^ "_locked" | Locked _ -> assert false diff --git a/tests/regression/13-privatized/80-idx_priv.c b/tests/regression/13-privatized/80-idx_priv.c new file mode 100644 index 0000000000..ed0e8d3228 --- /dev/null +++ b/tests/regression/13-privatized/80-idx_priv.c @@ -0,0 +1,26 @@ +#include +#include + +int data; +pthread_mutex_t m[10]; + +void *t_fun(void *arg) { + pthread_mutex_lock(&m[4]); + data++; // NORACE + data--; // NORACE + pthread_mutex_unlock(&m[4]); + return NULL; +} + +int main() { + for (int i = 0; i < 10; i++) + pthread_mutex_init(&m[i], NULL); + + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + pthread_mutex_lock(&m[4]); + __goblint_check(data == 0); // NORACE + pthread_mutex_unlock(&m[4]); + return 0; +} + diff --git a/tests/regression/13-privatized/80-idx_priv.t b/tests/regression/13-privatized/80-idx_priv.t new file mode 100644 index 0000000000..698744924c --- /dev/null +++ b/tests/regression/13-privatized/80-idx_priv.t @@ -0,0 +1,80 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 80-idx_priv.c + [Success][Assert] Assertion "data == 0" will succeed (80-idx_priv.c:22:3-22:29) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 0 + total lines: 14 + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 80-idx_priv.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: main + - entry_type: ghost_update + variable: m_4_locked + expression: "1" + location: + file_name: 80-idx_priv.c + file_hash: $FILE_HASH + line: 21 + column: 3 + function: main + - entry_type: ghost_update + variable: m_4_locked + expression: "1" + location: + file_name: 80-idx_priv.c + file_hash: $FILE_HASH + line: 8 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m_4_locked + expression: "0" + location: + file_name: 80-idx_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + - entry_type: ghost_update + variable: m_4_locked + expression: "0" + location: + file_name: 80-idx_priv.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m_4_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m_4_locked || data == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= data && data <= 1)' + type: assertion + format: C From 53a714fe979757f8f71c1ea408f3a3e5ccd4120c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 15:28:26 +0300 Subject: [PATCH 049/164] Make non-definite ghost variables unavailable --- src/analyses/mutexGhosts.ml | 2 +- .../56-witness/68-ghost-ambiguous-idx.c | 28 +++++++ .../56-witness/68-ghost-ambiguous-idx.t | 78 +++++++++++++++++++ 3 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 tests/regression/56-witness/68-ghost-ambiguous-idx.c create mode 100644 tests/regression/56-witness/68-ghost-ambiguous-idx.t diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 5ffdac6110..128355e919 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -77,7 +77,7 @@ struct ctx.local let ghost_var_available ctx = function - | WitnessGhost.Var.Locked lock -> not (G.lock (ctx.global (V.lock lock)): bool) + | WitnessGhost.Var.Locked lock -> LockDomain.Addr.is_definite lock && not (G.lock (ctx.global (V.lock lock))) | Multithreaded -> true let query ctx (type a) (q: a Queries.t): a Queries.result = diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.c b/tests/regression/56-witness/68-ghost-ambiguous-idx.c new file mode 100644 index 0000000000..7babbe003c --- /dev/null +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.c @@ -0,0 +1,28 @@ +#include +#include + +int data; +pthread_mutex_t m[10]; + +void *t_fun(void *arg) { + pthread_mutex_lock(&m[4]); + data++; + data--; + pthread_mutex_unlock(&m[4]); + return NULL; +} + +int main() { + for (int i = 0; i < 10; i++) + pthread_mutex_init(&m[i], NULL); + + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + int r; + int j = r ? 4 : 5; + pthread_mutex_lock(&m[r]); + __goblint_check(data == 0); // UNKNOWN! + pthread_mutex_unlock(&m[4]); + return 0; +} + diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t new file mode 100644 index 0000000000..0f6191188e --- /dev/null +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -0,0 +1,78 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 68-ghost-ambiguous-idx.c + [Warning][Assert] Assertion "data == 0" is unknown. (68-ghost-ambiguous-idx.c:24:3-24:29) + [Warning][Unknown] unlocking mutex (m[4]) which may not be held (68-ghost-ambiguous-idx.c:25:3-25:30) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 15 + dead: 0 + total lines: 15 + [Warning][Race] Memory location data (race with conf. 110): (68-ghost-ambiguous-idx.c:4:5-4:9) + write with [lock:{m[4]}, thread:[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:9:3-9:9) + write with [lock:{m[4]}, thread:[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:10:3-10:9) + read with [mhp:{created={[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]}}, thread:[main]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:24:3-24:29) + [Info][Witness] witness generation summary: + total generation entries: 8 + [Info][Race] Memory locations race summary: + safe: 0 + vulnerable: 0 + unsafe: 1 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: main + - entry_type: ghost_update + variable: m_4_locked + expression: "1" + location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 8 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m_4_locked + expression: "0" + location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + - entry_type: ghost_update + variable: m_4_locked + expression: "0" + location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m_4_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m_4_locked || data == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= data && data <= 1)' + type: assertion + format: C + +TODO: there shouldn't be invariant with m_4_locked because it's ambiguously used From 413b2e17dd3e4e8b7e53ec50af475eee539d44ee Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 23 Apr 2024 15:32:59 +0300 Subject: [PATCH 050/164] Disable mutex ghosts with indices --- src/analyses/mutexGhosts.ml | 3 +- tests/regression/13-privatized/80-idx_priv.t | 50 ++----------------- .../56-witness/68-ghost-ambiguous-idx.t | 41 +-------------- 3 files changed, 6 insertions(+), 88 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 128355e919..b7001c6c2f 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -77,7 +77,8 @@ struct ctx.local let ghost_var_available ctx = function - | WitnessGhost.Var.Locked lock -> LockDomain.Addr.is_definite lock && not (G.lock (ctx.global (V.lock lock))) + | WitnessGhost.Var.Locked (Addr (v, o) as lock) -> not (LockDomain.Offs.contains_index o) && not (G.lock (ctx.global (V.lock lock))) + | Locked _ -> false | Multithreaded -> true let query ctx (type a) (q: a Queries.t): a Queries.result = diff --git a/tests/regression/13-privatized/80-idx_priv.t b/tests/regression/13-privatized/80-idx_priv.t index 698744924c..bf15cfb538 100644 --- a/tests/regression/13-privatized/80-idx_priv.t +++ b/tests/regression/13-privatized/80-idx_priv.t @@ -5,7 +5,7 @@ dead: 0 total lines: 14 [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -22,59 +22,15 @@ line: 20 column: 3 function: main - - entry_type: ghost_update - variable: m_4_locked - expression: "1" - location: - file_name: 80-idx_priv.c - file_hash: $FILE_HASH - line: 21 - column: 3 - function: main - - entry_type: ghost_update - variable: m_4_locked - expression: "1" - location: - file_name: 80-idx_priv.c - file_hash: $FILE_HASH - line: 8 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m_4_locked - expression: "0" - location: - file_name: 80-idx_priv.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - - entry_type: ghost_update - variable: m_4_locked - expression: "0" - location: - file_name: 80-idx_priv.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - entry_type: ghost_variable variable: multithreaded scope: global type: int initial: "0" - - entry_type: ghost_variable - variable: m_4_locked - scope: global - type: int - initial: "0" - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m_4_locked || data == 0)' - type: assertion - format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' type: assertion format: C + +TODO: protected invariant with m_4_locked without making 56-witness/68-ghost-ambiguous-idx unsound diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t index 0f6191188e..48837fcabb 100644 --- a/tests/regression/56-witness/68-ghost-ambiguous-idx.t +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -10,7 +10,7 @@ write with [lock:{m[4]}, thread:[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:10:3-10:9) read with [mhp:{created={[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]}}, thread:[main]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:24:3-24:29) [Info][Witness] witness generation summary: - total generation entries: 8 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -27,52 +27,13 @@ line: 20 column: 3 function: main - - entry_type: ghost_update - variable: m_4_locked - expression: "1" - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 8 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m_4_locked - expression: "0" - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 25 - column: 3 - function: main - - entry_type: ghost_update - variable: m_4_locked - expression: "0" - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - entry_type: ghost_variable variable: multithreaded scope: global type: int initial: "0" - - entry_type: ghost_variable - variable: m_4_locked - scope: global - type: int - initial: "0" - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m_4_locked || data == 0)' - type: assertion - format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' type: assertion format: C - -TODO: there shouldn't be invariant with m_4_locked because it's ambiguously used From ea849fbb840452090517c6395c78fbffd5226ea4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Apr 2024 10:28:28 +0300 Subject: [PATCH 051/164] Detect thread create nodes in mutexGhosts --- src/analyses/mutexGhosts.ml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index b7001c6c2f..803f80f3e6 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -33,11 +33,16 @@ struct include BoolDomain.MayBool let name () = "multithread" end + module ThreadCreate = + struct + include BoolDomain.MayBool + let name () = "threadcreate" + end module G = struct - include Lattice.Lift2 (Lattice.Prod3 (Locked) (Unlocked) (MultiThread)) (BoolDomain.MayBool) + include Lattice.Lift2 (Lattice.Prod4 (Locked) (Unlocked) (MultiThread) (ThreadCreate)) (BoolDomain.MayBool) let node = function - | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot ()) + | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot (), ThreadCreate.bot ()) | `Lifted1 x -> x | _ -> failwith "MutexGhosts.node" let lock = function @@ -51,9 +56,9 @@ struct let event ctx e octx = begin match e with | Events.Lock (l, _) -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())); + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot (), ThreadCreate.bot ())); if !AnalysisState.postsolving then ( - let (locked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in + let (locked, _, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal locked > 1 then ( Locked.iter (fun lock -> ctx.sideg (V.lock lock) (G.create_lock true) @@ -61,9 +66,9 @@ struct ); ) | Events.Unlock l -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())); + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot (), ThreadCreate.bot ())); if !AnalysisState.postsolving then ( - let (_, unlocked, _) = G.node (ctx.global (V.node ctx.prev_node)) in + let (_, unlocked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal unlocked > 1 then ( Locked.iter (fun lock -> ctx.sideg (V.lock lock) (G.create_lock true) @@ -71,11 +76,15 @@ struct ); ) | Events.EnterMultiThreaded -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true, ThreadCreate.bot ())) | _ -> () end; ctx.local + let threadspawn ctx ~multiple lval f args octx = + ctx.sideg (V.node ctx.node) (G.create_node (Locked.bot (), Unlocked.bot (), MultiThread.bot (), true)); + ctx.local + let ghost_var_available ctx = function | WitnessGhost.Var.Locked (Addr (v, o) as lock) -> not (LockDomain.Offs.contains_index o) && not (G.lock (ctx.global (V.lock lock))) | Locked _ -> false @@ -88,7 +97,7 @@ struct let g: V.t = Obj.obj g in begin match g with | `Left g' -> - let (locked, unlocked, multithread) = G.node (ctx.global g) in + let (locked, unlocked, multithread, threadcreate) = G.node (ctx.global g) in let g = g' in let entries = (* TODO: do variable_entry-s only once *) From 594beaceed70cb0e85ed0b56c9c26711becc1956 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Apr 2024 10:44:00 +0300 Subject: [PATCH 052/164] Refactor mutexGhosts thread creation collection --- src/analyses/mutexGhosts.ml | 44 +++++++++++++++++++++---------------- src/domains/queries.ml | 1 + 2 files changed, 26 insertions(+), 19 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 803f80f3e6..9ddde5d37e 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -2,20 +2,25 @@ open Analyses +module NodeSet = Queries.NS + module Spec = struct include UnitAnalysis.Spec let name () = "mutexGhosts" + module ThreadCreate = Printable.UnitConf (struct let name = "threadcreate" end) module V = struct - include Printable.Either (Node) (LockDomain.Addr) + include Printable.Either3 (Node) (LockDomain.Addr) (ThreadCreate) let node x = `Left x - let lock x = `Right x + let lock x = `Middle x + let threadcreate = `Right () let is_write_only = function | `Left _ -> false - | `Right _ -> true + | `Middle _ -> true + | `Right _ -> false end module Locked = @@ -33,32 +38,32 @@ struct include BoolDomain.MayBool let name () = "multithread" end - module ThreadCreate = - struct - include BoolDomain.MayBool - let name () = "threadcreate" - end module G = struct - include Lattice.Lift2 (Lattice.Prod4 (Locked) (Unlocked) (MultiThread) (ThreadCreate)) (BoolDomain.MayBool) + include Lattice.Lift2 (Lattice.Prod3 (Locked) (Unlocked) (MultiThread)) (Lattice.Lift2 (BoolDomain.MayBool) (NodeSet)) let node = function - | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot (), ThreadCreate.bot ()) + | `Bot -> (Locked.bot (), Unlocked.bot (), MultiThread.bot ()) | `Lifted1 x -> x | _ -> failwith "MutexGhosts.node" let lock = function | `Bot -> BoolDomain.MayBool.bot () - | `Lifted2 x -> x + | `Lifted2 (`Lifted1 x) -> x | _ -> failwith "MutexGhosts.lock" + let threadcreate = function + | `Bot -> NodeSet.bot () + | `Lifted2 (`Lifted2 x) -> x + | _ -> failwith "MutexGhosts.threadcreate" let create_node node = `Lifted1 node - let create_lock lock = `Lifted2 lock + let create_lock lock = `Lifted2 (`Lifted1 lock) + let create_threadcreate threadcreate = `Lifted2 (`Lifted2 threadcreate) end let event ctx e octx = begin match e with | Events.Lock (l, _) -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot (), ThreadCreate.bot ())); + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())); if !AnalysisState.postsolving then ( - let (locked, _, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in + let (locked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal locked > 1 then ( Locked.iter (fun lock -> ctx.sideg (V.lock lock) (G.create_lock true) @@ -66,9 +71,9 @@ struct ); ) | Events.Unlock l -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot (), ThreadCreate.bot ())); + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())); if !AnalysisState.postsolving then ( - let (_, unlocked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in + let (_, unlocked, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal unlocked > 1 then ( Locked.iter (fun lock -> ctx.sideg (V.lock lock) (G.create_lock true) @@ -76,13 +81,13 @@ struct ); ) | Events.EnterMultiThreaded -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true, ThreadCreate.bot ())) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)) | _ -> () end; ctx.local let threadspawn ctx ~multiple lval f args octx = - ctx.sideg (V.node ctx.node) (G.create_node (Locked.bot (), Unlocked.bot (), MultiThread.bot (), true)); + ctx.sideg V.threadcreate (G.create_threadcreate (NodeSet.singleton ctx.node)); ctx.local let ghost_var_available ctx = function @@ -97,7 +102,7 @@ struct let g: V.t = Obj.obj g in begin match g with | `Left g' -> - let (locked, unlocked, multithread, threadcreate) = G.node (ctx.global g) in + let (locked, unlocked, multithread) = G.node (ctx.global g) in let g = g' in let entries = (* TODO: do variable_entry-s only once *) @@ -144,6 +149,7 @@ struct entries in entries + | `Middle _ -> Queries.Result.top q | `Right _ -> Queries.Result.top q end | _ -> Queries.Result.top q diff --git a/src/domains/queries.ml b/src/domains/queries.ml index 44a0402a93..515198854d 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -10,6 +10,7 @@ module LS = VDQ.LS module TS = SetDomain.ToppedSet (CilType.Typ) (struct let topname = "All" end) module ES = SetDomain.Reverse (SetDomain.ToppedSet (CilType.Exp) (struct let topname = "All" end)) module VS = SetDomain.ToppedSet (CilType.Varinfo) (struct let topname = "All" end) +module NS = SetDomain.ToppedSet (Node) (struct let topname = "All" end) module NFL = WrapperFunctionAnalysis0.NodeFlatLattice module TC = WrapperFunctionAnalysis0.ThreadCreateUniqueCount From 584b78842a0a38fee98c73d59629a707218b0e0a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Apr 2024 11:06:39 +0300 Subject: [PATCH 053/164] Add option to emit flow_insensitive_invariant-s as location_invariant-s --- src/analyses/mutexGhosts.ml | 1 + src/config/options.schema.json | 6 +++ src/domains/queries.ml | 5 +++ src/witness/yamlWitness.ml | 21 ++++++++-- tests/regression/13-privatized/74-mutex.t | 50 ++++++++++++++++++++++- 5 files changed, 79 insertions(+), 4 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 9ddde5d37e..75195e4662 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -152,6 +152,7 @@ struct | `Middle _ -> Queries.Result.top q | `Right _ -> Queries.Result.top q end + | InvariantGlobalNodes -> (G.threadcreate (ctx.global V.threadcreate): NodeSet.t) | _ -> Queries.Result.top q end diff --git a/src/config/options.schema.json b/src/config/options.schema.json index db93e74ff4..3065325f4e 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2493,6 +2493,12 @@ "description": "Emit invariants with typedef-ed types (e.g. in casts). Our validator cannot parse these.", "type": "boolean", "default": true + }, + "flow_insensitive-as-location": { + "title": "witness.invariant.flow_insensitive-as-location", + "description": "Emit flow-insensitive invariants as location invariants at certain locations.", + "type": "boolean", + "default": false } }, "additionalProperties": false diff --git a/src/domains/queries.ml b/src/domains/queries.ml index 515198854d..152fb5f1a5 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -132,6 +132,7 @@ type _ t = | MaySignedOverflow: exp -> MayBool.t t | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t | GhostVarAvailable: WitnessGhostVar.t -> MayBool.t t + | InvariantGlobalNodes: NS.t t (* TODO: V.t argument? *) type 'a result = 'a @@ -205,6 +206,7 @@ struct | MaySignedOverflow _ -> (module MayBool) | YamlEntryGlobal _ -> (module YS) | GhostVarAvailable _ -> (module MayBool) + | InvariantGlobalNodes -> (module NS) (** Get bottom result for query. *) let bot (type a) (q: a t): a result = @@ -277,6 +279,7 @@ struct | MaySignedOverflow _ -> MayBool.top () | YamlEntryGlobal _ -> YS.top () | GhostVarAvailable _ -> MayBool.top () + | InvariantGlobalNodes -> NS.top () end (* The type any_query can't be directly defined in Any as t, @@ -346,6 +349,7 @@ struct | Any (YamlEntryGlobal _) -> 59 | Any (MustProtectingLocks _) -> 60 | Any (GhostVarAvailable _) -> 61 + | Any InvariantGlobalNodes -> 62 let rec compare a b = let r = Stdlib.compare (order a) (order b) in @@ -514,6 +518,7 @@ struct | Any (TmpSpecial lv) -> Pretty.dprintf "TmpSpecial %a" Mval.Exp.pretty lv | Any (MaySignedOverflow e) -> Pretty.dprintf "MaySignedOverflow %a" CilType.Exp.pretty e | Any (GhostVarAvailable v) -> Pretty.dprintf "GhostVarAvailable %a" WitnessGhostVar.pretty v + | Any InvariantGlobalNodes -> Pretty.dprintf "InvariantGlobalNodes" end let to_value_domain_ask (ask: ask) = diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 9eafae009f..49fe889c22 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -325,18 +325,33 @@ struct (* Generate flow-insensitive invariants *) let entries = if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type then ( + let ns = R.ask_global InvariantGlobalNodes in GHT.fold (fun g v acc -> match g with | `Left g -> (* Spec global *) - begin match R.ask_global (InvariantGlobal (Obj.repr g)) with - | `Lifted inv -> + begin match R.ask_global (InvariantGlobal (Obj.repr g)), GobConfig.get_bool "witness.invariant.flow_insensitive-as-location" with + | `Lifted inv, false -> let invs = WitnessUtil.InvariantExp.process_exp inv in List.fold_left (fun acc inv -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.flow_insensitive_invariant ~task ~invariant in entry :: acc ) acc invs - | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) + | `Lifted inv, true -> + (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) + let invs = WitnessUtil.InvariantExp.process_exp inv in + Queries.NS.fold (fun n acc -> + let fundec = Node.find_fundec n in + let loc = Node.location n in + let location_function = fundec.svar.vname in + let location = Entry.location ~location:loc ~location_function in + List.fold_left (fun acc inv -> + let invariant = Entry.invariant (CilType.Exp.show inv) in + let entry = Entry.location_invariant ~task ~location ~invariant in + entry :: acc + ) acc invs + ) ns acc + | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end | `Right _ -> (* contexts global *) diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 6f84aa184f..a00f49eb1a 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -15,7 +15,7 @@ unsafe: 0 total memory locations: 1 - $ yamlWitnessStrip < witness.yml + $ yamlWitnessStrip < witness.yml | tee witness.flow_insensitive.yml - entry_type: ghost_update variable: multithreaded expression: "1" @@ -82,6 +82,54 @@ type: assertion format: C +Flow-insensitive invariants as location invariants. + + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 15 + dead: 1 + total lines: 16 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml > witness.location.yml + + $ diff witness.flow_insensitive.yml witness.location.yml + 56,57c56,63 + < - entry_type: flow_insensitive_invariant + < flow_insensitive_invariant: + --- + > - entry_type: location_invariant + > location: + > file_name: 74-mutex.c + > file_hash: $FILE_HASH + > line: 36 + > column: 3 + > function: main + > location_invariant: + 61,62c67,74 + < - entry_type: flow_insensitive_invariant + < flow_insensitive_invariant: + --- + > - entry_type: location_invariant + > location: + > file_name: 74-mutex.c + > file_hash: $FILE_HASH + > line: 36 + > column: 3 + > function: main + > location_invariant: + [1] + Should also work with earlyglobs. Earlyglobs shouldn't cause protected writes in multithreaded mode from being immediately published to protected invariant. From 8d5cc1275a71283c88cdd3136715da524cec7b51 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 25 Apr 2024 10:13:39 +0300 Subject: [PATCH 054/164] Add svcomp-ghost conf --- conf/svcomp-ghost.json | 145 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 conf/svcomp-ghost.json diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json new file mode 100644 index 0000000000..62feb25993 --- /dev/null +++ b/conf/svcomp-ghost.json @@ -0,0 +1,145 @@ +{ + "ana": { + "sv-comp": { + "enabled": true, + "functions": true + }, + "int": { + "def_exc": true, + "enums": false, + "interval": true + }, + "float": { + "interval": true + }, + "activated": [ + "base", + "threadid", + "threadflag", + "threadreturn", + "mallocWrapper", + "mutexEvents", + "mutex", + "access", + "race", + "escape", + "expRelation", + "mhp", + "assert", + "var_eq", + "symb_locks", + "region", + "thread", + "threadJoins", + "mutexGhosts", + "pthreadMutexType" + ], + "path_sens": [ + "mutex", + "malloc_null", + "uninit", + "expsplit", + "activeSetjmp", + "memLeak", + "threadflag" + ], + "context": { + "widen": false + }, + "malloc": { + "wrappers": [ + "kmalloc", + "__kmalloc", + "usb_alloc_urb", + "__builtin_alloca", + "kzalloc", + + "ldv_malloc", + + "kzalloc_node", + "ldv_zalloc", + "kmalloc_array", + "kcalloc", + + "ldv_xmalloc", + "ldv_xzalloc", + "ldv_calloc", + "ldv_kzalloc" + ] + }, + "base": { + "arrays": { + "domain": "partitioned" + } + }, + "race": { + "free": false, + "call": false + }, + "autotune": { + "enabled": true, + "activated": [ + "singleThreaded", + "mallocWrappers", + "noRecursiveIntervals", + "enums", + "congruence", + "octagon", + "wideningThresholds", + "loopUnrollHeuristic", + "memsafetySpecification", + "termination", + "tmpSpecialAnalysis" + ] + } + }, + "exp": { + "region-offsets": true + }, + "solver": "td3", + "sem": { + "unknown_function": { + "spawn": false + }, + "int": { + "signed_overflow": "assume_none" + }, + "null-pointer": { + "dereference": "assume_none" + } + }, + "witness": { + "graphml": { + "enabled": false + }, + "yaml": { + "enabled": true, + "format-version": "2.0", + "entry-types": [ + "flow_insensitive_invariant" + ] + }, + "invariant": { + "loop-head": true, + "after-lock": true, + "other": true, + "accessed": true, + "exact": true, + "all-locals": false, + "flow_insensitive-as-location": true, + "exclude-vars": [ + "tmp\\(___[0-9]+\\)?", + "cond", + "RETURN", + "__\\(cil_\\)?tmp_?[0-9]*\\(_[0-9]+\\)?", + ".*____CPAchecker_TMP_[0-9]+", + "__VERIFIER_assert__cond", + "__ksymtab_.*", + "\\(ldv_state_variable\\|ldv_timer_state\\|ldv_timer_list\\|ldv_irq_\\(line_\\|data_\\)?[0-9]+\\|ldv_retval\\)_[0-9]+" + ] + } + }, + "pre": { + "enabled": false + } +} From 96d862e4369df5355f80fcc69a94c7e53de806ac Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 25 Apr 2024 10:14:19 +0300 Subject: [PATCH 055/164] Use YAML witness format-version 0.1 for svcomp-ghost --- conf/svcomp-ghost.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index 62feb25993..229dd9ef46 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -114,7 +114,7 @@ }, "yaml": { "enabled": true, - "format-version": "2.0", + "format-version": "0.1", "entry-types": [ "flow_insensitive_invariant" ] From 257fa8cd374f4b339427eb4c2c52cf67d72aa298 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 25 Apr 2024 10:24:44 +0300 Subject: [PATCH 056/164] Test witness.invariant.flow_insensitive-as-location with for loop --- .../regression/13-privatized/04-priv_multi.t | 309 ++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 tests/regression/13-privatized/04-priv_multi.t diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t new file mode 100644 index 0000000000..9bdf8ac5a7 --- /dev/null +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -0,0 +1,309 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 04-priv_multi.c + [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) + [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) + [Warning][Deadcode] Function 'dispose' has dead code: + on line 53 (04-priv_multi.c:53-53) + on line 56 (04-priv_multi.c:56-56) + [Warning][Deadcode] Function 'process' has dead code: + on line 37 (04-priv_multi.c:37-37) + on line 40 (04-priv_multi.c:40-40) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 40 + dead: 4 + total lines: 44 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:25:10-25:11) + [Warning][Deadcode][CWE-571] condition 'A > 0' is always true (04-priv_multi.c:27:9-27:14) + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:45:10-45:11) + [Warning][Deadcode][CWE-571] condition 'B > 0' is always true (04-priv_multi.c:47:9-47:14) + [Info][Witness] witness generation summary: + total generation entries: 19 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + + $ yamlWitnessStrip < witness.yml | tee witness.flow_insensitive.yml + - entry_type: ghost_update + variable: mutex_B_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 69 + column: 5 + function: main + - entry_type: ghost_update + variable: mutex_B_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 46 + column: 5 + function: dispose + - entry_type: ghost_update + variable: mutex_B_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 29 + column: 7 + function: process + - entry_type: ghost_update + variable: mutex_B_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 73 + column: 5 + function: main + - entry_type: ghost_update + variable: mutex_B_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 49 + column: 7 + function: dispose + - entry_type: ghost_update + variable: mutex_B_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 32 + column: 7 + function: process + - entry_type: ghost_update + variable: mutex_A_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 68 + column: 5 + function: main + - entry_type: ghost_update + variable: mutex_A_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 26 + column: 5 + function: process + - entry_type: ghost_update + variable: mutex_A_locked + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 15 + column: 5 + function: generate + - entry_type: ghost_update + variable: mutex_A_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 74 + column: 5 + function: main + - entry_type: ghost_update + variable: mutex_A_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 34 + column: 7 + function: process + - entry_type: ghost_update + variable: mutex_A_locked + expression: "0" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 18 + column: 5 + function: generate + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 63 + column: 3 + function: main + - entry_type: ghost_variable + variable: mutex_B_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: mutex_A_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (mutex_B_locked || (mutex_A_locked || B == 5))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (mutex_A_locked || A == 5)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || ((0 <= B && B <= 127) && B != 0)' + type: assertion + format: C + +Flow-insensitive invariants as location invariants. + + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c + [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) + [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) + [Warning][Deadcode] Function 'dispose' has dead code: + on line 53 (04-priv_multi.c:53-53) + on line 56 (04-priv_multi.c:56-56) + [Warning][Deadcode] Function 'process' has dead code: + on line 37 (04-priv_multi.c:37-37) + on line 40 (04-priv_multi.c:40-40) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 40 + dead: 4 + total lines: 44 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:25:10-25:11) + [Warning][Deadcode][CWE-571] condition 'A > 0' is always true (04-priv_multi.c:27:9-27:14) + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:45:10-45:11) + [Warning][Deadcode][CWE-571] condition 'B > 0' is always true (04-priv_multi.c:47:9-47:14) + [Info][Witness] witness generation summary: + total generation entries: 25 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 0 + total memory locations: 2 + + $ yamlWitnessStrip < witness.yml > witness.location.yml + +Location invariant at `for` loop in `main` should be on column 3, not 7. + + $ diff witness.flow_insensitive.yml witness.location.yml + 133,134c133,140 + < - entry_type: flow_insensitive_invariant + < flow_insensitive_invariant: + --- + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 67 + > column: 7 + > function: main + > location_invariant: + 138,139c144,151 + < - entry_type: flow_insensitive_invariant + < flow_insensitive_invariant: + --- + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 67 + > column: 7 + > function: main + > location_invariant: + 143,144c155,228 + < - entry_type: flow_insensitive_invariant + < flow_insensitive_invariant: + --- + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 67 + > column: 7 + > function: main + > location_invariant: + > string: '! multithreaded || ((0 <= B && B <= 127) && B != 0)' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 65 + > column: 3 + > function: main + > location_invariant: + > string: '! multithreaded || (mutex_B_locked || (mutex_A_locked || B == 5))' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 65 + > column: 3 + > function: main + > location_invariant: + > string: '! multithreaded || (mutex_A_locked || A == 5)' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 65 + > column: 3 + > function: main + > location_invariant: + > string: '! multithreaded || ((0 <= B && B <= 127) && B != 0)' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 64 + > column: 3 + > function: main + > location_invariant: + > string: '! multithreaded || (mutex_B_locked || (mutex_A_locked || B == 5))' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 64 + > column: 3 + > function: main + > location_invariant: + > string: '! multithreaded || (mutex_A_locked || A == 5)' + > type: assertion + > format: C + > - entry_type: location_invariant + > location: + > file_name: 04-priv_multi.c + > file_hash: $FILE_HASH + > line: 64 + > column: 3 + > function: main + > location_invariant: + [1] From 10dfba1437956105d7a5a91c3f3bf410ebbc9b36 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 25 Apr 2024 10:29:53 +0300 Subject: [PATCH 057/164] Fix witness.invariant.flow_insensitive-as-location at loop node --- src/witness/yamlWitness.ml | 18 ++++++++++-------- tests/regression/13-privatized/04-priv_multi.t | 6 +++--- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 49fe889c22..b7bf11a31c 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -342,14 +342,16 @@ struct let invs = WitnessUtil.InvariantExp.process_exp inv in Queries.NS.fold (fun n acc -> let fundec = Node.find_fundec n in - let loc = Node.location n in - let location_function = fundec.svar.vname in - let location = Entry.location ~location:loc ~location_function in - List.fold_left (fun acc inv -> - let invariant = Entry.invariant (CilType.Exp.show inv) in - let entry = Entry.location_invariant ~task ~location ~invariant in - entry :: acc - ) acc invs + match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) + | Some loc -> + let location_function = fundec.svar.vname in + let location = Entry.location ~location:loc ~location_function in + List.fold_left (fun acc inv -> + let invariant = Entry.invariant (CilType.Exp.show inv) in + let entry = Entry.location_invariant ~task ~location ~invariant in + entry :: acc + ) acc invs + | None -> acc ) ns acc | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index 9bdf8ac5a7..952696a5c4 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -213,7 +213,7 @@ Location invariant at `for` loop in `main` should be on column 3, not 7. > file_name: 04-priv_multi.c > file_hash: $FILE_HASH > line: 67 - > column: 7 + > column: 3 > function: main > location_invariant: 138,139c144,151 @@ -225,7 +225,7 @@ Location invariant at `for` loop in `main` should be on column 3, not 7. > file_name: 04-priv_multi.c > file_hash: $FILE_HASH > line: 67 - > column: 7 + > column: 3 > function: main > location_invariant: 143,144c155,228 @@ -237,7 +237,7 @@ Location invariant at `for` loop in `main` should be on column 3, not 7. > file_name: 04-priv_multi.c > file_hash: $FILE_HASH > line: 67 - > column: 7 + > column: 3 > function: main > location_invariant: > string: '! multithreaded || ((0 <= B && B <= 127) && B != 0)' From 16c97fde01a00b5ae8892bc8de0dea5c1070e298 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 30 Apr 2024 12:56:37 +0300 Subject: [PATCH 058/164] Add cram test for relational mutex-meet flow-insensitive invariants --- .../regression/36-apron/12-traces-min-rpb1.t | 98 +++++++++++++++++++ tests/regression/36-apron/dune | 3 + 2 files changed, 101 insertions(+) create mode 100644 tests/regression/36-apron/12-traces-min-rpb1.t diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t new file mode 100644 index 0000000000..13cefb9557 --- /dev/null +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -0,0 +1,98 @@ + $ goblint --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c + [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) + [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) + [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 18 + dead: 0 + total lines: 18 + [Warning][Race] Memory location h (race with conf. 110): (12-traces-min-rpb1.c:8:5-8:10) + write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:15:3-15:8) + read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:27:3-27:26) + [Warning][Race] Memory location g (race with conf. 110): (12-traces-min-rpb1.c:7:5-7:10) + write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:14:3-14:8) + read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:27:3-27:26) + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 0 + vulnerable: 0 + unsafe: 2 + total memory locations: 2 + +TODO: emit g == h + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + - entry_type: ghost_update + variable: A_locked + expression: "1" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + - entry_type: ghost_update + variable: A_locked + expression: "1" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 18 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: A_locked + expression: "1" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: A_locked + expression: "0" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 30 + column: 3 + function: main + - entry_type: ghost_update + variable: A_locked + expression: "0" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 19 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: A_locked + expression: "0" + location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: A_locked + scope: global + type: int + initial: "0" diff --git a/tests/regression/36-apron/dune b/tests/regression/36-apron/dune index 099ec878b2..b14ebdfe64 100644 --- a/tests/regression/36-apron/dune +++ b/tests/regression/36-apron/dune @@ -8,3 +8,6 @@ (glob_files ??-*.c)) (locks /update_suite) (action (chdir ../../.. (run %{update_suite} group apron)))) + +(cram + (deps (glob_files *.c))) From 5650784effc4c077a7f7efed045c201f42b5748b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 30 Apr 2024 13:04:36 +0300 Subject: [PATCH 059/164] Add InvariantGlobal interface to relational privatizations --- src/analyses/apron/relationAnalysis.apron.ml | 13 +++++++++++++ src/analyses/apron/relationPriv.apron.ml | 9 +++++++++ 2 files changed, 22 insertions(+) diff --git a/src/analyses/apron/relationAnalysis.apron.ml b/src/analyses/apron/relationAnalysis.apron.ml index f1ea72d0a1..ba5b90525c 100644 --- a/src/analyses/apron/relationAnalysis.apron.ml +++ b/src/analyses/apron/relationAnalysis.apron.ml @@ -634,6 +634,16 @@ struct ) |> Enum.fold (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none + let query_invariant_global ctx g = + (* TODO: option? *) + if ctx.ask (GhostVarAvailable Multithreaded) then ( + let var = WitnessGhost.to_varinfo Multithreaded in + let inv = Priv.invariant_global (Analyses.ask_of_ctx ctx) ctx.global g in + Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) + else + Invariant.none + let query ctx (type a) (q: a Queries.t): a Queries.result = let open Queries in let st = ctx.local in @@ -655,6 +665,9 @@ struct let vf' x = vf (Obj.repr x) in Priv.iter_sys_vars ctx.global vq vf' | Queries.Invariant context -> query_invariant ctx context + | Queries.InvariantGlobal g -> + let g: V.t = Obj.obj g in + query_invariant_global ctx g | _ -> Result.top q diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index 66548c117c..f286287dbe 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -46,6 +46,9 @@ module type S = val thread_return: Q.ask -> (V.t -> G.t) -> (V.t -> G.t -> unit) -> ThreadIdDomain.Thread.t -> relation_components_t -> relation_components_t val iter_sys_vars: (V.t -> G.t) -> VarQuery.t -> V.t VarQuery.f -> unit (** [Queries.IterSysVars] for apron. *) + val invariant_global: Q.ask -> (V.t -> G.t) -> V.t -> Invariant.t + (** Returns flow-insensitive invariant for global unknown. *) + val invariant_vars: Q.ask -> (V.t -> G.t) -> relation_components_t -> varinfo list (** Returns global variables which are privatized. *) @@ -130,6 +133,7 @@ struct {rel = RD.top (); priv = startstate ()} let iter_sys_vars getg vq vf = () + let invariant_global ask getg g = Invariant.none let invariant_vars ask getg st = [] let init () = () @@ -410,6 +414,7 @@ struct {rel = getg (); priv = startstate ()} let iter_sys_vars getg vq vf = () (* TODO: or report singleton global for any Global query? *) + let invariant_global ask getg g = Invariant.none let invariant_vars ask getg st = protected_vars ask (* TODO: is this right? *) let finalize () = () @@ -684,6 +689,8 @@ struct let init () = () let finalize () = () + + let invariant_global ask getg g = Invariant.none (* TODO: implement *) end (** May written variables. *) @@ -1242,6 +1249,8 @@ struct | _ -> () let finalize () = () + + let invariant_global ask getg g = Invariant.none end module TracingPriv = functor (Priv: S) -> functor (RD: RelationDomain.RD) -> From d3565cb8a7903e8604ba89df0867aba8813e4f53 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 30 Apr 2024 13:42:58 +0300 Subject: [PATCH 060/164] Implement relational mutex-meet flow-insensitive invariants --- src/analyses/apron/relationPriv.apron.ml | 19 ++++++++++++++++++- .../regression/36-apron/12-traces-min-rpb1.t | 12 ++++++++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index f286287dbe..a75e2ef113 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -690,7 +690,24 @@ struct let init () = () let finalize () = () - let invariant_global ask getg g = Invariant.none (* TODO: implement *) + let invariant_global (ask: Q.ask) (getg: V.t -> G.t): V.t -> Invariant.t = function + | `Left m' as m -> (* mutex *) + if ask.f (GhostVarAvailable (Locked m')) then ( + let cpa = getg m in + let inv = + RD.invariant cpa + (* TODO: filters like query_invariant? *) + |> List.filter_map RD.cil_exp_of_lincons1 + |> List.fold_left (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none + (* TODO: need to filter for MustBeProtectedBy like base mutex-meet? *) + in + let var = WitnessGhost.to_varinfo (Locked m') in + Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) + else + Invariant.none + | g -> (* global *) + Invariant.none (* TODO: ? *) end (** May written variables. *) diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index 13cefb9557..e05840429b 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -1,4 +1,4 @@ - $ goblint --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c + $ goblint --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) @@ -13,15 +13,13 @@ write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:14:3-14:8) read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:27:3-27:26) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 10 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 unsafe: 2 total memory locations: 2 -TODO: emit g == h - $ yamlWitnessStrip < witness.yml - entry_type: ghost_update variable: multithreaded @@ -96,3 +94,9 @@ TODO: emit g == h scope: global type: int initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (A_locked || ((0LL - (long long )g) + (long long )h + >= 0LL && (long long )g - (long long )h >= 0LL))' + type: assertion + format: C From 1aa35d85b74c24e14c471b7d174dc441cccdbd72 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 30 Apr 2024 14:46:48 +0300 Subject: [PATCH 061/164] Filter relational mutex-meet ghost invariant with keep_only_protected_globals lock does it too, so let's be safe. --- src/analyses/apron/relationPriv.apron.ml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index a75e2ef113..b73319b4df 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -693,13 +693,12 @@ struct let invariant_global (ask: Q.ask) (getg: V.t -> G.t): V.t -> Invariant.t = function | `Left m' as m -> (* mutex *) if ask.f (GhostVarAvailable (Locked m')) then ( - let cpa = getg m in + let rel = keep_only_protected_globals ask m' (getg m) in let inv = - RD.invariant cpa + RD.invariant rel (* TODO: filters like query_invariant? *) |> List.filter_map RD.cil_exp_of_lincons1 |> List.fold_left (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none - (* TODO: need to filter for MustBeProtectedBy like base mutex-meet? *) in let var = WitnessGhost.to_varinfo (Locked m') in Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) From c4a8936a2bd36d88cdc2909872aa6e6634098653 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 30 Apr 2024 14:53:57 +0300 Subject: [PATCH 062/164] Add filters to relational InvariantGlobal --- src/analyses/apron/relationAnalysis.apron.ml | 3 +-- src/analyses/apron/relationPriv.apron.ml | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/analyses/apron/relationAnalysis.apron.ml b/src/analyses/apron/relationAnalysis.apron.ml index ba5b90525c..397301b7bc 100644 --- a/src/analyses/apron/relationAnalysis.apron.ml +++ b/src/analyses/apron/relationAnalysis.apron.ml @@ -635,8 +635,7 @@ struct |> Enum.fold (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none let query_invariant_global ctx g = - (* TODO: option? *) - if ctx.ask (GhostVarAvailable Multithreaded) then ( + if GobConfig.get_bool "ana.relation.invariant.global" && ctx.ask (GhostVarAvailable Multithreaded) then ( let var = WitnessGhost.to_varinfo Multithreaded in let inv = Priv.invariant_global (Analyses.ask_of_ctx ctx) ctx.global g in Invariant.(of_exp (UnOp (LNot, Lval (GoblintCil.var var), GoblintCil.intType)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index b73319b4df..dcb3b166c3 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -693,12 +693,24 @@ struct let invariant_global (ask: Q.ask) (getg: V.t -> G.t): V.t -> Invariant.t = function | `Left m' as m -> (* mutex *) if ask.f (GhostVarAvailable (Locked m')) then ( + (* filters like query_invariant *) + let one_var = GobConfig.get_bool "ana.relation.invariant.one-var" in + let exact = GobConfig.get_bool "witness.invariant.exact" in + let rel = keep_only_protected_globals ask m' (getg m) in let inv = RD.invariant rel - (* TODO: filters like query_invariant? *) - |> List.filter_map RD.cil_exp_of_lincons1 - |> List.fold_left (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none + |> List.enum + |> Enum.filter_map (fun (lincons1: Apron.Lincons1.t) -> + (* filter one-vars and exact *) + (* TODO: exact filtering doesn't really work with octagon because it returns two SUPEQ constraints instead *) + if (one_var || GobApron.Lincons1.num_vars lincons1 >= 2) && (exact || Apron.Lincons1.get_typ lincons1 <> EQ) then + RD.cil_exp_of_lincons1 lincons1 + |> Option.filter (fun exp -> not (InvariantCil.exp_contains_tmp exp)) + else + None + ) + |> Enum.fold (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none in let var = WitnessGhost.to_varinfo (Locked m') in Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) From 535de765401c7a865c5c44be6b06f4aff85a7b65 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 7 May 2024 15:52:17 +0300 Subject: [PATCH 063/164] Add test with __VERIFIER_atomic_locked ghost variable --- tests/regression/29-svcomp/16-atomic_priv.t | 92 +++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index 15425f68dd..d3826d8de3 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -81,3 +81,95 @@ string: '! multithreaded || myglobal == 5' type: assertion format: C + +Non-atomic privatization: + + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 16-atomic_priv.c + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) + [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) + [Warning][Assert] Assertion "myglobal == 5" is unknown. (16-atomic_priv.c:24:3-24:33) + [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:26:3-26:33) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 17 + dead: 0 + total lines: 17 + [Warning][Race] Memory location myglobal (race with conf. 110): (16-atomic_priv.c:8:5-8:17) + write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:13:3-13:13) + write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) + read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) + [Info][Witness] witness generation summary: + total generation entries: 9 + [Info][Race] Memory locations race summary: + safe: 0 + vulnerable: 0 + unsafe: 1 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "1" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "0" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 27 + column: 3 + function: main + - entry_type: ghost_update + variable: __VERIFIER_atomic_locked + expression: "0" + location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: __VERIFIER_atomic_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (__VERIFIER_atomic_locked || myglobal == 5)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || ((0 <= myglobal && myglobal <= 127) && myglobal != + 0)' + type: assertion + format: C From 6f3b6fbc6ab0e18560f6cbf5a409b46a6055022d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 7 May 2024 16:13:16 +0300 Subject: [PATCH 064/164] Treat __VERIFIER_atomic_locked as false in witnesses Others cannot observe anything else anyway. But in the atomic section could?! --- src/analyses/apron/relationPriv.apron.ml | 11 ++- src/analyses/basePriv.ml | 15 +++- src/analyses/mutexGhosts.ml | 5 +- src/witness/witnessGhostVar.ml | 2 +- tests/regression/29-svcomp/16-atomic_priv.t | 88 +-------------------- 5 files changed, 26 insertions(+), 95 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index dcb3b166c3..f14700f437 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -692,7 +692,8 @@ struct let invariant_global (ask: Q.ask) (getg: V.t -> G.t): V.t -> Invariant.t = function | `Left m' as m -> (* mutex *) - if ask.f (GhostVarAvailable (Locked m')) then ( + let atomic = LockDomain.Addr.equal m' (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) in + if atomic || ask.f (GhostVarAvailable (Locked m')) then ( (* filters like query_invariant *) let one_var = GobConfig.get_bool "ana.relation.invariant.one-var" in let exact = GobConfig.get_bool "witness.invariant.exact" in @@ -712,8 +713,12 @@ struct ) |> Enum.fold (fun acc x -> Invariant.(acc && of_exp x)) Invariant.none in - let var = WitnessGhost.to_varinfo (Locked m') in - Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + if atomic then + inv + else ( + let var = WitnessGhost.to_varinfo (Locked m') in + Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) ) else Invariant.none diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 799290c4fe..af88cfb742 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -333,7 +333,8 @@ struct let invariant_global (ask: Q.ask) getg = function | `Left m' as m -> (* mutex *) - if ask.f (GhostVarAvailable (Locked m')) then ( + let atomic = LockDomain.Addr.equal m' (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) in + if atomic || ask.f (GhostVarAvailable (Locked m')) then ( let cpa = getg m in let inv = CPA.fold (fun v _ acc -> if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then @@ -343,8 +344,12 @@ struct acc ) cpa Invariant.none in - let var = WitnessGhost.to_varinfo (Locked m') in - Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + if atomic then + inv + else ( + let var = WitnessGhost.to_varinfo (Locked m') in + Invariant.(of_exp (Lval (GoblintCil.var var)) || inv) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) + ) ) else Invariant.none @@ -864,7 +869,9 @@ struct else ( let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) Q.AD.fold (fun m acc -> - if ask.f (GhostVarAvailable (Locked m)) then ( + if LockDomain.Addr.equal m (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) then + acc + else if ask.f (GhostVarAvailable (Locked m)) then ( let var = WitnessGhost.to_varinfo (Locked m) in Invariant.(of_exp (Lval (GoblintCil.var var)) || acc) [@coverage off] (* bisect_ppx cannot handle redefined (||) *) ) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 75195e4662..eaa15df8e6 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -59,8 +59,9 @@ struct end let event ctx e octx = + let verifier_atomic_addr = LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var in begin match e with - | Events.Lock (l, _) -> + | Events.Lock (l, _) when not (LockDomain.Addr.equal l verifier_atomic_addr) -> ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())); if !AnalysisState.postsolving then ( let (locked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in @@ -70,7 +71,7 @@ struct ) locked ); ) - | Events.Unlock l -> + | Events.Unlock l when not (LockDomain.Addr.equal l verifier_atomic_addr) -> ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())); if !AnalysisState.postsolving then ( let (_, unlocked, _) = G.node (ctx.global (V.node ctx.prev_node)) in diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml index cec61b0e2d..7979d23173 100644 --- a/src/witness/witnessGhostVar.ml +++ b/src/witness/witnessGhostVar.ml @@ -9,7 +9,7 @@ let name_varinfo = function | Locked (Addr (v, os)) -> let name = if CilType.Varinfo.equal v LibraryFunctions.verifier_atomic_var then - "__VERIFIER_atomic" + invalid_arg "__VERIFIER_atomic" else if RichVarinfo.BiVarinfoMap.Collection.mem_varinfo v then Printf.sprintf "alloc_%s%d" (if v.vid < 0 then "m" else "") (abs v.vid) (* turn minus into valid C name *) diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index d3826d8de3..b10265d4e8 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -13,7 +13,7 @@ write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) [Info][Witness] witness generation summary: - total generation entries: 8 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -30,52 +30,11 @@ line: 23 column: 3 function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 25 - column: 3 - function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "0" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 27 - column: 3 - function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "0" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - entry_type: ghost_variable variable: multithreaded scope: global type: int initial: "0" - - entry_type: ghost_variable - variable: __VERIFIER_atomic_locked - scope: global - type: int - initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || myglobal == 5' @@ -99,7 +58,7 @@ Non-atomic privatization: write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 4 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -116,55 +75,14 @@ Non-atomic privatization: line: 23 column: 3 function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 25 - column: 3 - function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "0" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 27 - column: 3 - function: main - - entry_type: ghost_update - variable: __VERIFIER_atomic_locked - expression: "0" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - entry_type: ghost_variable variable: multithreaded scope: global type: int initial: "0" - - entry_type: ghost_variable - variable: __VERIFIER_atomic_locked - scope: global - type: int - initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (__VERIFIER_atomic_locked || myglobal == 5)' + string: '! multithreaded || myglobal == 5' type: assertion format: C - entry_type: flow_insensitive_invariant From 2e6673f72e1e3df8c67b9c0c21aec9f45e1c4ab2 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 8 May 2024 11:41:45 +0300 Subject: [PATCH 065/164] Disable 13-privatized/04-priv_multi cram test on OSX OSX has its own weird diff. --- tests/regression/13-privatized/dune | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/regression/13-privatized/dune b/tests/regression/13-privatized/dune index 23c0dd3290..9227128b15 100644 --- a/tests/regression/13-privatized/dune +++ b/tests/regression/13-privatized/dune @@ -1,2 +1,6 @@ (cram (deps (glob_files *.c))) + +(cram + (applies_to 04-priv_multi) + (enabled_if (<> %{system} macosx))) From b7582a4c5495e35a24974228785817b01711a37c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 8 May 2024 11:43:03 +0300 Subject: [PATCH 066/164] Make 36-apron/12-traces-min-rpb1 cram test warnings deterministic Needed for OSX CI to pass. --- .../regression/36-apron/12-traces-min-rpb1.t | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index e05840429b..7aca1dea0b 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -1,24 +1,24 @@ - $ goblint --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box - [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) + $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) + [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) - [Info][Deadcode] Logical lines of code (LLoC) summary: - live: 18 - dead: 0 - total lines: 18 - [Warning][Race] Memory location h (race with conf. 110): (12-traces-min-rpb1.c:8:5-8:10) - write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:15:3-15:8) - read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:27:3-27:26) [Warning][Race] Memory location g (race with conf. 110): (12-traces-min-rpb1.c:7:5-7:10) write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:14:3-14:8) read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:27:3-27:26) - [Info][Witness] witness generation summary: - total generation entries: 10 + [Warning][Race] Memory location h (race with conf. 110): (12-traces-min-rpb1.c:8:5-8:10) + write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:15:3-15:8) + read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & h) (12-traces-min-rpb1.c:27:3-27:26) [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 unsafe: 2 total memory locations: 2 + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 18 + dead: 0 + total lines: 18 + [Info][Witness] witness generation summary: + total generation entries: 10 $ yamlWitnessStrip < witness.yml - entry_type: ghost_update From cad5f6e6c3b047cc30061188b57889b87a8b767a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 20 May 2024 13:03:12 +0300 Subject: [PATCH 067/164] Add BasePriv invariant_global tracing --- src/analyses/basePriv.ml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index af88cfb742..cbc11070d3 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -1917,6 +1917,17 @@ struct if M.tracing then M.traceu "priv" "-> %a" BaseComponents.pretty r; r + let invariant_global ask getg g = + if M.tracing then M.traceli "priv" "invariant_global %a" V.pretty g; + let getg x = + let r = getg x in + if M.tracing then M.trace "priv" "getg %a -> %a" V.pretty x G.pretty r; + r + in + let r = invariant_global ask getg g in + if M.tracing then M.traceu "priv" "-> %a" Invariant.pretty r; + r + end let priv_module: (module S) Lazy.t = From bd329e16f72f296bdf88f46d31fcfc4477db3ffc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 21 May 2024 11:53:44 +0300 Subject: [PATCH 068/164] Fix mutex-meet invariant_global not including MUTEX_INITS --- src/analyses/apron/relationPriv.apron.ml | 4 ++-- src/analyses/basePriv.ml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index cb71884c8c..5ffb96650c 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -694,14 +694,14 @@ struct let finalize () = () let invariant_global (ask: Q.ask) (getg: V.t -> G.t): V.t -> Invariant.t = function - | `Left m' as m -> (* mutex *) + | `Left m' -> (* mutex *) let atomic = LockDomain.Addr.equal m' (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) in if atomic || ask.f (GhostVarAvailable (Locked m')) then ( (* filters like query_invariant *) let one_var = GobConfig.get_bool "ana.relation.invariant.one-var" in let exact = GobConfig.get_bool "witness.invariant.exact" in - let rel = keep_only_protected_globals ask m' (getg m) in + let rel = keep_only_protected_globals ask m' (get_m_with_mutex_inits ask getg m') in (* TODO: disjunct with mutex_inits instead of join? *) let inv = RD.invariant rel |> List.enum diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index cbc11070d3..c244e7f3bf 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -250,7 +250,7 @@ struct let invariant_global ask getg = function | `Right g' -> (* global *) - ValueDomain.invariant_global (read_unprotected_global getg) g' + ValueDomain.invariant_global (read_unprotected_global getg) g' (* TODO: disjunct with mutex_inits instead of join? *) | _ -> (* mutex *) Invariant.none @@ -332,10 +332,10 @@ struct include PerMutexPrivBase let invariant_global (ask: Q.ask) getg = function - | `Left m' as m -> (* mutex *) + | `Left m' -> (* mutex *) let atomic = LockDomain.Addr.equal m' (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) in if atomic || ask.f (GhostVarAvailable (Locked m')) then ( - let cpa = getg m in + let cpa = get_m_with_mutex_inits ask getg m' in (* TODO: disjunct with mutex_inits instead of join? *) let inv = CPA.fold (fun v _ acc -> if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in @@ -688,7 +688,7 @@ struct let invariant_global ask getg = function | `Middle g -> (* global *) - ValueDomain.invariant_global (read_unprotected_global getg) g + ValueDomain.invariant_global (read_unprotected_global getg) g (* TODO: disjunct with mutex_inits instead of join? *) | `Left _ | `Right _ -> (* mutex or thread *) Invariant.none From 2a79e42601bcf03c3a446fd7dceafc22096358d1 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 4 Jun 2024 10:45:25 +0300 Subject: [PATCH 069/164] Add comment about multiple protecting mutexes for ghost invariants --- src/analyses/basePriv.ml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index c244e7f3bf..be261d96b7 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -868,6 +868,10 @@ struct Invariant.none (* don't output protected invariant because it's the same as unprotected *) else ( let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) + (* Very conservative about multiple (write-)protecting mutexes: invariant is not claimed when any of them is held. + It should be possible to be more precise because writes only happen with all of them held, + but conjunction is unsound when one of the mutexes is temporarily unlocked. + Hypothetical read-protection is also somehow relevant. *) Q.AD.fold (fun m acc -> if LockDomain.Addr.equal m (LockDomain.Addr.of_var LibraryFunctions.verifier_atomic_var) then acc From 2e42c7bf1c664d07ab5844246338547f4d28f3c8 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 5 Jun 2024 12:36:10 +0300 Subject: [PATCH 070/164] Add ghost_variable and ghost_update YAML entry types to option --- conf/svcomp-ghost.json | 4 +++- src/analyses/mutexGhosts.ml | 3 +++ src/config/options.schema.json | 4 +++- src/witness/witnessGhost.ml | 3 +++ tests/regression/13-privatized/04-priv_multi.t | 4 ++-- tests/regression/13-privatized/25-struct_nr.t | 2 +- tests/regression/13-privatized/74-mutex.t | 6 +++--- tests/regression/13-privatized/92-idx_priv.t | 2 +- tests/regression/29-svcomp/16-atomic_priv.t | 4 ++-- tests/regression/36-apron/12-traces-min-rpb1.t | 2 +- tests/regression/56-witness/64-ghost-multiple-protecting.t | 6 +++--- tests/regression/56-witness/65-ghost-ambiguous-lock.t | 2 +- tests/regression/56-witness/66-ghost-alloc-lock.t | 2 +- tests/regression/56-witness/67-ghost-no-unlock.t | 2 +- tests/regression/56-witness/68-ghost-ambiguous-idx.t | 2 +- 15 files changed, 29 insertions(+), 19 deletions(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index 229dd9ef46..84f127eb91 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -116,7 +116,9 @@ "enabled": true, "format-version": "0.1", "entry-types": [ - "flow_insensitive_invariant" + "flow_insensitive_invariant", + "ghost_variable", + "ghost_update" ] }, "invariant": { diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 159498cfb1..6e95504731 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -96,6 +96,9 @@ struct | Locked _ -> false | Multithreaded -> true + let ghost_var_available ctx v = + WitnessGhost.enabled () && ghost_var_available ctx v + let query ctx (type a) (q: a Queries.t): a Queries.result = match q with | GhostVarAvailable v -> ghost_var_available ctx v diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 4a77aae5f0..779b9bbf65 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2580,7 +2580,9 @@ "precondition_loop_invariant", "loop_invariant_certificate", "precondition_loop_invariant_certificate", - "invariant_set" + "invariant_set", + "ghost_variable", + "ghost_update" ] }, "default": [ diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index cdd26b36aa..91d513ceae 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -1,5 +1,8 @@ (** Ghost variables for YAML witnesses. *) +let enabled () = + YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type + module Var = WitnessGhostVar include Var diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index 952696a5c4..576c89ad4d 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: @@ -174,7 +174,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: diff --git a/tests/regression/13-privatized/25-struct_nr.t b/tests/regression/13-privatized/25-struct_nr.t index f3ebcd1c52..342cfaf99c 100644 --- a/tests/regression/13-privatized/25-struct_nr.t +++ b/tests/regression/13-privatized/25-struct_nr.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 25-struct_nr.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 25-struct_nr.c [Success][Assert] Assertion "glob1 == 5" will succeed (25-struct_nr.c:26:3-26:30) [Success][Assert] Assertion "t == 5" will succeed (25-struct_nr.c:16:3-16:26) [Success][Assert] Assertion "glob1 == -10" will succeed (25-struct_nr.c:18:3-18:32) diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index a00f49eb1a..f6f2fa8463 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -84,7 +84,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -150,7 +150,7 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm Same with mutex-meet. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) diff --git a/tests/regression/13-privatized/92-idx_priv.t b/tests/regression/13-privatized/92-idx_priv.t index 64a3309009..bd6db7e2ef 100644 --- a/tests/regression/13-privatized/92-idx_priv.t +++ b/tests/regression/13-privatized/92-idx_priv.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 92-idx_priv.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 92-idx_priv.c [Success][Assert] Assertion "data == 0" will succeed (92-idx_priv.c:22:3-22:29) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 14 diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index b10265d4e8..83bc201a6c 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) @@ -43,7 +43,7 @@ Non-atomic privatization: - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index 7aca1dea0b..1c3253afbc 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -1,4 +1,4 @@ - $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box + $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index 53323355c5..943934a7be 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -144,7 +144,7 @@ protection doesn't have precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -295,7 +295,7 @@ protection-read has precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t index 708e27ca64..d7d57d8a00 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.t +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 65-ghost-ambiguous-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 65-ghost-ambiguous-lock.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 23 dead: 0 diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t index e4d128b71e..e4268ec1cb 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.t +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 66-ghost-alloc-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 66-ghost-alloc-lock.c [Success][Assert] Assertion "g1 == 0" will succeed (66-ghost-alloc-lock.c:31:3-31:27) [Success][Assert] Assertion "g2 == 0" will succeed (66-ghost-alloc-lock.c:34:3-34:27) [Info][Deadcode] Logical lines of code (LLoC) summary: diff --git a/tests/regression/56-witness/67-ghost-no-unlock.t b/tests/regression/56-witness/67-ghost-no-unlock.t index 491dd9cf44..aed0ac3414 100644 --- a/tests/regression/56-witness/67-ghost-no-unlock.t +++ b/tests/regression/56-witness/67-ghost-no-unlock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 67-ghost-no-unlock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 67-ghost-no-unlock.c [Success][Assert] Assertion "g1 == 0" will succeed (67-ghost-no-unlock.c:24:3-24:27) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 11 diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t index 48837fcabb..9f50ab7429 100644 --- a/tests/regression/56-witness/68-ghost-ambiguous-idx.t +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant"]' 68-ghost-ambiguous-idx.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 68-ghost-ambiguous-idx.c [Warning][Assert] Assertion "data == 0" is unknown. (68-ghost-ambiguous-idx.c:24:3-24:29) [Warning][Unknown] unlocking mutex (m[4]) which may not be held (68-ghost-ambiguous-idx.c:25:3-25:30) [Info][Deadcode] Logical lines of code (LLoC) summary: From e7931ffe4afc2be4872b15d94a4ab3aa4ed66453 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 5 Jun 2024 12:53:02 +0300 Subject: [PATCH 071/164] Make InvariantGlobalNodes query lazy in YAML witness generation --- src/witness/yamlWitness.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index b7bf11a31c..fd8f4b5249 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -325,7 +325,7 @@ struct (* Generate flow-insensitive invariants *) let entries = if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type then ( - let ns = R.ask_global InvariantGlobalNodes in + let ns = lazy (R.ask_global InvariantGlobalNodes) in GHT.fold (fun g v acc -> match g with | `Left g -> (* Spec global *) @@ -352,7 +352,7 @@ struct entry :: acc ) acc invs | None -> acc - ) ns acc + ) (Lazy.force ns) acc | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end From 36ff6217074eb8c25a2528979ebc634d3cba789e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 5 Jun 2024 13:46:04 +0300 Subject: [PATCH 072/164] Fix comment about YamlEntryGlobal --- src/witness/yamlWitness.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index fd8f4b5249..596a35f631 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -364,7 +364,7 @@ struct entries in - (* Generate flow-insensitive invariants *) + (* Generate flow-insensitive entries (ghost variables and ghost updates) *) let entries = if true then ( GHT.fold (fun g v acc -> From 7fcb10cd0fcb4c4f68d43a7bb60fec9d7cfc64d5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 18 Jun 2024 17:20:55 +0300 Subject: [PATCH 073/164] Handle pthread_rwlock_t as opaque mutex in base analysis Avoids unsound rwlock struct content invariants in witnesses. --- src/cdomain/value/cdomains/valueDomain.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cdomain/value/cdomains/valueDomain.ml b/src/cdomain/value/cdomains/valueDomain.ml index de64fde807..09593fb614 100644 --- a/src/cdomain/value/cdomains/valueDomain.ml +++ b/src/cdomain/value/cdomains/valueDomain.ml @@ -120,7 +120,7 @@ struct | _ -> false let is_mutex_type (t: typ): bool = match t with - | TNamed (info, attr) -> info.tname = "pthread_mutex_t" || info.tname = "spinlock_t" || info.tname = "pthread_spinlock_t" || info.tname = "pthread_cond_t" + | TNamed (info, attr) -> info.tname = "pthread_mutex_t" || info.tname = "spinlock_t" || info.tname = "pthread_spinlock_t" || info.tname = "pthread_cond_t" || info.tname = "pthread_rwlock_t" | TInt (IInt, attr) -> hasAttribute "mutex" attr | _ -> false From af781ed684c538cfa98ef0d35a9d258fec62e495 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 20 Jun 2024 12:56:40 +0300 Subject: [PATCH 074/164] Enable ana.float.evaluate_math_functions in svcomp24 and svcomp confs This is needed for sv-benchmarks Juliet no-overflow tasks involving sqrt. We used this at SV-COMP 2024, before the option existed. --- conf/svcomp.json | 3 ++- conf/svcomp24-validate.json | 3 ++- conf/svcomp24.json | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/conf/svcomp.json b/conf/svcomp.json index 467d294bdd..d2bea96040 100644 --- a/conf/svcomp.json +++ b/conf/svcomp.json @@ -10,7 +10,8 @@ "interval": true }, "float": { - "interval": true + "interval": true, + "evaluate_math_functions": true }, "activated": [ "base", diff --git a/conf/svcomp24-validate.json b/conf/svcomp24-validate.json index 7832ffa6af..d83b1767a4 100644 --- a/conf/svcomp24-validate.json +++ b/conf/svcomp24-validate.json @@ -10,7 +10,8 @@ "interval": true }, "float": { - "interval": true + "interval": true, + "evaluate_math_functions": true }, "activated": [ "base", diff --git a/conf/svcomp24.json b/conf/svcomp24.json index 7e30554ceb..1c60f84920 100644 --- a/conf/svcomp24.json +++ b/conf/svcomp24.json @@ -10,7 +10,8 @@ "interval": true }, "float": { - "interval": true + "interval": true, + "evaluate_math_functions": true }, "activated": [ "base", From 3ff00aea295c6e7386323efc88f38d1a046cbdbc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 20 Jun 2024 13:00:36 +0300 Subject: [PATCH 075/164] Add tests for imaxabs --- .../39-signed-overflows/11-imaxabs.c | 24 +++++++++++++++++++ .../39-signed-overflows/12-imaxabs-sqrt.c | 12 ++++++++++ 2 files changed, 36 insertions(+) create mode 100644 tests/regression/39-signed-overflows/11-imaxabs.c create mode 100644 tests/regression/39-signed-overflows/12-imaxabs-sqrt.c diff --git a/tests/regression/39-signed-overflows/11-imaxabs.c b/tests/regression/39-signed-overflows/11-imaxabs.c new file mode 100644 index 0000000000..dce200a146 --- /dev/null +++ b/tests/regression/39-signed-overflows/11-imaxabs.c @@ -0,0 +1,24 @@ +//PARAM: --enable ana.int.interval --set ana.activated[+] tmpSpecial +#include +#include +#include +int main() { + int64_t data; + if (data > (-0x7fffffffffffffff - 1)) + { + if (imaxabs(data) < 100) + { + __goblint_check(data < 100); // TODO + __goblint_check(-100 < data); // TODO + int64_t result = data * data; // TODO NOWARN + } + + if(imaxabs(data) <= 100) + { + __goblint_check(data <= 100); // TODO + __goblint_check(-100 <= data); // TODO + int64_t result = data * data; // TODO NOWARN + } + } + return 8; +} diff --git a/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c new file mode 100644 index 0000000000..b121645b27 --- /dev/null +++ b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c @@ -0,0 +1,12 @@ +//PARAM: --enable ana.int.interval --enable ana.float.interval --enable ana.float.evaluate_math_functions --set ana.activated[+] tmpSpecial +#include +#include +#include +int main() { + int64_t data; + if (data > (-0x7fffffffffffffff - 1) && imaxabs((intmax_t)data) <= sqrtl(0x7fffffffffffffffLL)) + { + int64_t result = data * data; // TODO NOWARN + } + return 8; +} From 2653e2ea22dd9d012a10e008f3189e1061d2c344 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 20 Jun 2024 13:02:26 +0300 Subject: [PATCH 076/164] Add hacky imaxabs support --- src/util/library/libraryFunctions.ml | 2 +- tests/regression/39-signed-overflows/11-imaxabs.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/util/library/libraryFunctions.ml b/src/util/library/libraryFunctions.ml index e7ff2a4d04..df90339c65 100644 --- a/src/util/library/libraryFunctions.ml +++ b/src/util/library/libraryFunctions.ml @@ -139,7 +139,7 @@ let c_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[ ("abs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (IInt, j)) }); ("labs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILong, j)) }); ("llabs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILongLong, j)) }); - ("imaxabs", unknown [drop "j" []]); + ("imaxabs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILong, j)) }); (* TODO: look up intmax_t ikind from CIL file *) ("localtime_r", unknown [drop "timep" [r]; drop "result" [w]]); ("strpbrk", unknown [drop "s" [r]; drop "accept" [r]]); ("_setjmp", special [__ "env" [w]] @@ fun env -> Setjmp { env }); (* only has one underscore *) diff --git a/tests/regression/39-signed-overflows/11-imaxabs.c b/tests/regression/39-signed-overflows/11-imaxabs.c index dce200a146..47bd26569f 100644 --- a/tests/regression/39-signed-overflows/11-imaxabs.c +++ b/tests/regression/39-signed-overflows/11-imaxabs.c @@ -8,16 +8,16 @@ int main() { { if (imaxabs(data) < 100) { - __goblint_check(data < 100); // TODO - __goblint_check(-100 < data); // TODO - int64_t result = data * data; // TODO NOWARN + __goblint_check(data < 100); + __goblint_check(-100 < data); + int64_t result = data * data; // NOWARN } if(imaxabs(data) <= 100) { - __goblint_check(data <= 100); // TODO - __goblint_check(-100 <= data); // TODO - int64_t result = data * data; // TODO NOWARN + __goblint_check(data <= 100); + __goblint_check(-100 <= data); + int64_t result = data * data; // NOWARN } } return 8; From f9765da81d64a99f77c385835c6c0a5c3db419da Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 20 Jun 2024 13:05:26 +0300 Subject: [PATCH 077/164] Add hacky imaxabs sqrt refine support --- src/analyses/baseInvariant.ml | 3 ++- tests/regression/39-signed-overflows/12-imaxabs-sqrt.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index 51a27e19f8..d5b65a95f4 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -785,7 +785,8 @@ struct | TFloat (fk, _), FLongDouble | TFloat (FDouble as fk, _), FDouble | TFloat (FFloat as fk, _), FFloat -> inv_exp (Float (FD.cast_to fk c)) e st - | _ -> fallback (fun () -> Pretty.text "CastE: incompatible types") st) + | TInt (ik, _), _ -> inv_exp (Int (FD.to_int ik c)) e st (* TODO: is this cast refinement correct? *) + | t, fk -> fallback (fun () -> Pretty.dprintf "CastE: incompatible types %a and %a" CilType.Typ.pretty t CilType.Fkind.pretty fk) st) | CastE ((TInt (ik, _)) as t, e), Int c | CastE ((TEnum ({ekind = ik; _ }, _)) as t, e), Int c -> (* Can only meet the t part of an Lval in e with c (unless we meet with all overflow possibilities)! Since there is no good way to do this, we only continue if e has no values outside of t. *) (match eval e st with diff --git a/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c index b121645b27..46512aed21 100644 --- a/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c +++ b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c @@ -6,7 +6,7 @@ int main() { int64_t data; if (data > (-0x7fffffffffffffff - 1) && imaxabs((intmax_t)data) <= sqrtl(0x7fffffffffffffffLL)) { - int64_t result = data * data; // TODO NOWARN + int64_t result = data * data; // NOWARN } return 8; } From a1f0b35703e34da0eda8f3f27ea260a58fd2c85d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 20 Jun 2024 13:15:01 +0300 Subject: [PATCH 078/164] Find intmax_t for imaxabs from program --- src/util/library/libraryFunctions.ml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/util/library/libraryFunctions.ml b/src/util/library/libraryFunctions.ml index df90339c65..689eb17126 100644 --- a/src/util/library/libraryFunctions.ml +++ b/src/util/library/libraryFunctions.ml @@ -6,6 +6,16 @@ open GobConfig module M = Messages +let intmax_t = lazy ( + let res = ref None in + GoblintCil.iterGlobals !Cilfacade.current_file (function + | GType ({tname = "intmax_t"; ttype; _}, _) -> + res := Some ttype; + | _ -> () + ); + !res +) + (** C standard library functions. These are specified by the C standard. *) let c_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[ @@ -139,7 +149,7 @@ let c_descs_list: (string * LibraryDesc.t) list = LibraryDsl.[ ("abs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (IInt, j)) }); ("labs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILong, j)) }); ("llabs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILongLong, j)) }); - ("imaxabs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (ILong, j)) }); (* TODO: look up intmax_t ikind from CIL file *) + ("imaxabs", special [__ "j" []] @@ fun j -> Math { fun_args = (Abs (Cilfacade.get_ikind (Option.get (Lazy.force intmax_t)), j)) }); ("localtime_r", unknown [drop "timep" [r]; drop "result" [w]]); ("strpbrk", unknown [drop "s" [r]; drop "accept" [r]]); ("_setjmp", special [__ "env" [w]] @@ fun env -> Setjmp { env }); (* only has one underscore *) From a00ca1b507b638cffa7404ee5e5bba9ddaa1a586 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Jul 2024 17:15:07 +0300 Subject: [PATCH 079/164] Remove goblint.build-info.js and goblint.sites.js --- gobview | 2 +- src/build-info/build_info_js/dune | 5 ----- src/build-info/build_info_js/dune_build_info.ml | 1 - src/sites/sites_js/dune | 6 ------ src/sites/sites_js/goblint_sites.ml | 6 ------ 5 files changed, 1 insertion(+), 19 deletions(-) delete mode 100644 src/build-info/build_info_js/dune delete mode 100644 src/build-info/build_info_js/dune_build_info.ml delete mode 100644 src/sites/sites_js/dune delete mode 100644 src/sites/sites_js/goblint_sites.ml diff --git a/gobview b/gobview index 03b0682f97..1895e62dab 160000 --- a/gobview +++ b/gobview @@ -1 +1 @@ -Subproject commit 03b0682f973eab0d26cf8aea74c63a9e869c9716 +Subproject commit 1895e62dab67cfb05a5981bcfd7f36d46acd2b7e diff --git a/src/build-info/build_info_js/dune b/src/build-info/build_info_js/dune deleted file mode 100644 index 9400f564ff..0000000000 --- a/src/build-info/build_info_js/dune +++ /dev/null @@ -1,5 +0,0 @@ -; goblint.build-info implementation which works with js_of_ocaml and doesn't use dune-build-info -(library - (name goblint_build_info_js) - (public_name goblint.build-info.js) - (implements goblint.build-info)) diff --git a/src/build-info/build_info_js/dune_build_info.ml b/src/build-info/build_info_js/dune_build_info.ml deleted file mode 100644 index 002015cd31..0000000000 --- a/src/build-info/build_info_js/dune_build_info.ml +++ /dev/null @@ -1 +0,0 @@ -let statically_linked_libraries = [] diff --git a/src/sites/sites_js/dune b/src/sites/sites_js/dune deleted file mode 100644 index 4e20871974..0000000000 --- a/src/sites/sites_js/dune +++ /dev/null @@ -1,6 +0,0 @@ -; goblint.sites implementation which works with js_of_ocaml and doesn't use dune-site -(library - (name goblint_sites_js) - (public_name goblint.sites.js) - (implements goblint.sites) - (modules goblint_sites)) diff --git a/src/sites/sites_js/goblint_sites.ml b/src/sites/sites_js/goblint_sites.ml deleted file mode 100644 index 3a7b353064..0000000000 --- a/src/sites/sites_js/goblint_sites.ml +++ /dev/null @@ -1,6 +0,0 @@ -let lib = [] -let lib_stub_include = [] -let lib_stub_src = [] -let lib_runtime_include = [] -let lib_runtime_src = [] -let conf = [] From 5a50fa1e16e63ab3ebe5004dce2a3bf3cb4aba6f Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Jul 2024 17:26:08 +0300 Subject: [PATCH 080/164] Unvirtualize goblint.build-info and goblint.sites --- gobview | 2 +- src/build-info/build_info_dune/dune | 6 ------ src/build-info/dune | 8 +------- .../{build_info_dune => }/dune_build_info.ml | 0 src/dune | 8 ++++---- src/sites/dune | 12 +++++------- src/sites/{sites_dune => }/goblint_sites.ml | 0 src/sites/sites_dune/dune | 12 ------------ tests/regression/cfg/util/dune | 4 ++-- tests/unit/dune | 2 +- tests/util/dune | 4 ++-- 11 files changed, 16 insertions(+), 42 deletions(-) delete mode 100644 src/build-info/build_info_dune/dune rename src/build-info/{build_info_dune => }/dune_build_info.ml (100%) rename src/sites/{sites_dune => }/goblint_sites.ml (100%) delete mode 100644 src/sites/sites_dune/dune diff --git a/gobview b/gobview index 1895e62dab..f9ce8bcad3 160000 --- a/gobview +++ b/gobview @@ -1 +1 @@ -Subproject commit 1895e62dab67cfb05a5981bcfd7f36d46acd2b7e +Subproject commit f9ce8bcad3552ad95488bc4988dcc0d5ed57b365 diff --git a/src/build-info/build_info_dune/dune b/src/build-info/build_info_dune/dune deleted file mode 100644 index ec46f4b3d1..0000000000 --- a/src/build-info/build_info_dune/dune +++ /dev/null @@ -1,6 +0,0 @@ -; goblint.build-info implementation which properly uses dune-build-info -(library - (name goblint_build_info_dune) - (public_name goblint.build-info.dune) - (implements goblint.build-info) - (libraries dune-build-info)) diff --git a/src/build-info/dune b/src/build-info/dune index e1a45ef8fc..4ffa1f4550 100644 --- a/src/build-info/dune +++ b/src/build-info/dune @@ -1,15 +1,9 @@ (include_subdirs no) -; virtual library to allow js build (for gobview) without dune-build-info -; dune-build-info seems to be incompatible with js_of_ocaml -; File "gobview/src/.App.eobjs/build_info_data.ml-gen", line 1: -; Error: Could not find the .cmi file for interface -; gobview/src/.App.eobjs/build_info_data.ml-gen. (library (name goblint_build_info) (public_name goblint.build-info) - (libraries batteries.unthreaded) - (virtual_modules dune_build_info)) + (libraries dune-build-info batteries.unthreaded)) (rule (target configVersion.ml) diff --git a/src/build-info/build_info_dune/dune_build_info.ml b/src/build-info/dune_build_info.ml similarity index 100% rename from src/build-info/build_info_dune/dune_build_info.ml rename to src/build-info/dune_build_info.ml diff --git a/src/dune b/src/dune index 5265821b5a..c549fd5d7d 100644 --- a/src/dune +++ b/src/dune @@ -88,7 +88,7 @@ (public_names goblint) (modes byte native) ; https://dune.readthedocs.io/en/stable/dune-files.html#linking-modes (modules goblint) - (libraries goblint.lib goblint.sites.dune goblint.build-info.dune goblint_std) + (libraries goblint.lib goblint.sites goblint.build-info goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -96,7 +96,7 @@ (executable (name privPrecCompare) (modules privPrecCompare) - (libraries goblint.lib goblint.sites.dune goblint.build-info.dune goblint_std) + (libraries goblint.lib goblint.sites goblint.build-info goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -104,7 +104,7 @@ (executable (name apronPrecCompare) (modules apronPrecCompare) - (libraries goblint.lib goblint.sites.dune goblint.build-info.dune goblint_std) + (libraries goblint.lib goblint.sites goblint.build-info goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -112,7 +112,7 @@ (executable (name messagesCompare) (modules messagesCompare) - (libraries goblint.lib goblint.sites.dune goblint.build-info.dune goblint_std) + (libraries goblint.lib goblint.sites goblint.build-info goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) diff --git a/src/sites/dune b/src/sites/dune index d8663e37fe..6de3a5a32a 100644 --- a/src/sites/dune +++ b/src/sites/dune @@ -1,12 +1,10 @@ (include_subdirs no) -; virtual library to allow js build (for gobview) without dune-site -; dune-site seems to be incompatible with js_of_ocaml -; File "gobview/src/.App.eobjs/dune_site_data.ml-gen", line 1: -; Error: Could not find the .cmi file for interface -; gobview/src/.App.eobjs/dune_site_data.ml-gen. (library (name goblint_sites) (public_name goblint.sites) - (virtual_modules goblint_sites) - (libraries fpath)) + (libraries dune-site fpath)) + +(generate_sites_module + (module dunesite) + (sites goblint)) diff --git a/src/sites/sites_dune/goblint_sites.ml b/src/sites/goblint_sites.ml similarity index 100% rename from src/sites/sites_dune/goblint_sites.ml rename to src/sites/goblint_sites.ml diff --git a/src/sites/sites_dune/dune b/src/sites/sites_dune/dune deleted file mode 100644 index b7f90a8892..0000000000 --- a/src/sites/sites_dune/dune +++ /dev/null @@ -1,12 +0,0 @@ -; goblint.sites implementation which properly uses dune-site -(library - (name goblint_sites_dune) - (public_name goblint.sites.dune) - (implements goblint.sites) - (modules goblint_sites dunesite) - (private_modules dunesite) ; must also be in modules - (libraries dune-site)) - -(generate_sites_module - (module dunesite) - (sites goblint)) diff --git a/tests/regression/cfg/util/dune b/tests/regression/cfg/util/dune index fb3c5e6899..4c41de07e4 100644 --- a/tests/regression/cfg/util/dune +++ b/tests/regression/cfg/util/dune @@ -6,6 +6,6 @@ goblint_common goblint_lib ; TODO: avoid: extract LoopUnrolling and WitnessUtil node predicates from goblint_lib fpath - goblint.sites.dune - goblint.build-info.dune) + goblint.sites + goblint.build-info) (preprocess (pps ppx_deriving.std))) diff --git a/tests/unit/dune b/tests/unit/dune index 5f0b909a77..6c3083dc1a 100644 --- a/tests/unit/dune +++ b/tests/unit/dune @@ -2,7 +2,7 @@ (test (name mainTest) - (libraries ounit2 qcheck-ounit goblint.std goblint.common goblint.lib goblint.constraint goblint.solver goblint.cdomain.value goblint.sites.dune goblint.build-info.dune) + (libraries ounit2 qcheck-ounit goblint.std goblint.common goblint.lib goblint.constraint goblint.solver goblint.cdomain.value goblint.sites goblint.build-info) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall)) diff --git a/tests/util/dune b/tests/util/dune index 6637217651..fb630bd15b 100644 --- a/tests/util/dune +++ b/tests/util/dune @@ -5,7 +5,7 @@ goblint_std goblint_lib yaml - goblint.sites.dune - goblint.build-info.dune) + goblint.sites + goblint.build-info) (flags :standard -open Goblint_std) (preprocess (pps ppx_deriving.std))) From a5ab08b1a744f647ea4ef86a24173b6d545c103f Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 24 Jul 2024 17:27:39 +0300 Subject: [PATCH 081/164] Remove unused goblint.build-info and goblint.sites dependency from most executables --- gobview | 2 +- src/dune | 8 ++++---- src/index.mld | 6 ------ tests/regression/cfg/util/dune | 4 +--- tests/unit/dune | 2 +- tests/util/dune | 4 +--- 6 files changed, 8 insertions(+), 18 deletions(-) diff --git a/gobview b/gobview index f9ce8bcad3..4e965cf1bb 160000 --- a/gobview +++ b/gobview @@ -1 +1 @@ -Subproject commit f9ce8bcad3552ad95488bc4988dcc0d5ed57b365 +Subproject commit 4e965cf1bb7be5e7ceef2a40586ea445682cca64 diff --git a/src/dune b/src/dune index c549fd5d7d..2ba497c629 100644 --- a/src/dune +++ b/src/dune @@ -88,7 +88,7 @@ (public_names goblint) (modes byte native) ; https://dune.readthedocs.io/en/stable/dune-files.html#linking-modes (modules goblint) - (libraries goblint.lib goblint.sites goblint.build-info goblint_std) + (libraries goblint.lib goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -96,7 +96,7 @@ (executable (name privPrecCompare) (modules privPrecCompare) - (libraries goblint.lib goblint.sites goblint.build-info goblint_std) + (libraries goblint.lib goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -104,7 +104,7 @@ (executable (name apronPrecCompare) (modules apronPrecCompare) - (libraries goblint.lib goblint.sites goblint.build-info goblint_std) + (libraries goblint.lib goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) @@ -112,7 +112,7 @@ (executable (name messagesCompare) (modules messagesCompare) - (libraries goblint.lib goblint.sites goblint.build-info goblint_std) + (libraries goblint.lib goblint_std) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall -open Goblint_std) ) diff --git a/src/index.mld b/src/index.mld index f0d63a0fc7..a2ef15482e 100644 --- a/src/index.mld +++ b/src/index.mld @@ -44,15 +44,9 @@ The following libraries provide [goblint] package metadata for executables. {2 Library goblint.build-info} {!modules:Goblint_build_info} -This library is virtual and has the following implementations -- goblint.build-info.dune for native executables, -- goblint.build-info.js for js_of_ocaml executables. {2 Library goblint.sites} {!modules:Goblint_sites} -This library is virtual and has the following implementations -- goblint.sites.dune for native executables, -- goblint.sites.js for js_of_ocaml executables. {1 Independent utilities} diff --git a/tests/regression/cfg/util/dune b/tests/regression/cfg/util/dune index 4c41de07e4..8ab300b531 100644 --- a/tests/regression/cfg/util/dune +++ b/tests/regression/cfg/util/dune @@ -5,7 +5,5 @@ goblint_logs goblint_common goblint_lib ; TODO: avoid: extract LoopUnrolling and WitnessUtil node predicates from goblint_lib - fpath - goblint.sites - goblint.build-info) + fpath) (preprocess (pps ppx_deriving.std))) diff --git a/tests/unit/dune b/tests/unit/dune index 6c3083dc1a..07c87e7822 100644 --- a/tests/unit/dune +++ b/tests/unit/dune @@ -2,7 +2,7 @@ (test (name mainTest) - (libraries ounit2 qcheck-ounit goblint.std goblint.common goblint.lib goblint.constraint goblint.solver goblint.cdomain.value goblint.sites goblint.build-info) + (libraries ounit2 qcheck-ounit goblint.std goblint.common goblint.lib goblint.constraint goblint.solver goblint.cdomain.value) (preprocess (pps ppx_deriving.std ppx_deriving_hash ppx_deriving_yojson)) (flags :standard -linkall)) diff --git a/tests/util/dune b/tests/util/dune index fb630bd15b..d37c38dc7c 100644 --- a/tests/util/dune +++ b/tests/util/dune @@ -4,8 +4,6 @@ batteries.unthreaded goblint_std goblint_lib - yaml - goblint.sites - goblint.build-info) + yaml) (flags :standard -open Goblint_std) (preprocess (pps ppx_deriving.std))) From c18061e000b830157f17f09c544320a83f9d756a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 31 Jul 2024 11:26:54 +0300 Subject: [PATCH 082/164] Remove pthreadMutexType from ghost witness tests It is now enabled by default and default mutex type is assumed non-recursive now. --- .../regression/13-privatized/04-priv_multi.t | 4 +-- tests/regression/13-privatized/25-struct_nr.t | 2 +- tests/regression/13-privatized/74-mutex.c | 4 +-- tests/regression/13-privatized/74-mutex.t | 26 +++++++++---------- tests/regression/13-privatized/92-idx_priv.t | 2 +- tests/regression/29-svcomp/16-atomic_priv.t | 4 +-- .../regression/36-apron/12-traces-min-rpb1.t | 2 +- .../56-witness/64-ghost-multiple-protecting.c | 2 +- .../56-witness/64-ghost-multiple-protecting.t | 6 ++--- .../56-witness/65-ghost-ambiguous-lock.c | 2 +- .../56-witness/65-ghost-ambiguous-lock.t | 2 +- .../56-witness/66-ghost-alloc-lock.c | 8 +++--- .../56-witness/66-ghost-alloc-lock.t | 26 +++++++++---------- .../56-witness/67-ghost-no-unlock.c | 2 +- .../56-witness/67-ghost-no-unlock.t | 2 +- .../56-witness/68-ghost-ambiguous-idx.t | 2 +- 16 files changed, 48 insertions(+), 48 deletions(-) diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index 576c89ad4d..b1a45dd917 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: @@ -174,7 +174,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: diff --git a/tests/regression/13-privatized/25-struct_nr.t b/tests/regression/13-privatized/25-struct_nr.t index 342cfaf99c..88f205a431 100644 --- a/tests/regression/13-privatized/25-struct_nr.t +++ b/tests/regression/13-privatized/25-struct_nr.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 25-struct_nr.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 25-struct_nr.c [Success][Assert] Assertion "glob1 == 5" will succeed (25-struct_nr.c:26:3-26:30) [Success][Assert] Assertion "t == 5" will succeed (25-struct_nr.c:16:3-16:26) [Success][Assert] Assertion "glob1 == -10" will succeed (25-struct_nr.c:18:3-18:32) diff --git a/tests/regression/13-privatized/74-mutex.c b/tests/regression/13-privatized/74-mutex.c index 7c57688238..8ed9448b7b 100644 --- a/tests/regression/13-privatized/74-mutex.c +++ b/tests/regression/13-privatized/74-mutex.c @@ -29,8 +29,8 @@ void* producer() int main() { pthread_t tid; - pthread_mutexattr_t mutexattr; pthread_mutexattr_settype(&mutexattr, PTHREAD_MUTEX_NORMAL); - pthread_mutex_init(&m, &mutexattr); + + pthread_mutex_init(&m, 0); pthread_create(&tid, 0, producer, 0); pthread_mutex_lock(&m); diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index f6f2fa8463..8999d394ec 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,11 +1,11 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 15 + live: 14 dead: 1 - total lines: 16 + total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: total generation entries: 9 @@ -84,14 +84,14 @@ Flow-insensitive invariants as location invariants. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 15 + live: 14 dead: 1 - total lines: 16 + total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: total generation entries: 9 @@ -138,9 +138,9 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 15 + live: 14 dead: 1 - total lines: 16 + total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Race] Memory locations race summary: safe: 1 @@ -150,14 +150,14 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm Same with mutex-meet. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 15 + live: 14 dead: 1 - total lines: 16 + total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: total generation entries: 9 @@ -241,9 +241,9 @@ Should also work with earlyglobs. [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) [Warning][Deadcode] Logical lines of code (LLoC) summary: - live: 15 + live: 14 dead: 1 - total lines: 16 + total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Race] Memory locations race summary: safe: 1 diff --git a/tests/regression/13-privatized/92-idx_priv.t b/tests/regression/13-privatized/92-idx_priv.t index bd6db7e2ef..b157dfed4b 100644 --- a/tests/regression/13-privatized/92-idx_priv.t +++ b/tests/regression/13-privatized/92-idx_priv.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 92-idx_priv.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 92-idx_priv.c [Success][Assert] Assertion "data == 0" will succeed (92-idx_priv.c:22:3-22:29) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 14 diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index 83bc201a6c..eea47295d5 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) @@ -43,7 +43,7 @@ Non-atomic privatization: - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index 1c3253afbc..df34013d16 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -1,4 +1,4 @@ - $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box + $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.c b/tests/regression/56-witness/64-ghost-multiple-protecting.c index 589aa92bff..699d133f2b 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.c +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.c @@ -1,4 +1,4 @@ -// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType +// PARAM: --set ana.activated[+] mutexGhosts #include #include int g1, g2; diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index 943934a7be..e78d0d75aa 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -144,7 +144,7 @@ protection doesn't have precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 @@ -295,7 +295,7 @@ protection-read has precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.c b/tests/regression/56-witness/65-ghost-ambiguous-lock.c index b1df0ee2e8..f45334e755 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.c +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.c @@ -1,4 +1,4 @@ -// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType +// PARAM: --set ana.activated[+] mutexGhosts #include #include diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t index d7d57d8a00..a6e0c12b74 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.t +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 65-ghost-ambiguous-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 65-ghost-ambiguous-lock.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 23 dead: 0 diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.c b/tests/regression/56-witness/66-ghost-alloc-lock.c index 2c1028564a..073540b9db 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.c +++ b/tests/regression/56-witness/66-ghost-alloc-lock.c @@ -1,4 +1,4 @@ -// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 +// PARAM: --set ana.activated[+] mutexGhosts --set ana.malloc.unique_address_count 1 #include #include @@ -18,11 +18,11 @@ void *t_fun(void *arg) { return NULL; } -int main() { pthread_mutexattr_t attr; pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL); // https://github.com/goblint/analyzer/pull/1414 +int main() { m1 = malloc(sizeof(pthread_mutex_t)); - pthread_mutex_init(m1, &attr); + pthread_mutex_init(m1, NULL); m2 = malloc(sizeof(pthread_mutex_t)); - pthread_mutex_init(m2, &attr); + pthread_mutex_init(m2, NULL); pthread_t id; pthread_create(&id, NULL, t_fun, NULL); diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t index e4268ec1cb..8e45272538 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.t +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 66-ghost-alloc-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 66-ghost-alloc-lock.c [Success][Assert] Assertion "g1 == 0" will succeed (66-ghost-alloc-lock.c:31:3-31:27) [Success][Assert] Assertion "g2 == 0" will succeed (66-ghost-alloc-lock.c:34:3-34:27) [Info][Deadcode] Logical lines of code (LLoC) summary: @@ -24,7 +24,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m817990718_locked + variable: alloc_m861095507_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -33,7 +33,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m817990718_locked + variable: alloc_m861095507_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -42,7 +42,7 @@ column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m817990718_locked + variable: alloc_m861095507_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -51,7 +51,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m817990718_locked + variable: alloc_m861095507_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -60,7 +60,7 @@ column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m334174073_locked + variable: alloc_m559918035_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -69,7 +69,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m334174073_locked + variable: alloc_m559918035_locked expression: "1" location: file_name: 66-ghost-alloc-lock.c @@ -78,7 +78,7 @@ column: 3 function: t_fun - entry_type: ghost_update - variable: alloc_m334174073_locked + variable: alloc_m559918035_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -87,7 +87,7 @@ column: 3 function: main - entry_type: ghost_update - variable: alloc_m334174073_locked + variable: alloc_m559918035_locked expression: "0" location: file_name: 66-ghost-alloc-lock.c @@ -101,23 +101,23 @@ type: int initial: "0" - entry_type: ghost_variable - variable: alloc_m817990718_locked + variable: alloc_m861095507_locked scope: global type: int initial: "0" - entry_type: ghost_variable - variable: alloc_m334174073_locked + variable: alloc_m559918035_locked scope: global type: int initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (alloc_m817990718_locked || g2 == 0)' + string: '! multithreaded || (alloc_m861095507_locked || g2 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (alloc_m334174073_locked || g1 == 0)' + string: '! multithreaded || (alloc_m559918035_locked || g1 == 0)' type: assertion format: C - entry_type: flow_insensitive_invariant diff --git a/tests/regression/56-witness/67-ghost-no-unlock.c b/tests/regression/56-witness/67-ghost-no-unlock.c index fc10b919d0..69ad571118 100644 --- a/tests/regression/56-witness/67-ghost-no-unlock.c +++ b/tests/regression/56-witness/67-ghost-no-unlock.c @@ -1,4 +1,4 @@ -// PARAM: --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType +// PARAM: --set ana.activated[+] mutexGhosts #include #include diff --git a/tests/regression/56-witness/67-ghost-no-unlock.t b/tests/regression/56-witness/67-ghost-no-unlock.t index aed0ac3414..85b7a0b897 100644 --- a/tests/regression/56-witness/67-ghost-no-unlock.t +++ b/tests/regression/56-witness/67-ghost-no-unlock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 67-ghost-no-unlock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 67-ghost-no-unlock.c [Success][Assert] Assertion "g1 == 0" will succeed (67-ghost-no-unlock.c:24:3-24:27) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 11 diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t index 9f50ab7429..02cecfd8f6 100644 --- a/tests/regression/56-witness/68-ghost-ambiguous-idx.t +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.activated[+] pthreadMutexType --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 68-ghost-ambiguous-idx.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 68-ghost-ambiguous-idx.c [Warning][Assert] Assertion "data == 0" is unknown. (68-ghost-ambiguous-idx.c:24:3-24:29) [Warning][Unknown] unlocking mutex (m[4]) which may not be held (68-ghost-ambiguous-idx.c:25:3-25:30) [Info][Deadcode] Logical lines of code (LLoC) summary: From 6055e8dd7e768d2b061c16b9da61a579e120b146 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 31 Jul 2024 11:29:15 +0300 Subject: [PATCH 083/164] Activate abortUnless in svcomp-ghost conf also --- conf/svcomp-ghost.json | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index 84f127eb91..108b261322 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -31,6 +31,7 @@ "region", "thread", "threadJoins", + "abortUnless", "mutexGhosts", "pthreadMutexType" ], From 6e793142a53781763f9232d31302c5d21fea3b47 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 31 Jul 2024 11:31:52 +0300 Subject: [PATCH 084/164] Update TODO comment about base earlyglobs flow-insensitive invariants --- src/analyses/base.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 4ae2fc711c..782b5662c6 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1247,8 +1247,8 @@ struct let query_invariant_global ctx g = if GobConfig.get_bool "ana.base.invariant.enabled" then ( (* Currently these global invariants are only sound with earlyglobs enabled for both single- and multi-threaded programs. - Otherwise, the values of globals in single-threaded mode are not accounted for. *) - (* TODO: account for single-threaded values without earlyglobs. *) + Otherwise, the values of globals in single-threaded mode are not accounted for. + They are also made sound without earlyglobs using the multithreaded mode ghost variable. *) match g with | `Left g' -> (* priv *) let inv = Priv.invariant_global (Analyses.ask_of_ctx ctx) (priv_getg ctx.global) g' in From d937d68202ff9c4d43721f5439c64c3c4a1a3bbe Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 7 Aug 2024 11:53:06 +0300 Subject: [PATCH 085/164] Add options ana.base.invariant.local and ana.base.invariant.global --- src/analyses/base.ml | 42 ++++++++++++++++++++++++++-------- src/config/options.schema.json | 12 ++++++++++ 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index aa11584f53..f9267ba1d0 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -1183,6 +1183,9 @@ struct not is_alloc || (is_alloc && not (ctx.ask (Queries.IsHeapVar v))) let query_invariant ctx context = + let keep_local = GobConfig.get_bool "ana.base.invariant.local" in + let keep_global = GobConfig.get_bool "ana.base.invariant.global" in + let cpa = ctx.local.BaseDomain.cpa in let ask = Analyses.ask_of_ctx ctx in @@ -1195,6 +1198,13 @@ struct in let module I = ValueDomain.ValueInvariant (Arg) in + let var_filter v = + if is_global ask v then + keep_global + else + keep_local + in + let var_invariant ?offset v = if not (InvariantCil.var_is_heap v) then I.key_invariant v ?offset (Arg.find v) @@ -1205,14 +1215,23 @@ struct if Lval.Set.is_top context.Invariant.lvals then ( if !earlyglobs || ThreadFlag.has_ever_been_multi ask then ( let cpa_invariant = - CPA.fold (fun k v a -> - if not (is_global ask k) then - Invariant.(a && var_invariant k) - else - a - ) cpa Invariant.none + if keep_local then ( + CPA.fold (fun k v a -> + if not (is_global ask k) then + Invariant.(a && var_invariant k) + else + a + ) cpa Invariant.none + ) + else + Invariant.none + in + let priv_vars = + if keep_global then + Priv.invariant_vars ask (priv_getg ctx.global) ctx.local + else + [] in - let priv_vars = Priv.invariant_vars ask (priv_getg ctx.global) ctx.local in let priv_invariant = List.fold_left (fun acc v -> Invariant.(var_invariant v && acc) @@ -1222,7 +1241,10 @@ struct ) else ( CPA.fold (fun k v a -> - Invariant.(a && var_invariant k) + if var_filter k then + Invariant.(a && var_invariant k) + else + a ) cpa Invariant.none ) ) @@ -1230,7 +1252,7 @@ struct Lval.Set.fold (fun k a -> let i = match k with - | (Var v, offset) when not (InvariantCil.var_is_heap v) -> + | (Var v, offset) when var_filter v && not (InvariantCil.var_is_heap v) -> (try I.key_invariant_lval v ~offset ~lval:k (Arg.find v) with Not_found -> Invariant.none) | _ -> Invariant.none in @@ -1245,7 +1267,7 @@ struct Invariant.none let query_invariant_global ctx g = - if GobConfig.get_bool "ana.base.invariant.enabled" then ( + if GobConfig.get_bool "ana.base.invariant.enabled" && GobConfig.get_bool "ana.base.invariant.global" then ( (* Currently these global invariants are only sound with earlyglobs enabled for both single- and multi-threaded programs. Otherwise, the values of globals in single-threaded mode are not accounted for. They are also made sound without earlyglobs using the multithreaded mode ghost variable. *) diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 16c9d7e8ef..7121713c33 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -795,6 +795,18 @@ "type": "boolean", "default": true }, + "local": { + "title": "ana.base.invariant.local", + "description": "Keep local variables in invariants", + "type": "boolean", + "default": true + }, + "global": { + "title": "ana.base.invariant.global", + "description": "Keep global variables in invariants", + "type": "boolean", + "default": true + }, "blobs": { "title": "ana.base.invariant.blobs", "description": "Whether to dump assertions about all blobs. Enabling this option may lead to unsound asserts.", From fbc9e62c8c4ca209759fa2be86ba393c64b51cf4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 7 Aug 2024 11:58:02 +0300 Subject: [PATCH 086/164] Add option ana.var_eq.invariant.enabled --- src/analyses/varEq.ml | 2 +- src/config/options.schema.json | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/analyses/varEq.ml b/src/analyses/varEq.ml index 8ece99d6e8..db1228a3dd 100644 --- a/src/analyses/varEq.ml +++ b/src/analyses/varEq.ml @@ -564,7 +564,7 @@ struct let r = eq_set_clos e ctx.local in if M.tracing then M.tracel "var_eq" "equalset %a = %a" d_plainexp e Queries.ES.pretty r; r - | Queries.Invariant context when GobConfig.get_bool "witness.invariant.exact" -> (* only exact equalities here *) + | Queries.Invariant context when GobConfig.get_bool "ana.var_eq.invariant.enabled" && GobConfig.get_bool "witness.invariant.exact" -> (* only exact equalities here *) let scope = Node.find_fundec ctx.node in D.invariant ~scope ctx.local | _ -> Queries.Result.top x diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 7121713c33..d9174b9aa1 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -1154,6 +1154,26 @@ } }, "additionalProperties": false + }, + "var_eq": { + "title": "ana.var_eq", + "type": "object", + "properties": { + "invariant": { + "title": "ana.var_eq.invariant", + "type": "object", + "properties": { + "enabled": { + "title": "ana.var_eq.invariant.enabled", + "description": "Generate var_eq analysis invariants", + "type": "boolean", + "default": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false } }, "additionalProperties": false From 58aaf53abd7f0d73cd525648256670da1caf2c9e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 7 Aug 2024 12:10:11 +0300 Subject: [PATCH 087/164] Update svcomp-ghost conf --- conf/svcomp-ghost.json | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index 108b261322..dc611695dc 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -71,6 +71,27 @@ "base": { "arrays": { "domain": "partitioned" + }, + "invariant": { + "local": false, + "global": true + } + }, + "relation": { + "invariant": { + "local": false, + "global": true, + "one-var": false + } + }, + "apron": { + "invariant": { + "diff-box": true + } + }, + "var_eq": { + "invariant": { + "enabled": false } }, "race": { @@ -123,10 +144,10 @@ ] }, "invariant": { - "loop-head": true, + "loop-head": false, "after-lock": true, - "other": true, - "accessed": true, + "other": false, + "accessed": false, "exact": true, "all-locals": false, "flow_insensitive-as-location": true, From f20ed620a1db2acd88b002b096294d8836ed4c55 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 8 Aug 2024 10:58:13 +0300 Subject: [PATCH 088/164] Re-enable witness.invariant.{loop-head,other} in svcomp-ghost conf for flow-insensitive location invariants to work --- conf/svcomp-ghost.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index dc611695dc..ce308c5e52 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -144,9 +144,9 @@ ] }, "invariant": { - "loop-head": false, + "loop-head": true, "after-lock": true, - "other": false, + "other": true, "accessed": false, "exact": true, "all-locals": false, From 9c604183f6bd7765fba521dbb7da7efcb9cdf129 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 20 Aug 2024 11:37:34 +0300 Subject: [PATCH 089/164] Add YAML witness ghost_instrumentation entry type --- src/config/options.schema.json | 3 +- src/witness/yamlWitness.ml | 25 +++++++++ src/witness/yamlWitnessType.ml | 99 ++++++++++++++++++++++++++++++++++ tests/util/yamlWitnessStrip.ml | 5 ++ 4 files changed, 131 insertions(+), 1 deletion(-) diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 424992c3de..06b6f26359 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2648,7 +2648,8 @@ "precondition_loop_invariant_certificate", "invariant_set", "ghost_variable", - "ghost_update" + "ghost_update", + "ghost_instrumentation" ] }, "default": [ diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index d3988f8edb..cc435a38ac 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -160,6 +160,31 @@ struct }; metadata = metadata ~task (); } + + let ghost_variable' ~variable ~type_ ~(initial): GhostInstrumentation.Variable.t = { + name = variable; + scope = "global"; + type_; + initial; + } + + let ghost_update' ~variable ~(expression): GhostInstrumentation.Update.t = { + ghost_variable = variable; + expression; + } + + let ghost_location_update' ~location ~(updates): GhostInstrumentation.LocationUpdate.t = { + location; + updates; + } + + let ghost_instrumentation ~task ~variables ~(location_updates): Entry.t = { + entry_type = GhostInstrumentation { + ghost_variables = variables; + ghost_updates = location_updates; + }; + metadata = metadata ~task (); + } end let yaml_entries_to_file yaml_entries file = diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 4bdb730b82..72afbf432b 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -485,6 +485,99 @@ struct {variable; expression; location} end +module GhostInstrumentation = +struct + + module Variable = + struct + type t = { + name: string; + scope: string; + type_: string; + initial: string; + } + [@@deriving eq, ord, hash] + + let to_yaml {name; scope; type_; initial} = + `O [ + ("name", `String name); + ("scope", `String scope); + ("type", `String type_); + ("initial", `String initial); + ] + + let of_yaml y = + let open GobYaml in + let+ name = y |> find "name" >>= to_string + and+ scope = y |> find "scope" >>= to_string + and+ type_ = y |> find "type" >>= to_string + and+ initial = y |> find "initial" >>= to_string in + {name; scope; type_; initial} + end + + module Update = + struct + type t = { + ghost_variable: string; + expression: string; + } + [@@deriving eq, ord, hash] + + let to_yaml {ghost_variable; expression} = + `O [ + ("ghost_variable", `String ghost_variable); + ("expression", `String expression); + ] + + let of_yaml y = + let open GobYaml in + let+ ghost_variable = y |> find "ghost_variable" >>= to_string + and+ expression = y |> find "expression" >>= to_string in + {ghost_variable; expression} + end + + module LocationUpdate = + struct + type t = { + location: Location.t; + updates: Update.t list; + } + [@@deriving eq, ord, hash] + + let to_yaml {location; updates} = + `O [ + ("location", Location.to_yaml location); + ("updates", `A (List.map Update.to_yaml updates)); + ] + + let of_yaml y = + let open GobYaml in + let+ location = y |> find "location" >>= Location.of_yaml + and+ updates = y |> find "updates" >>= list >>= list_map Update.of_yaml in + {location; updates} + end + + type t = { + ghost_variables: Variable.t list; + ghost_updates: LocationUpdate.t list; + } + [@@deriving eq, ord, hash] + + let entry_type = "ghost_instrumentation" + + let to_yaml' {ghost_variables; ghost_updates} = + [ + ("ghost_variables", `A (List.map Variable.to_yaml ghost_variables)); + ("ghost_updates", `A (List.map LocationUpdate.to_yaml ghost_updates)); + ] + + let of_yaml y = + let open GobYaml in + let+ ghost_variables = y |> find "ghost_variables" >>= list >>= list_map Variable.of_yaml + and+ ghost_updates = y |> find "ghost_updates" >>= list >>= list_map LocationUpdate.of_yaml in + {ghost_variables; ghost_updates} +end + (* TODO: could maybe use GADT, but adds ugly existential layer to entry type pattern matching *) module EntryType = struct @@ -498,6 +591,7 @@ struct | InvariantSet of InvariantSet.t | GhostVariable of GhostVariable.t | GhostUpdate of GhostUpdate.t + | GhostInstrumentation of GhostInstrumentation.t [@@deriving eq, ord, hash] let entry_type = function @@ -510,6 +604,7 @@ struct | InvariantSet _ -> InvariantSet.entry_type | GhostVariable _ -> GhostVariable.entry_type | GhostUpdate _ -> GhostUpdate.entry_type + | GhostInstrumentation _ -> GhostInstrumentation.entry_type let to_yaml' = function | LocationInvariant x -> LocationInvariant.to_yaml' x @@ -521,6 +616,7 @@ struct | InvariantSet x -> InvariantSet.to_yaml' x | GhostVariable x -> GhostVariable.to_yaml' x | GhostUpdate x -> GhostUpdate.to_yaml' x + | GhostInstrumentation x -> GhostInstrumentation.to_yaml' x let of_yaml y = let open GobYaml in @@ -552,6 +648,9 @@ struct else if entry_type = GhostUpdate.entry_type then let+ x = y |> GhostUpdate.of_yaml in GhostUpdate x + else if entry_type = GhostInstrumentation.entry_type then + let+ x = y |> GhostInstrumentation.of_yaml in + GhostInstrumentation x else Error (`Msg ("entry_type " ^ entry_type)) end diff --git a/tests/util/yamlWitnessStrip.ml b/tests/util/yamlWitnessStrip.ml index 211a8a0e1a..4d7b446bab 100644 --- a/tests/util/yamlWitnessStrip.ml +++ b/tests/util/yamlWitnessStrip.ml @@ -26,6 +26,9 @@ struct in {invariant_type} in + let ghost_location_update_strip_file_hash (x: GhostInstrumentation.LocationUpdate.t): GhostInstrumentation.LocationUpdate.t = + {x with location = location_strip_file_hash x.location} + in let entry_type: EntryType.t = match entry_type with | LocationInvariant x -> @@ -46,6 +49,8 @@ struct GhostVariable x (* no location to strip *) | GhostUpdate x -> GhostUpdate {x with location = location_strip_file_hash x.location} + | GhostInstrumentation x -> + GhostInstrumentation {x with ghost_updates = List.map ghost_location_update_strip_file_hash x.ghost_updates} in {entry_type} From d22065396f057689adf10ee950d623fb999bc4b7 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 20 Aug 2024 12:27:58 +0300 Subject: [PATCH 090/164] Add ghost_instrumentation support to mutexGhosts --- src/analyses/mutexGhosts.ml | 84 ++++++++++++++++++++-- src/witness/witnessGhost.ml | 22 +++++- tests/regression/13-privatized/74-mutex.t | 87 +++++++++++++++++++++++ 3 files changed, 186 insertions(+), 7 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 7bc4423f04..09afc41baa 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -10,17 +10,19 @@ struct include UnitAnalysis.Spec let name () = "mutexGhosts" - module ThreadCreate = Printable.UnitConf (struct let name = "threadcreate" end) + (* module ThreadCreate = Printable.UnitConf (struct let name = "threadcreate" end) *) module V = struct - include Printable.Either3 (Node) (LockDomain.MustLock) (ThreadCreate) + include Printable.Either3 (Node) (LockDomain.MustLock) (BoolDomain.Bool) let node x = `Left x let lock x = `Middle x - let threadcreate = `Right () + let threadcreate = `Right false + let update = `Right true let is_write_only = function | `Left _ -> false | `Middle _ -> true - | `Right _ -> false + | `Right false -> false + | `Right true -> true end module Locked = @@ -53,9 +55,11 @@ struct | `Bot -> NodeSet.bot () | `Lifted2 (`Lifted2 x) -> x | _ -> failwith "MutexGhosts.threadcreate" + let update = threadcreate let create_node node = `Lifted1 node let create_lock lock = `Lifted2 (`Lifted1 lock) let create_threadcreate threadcreate = `Lifted2 (`Lifted2 threadcreate) + let create_update = create_threadcreate end let mustlock_of_addr (addr: LockDomain.Addr.t): LockDomain.MustLock.t option = @@ -69,6 +73,7 @@ struct | Events.Lock (l, _) when not (LockDomain.Addr.equal l verifier_atomic_addr) -> ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.singleton l, Unlocked.bot (), MultiThread.bot ())); if !AnalysisState.postsolving then ( + ctx.sideg V.update (G.create_update (NodeSet.singleton ctx.prev_node)); let (locked, _, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal locked > 1 then ( Locked.iter (fun lock -> @@ -81,6 +86,7 @@ struct | Events.Unlock l when not (LockDomain.Addr.equal l verifier_atomic_addr) -> ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.singleton l, MultiThread.bot ())); if !AnalysisState.postsolving then ( + ctx.sideg V.update (G.create_update (NodeSet.singleton ctx.prev_node)); let (_, unlocked, _) = G.node (ctx.global (V.node ctx.prev_node)) in if Locked.cardinal unlocked > 1 then ( Locked.iter (fun lock -> @@ -91,7 +97,9 @@ struct ); ) | Events.EnterMultiThreaded -> - ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)) + ctx.sideg (V.node ctx.prev_node) (G.create_node (Locked.bot (), Unlocked.bot (), true)); + if !AnalysisState.postsolving then + ctx.sideg V.update (G.create_update (NodeSet.singleton ctx.prev_node)); | _ -> () end; ctx.local @@ -113,7 +121,7 @@ struct | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in begin match g with - | `Left g' -> + | `Left g' when YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type -> let (locked, unlocked, multithread) = G.node (ctx.global g) in let g = g' in let entries = @@ -161,6 +169,70 @@ struct entries in entries + | `Right true when YamlWitness.entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type -> + let nodes = G.update (ctx.global g) in + let (variables, location_updates) = NodeSet.fold (fun node (variables, location_updates) -> + let (locked, unlocked, multithread) = G.node (ctx.global (V.node node)) in + let variables' = + (* TODO: do variable_entry-s only once *) + Locked.fold (fun l acc -> + match mustlock_of_addr l with + | Some l when ghost_var_available ctx (Locked l) -> + let variable = WitnessGhost.variable' (Locked l) in + if BatList.mem_cmp YamlWitnessType.GhostInstrumentation.Variable.compare variable acc then (* TODO: be efficient *) + acc + else + variable :: acc + | _ -> + acc + ) (Locked.union locked unlocked) variables + in + let updates = + Locked.fold (fun l acc -> + match mustlock_of_addr l with + | Some l when ghost_var_available ctx (Locked l) -> + let update = WitnessGhost.update' (Locked l) GoblintCil.one in + update :: acc + | _ -> + acc + ) locked [] + in + let updates = + Unlocked.fold (fun l acc -> + match mustlock_of_addr l with + | Some l when ghost_var_available ctx (Locked l) -> + let update = WitnessGhost.update' (Locked l) GoblintCil.zero in + update :: acc + | _ -> + acc + ) unlocked updates + in + let (variables', updates) = + if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( + if ghost_var_available ctx Multithreaded then ( + let variable = WitnessGhost.variable' Multithreaded in + let update = WitnessGhost.update' Multithreaded GoblintCil.one in + let variables' = + if BatList.mem_cmp YamlWitnessType.GhostInstrumentation.Variable.compare variable variables' then (* TODO: be efficient *) + variables' + else + variable :: variables' + in + (variables', update :: updates) + ) + else + (variables', updates) + ) + else + (variables', updates) + in + let location_update = WitnessGhost.location_update' ~node ~updates in + (variables', location_update :: location_updates) + ) nodes ([], []) + in + let entry = WitnessGhost.instrumentation_entry ~task ~variables ~location_updates in + Queries.YS.singleton entry + | `Left _ -> Queries.Result.top q | `Middle _ -> Queries.Result.top q | `Right _ -> Queries.Result.top q end diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index 91d513ceae..3535e8a347 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -1,7 +1,7 @@ (** Ghost variables for YAML witnesses. *) let enabled () = - YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type + (YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type) || YamlWitness.entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type module Var = WitnessGhostVar @@ -24,3 +24,23 @@ let update_entry ~task ~node x e = let variable = name_varinfo x in let expression = CilType.Exp.show e in YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression + +let variable' x = + let variable = name_varinfo x in + let type_ = String.trim (CilType.Typ.show (typ x)) in (* CIL printer puts space at the end of some types *) + let initial = CilType.Exp.show (initial x) in + YamlWitness.Entry.ghost_variable' ~variable ~type_ ~initial + +let update' x e = + let variable = name_varinfo x in + let expression = CilType.Exp.show e in + YamlWitness.Entry.ghost_update' ~variable ~expression + +let location_update' ~node ~updates = + let loc = Node.location node in + let location_function = (Node.find_fundec node).svar.vname in + let location = YamlWitness.Entry.location ~location:loc ~location_function in + YamlWitness.Entry.ghost_location_update' ~location ~updates + +let instrumentation_entry ~task ~variables ~location_updates = + YamlWitness.Entry.ghost_instrumentation ~task ~variables ~location_updates diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 8999d394ec..eec046bcb6 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -148,6 +148,93 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm unsafe: 0 total memory locations: 1 +Same with ghost_instrumentation entry. + + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 74-mutex.c + [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) + [Warning][Deadcode] Function 'producer' has dead code: + on line 26 (74-mutex.c:26-26) + [Warning][Deadcode] Logical lines of code (LLoC) summary: + live: 14 + dead: 1 + total lines: 15 + [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) + [Info][Witness] witness generation summary: + total generation entries: 3 + [Info][Race] Memory locations race summary: + safe: 1 + vulnerable: 0 + unsafe: 0 + total memory locations: 1 + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_instrumentation + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: "0" + - name: m_locked + scope: global + type: int + initial: "0" + ghost_updates: + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 3 + function: main + updates: + - ghost_variable: m_locked + expression: "0" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + updates: + - ghost_variable: m_locked + expression: "1" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 3 + function: main + updates: + - ghost_variable: multithreaded + expression: "1" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 5 + function: producer + updates: + - ghost_variable: m_locked + expression: "0" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 5 + function: producer + updates: + - ghost_variable: m_locked + expression: "1" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m_locked || used == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= used && used <= 1)' + type: assertion + format: C + Same with mutex-meet. $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c From f79ad180cc9bb3ff2b00b73fcda4368718b8f307 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 20 Aug 2024 12:53:28 +0300 Subject: [PATCH 091/164] Add option for emitting flow_insensitive_invariant-s as invariant_set location_invariant-s in YAML witnesses --- conf/svcomp-ghost.json | 2 +- src/config/options.schema.json | 9 ++-- src/witness/yamlWitness.ml | 52 ++++++++++++++++--- .../regression/13-privatized/04-priv_multi.t | 2 +- tests/regression/13-privatized/74-mutex.t | 40 +++++++++----- 5 files changed, 77 insertions(+), 28 deletions(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index ce308c5e52..c4f165960d 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -150,7 +150,7 @@ "accessed": false, "exact": true, "all-locals": false, - "flow_insensitive-as-location": true, + "flow_insensitive-as": "location_invariant", "exclude-vars": [ "tmp\\(___[0-9]+\\)?", "cond", diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 06b6f26359..11df177cd3 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2604,11 +2604,12 @@ "type": "boolean", "default": true }, - "flow_insensitive-as-location": { - "title": "witness.invariant.flow_insensitive-as-location", + "flow_insensitive-as": { + "title": "witness.invariant.flow_insensitive-as", "description": "Emit flow-insensitive invariants as location invariants at certain locations.", - "type": "boolean", - "default": false + "type": "string", + "enum": ["flow_insensitive_invariant", "location_invariant", "invariant_set-location_invariant"], + "default": "flow_insensitive_invariant" } }, "additionalProperties": false diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index cc435a38ac..c8217bde19 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -347,22 +347,23 @@ struct entries in + let invariant_global_nodes = lazy (R.ask_global InvariantGlobalNodes) in + (* Generate flow-insensitive invariants *) let entries = if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type then ( - let ns = lazy (R.ask_global InvariantGlobalNodes) in GHT.fold (fun g v acc -> match g with | `Left g -> (* Spec global *) - begin match R.ask_global (InvariantGlobal (Obj.repr g)), GobConfig.get_bool "witness.invariant.flow_insensitive-as-location" with - | `Lifted inv, false -> + begin match R.ask_global (InvariantGlobal (Obj.repr g)), GobConfig.get_string "witness.invariant.flow_insensitive-as" with + | `Lifted inv, "flow_insensitive_invariant" -> let invs = WitnessUtil.InvariantExp.process_exp inv in List.fold_left (fun acc inv -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.flow_insensitive_invariant ~task ~invariant in entry :: acc ) acc invs - | `Lifted inv, true -> + | `Lifted inv, "location_invariant" -> (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) let invs = WitnessUtil.InvariantExp.process_exp inv in Queries.NS.fold (fun n acc -> @@ -377,7 +378,8 @@ struct entry :: acc ) acc invs | None -> acc - ) (Lazy.force ns) acc + ) (Lazy.force invariant_global_nodes) acc + | `Lifted _, _ | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end @@ -516,12 +518,12 @@ struct (* Generate invariant set *) let entries = - if entry_type_enabled YamlWitnessType.InvariantSet.entry_type then ( + if entry_type_enabled YamlWitnessType.InvariantSet.entry_type || entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type && GobConfig.get_string "witness.invariant.flow_insensitive-as" = "invariant_set-location_invariant" then ( let invariants = [] in (* Generate location invariants *) let invariants = - if invariant_type_enabled YamlWitnessType.InvariantSet.LocationInvariant.invariant_type then ( + if entry_type_enabled YamlWitnessType.InvariantSet.entry_type && invariant_type_enabled YamlWitnessType.InvariantSet.LocationInvariant.invariant_type then ( LH.fold (fun loc ns acc -> let inv = List.fold_left (fun acc n -> let local = try NH.find (Lazy.force nh) n with Not_found -> Spec.D.bot () in @@ -550,7 +552,7 @@ struct (* Generate loop invariants *) let invariants = - if invariant_type_enabled YamlWitnessType.InvariantSet.LoopInvariant.invariant_type then ( + if entry_type_enabled YamlWitnessType.InvariantSet.entry_type && invariant_type_enabled YamlWitnessType.InvariantSet.LoopInvariant.invariant_type then ( LH.fold (fun loc ns acc -> if WitnessInvariant.emit_loop_head then ( (* TODO: remove double condition? *) let inv = List.fold_left (fun acc n -> @@ -580,6 +582,40 @@ struct invariants in + (* Generate flow-insensitive invariants as location invariants *) + let invariants = + if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type && GobConfig.get_string "witness.invariant.flow_insensitive-as" = "invariant_set-location_invariant" then ( + GHT.fold (fun g v acc -> + match g with + | `Left g -> (* Spec global *) + begin match R.ask_global (InvariantGlobal (Obj.repr g)) with + | `Lifted inv -> + (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) + let invs = WitnessUtil.InvariantExp.process_exp inv in + Queries.NS.fold (fun n acc -> + let fundec = Node.find_fundec n in + match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) + | Some loc -> + let location_function = fundec.svar.vname in + let location = Entry.location ~location:loc ~location_function in + List.fold_left (fun acc inv -> + let invariant = CilType.Exp.show inv in + let invariant = Entry.location_invariant' ~location ~invariant in + invariant :: acc + ) acc invs + | None -> acc + ) (Lazy.force invariant_global_nodes) acc + | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) + acc + end + | `Right _ -> (* contexts global *) + acc + ) gh invariants + ) + else + invariants + in + let invariants = List.rev invariants in let entry = Entry.invariant_set ~task ~invariants in entry :: entries diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index b1a45dd917..fd0dad6a39 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -174,7 +174,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --set witness.invariant.flow_insensitive-as location_invariant 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index eec046bcb6..c99cdb6ff9 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -84,7 +84,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --enable witness.invariant.flow_insensitive-as-location 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --set witness.invariant.flow_insensitive-as location_invariant 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -148,9 +148,9 @@ Earlyglobs shouldn't cause protected writes in multithreaded mode from being imm unsafe: 0 total memory locations: 1 -Same with ghost_instrumentation entry. +Same with ghost_instrumentation and invariant_set entries. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' --set witness.invariant.flow_insensitive-as invariant_set-location_invariant 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -160,7 +160,7 @@ Same with ghost_instrumentation entry. total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - total generation entries: 3 + total generation entries: 2 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -224,16 +224,28 @@ Same with ghost_instrumentation entry. updates: - ghost_variable: m_locked expression: "1" - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (m_locked || used == 0)' - type: assertion - format: C - - entry_type: flow_insensitive_invariant - flow_insensitive_invariant: - string: '! multithreaded || (0 <= used && used <= 1)' - type: assertion - format: C + - entry_type: invariant_set + content: + - invariant: + type: location_invariant + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + value: '! multithreaded || (m_locked || used == 0)' + format: c_expression + - invariant: + type: location_invariant + location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + value: '! multithreaded || (0 <= used && used <= 1)' + format: c_expression Same with mutex-meet. From e9e652d86cac07bdff43780fbe5467fe46870265 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 20 Aug 2024 12:56:26 +0300 Subject: [PATCH 092/164] Use invariant_set in svcomp-ghost conf --- conf/svcomp-ghost.json | 7 +++---- src/config/options.schema.json | 3 ++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/svcomp-ghost.json b/conf/svcomp-ghost.json index c4f165960d..cb4d8f1384 100644 --- a/conf/svcomp-ghost.json +++ b/conf/svcomp-ghost.json @@ -136,11 +136,10 @@ }, "yaml": { "enabled": true, - "format-version": "0.1", + "format-version": "2.1", "entry-types": [ "flow_insensitive_invariant", - "ghost_variable", - "ghost_update" + "ghost_instrumentation" ] }, "invariant": { @@ -150,7 +149,7 @@ "accessed": false, "exact": true, "all-locals": false, - "flow_insensitive-as": "location_invariant", + "flow_insensitive-as": "invariant_set-location_invariant", "exclude-vars": [ "tmp\\(___[0-9]+\\)?", "cond", diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 11df177cd3..1101e04ace 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2630,7 +2630,8 @@ "type": "string", "enum": [ "0.1", - "2.0" + "2.0", + "2.1" ], "default": "0.1" }, From 431b34d18d12ef588c67a170f4a139665e73720c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 20 Aug 2024 15:02:07 +0300 Subject: [PATCH 093/164] Make invariant_set and ghost_instrumentation deterministic in tests --- tests/regression/13-privatized/74-mutex.t | 40 +++++++++++------------ tests/util/yamlWitnessStrip.ml | 12 +++++-- 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index c99cdb6ff9..0c2947ab37 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -170,11 +170,11 @@ Same with ghost_instrumentation and invariant_set entries. $ yamlWitnessStrip < witness.yml - entry_type: ghost_instrumentation ghost_variables: - - name: multithreaded + - name: m_locked scope: global type: int initial: "0" - - name: m_locked + - name: multithreaded scope: global type: int initial: "0" @@ -182,21 +182,21 @@ Same with ghost_instrumentation and invariant_set entries. - location: file_name: 74-mutex.c file_hash: $FILE_HASH - line: 38 - column: 3 - function: main + line: 20 + column: 5 + function: producer updates: - ghost_variable: m_locked - expression: "0" + expression: "1" - location: file_name: 74-mutex.c file_hash: $FILE_HASH - line: 36 - column: 3 - function: main + line: 23 + column: 5 + function: producer updates: - ghost_variable: m_locked - expression: "1" + expression: "0" - location: file_name: 74-mutex.c file_hash: $FILE_HASH @@ -209,21 +209,21 @@ Same with ghost_instrumentation and invariant_set entries. - location: file_name: 74-mutex.c file_hash: $FILE_HASH - line: 23 - column: 5 - function: producer + line: 36 + column: 3 + function: main updates: - ghost_variable: m_locked - expression: "0" + expression: "1" - location: file_name: 74-mutex.c file_hash: $FILE_HASH - line: 20 - column: 5 - function: producer + line: 38 + column: 3 + function: main updates: - ghost_variable: m_locked - expression: "1" + expression: "0" - entry_type: invariant_set content: - invariant: @@ -234,7 +234,7 @@ Same with ghost_instrumentation and invariant_set entries. line: 36 column: 3 function: main - value: '! multithreaded || (m_locked || used == 0)' + value: '! multithreaded || (0 <= used && used <= 1)' format: c_expression - invariant: type: location_invariant @@ -244,7 +244,7 @@ Same with ghost_instrumentation and invariant_set entries. line: 36 column: 3 function: main - value: '! multithreaded || (0 <= used && used <= 1)' + value: '! multithreaded || (m_locked || used == 0)' format: c_expression Same with mutex-meet. diff --git a/tests/util/yamlWitnessStrip.ml b/tests/util/yamlWitnessStrip.ml index 4d7b446bab..dff8bfb0cf 100644 --- a/tests/util/yamlWitnessStrip.ml +++ b/tests/util/yamlWitnessStrip.ml @@ -27,7 +27,10 @@ struct {invariant_type} in let ghost_location_update_strip_file_hash (x: GhostInstrumentation.LocationUpdate.t): GhostInstrumentation.LocationUpdate.t = - {x with location = location_strip_file_hash x.location} + { + location = location_strip_file_hash x.location; + updates = List.sort GhostInstrumentation.Update.compare x.updates + } in let entry_type: EntryType.t = match entry_type with @@ -44,13 +47,16 @@ struct | PreconditionLoopInvariantCertificate x -> PreconditionLoopInvariantCertificate {x with target = target_strip_file_hash x.target} | InvariantSet x -> - InvariantSet {content = List.map invariant_strip_file_hash x.content} + InvariantSet {content = List.sort InvariantSet.Invariant.compare (List.map invariant_strip_file_hash x.content)} (* Sort, so order is deterministic regardless of Goblint. *) | GhostVariable x -> GhostVariable x (* no location to strip *) | GhostUpdate x -> GhostUpdate {x with location = location_strip_file_hash x.location} | GhostInstrumentation x -> - GhostInstrumentation {x with ghost_updates = List.map ghost_location_update_strip_file_hash x.ghost_updates} + GhostInstrumentation { (* Sort, so order is deterministic regardless of Goblint. *) + ghost_variables = List.sort GhostInstrumentation.Variable.compare x.ghost_variables; + ghost_updates = List.sort GhostInstrumentation.LocationUpdate.compare (List.map ghost_location_update_strip_file_hash x.ghost_updates); + } in {entry_type} From 2c9955048a13c162fcf74f7ccd67d614c73e3ee5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 28 Aug 2024 17:25:23 +0300 Subject: [PATCH 094/164] Remove ghost_ prefix from ghost_instrumentation update entries --- src/witness/yamlWitness.ml | 2 +- src/witness/yamlWitnessType.ml | 10 +++++----- tests/regression/13-privatized/74-mutex.t | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index c8217bde19..c917361d9b 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -169,7 +169,7 @@ struct } let ghost_update' ~variable ~(expression): GhostInstrumentation.Update.t = { - ghost_variable = variable; + variable; expression; } diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 72afbf432b..cefb0866f3 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -518,22 +518,22 @@ struct module Update = struct type t = { - ghost_variable: string; + variable: string; expression: string; } [@@deriving eq, ord, hash] - let to_yaml {ghost_variable; expression} = + let to_yaml {variable; expression} = `O [ - ("ghost_variable", `String ghost_variable); + ("variable", `String variable); ("expression", `String expression); ] let of_yaml y = let open GobYaml in - let+ ghost_variable = y |> find "ghost_variable" >>= to_string + let+ variable = y |> find "variable" >>= to_string and+ expression = y |> find "expression" >>= to_string in - {ghost_variable; expression} + {variable; expression} end module LocationUpdate = diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 0c2947ab37..9a11b6846f 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -186,7 +186,7 @@ Same with ghost_instrumentation and invariant_set entries. column: 5 function: producer updates: - - ghost_variable: m_locked + - variable: m_locked expression: "1" - location: file_name: 74-mutex.c @@ -195,7 +195,7 @@ Same with ghost_instrumentation and invariant_set entries. column: 5 function: producer updates: - - ghost_variable: m_locked + - variable: m_locked expression: "0" - location: file_name: 74-mutex.c @@ -204,7 +204,7 @@ Same with ghost_instrumentation and invariant_set entries. column: 3 function: main updates: - - ghost_variable: multithreaded + - variable: multithreaded expression: "1" - location: file_name: 74-mutex.c @@ -213,7 +213,7 @@ Same with ghost_instrumentation and invariant_set entries. column: 3 function: main updates: - - ghost_variable: m_locked + - variable: m_locked expression: "1" - location: file_name: 74-mutex.c @@ -222,7 +222,7 @@ Same with ghost_instrumentation and invariant_set entries. column: 3 function: main updates: - - ghost_variable: m_locked + - variable: m_locked expression: "0" - entry_type: invariant_set content: From 12dadf4f03c8ff9d3e4a1546235722066018fd40 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 2 Sep 2024 11:03:57 +0300 Subject: [PATCH 095/164] Wrap ghost_instrumentation in content --- src/witness/yamlWitnessType.ml | 13 ++- tests/regression/13-privatized/74-mutex.t | 111 +++++++++++----------- 2 files changed, 64 insertions(+), 60 deletions(-) diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index cefb0866f3..b04a2c35bf 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -566,15 +566,18 @@ struct let entry_type = "ghost_instrumentation" let to_yaml' {ghost_variables; ghost_updates} = - [ - ("ghost_variables", `A (List.map Variable.to_yaml ghost_variables)); - ("ghost_updates", `A (List.map LocationUpdate.to_yaml ghost_updates)); + [("content", + `O [ + ("ghost_variables", `A (List.map Variable.to_yaml ghost_variables)); + ("ghost_updates", `A (List.map LocationUpdate.to_yaml ghost_updates)); + ]) ] let of_yaml y = let open GobYaml in - let+ ghost_variables = y |> find "ghost_variables" >>= list >>= list_map Variable.of_yaml - and+ ghost_updates = y |> find "ghost_updates" >>= list >>= list_map LocationUpdate.of_yaml in + let* content = y |> find "content" in + let+ ghost_variables = content |> find "ghost_variables" >>= list >>= list_map Variable.of_yaml + and+ ghost_updates = content |> find "ghost_updates" >>= list >>= list_map LocationUpdate.of_yaml in {ghost_variables; ghost_updates} end diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 9a11b6846f..478921155e 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -169,61 +169,62 @@ Same with ghost_instrumentation and invariant_set entries. $ yamlWitnessStrip < witness.yml - entry_type: ghost_instrumentation - ghost_variables: - - name: m_locked - scope: global - type: int - initial: "0" - - name: multithreaded - scope: global - type: int - initial: "0" - ghost_updates: - - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 20 - column: 5 - function: producer - updates: - - variable: m_locked - expression: "1" - - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 23 - column: 5 - function: producer - updates: - - variable: m_locked - expression: "0" - - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 34 - column: 3 - function: main - updates: - - variable: multithreaded - expression: "1" - - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 36 - column: 3 - function: main - updates: - - variable: m_locked - expression: "1" - - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 38 - column: 3 - function: main - updates: - - variable: m_locked - expression: "0" + content: + ghost_variables: + - name: m_locked + scope: global + type: int + initial: "0" + - name: multithreaded + scope: global + type: int + initial: "0" + ghost_updates: + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 5 + function: producer + updates: + - variable: m_locked + expression: "1" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 5 + function: producer + updates: + - variable: m_locked + expression: "0" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 3 + function: main + updates: + - variable: multithreaded + expression: "1" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + updates: + - variable: m_locked + expression: "1" + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 3 + function: main + updates: + - variable: m_locked + expression: "0" - entry_type: invariant_set content: - invariant: From 852297b68abbcb05c3f3700098e2bc2f22c93333 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 2 Sep 2024 11:10:31 +0300 Subject: [PATCH 096/164] Add value and format to ghost_instrumentation --- src/witness/yamlWitness.ml | 8 +++-- src/witness/yamlWitnessType.ml | 40 ++++++++++++++++++----- tests/regression/13-privatized/74-mutex.t | 23 +++++++++---- 3 files changed, 54 insertions(+), 17 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index c917361d9b..f8890d8eaa 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -165,12 +165,16 @@ struct name = variable; scope = "global"; type_; - initial; + initial = { + value = initial; + format = "c_expression"; + }; } let ghost_update' ~variable ~(expression): GhostInstrumentation.Update.t = { variable; - expression; + value = expression; + format = "c_expression"; } let ghost_location_update' ~location ~(updates): GhostInstrumentation.LocationUpdate.t = { diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index b04a2c35bf..7834951892 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -488,13 +488,34 @@ end module GhostInstrumentation = struct + module Initial = + struct + type t = { + value: string; + format: string; + } + [@@deriving eq, ord, hash] + + let to_yaml {value; format} = + `O [ + ("value", `String value); + ("format", `String format); + ] + + let of_yaml y = + let open GobYaml in + let+ value = y |> find "value" >>= to_string + and+ format = y |> find "format" >>= to_string in + {value; format} + end + module Variable = struct type t = { name: string; scope: string; type_: string; - initial: string; + initial: Initial.t; } [@@deriving eq, ord, hash] @@ -503,7 +524,7 @@ struct ("name", `String name); ("scope", `String scope); ("type", `String type_); - ("initial", `String initial); + ("initial", Initial.to_yaml initial); ] let of_yaml y = @@ -511,7 +532,7 @@ struct let+ name = y |> find "name" >>= to_string and+ scope = y |> find "scope" >>= to_string and+ type_ = y |> find "type" >>= to_string - and+ initial = y |> find "initial" >>= to_string in + and+ initial = y |> find "initial" >>= Initial.of_yaml in {name; scope; type_; initial} end @@ -519,21 +540,24 @@ struct struct type t = { variable: string; - expression: string; + value: string; + format: string; } [@@deriving eq, ord, hash] - let to_yaml {variable; expression} = + let to_yaml {variable; value; format} = `O [ ("variable", `String variable); - ("expression", `String expression); + ("value", `String value); + ("format", `String format); ] let of_yaml y = let open GobYaml in let+ variable = y |> find "variable" >>= to_string - and+ expression = y |> find "expression" >>= to_string in - {variable; expression} + and+ value = y |> find "value" >>= to_string + and+ format = y |> find "format" >>= to_string in + {variable; value; format} end module LocationUpdate = diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 478921155e..8a1a7fee5f 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -174,11 +174,15 @@ Same with ghost_instrumentation and invariant_set entries. - name: m_locked scope: global type: int - initial: "0" + initial: + value: "0" + format: c_expression - name: multithreaded scope: global type: int - initial: "0" + initial: + value: "0" + format: c_expression ghost_updates: - location: file_name: 74-mutex.c @@ -188,7 +192,8 @@ Same with ghost_instrumentation and invariant_set entries. function: producer updates: - variable: m_locked - expression: "1" + value: "1" + format: c_expression - location: file_name: 74-mutex.c file_hash: $FILE_HASH @@ -197,7 +202,8 @@ Same with ghost_instrumentation and invariant_set entries. function: producer updates: - variable: m_locked - expression: "0" + value: "0" + format: c_expression - location: file_name: 74-mutex.c file_hash: $FILE_HASH @@ -206,7 +212,8 @@ Same with ghost_instrumentation and invariant_set entries. function: main updates: - variable: multithreaded - expression: "1" + value: "1" + format: c_expression - location: file_name: 74-mutex.c file_hash: $FILE_HASH @@ -215,7 +222,8 @@ Same with ghost_instrumentation and invariant_set entries. function: main updates: - variable: m_locked - expression: "1" + value: "1" + format: c_expression - location: file_name: 74-mutex.c file_hash: $FILE_HASH @@ -224,7 +232,8 @@ Same with ghost_instrumentation and invariant_set entries. function: main updates: - variable: m_locked - expression: "0" + value: "0" + format: c_expression - entry_type: invariant_set content: - invariant: From 67f8fe9195d3c6a96b01a0a5ceddf05a81fb1ff6 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 9 Oct 2024 10:28:06 +0300 Subject: [PATCH 097/164] Add test for invariant_set widening tokens (issue #1299) --- .../56-witness/64-apron-unassume-set-tokens.c | 18 ++++++ .../64-apron-unassume-set-tokens.yml | 59 +++++++++++++++++++ tests/regression/56-witness/dune | 3 +- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 tests/regression/56-witness/64-apron-unassume-set-tokens.c create mode 100644 tests/regression/56-witness/64-apron-unassume-set-tokens.yml diff --git a/tests/regression/56-witness/64-apron-unassume-set-tokens.c b/tests/regression/56-witness/64-apron-unassume-set-tokens.c new file mode 100644 index 0000000000..75a6b5eee5 --- /dev/null +++ b/tests/regression/56-witness/64-apron-unassume-set-tokens.c @@ -0,0 +1,18 @@ +// SKIP PARAM: --set ana.activated[+] apron --set ana.activated[+] unassume --set witness.yaml.unassume 64-apron-unassume-set-tokens.yml --set ana.apron.domain polyhedra --enable ana.widen.tokens +#include +// Uses polyhedra instead of octagon such that widening tokens are actually needed by test instead of narrowing. +// Copied & extended from 56-witness/12-apron-unassume-branch. +int main() { + int i = 0; + while (i < 100) { + i++; + } + assert(i == 100); + + int j = 0; + while (j < 100) { + j++; + } + assert(j == 100); + return 0; +} diff --git a/tests/regression/56-witness/64-apron-unassume-set-tokens.yml b/tests/regression/56-witness/64-apron-unassume-set-tokens.yml new file mode 100644 index 0000000000..8411ed045f --- /dev/null +++ b/tests/regression/56-witness/64-apron-unassume-set-tokens.yml @@ -0,0 +1,59 @@ +- entry_type: invariant_set + metadata: + format_version: "0.1" + uuid: 0a72f7b3-7826-4f68-bc7b-25425e95946e + creation_time: 2022-07-26T09:11:03Z + producer: + name: Goblint + version: heads/yaml-witness-unassume-0-g48503c690-dirty + command_line: '''./goblint'' ''--enable'' ''dbg.debug'' ''--enable'' ''dbg.regression'' + ''--html'' ''--set'' ''ana.activated[+]'' ''apron'' ''--enable'' ''witness.yaml.enabled'' + ''64-apron-unassume-set-tokens.c''' + task: + input_files: + - 64-apron-unassume-set-tokens.c + input_file_hashes: + 64-apron-unassume-set-tokens.c: 71e40ed99b5217343d0831e293e7207e5bd30ce53f6ab73f0c1ef6ced1afcc60 + data_model: LP64 + language: C + content: + - invariant: + type: location_invariant + location: + file_name: 64-apron-unassume-set-tokens.c + file_hash: 71e40ed99b5217343d0831e293e7207e5bd30ce53f6ab73f0c1ef6ced1afcc60 + line: 8 + column: 3 + function: main + value: 99LL - (long long )i >= 0LL + format: c_expression + - invariant: + type: location_invariant + location: + file_name: 64-apron-unassume-set-tokens.c + file_hash: 71e40ed99b5217343d0831e293e7207e5bd30ce53f6ab73f0c1ef6ced1afcc60 + line: 8 + column: 3 + function: main + value: (long long )i >= 0LL + format: c_expression + - invariant: + type: location_invariant + location: + file_name: 64-apron-unassume-set-tokens.c + file_hash: 71e40ed99b5217343d0831e293e7207e5bd30ce53f6ab73f0c1ef6ced1afcc60 + line: 14 + column: 3 + function: main + value: 99LL - (long long )j >= 0LL + format: c_expression + - invariant: + type: location_invariant + location: + file_name: 64-apron-unassume-set-tokens.c + file_hash: 71e40ed99b5217343d0831e293e7207e5bd30ce53f6ab73f0c1ef6ced1afcc60 + line: 14 + column: 3 + function: main + value: (long long )j >= 0LL + format: c_expression diff --git a/tests/regression/56-witness/dune b/tests/regression/56-witness/dune index 215e47deb2..f6694c60ec 100644 --- a/tests/regression/56-witness/dune +++ b/tests/regression/56-witness/dune @@ -21,7 +21,8 @@ (run %{update_suite} hh-ex3 -q) (run %{update_suite} bh-ex1-poly -q) (run %{update_suite} apron-unassume-precheck -q) - (run %{update_suite} apron-tracked-global-annot -q))))) + (run %{update_suite} apron-tracked-global-annot -q) + (run %{update_suite} apron-unassume-set-tokens -q))))) (cram (deps (glob_files *.c) (glob_files ??-*.yml))) From 7ec6b0578b6da2996114c8f9a60a75cb056fa231 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 8 Oct 2024 17:50:41 +0300 Subject: [PATCH 098/164] Add optional int indices to widening tokens --- src/analyses/apron/relationAnalysis.apron.ml | 4 ++-- src/analyses/base.ml | 4 ++-- src/analyses/unassumeAnalysis.ml | 12 ++++++------ src/domains/events.ml | 4 ++-- src/lifters/wideningTokens.ml | 3 +-- src/lifters/wideningTokens0.ml | 6 ++++++ 6 files changed, 19 insertions(+), 14 deletions(-) create mode 100644 src/lifters/wideningTokens0.ml diff --git a/src/analyses/apron/relationAnalysis.apron.ml b/src/analyses/apron/relationAnalysis.apron.ml index da14dfff1d..f82bd37e33 100644 --- a/src/analyses/apron/relationAnalysis.apron.ml +++ b/src/analyses/apron/relationAnalysis.apron.ml @@ -701,7 +701,7 @@ struct Priv.escape ctx.node (Analyses.ask_of_ctx ctx) ctx.global ctx.sideg st escaped | Assert exp -> assert_fn ctx exp true - | Events.Unassume {exp = e; uuids} -> + | Events.Unassume {exp = e; tokens} -> let e_orig = e in let ask = Analyses.ask_of_ctx ctx in let e = replace_deref_exps ctx.ask e in @@ -737,7 +737,7 @@ struct (* TODO: parallel write_global? *) let st = - WideningTokens.with_side_tokens (WideningTokens.TS.of_list uuids) (fun () -> + WideningTokens.with_side_tokens (WideningTokens.TS.of_list tokens) (fun () -> VH.fold (fun v v_in st -> (* TODO: is this sideg fine? *) write_global ask ctx.global ctx.sideg st v v_in diff --git a/src/analyses/base.ml b/src/analyses/base.ml index 1699108394..a5a9fc150e 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -3091,8 +3091,8 @@ struct set ~ctx ctx.local (eval_lv ~ctx ctx.local lval) (Cilfacade.typeOfLval lval) (Thread (ValueDomain.Threads.singleton tid)) | Events.Assert exp -> assert_fn ctx exp true - | Events.Unassume {exp; uuids} -> - Timing.wrap "base unassume" (unassume ctx exp) uuids + | Events.Unassume {exp; tokens} -> + Timing.wrap "base unassume" (unassume ctx exp) tokens | Events.Longjmped {lval} -> begin match lval with | Some lval -> diff --git a/src/analyses/unassumeAnalysis.ml b/src/analyses/unassumeAnalysis.ml index 8f8892b8be..348215993b 100644 --- a/src/analyses/unassumeAnalysis.ml +++ b/src/analyses/unassumeAnalysis.ml @@ -29,7 +29,7 @@ struct type inv = { exp: Cil.exp; - uuid: string; + token: WideningTokens.Token.t; } let invs: inv NH.t = NH.create 100 @@ -101,7 +101,7 @@ struct match InvariantParser.parse_cil inv_parser ~check:false ~fundec ~loc inv_cabs with | Ok inv_exp -> M.debug ~category:Witness ~loc:msgLoc "located invariant to %a: %a" Node.pretty n Cil.d_exp inv_exp; - NH.add invs n {exp = inv_exp; uuid} + NH.add invs n {exp = inv_exp; token = (uuid, None)} (* TODO: Some *) | Error e -> M.error ~category:Witness ~loc:msgLoc "CIL couldn't parse invariant: %s" inv; M.info ~category:Witness ~loc:msgLoc "invariant has undefined variables or side effects: %s" inv @@ -154,7 +154,7 @@ struct M.debug ~category:Witness ~loc:msgLoc "located invariant to %a: %a" Node.pretty n Cil.d_exp inv_exp; if not (NH.mem pre_invs n) then NH.replace pre_invs n (EH.create 10); - EH.add (NH.find pre_invs n) pre_exp {exp = inv_exp; uuid} + EH.add (NH.find pre_invs n) pre_exp {exp = inv_exp; token = (uuid, None)} (* TODO: Some *) | Error e -> M.error ~category:Witness ~loc:msgLoc "CIL couldn't parse invariant: %s" inv; M.info ~category:Witness ~loc:msgLoc "invariant has undefined variables or side effects: %s" inv @@ -262,9 +262,9 @@ struct M.info ~category:Witness "unassume invariant: %a" CilType.Exp.pretty e; if not !AnalysisState.postsolving then ( if not (GobConfig.get_bool "ana.unassume.precheck" && Queries.ID.to_bool (ctx.ask (EvalInt e)) = Some false) then ( - let uuids = x.uuid :: List.map (fun {uuid; _} -> uuid) xs in - ctx.emit (Unassume {exp = e; uuids}); - List.iter WideningTokens.add uuids + let tokens = x.token :: List.map (fun {token; _} -> token) xs in + ctx.emit (Unassume {exp = e; tokens}); + List.iter WideningTokens.add tokens ) ); ctx.local diff --git a/src/domains/events.ml b/src/domains/events.ml index b194847bac..b3054b8416 100644 --- a/src/domains/events.ml +++ b/src/domains/events.ml @@ -14,7 +14,7 @@ type t = | Assign of {lval: CilType.Lval.t; exp: CilType.Exp.t} (** Used to simulate old [ctx.assign]. *) (* TODO: unused *) | UpdateExpSplit of exp (** Used by expsplit analysis to evaluate [exp] on post-state. *) | Assert of exp - | Unassume of {exp: CilType.Exp.t; uuids: string list} + | Unassume of {exp: CilType.Exp.t; tokens: WideningTokens0.Token.t list} | Longjmped of {lval: CilType.Lval.t option} (** Should event be emitted after transfer function raises [Deadcode]? *) @@ -45,5 +45,5 @@ let pretty () = function | Assign {lval; exp} -> dprintf "Assign {lval=%a, exp=%a}" CilType.Lval.pretty lval CilType.Exp.pretty exp | UpdateExpSplit exp -> dprintf "UpdateExpSplit %a" d_exp exp | Assert exp -> dprintf "Assert %a" d_exp exp - | Unassume {exp; uuids} -> dprintf "Unassume {exp=%a; uuids=%a}" d_exp exp (docList Pretty.text) uuids + | Unassume {exp; tokens} -> dprintf "Unassume {exp=%a; tokens=%a}" d_exp exp (d_list ", " WideningTokens0.Token.pretty) tokens | Longjmped {lval} -> dprintf "Longjmped {lval=%a}" (docOpt (CilType.Lval.pretty ())) lval diff --git a/src/lifters/wideningTokens.ml b/src/lifters/wideningTokens.ml index 41bb5d8477..4d60099d7e 100644 --- a/src/lifters/wideningTokens.ml +++ b/src/lifters/wideningTokens.ml @@ -6,8 +6,7 @@ @see Mihaila, B., Sepp, A. & Simon, A. Widening as Abstract Domain. *) -(** Widening token. *) -module Token = Basetype.RawStrings (* Change to variant type if need other tokens than witness UUIDs. *) +include WideningTokens0 (** Widening token set. *) module TS = SetDomain.ToppedSet (Token) (struct let topname = "Top" end) diff --git a/src/lifters/wideningTokens0.ml b/src/lifters/wideningTokens0.ml new file mode 100644 index 0000000000..dcbf77424e --- /dev/null +++ b/src/lifters/wideningTokens0.ml @@ -0,0 +1,6 @@ +(** Widening token. *) +module Token = +struct + (* Change to variant type if need other tokens than witness UUIDs. *) + include Printable.Prod (Basetype.RawStrings) (Printable.Option (IntDomain.Integers (IntOps.NIntOps)) (struct let name = "None" end)) +end From 21c000c71bfae7e31fbc18d83d61a802dd854c03 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 8 Oct 2024 17:55:02 +0300 Subject: [PATCH 099/164] Add invariant_set index to widening token --- src/analyses/unassumeAnalysis.ml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/analyses/unassumeAnalysis.ml b/src/analyses/unassumeAnalysis.ml index 348215993b..6b5b495233 100644 --- a/src/analyses/unassumeAnalysis.ml +++ b/src/analyses/unassumeAnalysis.ml @@ -90,7 +90,7 @@ struct let uuid = entry.metadata.uuid in let target_type = YamlWitnessType.EntryType.entry_type entry.entry_type in - let unassume_nodes_invariant ~loc ~nodes inv = + let unassume_nodes_invariant ~loc ~nodes ?i inv = let msgLoc: M.Location.t = CilLocation loc in match InvariantParser.parse_cabs inv with | Ok inv_cabs -> @@ -101,7 +101,7 @@ struct match InvariantParser.parse_cil inv_parser ~check:false ~fundec ~loc inv_cabs with | Ok inv_exp -> M.debug ~category:Witness ~loc:msgLoc "located invariant to %a: %a" Node.pretty n Cil.d_exp inv_exp; - NH.add invs n {exp = inv_exp; token = (uuid, None)} (* TODO: Some *) + NH.add invs n {exp = inv_exp; token = (uuid, i)} | Error e -> M.error ~category:Witness ~loc:msgLoc "CIL couldn't parse invariant: %s" inv; M.info ~category:Witness ~loc:msgLoc "invariant has undefined variables or side effects: %s" inv @@ -154,7 +154,7 @@ struct M.debug ~category:Witness ~loc:msgLoc "located invariant to %a: %a" Node.pretty n Cil.d_exp inv_exp; if not (NH.mem pre_invs n) then NH.replace pre_invs n (EH.create 10); - EH.add (NH.find pre_invs n) pre_exp {exp = inv_exp; token = (uuid, None)} (* TODO: Some *) + EH.add (NH.find pre_invs n) pre_exp {exp = inv_exp; token = (uuid, None)} | Error e -> M.error ~category:Witness ~loc:msgLoc "CIL couldn't parse invariant: %s" inv; M.info ~category:Witness ~loc:msgLoc "invariant has undefined variables or side effects: %s" inv @@ -189,42 +189,42 @@ struct let unassume_invariant_set (invariant_set: YamlWitnessType.InvariantSet.t) = - let unassume_location_invariant (location_invariant: YamlWitnessType.InvariantSet.LocationInvariant.t) = + let unassume_location_invariant ~i (location_invariant: YamlWitnessType.InvariantSet.LocationInvariant.t) = let loc = YamlWitness.loc_of_location location_invariant.location in let inv = location_invariant.value in let msgLoc: M.Location.t = CilLocation loc in match Locator.find_opt location_locator loc with | Some nodes -> - unassume_nodes_invariant ~loc ~nodes inv + unassume_nodes_invariant ~loc ~nodes ~i inv | None -> M.warn ~category:Witness ~loc:msgLoc "couldn't locate invariant: %s" inv in - let unassume_loop_invariant (loop_invariant: YamlWitnessType.InvariantSet.LoopInvariant.t) = + let unassume_loop_invariant ~i (loop_invariant: YamlWitnessType.InvariantSet.LoopInvariant.t) = let loc = YamlWitness.loc_of_location loop_invariant.location in let inv = loop_invariant.value in let msgLoc: M.Location.t = CilLocation loc in match Locator.find_opt loop_locator loc with | Some nodes -> - unassume_nodes_invariant ~loc ~nodes inv + unassume_nodes_invariant ~loc ~nodes ~i inv | None -> M.warn ~category:Witness ~loc:msgLoc "couldn't locate invariant: %s" inv in - let validate_invariant (invariant: YamlWitnessType.InvariantSet.Invariant.t) = + let validate_invariant i (invariant: YamlWitnessType.InvariantSet.Invariant.t) = let target_type = YamlWitnessType.InvariantSet.InvariantType.invariant_type invariant.invariant_type in match YamlWitness.invariant_type_enabled target_type, invariant.invariant_type with | true, LocationInvariant x -> - unassume_location_invariant x + unassume_location_invariant ~i x | true, LoopInvariant x -> - unassume_loop_invariant x + unassume_loop_invariant ~i x | false, (LocationInvariant _ | LoopInvariant _) -> M.info_noloc ~category:Witness "disabled invariant of type %s" target_type in - List.iter validate_invariant invariant_set.content + List.iteri validate_invariant invariant_set.content in match YamlWitness.entry_type_enabled target_type, entry.entry_type with From 57a044713a03cd28d199fb16cd4c9b332b31f32d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 9 Oct 2024 10:35:11 +0300 Subject: [PATCH 100/164] Rename widening token modules --- src/analyses/apron/relationAnalysis.apron.ml | 6 +++--- src/analyses/base.ml | 6 +++--- src/analyses/mCP.ml | 12 ++++++------ src/analyses/unassumeAnalysis.ml | 4 ++-- src/domains/events.ml | 4 ++-- src/framework/control.ml | 2 +- src/goblint_lib.ml | 3 ++- src/lifters/wideningToken.ml | 4 ++++ .../{wideningTokens.ml => wideningTokenLifter.ml} | 2 +- src/lifters/wideningTokens0.ml | 6 ------ 10 files changed, 24 insertions(+), 25 deletions(-) create mode 100644 src/lifters/wideningToken.ml rename src/lifters/{wideningTokens.ml => wideningTokenLifter.ml} (99%) delete mode 100644 src/lifters/wideningTokens0.ml diff --git a/src/analyses/apron/relationAnalysis.apron.ml b/src/analyses/apron/relationAnalysis.apron.ml index f82bd37e33..28e365bd97 100644 --- a/src/analyses/apron/relationAnalysis.apron.ml +++ b/src/analyses/apron/relationAnalysis.apron.ml @@ -690,7 +690,7 @@ struct Priv.lock ask ctx.global st m ) st addr | Events.Unlock addr when ThreadFlag.has_ever_been_multi ask -> (* TODO: is this condition sound? *) - WideningTokens.with_local_side_tokens (fun () -> + WideningTokenLifter.with_local_side_tokens (fun () -> CommonPriv.lift_unlock ask (fun st m -> Priv.unlock ask ctx.global ctx.sideg st m ) st addr @@ -737,7 +737,7 @@ struct (* TODO: parallel write_global? *) let st = - WideningTokens.with_side_tokens (WideningTokens.TS.of_list tokens) (fun () -> + WideningTokenLifter.with_side_tokens (WideningTokenLifter.TS.of_list tokens) (fun () -> VH.fold (fun v v_in st -> (* TODO: is this sideg fine? *) write_global ask ctx.global ctx.sideg st v v_in @@ -771,7 +771,7 @@ struct let new_value = RD.join old_value st in PCU.RH.replace results ctx.node new_value; end; - WideningTokens.with_local_side_tokens (fun () -> + WideningTokenLifter.with_local_side_tokens (fun () -> Priv.sync (Analyses.ask_of_ctx ctx) ctx.global ctx.sideg ctx.local (reason :> [`Normal | `Join | `JoinCall of CilType.Fundec.t | `Return | `Init | `Thread]) ) diff --git a/src/analyses/base.ml b/src/analyses/base.ml index a5a9fc150e..fcf720e5eb 100644 --- a/src/analyses/base.ml +++ b/src/analyses/base.ml @@ -447,7 +447,7 @@ struct in if M.tracing then M.tracel "sync" "sync multi=%B earlyglobs=%B" multi !earlyglobs; if !earlyglobs || multi then - WideningTokens.with_local_side_tokens (fun () -> + WideningTokenLifter.with_local_side_tokens (fun () -> Priv.sync (Analyses.ask_of_ctx ctx) (priv_getg ctx.global) (priv_sideg ctx.sideg) ctx.local reason ) else @@ -3058,7 +3058,7 @@ struct (* Perform actual [set]-s with final unassumed values. This invokes [Priv.write_global], which was suppressed above. *) let e_d' = - WideningTokens.with_side_tokens (WideningTokens.TS.of_list uuids) (fun () -> + WideningTokenLifter.with_side_tokens (WideningTokenLifter.TS.of_list uuids) (fun () -> CPA.fold (fun x v acc -> let addr: AD.t = AD.of_mval (x, `NoOffset) in set ~ctx ~invariant:false acc addr x.vtype v @@ -3077,7 +3077,7 @@ struct Priv.lock ask (priv_getg ctx.global) st m ) st addr | Events.Unlock addr when ThreadFlag.has_ever_been_multi ask -> (* TODO: is this condition sound? *) - WideningTokens.with_local_side_tokens (fun () -> + WideningTokenLifter.with_local_side_tokens (fun () -> CommonPriv.lift_unlock ask (fun st m -> Priv.unlock ask (priv_getg ctx.global) (priv_sideg ctx.sideg) st m ) st addr diff --git a/src/analyses/mCP.ml b/src/analyses/mCP.ml index 6212b6de90..742e796fbd 100644 --- a/src/analyses/mCP.ml +++ b/src/analyses/mCP.ml @@ -156,20 +156,20 @@ struct else iter (uncurry spawn_one) @@ group_assoc_eq Basetype.Variables.equal xs - let do_sideg ctx (xs:(V.t * (WideningTokens.TS.t * G.t)) list) = + let do_sideg ctx (xs:(V.t * (WideningTokenLifter.TS.t * G.t)) list) = let side_one v dts = let side_one_ts ts d = (* Do side effects with the tokens that were active at the time. Transfer functions have exited the with_side_token wrappers by now. *) - let old_side_tokens = !WideningTokens.side_tokens in - WideningTokens.side_tokens := ts; + let old_side_tokens = !WideningTokenLifter.side_tokens in + WideningTokenLifter.side_tokens := ts; Fun.protect (fun () -> ctx.sideg v @@ fold_left G.join (G.bot ()) d ) ~finally:(fun () -> - WideningTokens.side_tokens := old_side_tokens + WideningTokenLifter.side_tokens := old_side_tokens ) in - iter (uncurry side_one_ts) @@ group_assoc_eq WideningTokens.TS.equal dts + iter (uncurry side_one_ts) @@ group_assoc_eq WideningTokenLifter.TS.equal dts in iter (uncurry side_one) @@ group_assoc_eq V.equal xs @@ -355,7 +355,7 @@ struct | None -> (fun ?(multiple=false) v d -> failwith ("Cannot \"spawn\" in " ^ tfname ^ " context.")) in let sideg = match sides with - | Some sides -> (fun v g -> sides := (v, (!WideningTokens.side_tokens, g)) :: !sides) + | Some sides -> (fun v g -> sides := (v, (!WideningTokenLifter.side_tokens, g)) :: !sides) | None -> (fun v g -> failwith ("Cannot \"sideg\" in " ^ tfname ^ " context.")) in let emit = match emits with diff --git a/src/analyses/unassumeAnalysis.ml b/src/analyses/unassumeAnalysis.ml index 6b5b495233..615dbd3266 100644 --- a/src/analyses/unassumeAnalysis.ml +++ b/src/analyses/unassumeAnalysis.ml @@ -29,7 +29,7 @@ struct type inv = { exp: Cil.exp; - token: WideningTokens.Token.t; + token: WideningToken.t; } let invs: inv NH.t = NH.create 100 @@ -264,7 +264,7 @@ struct if not (GobConfig.get_bool "ana.unassume.precheck" && Queries.ID.to_bool (ctx.ask (EvalInt e)) = Some false) then ( let tokens = x.token :: List.map (fun {token; _} -> token) xs in ctx.emit (Unassume {exp = e; tokens}); - List.iter WideningTokens.add tokens + List.iter WideningTokenLifter.add tokens ) ); ctx.local diff --git a/src/domains/events.ml b/src/domains/events.ml index b3054b8416..cf12900c98 100644 --- a/src/domains/events.ml +++ b/src/domains/events.ml @@ -14,7 +14,7 @@ type t = | Assign of {lval: CilType.Lval.t; exp: CilType.Exp.t} (** Used to simulate old [ctx.assign]. *) (* TODO: unused *) | UpdateExpSplit of exp (** Used by expsplit analysis to evaluate [exp] on post-state. *) | Assert of exp - | Unassume of {exp: CilType.Exp.t; tokens: WideningTokens0.Token.t list} + | Unassume of {exp: CilType.Exp.t; tokens: WideningToken.t list} | Longjmped of {lval: CilType.Lval.t option} (** Should event be emitted after transfer function raises [Deadcode]? *) @@ -45,5 +45,5 @@ let pretty () = function | Assign {lval; exp} -> dprintf "Assign {lval=%a, exp=%a}" CilType.Lval.pretty lval CilType.Exp.pretty exp | UpdateExpSplit exp -> dprintf "UpdateExpSplit %a" d_exp exp | Assert exp -> dprintf "Assert %a" d_exp exp - | Unassume {exp; tokens} -> dprintf "Unassume {exp=%a; tokens=%a}" d_exp exp (d_list ", " WideningTokens0.Token.pretty) tokens + | Unassume {exp; tokens} -> dprintf "Unassume {exp=%a; tokens=%a}" d_exp exp (d_list ", " WideningToken.pretty) tokens | Longjmped {lval} -> dprintf "Longjmped {lval=%a}" (docOpt (CilType.Lval.pretty ())) lval diff --git a/src/framework/control.ml b/src/framework/control.ml index 1d0ebb869b..2566939817 100644 --- a/src/framework/control.ml +++ b/src/framework/control.ml @@ -39,7 +39,7 @@ let spec_module: (module Spec) Lazy.t = lazy ( |> lift (get_bool "ana.opt.hashcons") (module HashconsLifter) (* Widening tokens must be outside of hashcons, because widening token domain ignores token sets for identity, so hashcons doesn't allow adding tokens. Also must be outside of deadcode, because deadcode splits (like mutex lock event) don't pass on tokens. *) - |> lift (get_bool "ana.widen.tokens") (module WideningTokens.Lifter) + |> lift (get_bool "ana.widen.tokens") (module WideningTokenLifter.Lifter) |> lift true (module LongjmpLifter.Lifter) |> lift termination_enabled (module RecursionTermLifter.Lifter) (* Always activate the recursion termination analysis, when the loop termination analysis is activated*) ) diff --git a/src/goblint_lib.ml b/src/goblint_lib.ml index 91f9837419..d8fd408151 100644 --- a/src/goblint_lib.ml +++ b/src/goblint_lib.ml @@ -180,7 +180,8 @@ module SpecLifters = SpecLifters module LongjmpLifter = LongjmpLifter module RecursionTermLifter = RecursionTermLifter module ContextGasLifter = ContextGasLifter -module WideningTokens = WideningTokens +module WideningToken = WideningToken +module WideningTokenLifter = WideningTokenLifter module WitnessConstraints = WitnessConstraints diff --git a/src/lifters/wideningToken.ml b/src/lifters/wideningToken.ml new file mode 100644 index 0000000000..d780c4e793 --- /dev/null +++ b/src/lifters/wideningToken.ml @@ -0,0 +1,4 @@ +(** Widening token for {!WideningTokenLifter}. *) + +(* Change to variant type if need other tokens than witness UUIDs. *) +include Printable.Prod (Basetype.RawStrings) (Printable.Option (IntDomain.Integers (IntOps.NIntOps)) (struct let name = "None" end)) diff --git a/src/lifters/wideningTokens.ml b/src/lifters/wideningTokenLifter.ml similarity index 99% rename from src/lifters/wideningTokens.ml rename to src/lifters/wideningTokenLifter.ml index 4d60099d7e..634468a9ca 100644 --- a/src/lifters/wideningTokens.ml +++ b/src/lifters/wideningTokenLifter.ml @@ -6,7 +6,7 @@ @see Mihaila, B., Sepp, A. & Simon, A. Widening as Abstract Domain. *) -include WideningTokens0 +module Token = WideningToken (** Widening token set. *) module TS = SetDomain.ToppedSet (Token) (struct let topname = "Top" end) diff --git a/src/lifters/wideningTokens0.ml b/src/lifters/wideningTokens0.ml deleted file mode 100644 index dcbf77424e..0000000000 --- a/src/lifters/wideningTokens0.ml +++ /dev/null @@ -1,6 +0,0 @@ -(** Widening token. *) -module Token = -struct - (* Change to variant type if need other tokens than witness UUIDs. *) - include Printable.Prod (Basetype.RawStrings) (Printable.Option (IntDomain.Integers (IntOps.NIntOps)) (struct let name = "None" end)) -end From a2817445e67768d30ef86b2ece90b5f00d3ffee5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 9 Oct 2024 10:38:14 +0300 Subject: [PATCH 101/164] Improve widening token output --- src/lifters/wideningToken.ml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/lifters/wideningToken.ml b/src/lifters/wideningToken.ml index d780c4e793..0639521038 100644 --- a/src/lifters/wideningToken.ml +++ b/src/lifters/wideningToken.ml @@ -1,4 +1,16 @@ (** Widening token for {!WideningTokenLifter}. *) +module Uuid = +struct + include Basetype.RawStrings + let name () = "uuid" +end + +module Index = +struct + include Printable.Option (IntDomain.Integers (IntOps.NIntOps)) (struct let name = "None" end) + let name () = "index" +end + (* Change to variant type if need other tokens than witness UUIDs. *) -include Printable.Prod (Basetype.RawStrings) (Printable.Option (IntDomain.Integers (IntOps.NIntOps)) (struct let name = "None" end)) +include Printable.Prod (Uuid) (Index) From 2f5b50fa9081abda073a33b393ef33c282c1ebc4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 16 Oct 2024 16:51:40 +0300 Subject: [PATCH 102/164] Revert "Add hacky imaxabs sqrt refine support" This reverts commit f9765da81d64a99f77c385835c6c0a5c3db419da. --- src/analyses/baseInvariant.ml | 3 +-- tests/regression/39-signed-overflows/12-imaxabs-sqrt.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index d5b65a95f4..51a27e19f8 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -785,8 +785,7 @@ struct | TFloat (fk, _), FLongDouble | TFloat (FDouble as fk, _), FDouble | TFloat (FFloat as fk, _), FFloat -> inv_exp (Float (FD.cast_to fk c)) e st - | TInt (ik, _), _ -> inv_exp (Int (FD.to_int ik c)) e st (* TODO: is this cast refinement correct? *) - | t, fk -> fallback (fun () -> Pretty.dprintf "CastE: incompatible types %a and %a" CilType.Typ.pretty t CilType.Fkind.pretty fk) st) + | _ -> fallback (fun () -> Pretty.text "CastE: incompatible types") st) | CastE ((TInt (ik, _)) as t, e), Int c | CastE ((TEnum ({ekind = ik; _ }, _)) as t, e), Int c -> (* Can only meet the t part of an Lval in e with c (unless we meet with all overflow possibilities)! Since there is no good way to do this, we only continue if e has no values outside of t. *) (match eval e st with diff --git a/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c index 46512aed21..b121645b27 100644 --- a/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c +++ b/tests/regression/39-signed-overflows/12-imaxabs-sqrt.c @@ -6,7 +6,7 @@ int main() { int64_t data; if (data > (-0x7fffffffffffffff - 1) && imaxabs((intmax_t)data) <= sqrtl(0x7fffffffffffffffLL)) { - int64_t result = data * data; // NOWARN + int64_t result = data * data; // TODO NOWARN } return 8; } From f7a5afa966d6dc4b62748fdb1738f2b2aef2f844 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 16 Oct 2024 17:39:07 +0300 Subject: [PATCH 103/164] Add 39-signed-overflows/13-imaxabs-macos test --- .../39-signed-overflows/13-imaxabs-macos.c | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 tests/regression/39-signed-overflows/13-imaxabs-macos.c diff --git a/tests/regression/39-signed-overflows/13-imaxabs-macos.c b/tests/regression/39-signed-overflows/13-imaxabs-macos.c new file mode 100644 index 0000000000..745d5b74c4 --- /dev/null +++ b/tests/regression/39-signed-overflows/13-imaxabs-macos.c @@ -0,0 +1,25 @@ +//PARAM: --enable ana.int.interval --set ana.activated[+] tmpSpecial +// 39-signed-overflows/11-imaxabs, but with long long as int64_t instead (https://github.com/goblint/analyzer/pull/1519#issuecomment-2417032186). +#include +#include +#include +int main() { + long long data; + if (data > (-0x7fffffffffffffff - 1)) + { + if (imaxabs(data) < 100) + { + __goblint_check(data < 100); + __goblint_check(-100 < data); + long long result = data * data; // NOWARN + } + + if(imaxabs(data) <= 100) + { + __goblint_check(data <= 100); + __goblint_check(-100 <= data); + long long result = data * data; // NOWARN + } + } + return 8; +} From 62834684764e5e1bc88705f19c54fa22a0d35d64 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 16 Oct 2024 17:55:20 +0300 Subject: [PATCH 104/164] Unroll cast type in BaseInvariant --- src/analyses/baseInvariant.ml | 58 +++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index 51a27e19f8..52f0888d3f 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -777,33 +777,37 @@ struct | _ -> assert false end | Const _ , _ -> st (* nothing to do *) - | CastE ((TFloat (_, _)), e), Float c -> - (match unrollType (Cilfacade.typeOf e), FD.get_fkind c with - | TFloat (FLongDouble as fk, _), FFloat - | TFloat (FDouble as fk, _), FFloat - | TFloat (FLongDouble as fk, _), FDouble - | TFloat (fk, _), FLongDouble - | TFloat (FDouble as fk, _), FDouble - | TFloat (FFloat as fk, _), FFloat -> inv_exp (Float (FD.cast_to fk c)) e st - | _ -> fallback (fun () -> Pretty.text "CastE: incompatible types") st) - | CastE ((TInt (ik, _)) as t, e), Int c - | CastE ((TEnum ({ekind = ik; _ }, _)) as t, e), Int c -> (* Can only meet the t part of an Lval in e with c (unless we meet with all overflow possibilities)! Since there is no good way to do this, we only continue if e has no values outside of t. *) - (match eval e st with - | Int i -> - (match unrollType (Cilfacade.typeOf e) with - | (TInt(ik_e, _) as t') - | (TEnum ({ekind = ik_e; _ }, _) as t') -> - if VD.is_dynamically_safe_cast t t' (Int i) then - (* let c' = ID.cast_to ik_e c in *) - (* Suppressing overflow warnings as this is not a computation that comes from the program *) - let res_range = (ID.cast_to ~suppress_ovwarn:true ik (ID.top_of ik_e)) in - let c' = ID.cast_to ik_e (ID.meet c res_range) in (* TODO: cast without overflow, is this right for normal invariant? *) - if M.tracing then M.tracel "inv" "cast: %a from %a to %a: i = %a; cast c = %a to %a = %a" d_exp e d_ikind ik_e d_ikind ik ID.pretty i ID.pretty c d_ikind ik_e ID.pretty c'; - inv_exp (Int c') e st - else - fallback (fun () -> Pretty.dprintf "CastE: %a evaluates to %a which is bigger than the type it is cast to which is %a" d_plainexp e ID.pretty i CilType.Typ.pretty t) st - | x -> fallback (fun () -> Pretty.dprintf "CastE: e did evaluate to Int, but the type did not match %a" CilType.Typ.pretty t) st) - | v -> fallback (fun () -> Pretty.dprintf "CastE: e did not evaluate to Int, but %a" VD.pretty v) st) + | CastE (t, e), c_typed -> + begin match Cil.unrollType t, c_typed with + | TFloat (_, _), Float c -> + (match unrollType (Cilfacade.typeOf e), FD.get_fkind c with + | TFloat (FLongDouble as fk, _), FFloat + | TFloat (FDouble as fk, _), FFloat + | TFloat (FLongDouble as fk, _), FDouble + | TFloat (fk, _), FLongDouble + | TFloat (FDouble as fk, _), FDouble + | TFloat (FFloat as fk, _), FFloat -> inv_exp (Float (FD.cast_to fk c)) e st + | _ -> fallback (fun () -> Pretty.text "CastE: incompatible types") st) + | (TInt (ik, _) as t), Int c + | (TEnum ({ekind = ik; _ }, _) as t), Int c -> (* Can only meet the t part of an Lval in e with c (unless we meet with all overflow possibilities)! Since there is no good way to do this, we only continue if e has no values outside of t. *) + (match eval e st with + | Int i -> + (match unrollType (Cilfacade.typeOf e) with + | (TInt(ik_e, _) as t') + | (TEnum ({ekind = ik_e; _ }, _) as t') -> + if VD.is_dynamically_safe_cast t t' (Int i) then + (* let c' = ID.cast_to ik_e c in *) + (* Suppressing overflow warnings as this is not a computation that comes from the program *) + let res_range = (ID.cast_to ~suppress_ovwarn:true ik (ID.top_of ik_e)) in + let c' = ID.cast_to ik_e (ID.meet c res_range) in (* TODO: cast without overflow, is this right for normal invariant? *) + if M.tracing then M.tracel "inv" "cast: %a from %a to %a: i = %a; cast c = %a to %a = %a" d_exp e d_ikind ik_e d_ikind ik ID.pretty i ID.pretty c d_ikind ik_e ID.pretty c'; + inv_exp (Int c') e st + else + fallback (fun () -> Pretty.dprintf "CastE: %a evaluates to %a which is bigger than the type it is cast to which is %a" d_plainexp e ID.pretty i CilType.Typ.pretty t) st + | x -> fallback (fun () -> Pretty.dprintf "CastE: e did evaluate to Int, but the type did not match %a" CilType.Typ.pretty t) st) + | v -> fallback (fun () -> Pretty.dprintf "CastE: e did not evaluate to Int, but %a" VD.pretty v) st) + | _, _ -> fallback (fun () -> Pretty.dprintf "CastE: %a not implemented" d_plainexp (CastE (t, e))) st + end | e, _ -> fallback (fun () -> Pretty.dprintf "%a not implemented" d_plainexp e) st in if eval_bool exp st = Some (not tv) then contra st (* we already know that the branch is dead *) From e12d6df901069f353c7a2a9ff08dfd6130a6507b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 17 Oct 2024 15:26:28 +0300 Subject: [PATCH 105/164] Copy svcomp confs to svcomp25 --- conf/svcomp25-validate.json | 122 ++++++++++++++++++++++++++++++++++++ conf/svcomp25.json | 117 ++++++++++++++++++++++++++++++++++ 2 files changed, 239 insertions(+) create mode 100644 conf/svcomp25-validate.json create mode 100644 conf/svcomp25.json diff --git a/conf/svcomp25-validate.json b/conf/svcomp25-validate.json new file mode 100644 index 0000000000..f0e99057d1 --- /dev/null +++ b/conf/svcomp25-validate.json @@ -0,0 +1,122 @@ +{ + "ana": { + "sv-comp": { + "enabled": true, + "functions": true + }, + "int": { + "def_exc": true, + "enums": false, + "interval": true + }, + "float": { + "interval": true, + "evaluate_math_functions": true + }, + "activated": [ + "base", + "threadid", + "threadflag", + "threadreturn", + "mallocWrapper", + "mutexEvents", + "mutex", + "access", + "race", + "escape", + "expRelation", + "mhp", + "assert", + "var_eq", + "symb_locks", + "region", + "thread", + "threadJoins", + "abortUnless", + "unassume" + ], + "path_sens": [ + "mutex", + "malloc_null", + "uninit", + "expsplit", + "activeSetjmp", + "memLeak", + "threadflag" + ], + "context": { + "widen": false + }, + "base": { + "arrays": { + "domain": "partitioned" + } + }, + "race": { + "free": false, + "call": false + }, + "autotune": { + "enabled": true, + "activated": [ + "singleThreaded", + "mallocWrappers", + "noRecursiveIntervals", + "enums", + "congruence", + "octagon", + "wideningThresholds", + "loopUnrollHeuristic", + "memsafetySpecification", + "termination", + "tmpSpecialAnalysis" + ] + }, + "widen": { + "tokens": true + } + }, + "exp": { + "region-offsets": true + }, + "solver": "td3", + "sem": { + "unknown_function": { + "spawn": false + }, + "int": { + "signed_overflow": "assume_none" + }, + "null-pointer": { + "dereference": "assume_none" + } + }, + "witness": { + "graphml": { + "enabled": false + }, + "yaml": { + "enabled": false, + "strict": true, + "format-version": "2.0", + "entry-types": [ + "location_invariant", + "loop_invariant", + "invariant_set", + "violation_sequence" + ], + "invariant-types": [ + "location_invariant", + "loop_invariant" + ] + }, + "invariant": { + "loop-head": true, + "after-lock": true, + "other": true + } + }, + "pre": { + "enabled": false + } +} diff --git a/conf/svcomp25.json b/conf/svcomp25.json new file mode 100644 index 0000000000..aa3f625da9 --- /dev/null +++ b/conf/svcomp25.json @@ -0,0 +1,117 @@ +{ + "ana": { + "sv-comp": { + "enabled": true, + "functions": true + }, + "int": { + "def_exc": true, + "enums": false, + "interval": true + }, + "float": { + "interval": true, + "evaluate_math_functions": true + }, + "activated": [ + "base", + "threadid", + "threadflag", + "threadreturn", + "mallocWrapper", + "mutexEvents", + "mutex", + "access", + "race", + "escape", + "expRelation", + "mhp", + "assert", + "var_eq", + "symb_locks", + "region", + "thread", + "threadJoins", + "abortUnless" + ], + "path_sens": [ + "mutex", + "malloc_null", + "uninit", + "expsplit", + "activeSetjmp", + "memLeak", + "threadflag" + ], + "context": { + "widen": false + }, + "base": { + "arrays": { + "domain": "partitioned" + } + }, + "race": { + "free": false, + "call": false + }, + "autotune": { + "enabled": true, + "activated": [ + "singleThreaded", + "mallocWrappers", + "noRecursiveIntervals", + "enums", + "congruence", + "octagon", + "wideningThresholds", + "loopUnrollHeuristic", + "memsafetySpecification", + "termination", + "tmpSpecialAnalysis" + ] + } + }, + "exp": { + "region-offsets": true + }, + "solver": "td3", + "sem": { + "unknown_function": { + "spawn": false + }, + "int": { + "signed_overflow": "assume_none" + }, + "null-pointer": { + "dereference": "assume_none" + } + }, + "witness": { + "graphml": { + "enabled": true, + "id": "enumerate", + "unknown": false + }, + "yaml": { + "enabled": true, + "format-version": "2.0", + "entry-types": [ + "invariant_set" + ], + "invariant-types": [ + "loop_invariant" + ] + }, + "invariant": { + "loop-head": true, + "after-lock": false, + "other": false, + "accessed": false, + "exact": true + } + }, + "pre": { + "enabled": false + } +} From 6a973802a229367f7112637c0b37d5e979560a8d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 17 Oct 2024 15:28:42 +0300 Subject: [PATCH 106/164] Update sv-comp/archive.sh for 2025 --- scripts/sv-comp/archive.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/sv-comp/archive.sh b/scripts/sv-comp/archive.sh index 37fa2758d9..aefac8f769 100755 --- a/scripts/sv-comp/archive.sh +++ b/scripts/sv-comp/archive.sh @@ -4,7 +4,7 @@ make clean -git tag -m "SV-COMP 2024" svcomp24 +git tag -m "SV-COMP 2025" svcomp25 dune build --profile=release src/goblint.exe rm -f goblint @@ -32,8 +32,8 @@ zip goblint/scripts/sv-comp/goblint.zip \ goblint/lib/libboxD.so \ goblint/lib/libpolkaMPQ.so \ goblint/lib/LICENSE.APRON \ - goblint/conf/svcomp24.json \ - goblint/conf/svcomp24-validate.json \ + goblint/conf/svcomp25.json \ + goblint/conf/svcomp25-validate.json \ goblint/lib/libc/stub/include/assert.h \ goblint/lib/goblint/runtime/include/goblint.h \ goblint/lib/libc/stub/src/stdlib.c \ From d3c5d353cec4b9b875c5a3f12bc09647f4c03bcf Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 18 Oct 2024 12:20:55 +0300 Subject: [PATCH 107/164] Document SV-COMP bench-defs MR --- docs/developer-guide/releasing.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/developer-guide/releasing.md b/docs/developer-guide/releasing.md index 7530d9ad20..aca0749eb9 100644 --- a/docs/developer-guide/releasing.md +++ b/docs/developer-guide/releasing.md @@ -77,6 +77,8 @@ This includes: git tag name, git tag message and zipped conf file. +5. Open MR with conf file name to the [bench-defs](https://gitlab.com/sosy-lab/sv-comp/bench-defs) repository. + ### For each prerun 1. Update opam pins: From b1095fbd71b7360e1a6d7a7d8b9bcc3b790b3bef Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 6 Nov 2024 11:32:06 +0200 Subject: [PATCH 108/164] Add more precise YAML witness generation summary --- src/witness/yamlWitness.ml | 13 ++++++++++++ .../03-practical/35-base-mutex-macos.t | 3 +++ tests/regression/13-privatized/01-priv_nr.t | 9 ++++++++ .../regression/36-apron/12-traces-min-rpb1.t | 3 +++ tests/regression/36-apron/52-queuesize.t | 6 ++++++ .../11-unrolled-loop-invariant.t | 3 +++ tests/regression/56-witness/05-prec-problem.t | 3 +++ .../56-witness/08-witness-all-locals.t | 6 ++++++ .../56-witness/46-top-bool-invariant.t | 21 +++++++++++++++++++ .../56-witness/47-top-int-invariant.t | 21 +++++++++++++++++++ tests/regression/cfg/foo.t/run.t | 3 +++ tests/regression/cfg/issue-1356.t/run.t | 3 +++ tests/regression/cfg/loops.t/run.t | 3 +++ tests/regression/cfg/pr-758.t/run.t | 3 +++ tests/regression/witness/int.t/run.t | 3 +++ tests/regression/witness/typedef.t/run.t | 6 ++++++ 16 files changed, 109 insertions(+) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 2bdd2ced4c..bc31797688 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -249,6 +249,11 @@ struct let entries = [] in + let cnt_loop_invariant = ref 0 in + let cnt_location_invariant = ref 0 in + let cnt_flow_insensitive_invariant = ref 0 in + (* TODO: precondition invariants? *) + (* Generate location invariants (without precondition) *) let entries = if entry_type_enabled YamlWitnessType.LocationInvariant.entry_type then ( @@ -268,6 +273,7 @@ struct List.fold_left (fun acc inv -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.location_invariant ~task ~location ~invariant in + incr cnt_location_invariant; entry :: acc ) acc invs | `Bot | `Top -> (* TODO: 0 for bot (dead code)? *) @@ -297,6 +303,7 @@ struct List.fold_left (fun acc inv -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.loop_invariant ~task ~location ~invariant in + incr cnt_loop_invariant; entry :: acc ) acc invs | `Bot | `Top -> (* TODO: 0 for bot (dead code)? *) @@ -322,6 +329,7 @@ struct List.fold_left (fun acc inv -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.flow_insensitive_invariant ~task ~invariant in + incr cnt_flow_insensitive_invariant; entry :: acc ) acc invs | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) @@ -459,6 +467,7 @@ struct List.fold_left (fun acc inv -> let invariant = CilType.Exp.show inv in let invariant = Entry.location_invariant' ~location ~invariant in + incr cnt_location_invariant; invariant :: acc ) acc invs | `Bot | `Top -> (* TODO: 0 for bot (dead code)? *) @@ -488,6 +497,7 @@ struct List.fold_left (fun acc inv -> let invariant = CilType.Exp.show inv in let invariant = Entry.loop_invariant' ~location ~invariant in + incr cnt_loop_invariant; invariant :: acc ) acc invs | `Bot | `Top -> (* TODO: 0 for bot (dead code)? *) @@ -512,6 +522,9 @@ struct let yaml_entries = List.rev_map YamlWitnessType.Entry.to_yaml entries in (* reverse to make entries in file in the same order as generation messages *) M.msg_group Info ~category:Witness "witness generation summary" [ + (Pretty.dprintf "location invariants: %d" !cnt_location_invariant, None); + (Pretty.dprintf "loop invariants: %d" !cnt_loop_invariant, None); + (Pretty.dprintf "flow-insensitive invariants: %d" !cnt_flow_insensitive_invariant, None); (Pretty.dprintf "total generation entries: %d" (List.length yaml_entries), None); ]; diff --git a/tests/regression/03-practical/35-base-mutex-macos.t b/tests/regression/03-practical/35-base-mutex-macos.t index 9e5f36d337..1d8a184d4c 100644 --- a/tests/regression/03-practical/35-base-mutex-macos.t +++ b/tests/regression/03-practical/35-base-mutex-macos.t @@ -4,6 +4,9 @@ dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 1 There should be no invariants about __sig. diff --git a/tests/regression/13-privatized/01-priv_nr.t b/tests/regression/13-privatized/01-priv_nr.t index bbc285098a..0186709027 100644 --- a/tests/regression/13-privatized/01-priv_nr.t +++ b/tests/regression/13-privatized/01-priv_nr.t @@ -10,6 +10,9 @@ dead: 0 total lines: 19 [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 @@ -64,6 +67,9 @@ dead: 0 total lines: 19 [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 @@ -118,6 +124,9 @@ dead: 0 total lines: 19 [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index 5060f505d9..d0cebd6d1c 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -13,6 +13,9 @@ write with [lock:{A}, thread:[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:14:3-14:8) read with [mhp:{created={[main, t_fun@12-traces-min-rpb1.c:25:3-25:40]}}, thread:[main]] (conf. 110) (exp: & g) (12-traces-min-rpb1.c:27:3-27:26) [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 [Info][Race] Memory locations race summary: safe: 0 diff --git a/tests/regression/36-apron/52-queuesize.t b/tests/regression/36-apron/52-queuesize.t index 62851f2ec9..f0a977891a 100644 --- a/tests/regression/36-apron/52-queuesize.t +++ b/tests/regression/36-apron/52-queuesize.t @@ -37,6 +37,9 @@ Without diff-box: [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:56:10-56:11) [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:78:12-78:13) [Info][Witness] witness generation summary: + location invariants: 8 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 8 [Info][Race] Memory locations race summary: safe: 3 @@ -173,6 +176,9 @@ With diff-box: [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:56:10-56:11) [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (52-queuesize.c:78:12-78:13) [Info][Witness] witness generation summary: + location invariants: 6 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 6 [Info][Race] Memory locations race summary: safe: 3 diff --git a/tests/regression/55-loop-unrolling/11-unrolled-loop-invariant.t b/tests/regression/55-loop-unrolling/11-unrolled-loop-invariant.t index 3a3b7c43cf..860ffae3bd 100644 --- a/tests/regression/55-loop-unrolling/11-unrolled-loop-invariant.t +++ b/tests/regression/55-loop-unrolling/11-unrolled-loop-invariant.t @@ -211,6 +211,9 @@ [Warning][Deadcode][CWE-571] condition 'k < 100' (possibly inserted by CIL) is always true (11-unrolled-loop-invariant.c:9:12-9:19) [Warning][Deadcode][CWE-571] condition 'j < 10' (possibly inserted by CIL) is always true (11-unrolled-loop-invariant.c:8:10-8:16) [Info][Witness] witness generation summary: + location invariants: 11 + loop invariants: 5 + flow-insensitive invariants: 0 total generation entries: 16 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/56-witness/05-prec-problem.t b/tests/regression/56-witness/05-prec-problem.t index 733f16269e..51f92ca203 100644 --- a/tests/regression/56-witness/05-prec-problem.t +++ b/tests/regression/56-witness/05-prec-problem.t @@ -6,6 +6,9 @@ total lines: 13 [Warning][Deadcode][CWE-570] condition '0' (possibly inserted by CIL) is always false (05-prec-problem.c:13:12-13:13) [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 6 TODO: Don't generate duplicate entries from each context: should have generated just 3. diff --git a/tests/regression/56-witness/08-witness-all-locals.t b/tests/regression/56-witness/08-witness-all-locals.t index fc4462201d..fe6aefefbd 100644 --- a/tests/regression/56-witness/08-witness-all-locals.t +++ b/tests/regression/56-witness/08-witness-all-locals.t @@ -4,6 +4,9 @@ dead: 0 total lines: 4 [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 $ yamlWitnessStrip < witness.yml @@ -50,6 +53,9 @@ Fewer entries are emitted if locals from nested block scopes are excluded: dead: 0 total lines: 4 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/56-witness/46-top-bool-invariant.t b/tests/regression/56-witness/46-top-bool-invariant.t index 741b00966f..be41ef58f2 100644 --- a/tests/regression/56-witness/46-top-bool-invariant.t +++ b/tests/regression/56-witness/46-top-bool-invariant.t @@ -6,6 +6,9 @@ def_exc only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -40,6 +43,9 @@ interval only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -74,6 +80,9 @@ enums only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 1 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 1 $ yamlWitnessStrip < witness.yml @@ -97,6 +106,9 @@ congruence only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 0 $ yamlWitnessStrip < witness.yml @@ -110,6 +122,9 @@ interval_set only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -144,6 +159,9 @@ all: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 1 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 1 $ yamlWitnessStrip < witness.yml @@ -167,6 +185,9 @@ all without inexact-type-bounds: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 0 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/56-witness/47-top-int-invariant.t b/tests/regression/56-witness/47-top-int-invariant.t index cdfe65673f..35d5978c00 100644 --- a/tests/regression/56-witness/47-top-int-invariant.t +++ b/tests/regression/56-witness/47-top-int-invariant.t @@ -6,6 +6,9 @@ def_exc only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -40,6 +43,9 @@ interval only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -74,6 +80,9 @@ enums only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -108,6 +117,9 @@ congruence only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 0 $ yamlWitnessStrip < witness.yml @@ -121,6 +133,9 @@ interval_set only: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -155,6 +170,9 @@ all: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 2 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 2 $ yamlWitnessStrip < witness.yml @@ -189,6 +207,9 @@ all without inexact-type-bounds: dead: 0 total lines: 2 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 0 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/cfg/foo.t/run.t b/tests/regression/cfg/foo.t/run.t index cd890b7a19..19873d7540 100644 --- a/tests/regression/cfg/foo.t/run.t +++ b/tests/regression/cfg/foo.t/run.t @@ -67,6 +67,9 @@ total lines: 6 [Warning][Deadcode][CWE-571] condition 'a > 0' (possibly inserted by CIL) is always true (foo.c:3:10-3:20) [Info][Witness] witness generation summary: + location invariants: 8 + loop invariants: 2 + flow-insensitive invariants: 0 total generation entries: 10 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/cfg/issue-1356.t/run.t b/tests/regression/cfg/issue-1356.t/run.t index aee9456b61..d1fcb3c7ef 100644 --- a/tests/regression/cfg/issue-1356.t/run.t +++ b/tests/regression/cfg/issue-1356.t/run.t @@ -99,6 +99,9 @@ dead: 0 total lines: 13 [Info][Witness] witness generation summary: + location invariants: 0 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 0 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/cfg/loops.t/run.t b/tests/regression/cfg/loops.t/run.t index 6596e7b4a4..1fd19b41fe 100644 --- a/tests/regression/cfg/loops.t/run.t +++ b/tests/regression/cfg/loops.t/run.t @@ -219,6 +219,9 @@ dead: 0 total lines: 20 [Info][Witness] witness generation summary: + location invariants: 32 + loop invariants: 21 + flow-insensitive invariants: 0 total generation entries: 53 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/cfg/pr-758.t/run.t b/tests/regression/cfg/pr-758.t/run.t index 58bbb88ce4..082c63e860 100644 --- a/tests/regression/cfg/pr-758.t/run.t +++ b/tests/regression/cfg/pr-758.t/run.t @@ -93,6 +93,9 @@ dead: 0 total lines: 6 [Info][Witness] witness generation summary: + location invariants: 10 + loop invariants: 2 + flow-insensitive invariants: 0 total generation entries: 12 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/witness/int.t/run.t b/tests/regression/witness/int.t/run.t index 6b4784ce32..9448ac7855 100644 --- a/tests/regression/witness/int.t/run.t +++ b/tests/regression/witness/int.t/run.t @@ -7,6 +7,9 @@ dead: 0 total lines: 10 [Info][Witness] witness generation summary: + location invariants: 3 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 3 $ yamlWitnessStrip < witness.yml diff --git a/tests/regression/witness/typedef.t/run.t b/tests/regression/witness/typedef.t/run.t index 55dcc1f911..f9fac0c743 100644 --- a/tests/regression/witness/typedef.t/run.t +++ b/tests/regression/witness/typedef.t/run.t @@ -4,6 +4,9 @@ dead: 0 total lines: 6 [Info][Witness] witness generation summary: + location invariants: 13 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 13 $ yamlWitnessStrip < witness.yml @@ -157,6 +160,9 @@ dead: 0 total lines: 6 [Info][Witness] witness generation summary: + location invariants: 14 + loop invariants: 0 + flow-insensitive invariants: 0 total generation entries: 14 $ yamlWitnessStrip < witness.yml From 77190828a810819b5b607c59d1553fc713b1be9d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 6 Nov 2024 11:45:13 +0200 Subject: [PATCH 109/164] Add witness.yaml.strict option description --- src/config/options.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 447290b44d..9c1f9e1e76 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2659,7 +2659,7 @@ }, "strict": { "title": "witness.yaml.strict", - "description": "", + "description": "Fail YAML witness validation if there's an error/unsupported/disabled entry.", "type": "boolean", "default": false }, From 546a8d04ede0d6646e1d5b20095c0ae5e2f0a78b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 6 Nov 2024 11:49:17 +0200 Subject: [PATCH 110/164] Update YAML witness validation result for refutation under new scoring schema --- src/witness/yamlWitness.ml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index bc31797688..1a8c536da5 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -892,7 +892,9 @@ struct | true when !cnt_disabled > 0 -> Error "witness disabled" | _ when !cnt_refuted > 0 -> - Ok (Svcomp.Result.False None) + (* Refuted only when assuming the invariant is reachable. *) + (* Ok (Svcomp.Result.False None) *) (* Wasn't a problem because valid*->correctness->false gave 0 points under old validator track scoring schema: https://doi.org/10.1007/978-3-031-22308-2_8. *) + Ok Svcomp.Result.Unknown (* Now valid*->correctness->false gives 1p (negative) points under new validator track scoring schema: https://doi.org/10.1007/978-3-031-57256-2_15. *) | _ when !cnt_unconfirmed > 0 -> Ok Unknown | _ -> From 2048122f114dd24acaa0ff8b4fbd431d92c291f8 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 6 Nov 2024 11:57:42 +0200 Subject: [PATCH 111/164] Fix YAML witness validate/unassume error with empty (unparsable) path Raised an obscure Invalid_argument exception instead. --- src/analyses/unassumeAnalysis.ml | 2 +- src/witness/yamlWitness.ml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyses/unassumeAnalysis.ml b/src/analyses/unassumeAnalysis.ml index 615dbd3266..707e0f4820 100644 --- a/src/analyses/unassumeAnalysis.ml +++ b/src/analyses/unassumeAnalysis.ml @@ -71,7 +71,7 @@ struct | _ -> () ); - let yaml = match Yaml_unix.of_file (Fpath.v (GobConfig.get_string "witness.yaml.unassume")) with + let yaml = match GobResult.Syntax.(Fpath.of_string (GobConfig.get_string "witness.yaml.unassume") >>= Yaml_unix.of_file) with | Ok yaml -> yaml | Error (`Msg m) -> Logs.error "Yaml_unix.of_file: %s" m; diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 1a8c536da5..06e355068e 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -608,7 +608,7 @@ struct let inv_parser = InvariantParser.create FileCfg.file in - let yaml = match Yaml_unix.of_file (Fpath.v (GobConfig.get_string "witness.yaml.validate")) with + let yaml = match GobResult.Syntax.(Fpath.of_string (GobConfig.get_string "witness.yaml.validate") >>= Yaml_unix.of_file) with | Ok yaml -> yaml | Error (`Msg m) -> Logs.error "Yaml_unix.of_file: %s" m; From f2f0c12d0a3ba6946430c467f812b72acc8ad4e0 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Nov 2024 10:48:10 +0200 Subject: [PATCH 112/164] Error on must-relocking of non-recursive mutex mayLocks analysis can warn on it, but mutex analysis can be definite about it. --- src/analyses/mutexAnalysis.ml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/analyses/mutexAnalysis.ml b/src/analyses/mutexAnalysis.ml index 9b6aa4f4ca..a608b3b6e3 100644 --- a/src/analyses/mutexAnalysis.ml +++ b/src/analyses/mutexAnalysis.ml @@ -121,14 +121,17 @@ struct let add ctx ((addr, rw): AddrRW.t): D.t = match addr with - | Addr mv -> + | Addr ((v, o) as mv) -> let (s, m) = ctx.local in let s' = MustLocksetRW.add_mval_rw (mv, rw) s in let m' = - if MutexTypeAnalysis.must_be_recursive ctx mv then - MustMultiplicity.increment mv m - else + match ctx.ask (Queries.MutexType (v, Offset.Unit.of_offs o)) with + | `Lifted Recursive -> MustMultiplicity.increment mv m + | `Lifted NonRec -> + if MustLocksetRW.mem_mval mv s then + M.error ~category:M.Category.Behavior.Undefined.double_locking "Acquiring a non-recursive mutex that is already held"; m + | `Bot | `Top -> m in (s', m') | NullPtr -> From 8d8b6752af3d23260a9c5ab080eb26bdf740006d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 14 Nov 2024 17:40:49 +0200 Subject: [PATCH 113/164] Remove outdated comments about new __VERIFIER_nondet functions --- lib/sv-comp/stub/src/sv-comp.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/sv-comp/stub/src/sv-comp.c b/lib/sv-comp/stub/src/sv-comp.c index 12c04125d6..469a641e73 100644 --- a/lib/sv-comp/stub/src/sv-comp.c +++ b/lib/sv-comp/stub/src/sv-comp.c @@ -35,10 +35,10 @@ __VERIFIER_nondet2(unsigned int, u32) __VERIFIER_nondet2(unsigned short int, u16) // not in rules __VERIFIER_nondet2(unsigned char, u8) // not in rules __VERIFIER_nondet2(unsigned char, unsigned_char) // not in rules -__VERIFIER_nondet2(long long, longlong) // not in rules yet (https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks/-/issues/1341) -__VERIFIER_nondet2(unsigned long long, ulonglong) // not in rules yet (https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks/-/issues/1341) -__VERIFIER_nondet2(__uint128_t, uint128) // not in rules yet (https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks/-/issues/1341) -__VERIFIER_nondet2(__int128_t, int128) // not in rules yet (https://gitlab.com/sosy-lab/benchmarking/sv-benchmarks/-/issues/1341) +__VERIFIER_nondet2(long long, longlong) +__VERIFIER_nondet2(unsigned long long, ulonglong) +__VERIFIER_nondet2(__uint128_t, uint128) +__VERIFIER_nondet2(__int128_t, int128) __VERIFIER_nondet2(unsigned char, uchar) __VERIFIER_nondet2(unsigned int, uint) __VERIFIER_nondet2(unsigned long, ulong) From 6a05022657c9da91e90cea46c0c420650a77fb16 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 18 Nov 2024 13:37:44 +0200 Subject: [PATCH 114/164] Add initial CHANGELOG for SV-COMP 2025 --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 420cc7145e..6e9fe29306 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## v2.5.0 (unreleased) +Functionally equivalent to Goblint in SV-COMP 2025. + +### SV-COMP 2025 +* Improve invariants (#1361, #1362, #1375, #1328, #1493, #1356). +* Simplify invariants (#1436, #1517). +* Improve YAML witness locations (#1355, #1372, #1400, #1403). +* Improve autotuner (#1469, #1450, #1612, #1604, #1181). +* Loop unrolling (#1582, #1583, #1584, #1516, #1590, #1595, #1599). +* Add abortUnless to svcomp (#1464). +* Fix spurious overflow warnings (#1511). +* Add primitive YAML violation witness rejection (#1301, #1512). +* Machdep support (#54, #1574). + ## v2.4.0 * Remove unmaintained analyses: spec, file (#1281). * Add linear two-variable equalities analysis (#1297, #1412, #1466). From 152ebb633d32275d8cb9924fd54541c2ac64917b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 18 Nov 2024 13:51:22 +0200 Subject: [PATCH 115/164] Add initial CHANGELOG for v2.5.0 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e9fe29306..aec84573cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ ## v2.5.0 (unreleased) Functionally equivalent to Goblint in SV-COMP 2025. +* Cleanup (#1095, #1523, #1554, #1575, #1588, #1597, #1614). +* Reduce hash collisions (#1594, #1602). +* Context gas per function (#1569, #1570, #1598). + ### SV-COMP 2025 * Improve invariants (#1361, #1362, #1375, #1328, #1493, #1356). * Simplify invariants (#1436, #1517). From 64981452f455f42cef61de0ab044f3131497db6d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Mon, 18 Nov 2024 14:08:10 +0200 Subject: [PATCH 116/164] Add CHANGELOG for v2.5.0 --- CHANGELOG.md | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aec84573cf..cf6a8aa781 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,13 @@ ## v2.5.0 (unreleased) Functionally equivalent to Goblint in SV-COMP 2025. -* Cleanup (#1095, #1523, #1554, #1575, #1588, #1597, #1614). -* Reduce hash collisions (#1594, #1602). -* Context gas per function (#1569, #1570, #1598). - -### SV-COMP 2025 -* Improve invariants (#1361, #1362, #1375, #1328, #1493, #1356). -* Simplify invariants (#1436, #1517). -* Improve YAML witness locations (#1355, #1372, #1400, #1403). -* Improve autotuner (#1469, #1450, #1612, #1604, #1181). -* Loop unrolling (#1582, #1583, #1584, #1516, #1590, #1595, #1599). -* Add abortUnless to svcomp (#1464). -* Fix spurious overflow warnings (#1511). -* Add primitive YAML violation witness rejection (#1301, #1512). -* Machdep support (#54, #1574). +* Add 32bit vs 64bit architecture support (#54, #1574). +* Add per-function context gas analysis (#1569, #1570, #1598). +* Adapt automatic static loop unrolling (#1516, #1582, #1583, #1584, #1590, #1595, #1599). +* Adapt automatic configuration tuning (#1450, #1612, #1181, #1604). +* Simplify non-relational integer invariants in witnesses (#1517). +* Fix excessive hash collisions (#1594, #1602). +* Clean up various code (#1095, #1523, #1554, #1575, #1588, #1597, #1614). ## v2.4.0 * Remove unmaintained analyses: spec, file (#1281). @@ -28,7 +21,7 @@ Functionally equivalent to Goblint in SV-COMP 2025. * Fix mutex type analysis unsoundness and enable it by default (#1414, #1416, #1510). * Add points-to set refinement on mutex path splitting (#1287, #1343, #1374, #1396, #1407). * Improve narrowing operators (#1502, #1540, #1543). -* Extract automatic configuration tuning for soundness (#1369). +* Extract automatic configuration tuning for soundness (#1469). * Fix many locations in witnesses (#1355, #1372, #1400, #1403). * Improve output readability (#1294, #1312, #1405, #1497). * Refactor logging (#1117). From ced56ca4882ae5c461d1a7aefd435e814283c02a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:06:41 +0200 Subject: [PATCH 117/164] Document YamlEntryGlobal and InvariantGlobalNodes queries --- src/domains/queries.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/domains/queries.ml b/src/domains/queries.ml index 5436e5f7e0..e3a0a3e776 100644 --- a/src/domains/queries.ml +++ b/src/domains/queries.ml @@ -131,9 +131,9 @@ type _ t = | TmpSpecial: Mval.Exp.t -> ML.t t | MaySignedOverflow: exp -> MayBool.t t | GasExhausted: MustBool.t t - | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t + | YamlEntryGlobal: Obj.t * YamlWitnessType.Task.t -> YS.t t (** YAML witness entries for a global unknown ([Obj.t] represents [Spec.V.t]) and YAML witness task. *) | GhostVarAvailable: WitnessGhostVar.t -> MayBool.t t - | InvariantGlobalNodes: NS.t t (* TODO: V.t argument? *) + | InvariantGlobalNodes: NS.t t (** Nodes where YAML witness flow-insensitive invariants should be emitted as location invariants (if [witness.invariant.flow_insensitive-as] is configured to do so). *) (* [Spec.V.t] argument (as [Obj.t]) could be added, if this should be different for different flow-insensitive invariants. *) type 'a result = 'a From 969b87a02e7e956beb8911dc753c42918510a48d Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:10:38 +0200 Subject: [PATCH 118/164] Replace privatization invariant_global mutex_inits TODO with comment --- src/analyses/apron/relationPriv.apron.ml | 2 +- src/analyses/basePriv.ml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index 9b25abb371..abaaa0d9b8 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -722,7 +722,7 @@ struct let one_var = GobConfig.get_bool "ana.relation.invariant.one-var" in let exact = GobConfig.get_bool "witness.invariant.exact" in - let rel = keep_only_protected_globals ask m' (get_m_with_mutex_inits ask getg m') in (* TODO: disjunct with mutex_inits instead of join? *) + let rel = keep_only_protected_globals ask m' (get_m_with_mutex_inits ask getg m') in (* Could be more precise if mutex_inits invariant is added by disjunction instead of joining abstract values. *) let inv = RD.invariant rel |> List.enum diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 347a365778..7a67d0e0fc 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -250,7 +250,7 @@ struct let invariant_global ask getg = function | `Right g' -> (* global *) - ValueDomain.invariant_global (read_unprotected_global getg) g' (* TODO: disjunct with mutex_inits instead of join? *) + ValueDomain.invariant_global (read_unprotected_global getg) g' (* Could be more precise if mutex_inits invariant is added by disjunction instead of joining abstract values. *) | _ -> (* mutex *) Invariant.none @@ -343,7 +343,7 @@ struct | `Left m' -> (* mutex *) let atomic = LockDomain.MustLock.equal m' (LockDomain.MustLock.of_var LibraryFunctions.verifier_atomic_var) in if atomic || ask.f (GhostVarAvailable (Locked m')) then ( - let cpa = get_m_with_mutex_inits ask getg m' in (* TODO: disjunct with mutex_inits instead of join? *) + let cpa = get_m_with_mutex_inits ask getg m' in (* Could be more precise if mutex_inits invariant is added by disjunction instead of joining abstract values. *) let inv = CPA.fold (fun v _ acc -> if ask.f (MustBeProtectedBy {mutex = m'; global = v; write = true; protection = Strong}) then let inv = ValueDomain.invariant_global (fun g -> CPA.find g cpa) v in @@ -704,7 +704,7 @@ struct let invariant_global ask getg = function | `Middle g -> (* global *) - ValueDomain.invariant_global (read_unprotected_global getg) g (* TODO: disjunct with mutex_inits instead of join? *) + ValueDomain.invariant_global (read_unprotected_global getg) g (* Could be more precise if mutex_inits invariant is added by disjunction instead of joining abstract values. *) | `Left _ | `Right _ -> (* mutex or thread *) Invariant.none From 4940658a23799a16f78731570ca9921ff8f2b0f2 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:15:27 +0200 Subject: [PATCH 119/164] Apply suggestions from code review Co-authored-by: Julian Erhard --- src/analyses/mutexGhosts.ml | 1 - src/witness/witnessGhostVar.ml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 09afc41baa..87e7281028 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -10,7 +10,6 @@ struct include UnitAnalysis.Spec let name () = "mutexGhosts" - (* module ThreadCreate = Printable.UnitConf (struct let name = "threadcreate" end) *) module V = struct include Printable.Either3 (Node) (LockDomain.MustLock) (BoolDomain.Bool) diff --git a/src/witness/witnessGhostVar.ml b/src/witness/witnessGhostVar.ml index 82813b4a65..0d71909ba0 100644 --- a/src/witness/witnessGhostVar.ml +++ b/src/witness/witnessGhostVar.ml @@ -35,9 +35,9 @@ include Printable.SimpleShow (struct let describe_varinfo _ _ = "" let typ = function - | Locked _ -> GoblintCil.intType + | Locked _ | Multithreaded -> GoblintCil.intType let initial = function - | Locked _ -> GoblintCil.zero + | Locked _ | Multithreaded -> GoblintCil.zero From 09045bc232f7cf0e36389534eb3fc5e56e1d81d7 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:32:17 +0200 Subject: [PATCH 120/164] Add nontrivial condition for querying YamlEntryGlobal at all --- src/witness/yamlWitness.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index f8890d8eaa..ec83fa04fb 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -397,7 +397,7 @@ struct (* Generate flow-insensitive entries (ghost variables and ghost updates) *) let entries = - if true then ( + if (entry_type_enabled YamlWitnessType.GhostVariable.entry_type && entry_type_enabled YamlWitnessType.GhostUpdate.entry_type) || entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type then ( GHT.fold (fun g v acc -> match g with | `Left g -> (* Spec global *) From 3a07c1615d9a4888a0e972fc6da69719d91e9fb6 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:47:07 +0200 Subject: [PATCH 121/164] Remove old unnecessary branching from ghost_update YAML witness entries --- src/witness/yamlWitnessType.ml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 7834951892..fa2d55d2c2 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -464,7 +464,6 @@ struct variable: string; expression: string; location: Location.t; - (* TODO: branching? *) } [@@deriving eq, ord, hash] From 9a3a338287664b9697bf2eaa0eca378bd5be247b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 10:53:46 +0200 Subject: [PATCH 122/164] Implement YamlWitnessType.Entry pretty-printing --- src/witness/yamlWitnessType.ml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index fa2d55d2c2..6ec133c7d6 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -693,12 +693,6 @@ struct let name () = "YAML entry" - let show _ = "TODO" - include Printable.SimpleShow (struct - type nonrec t = t - let show = show - end) - let to_yaml {entry_type; metadata} = `O ([ ("entry_type", `String (EntryType.entry_type entry_type)); @@ -710,4 +704,10 @@ struct let+ metadata = y |> find "metadata" >>= Metadata.of_yaml and+ entry_type = y |> EntryType.of_yaml in {entry_type; metadata} + + let pp ppf x = Yaml.pp ppf (to_yaml x) + include Printable.SimpleFormat (struct + type nonrec t = t + let pp = pp + end) end From 34277e041b43c093d2d635a586e10686c35a3f8e Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 11:24:42 +0200 Subject: [PATCH 123/164] Use sets instead of BatList.mem_cmp for deduplicating ghost witness variables --- src/analyses/mutexGhosts.ml | 19 ++++++------------- src/witness/yamlWitness.ml | 19 ++++++++++--------- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 87e7281028..6542ab3607 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -114,6 +114,8 @@ struct let ghost_var_available ctx v = WitnessGhost.enabled () && ghost_var_available ctx v + module VariableSet = Set.Make (YamlWitnessType.GhostInstrumentation.Variable) + let query ctx (type a) (q: a Queries.t): a Queries.result = match q with | GhostVarAvailable v -> ghost_var_available ctx v @@ -173,15 +175,11 @@ struct let (variables, location_updates) = NodeSet.fold (fun node (variables, location_updates) -> let (locked, unlocked, multithread) = G.node (ctx.global (V.node node)) in let variables' = - (* TODO: do variable_entry-s only once *) Locked.fold (fun l acc -> match mustlock_of_addr l with | Some l when ghost_var_available ctx (Locked l) -> let variable = WitnessGhost.variable' (Locked l) in - if BatList.mem_cmp YamlWitnessType.GhostInstrumentation.Variable.compare variable acc then (* TODO: be efficient *) - acc - else - variable :: acc + VariableSet.add variable acc | _ -> acc ) (Locked.union locked unlocked) variables @@ -211,12 +209,7 @@ struct if ghost_var_available ctx Multithreaded then ( let variable = WitnessGhost.variable' Multithreaded in let update = WitnessGhost.update' Multithreaded GoblintCil.one in - let variables' = - if BatList.mem_cmp YamlWitnessType.GhostInstrumentation.Variable.compare variable variables' then (* TODO: be efficient *) - variables' - else - variable :: variables' - in + let variables' = VariableSet.add variable variables' in (variables', update :: updates) ) else @@ -227,9 +220,9 @@ struct in let location_update = WitnessGhost.location_update' ~node ~updates in (variables', location_update :: location_updates) - ) nodes ([], []) + ) nodes (VariableSet.empty, []) in - let entry = WitnessGhost.instrumentation_entry ~task ~variables ~location_updates in + let entry = WitnessGhost.instrumentation_entry ~task ~variables:(VariableSet.elements variables) ~location_updates in Queries.YS.singleton entry | `Left _ -> Queries.Result.top q | `Middle _ -> Queries.Result.top q diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index ec83fa04fb..a044750a79 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -398,23 +398,24 @@ struct (* Generate flow-insensitive entries (ghost variables and ghost updates) *) let entries = if (entry_type_enabled YamlWitnessType.GhostVariable.entry_type && entry_type_enabled YamlWitnessType.GhostUpdate.entry_type) || entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type then ( - GHT.fold (fun g v acc -> + let module EntrySet = Queries.YS in + fst @@ GHT.fold (fun g v accs -> match g with | `Left g -> (* Spec global *) begin match R.ask_global (YamlEntryGlobal (Obj.repr g, task)) with | `Lifted _ as inv -> - Queries.YS.fold (fun entry acc -> - if BatList.mem_cmp YamlWitnessType.Entry.compare entry acc then (* TODO: be efficient *) - acc + Queries.YS.fold (fun entry (acc, acc') -> + if EntrySet.mem entry acc' then (* deduplicate only with other global entries because local ones have different locations anyway *) + accs else - entry :: acc - ) inv acc + (entry :: acc, EntrySet.add entry acc') + ) inv accs | `Top -> - acc + accs end | `Right _ -> (* contexts global *) - acc - ) gh entries + accs + ) gh (entries, EntrySet.empty ()) ) else entries From 7929d633ee5dc3e30c3607596850bcb64995352f Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 11:48:58 +0200 Subject: [PATCH 124/164] Extract fold_flow_insensitive_as_location in YamlWitness to deduplicate code --- src/witness/yamlWitness.ml | 56 ++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 30 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index a044750a79..b0ffac5852 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -353,6 +353,22 @@ struct let invariant_global_nodes = lazy (R.ask_global InvariantGlobalNodes) in + let fold_flow_insensitive_as_location ~inv f acc = + (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) + let invs = WitnessUtil.InvariantExp.process_exp inv in + Queries.NS.fold (fun n acc -> + let fundec = Node.find_fundec n in + match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) + | Some loc -> + let location_function = fundec.svar.vname in + let location = Entry.location ~location:loc ~location_function in + List.fold_left (fun acc inv -> + f ~location ~inv acc + ) acc invs + | None -> acc + ) (Lazy.force invariant_global_nodes) acc + in + (* Generate flow-insensitive invariants *) let entries = if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type then ( @@ -368,21 +384,11 @@ struct entry :: acc ) acc invs | `Lifted inv, "location_invariant" -> - (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) - let invs = WitnessUtil.InvariantExp.process_exp inv in - Queries.NS.fold (fun n acc -> - let fundec = Node.find_fundec n in - match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) - | Some loc -> - let location_function = fundec.svar.vname in - let location = Entry.location ~location:loc ~location_function in - List.fold_left (fun acc inv -> - let invariant = Entry.invariant (CilType.Exp.show inv) in - let entry = Entry.location_invariant ~task ~location ~invariant in - entry :: acc - ) acc invs - | None -> acc - ) (Lazy.force invariant_global_nodes) acc + fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc -> + let invariant = Entry.invariant (CilType.Exp.show inv) in + let entry = Entry.location_invariant ~task ~location ~invariant in + entry :: acc + ) acc | `Lifted _, _ | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc @@ -595,21 +601,11 @@ struct | `Left g -> (* Spec global *) begin match R.ask_global (InvariantGlobal (Obj.repr g)) with | `Lifted inv -> - (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) - let invs = WitnessUtil.InvariantExp.process_exp inv in - Queries.NS.fold (fun n acc -> - let fundec = Node.find_fundec n in - match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) - | Some loc -> - let location_function = fundec.svar.vname in - let location = Entry.location ~location:loc ~location_function in - List.fold_left (fun acc inv -> - let invariant = CilType.Exp.show inv in - let invariant = Entry.location_invariant' ~location ~invariant in - invariant :: acc - ) acc invs - | None -> acc - ) (Lazy.force invariant_global_nodes) acc + fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc -> + let invariant = CilType.Exp.show inv in + let invariant = Entry.location_invariant' ~location ~invariant in + invariant :: acc + ) acc | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end From 8a0240ddb8753ab6e40691c301550c602fe821cb Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 12:08:02 +0200 Subject: [PATCH 125/164] Update ghost witness related TODOs and comments --- src/analyses/apron/relationPriv.apron.ml | 2 +- src/analyses/basePriv.ml | 2 +- src/witness/yamlWitness.ml | 18 ++++++++++-------- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml index abaaa0d9b8..02ebe4d0e6 100644 --- a/src/analyses/apron/relationPriv.apron.ml +++ b/src/analyses/apron/relationPriv.apron.ml @@ -747,7 +747,7 @@ struct else Invariant.none | g -> (* global *) - Invariant.none (* TODO: ? *) + Invariant.none (* Could output unprotected one-variable (so non-relational) invariants, but probably not very useful. [BasePriv] does those anyway. *) end (** May written variables. *) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index 7a67d0e0fc..c46492b7c7 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -891,7 +891,7 @@ struct else if VD.equal (getg (V.protected g')) (getg (V.unprotected g')) then Invariant.none (* don't output protected invariant because it's the same as unprotected *) else ( - let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: this takes protected values of everything *) + let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: This takes protected values of every [g], not just [g'], which might be unsound with pointers. See: https://github.com/goblint/analyzer/pull/1394#discussion_r1698136411. *) (* Very conservative about multiple (write-)protecting mutexes: invariant is not claimed when any of them is held. It should be possible to be more precise because writes only happen with all of them held, but conjunction is unsound when one of the mutexes is temporarily unlocked. diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index b0ffac5852..159892fd20 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -354,11 +354,13 @@ struct let invariant_global_nodes = lazy (R.ask_global InvariantGlobalNodes) in let fold_flow_insensitive_as_location ~inv f acc = - (* TODO: or do at location_invariant loop for each node and query if should also do global invariants there? *) + (* Currently same invariants (from InvariantGlobal query) for all nodes (from InvariantGlobalNodes query). + The alternative would be querying InvariantGlobal per local unknown when looping over them to generate location invariants. + See: https://github.com/goblint/analyzer/pull/1394#discussion_r1698149514. *) let invs = WitnessUtil.InvariantExp.process_exp inv in Queries.NS.fold (fun n acc -> let fundec = Node.find_fundec n in - match WitnessInvariant.location_location n with (* if after thread create node happens to be loop node *) + match WitnessInvariant.location_location n with (* Not just using Node.location because it returns expression location which may be invalid for location invariant (e.g. inside conditional). *) | Some loc -> let location_function = fundec.svar.vname in let location = Entry.location ~location:loc ~location_function in @@ -374,7 +376,7 @@ struct if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type then ( GHT.fold (fun g v acc -> match g with - | `Left g -> (* Spec global *) + | `Left g -> (* global unknown from analysis Spec *) begin match R.ask_global (InvariantGlobal (Obj.repr g)), GobConfig.get_string "witness.invariant.flow_insensitive-as" with | `Lifted inv, "flow_insensitive_invariant" -> let invs = WitnessUtil.InvariantExp.process_exp inv in @@ -393,7 +395,7 @@ struct | `Bot, _ | `Top, _ -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end - | `Right _ -> (* contexts global *) + | `Right _ -> (* global unknown for FromSpec contexts *) acc ) gh entries ) @@ -407,7 +409,7 @@ struct let module EntrySet = Queries.YS in fst @@ GHT.fold (fun g v accs -> match g with - | `Left g -> (* Spec global *) + | `Left g -> (* global unknown from analysis Spec *) begin match R.ask_global (YamlEntryGlobal (Obj.repr g, task)) with | `Lifted _ as inv -> Queries.YS.fold (fun entry (acc, acc') -> @@ -419,7 +421,7 @@ struct | `Top -> accs end - | `Right _ -> (* contexts global *) + | `Right _ -> (* global unknown for FromSpec contexts *) accs ) gh (entries, EntrySet.empty ()) ) @@ -598,7 +600,7 @@ struct if entry_type_enabled YamlWitnessType.FlowInsensitiveInvariant.entry_type && GobConfig.get_string "witness.invariant.flow_insensitive-as" = "invariant_set-location_invariant" then ( GHT.fold (fun g v acc -> match g with - | `Left g -> (* Spec global *) + | `Left g -> (* global unknown from analysis Spec *) begin match R.ask_global (InvariantGlobal (Obj.repr g)) with | `Lifted inv -> fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc -> @@ -609,7 +611,7 @@ struct | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) acc end - | `Right _ -> (* contexts global *) + | `Right _ -> (* global unknown for FromSpec contexts *) acc ) gh invariants ) From aeb2376811f30d6d9b7f814b685d04643ede5190 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 15:31:39 +0200 Subject: [PATCH 126/164] Clean up Z_mlgmpidl usages --- src/cdomains/apron/apronDomain.apron.ml | 2 +- src/cdomains/apron/gobApron.apron.ml | 2 ++ src/cdomains/apron/linearTwoVarEqualityDomain.apron.ml | 2 +- src/cdomains/apron/sharedFunctions.apron.ml | 4 ++-- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/cdomains/apron/apronDomain.apron.ml b/src/cdomains/apron/apronDomain.apron.ml index 03ac3ed3f0..043b728799 100644 --- a/src/cdomains/apron/apronDomain.apron.ml +++ b/src/cdomains/apron/apronDomain.apron.ml @@ -19,7 +19,7 @@ module M = Messages let widening_thresholds_apron = ResettableLazy.from_fun (fun () -> let t = if GobConfig.get_string "ana.apron.threshold_widening_constants" = "comparisons" then WideningThresholds.octagon_thresholds () else WideningThresholds.thresholds_incl_mul2 () in - let r = List.map (fun x -> Apron.Scalar.of_mpqf @@ Mpqf.of_mpz @@ Z_mlgmpidl.mpz_of_z x) t in + let r = List.map Scalar.of_z t in Array.of_list r ) diff --git a/src/cdomains/apron/gobApron.apron.ml b/src/cdomains/apron/gobApron.apron.ml index fbb1fe9ec5..327e43e321 100644 --- a/src/cdomains/apron/gobApron.apron.ml +++ b/src/cdomains/apron/gobApron.apron.ml @@ -12,6 +12,8 @@ struct let pp = pp end ) + + let of_z z = of_mpqf (Mpqf.of_mpz (Z_mlgmpidl.mpz_of_z z)) end module Coeff = diff --git a/src/cdomains/apron/linearTwoVarEqualityDomain.apron.ml b/src/cdomains/apron/linearTwoVarEqualityDomain.apron.ml index c1ca3661a5..6af7030a51 100644 --- a/src/cdomains/apron/linearTwoVarEqualityDomain.apron.ml +++ b/src/cdomains/apron/linearTwoVarEqualityDomain.apron.ml @@ -790,7 +790,7 @@ struct let of_coeff xi coeffs o = let typ = (Option.get @@ V.to_cil_varinfo xi).vtype in let ikind = Cilfacade.get_ikind typ in - let cst = Coeff.s_of_mpqf @@ Mpqf.of_mpz (Z_mlgmpidl.mpz_of_z @@ IntDomain.Size.cast ikind o) in + let cst = Coeff.s_of_z (IntDomain.Size.cast ikind o) in let lincons = Lincons1.make (Linexpr1.make t.env) Lincons1.EQ in Lincons1.set_list lincons coeffs (Some cst); lincons diff --git a/src/cdomains/apron/sharedFunctions.apron.ml b/src/cdomains/apron/sharedFunctions.apron.ml index 86b5f2770f..b9d93bfd99 100644 --- a/src/cdomains/apron/sharedFunctions.apron.ml +++ b/src/cdomains/apron/sharedFunctions.apron.ml @@ -133,7 +133,7 @@ struct else failwith "texpr1_expr_of_cil_exp: globals must be replaced with temporary locals" | Const (CInt (i, _, _)) -> - Cst (Coeff.s_of_mpqf (Mpqf.of_mpz (Z_mlgmpidl.mpz_of_z i))) + Cst (Coeff.s_of_z i) | exp -> match Cilfacade.get_ikind_exp exp with | ik -> @@ -175,7 +175,7 @@ struct (* convert response to a constant *) let const = IntDomain.IntDomTuple.to_int @@ IntDomain.IntDomTuple.cast_to t_ik res in match const with - | Some c -> Cst (Coeff.s_of_mpqf (Mpqf.of_mpz (Z_mlgmpidl.mpz_of_z c))) (* Got a constant value -> use it straight away *) + | Some c -> Cst (Coeff.s_of_z c) (* Got a constant value -> use it straight away *) (* I gotten top, we can not guarantee injectivity *) | None -> if IntDomain.IntDomTuple.is_top_of t_ik res then raise (Unsupported_CilExp (Cast_not_injective t)) else ( (* Got a ranged value different from top, so let's check bounds manually *) From 64c11c2748d2981346d909392423fde938c8ca8c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 16:10:36 +0200 Subject: [PATCH 127/164] Add test 56-witness/69-ghost-ptr-protection for unsound protection flow-sensitive invariant --- .../56-witness/69-ghost-ptr-protection.c | 30 ++++++ .../56-witness/69-ghost-ptr-protection.t | 101 ++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 tests/regression/56-witness/69-ghost-ptr-protection.c create mode 100644 tests/regression/56-witness/69-ghost-ptr-protection.t diff --git a/tests/regression/56-witness/69-ghost-ptr-protection.c b/tests/regression/56-witness/69-ghost-ptr-protection.c new file mode 100644 index 0000000000..f5557f3fc8 --- /dev/null +++ b/tests/regression/56-witness/69-ghost-ptr-protection.c @@ -0,0 +1,30 @@ +// PARAM: --set ana.activated[+] mutexGhosts +// CRAM +#include +#include + +int g = 0; +int *p = &g; +pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER; +pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER; + +void *t_fun(void *arg) { + int x = 10; + pthread_mutex_lock(&m2); + p = &x; + p = &g; + pthread_mutex_unlock(&m2); + return NULL; +} + +int main() { + pthread_t id; + pthread_create(&id, NULL, t_fun, NULL); + pthread_mutex_lock(&m1); + g = 1; + // m2_locked || (p == & g && *p == 0) would be violated here + __goblint_check(*p != 0); // 1 from g or 10 from x in t_fun + g = 0; + pthread_mutex_unlock(&m1); + return 0; +} diff --git a/tests/regression/56-witness/69-ghost-ptr-protection.t b/tests/regression/56-witness/69-ghost-ptr-protection.t new file mode 100644 index 0000000000..03481a7ce1 --- /dev/null +++ b/tests/regression/56-witness/69-ghost-ptr-protection.t @@ -0,0 +1,101 @@ + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 69-ghost-ptr-protection.c + [Success][Assert] Assertion "*p != 0" will succeed (69-ghost-ptr-protection.c:26:3-26:27) + [Info][Deadcode] Logical lines of code (LLoC) summary: + live: 15 + dead: 0 + total lines: 15 + [Warning][Race] Memory location p (race with conf. 110): (69-ghost-ptr-protection.c:7:5-7:12) + write with [lock:{m2}, thread:[main, t_fun@69-ghost-ptr-protection.c:22:3-22:40]] (conf. 110) (exp: & p) (69-ghost-ptr-protection.c:14:3-14:9) + write with [lock:{m2}, thread:[main, t_fun@69-ghost-ptr-protection.c:22:3-22:40]] (conf. 110) (exp: & p) (69-ghost-ptr-protection.c:15:3-15:9) + read with [mhp:{created={[main, t_fun@69-ghost-ptr-protection.c:22:3-22:40]}}, lock:{m1}, thread:[main]] (conf. 110) (exp: & p) (69-ghost-ptr-protection.c:26:3-26:27) + [Info][Witness] witness generation summary: + total generation entries: 12 + [Info][Race] Memory locations race summary: + safe: 2 + vulnerable: 0 + unsafe: 1 + total memory locations: 3 + +TODO: Should not contain unsound flow-insensitive invariant m2_locked || (p == & g && *p == 0): + + $ yamlWitnessStrip < witness.yml + - entry_type: ghost_update + variable: multithreaded + expression: "1" + location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: main + - entry_type: ghost_update + variable: m2_locked + expression: "1" + location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m2_locked + expression: "0" + location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 16 + column: 3 + function: t_fun + - entry_type: ghost_update + variable: m1_locked + expression: "1" + location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + - entry_type: ghost_update + variable: m1_locked + expression: "0" + location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + - entry_type: ghost_variable + variable: multithreaded + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m2_locked + scope: global + type: int + initial: "0" + - entry_type: ghost_variable + variable: m1_locked + scope: global + type: int + initial: "0" + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m2_locked || (p == & g && *p == 0))' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (m1_locked || g == 0)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (0 <= g && g <= 1)' + type: assertion + format: C + - entry_type: flow_insensitive_invariant + flow_insensitive_invariant: + string: '! multithreaded || (*p == 10 || ((0 <= *p && *p <= 1) && p == & g))' + type: assertion + format: C From b4734c31753b328b74283f9f82351fd6e09979c9 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 16:22:33 +0200 Subject: [PATCH 128/164] Fix unsound ghost witness invariant in 56-witness/69-ghost-ptr-protection --- src/analyses/basePriv.ml | 5 ++++- tests/regression/56-witness/69-ghost-ptr-protection.t | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/analyses/basePriv.ml b/src/analyses/basePriv.ml index b7e32ceb94..3afd758daa 100644 --- a/src/analyses/basePriv.ml +++ b/src/analyses/basePriv.ml @@ -891,7 +891,10 @@ struct else if VD.equal (getg (V.protected g')) (getg (V.unprotected g')) then Invariant.none (* don't output protected invariant because it's the same as unprotected *) else ( - let inv = ValueDomain.invariant_global (fun g -> getg (V.protected g)) g' in (* TODO: This takes protected values of every [g], not just [g'], which might be unsound with pointers. See: https://github.com/goblint/analyzer/pull/1394#discussion_r1698136411. *) + (* Only read g' as protected, everything else (e.g. pointed to variables) may be unprotected. + See 56-witness/69-ghost-ptr-protection and https://github.com/goblint/analyzer/pull/1394#discussion_r1698136411. *) + let read_global g = getg (if CilType.Varinfo.equal g g' then V.protected g else V.unprotected g) in + let inv = ValueDomain.invariant_global read_global g' in (* Very conservative about multiple (write-)protecting mutexes: invariant is not claimed when any of them is held. It should be possible to be more precise because writes only happen with all of them held, but conjunction is unsound when one of the mutexes is temporarily unlocked. diff --git a/tests/regression/56-witness/69-ghost-ptr-protection.t b/tests/regression/56-witness/69-ghost-ptr-protection.t index 03481a7ce1..698f643385 100644 --- a/tests/regression/56-witness/69-ghost-ptr-protection.t +++ b/tests/regression/56-witness/69-ghost-ptr-protection.t @@ -16,7 +16,7 @@ unsafe: 1 total memory locations: 3 -TODO: Should not contain unsound flow-insensitive invariant m2_locked || (p == & g && *p == 0): +Should not contain unsound flow-insensitive invariant m2_locked || (p == & g && *p == 0): $ yamlWitnessStrip < witness.yml - entry_type: ghost_update @@ -81,7 +81,7 @@ TODO: Should not contain unsound flow-insensitive invariant m2_locked || (p == & initial: "0" - entry_type: flow_insensitive_invariant flow_insensitive_invariant: - string: '! multithreaded || (m2_locked || (p == & g && *p == 0))' + string: '! multithreaded || (m2_locked || ((0 <= *p && *p <= 1) && p == & g))' type: assertion format: C - entry_type: flow_insensitive_invariant From d2e71cbbf773205abb600fc15cf07ba712a2e6eb Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 16:58:43 +0200 Subject: [PATCH 129/164] Change ghost witness tests to use ghost_instrumentation --- .../regression/13-privatized/04-priv_multi.t | 298 +++---- tests/regression/13-privatized/25-struct_nr.t | 125 +-- tests/regression/13-privatized/74-mutex.t | 258 +++--- tests/regression/13-privatized/92-idx_priv.t | 66 +- tests/regression/29-svcomp/16-atomic_priv.t | 76 +- .../regression/36-apron/12-traces-min-rpb1.t | 163 ++-- .../56-witness/64-ghost-multiple-protecting.t | 750 ++++++++++-------- .../56-witness/65-ghost-ambiguous-lock.t | 94 ++- .../56-witness/66-ghost-alloc-lock.t | 212 ++--- .../56-witness/67-ghost-no-unlock.t | 106 +-- .../56-witness/68-ghost-ambiguous-idx.t | 66 +- .../56-witness/69-ghost-ptr-protection.t | 136 ++-- 12 files changed, 1325 insertions(+), 1025 deletions(-) diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index fd0dad6a39..3ea9b385fc 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: @@ -16,7 +16,7 @@ [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:45:10-45:11) [Warning][Deadcode][CWE-571] condition 'B > 0' is always true (04-priv_multi.c:47:9-47:14) [Info][Witness] witness generation summary: - total generation entries: 19 + total generation entries: 4 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -24,138 +24,158 @@ total memory locations: 2 $ yamlWitnessStrip < witness.yml | tee witness.flow_insensitive.yml - - entry_type: ghost_update - variable: mutex_B_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 69 - column: 5 - function: main - - entry_type: ghost_update - variable: mutex_B_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 46 - column: 5 - function: dispose - - entry_type: ghost_update - variable: mutex_B_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 29 - column: 7 - function: process - - entry_type: ghost_update - variable: mutex_B_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 73 - column: 5 - function: main - - entry_type: ghost_update - variable: mutex_B_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 49 - column: 7 - function: dispose - - entry_type: ghost_update - variable: mutex_B_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 32 - column: 7 - function: process - - entry_type: ghost_update - variable: mutex_A_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 68 - column: 5 - function: main - - entry_type: ghost_update - variable: mutex_A_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 26 - column: 5 - function: process - - entry_type: ghost_update - variable: mutex_A_locked - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 15 - column: 5 - function: generate - - entry_type: ghost_update - variable: mutex_A_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 74 - column: 5 - function: main - - entry_type: ghost_update - variable: mutex_A_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 34 - column: 7 - function: process - - entry_type: ghost_update - variable: mutex_A_locked - expression: "0" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 18 - column: 5 - function: generate - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 04-priv_multi.c - file_hash: $FILE_HASH - line: 63 - column: 3 - function: main - - entry_type: ghost_variable - variable: mutex_B_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: mutex_A_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: mutex_A_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: mutex_B_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 15 + column: 5 + function: generate + updates: + - variable: mutex_A_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 18 + column: 5 + function: generate + updates: + - variable: mutex_A_locked + value: "0" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 26 + column: 5 + function: process + updates: + - variable: mutex_A_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 29 + column: 7 + function: process + updates: + - variable: mutex_B_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 32 + column: 7 + function: process + updates: + - variable: mutex_B_locked + value: "0" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 34 + column: 7 + function: process + updates: + - variable: mutex_A_locked + value: "0" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 46 + column: 5 + function: dispose + updates: + - variable: mutex_B_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 49 + column: 7 + function: dispose + updates: + - variable: mutex_B_locked + value: "0" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 63 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 68 + column: 5 + function: main + updates: + - variable: mutex_A_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 69 + column: 5 + function: main + updates: + - variable: mutex_B_locked + value: "1" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 73 + column: 5 + function: main + updates: + - variable: mutex_B_locked + value: "0" + format: c_expression + - location: + file_name: 04-priv_multi.c + file_hash: $FILE_HASH + line: 74 + column: 5 + function: main + updates: + - variable: mutex_A_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (mutex_B_locked || (mutex_A_locked || B == 5))' @@ -174,7 +194,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --set witness.invariant.flow_insensitive-as location_invariant 04-priv_multi.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' --set witness.invariant.flow_insensitive-as location_invariant 04-priv_multi.c [Success][Assert] Assertion "p == 5" will succeed (04-priv_multi.c:50:7-50:30) [Success][Assert] Assertion "A == B" will succeed (04-priv_multi.c:71:5-71:28) [Warning][Deadcode] Function 'dispose' has dead code: @@ -192,7 +212,7 @@ Flow-insensitive invariants as location invariants. [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:45:10-45:11) [Warning][Deadcode][CWE-571] condition 'B > 0' is always true (04-priv_multi.c:47:9-47:14) [Info][Witness] witness generation summary: - total generation entries: 25 + total generation entries: 10 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -204,7 +224,7 @@ Flow-insensitive invariants as location invariants. Location invariant at `for` loop in `main` should be on column 3, not 7. $ diff witness.flow_insensitive.yml witness.location.yml - 133,134c133,140 + 153,154c153,160 < - entry_type: flow_insensitive_invariant < flow_insensitive_invariant: --- @@ -216,7 +236,7 @@ Location invariant at `for` loop in `main` should be on column 3, not 7. > column: 3 > function: main > location_invariant: - 138,139c144,151 + 158,159c164,171 < - entry_type: flow_insensitive_invariant < flow_insensitive_invariant: --- @@ -228,7 +248,7 @@ Location invariant at `for` loop in `main` should be on column 3, not 7. > column: 3 > function: main > location_invariant: - 143,144c155,228 + 163,164c175,248 < - entry_type: flow_insensitive_invariant < flow_insensitive_invariant: --- diff --git a/tests/regression/13-privatized/25-struct_nr.t b/tests/regression/13-privatized/25-struct_nr.t index 88f205a431..59ed9960f2 100644 --- a/tests/regression/13-privatized/25-struct_nr.t +++ b/tests/regression/13-privatized/25-struct_nr.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 25-struct_nr.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 25-struct_nr.c [Success][Assert] Assertion "glob1 == 5" will succeed (25-struct_nr.c:26:3-26:30) [Success][Assert] Assertion "t == 5" will succeed (25-struct_nr.c:16:3-16:26) [Success][Assert] Assertion "glob1 == -10" will succeed (25-struct_nr.c:18:3-18:32) @@ -8,7 +8,7 @@ dead: 0 total lines: 19 [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -16,61 +16,72 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 25-struct_nr.c - file_hash: $FILE_HASH - line: 27 - column: 3 - function: main - - entry_type: ghost_update - variable: lock1_mutex_locked - expression: "1" - location: - file_name: 25-struct_nr.c - file_hash: $FILE_HASH - line: 28 - column: 3 - function: main - - entry_type: ghost_update - variable: lock1_mutex_locked - expression: "1" - location: - file_name: 25-struct_nr.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: lock1_mutex_locked - expression: "0" - location: - file_name: 25-struct_nr.c - file_hash: $FILE_HASH - line: 32 - column: 3 - function: main - - entry_type: ghost_update - variable: lock1_mutex_locked - expression: "0" - location: - file_name: 25-struct_nr.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: lock1_mutex_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: lock1_mutex_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: + - variable: lock1_mutex_locked + value: "1" + format: c_expression + - location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: t_fun + updates: + - variable: lock1_mutex_locked + value: "0" + format: c_expression + - location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 27 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + updates: + - variable: lock1_mutex_locked + value: "1" + format: c_expression + - location: + file_name: 25-struct_nr.c + file_hash: $FILE_HASH + line: 32 + column: 3 + function: main + updates: + - variable: lock1_mutex_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (lock1_mutex_locked || glob1 == 5)' diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 8a1a7fee5f..1c1f0c12be 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -8,7 +8,7 @@ total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -16,61 +16,72 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml | tee witness.flow_insensitive.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 34 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 36 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 20 - column: 5 - function: producer - - entry_type: ghost_update - variable: m_locked - expression: "0" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 38 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "0" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 23 - column: 5 - function: producer - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 5 + function: producer + updates: + - variable: m_locked + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 5 + function: producer + updates: + - variable: m_locked + value: "0" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + updates: + - variable: m_locked + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 3 + function: main + updates: + - variable: m_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m_locked || used == 0)' @@ -84,7 +95,7 @@ Flow-insensitive invariants as location invariants. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' --set witness.invariant.flow_insensitive-as location_invariant 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' --set witness.invariant.flow_insensitive-as location_invariant 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -94,7 +105,7 @@ Flow-insensitive invariants as location invariants. total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -104,7 +115,7 @@ Flow-insensitive invariants as location invariants. $ yamlWitnessStrip < witness.yml > witness.location.yml $ diff witness.flow_insensitive.yml witness.location.yml - 56,57c56,63 + 67,68c67,74 < - entry_type: flow_insensitive_invariant < flow_insensitive_invariant: --- @@ -116,7 +127,7 @@ Flow-insensitive invariants as location invariants. > column: 3 > function: main > location_invariant: - 61,62c67,74 + 72,73c78,85 < - entry_type: flow_insensitive_invariant < flow_insensitive_invariant: --- @@ -259,7 +270,7 @@ Same with ghost_instrumentation and invariant_set entries. Same with mutex-meet. - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 74-mutex.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 74-mutex.c [Success][Assert] Assertion "used == 0" will succeed (74-mutex.c:37:3-37:29) [Warning][Deadcode] Function 'producer' has dead code: on line 26 (74-mutex.c:26-26) @@ -269,7 +280,7 @@ Same with mutex-meet. total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - total generation entries: 9 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -277,61 +288,72 @@ Same with mutex-meet. total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 34 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 36 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "1" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 20 - column: 5 - function: producer - - entry_type: ghost_update - variable: m_locked - expression: "0" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 38 - column: 3 - function: main - - entry_type: ghost_update - variable: m_locked - expression: "0" - location: - file_name: 74-mutex.c - file_hash: $FILE_HASH - line: 23 - column: 5 - function: producer - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 20 + column: 5 + function: producer + updates: + - variable: m_locked + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 23 + column: 5 + function: producer + updates: + - variable: m_locked + value: "0" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 34 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 36 + column: 3 + function: main + updates: + - variable: m_locked + value: "1" + format: c_expression + - location: + file_name: 74-mutex.c + file_hash: $FILE_HASH + line: 38 + column: 3 + function: main + updates: + - variable: m_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m_locked || used == 0)' diff --git a/tests/regression/13-privatized/92-idx_priv.t b/tests/regression/13-privatized/92-idx_priv.t index b157dfed4b..4783f65092 100644 --- a/tests/regression/13-privatized/92-idx_priv.t +++ b/tests/regression/13-privatized/92-idx_priv.t @@ -1,11 +1,11 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 92-idx_priv.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 92-idx_priv.c [Success][Assert] Assertion "data == 0" will succeed (92-idx_priv.c:22:3-22:29) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 14 dead: 0 total lines: 14 [Info][Witness] witness generation summary: - total generation entries: 3 + total generation entries: 2 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -13,20 +13,54 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 92-idx_priv.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 92-idx_priv.c + file_hash: $FILE_HASH + line: 8 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 92-idx_priv.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 92-idx_priv.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 92-idx_priv.c + file_hash: $FILE_HASH + line: 21 + column: 3 + function: main + updates: [] + - location: + file_name: 92-idx_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' diff --git a/tests/regression/29-svcomp/16-atomic_priv.t b/tests/regression/29-svcomp/16-atomic_priv.t index eea47295d5..92afedcd27 100644 --- a/tests/regression/29-svcomp/16-atomic_priv.t +++ b/tests/regression/29-svcomp/16-atomic_priv.t @@ -1,4 +1,4 @@ - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection-atomic --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) @@ -13,7 +13,7 @@ write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) [Info][Witness] witness generation summary: - total generation entries: 3 + total generation entries: 2 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -21,20 +21,26 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || myglobal == 5' @@ -43,7 +49,7 @@ Non-atomic privatization: - $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 16-atomic_priv.c + $ goblint --enable ana.sv-comp.functions --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 16-atomic_priv.c [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:12:3-12:33) [Success][Assert] Assertion "myglobal == 6" will succeed (16-atomic_priv.c:14:3-14:33) [Success][Assert] Assertion "myglobal == 5" will succeed (16-atomic_priv.c:16:3-16:33) @@ -58,7 +64,7 @@ Non-atomic privatization: write with [lock:{[__VERIFIER_atomic]}, thread:[main, t_fun@16-atomic_priv.c:23:3-23:40]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:15:3-15:13) read with [mhp:{created={[main, t_fun@16-atomic_priv.c:23:3-23:40]}}, thread:[main]] (conf. 110) (exp: & myglobal) (16-atomic_priv.c:24:3-24:33) [Info][Witness] witness generation summary: - total generation entries: 4 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -66,20 +72,26 @@ Non-atomic privatization: total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 16-atomic_priv.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 16-atomic_priv.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || myglobal == 5' diff --git a/tests/regression/36-apron/12-traces-min-rpb1.t b/tests/regression/36-apron/12-traces-min-rpb1.t index 8201b2f8f9..c0ae5c118e 100644 --- a/tests/regression/36-apron/12-traces-min-rpb1.t +++ b/tests/regression/36-apron/12-traces-min-rpb1.t @@ -56,7 +56,7 @@ format: C - $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box + $ goblint --enable warn.deterministic --set ana.activated[+] apron --set ana.path_sens[+] threadflag --enable ana.sv-comp.functions --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 12-traces-min-rpb1.c --enable ana.apron.invariant.diff-box [Warning][Assert] Assertion "g == h" is unknown. (12-traces-min-rpb1.c:27:3-27:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:16:3-16:26) [Success][Assert] Assertion "g == h" will succeed (12-traces-min-rpb1.c:29:3-29:26) @@ -76,82 +76,95 @@ dead: 0 total lines: 18 [Info][Witness] witness generation summary: - total generation entries: 10 + total generation entries: 2 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 25 - column: 3 - function: main - - entry_type: ghost_update - variable: A_locked - expression: "1" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 28 - column: 3 - function: main - - entry_type: ghost_update - variable: A_locked - expression: "1" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 18 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: A_locked - expression: "1" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: A_locked - expression: "0" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 30 - column: 3 - function: main - - entry_type: ghost_update - variable: A_locked - expression: "0" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 19 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: A_locked - expression: "0" - location: - file_name: 12-traces-min-rpb1.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: A_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: A_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: A_locked + value: "1" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: + - variable: A_locked + value: "0" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 18 + column: 3 + function: t_fun + updates: + - variable: A_locked + value: "1" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 19 + column: 3 + function: t_fun + updates: + - variable: A_locked + value: "0" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + updates: + - variable: A_locked + value: "1" + format: c_expression + - location: + file_name: 12-traces-min-rpb1.c + file_hash: $FILE_HASH + line: 30 + column: 3 + function: main + updates: + - variable: A_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (A_locked || ((0LL - (long long )g) + (long long )h diff --git a/tests/regression/56-witness/64-ghost-multiple-protecting.t b/tests/regression/56-witness/64-ghost-multiple-protecting.t index e78d0d75aa..73863eecac 100644 --- a/tests/regression/56-witness/64-ghost-multiple-protecting.t +++ b/tests/regression/56-witness/64-ghost-multiple-protecting.t @@ -1,10 +1,10 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 total lines: 19 [Info][Witness] witness generation summary: - total generation entries: 17 + total generation entries: 4 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -14,120 +14,138 @@ protection doesn't have precise protected invariant for g2. $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 29 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 19 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 16 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 9 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m2_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m1_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: m2_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 29 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m2_locked || (m1_locked || g1 == 0))' @@ -144,13 +162,13 @@ protection doesn't have precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization protection-read --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 total lines: 19 [Info][Witness] witness generation summary: - total generation entries: 18 + total generation entries: 5 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -160,120 +178,138 @@ protection doesn't have precise protected invariant for g2. protection-read has precise protected invariant for g2. $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 29 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 19 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 16 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 9 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m2_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m1_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: m2_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 29 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m2_locked || (m1_locked || g2 == 0))' @@ -295,13 +331,13 @@ protection-read has precise protected invariant for g2. type: assertion format: C - $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 64-ghost-multiple-protecting.c + $ goblint --set ana.base.privatization mutex-meet --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 64-ghost-multiple-protecting.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 19 dead: 0 total lines: 19 [Info][Witness] witness generation summary: - total generation entries: 18 + total generation entries: 5 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -309,120 +345,138 @@ protection-read has precise protected invariant for g2. total memory locations: 2 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 29 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 19 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 16 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 9 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 64-ghost-multiple-protecting.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m2_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m1_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: m2_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 9 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 16 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 19 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 64-ghost-multiple-protecting.c + file_hash: $FILE_HASH + line: 29 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m2_locked || ((0 <= g2 && g2 <= 1) && g1 == 0))' diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t index a6e0c12b74..8115bb2921 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.t +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -1,10 +1,10 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 65-ghost-ambiguous-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 65-ghost-ambiguous-lock.c [Info][Deadcode] Logical lines of code (LLoC) summary: live: 23 dead: 0 total lines: 23 [Info][Witness] witness generation summary: - total generation entries: 4 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -12,20 +12,82 @@ total memory locations: 2 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 29 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 24 + column: 3 + function: fun + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 29 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 35 + column: 3 + function: main + updates: [] + - location: + file_name: 65-ghost-ambiguous-lock.c + file_hash: $FILE_HASH + line: 37 + column: 3 + function: main + updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= g2 && g2 <= 1)' diff --git a/tests/regression/56-witness/66-ghost-alloc-lock.t b/tests/regression/56-witness/66-ghost-alloc-lock.t index 8e45272538..844c1e6c15 100644 --- a/tests/regression/56-witness/66-ghost-alloc-lock.t +++ b/tests/regression/56-witness/66-ghost-alloc-lock.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 66-ghost-alloc-lock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set ana.malloc.unique_address_count 1 --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 66-ghost-alloc-lock.c [Success][Assert] Assertion "g1 == 0" will succeed (66-ghost-alloc-lock.c:31:3-31:27) [Success][Assert] Assertion "g2 == 0" will succeed (66-ghost-alloc-lock.c:34:3-34:27) [Info][Deadcode] Logical lines of code (LLoC) summary: @@ -6,7 +6,7 @@ dead: 0 total lines: 23 [Info][Witness] witness generation summary: - total generation entries: 16 + total generation entries: 5 [Info][Race] Memory locations race summary: safe: 4 vulnerable: 0 @@ -14,102 +14,118 @@ total memory locations: 4 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 28 - column: 3 - function: main - - entry_type: ghost_update - variable: alloc_m861095507_locked - expression: "1" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 33 - column: 3 - function: main - - entry_type: ghost_update - variable: alloc_m861095507_locked - expression: "1" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: alloc_m861095507_locked - expression: "0" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 35 - column: 3 - function: main - - entry_type: ghost_update - variable: alloc_m861095507_locked - expression: "0" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: alloc_m559918035_locked - expression: "1" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 30 - column: 3 - function: main - - entry_type: ghost_update - variable: alloc_m559918035_locked - expression: "1" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: alloc_m559918035_locked - expression: "0" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 32 - column: 3 - function: main - - entry_type: ghost_update - variable: alloc_m559918035_locked - expression: "0" - location: - file_name: 66-ghost-alloc-lock.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: alloc_m861095507_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: alloc_m559918035_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: alloc_m559918035_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: alloc_m861095507_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 10 + column: 3 + function: t_fun + updates: + - variable: alloc_m559918035_locked + value: "1" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: alloc_m559918035_locked + value: "0" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 14 + column: 3 + function: t_fun + updates: + - variable: alloc_m861095507_locked + value: "1" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 17 + column: 3 + function: t_fun + updates: + - variable: alloc_m861095507_locked + value: "0" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 30 + column: 3 + function: main + updates: + - variable: alloc_m559918035_locked + value: "1" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 32 + column: 3 + function: main + updates: + - variable: alloc_m559918035_locked + value: "0" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 33 + column: 3 + function: main + updates: + - variable: alloc_m861095507_locked + value: "1" + format: c_expression + - location: + file_name: 66-ghost-alloc-lock.c + file_hash: $FILE_HASH + line: 35 + column: 3 + function: main + updates: + - variable: alloc_m861095507_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (alloc_m861095507_locked || g2 == 0)' diff --git a/tests/regression/56-witness/67-ghost-no-unlock.t b/tests/regression/56-witness/67-ghost-no-unlock.t index 85b7a0b897..264d592366 100644 --- a/tests/regression/56-witness/67-ghost-no-unlock.t +++ b/tests/regression/56-witness/67-ghost-no-unlock.t @@ -1,11 +1,11 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 67-ghost-no-unlock.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 67-ghost-no-unlock.c [Success][Assert] Assertion "g1 == 0" will succeed (67-ghost-no-unlock.c:24:3-24:27) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 11 dead: 0 total lines: 11 [Info][Witness] witness generation summary: - total generation entries: 8 + total generation entries: 3 [Info][Race] Memory locations race summary: safe: 1 vulnerable: 0 @@ -13,52 +13,62 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 67-ghost-no-unlock.c - file_hash: $FILE_HASH - line: 21 - column: 3 - function: main - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 67-ghost-no-unlock.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 67-ghost-no-unlock.c - file_hash: $FILE_HASH - line: 9 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 67-ghost-no-unlock.c - file_hash: $FILE_HASH - line: 12 - column: 3 - function: t_fun - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m1_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 9 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 12 + column: 3 + function: t_fun + updates: + - variable: m1_locked + value: "0" + format: c_expression + - location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 21 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 67-ghost-no-unlock.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: + - variable: m1_locked + value: "1" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m1_locked || g1 == 0)' diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t index 02cecfd8f6..a8f2a0226a 100644 --- a/tests/regression/56-witness/68-ghost-ambiguous-idx.t +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 68-ghost-ambiguous-idx.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 68-ghost-ambiguous-idx.c [Warning][Assert] Assertion "data == 0" is unknown. (68-ghost-ambiguous-idx.c:24:3-24:29) [Warning][Unknown] unlocking mutex (m[4]) which may not be held (68-ghost-ambiguous-idx.c:25:3-25:30) [Info][Deadcode] Logical lines of code (LLoC) summary: @@ -10,7 +10,7 @@ write with [lock:{m[4]}, thread:[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:10:3-10:9) read with [mhp:{created={[main, t_fun@68-ghost-ambiguous-idx.c:20:3-20:40]}}, thread:[main]] (conf. 110) (exp: & data) (68-ghost-ambiguous-idx.c:24:3-24:29) [Info][Witness] witness generation summary: - total generation entries: 3 + total generation entries: 2 [Info][Race] Memory locations race summary: safe: 0 vulnerable: 0 @@ -18,20 +18,54 @@ total memory locations: 1 $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 20 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 8 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 11 + column: 3 + function: t_fun + updates: [] + - location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 20 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: [] + - location: + file_name: 68-ghost-ambiguous-idx.c + file_hash: $FILE_HASH + line: 25 + column: 3 + function: main + updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' diff --git a/tests/regression/56-witness/69-ghost-ptr-protection.t b/tests/regression/56-witness/69-ghost-ptr-protection.t index 698f643385..0b28f22b0f 100644 --- a/tests/regression/56-witness/69-ghost-ptr-protection.t +++ b/tests/regression/56-witness/69-ghost-ptr-protection.t @@ -1,4 +1,4 @@ - $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_variable", "ghost_update"]' 69-ghost-ptr-protection.c + $ goblint --set ana.base.privatization protection --enable witness.yaml.enabled --set ana.activated[+] mutexGhosts --set witness.yaml.entry-types '["flow_insensitive_invariant", "ghost_instrumentation"]' 69-ghost-ptr-protection.c [Success][Assert] Assertion "*p != 0" will succeed (69-ghost-ptr-protection.c:26:3-26:27) [Info][Deadcode] Logical lines of code (LLoC) summary: live: 15 @@ -9,7 +9,7 @@ write with [lock:{m2}, thread:[main, t_fun@69-ghost-ptr-protection.c:22:3-22:40]] (conf. 110) (exp: & p) (69-ghost-ptr-protection.c:15:3-15:9) read with [mhp:{created={[main, t_fun@69-ghost-ptr-protection.c:22:3-22:40]}}, lock:{m1}, thread:[main]] (conf. 110) (exp: & p) (69-ghost-ptr-protection.c:26:3-26:27) [Info][Witness] witness generation summary: - total generation entries: 12 + total generation entries: 5 [Info][Race] Memory locations race summary: safe: 2 vulnerable: 0 @@ -19,66 +19,78 @@ Should not contain unsound flow-insensitive invariant m2_locked || (p == & g && *p == 0): $ yamlWitnessStrip < witness.yml - - entry_type: ghost_update - variable: multithreaded - expression: "1" - location: - file_name: 69-ghost-ptr-protection.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: main - - entry_type: ghost_update - variable: m2_locked - expression: "1" - location: - file_name: 69-ghost-ptr-protection.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m2_locked - expression: "0" - location: - file_name: 69-ghost-ptr-protection.c - file_hash: $FILE_HASH - line: 16 - column: 3 - function: t_fun - - entry_type: ghost_update - variable: m1_locked - expression: "1" - location: - file_name: 69-ghost-ptr-protection.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - - entry_type: ghost_update - variable: m1_locked - expression: "0" - location: - file_name: 69-ghost-ptr-protection.c - file_hash: $FILE_HASH - line: 28 - column: 3 - function: main - - entry_type: ghost_variable - variable: multithreaded - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m2_locked - scope: global - type: int - initial: "0" - - entry_type: ghost_variable - variable: m1_locked - scope: global - type: int - initial: "0" + - entry_type: ghost_instrumentation + content: + ghost_variables: + - name: m1_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: m2_locked + scope: global + type: int + initial: + value: "0" + format: c_expression + - name: multithreaded + scope: global + type: int + initial: + value: "0" + format: c_expression + ghost_updates: + - location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 13 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "1" + format: c_expression + - location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 16 + column: 3 + function: t_fun + updates: + - variable: m2_locked + value: "0" + format: c_expression + - location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 22 + column: 3 + function: main + updates: + - variable: multithreaded + value: "1" + format: c_expression + - location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 23 + column: 3 + function: main + updates: + - variable: m1_locked + value: "1" + format: c_expression + - location: + file_name: 69-ghost-ptr-protection.c + file_hash: $FILE_HASH + line: 28 + column: 3 + function: main + updates: + - variable: m1_locked + value: "0" + format: c_expression - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (m2_locked || ((0 <= *p && *p <= 1) && p == & g))' From 554bd7f72e8cac3cc226976ad6f26bc434fd38d5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 17:01:40 +0200 Subject: [PATCH 130/164] Avoid empty ghost_instrumentation location updates --- src/analyses/mutexGhosts.ml | 7 ++- tests/regression/13-privatized/92-idx_priv.t | 28 ---------- .../56-witness/65-ghost-ambiguous-lock.t | 56 ------------------- .../56-witness/68-ghost-ambiguous-idx.t | 28 ---------- 4 files changed, 5 insertions(+), 114 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 6542ab3607..6ed0da4d4c 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -218,8 +218,11 @@ struct else (variables', updates) in - let location_update = WitnessGhost.location_update' ~node ~updates in - (variables', location_update :: location_updates) + match updates with + | [] -> (variables', location_updates) (* don't add location_update with no updates *) + | _ -> + let location_update = WitnessGhost.location_update' ~node ~updates in + (variables', location_update :: location_updates) ) nodes (VariableSet.empty, []) in let entry = WitnessGhost.instrumentation_entry ~task ~variables:(VariableSet.elements variables) ~location_updates in diff --git a/tests/regression/13-privatized/92-idx_priv.t b/tests/regression/13-privatized/92-idx_priv.t index 4783f65092..261108cf2f 100644 --- a/tests/regression/13-privatized/92-idx_priv.t +++ b/tests/regression/13-privatized/92-idx_priv.t @@ -23,20 +23,6 @@ value: "0" format: c_expression ghost_updates: - - location: - file_name: 92-idx_priv.c - file_hash: $FILE_HASH - line: 8 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 92-idx_priv.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - updates: [] - location: file_name: 92-idx_priv.c file_hash: $FILE_HASH @@ -47,20 +33,6 @@ - variable: multithreaded value: "1" format: c_expression - - location: - file_name: 92-idx_priv.c - file_hash: $FILE_HASH - line: 21 - column: 3 - function: main - updates: [] - - location: - file_name: 92-idx_priv.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' diff --git a/tests/regression/56-witness/65-ghost-ambiguous-lock.t b/tests/regression/56-witness/65-ghost-ambiguous-lock.t index 8115bb2921..2771ec5c50 100644 --- a/tests/regression/56-witness/65-ghost-ambiguous-lock.t +++ b/tests/regression/56-witness/65-ghost-ambiguous-lock.t @@ -22,48 +22,6 @@ value: "0" format: c_expression ghost_updates: - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 10 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 13 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 14 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 17 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 22 - column: 3 - function: fun - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 24 - column: 3 - function: fun - updates: [] - location: file_name: 65-ghost-ambiguous-lock.c file_hash: $FILE_HASH @@ -74,20 +32,6 @@ - variable: multithreaded value: "1" format: c_expression - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 35 - column: 3 - function: main - updates: [] - - location: - file_name: 65-ghost-ambiguous-lock.c - file_hash: $FILE_HASH - line: 37 - column: 3 - function: main - updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= g2 && g2 <= 1)' diff --git a/tests/regression/56-witness/68-ghost-ambiguous-idx.t b/tests/regression/56-witness/68-ghost-ambiguous-idx.t index a8f2a0226a..e45399e005 100644 --- a/tests/regression/56-witness/68-ghost-ambiguous-idx.t +++ b/tests/regression/56-witness/68-ghost-ambiguous-idx.t @@ -28,20 +28,6 @@ value: "0" format: c_expression ghost_updates: - - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 8 - column: 3 - function: t_fun - updates: [] - - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 11 - column: 3 - function: t_fun - updates: [] - location: file_name: 68-ghost-ambiguous-idx.c file_hash: $FILE_HASH @@ -52,20 +38,6 @@ - variable: multithreaded value: "1" format: c_expression - - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 23 - column: 3 - function: main - updates: [] - - location: - file_name: 68-ghost-ambiguous-idx.c - file_hash: $FILE_HASH - line: 25 - column: 3 - function: main - updates: [] - entry_type: flow_insensitive_invariant flow_insensitive_invariant: string: '! multithreaded || (0 <= data && data <= 1)' From 2c25848a23e3b74859cd4b8a7be549d572a748bc Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Nov 2024 17:04:25 +0200 Subject: [PATCH 131/164] Remove support for old ghost_variable and ghost_update entry types --- src/analyses/mutexGhosts.ml | 48 -------------------- src/config/options.schema.json | 2 - src/witness/witnessGhost.ml | 16 +------ src/witness/yamlWitness.ml | 24 ++-------- src/witness/yamlWitnessType.ml | 67 ---------------------------- tests/util/yamlWitnessStripCommon.ml | 4 -- 6 files changed, 4 insertions(+), 157 deletions(-) diff --git a/src/analyses/mutexGhosts.ml b/src/analyses/mutexGhosts.ml index 6ed0da4d4c..3deec3ef59 100644 --- a/src/analyses/mutexGhosts.ml +++ b/src/analyses/mutexGhosts.ml @@ -122,54 +122,6 @@ struct | YamlEntryGlobal (g, task) -> let g: V.t = Obj.obj g in begin match g with - | `Left g' when YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type -> - let (locked, unlocked, multithread) = G.node (ctx.global g) in - let g = g' in - let entries = - (* TODO: do variable_entry-s only once *) - Locked.fold (fun l acc -> - match mustlock_of_addr l with - | Some l when ghost_var_available ctx (Locked l) -> - let entry = WitnessGhost.variable_entry ~task (Locked l) in - Queries.YS.add entry acc - | _ -> - acc - ) (Locked.union locked unlocked) (Queries.YS.empty ()) - in - let entries = - Locked.fold (fun l acc -> - match mustlock_of_addr l with - | Some l when ghost_var_available ctx (Locked l) -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.one in - Queries.YS.add entry acc - | _ -> - acc - ) locked entries - in - let entries = - Unlocked.fold (fun l acc -> - match mustlock_of_addr l with - | Some l when ghost_var_available ctx (Locked l) -> - let entry = WitnessGhost.update_entry ~task ~node:g (Locked l) GoblintCil.zero in - Queries.YS.add entry acc - | _ -> - acc - ) unlocked entries - in - let entries = - if not (GobConfig.get_bool "exp.earlyglobs") && multithread then ( - if ghost_var_available ctx Multithreaded then ( - let entry = WitnessGhost.variable_entry ~task Multithreaded in - let entry' = WitnessGhost.update_entry ~task ~node:g Multithreaded GoblintCil.one in - Queries.YS.add entry (Queries.YS.add entry' entries) - ) - else - entries - ) - else - entries - in - entries | `Right true when YamlWitness.entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type -> let nodes = G.update (ctx.global g) in let (variables, location_updates) = NodeSet.fold (fun node (variables, location_updates) -> diff --git a/src/config/options.schema.json b/src/config/options.schema.json index 8534620d02..362e028ee3 100644 --- a/src/config/options.schema.json +++ b/src/config/options.schema.json @@ -2673,8 +2673,6 @@ "precondition_loop_invariant_certificate", "invariant_set", "violation_sequence", - "ghost_variable", - "ghost_update", "ghost_instrumentation" ] }, diff --git a/src/witness/witnessGhost.ml b/src/witness/witnessGhost.ml index 3535e8a347..3eaa8ef69b 100644 --- a/src/witness/witnessGhost.ml +++ b/src/witness/witnessGhost.ml @@ -1,7 +1,7 @@ (** Ghost variables for YAML witnesses. *) let enabled () = - (YamlWitness.entry_type_enabled YamlWitnessType.GhostVariable.entry_type && YamlWitness.entry_type_enabled YamlWitnessType.GhostUpdate.entry_type) || YamlWitness.entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type + YamlWitness.entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type module Var = WitnessGhostVar @@ -11,20 +11,6 @@ module Map = RichVarinfo.BiVarinfoMap.Make (Var) include Map -let variable_entry ~task x = - let variable = name_varinfo x in - let type_ = String.trim (CilType.Typ.show (typ x)) in (* CIL printer puts space at the end of some types *) - let initial = CilType.Exp.show (initial x) in - YamlWitness.Entry.ghost_variable ~task ~variable ~type_ ~initial - -let update_entry ~task ~node x e = - let loc = Node.location node in - let location_function = (Node.find_fundec node).svar.vname in - let location = YamlWitness.Entry.location ~location:loc ~location_function in - let variable = name_varinfo x in - let expression = CilType.Exp.show e in - YamlWitness.Entry.ghost_update ~task ~location ~variable ~expression - let variable' x = let variable = name_varinfo x in let type_ = String.trim (CilType.Typ.show (typ x)) in (* CIL printer puts space at the end of some types *) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index 81072ff82d..ec9a542919 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -149,25 +149,6 @@ struct metadata = metadata (); } - let ghost_variable ~task ~variable ~type_ ~(initial): Entry.t = { - entry_type = GhostVariable { - variable; - scope = "global"; - type_; - initial; - }; - metadata = metadata ~task (); - } - - let ghost_update ~task ~location ~variable ~(expression): Entry.t = { - entry_type = GhostUpdate { - variable; - expression; - location; - }; - metadata = metadata ~task (); - } - let ghost_variable' ~variable ~type_ ~(initial): GhostInstrumentation.Variable.t = { name = variable; scope = "global"; @@ -410,9 +391,10 @@ struct entries in - (* Generate flow-insensitive entries (ghost variables and ghost updates) *) + (* Generate flow-insensitive entries (ghost instrumentation) *) let entries = - if (entry_type_enabled YamlWitnessType.GhostVariable.entry_type && entry_type_enabled YamlWitnessType.GhostUpdate.entry_type) || entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type then ( + if entry_type_enabled YamlWitnessType.GhostInstrumentation.entry_type then ( + (* TODO: only at most one ghost_instrumentation entry can ever be produced, so this fold and deduplication is overkill *) let module EntrySet = Queries.YS in fst @@ GHT.fold (fun g v accs -> match g with diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 9b5d580849..bcd8e9435f 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -644,61 +644,6 @@ struct {content} end -module GhostVariable = -struct - type t = { - variable: string; - scope: string; - type_: string; - initial: string; - } - [@@deriving eq, ord, hash] - - let entry_type = "ghost_variable" - - let to_yaml' {variable; scope; type_; initial} = - [ - ("variable", `String variable); - ("scope", `String scope); - ("type", `String type_); - ("initial", `String initial); - ] - - let of_yaml y = - let open GobYaml in - let+ variable = y |> find "variable" >>= to_string - and+ scope = y |> find "scope" >>= to_string - and+ type_ = y |> find "type" >>= to_string - and+ initial = y |> find "initial" >>= to_string in - {variable; scope; type_; initial} -end - -module GhostUpdate = -struct - type t = { - variable: string; - expression: string; - location: Location.t; - } - [@@deriving eq, ord, hash] - - let entry_type = "ghost_update" - - let to_yaml' {variable; expression; location} = - [ - ("variable", `String variable); - ("expression", `String expression); - ("location", Location.to_yaml location); - ] - - let of_yaml y = - let open GobYaml in - let+ variable = y |> find "variable" >>= to_string - and+ expression = y |> find "expression" >>= to_string - and+ location = y |> find "location" >>= Location.of_yaml in - {variable; expression; location} -end - module GhostInstrumentation = struct @@ -831,8 +776,6 @@ struct | PreconditionLoopInvariantCertificate of PreconditionLoopInvariantCertificate.t | InvariantSet of InvariantSet.t | ViolationSequence of ViolationSequence.t - | GhostVariable of GhostVariable.t - | GhostUpdate of GhostUpdate.t | GhostInstrumentation of GhostInstrumentation.t [@@deriving eq, ord, hash] @@ -845,8 +788,6 @@ struct | PreconditionLoopInvariantCertificate _ -> PreconditionLoopInvariantCertificate.entry_type | InvariantSet _ -> InvariantSet.entry_type | ViolationSequence _ -> ViolationSequence.entry_type - | GhostVariable _ -> GhostVariable.entry_type - | GhostUpdate _ -> GhostUpdate.entry_type | GhostInstrumentation _ -> GhostInstrumentation.entry_type let to_yaml' = function @@ -858,8 +799,6 @@ struct | PreconditionLoopInvariantCertificate x -> PreconditionLoopInvariantCertificate.to_yaml' x | InvariantSet x -> InvariantSet.to_yaml' x | ViolationSequence x -> ViolationSequence.to_yaml' x - | GhostVariable x -> GhostVariable.to_yaml' x - | GhostUpdate x -> GhostUpdate.to_yaml' x | GhostInstrumentation x -> GhostInstrumentation.to_yaml' x let of_yaml y = @@ -889,12 +828,6 @@ struct else if entry_type = ViolationSequence.entry_type then let+ x = y |> ViolationSequence.of_yaml in ViolationSequence x - else if entry_type = GhostVariable.entry_type then - let+ x = y |> GhostVariable.of_yaml in - GhostVariable x - else if entry_type = GhostUpdate.entry_type then - let+ x = y |> GhostUpdate.of_yaml in - GhostUpdate x else if entry_type = GhostInstrumentation.entry_type then let+ x = y |> GhostInstrumentation.of_yaml in GhostInstrumentation x diff --git a/tests/util/yamlWitnessStripCommon.ml b/tests/util/yamlWitnessStripCommon.ml index d54dd446bf..39bc231d72 100644 --- a/tests/util/yamlWitnessStripCommon.ml +++ b/tests/util/yamlWitnessStripCommon.ml @@ -74,10 +74,6 @@ struct InvariantSet {content = List.sort InvariantSet.Invariant.compare (List.map invariant_strip_file_hash x.content)} (* Sort, so order is deterministic regardless of Goblint. *) | ViolationSequence x -> ViolationSequence {content = List.map segment_strip_file_hash x.content} - | GhostVariable x -> - GhostVariable x (* no location to strip *) - | GhostUpdate x -> - GhostUpdate {x with location = location_strip_file_hash x.location} | GhostInstrumentation x -> GhostInstrumentation { (* Sort, so order is deterministic regardless of Goblint. *) ghost_variables = List.sort GhostInstrumentation.Variable.compare x.ghost_variables; From 0ca1bb30f50d12bec84198ae404994c510e37431 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 22 Nov 2024 11:11:34 +0200 Subject: [PATCH 132/164] Add parsing of integer constraints in YAML violation_sequence-s --- src/util/std/gobYaml.ml | 2 ++ src/witness/yamlWitnessType.ml | 26 +++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/src/util/std/gobYaml.ml b/src/util/std/gobYaml.ml index 624cdbf1fa..4c8576ade2 100644 --- a/src/util/std/gobYaml.ml +++ b/src/util/std/gobYaml.ml @@ -44,3 +44,5 @@ let list = function let entries = function | `O assoc -> Ok assoc | _ -> Error (`Msg "Failed to get entries from non-object value") + +let int i = float (float_of_int i) diff --git a/src/witness/yamlWitnessType.ml b/src/witness/yamlWitnessType.ml index 4fc2029801..c77fadad4c 100644 --- a/src/witness/yamlWitnessType.ml +++ b/src/witness/yamlWitnessType.ml @@ -447,15 +447,35 @@ struct module Constraint = struct + + module Value = + struct + type t = + | String of string + | Int of int (* Why doesn't format consider ints (for switch branches) as strings here, like everywhere else? *) + [@@deriving ord] + + let to_yaml = function + | String s -> GobYaml.string s + | Int i -> GobYaml.int i + + let of_yaml y = + let open GobYaml in + match y with + | `String s -> Ok (String s) + | `Float f -> Ok (Int (int_of_float f)) + | _ -> Error (`Msg "Expected a string or integer value") + end + type t = { - value: string; + value: Value.t; format: string option; } [@@deriving ord] let to_yaml {value; format} = `O ([ - ("value", `String value); + ("value", Value.to_yaml value); ] @ (match format with | Some format -> [ ("format", `String format); @@ -466,7 +486,7 @@ struct let of_yaml y = let open GobYaml in - let+ value = y |> find "value" >>= to_string + let+ value = y |> find "value" >>= Value.of_yaml and+ format = y |> Yaml.Util.find "format" >>= option_map to_string in {value; format} end From addda52226ba8db4abe5d0a19c1e4dcd4331b9ac Mon Sep 17 00:00:00 2001 From: leon Date: Tue, 26 Nov 2024 12:41:44 +0100 Subject: [PATCH 133/164] extract tuple 6 from intDomain file --- src/cdomain/value/cdomains/intDomain.ml | 47 +++---------------------- src/util/std/gobTuple.ml | 37 +++++++++++++++++++ src/util/std/goblint_std.ml | 1 + 3 files changed, 42 insertions(+), 43 deletions(-) create mode 100644 src/util/std/gobTuple.ml diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index cc4e4c4310..9c8d378985 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -13,45 +13,6 @@ exception Unknown exception Error exception ArithmeticOnIntegerBot of string - - -(* Custom Tuple6 as Batteries only provides up to Tuple5 *) -module Tuple6 = struct - - let first (a,_,_,_,_, _) = a - let second (_,b,_,_,_, _) = b - let third (_,_,c,_,_, _) = c - let fourth (_,_,_,d,_, _) = d - let fifth (_,_,_,_,e, _) = e - let sixth (_,_,_,_,_, f) = f - - let map1 fn (a, b, c, d, e, f) = (fn a, b, c, d, e, f) - let map2 fn (a, b, c, d, e, f) = (a, fn b, c, d, e, f) - let map3 fn (a, b, c, d, e, f) = (a, b, fn c, d, e, f) - let map4 fn (a, b, c, d, e, f) = (a, b, c, fn d, e, f) - let map5 fn (a, b, c, d, e, f) = (a, b, c, d, fn e, f) - let map6 fn (a, b, c, d, e, f) = (a, b, c, d, e, fn f) - - let enum (a,b,c,d,e,f) = BatList.enum [a;b;c;d;e;f] (* Make efficient? *) - -end - -(* Prevent compile warnings *) -let _ = Tuple6.first -let _ = Tuple6.second -let _ = Tuple6.third -let _ = Tuple6.fourth -let _ = Tuple6.fifth -let _ = Tuple6.sixth - -let _ = Tuple6.map1 -let _ = Tuple6.map2 -let _ = Tuple6.map3 -let _ = Tuple6.map4 -let _ = Tuple6.map5 -let _ = Tuple6.map6 - - (** Define records that hold mutable variables representing different Configuration values. * These values are used to keep track of whether or not the corresponding Config values are en-/disabled *) type ana_int_config_values = { @@ -3776,8 +3737,8 @@ module IntDomTupleImpl = struct let name () = "intdomtuple" (* The Interval domain can lead to too many contexts for recursive functions (top is [min,max]), but we don't want to drop all ints as with `ana.base.context.int`. TODO better solution? *) - let no_interval = Tuple6.map2 (const None) - let no_intervalSet = Tuple6.map5 (const None) + let no_interval = GobTuple.Tuple6.map2 (const None) + let no_intervalSet = GobTuple.Tuple6.map5 (const None) type 'a m = (module SOverflow with type t = 'a) type 'a m2 = (module SOverflow with type t = 'a and type int_t = int_t ) @@ -3836,7 +3797,7 @@ module IntDomTupleImpl = struct let opt_map2 f ?no_ov = curry @@ function Some x, Some y -> Some (f ?no_ov x y) | _ -> None - let to_list x = Tuple6.enum x |> List.of_enum |> List.filter_map identity (* contains only the values of activated domains *) + let to_list x = GobTuple.Tuple6.enum x |> List.of_enum |> List.filter_map identity (* contains only the values of activated domains *) let to_list_some x = List.filter_map identity @@ to_list x (* contains only the Some-values of activated domains *) let exists = function @@ -4097,7 +4058,7 @@ module IntDomTupleImpl = struct (* fp: projections *) let equal_to i x = - let xs = mapp2 { fp2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.equal_to i } x |> Tuple6.enum |> List.of_enum |> List.filter_map identity in + let xs = mapp2 { fp2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.equal_to i } x |> GobTuple.Tuple6.enum |> List.of_enum |> List.filter_map identity in if List.mem `Eq xs then `Eq else if List.mem `Neq xs then `Neq else `Top diff --git a/src/util/std/gobTuple.ml b/src/util/std/gobTuple.ml new file mode 100644 index 0000000000..8edd970974 --- /dev/null +++ b/src/util/std/gobTuple.ml @@ -0,0 +1,37 @@ +open Batteries + +(* Custom Tuple6 as Batteries only provides up to Tuple5 *) +module Tuple6 = struct + + let first (a,_,_,_,_, _) = a + let second (_,b,_,_,_, _) = b + let third (_,_,c,_,_, _) = c + let fourth (_,_,_,d,_, _) = d + let fifth (_,_,_,_,e, _) = e + let sixth (_,_,_,_,_, f) = f + + let map1 fn (a, b, c, d, e, f) = (fn a, b, c, d, e, f) + let map2 fn (a, b, c, d, e, f) = (a, fn b, c, d, e, f) + let map3 fn (a, b, c, d, e, f) = (a, b, fn c, d, e, f) + let map4 fn (a, b, c, d, e, f) = (a, b, c, fn d, e, f) + let map5 fn (a, b, c, d, e, f) = (a, b, c, d, fn e, f) + let map6 fn (a, b, c, d, e, f) = (a, b, c, d, e, fn f) + + let enum (a,b,c,d,e,f) = BatList.enum [a;b;c;d;e;f] (* Make efficient? *) + +end + +(* Prevent compile warnings *) +let _ = Tuple6.first +let _ = Tuple6.second +let _ = Tuple6.third +let _ = Tuple6.fourth +let _ = Tuple6.fifth +let _ = Tuple6.sixth + +let _ = Tuple6.map1 +let _ = Tuple6.map2 +let _ = Tuple6.map3 +let _ = Tuple6.map4 +let _ = Tuple6.map5 +let _ = Tuple6.map6 diff --git a/src/util/std/goblint_std.ml b/src/util/std/goblint_std.ml index 5b623ead30..98c8742c0c 100644 --- a/src/util/std/goblint_std.ml +++ b/src/util/std/goblint_std.ml @@ -13,6 +13,7 @@ module GobResult = GobResult module GobOption = GobOption module GobSys = GobSys module GobUnix = GobUnix +module GobTuple = GobTuple (** {1 Other libraries} From 96e5737c06a6096bf11ce145703781a84b649a05 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Wed, 27 Nov 2024 04:06:28 +0100 Subject: [PATCH 134/164] add regression test for refinement --- src/cdomain/value/cdomains/intDomain.ml | 23 ++++++++++++------- .../82-bitfield/05-refine-with-congruence.c | 15 ++++++++++++ tests/unit/cdomains/intDomainTest.ml | 4 +--- 3 files changed, 31 insertions(+), 11 deletions(-) create mode 100644 tests/regression/82-bitfield/05-refine-with-congruence.c diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 283724e096..299aff6152 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1232,16 +1232,13 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let acc' = (if current_bit_impossible = Ints_t.one then "⊥" else if current_bit_known = Ints_t.one then string_of_int (Ints_t.to_int value) else "⊤") ^ acc in to_pretty_bits' (Ints_t.shift_right known_mask 1) (Ints_t.shift_right impossible_mask 1) (Ints_t.shift_right o_mask 1) (max_bits - 1) acc' in - to_pretty_bits' known impossible o max_bits "" + "0b"^to_pretty_bits' known impossible o max_bits "" let show t = if t = bot () then "bot" else if t = top () then "top" else let (z,o) = t in - if BArith.is_const t then - Format.sprintf "{%d, %d} {%s} (unique: %d)" (Ints_t.to_int z) (Ints_t.to_int o) (to_pretty_bits t) (Ints_t.to_int o) - else - Format.sprintf "{%d, %d} {%s}" (Ints_t.to_int z) (Ints_t.to_int o) (to_pretty_bits t) + Format.sprintf "{zs:%d, os:%d} %s" (Ints_t.to_int z) (Ints_t.to_int o) (to_pretty_bits t) include Std (struct type nonrec t = t let name = name let top_of = top_of let bot_of = bot_of let show = show let equal = equal end) @@ -1435,13 +1432,24 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let res = if BArith.is_const (z1, o1) && BArith.is_const (z2, o2) then (let tmp = Ints_t.div z1 z2 in (Ints_t.lognot tmp, tmp)) else top_of ik in norm ik res + let is_power_of_two x = Ints_t.(logand x (sub x one) = zero) + let rem ik x y = - M.trace "bitfield" "rem"; if BArith.is_const x && BArith.is_const y then ( (* x % y = x - (x / y) * y *) let tmp = fst (div ik x y) in let tmp = fst (mul ik tmp y) in fst (sub ik x tmp)) + else if BArith.is_const y && is_power_of_two (snd y) then ( + let mask = Ints_t.sub (snd y) Ints_t.one in + print_endline (Ints_t.to_string mask); + print_endline (Ints_t.to_string (Ints_t.lognot mask)); + let newz = Ints_t.logor (fst x) (Ints_t.lognot mask) in + let newo = Ints_t.logand (snd x) mask in + print_endline (Ints_t.to_string newz); + print_endline (Ints_t.to_string newo); + norm ik (newz, newo) |> fst + ) else top_of ik let eq ik x y = @@ -1494,9 +1502,8 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = - let is_power_of_two x = Ints_t.(logand x (sub x one) = zero) in match bf, cong with - | (z,o), Some (c, m) when is_power_of_two m -> + | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = Ints_t.lognot m in let newz = Ints_t.logor (Ints_t.logand (Ints_t.lognot congruenceMask) z) (Ints_t.logand congruenceMask (Ints_t.lognot c)) in let newo = Ints_t.logor (Ints_t.logand (Ints_t.lognot congruenceMask) o) (Ints_t.logand congruenceMask c) in diff --git a/tests/regression/82-bitfield/05-refine-with-congruence.c b/tests/regression/82-bitfield/05-refine-with-congruence.c new file mode 100644 index 0000000000..828bdfdb9f --- /dev/null +++ b/tests/regression/82-bitfield/05-refine-with-congruence.c @@ -0,0 +1,15 @@ +// PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield --set ana.int.refinement fixpoint --enable ana.int.congruence +#include +#include +#include + +int main() { + int a = rand(); + + __goblint_assume(a % 8 == 3); + + __goblint_assert((a & 0x7) == 3); // SUCCESS + +} + + \ No newline at end of file diff --git a/tests/unit/cdomains/intDomainTest.ml b/tests/unit/cdomains/intDomainTest.ml index 795c1be9d9..8d82645dd2 100644 --- a/tests/unit/cdomains/intDomainTest.ml +++ b/tests/unit/cdomains/intDomainTest.ml @@ -700,9 +700,7 @@ struct let bf_refined1= I.refine_with_congruence ik bf (Some (Z.of_int 3, Z.of_int 4)) in assert_bool "3" (I.equal_to (of_int 3) bf_refined1 = `Top); - let bf_refined2= I.refine_with_congruence ik bf_refined1 (Some (Z.of_int 1, Z.of_int 1)) in - assert_bool "1" (I.equal_to (of_int 1) bf_refined2 = `Eq); - let bf_refined3= I.refine_with_congruence ik bf_refined2 (Some (Z.of_int 5, Z.of_int 0)) in + let bf_refined3= I.refine_with_congruence ik bf (Some (Z.of_int 5, Z.of_int 0)) in assert_bool "5" (I.equal_to (of_int 5) bf_refined3 = `Eq) let test_refine_with_inclusion_list _ = From d7074f1e9526c0df5f146d267c35038b2bb65770 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Wed, 27 Nov 2024 13:44:50 +0200 Subject: [PATCH 135/164] Add Karoliine's email to opam maintainer field opam-repository CI now demands this. Co-authored-by: Karoliine Holter --- dune-project | 2 +- goblint.opam | 2 +- goblint.opam.locked | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dune-project b/dune-project index 54915cf964..f2f87b3c58 100644 --- a/dune-project +++ b/dune-project @@ -16,7 +16,7 @@ (homepage "https://goblint.in.tum.de") (documentation "https://goblint.readthedocs.io/en/latest/") (authors "Simmo Saan" "Michael Schwarz" "Julian Erhard" "Sarah Tilscher" "Karoliine Holter" "Ralf Vogler" "Kalmer Apinis" "Vesal Vojdani" ) ; same authors as in .zenodo.json and CITATION.cff -(maintainers "Simmo Saan " "Michael Schwarz " "Karoliine Holter") +(maintainers "Simmo Saan " "Michael Schwarz " "Karoliine Holter ") (license MIT) (package diff --git a/goblint.opam b/goblint.opam index 44e5ccd2c2..f74ffab8c4 100644 --- a/goblint.opam +++ b/goblint.opam @@ -9,7 +9,7 @@ Goblint includes analyses for assertions, overflows, deadlocks, etc and can be e maintainer: [ "Simmo Saan " "Michael Schwarz " - "Karoliine Holter" + "Karoliine Holter " ] authors: [ "Simmo Saan" diff --git a/goblint.opam.locked b/goblint.opam.locked index 9fbee1e02b..cedb4088b8 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -5,7 +5,7 @@ synopsis: "Static analysis framework for C" maintainer: [ "Simmo Saan " "Michael Schwarz " - "Karoliine Holter" + "Karoliine Holter " ] authors: [ "Simmo Saan" From 90338a731e424d9d91c9bc5f3b38db4dfba31dea Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Wed, 27 Nov 2024 18:51:43 +0100 Subject: [PATCH 136/164] add more regression tests for refines --- .../regression/82-bitfield/06-refine-with-incl-set.c | 12 ++++++++++++ .../regression/82-bitfield/07-refine-with-interval.c | 12 ++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 tests/regression/82-bitfield/06-refine-with-incl-set.c create mode 100644 tests/regression/82-bitfield/07-refine-with-interval.c diff --git a/tests/regression/82-bitfield/06-refine-with-incl-set.c b/tests/regression/82-bitfield/06-refine-with-incl-set.c new file mode 100644 index 0000000000..6edd060c5c --- /dev/null +++ b/tests/regression/82-bitfield/06-refine-with-incl-set.c @@ -0,0 +1,12 @@ +// PARAM: --disable ana.int.def_exc --enable ana.int.bitfield --set ana.int.refinement fixpoint --enable ana.int.enums +#include +#include +#include + +int main() { + int a = rand(); + + if (a == 9 || a == 11 || a == 15) { + __goblint_assert((a & 9) == 9); // SUCCESS + } +} diff --git a/tests/regression/82-bitfield/07-refine-with-interval.c b/tests/regression/82-bitfield/07-refine-with-interval.c new file mode 100644 index 0000000000..f8b6159455 --- /dev/null +++ b/tests/regression/82-bitfield/07-refine-with-interval.c @@ -0,0 +1,12 @@ +// PARAM: --enable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield --set ana.int.refinement fixpoint +#include +#include +#include + +int main() { + int a = rand(); + + if (a <= 4) { + __goblint_assert((a & 0x10) == 0); // SUCCESS + } +} From f25a57804052f028740ac1014452b86521ea4825 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Thu, 28 Nov 2024 04:31:42 +0100 Subject: [PATCH 137/164] improve refine with interval; add regression tests --- src/cdomain/value/cdomains/intDomain.ml | 71 ++++++++++++------- .../82-bitfield/07-refine-with-interval.c | 13 ++++ 2 files changed, 58 insertions(+), 26 deletions(-) diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 299aff6152..dd6298e42e 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1290,15 +1290,44 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int else `Neq let of_interval ?(suppress_ovwarn=false) ik (x,y) = - (* naive implentation -> horrible O(n) runtime *) let (min_ik, max_ik) = Size.range ik in - let current = ref (Z.max (Z.of_int (Ints_t.to_int x)) min_ik) in - let bf = ref (bot ()) in - while Z.leq !current (Z.min (Z.of_int (Ints_t.to_int y)) max_ik) do - bf := BArith.join !bf (BArith.of_int (Ints_t.of_bigint !current)); - current := Z.add !current Z.one - done; - norm ~suppress_ovwarn ik !bf + let startv = Ints_t.max x (Ints_t.of_bigint min_ik) in + let endv= Ints_t.min y (Ints_t.of_bigint max_ik) in + + let rec analyze_bits pos (acc_z, acc_o) = + if pos < 0 then (acc_z, acc_o) + else + let position = Ints_t.shift_left Ints_t.one pos in + let mask = Ints_t.sub position Ints_t.one in + let remainder = Ints_t.logand startv mask in + + let without_remainder = Ints_t.sub startv remainder in + let bigger_number = Ints_t.add without_remainder position in + + let bit_status = + if Ints_t.compare bigger_number endv <= 0 then + `top + else + if Ints_t.equal (Ints_t.logand (Ints_t.shift_right startv pos) Ints_t.one) Ints_t.one then + `one + else + `zero + in + + let new_acc = + match bit_status with + | `top -> (Ints_t.logor position acc_z, Ints_t.logor position acc_o) + | `one -> (Ints_t.logand (Ints_t.lognot position) acc_z, Ints_t.logor position acc_o) + | `zero -> (Ints_t.logor position acc_z, Ints_t.logand (Ints_t.lognot position) acc_o) + + in + analyze_bits (pos - 1) new_acc + in + + let result = analyze_bits (Size.bit ik - 1) (bot()) in + let casted = (Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (fst result)))), Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (snd result))))) in + norm ~suppress_ovwarn ik casted + let of_bool _ik = function true -> BArith.one | false -> BArith.zero @@ -1481,25 +1510,12 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int IntInvariant.of_interval e ik range let starting ?(suppress_ovwarn=false) ik n = - if Ints_t.compare n Ints_t.zero >= 0 then - (* sign bit can only be 0, as all numbers will be positive *) - let signBitMask = Ints_t.shift_left Ints_t.one (Size.bit ik - 1) in - let zs = BArith.one_mask in - let os = Ints_t.logand (Ints_t.lognot signBitMask) BArith.one_mask in - (norm ~suppress_ovwarn ik @@ (zs,os)) - else - (norm ~suppress_ovwarn ik @@ (top ())) + let (min_ik, max_ik) = Size.range ik in + of_interval ~suppress_ovwarn ik (n, Ints_t.of_bigint max_ik) let ending ?(suppress_ovwarn=false) ik n = - if isSigned ik && Ints_t.compare n Ints_t.zero <= 0 then - (* sign bit can only be 1, as all numbers will be negative *) - let signBitMask = Ints_t.shift_left Ints_t.one (Size.bit ik - 1) in - let zs = Ints_t.logand (Ints_t.lognot signBitMask) BArith.one_mask in - let os = BArith.one_mask in - (norm ~suppress_ovwarn ik @@ (zs,os)) - else - (norm ~suppress_ovwarn ik @@ (top ())) - + let (min_ik, max_ik) = Size.range ik in + of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = match bf, cong with @@ -1510,7 +1526,10 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int norm ik (newz, newo) |> fst | _ -> norm ik bf |> fst - let refine_with_interval ik t i = norm ik t |> fst + let refine_with_interval ik t itv = + match itv with + | None -> norm ik t |> fst + | Some (l, u) -> meet ik t (of_interval ik (l, u) |> fst) let refine_with_excl_list ik t (excl : (int_t list * (int64 * int64)) option) : t = norm ik t |> fst diff --git a/tests/regression/82-bitfield/07-refine-with-interval.c b/tests/regression/82-bitfield/07-refine-with-interval.c index f8b6159455..3a4bc547fb 100644 --- a/tests/regression/82-bitfield/07-refine-with-interval.c +++ b/tests/regression/82-bitfield/07-refine-with-interval.c @@ -8,5 +8,18 @@ int main() { if (a <= 4) { __goblint_assert((a & 0x10) == 0); // SUCCESS + + int b = ~0x7; + __goblint_assert((a & b) == 0); // SUCCESS + } + + if (a > 8 && a < 15) { + __goblint_assert((a & 8) == 8); // SUCCESS + } + + int b = rand() - 512; + + if(-4 <= b && b <= -2) { + __goblint_assert((b & 4) == 4); // SUCCESS } } From 65ddbbb7d06236e2a266ef2967f58c59528a48c6 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 10:27:35 +0200 Subject: [PATCH 138/164] Finalize CHANGELOG for v2.5.0 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cf6a8aa781..1fb07a7dc2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## v2.5.0 (unreleased) +## v2.5.0 Functionally equivalent to Goblint in SV-COMP 2025. * Add 32bit vs 64bit architecture support (#54, #1574). From 629cd493201c133e284f45437816ab82fe305742 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 10:34:13 +0200 Subject: [PATCH 139/164] Replace goblint-cil pin with published 2.0.5 --- dune-project | 2 +- goblint.opam | 5 +++-- goblint.opam.locked | 6 +----- goblint.opam.template | 3 ++- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/dune-project b/dune-project index f2f87b3c58..9a1d958484 100644 --- a/dune-project +++ b/dune-project @@ -37,7 +37,7 @@ Goblint includes analyses for assertions, overflows, deadlocks, etc and can be e "concurrency")) (depends (ocaml (>= 4.14)) - (goblint-cil (>= 2.0.4)) ; TODO no way to define as pin-depends? Used goblint.opam.template to add it for now. https://github.com/ocaml/dune/issues/3231. Alternatively, removing this line and adding cil as a git submodule and `(vendored_dirs cil)` as ./dune also works. This way, no more need to reinstall the pinned cil opam package on changes. However, then cil is cleaned and has to be rebuild together with goblint. + (goblint-cil (>= 2.0.5)) ; TODO no way to define as pin-depends? Used goblint.opam.template to add it for now. https://github.com/ocaml/dune/issues/3231. Alternatively, removing this line and adding cil as a git submodule and `(vendored_dirs cil)` as ./dune also works. This way, no more need to reinstall the pinned cil opam package on changes. However, then cil is cleaned and has to be rebuild together with goblint. (batteries (>= 3.5.1)) (zarith (>= 1.10)) (yojson (>= 2.0.0)) diff --git a/goblint.opam b/goblint.opam index f74ffab8c4..9fa877d54f 100644 --- a/goblint.opam +++ b/goblint.opam @@ -37,7 +37,7 @@ bug-reports: "https://github.com/goblint/analyzer/issues" depends: [ "dune" {>= "3.7"} "ocaml" {>= "4.14"} - "goblint-cil" {>= "2.0.4"} + "goblint-cil" {>= "2.0.5"} "batteries" {>= "3.5.1"} "zarith" {>= "1.10"} "yojson" {>= "2.0.0"} @@ -97,7 +97,8 @@ dev-repo: "git+https://github.com/goblint/analyzer.git" # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") pin-depends: [ - [ "goblint-cil.2.0.4" "git+https://github.com/goblint/cil.git#9f4fac450c02bc61a13717784515056b185794cd" ] + # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed + # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release diff --git a/goblint.opam.locked b/goblint.opam.locked index cedb4088b8..081731a9a3 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -64,7 +64,7 @@ depends: [ "fileutils" {= "0.6.4"} "fmt" {= "0.9.0"} "fpath" {= "0.7.3"} - "goblint-cil" {= "2.0.4"} + "goblint-cil" {= "2.0.5"} "hex" {= "1.5.0"} "integers" {= "0.7.0"} "json-data-encoding" {= "1.0.1"} @@ -138,10 +138,6 @@ post-messages: [ "Do not benchmark Goblint on OCaml 5 (https://goblint.readthedocs.io/en/latest/user-guide/benchmarking/)." {ocaml:version >= "5.0.0"} ] pin-depends: [ - [ - "goblint-cil.2.0.4" - "git+https://github.com/goblint/cil.git#9f4fac450c02bc61a13717784515056b185794cd" - ] [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" diff --git a/goblint.opam.template b/goblint.opam.template index 0a517fbfa0..d05a0af61d 100644 --- a/goblint.opam.template +++ b/goblint.opam.template @@ -2,7 +2,8 @@ # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") pin-depends: [ - [ "goblint-cil.2.0.4" "git+https://github.com/goblint/cil.git#9f4fac450c02bc61a13717784515056b185794cd" ] + # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed + # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release From d066c8dd711317ae969639d45285aa5664767daa Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 10:35:32 +0200 Subject: [PATCH 140/164] Disable pins for v2.5.0 release --- goblint.opam | 8 ++++---- goblint.opam.locked | 10 ---------- goblint.opam.template | 8 ++++---- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/goblint.opam b/goblint.opam index 9fa877d54f..9f2b874ff6 100644 --- a/goblint.opam +++ b/goblint.opam @@ -96,14 +96,14 @@ dev-repo: "git+https://github.com/goblint/analyzer.git" # on `dune build` goblint.opam will be generated from goblint.opam.template and dune-project # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") -pin-depends: [ +# pin-depends: [ # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release - [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] + # [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release - [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] -] + # [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] +# ] depexts: [ ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} ] diff --git a/goblint.opam.locked b/goblint.opam.locked index 081731a9a3..3a7bb1bfa5 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -137,16 +137,6 @@ conflicts: [ post-messages: [ "Do not benchmark Goblint on OCaml 5 (https://goblint.readthedocs.io/en/latest/user-guide/benchmarking/)." {ocaml:version >= "5.0.0"} ] -pin-depends: [ - [ - "camlidl.1.12" - "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" - ] - [ - "apron.v0.9.15" - "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" - ] -] depexts: ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} description: """\ Goblint is a sound static analysis framework for C programs using abstract interpretation. diff --git a/goblint.opam.template b/goblint.opam.template index d05a0af61d..8766a89df2 100644 --- a/goblint.opam.template +++ b/goblint.opam.template @@ -1,14 +1,14 @@ # on `dune build` goblint.opam will be generated from goblint.opam.template and dune-project # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") -pin-depends: [ +# pin-depends: [ # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release - [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] + # [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release - [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] -] + # [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] +# ] depexts: [ ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} ] From 0df4d8647afbfd2d65043c13f89047ecc3a2219b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 13:36:28 +0200 Subject: [PATCH 141/164] Update goblint-cil to 2.0.5 in Gobview lock file --- gobview | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gobview b/gobview index 76e42c34d3..8e1b755ebc 160000 --- a/gobview +++ b/gobview @@ -1 +1 @@ -Subproject commit 76e42c34d36bd2ab6900efd661a972ba4824f065 +Subproject commit 8e1b755ebc5fb479095fb4dcc30305fe02501e47 From eb9ee513ba2cb1811750d58fd10370f31c21dda1 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 14:52:54 +0200 Subject: [PATCH 142/164] Make 29-svcomp/36-svcomp-arch multilib detection more precise Also handles missing gcc-multilib on Linux, e.g. in opam docker. There's no conf-* package for gcc-multilib. --- tests/regression/29-svcomp/dune | 2 +- tests/util/dune | 7 ++++++- tests/util/multilibConfigure.ml | 4 ++++ 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 tests/util/multilibConfigure.ml diff --git a/tests/regression/29-svcomp/dune b/tests/regression/29-svcomp/dune index 95ac66a5ec..9b2396b313 100644 --- a/tests/regression/29-svcomp/dune +++ b/tests/regression/29-svcomp/dune @@ -17,4 +17,4 @@ (cram (applies_to 36-svcomp-arch) - (enabled_if (<> %{system} macosx))) ; https://dune.readthedocs.io/en/stable/reference/boolean-language.html + (enabled_if %{read:../../util/multilibAvailable})) ; https://dune.readthedocs.io/en/stable/reference/boolean-language.html diff --git a/tests/util/dune b/tests/util/dune index 0e32304d4f..e43d21c25d 100644 --- a/tests/util/dune +++ b/tests/util/dune @@ -1,7 +1,8 @@ (executables - (names yamlWitnessStrip yamlWitnessStripDiff) + (names yamlWitnessStrip yamlWitnessStripDiff multilibConfigure) (libraries batteries.unthreaded + goblint-cil goblint_std goblint_lib yaml @@ -9,3 +10,7 @@ goblint.build-info.dune) (flags :standard -open Goblint_std) (preprocess (pps ppx_deriving.std))) + +(rule + (target multilibAvailable) + (action (with-stdout-to %{target} (run ./multilibConfigure.exe)))) diff --git a/tests/util/multilibConfigure.ml b/tests/util/multilibConfigure.ml new file mode 100644 index 0000000000..cf59e04416 --- /dev/null +++ b/tests/util/multilibConfigure.ml @@ -0,0 +1,4 @@ +open GoblintCil + +let () = + Printf.printf "%B" (Option.is_some GoblintCil.Machdep.gcc32 && Option.is_some GoblintCil.Machdep.gcc64) From 7170d9a8944706a1adc0acaeb81a4fc6d914af7b Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 28 Nov 2024 15:00:16 +0200 Subject: [PATCH 143/164] Fix unused open in multilibConfigure --- tests/util/multilibConfigure.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/util/multilibConfigure.ml b/tests/util/multilibConfigure.ml index cf59e04416..96cf9a706a 100644 --- a/tests/util/multilibConfigure.ml +++ b/tests/util/multilibConfigure.ml @@ -1,4 +1,4 @@ open GoblintCil let () = - Printf.printf "%B" (Option.is_some GoblintCil.Machdep.gcc32 && Option.is_some GoblintCil.Machdep.gcc64) + Printf.printf "%B" (Option.is_some Machdep.gcc32 && Option.is_some Machdep.gcc64) From 4f83ce8369977071c5a749ad50cf5ebba7aa4f75 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 10:51:02 +0200 Subject: [PATCH 144/164] Revert "Disable pins for v2.5.0 release" This reverts commit d066c8dd711317ae969639d45285aa5664767daa. --- goblint.opam | 8 ++++---- goblint.opam.locked | 10 ++++++++++ goblint.opam.template | 8 ++++---- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/goblint.opam b/goblint.opam index 9f2b874ff6..9fa877d54f 100644 --- a/goblint.opam +++ b/goblint.opam @@ -96,14 +96,14 @@ dev-repo: "git+https://github.com/goblint/analyzer.git" # on `dune build` goblint.opam will be generated from goblint.opam.template and dune-project # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") -# pin-depends: [ +pin-depends: [ # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release - # [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] + [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release - # [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] -# ] + [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] +] depexts: [ ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} ] diff --git a/goblint.opam.locked b/goblint.opam.locked index 3a7bb1bfa5..081731a9a3 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -137,6 +137,16 @@ conflicts: [ post-messages: [ "Do not benchmark Goblint on OCaml 5 (https://goblint.readthedocs.io/en/latest/user-guide/benchmarking/)." {ocaml:version >= "5.0.0"} ] +pin-depends: [ + [ + "camlidl.1.12" + "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" + ] + [ + "apron.v0.9.15" + "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" + ] +] depexts: ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} description: """\ Goblint is a sound static analysis framework for C programs using abstract interpretation. diff --git a/goblint.opam.template b/goblint.opam.template index 8766a89df2..d05a0af61d 100644 --- a/goblint.opam.template +++ b/goblint.opam.template @@ -1,14 +1,14 @@ # on `dune build` goblint.opam will be generated from goblint.opam.template and dune-project # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") -# pin-depends: [ +pin-depends: [ # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release - # [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] + [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release - # [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] -# ] + [ "apron.v0.9.15" "git+https://github.com/antoinemine/apron.git#418a217c7a70dae3f422678f3aaba38ae374d91a" ] +] depexts: [ ["libgraph-easy-perl"] {os-distribution = "ubuntu" & with-test} ] From 77acd917865a4385c160155740d20615c0e87f2a Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 10:58:11 +0200 Subject: [PATCH 145/164] Pin released goblint-cil.2.0.5 for reproducibility --- goblint.opam | 4 ++-- goblint.opam.locked | 4 ++++ goblint.opam.template | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/goblint.opam b/goblint.opam index 9fa877d54f..219c67d011 100644 --- a/goblint.opam +++ b/goblint.opam @@ -97,8 +97,8 @@ dev-repo: "git+https://github.com/goblint/analyzer.git" # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") pin-depends: [ - # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed - # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] + # published goblint-cil 2.0.5 is currently up-to-date, but pinned for reproducibility + [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release diff --git a/goblint.opam.locked b/goblint.opam.locked index 081731a9a3..2594aea288 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -138,6 +138,10 @@ post-messages: [ "Do not benchmark Goblint on OCaml 5 (https://goblint.readthedocs.io/en/latest/user-guide/benchmarking/)." {ocaml:version >= "5.0.0"} ] pin-depends: [ + [ + "oblint-cil.2.0.5" + "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" + ] [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" diff --git a/goblint.opam.template b/goblint.opam.template index d05a0af61d..84dcc24d8d 100644 --- a/goblint.opam.template +++ b/goblint.opam.template @@ -2,8 +2,8 @@ # also remember to generate/adjust goblint.opam.locked! available: os-family != "bsd" & os-distribution != "alpine" & (arch != "arm64" | os = "macos") pin-depends: [ - # published goblint-cil 2.0.5 is currently up-to-date, so no pin needed - # [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] + # published goblint-cil 2.0.5 is currently up-to-date, but pinned for reproducibility + [ "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new camlidl release [ "camlidl.1.12" "git+https://github.com/xavierleroy/camlidl.git#1c1e87e3f56c2c6b3226dd0af3510ef414b462d0" ] # pinned for stability (https://github.com/goblint/analyzer/issues/1520), remove after new apron release From dbdefab9825123e08c92b4c36618e7eacb7883d4 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 11:21:22 +0200 Subject: [PATCH 146/164] Fix must-double-locking in regression tests --- tests/regression/04-mutex/32-allfuns.c | 4 ++-- tests/regression/09-regions/31-equ_rc.c | 2 +- tests/regression/09-regions/32-equ_nr.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/regression/04-mutex/32-allfuns.c b/tests/regression/04-mutex/32-allfuns.c index b59c487c53..e6b88e47ce 100644 --- a/tests/regression/04-mutex/32-allfuns.c +++ b/tests/regression/04-mutex/32-allfuns.c @@ -8,11 +8,11 @@ pthread_mutex_t B_mutex = PTHREAD_MUTEX_INITIALIZER; void t1() { pthread_mutex_lock(&A_mutex); myglobal++; //RACE! - pthread_mutex_lock(&A_mutex); + pthread_mutex_unlock(&A_mutex); } void t2() { pthread_mutex_lock(&B_mutex); myglobal++; //RACE! - pthread_mutex_lock(&B_mutex); + pthread_mutex_unlock(&B_mutex); } diff --git a/tests/regression/09-regions/31-equ_rc.c b/tests/regression/09-regions/31-equ_rc.c index 7cea370c58..2f3aff7f63 100644 --- a/tests/regression/09-regions/31-equ_rc.c +++ b/tests/regression/09-regions/31-equ_rc.c @@ -15,7 +15,7 @@ struct s { void *t_fun(void *arg) { pthread_mutex_lock(&A.mutex); B.datum = 5; // RACE! - pthread_mutex_lock(&A.mutex); + pthread_mutex_unlock(&A.mutex); return NULL; } diff --git a/tests/regression/09-regions/32-equ_nr.c b/tests/regression/09-regions/32-equ_nr.c index d9b909546e..a242448ba8 100644 --- a/tests/regression/09-regions/32-equ_nr.c +++ b/tests/regression/09-regions/32-equ_nr.c @@ -15,7 +15,7 @@ struct s { void *t_fun(void *arg) { pthread_mutex_lock(&A.mutex); A.datum = 5; // NORACE - pthread_mutex_lock(&A.mutex); + pthread_mutex_unlock(&A.mutex); return NULL; } From 218770b8f3f825338db1e10911668151d3317f14 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 11:21:55 +0200 Subject: [PATCH 147/164] Check must-double-locking in 03-practical/21-pfscan_combine_minimal --- tests/regression/03-practical/21-pfscan_combine_minimal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/regression/03-practical/21-pfscan_combine_minimal.c b/tests/regression/03-practical/21-pfscan_combine_minimal.c index abdef0627b..86cfdabac1 100644 --- a/tests/regression/03-practical/21-pfscan_combine_minimal.c +++ b/tests/regression/03-practical/21-pfscan_combine_minimal.c @@ -18,7 +18,7 @@ int pqueue_init(PQUEUE *qp) void pqueue_close(PQUEUE *qp ) { - pthread_mutex_lock(& qp->mtx); + pthread_mutex_lock(& qp->mtx); // WARN (must double locking) qp->closed = 1; pthread_mutex_unlock(& qp->mtx); return; @@ -26,7 +26,7 @@ void pqueue_close(PQUEUE *qp ) int pqueue_put(PQUEUE *qp) { - pthread_mutex_lock(& qp->mtx); + pthread_mutex_lock(& qp->mtx); // WARN (must double locking) if (qp->closed) { // pfscan actually has a bug and is missing the following unlock at early return // pthread_mutex_unlock(& qp->mtx); From 68cd95237ebbb2023f6c9f7e59dc5f2d33d8ad45 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 11:30:41 +0200 Subject: [PATCH 148/164] Fix goblint-cil typo in opam lock file --- goblint.opam.locked | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/goblint.opam.locked b/goblint.opam.locked index 2594aea288..e5176b9007 100644 --- a/goblint.opam.locked +++ b/goblint.opam.locked @@ -139,7 +139,7 @@ post-messages: [ ] pin-depends: [ [ - "oblint-cil.2.0.5" + "goblint-cil.2.0.5" "git+https://github.com/goblint/cil.git#c79208b21ea61d7b72eae29a18c1ddeda4795dfd" ] [ From ffe255b9a60a1c4919b565f6c9a0e07c47ac7218 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 14:11:46 +0200 Subject: [PATCH 149/164] Count witness.invariant.flow_insensitive-as location invariants in summary --- src/witness/yamlWitness.ml | 2 ++ tests/regression/13-privatized/04-priv_multi.t | 2 +- tests/regression/13-privatized/74-mutex.t | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/witness/yamlWitness.ml b/src/witness/yamlWitness.ml index e3978f9929..9d04b597fa 100644 --- a/src/witness/yamlWitness.ml +++ b/src/witness/yamlWitness.ml @@ -385,6 +385,7 @@ struct fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc -> let invariant = Entry.invariant (CilType.Exp.show inv) in let entry = Entry.location_invariant ~task ~location ~invariant in + incr cnt_location_invariant; entry :: acc ) acc | `Lifted _, _ @@ -605,6 +606,7 @@ struct fold_flow_insensitive_as_location ~inv (fun ~location ~inv acc -> let invariant = CilType.Exp.show inv in let invariant = Entry.location_invariant' ~location ~invariant in + incr cnt_location_invariant; invariant :: acc ) acc | `Bot | `Top -> (* global bot might only be possible for alloc variables, if at all, so emit nothing *) diff --git a/tests/regression/13-privatized/04-priv_multi.t b/tests/regression/13-privatized/04-priv_multi.t index af7c9b2098..1f6dff3fdc 100644 --- a/tests/regression/13-privatized/04-priv_multi.t +++ b/tests/regression/13-privatized/04-priv_multi.t @@ -215,7 +215,7 @@ Flow-insensitive invariants as location invariants. [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (04-priv_multi.c:45:10-45:11) [Warning][Deadcode][CWE-571] condition 'B > 0' is always true (04-priv_multi.c:47:9-47:14) [Info][Witness] witness generation summary: - location invariants: 0 + location invariants: 9 loop invariants: 0 flow-insensitive invariants: 0 total generation entries: 10 diff --git a/tests/regression/13-privatized/74-mutex.t b/tests/regression/13-privatized/74-mutex.t index 1d750a211c..4b370db387 100644 --- a/tests/regression/13-privatized/74-mutex.t +++ b/tests/regression/13-privatized/74-mutex.t @@ -108,7 +108,7 @@ Flow-insensitive invariants as location invariants. total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - location invariants: 0 + location invariants: 2 loop invariants: 0 flow-insensitive invariants: 0 total generation entries: 3 @@ -177,7 +177,7 @@ Same with ghost_instrumentation and invariant_set entries. total lines: 15 [Warning][Deadcode][CWE-571] condition '1' (possibly inserted by CIL) is always true (74-mutex.c:19:10-19:11) [Info][Witness] witness generation summary: - location invariants: 0 + location invariants: 2 loop invariants: 0 flow-insensitive invariants: 0 total generation entries: 2 From f3dfca7a9ab28fe16ce77bfeac0d55f65058ff4c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Fri, 29 Nov 2024 17:25:15 +0200 Subject: [PATCH 150/164] Change must-double-locking in 03-practical/21-pfscan_combine_minimal to TODO On MacOS the mutex type is top because it's zero-initialized global. On MacOS zero-initialized mutex isn't the same as a default mutex (type 0). --- tests/regression/03-practical/21-pfscan_combine_minimal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/regression/03-practical/21-pfscan_combine_minimal.c b/tests/regression/03-practical/21-pfscan_combine_minimal.c index 86cfdabac1..b8fc7948b2 100644 --- a/tests/regression/03-practical/21-pfscan_combine_minimal.c +++ b/tests/regression/03-practical/21-pfscan_combine_minimal.c @@ -18,7 +18,7 @@ int pqueue_init(PQUEUE *qp) void pqueue_close(PQUEUE *qp ) { - pthread_mutex_lock(& qp->mtx); // WARN (must double locking) + pthread_mutex_lock(& qp->mtx); // TODO (OSX): WARN (must double locking) qp->closed = 1; pthread_mutex_unlock(& qp->mtx); return; @@ -26,7 +26,7 @@ void pqueue_close(PQUEUE *qp ) int pqueue_put(PQUEUE *qp) { - pthread_mutex_lock(& qp->mtx); // WARN (must double locking) + pthread_mutex_lock(& qp->mtx); // TODO (OSX): WARN (must double locking) if (qp->closed) { // pfscan actually has a bug and is missing the following unlock at early return // pthread_mutex_unlock(& qp->mtx); From 6fe1162b96d9376181533f078f7769080470c812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Krau=C3=9F?= Date: Tue, 3 Dec 2024 16:20:45 +0100 Subject: [PATCH 151/164] added of bitfield for refinements --- src/analyses/baseInvariant.ml | 20 ++++++++- src/cdomain/value/cdomains/intDomain.ml | 53 +++++++++++++++++++++++- src/cdomain/value/cdomains/intDomain.mli | 4 ++ 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index 51a27e19f8..661fd481fa 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -395,10 +395,26 @@ struct | Le, Some false -> meet_bin (ID.starting ikind (Z.succ l2)) (ID.ending ikind (Z.pred u1)) | _, _ -> a, b) | _ -> a, b) - | BOr | BXor as op-> - if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; + | BOr as op-> + if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) a, b + | BXor as op -> + if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; + let a' = match ID.to_int b, ID.to_int c with + Some b, Some c -> (let res = IntDomain.Bitfield.to_int (IntDomain.Bitfield.logxor ikind (fst (IntDomain.Bitfield.of_int ikind b)) (fst (IntDomain.Bitfield.of_int ikind c))) in + match res with + Some r -> ID.meet a (ID.of_int ikind r) | + None -> a) | + _, _ -> a + in let b' = match ID.to_int a, ID.to_int c with + Some a, Some c -> (let res = IntDomain.Bitfield.to_int (IntDomain.Bitfield.logxor ikind (fst (IntDomain.Bitfield.of_int ikind a)) (fst (IntDomain.Bitfield.of_int ikind c))) in + match res with + Some r -> ID.meet b (ID.of_int ikind r) | + None -> b) | + _, _ -> b + (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) + in a', b' | LAnd -> if ID.to_bool c = Some true then meet_bin c c diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 5859b86f11..1983d601d8 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -233,6 +233,7 @@ sig val of_bool: bool -> t val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t val arbitrary: unit -> t QCheck.arbitrary val invariant: Cil.exp -> t -> Invariant.t end @@ -260,6 +261,7 @@ sig val of_bool: Cil.ikind -> bool -> t val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t val is_top_of: Cil.ikind -> t -> bool val invariant_ikind : Cil.exp -> Cil.ikind -> t -> Invariant.t @@ -310,6 +312,7 @@ sig val of_bool: Cil.ikind -> bool -> t val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t val starting : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t val ending : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t @@ -388,6 +391,8 @@ struct let to_incl_list x = I.to_incl_list x.v let of_interval ?(suppress_ovwarn=false) ikind (lb,ub) = {v = I.of_interval ~suppress_ovwarn ikind (lb,ub); ikind} let of_congruence ikind (c,m) = {v = I.of_congruence ikind (c,m); ikind} + let of_bitfield ikind (z,o) = {v = I.of_bitfield ikind (z,o); ikind} + let starting ?(suppress_ovwarn=false) ikind i = {v = I.starting ~suppress_ovwarn ikind i; ikind} let ending ?(suppress_ovwarn=false) ikind i = {v = I.ending ~suppress_ovwarn ikind i; ikind} let maximal x = I.maximal x.v @@ -522,6 +527,7 @@ module StdTop (B: sig type t val top_of: Cil.ikind -> t end) = struct let to_incl_list x = None let of_interval ?(suppress_ovwarn=false) ik x = top_of ik let of_congruence ik x = top_of ik + let of_bitfield ik x = top_of ik let starting ?(suppress_ovwarn=false) ik x = top_of ik let ending ?(suppress_ovwarn=false) ik x = top_of ik let maximal x = None @@ -748,7 +754,25 @@ struct (* TODO: change to_int signature so it returns a big_int *) let to_int x = Option.bind x (IArith.to_int) + let to_excl_list x = None + let of_excl_list ik x = top_of ik + let is_excl_list x = false + let to_incl_list x = None let of_interval ?(suppress_ovwarn=false) ik (x,y) = norm ~suppress_ovwarn ik @@ Some (x,y) + let of_bitfield ik x = + let min ik (z,o) = + let signBit = Ints_t.shift_left Ints_t.one ((Size.bit ik) - 1) in + let signMask = Ints_t.lognot (Ints_t.of_bigint (snd (Size.range ik))) in + let isNegative = Ints_t.logand signBit o <> Ints_t.zero in + if isSigned ik && isNegative then Ints_t.logor signMask (Ints_t.lognot z) + else Ints_t.lognot z + in let max ik (z,o) = + let signBit = Ints_t.shift_left Ints_t.one ((Size.bit ik) - 1) in + let signMask = Ints_t.of_bigint (snd (Size.range ik)) in + let isPositive = Ints_t.logand signBit z <> Ints_t.zero in + if isSigned ik && isPositive then Ints_t.logand signMask o + else o + in fst (norm ik (Some (min ik x, max ik x))) let of_int ik (x: int_t) = of_interval ik (x,x) let zero = Some IArith.zero let one = Some IArith.one @@ -1273,8 +1297,13 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int include Std (struct type nonrec t = t let name = name let top_of = top_of let bot_of = bot_of let show = show let equal = equal end) let range ik bf = (BArith.min ik bf, BArith.max ik bf) - let minimal bf = Option.some (BArith.bits_known bf) (* TODO signedness info in type? No ik here! *) - let maximal bf = BArith.(bits_known bf |: bits_unknown bf) |> Option.some (* TODO signedness info in type? No ik here! *) + let maximal (z,o) = let isPositive = z < Ints_t.zero in + if o < Ints_t.zero && isPositive then (match Ints_t.upper_bound with Some maxVal -> Some (maxVal &: o) | None -> None ) + else Some o + + let minimal (z,o) = let isNegative = o < Ints_t.zero in + if z < Ints_t.zero && isNegative then (match Ints_t.lower_bound with Some minVal -> Some (minVal |: (!:z)) | None -> None ) + else Some (!:z) let norm ?(suppress_ovwarn=false) ik (z,o) = if BArith.is_invalid (z,o) then @@ -1331,6 +1360,8 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int done; norm ~suppress_ovwarn ik !bf + let of_congruence ik (c,m) = (if m = Ints_t.zero then fst (of_int ik c) else top_of ik) + let of_bool _ik = function true -> BArith.one | false -> BArith.zero let to_bool d = @@ -1564,6 +1595,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int QCheck.(set_shrink shrink @@ set_print show @@ map (fun (i1,i2) -> norm ik (i1,i2) |> fst ) pair_arb) let project ik p t = t + end @@ -1800,6 +1832,21 @@ struct let of_interval ?(suppress_ovwarn=false) ik (x,y) = norm_interval ~suppress_ovwarn ~cast:false ik (x,y) + let of_bitfield ik x = + let min ik (z,o) = + let signBit = Ints_t.shift_left Ints_t.one ((Size.bit ik) - 1) in + let signMask = Ints_t.lognot (Ints_t.of_bigint (snd (Size.range ik))) in + let isNegative = Ints_t.logand signBit o <> Ints_t.zero in + if isSigned ik && isNegative then Ints_t.logor signMask (Ints_t.lognot z) + else Ints_t.lognot z + in let max ik (z,o) = + let signBit = Ints_t.shift_left Ints_t.one ((Size.bit ik) - 1) in + let signMask = Ints_t.of_bigint (snd (Size.range ik)) in + let isPositive = Ints_t.logand signBit z <> Ints_t.zero in + if isSigned ik && isPositive then Ints_t.logand signMask o + else o + in fst (norm_interval ik (min ik x, max ik x)) + let of_int ik (x: int_t) = of_interval ik (x, x) let lt ik x y = @@ -2241,6 +2288,7 @@ struct let to_incl_list x = None let of_interval ?(suppress_ovwarn=false) ik x = top_of ik let of_congruence ik x = top_of ik + let of_bitfield ik x = top_of ik let starting ?(suppress_ovwarn=false) ikind x = top_of ikind let ending ?(suppress_ovwarn=false) ikind x = top_of ikind let maximal x = None @@ -3912,6 +3960,7 @@ module IntDomTupleImpl = struct let ending ?(suppress_ovwarn=false) ik = create2_ovc ik { fi2_ovc = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.ending ~suppress_ovwarn ik } let of_interval ?(suppress_ovwarn=false) ik = create2_ovc ik { fi2_ovc = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.of_interval ~suppress_ovwarn ik } let of_congruence ik = create2 { fi2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.of_congruence ik } + let of_bitfield ik = create2 { fi2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.of_bitfield ik } let refine_with_congruence ik ((a, b, c, d, e, f) : t) (cong : (int_t * int_t) option) : t= let opt f a = diff --git a/src/cdomain/value/cdomains/intDomain.mli b/src/cdomain/value/cdomains/intDomain.mli index d6bb233aee..401ba84e94 100644 --- a/src/cdomain/value/cdomains/intDomain.mli +++ b/src/cdomain/value/cdomains/intDomain.mli @@ -228,6 +228,7 @@ sig val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t val arbitrary: unit -> t QCheck.arbitrary val invariant: Cil.exp -> t -> Invariant.t end @@ -262,6 +263,7 @@ sig val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t val is_top_of: Cil.ikind -> t -> bool val invariant_ikind : Cil.exp -> Cil.ikind -> t -> Invariant.t @@ -325,6 +327,8 @@ sig val of_congruence: Cil.ikind -> int_t * int_t -> t + val of_bitfield: Cil.ikind -> int_t * int_t -> t + val starting : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t val ending : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t From bad0bb8e2d6e26f8166ade7ffcc70cd9a1f5c3f7 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Tue, 3 Dec 2024 16:33:08 +0100 Subject: [PATCH 152/164] remove duplicate function --- src/cdomain/value/cdomains/intDomain.ml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 9c8e800ad5..a4d1347947 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1500,7 +1500,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let res = if BArith.is_const (z1, o1) && BArith.is_const (z2, o2) then (let tmp = z1 /: z2 in (!:tmp, tmp)) else top_of ik in norm ik res - let is_power_of_two x = Ints_t.(logand x (sub x one) = zero) + let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) let rem ik x y = if BArith.is_const x && BArith.is_const y then ( @@ -1556,7 +1556,6 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = - let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) in match bf, cong with | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = !:m in From abde7e41b0174dd8ef12ca9ea2b4642c9a4710fd Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Tue, 3 Dec 2024 17:51:39 +0100 Subject: [PATCH 153/164] Revert "remove duplicate function" This reverts commit bad0bb8e2d6e26f8166ade7ffcc70cd9a1f5c3f7. --- src/cdomain/value/cdomains/intDomain.ml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index a4d1347947..9c8e800ad5 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1500,7 +1500,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let res = if BArith.is_const (z1, o1) && BArith.is_const (z2, o2) then (let tmp = z1 /: z2 in (!:tmp, tmp)) else top_of ik in norm ik res - let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) + let is_power_of_two x = Ints_t.(logand x (sub x one) = zero) let rem ik x y = if BArith.is_const x && BArith.is_const y then ( @@ -1556,6 +1556,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = + let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) in match bf, cong with | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = !:m in From 937b341030022300182f6bfbf740381970515f20 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Tue, 3 Dec 2024 18:05:24 +0100 Subject: [PATCH 154/164] Reapply "remove duplicate function" This reverts commit abde7e41b0174dd8ef12ca9ea2b4642c9a4710fd. --- src/cdomain/value/cdomains/intDomain.ml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 9c8e800ad5..a4d1347947 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1500,7 +1500,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let res = if BArith.is_const (z1, o1) && BArith.is_const (z2, o2) then (let tmp = z1 /: z2 in (!:tmp, tmp)) else top_of ik in norm ik res - let is_power_of_two x = Ints_t.(logand x (sub x one) = zero) + let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) let rem ik x y = if BArith.is_const x && BArith.is_const y then ( @@ -1556,7 +1556,6 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = - let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) in match bf, cong with | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = !:m in From ddfaace5ef1b00a3c53389f02a816a30cd29ae00 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Tue, 3 Dec 2024 18:15:51 +0100 Subject: [PATCH 155/164] fix bug --- src/cdomain/value/cdomains/intDomain.ml | 26 ++++++++++--------- .../82-bitfield/08-refine-with-bifield.c | 13 ++++++++++ 2 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 tests/regression/82-bitfield/08-refine-with-bifield.c diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index a4d1347947..edaa91f8cd 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1121,7 +1121,7 @@ module BitfieldArith (Ints_t : IntOps.IntOps) = struct let top_bool = join one zero let bits_known (z,o) = z ^: o - let bits_unknown (z,o) = z &: o + let bits_unknown (z,o) = !:(bits_known (z,o)) let bits_set bf = (snd bf) &: (bits_known bf) let bits_invalid (z,o) = !:(z |: o) @@ -1262,7 +1262,7 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let next_bit_string = if current_bit_impossible = Ints_t.one then "⊥" - else if current_bit_known = Ints_t.one || current_bit_known = Ints_t.zero + else if current_bit_known = Ints_t.one then string_of_int (Ints_t.to_int bit_value) else "⊤" in to_pretty_bits' (known_mask >>: 1) (impossible_mask >>: 1) (o_mask >>: 1) (max_bits - 1) (next_bit_string ^ acc) in @@ -1277,8 +1277,14 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int include Std (struct type nonrec t = t let name = name let top_of = top_of let bot_of = bot_of let show = show let equal = equal end) let range ik bf = (BArith.min ik bf, BArith.max ik bf) - let minimal bf = Option.some (BArith.bits_known bf) (* TODO signedness info in type? No ik here! *) - let maximal bf = BArith.(bits_known bf |: bits_unknown bf) |> Option.some (* TODO signedness info in type? No ik here! *) + + let maximal (z,o) = let isPositive = z < Ints_t.zero in + if o < Ints_t.zero && isPositive then (match Ints_t.upper_bound with Some maxVal -> Some (maxVal &: o) | None -> None ) + else Some o + + let minimal (z,o) = let isNegative = o < Ints_t.zero in + if z < Ints_t.zero && isNegative then (match Ints_t.lower_bound with Some minVal -> Some (minVal |: (!:z)) | None -> None ) + else Some (!:z) let norm ?(suppress_ovwarn=false) ik (z,o) = if BArith.is_invalid (z,o) then @@ -1504,18 +1510,14 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let rem ik x y = if BArith.is_const x && BArith.is_const y then ( - (* x % y = x - (x / y) * y *) - let tmp = fst (div ik x y) in - let tmp = fst (mul ik tmp y) in - fst (sub ik x tmp)) + let def_x = Option.get (to_int x) in + let def_y = Option.get (to_int y) in + fst (of_int ik (Ints_t.rem def_x def_y)) + ) else if BArith.is_const y && is_power_of_two (snd y) then ( let mask = Ints_t.sub (snd y) Ints_t.one in - print_endline (Ints_t.to_string mask); - print_endline (Ints_t.to_string (Ints_t.lognot mask)); let newz = Ints_t.logor (fst x) (Ints_t.lognot mask) in let newo = Ints_t.logand (snd x) mask in - print_endline (Ints_t.to_string newz); - print_endline (Ints_t.to_string newo); norm ik (newz, newo) |> fst ) else top_of ik diff --git a/tests/regression/82-bitfield/08-refine-with-bifield.c b/tests/regression/82-bitfield/08-refine-with-bifield.c new file mode 100644 index 0000000000..f6a4f14c69 --- /dev/null +++ b/tests/regression/82-bitfield/08-refine-with-bifield.c @@ -0,0 +1,13 @@ +// PARAM: --enable ana.int.interav --set ana.int.refinement fixpoint +#include +#include +#include + +int main() { + int a = rand(); + + if (a % 8 == 3) { + int b = a & 0x7; + assert(b == 3); // SUCCESS + } +} From 24f305f343dfdbc9cd23acb0788d32287c6091a3 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Wed, 4 Dec 2024 02:45:15 +0100 Subject: [PATCH 156/164] add some more tests --- src/cdomain/value/cdomains/intDomain.ml | 2 +- .../82-bitfield/08-refine-with-bifield.c | 13 --- .../82-bitfield/08-refine-with-bitfield.c | 99 +++++++++++++++++++ .../82-bitfield/09-refine-interval.c | 22 +++++ 4 files changed, 122 insertions(+), 14 deletions(-) delete mode 100644 tests/regression/82-bitfield/08-refine-with-bifield.c create mode 100644 tests/regression/82-bitfield/08-refine-with-bitfield.c create mode 100644 tests/regression/82-bitfield/09-refine-interval.c diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index edaa91f8cd..2e081aff5f 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -1121,7 +1121,7 @@ module BitfieldArith (Ints_t : IntOps.IntOps) = struct let top_bool = join one zero let bits_known (z,o) = z ^: o - let bits_unknown (z,o) = !:(bits_known (z,o)) + let bits_unknown (z,o) = z &: o let bits_set bf = (snd bf) &: (bits_known bf) let bits_invalid (z,o) = !:(z |: o) diff --git a/tests/regression/82-bitfield/08-refine-with-bifield.c b/tests/regression/82-bitfield/08-refine-with-bifield.c deleted file mode 100644 index f6a4f14c69..0000000000 --- a/tests/regression/82-bitfield/08-refine-with-bifield.c +++ /dev/null @@ -1,13 +0,0 @@ -// PARAM: --enable ana.int.interav --set ana.int.refinement fixpoint -#include -#include -#include - -int main() { - int a = rand(); - - if (a % 8 == 3) { - int b = a & 0x7; - assert(b == 3); // SUCCESS - } -} diff --git a/tests/regression/82-bitfield/08-refine-with-bitfield.c b/tests/regression/82-bitfield/08-refine-with-bitfield.c new file mode 100644 index 0000000000..64cb588f2d --- /dev/null +++ b/tests/regression/82-bitfield/08-refine-with-bitfield.c @@ -0,0 +1,99 @@ +// PARAM: --enable ana.int.bitfield --set ana.int.refinement fixpoint +#include +#include +#include + +int main() { + int a = rand(); + + // Basic bitwise properties + __goblint_assert((a & 0) == 0); // Any number ANDed with 0 is 0 + __goblint_assert((a | 0xFFFFFFFF) == 0xFFFFFFFF); // Any number ORed with all 1s gives all 1s + + // Testing alignment and divisibility with powers of 2 + int ALIGN_8 = 0x7; // 111 in binary + if ((a & ALIGN_8) == 0) { + __goblint_assert(a % 8 == 0); // Number is aligned to 8 + } + + int ALIGN_32 = 0x1F; // 11111 in binary + if ((a & ALIGN_32) == 0) { + __goblint_assert(a % 32 == 0); // Number is divisible by 32 + } + + // Testing specific power of 2 patterns + int POW2_MASK = (1 << 4) - 1; // 15 (0b1111) + if ((a & POW2_MASK) == 8) { + __goblint_assert((a & 0xf) == 8); // Exactly bit 3 set in lower 4 bits + __goblint_assert((a & 12) == 8); // Bits 2-3 must be 1000 + __goblint_assert((a & 3) == 0); // Bits 0-1 must be 0 + } + + // Testing specific bit patterns and masking + if ((a & 0x3) == 0x3) { + __goblint_assert(a % 4 >= 3); // Last two bits are 1 + __goblint_assert((a & 1) == 1); // Least significant bit must be 1 + } + + if ((a & 0xC) == 0x8) { // 1000 in binary + __goblint_assert((a & 0x4) == 0); // Bit 2 must be 0 + __goblint_assert((a & 0x8) == 0x8); // Bit 3 must be 1 + } + + // Testing OR operations with patterns + int OR_MASK = 0x55; // 01010101 in binary + if ((a | OR_MASK) == 0x55) { + __goblint_assert(a == 0); // Only possible if a is 0 + __goblint_assert((a | 0xFF) == 0xFF); // ORing with all 1s gives all 1s + } + + if ((a | 0x6) == a) { + __goblint_assert((a & 0x6) == 0x6); // Bits 1 and 2 must be set + } + + // Testing XOR operations + int XOR_MASK = 0xAA; // 10101010 in binary + if ((a ^ XOR_MASK) == 0) { + __goblint_assert(a == 0xAA); // Must match the mask exactly + __goblint_assert((a & 0xAA) == 0xAA); // All alternating bits must be 1 + } + + if ((a ^ 0xFF) == 0) { + __goblint_assert(a == 0xFF); // Only possible if a is 0xFF + } + + // Testing complex bit patterns + int COMPLEX_MASK = 0x33; // 00110011 in binary + if ((a & COMPLEX_MASK) == 0x11) { + __goblint_assert((a & 0x22) == 0); // Middle bits must be 0 + __goblint_assert((a & 0x11) == 0x11); // Outer bits must be 1 + } + + // Testing shifted masks and patterns + int SHIFT_MASK = 3 << 2; // 1100 in binary + if ((a & SHIFT_MASK) == SHIFT_MASK) { + __goblint_assert((a & 12) == 12); // Both bits must be set + __goblint_assert(((a >> 2) & 3) == 3); // When shifted right, lowest bits must be 11 + __goblint_assert(((a << 2) & 12) == 12); // When shifted left, highest bits must be 1100 + } + + int SHIFTED = 0x7 << 3; // 111000 in binary + if ((a & SHIFTED) == 0) { + __goblint_assert((a & 0x38) == 0); // Bits 3,4,5 must be 0 + } + + // Testing sign bits and negative numbers + if ((a & 0x80) == 0x80) { + __goblint_assert(a & 0x80); // Highest bit must be set + __goblint_assert((a | 0x7F) >= 0x80); // Result must be >= 128 + } + + // Testing bitwise complement + int COMP_MASK = ~0xF0; // Complement of 11110000 + if ((a & COMP_MASK) == 0x0F) { + __goblint_assert((a & 0xF0) == 0); // Upper 4 bits must be 0 + __goblint_assert((a & 0x0F) == 0x0F); // Lower 4 bits must be all 1s + } + + return 0; +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/09-refine-interval.c b/tests/regression/82-bitfield/09-refine-interval.c new file mode 100644 index 0000000000..69c24ea0e3 --- /dev/null +++ b/tests/regression/82-bitfield/09-refine-interval.c @@ -0,0 +1,22 @@ +// PARAM: --enable ana.int.bitfield --set ana.int.refinement fixpoint +#include +#include +#include + +int main() { + int a = rand(); + + // 1110 in binary + int inv_mask = ~0xe; // 1111...10001 in binary + + if ((a & inv_mask) == 0) { + __goblint_check(a <= 14); // SUCCESS + __goblint_check(a >= 1); // SUCCESS + + if (1 <= a && a <= 14) { + printf("a is in the interval [1, 14]\n"); + } else { + __goblint_check(0); // NOWARN (unreachable) + } + } +} \ No newline at end of file From 7c4411d967725f66dae6b91e563ef5bd057cfebe Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Wed, 4 Dec 2024 22:31:36 +0100 Subject: [PATCH 157/164] add missing regression tests --- tests/regression/01-cpa/76-bitfield.c | 36 -------- tests/regression/82-bitfield/00-simple-demo.c | 29 +++++++ .../regression/82-bitfield/01-simple-arith.c | 13 +++ .../regression/82-bitfield/02-complex-arith.c | 62 ++++++++++++++ .../82-bitfield/03-simple-bitwise-c | 14 ++++ .../82-bitfield/04-complex-bitwise.c | 83 +++++++++++++++++++ tests/regression/82-bitfield/04-refines.c | 15 ---- 7 files changed, 201 insertions(+), 51 deletions(-) delete mode 100644 tests/regression/01-cpa/76-bitfield.c create mode 100644 tests/regression/82-bitfield/00-simple-demo.c create mode 100644 tests/regression/82-bitfield/01-simple-arith.c create mode 100644 tests/regression/82-bitfield/02-complex-arith.c create mode 100644 tests/regression/82-bitfield/03-simple-bitwise-c create mode 100644 tests/regression/82-bitfield/04-complex-bitwise.c delete mode 100644 tests/regression/82-bitfield/04-refines.c diff --git a/tests/regression/01-cpa/76-bitfield.c b/tests/regression/01-cpa/76-bitfield.c deleted file mode 100644 index 2125895d18..0000000000 --- a/tests/regression/01-cpa/76-bitfield.c +++ /dev/null @@ -1,36 +0,0 @@ -//PARAM: --enable ana.int.bitfield -#include -#include -#include - -#define ANY_ERROR 5 // 5 -int main() { - int testvar = 235; - - int state; - int r = rand() % 3; // {r 7→ [0; 2],state 7→ [MIN INT; MAX INT]} - switch (r) { - case 0: - state = 0; /* 0 */ - testvar = 1; - break; - case 1: - state = 8; /* 8 */ - testvar = 1; - break; - default: - state = 10; /* 10 */ - testvar = 1; - break; - } - - if(state & ANY_ERROR == 0) { - printf("Error\n"); - } else { - printf("No error\n"); - } - - // {r 7→ [0; 2],state 7→ [0; 10]} - assert((state & ANY_ERROR) == 0); - __goblint_check((state & ANY_ERROR) == 0); -} diff --git a/tests/regression/82-bitfield/00-simple-demo.c b/tests/regression/82-bitfield/00-simple-demo.c new file mode 100644 index 0000000000..e87fa63d79 --- /dev/null +++ b/tests/regression/82-bitfield/00-simple-demo.c @@ -0,0 +1,29 @@ +// PARAM: --enable ana.int.bitfield +#include +#include +#include + +#define ANY_ERROR 5 // 0b0101 + +int main() { + int testvar = 235; + + int state; + int r = rand() % 3; + switch (r) { + case 0: + state = 0; /* 0b000 */ + testvar = 1; + break; + case 1: + state = 8; /* 0b1000 */ + testvar = 1; + break; + default: + state = 10; /* 0b1010 */ + testvar = 1; + break; + } + + __goblint_check((state & ANY_ERROR) == 0); +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/01-simple-arith.c b/tests/regression/82-bitfield/01-simple-arith.c new file mode 100644 index 0000000000..045c26e5d4 --- /dev/null +++ b/tests/regression/82-bitfield/01-simple-arith.c @@ -0,0 +1,13 @@ +// PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield +#include + +int main() { + int a = 19; + int b = 23; + + __goblint_check(a + b == 42); + __goblint_check(a - b == -4); + __goblint_check(a * b == 437); + __goblint_check(a / b == 0); + __goblint_check(a % b == 19); +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/02-complex-arith.c b/tests/regression/82-bitfield/02-complex-arith.c new file mode 100644 index 0000000000..ff0db443ee --- /dev/null +++ b/tests/regression/82-bitfield/02-complex-arith.c @@ -0,0 +1,62 @@ +// PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield +#include + +int main() { + int a; + int b = 23; + + int r = rand() % 2; + switch (r) { + case 0: + a = 19; + printf("a = 19\n"); + break; + default: + a = 17; + printf("a = 17\n"); + break; + } + + // PLUS + + int c_add = a + b; + + if (c_add == 40) { + goblint_check(1); // reachable + } + if (c_add == 42) { + goblint_check(1); // reachable + } + if (c_add > 42 || c_add < 40) { + __goblint_check(0); // NOWARN (unreachable) + } + + // MINUS + + int c_minus = b - a; + + if (c_minus == 6) { + goblint_check(1); // reachable + } + if (c_minus == 4) { + goblint_check(1); // reachable + } + if (c_minus > 6 || c_minus < 4) { + __goblint_check(0); // NOWARN (unreachable) + } + + // MULT + + int c_mult = a * b; + + if (c_mult == 391) { + goblint_check(1); // reachable + } + if (c_mult == 437) { + goblint_check(1); // reachable + } + + // DIV + + // Div on non-unique bitfields is not supported +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/03-simple-bitwise-c b/tests/regression/82-bitfield/03-simple-bitwise-c new file mode 100644 index 0000000000..2e0ce3a57d --- /dev/null +++ b/tests/regression/82-bitfield/03-simple-bitwise-c @@ -0,0 +1,14 @@ +// PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield +#include + +int main() { + int a = 19; + int b = 14; + + __goblint_check((a & b) == 2); + __goblint_check((a | b) == 31); + __goblint_check((a ^ b) == 29); + __goblint_check((~a) == -20); + __goblint_check((a << 2) == 76); + __goblint_check((a >> 2) == 4); +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/04-complex-bitwise.c b/tests/regression/82-bitfield/04-complex-bitwise.c new file mode 100644 index 0000000000..ec2d73625e --- /dev/null +++ b/tests/regression/82-bitfield/04-complex-bitwise.c @@ -0,0 +1,83 @@ +// PARAM: --disable ana.int.interval --disable ana.int.def_exc --enable ana.int.bitfield +#include + +int main() { + int a; + int b = 21; // 10101 in binary + + int r = rand() % 2; + switch (r) { + case 0: + a = 19; // 10011 in binary + printf("a = 19\n"); + break; + default: + a = 17; // 10001 in binary + printf("a = 17\n"); + break; + } + + // AND + int c_and = a & b; + + if (c_and == 17) { + __goblint_check(1); // reachable (19 & 21 = 17, 17 & 21 = 17) + } + if (c_and != 17) { + __goblint_check(0); // NOWARN (unreachable) + } + + // OR + int c_or = a | b; + + if (c_or == 23) { + __goblint_check(1); // reachable (19|21 = 23) + } + if (c_or == 21) { + __goblint_check(1); // reachable (17|21 = 21) + } + if (c_or > 23 || c_or < 21) { + __goblint_check(0); // NOWARN (unreachable) + } + + // XOR + int c_xor = a ^ b; + + if (c_xor == 6) { + __goblint_check(1); // reachable (19^21 = 6) + } + if (c_xor == 4) { + __goblint_check(1); // reachable (17^21 = 4) + } + if (c_xor > 6 || c_xor < 4) { + __goblint_check(0); // NOWARN (unreachable) + } + + // Left shift + int c_lshift = a << 1; + + if (c_lshift == 38) { + __goblint_check(1); // reachable (19<<1 = 38) + } + if (c_lshift == 34) { + __goblint_check(1); // reachable (17<<1 = 34) + } + if (c_lshift > 38 || c_lshift < 34) { + __goblint_check(0); // NOWARN (unreachable) + } + + // Right shift + int c_rshift = a >> 1; + + if (c_rshift == 9) { + __goblint_check(1); // reachable (19>>1 = 9) + } + if (c_rshift == 8) { + __goblint_check(1); // reachable (17>>1 = 8) + } + if (c_rshift > 9 || c_rshift < 8) { + __goblint_check(0); // NOWARN (unreachable) + } + + return 0; +} \ No newline at end of file diff --git a/tests/regression/82-bitfield/04-refines.c b/tests/regression/82-bitfield/04-refines.c deleted file mode 100644 index 21f41635b8..0000000000 --- a/tests/regression/82-bitfield/04-refines.c +++ /dev/null @@ -1,15 +0,0 @@ -// PARAM: --enable ana.int.congruence --set ana.int.refinement fixpoint -#include -#include -#include - - -int main() { - int state= rand(); - - __goblint_assume(state % 8 == 3); - - int a = state & 0x7f; - - __goblint_check((a== 3)); -} From 6c2c5708a9059790bcffa31e57dfcce2d6edeae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Krau=C3=9F?= Date: Sat, 7 Dec 2024 17:02:36 +0100 Subject: [PATCH 158/164] simple refinements for base invariant with bitfields --- src/analyses/baseInvariant.ml | 32 ++-- src/cdomain/value/cdomains/intDomain.ml | 166 +++++++++++------- src/cdomain/value/cdomains/intDomain.mli | 1 + .../82-bitfield/10-refine-interval.c | 19 ++ 4 files changed, 133 insertions(+), 85 deletions(-) create mode 100644 tests/regression/82-bitfield/10-refine-interval.c diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index 661fd481fa..950fd6f236 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -395,26 +395,18 @@ struct | Le, Some false -> meet_bin (ID.starting ikind (Z.succ l2)) (ID.ending ikind (Z.pred u1)) | _, _ -> a, b) | _ -> a, b) - | BOr as op-> - if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; + | BOr -> (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) - a, b - | BXor as op -> - if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; - let a' = match ID.to_int b, ID.to_int c with - Some b, Some c -> (let res = IntDomain.Bitfield.to_int (IntDomain.Bitfield.logxor ikind (fst (IntDomain.Bitfield.of_int ikind b)) (fst (IntDomain.Bitfield.of_int ikind c))) in - match res with - Some r -> ID.meet a (ID.of_int ikind r) | - None -> a) | - _, _ -> a - in let b' = match ID.to_int a, ID.to_int c with - Some a, Some c -> (let res = IntDomain.Bitfield.to_int (IntDomain.Bitfield.logxor ikind (fst (IntDomain.Bitfield.of_int ikind a)) (fst (IntDomain.Bitfield.of_int ikind c))) in - match res with - Some r -> ID.meet b (ID.of_int ikind r) | - None -> b) | - _, _ -> b + if PrecisionUtil.get_bitfield () then + ID.meet a (ID.logand a c), ID.meet b (ID.logand b c) + else a, b + | BXor -> (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) - in a', b' + if PrecisionUtil.get_bitfield () then + let a' = ID.meet a (ID.logxor c b) + in let b' = ID.meet b (ID.logxor a c) + in a', b' + else a,b | LAnd -> if ID.to_bool c = Some true then meet_bin c c @@ -431,7 +423,9 @@ struct | None -> if M.tracing then M.tracel "inv" "Unhandled case for operator x %a 1 = %a" d_binop op ID.pretty c; a) | _ -> if M.tracing then M.tracel "inv" "Unhandled case for operator x %a %a = %a" d_binop op ID.pretty b ID.pretty c; a in - a, b + if PrecisionUtil.get_bitfield () then + ID.meet a (ID.logor a c), ID.meet b (ID.logor b c) + else a, b | op -> if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; a, b diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 1983d601d8..2a9ae32562 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -267,6 +267,7 @@ sig val refine_with_congruence: Cil.ikind -> t -> (int_t * int_t) option -> t val refine_with_interval: Cil.ikind -> t -> (int_t * int_t) option -> t + val refine_with_bitfield: Cil.ikind -> t -> (int_t * int_t) -> t val refine_with_excl_list: Cil.ikind -> t -> (int_t list * (int64 * int64)) option -> t val refine_with_incl_list: Cil.ikind -> t -> int_t list option -> t @@ -1077,6 +1078,10 @@ struct let refine_with_interval ik a b = meet ik a b + let refine_with_bitfield ik a b = + let interv = of_bitfield ik b in + meet ik a interv + let refine_with_excl_list ik (intv : t) (excl : (int_t list * (int64 * int64)) option) : t = match intv, excl with | None, _ | _, None -> intv @@ -1150,7 +1155,9 @@ module BitfieldArith (Ints_t : IntOps.IntOps) = struct let bits_invalid (z,o) = !:(z |: o) let is_const (z,o) = (z ^: o) =: one_mask - let is_invalid (z,o) = not ((!:(z |: o)) =: Ints_t.zero) + let is_invalid ik (z,o) = + let mask = !:(Ints_t.of_bigint (snd (Size.range ik))) in + not ((!:(z |: o |: mask)) = Ints_t.zero) let nabla x y= if x =: (x |: y) then x else one_mask @@ -1265,38 +1272,22 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let next_bit_string = if current_bit_impossible = Ints_t.one then "⊥" - else if current_bit_known = Ints_t.one || current_bit_known = Ints_t.zero + else if current_bit_known = Ints_t.one then string_of_int (Ints_t.to_int bit_value) else "⊤" in to_pretty_bits' (known_mask >>: 1) (impossible_mask >>: 1) (o_mask >>: 1) (max_bits - 1) (next_bit_string ^ acc) in - to_pretty_bits' known_bits invalid_bits o num_bits_to_print "" - - let show t = - if t = bot () then "bot" else - if t = top () then "top" else - let string_of_bitfield (z,o) = - let max_num_unknown_bits_to_concretize = Z.log2 @@ Z.of_int (Sys.word_size) |> fun x -> x lsr 2 in - let num_bits_unknown = - try - BArith.bits_unknown (z,o) |> fun i -> Z.popcount @@ Z.of_int @@ Ints_t.to_int i - with Z.Overflow -> max_num_unknown_bits_to_concretize + 1 - in - if num_bits_unknown > max_num_unknown_bits_to_concretize then - Format.sprintf "(%016X, %016X)" (Ints_t.to_int z) (Ints_t.to_int o) - else - (* TODO: Might be a source of long running tests.*) - BArith.concretize (z,o) |> List.map string_of_int |> String.concat "; " - |> fun s -> "{" ^ s ^ "}" - in - let (z,o) = t in - if BArith.is_const t then - Format.sprintf "%s | %s (unique: %d)" (string_of_bitfield (z,o)) (to_pretty_bits t) (Ints_t.to_int o) - else - Format.sprintf "%s | %s" (string_of_bitfield (z,o)) (to_pretty_bits t) + "0b" ^ to_pretty_bits' known_bits invalid_bits o num_bits_to_print "" + + let show t = + if t = bot () then "bot" else + if t = top () then "top" else + let (z,o) = t in + Format.sprintf "{zs:%d, os:%d} %s" (Ints_t.to_int z) (Ints_t.to_int o) (to_pretty_bits t) include Std (struct type nonrec t = t let name = name let top_of = top_of let bot_of = bot_of let show = show let equal = equal end) let range ik bf = (BArith.min ik bf, BArith.max ik bf) + let maximal (z,o) = let isPositive = z < Ints_t.zero in if o < Ints_t.zero && isPositive then (match Ints_t.upper_bound with Some maxVal -> Some (maxVal &: o) | None -> None ) else Some o @@ -1305,10 +1296,10 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int if z < Ints_t.zero && isNegative then (match Ints_t.lower_bound with Some minVal -> Some (minVal |: (!:z)) | None -> None ) else Some (!:z) - let norm ?(suppress_ovwarn=false) ik (z,o) = - if BArith.is_invalid (z,o) then + let norm ?(debug=false) ?(suppress_ovwarn=false) ik (z,o) = + if BArith.is_invalid ik (z,o) then (bot (), {underflow=false; overflow=false}) - else + else let (min_ik, max_ik) = Size.range ik in let wrap ik (z,o) = if isSigned ik then @@ -1352,13 +1343,41 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let of_interval ?(suppress_ovwarn=false) ik (x,y) = let (min_ik, max_ik) = Size.range ik in - let current = ref (Z.max (Ints_t.to_bigint x) min_ik) in - let bf = ref (bot ()) in - while Z.leq !current (Z.min (Ints_t.to_bigint y) max_ik) do - bf := BArith.join !bf (BArith.of_int @@ Ints_t.of_bigint !current); - current := Z.add !current Z.one - done; - norm ~suppress_ovwarn ik !bf + let startv = Ints_t.max x (Ints_t.of_bigint min_ik) in + let endv= Ints_t.min y (Ints_t.of_bigint max_ik) in + + let rec analyze_bits pos (acc_z, acc_o) = + if pos < 0 then (acc_z, acc_o) + else + let position = Ints_t.shift_left Ints_t.one pos in + let mask = Ints_t.sub position Ints_t.one in + let remainder = Ints_t.logand startv mask in + + let without_remainder = Ints_t.sub startv remainder in + let bigger_number = Ints_t.add without_remainder position in + + let bit_status = + if Ints_t.compare bigger_number endv <= 0 then + `top + else + if Ints_t.equal (Ints_t.logand (Ints_t.shift_right startv pos) Ints_t.one) Ints_t.one then + `one + else + `zero + in + + let new_acc = + match bit_status with + | `top -> (Ints_t.logor position acc_z, Ints_t.logor position acc_o) + | `one -> (Ints_t.logand (Ints_t.lognot position) acc_z, Ints_t.logor position acc_o) + | `zero -> (Ints_t.logor position acc_z, Ints_t.logand (Ints_t.lognot position) acc_o) + + in + analyze_bits (pos - 1) new_acc + in + let result = analyze_bits (Size.bit ik - 1) (bot()) in + let casted = (Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (fst result)))), Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (snd result))))) + in norm ~debug:true ~suppress_ovwarn ik casted let of_congruence ik (c,m) = (if m = Ints_t.zero then fst (of_int ik c) else top_of ik) @@ -1403,12 +1422,12 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let shift_right ik a b = M.trace "bitfield" "shift_right"; - if BArith.is_invalid b || BArith.is_invalid a || (isSigned ik && BArith.min ik b < Z.zero) then (bot (), {underflow=false; overflow=false}) + if BArith.is_invalid ik b || BArith.is_invalid ik a || (isSigned ik && BArith.min ik b < Z.zero) then (bot (), {underflow=false; overflow=false}) else norm ik (BArith.shift_right ik a b) let shift_left ik a b = M.trace "bitfield" "shift_left"; - if BArith.is_invalid b || BArith.is_invalid a || (isSigned ik && BArith.min ik b < Z.zero) then (bot (), {underflow=false; overflow=false}) + if BArith.is_invalid ik b || BArith.is_invalid ik a || (isSigned ik && BArith.min ik b < Z.zero) then (bot (), {underflow=false; overflow=false}) else norm ik (BArith.shift_left ik a b) (* Arith *) @@ -1438,7 +1457,11 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let (rv, rm) = add_paper pv pm qv qm in let o3 = rv |: rm in let z3 = !:rv |: rm in - norm ik (z3, o3) + (* let _ = print_endline (show (z3, o3)) in + let _ = (match maximal (z3,o3) with Some k -> print_endline (Ints_t.to_string k) | None -> print_endline "None") in + let _ = (match minimal (z3,o3) with Some k -> print_endline (Ints_t.to_string k) | None -> print_endline "None") in + let _ = (match Size.range ik with (a,b) -> print_endline ("(" ^ Z.to_string a ^ "; " ^ Z.to_string b ^ ")")) in *) + norm ik (z3,o3) let sub ?no_ov ik (z1, o1) (z2, o2) = let pv = o1 &: !:z1 in @@ -1499,12 +1522,9 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let rem ik x y = M.trace "bitfield" "rem"; - if BArith.is_const x && BArith.is_const y then ( - (* x % y = x - (x / y) * y *) - let tmp = fst (div ik x y) in - let tmp = fst (mul ik tmp y) in - fst (sub ik x tmp)) - else top_of ik + match to_int x, to_int y with + Some a, Some b -> fst (of_int ik (Ints_t.rem a b)) | + _, _ -> top_of ik let eq ik x y = if (BArith.max ik x) <= (BArith.min ik y) && (BArith.min ik x) >= (BArith.max ik y) then of_bool ik true @@ -1534,37 +1554,30 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int IntInvariant.of_interval e ik range let starting ?(suppress_ovwarn=false) ik n = - if Ints_t.compare n Ints_t.zero >= 0 then - (* sign bit can only be 0, as all numbers will be positive *) - let signBitMask = BArith.make_bitone_msk (Size.bit ik - 1) in - let zs = BArith.one_mask in - let os = !:signBitMask &: BArith.one_mask in - (norm ~suppress_ovwarn ik @@ (zs,os)) - else - (norm ~suppress_ovwarn ik @@ (top ())) + let (min_ik, max_ik) = Size.range ik in + of_interval ~suppress_ovwarn ik (n, Ints_t.of_bigint max_ik) let ending ?(suppress_ovwarn=false) ik n = - if isSigned ik && Ints_t.compare n Ints_t.zero <= 0 then - (* sign bit can only be 1, as all numbers will be negative *) - let signBitMask = BArith.make_bitone_msk (Size.bit ik - 1) in - let zs = !:signBitMask &: BArith.one_mask in - let os = BArith.one_mask in - (norm ~suppress_ovwarn ik @@ (zs,os)) - else - (norm ~suppress_ovwarn ik @@ (top ())) + let (min_ik, max_ik) = Size.range ik in + of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) + let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = - let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) in match bf, cong with - | (z,o), Some (c, m) when is_power_of_two m -> + | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = !:m in let newz = (!:congruenceMask &: z) |: (congruenceMask &: !:c) in let newo = (!:congruenceMask &: o) |: (congruenceMask &: c) in norm ik (newz, newo) |> fst | _ -> norm ik bf |> fst - let refine_with_interval ik t i = norm ik t |> fst + let refine_with_interval ik t itv = + match itv with + | None -> norm ik t |> fst + | Some (l, u) -> meet ik t (of_interval ik (l, u) |> fst) + + let refine_with_bitfield ik x y = meet ik x y let refine_with_excl_list ik t (excl : (int_t list * (int64 * int64)) option) : t = norm ik t |> fst @@ -2112,6 +2125,10 @@ struct let refine_with_interval ik xs = function None -> [] | Some (a,b) -> meet ik xs [(a,b)] + let refine_with_bitfield ik x y = + let interv = of_bitfield ik y in + meet ik x interv + let refine_with_incl_list ik intvs = function | None -> intvs | Some xs -> meet ik intvs (List.map (fun x -> (x,x)) xs) @@ -2937,6 +2954,7 @@ struct let refine_with_interval ik a b = match a, b with | x, Some(i) -> meet ik x (of_interval ik i) | _ -> a + let refine_with_bitfield ik x y = x let refine_with_excl_list ik a b = match a, b with | `Excluded (s, r), Some(ls, _) -> meet ik (`Excluded (s, r)) (of_excl_list ik ls) (* TODO: refine with excl range? *) | _ -> a @@ -3299,6 +3317,8 @@ module Enums : S with type int_t = Z.t = struct let refine_with_interval ik a b = a (* TODO: refine inclusion (exclusion?) set *) + let refine_with_bitfield ik x y = x + let refine_with_excl_list ik a b = match b with | Some (ls, _) -> meet ik a (of_excl_list ik ls) (* TODO: refine with excl range? *) @@ -3798,6 +3818,8 @@ struct if M.tracing then M.trace "refine" "cong_refine_with_interval %a %a -> %a" pretty cong pretty_intv intv pretty refn; refn + let refine_with_bitfield ik a b = a + let refine_with_congruence ik a b = meet ik a b let refine_with_excl_list ik a b = a let refine_with_incl_list ik a b = a @@ -3985,6 +4007,17 @@ module IntDomTupleImpl = struct , opt I5.refine_with_interval ik e intv , opt I6.refine_with_interval ik f intv ) + let refine_with_bitfield ik (a, b, c, d, e,f) bf = + let opt f a = + curry @@ function Some x, y -> Some (f a x y) | _ -> None + in + ( opt I1.refine_with_bitfield ik a bf + , opt I2.refine_with_bitfield ik b bf + , opt I3.refine_with_bitfield ik c bf + , opt I4.refine_with_bitfield ik d bf + , opt I5.refine_with_bitfield ik e bf + , opt I6.refine_with_bitfield ik f bf ) + let refine_with_excl_list ik (a, b, c, d, e,f) excl = let opt f a = curry @@ function Some x, y -> Some (f a x y) | _ -> None @@ -4096,8 +4129,9 @@ module IntDomTupleImpl = struct in [(fun (a, b, c, d, e, f) -> refine_with_excl_list ik (a, b, c, d, e,f) (to_excl_list (a, b, c, d, e,f))); (fun (a, b, c, d, e, f) -> refine_with_incl_list ik (a, b, c, d, e,f) (to_incl_list (a, b, c, d, e,f))); - (fun (a, b, c, d, e, f) -> maybe refine_with_interval ik (a, b, c, d, e,f) b); (* TODO: get interval across all domains with minimal and maximal *) - (fun (a, b, c, d, e, f) -> maybe refine_with_congruence ik (a, b, c, d, e,f) d)] + (fun (a, b, c, d, e, f) -> maybe refine_with_interval ik (a, b, c, d, e, f) b); (* TODO: get interval across all domains with minimal and maximal *) + (fun (a, b, c, d, e, f) -> maybe refine_with_congruence ik (a, b, c, d, e, f) d); + (fun (a, b, c, d, e, f) -> maybe refine_with_bitfield ik (a, b, c, d, e, f) f)] let refine ik ((a, b, c, d, e,f) : t ) : t = let dt = ref (a, b, c, d, e,f) in diff --git a/src/cdomain/value/cdomains/intDomain.mli b/src/cdomain/value/cdomains/intDomain.mli index 401ba84e94..55149cdb54 100644 --- a/src/cdomain/value/cdomains/intDomain.mli +++ b/src/cdomain/value/cdomains/intDomain.mli @@ -269,6 +269,7 @@ sig val refine_with_congruence: Cil.ikind -> t -> (int_t * int_t) option -> t val refine_with_interval: Cil.ikind -> t -> (int_t * int_t) option -> t + val refine_with_bitfield: Cil.ikind -> t -> (int_t * int_t) -> t val refine_with_excl_list: Cil.ikind -> t -> (int_t list * (int64 * int64)) option -> t val refine_with_incl_list: Cil.ikind -> t -> int_t list option -> t diff --git a/tests/regression/82-bitfield/10-refine-interval.c b/tests/regression/82-bitfield/10-refine-interval.c new file mode 100644 index 0000000000..d49e9937de --- /dev/null +++ b/tests/regression/82-bitfield/10-refine-interval.c @@ -0,0 +1,19 @@ +// PARAM: --enable ana.int.interval --enable ana.int.bitfield --set ana.int.refinement fixpoint --trace inv --trace branch --trace invariant +#include + +int main() { + unsigned char r; // non-neg rand + char x = r % 64; + + if ((r | x) == 0) { + __goblint_check(r == 0); // SUCCESS + __goblint_check(x == 0); // SUCCESS + } + + if ((r & x) == 63) { + __goblint_check(r & 63 == 63); // SUCCESS + __goblint_check(x == 63); // SUCCESS + } + + +} From e4eefd93cbc24e8cb4fda0fe04d566d060d33950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Krau=C3=9F?= Date: Mon, 9 Dec 2024 18:45:05 +0100 Subject: [PATCH 159/164] added to_bitfield to refine base invariant further and regression test --- src/analyses/baseInvariant.ml | 30 ++++-- src/cdomain/value/cdomains/intDomain.ml | 94 ++++++++++++++++++- src/cdomain/value/cdomains/intDomain.mli | 2 + .../82-bitfield/10-refine-interval.c | 3 + .../82-bitfield/11-refine-interval2.c | 17 ++++ 5 files changed, 136 insertions(+), 10 deletions(-) create mode 100644 tests/regression/82-bitfield/11-refine-interval2.c diff --git a/src/analyses/baseInvariant.ml b/src/analyses/baseInvariant.ml index 950fd6f236..08f96a6185 100644 --- a/src/analyses/baseInvariant.ml +++ b/src/analyses/baseInvariant.ml @@ -398,7 +398,16 @@ struct | BOr -> (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) if PrecisionUtil.get_bitfield () then - ID.meet a (ID.logand a c), ID.meet b (ID.logand b c) + let a', b' = ID.meet a (ID.logand a c), ID.meet b (ID.logand b c) in + let (cz, co) = ID.to_bitfield ikind c in + let (az, ao) = ID.to_bitfield ikind a' in + let (bz, bo) = ID.to_bitfield ikind b' in + let cDef1 = Z.logand co (Z.lognot cz) in + let aDef0 = Z.logand az (Z.lognot ao) in + let bDef0 = Z.logand bz (Z.lognot bo) in + let az = Z.logand az (Z.lognot (Z.logand bDef0 cDef1)) in + let bz = Z.logand bz (Z.lognot (Z.logand aDef0 cDef1)) in + ID.meet a' (ID.of_bitfield ikind (az, ao)), ID.meet b' (ID.of_bitfield ikind (bz, bo)) else a, b | BXor -> (* Be careful: inv_exp performs a meet on both arguments of the BOr / BXor. *) @@ -412,7 +421,7 @@ struct meet_bin c c else a, b - | BAnd as op -> + | BAnd -> (* we only attempt to refine a here *) let a = match ID.to_int b with @@ -420,11 +429,20 @@ struct (match ID.to_bool c with | Some true -> ID.meet a (ID.of_congruence ikind (Z.one, Z.of_int 2)) | Some false -> ID.meet a (ID.of_congruence ikind (Z.zero, Z.of_int 2)) - | None -> if M.tracing then M.tracel "inv" "Unhandled case for operator x %a 1 = %a" d_binop op ID.pretty c; a) - | _ -> if M.tracing then M.tracel "inv" "Unhandled case for operator x %a %a = %a" d_binop op ID.pretty b ID.pretty c; a + | None -> a) + | _ -> a in - if PrecisionUtil.get_bitfield () then - ID.meet a (ID.logor a c), ID.meet b (ID.logor b c) + if PrecisionUtil.get_bitfield () then + let a', b' = ID.meet a (ID.logor a c), ID.meet b (ID.logor b c) in + let (cz, co) = ID.to_bitfield ikind c in + let (az, ao) = ID.to_bitfield ikind a' in + let (bz, bo) = ID.to_bitfield ikind b' in + let cDef0 = Z.logand cz (Z.lognot co) in + let aDef1 = Z.logand ao (Z.lognot az) in + let bDef1 = Z.logand bo (Z.lognot bz) in + let ao = Z.logand ao (Z.lognot (Z.logand bDef1 cDef0)) in + let bo = Z.logand bo (Z.lognot (Z.logand aDef1 cDef0)) in + ID.meet a' (ID.of_bitfield ikind (az, ao)), ID.meet b' (ID.of_bitfield ikind (bz, bo)) else a, b | op -> if M.tracing then M.tracel "inv" "Unhandled operator %a" d_binop op; diff --git a/src/cdomain/value/cdomains/intDomain.ml b/src/cdomain/value/cdomains/intDomain.ml index 2a9ae32562..d2c92415ff 100644 --- a/src/cdomain/value/cdomains/intDomain.ml +++ b/src/cdomain/value/cdomains/intDomain.ml @@ -262,6 +262,7 @@ sig val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t val of_bitfield: Cil.ikind -> int_t * int_t -> t + val to_bitfield: Cil.ikind -> t -> int_t * int_t val is_top_of: Cil.ikind -> t -> bool val invariant_ikind : Cil.exp -> Cil.ikind -> t -> Invariant.t @@ -314,6 +315,7 @@ sig val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t val of_bitfield: Cil.ikind -> int_t * int_t -> t + val to_bitfield: Cil.ikind -> t -> int_t * int_t val starting : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t val ending : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t @@ -393,6 +395,7 @@ struct let of_interval ?(suppress_ovwarn=false) ikind (lb,ub) = {v = I.of_interval ~suppress_ovwarn ikind (lb,ub); ikind} let of_congruence ikind (c,m) = {v = I.of_congruence ikind (c,m); ikind} let of_bitfield ikind (z,o) = {v = I.of_bitfield ikind (z,o); ikind} + let to_bitfield ikind x = I.to_bitfield ikind x.v let starting ?(suppress_ovwarn=false) ikind i = {v = I.starting ~suppress_ovwarn ikind i; ikind} let ending ?(suppress_ovwarn=false) ikind i = {v = I.ending ~suppress_ovwarn ikind i; ikind} @@ -779,6 +782,45 @@ struct let one = Some IArith.one let top_bool = Some IArith.top_bool + let to_bitfield ik z = + match z with None -> (Ints_t.lognot Ints_t.zero, Ints_t.lognot Ints_t.zero) | Some (x,y) -> + let (min_ik, max_ik) = Size.range ik in + let startv = Ints_t.max x (Ints_t.of_bigint min_ik) in + let endv= Ints_t.min y (Ints_t.of_bigint max_ik) in + + let rec analyze_bits pos (acc_z, acc_o) = + if pos < 0 then (acc_z, acc_o) + else + let position = Ints_t.shift_left Ints_t.one pos in + let mask = Ints_t.sub position Ints_t.one in + let remainder = Ints_t.logand startv mask in + + let without_remainder = Ints_t.sub startv remainder in + let bigger_number = Ints_t.add without_remainder position in + + let bit_status = + if Ints_t.compare bigger_number endv <= 0 then + `top + else + if Ints_t.equal (Ints_t.logand (Ints_t.shift_right startv pos) Ints_t.one) Ints_t.one then + `one + else + `zero + in + + let new_acc = + match bit_status with + | `top -> (Ints_t.logor position acc_z, Ints_t.logor position acc_o) + | `one -> (Ints_t.logand (Ints_t.lognot position) acc_z, Ints_t.logor position acc_o) + | `zero -> (Ints_t.logor position acc_z, Ints_t.logand (Ints_t.lognot position) acc_o) + + in + analyze_bits (pos - 1) new_acc + in + let result = analyze_bits (Size.bit ik - 1) (Ints_t.zero, Ints_t.zero) in + let casted = (Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (fst result)))), Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (snd result))))) + in casted + let of_bool _ik = function true -> one | false -> zero let to_bool (a: t) = match a with | None -> None @@ -1379,7 +1421,20 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let casted = (Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (fst result)))), Ints_t.of_bigint (Size.cast ik ((Ints_t.to_bigint (snd result))))) in norm ~debug:true ~suppress_ovwarn ik casted - let of_congruence ik (c,m) = (if m = Ints_t.zero then fst (of_int ik c) else top_of ik) + let of_bitfield ik x = norm ik x |> fst + + let to_bitfield ik x = norm ik x |> fst + + let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) + + let of_congruence ik (c,m) = + if m = Ints_t.zero then of_int ik c |> fst + else if is_power_of_two m then + let mod_mask = m -: Ints_t.one in + let z = !: c in + let o = !:mod_mask |: c in + norm ik (z,o) |> fst + else top_of ik let of_bool _ik = function true -> BArith.one | false -> BArith.zero @@ -1561,11 +1616,10 @@ module BitfieldFunctor (Ints_t : IntOps.IntOps): SOverflow with type int_t = Int let (min_ik, max_ik) = Size.range ik in of_interval ~suppress_ovwarn ik (Ints_t.of_bigint min_ik, n) - let is_power_of_two x = (x &: (x -: Ints_t.one) = Ints_t.zero) - let refine_with_congruence ik bf ((cong) : (int_t * int_t ) option) : t = match bf, cong with - | (z,o), Some (c, m) when is_power_of_two m && m <> Ints_t.one -> + | (z,o), Some (c,m) when m = Ints_t.zero -> norm ik (!: c, c) |> fst + | (z,o), Some (c,m) when is_power_of_two m && m <> Ints_t.one -> let congruenceMask = !:m in let newz = (!:congruenceMask &: z) |: (congruenceMask &: !:c) in let newo = (!:congruenceMask &: o) |: (congruenceMask &: c) in @@ -1860,6 +1914,13 @@ struct else o in fst (norm_interval ik (min ik x, max ik x)) + let to_bitfield ik x = + let joinbf (z1,o1) (z2,o2) = (Ints_t.logor z1 z2, Ints_t.logor o1 o2) in + let rec from_list is acc = match is with + [] -> acc | + j::js -> from_list js (joinbf acc (Interval.to_bitfield ik (Some j))) + in from_list x (Ints_t.zero, Ints_t.zero) + let of_int ik (x: int_t) = of_interval ik (x, x) let lt ik x y = @@ -2720,6 +2781,10 @@ struct let ex = if Z.gt x Z.zero || Z.lt y Z.zero then S.singleton Z.zero else S.empty () in norm ik @@ (`Excluded (ex, r)) + let to_bitfield ik x = + let one_mask = Z.lognot Z.zero + in (one_mask, one_mask) + let starting ?(suppress_ovwarn=false) ikind x = let _,u_ik = Size.range ikind in of_interval ~suppress_ovwarn ikind (x, u_ik) @@ -3209,6 +3274,10 @@ module Enums : S with type int_t = Z.t = struct let is_excl_list = BatOption.is_some % to_excl_list let to_incl_list = function Inc s when not (BISet.is_empty s) -> Some (BISet.elements s) | _ -> None + let to_bitfield ik x = + let one_mask = Z.lognot Z.zero + in (one_mask, one_mask) + let starting ?(suppress_ovwarn=false) ikind x = let _,u_ik = Size.range ikind in of_interval ~suppress_ovwarn ikind (x, u_ik) @@ -3469,6 +3538,17 @@ struct let of_congruence ik (c,m) = normalize ik @@ Some(c,m) + let to_bitfield ik x = + let is_power_of_two x = (Z.logand x (x -: Z.one) = Z.zero) in + match x with None -> (Z.zero, Z.zero) | Some (c,m) -> + if m = Z.zero then (Z.lognot c, c) + else if is_power_of_two m then + let mod_mask = m -: Z.one in + let z = Z.lognot c in + let o = Z.logor (Z.lognot mod_mask) c in + (z,o) + else (Z.lognot Z.zero, Z.lognot Z.zero) + let maximal t = match t with | Some (x, y) when y =: Z.zero -> Some x | _ -> None @@ -4101,6 +4181,12 @@ module IntDomTupleImpl = struct in mapp2 { fp2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.to_incl_list } x |> flat merge + let to_bitfield ik x = + let bf_meet (z1,o1) (z2,o2) = (Z.logand z1 z2, Z.logand o1 o2) in + let bf_top = (Z.lognot Z.zero, Z.lognot Z.zero) in + let res_tup = mapp2 { fp2 = fun (type a) (module I:SOverflow with type t = a and type int_t = int_t) -> I.to_bitfield ik } x + in List.fold bf_meet bf_top (to_list res_tup) + let same show x = let xs = to_list_some x in let us = List.unique xs in let n = List.length us in if n = 1 then Some (List.hd xs) else ( diff --git a/src/cdomain/value/cdomains/intDomain.mli b/src/cdomain/value/cdomains/intDomain.mli index 55149cdb54..6c68724cc5 100644 --- a/src/cdomain/value/cdomains/intDomain.mli +++ b/src/cdomain/value/cdomains/intDomain.mli @@ -264,6 +264,7 @@ sig val of_interval: ?suppress_ovwarn:bool -> Cil.ikind -> int_t * int_t -> t val of_congruence: Cil.ikind -> int_t * int_t -> t val of_bitfield: Cil.ikind -> int_t * int_t -> t + val to_bitfield: Cil.ikind -> t -> int_t * int_t val is_top_of: Cil.ikind -> t -> bool val invariant_ikind : Cil.exp -> Cil.ikind -> t -> Invariant.t @@ -329,6 +330,7 @@ sig val of_congruence: Cil.ikind -> int_t * int_t -> t val of_bitfield: Cil.ikind -> int_t * int_t -> t + val to_bitfield: Cil.ikind -> t -> int_t * int_t val starting : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t val ending : ?suppress_ovwarn:bool -> Cil.ikind -> int_t -> t diff --git a/tests/regression/82-bitfield/10-refine-interval.c b/tests/regression/82-bitfield/10-refine-interval.c index d49e9937de..d9441f05e9 100644 --- a/tests/regression/82-bitfield/10-refine-interval.c +++ b/tests/regression/82-bitfield/10-refine-interval.c @@ -15,5 +15,8 @@ int main() { __goblint_check(x == 63); // SUCCESS } + if ((x ^ 3) == 5) { + __goblint_check(x == 6); // SUCCESS + } } diff --git a/tests/regression/82-bitfield/11-refine-interval2.c b/tests/regression/82-bitfield/11-refine-interval2.c new file mode 100644 index 0000000000..4abaac9b89 --- /dev/null +++ b/tests/regression/82-bitfield/11-refine-interval2.c @@ -0,0 +1,17 @@ +// PARAM: --enable ana.int.interval --enable ana.int.bitfield --set ana.int.refinement fixpoint --trace inv --trace branch --trace invariant +#include + +int main() { + unsigned char r; // non-neg rand + char x = r % 64; + + if ((x | 0) == 63) { + __goblint_check(x == 63); // SUCCESS + } + + if ((x & 63) == 0) { + __goblint_check(x == 0); // SUCCESS + } + + +} From 1e88c86a1cd795cdde2a76166d5323e0a9e51f91 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 10 Dec 2024 15:53:24 +0200 Subject: [PATCH 160/164] Add potential NOTIMEOUT to 06-symbeq/34-var_eq-exponential-context --- tests/regression/06-symbeq/34-var_eq-exponential-context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regression/06-symbeq/34-var_eq-exponential-context.c b/tests/regression/06-symbeq/34-var_eq-exponential-context.c index bc478374f0..8b9b76a89e 100644 --- a/tests/regression/06-symbeq/34-var_eq-exponential-context.c +++ b/tests/regression/06-symbeq/34-var_eq-exponential-context.c @@ -1,5 +1,5 @@ // SKIP PARAM: --set ana.activated[+] var_eq - +// NOTIMEOUT? void level0(int *p) { } From 55e497387b7dc07967a494bb7f3c0a40e3128973 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 10 Dec 2024 15:57:21 +0200 Subject: [PATCH 161/164] Renumber 06-symbeq/41-var_eq_multithread to fix duplicate ID --- .../{41-var_eq_multithread.c => 47-var_eq_multithread.c} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/regression/06-symbeq/{41-var_eq_multithread.c => 47-var_eq_multithread.c} (100%) diff --git a/tests/regression/06-symbeq/41-var_eq_multithread.c b/tests/regression/06-symbeq/47-var_eq_multithread.c similarity index 100% rename from tests/regression/06-symbeq/41-var_eq_multithread.c rename to tests/regression/06-symbeq/47-var_eq_multithread.c From c24821f83adacfa211fb3082192046088a22877c Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 10 Dec 2024 16:03:10 +0200 Subject: [PATCH 162/164] Fix double-locking in symbolic regression tests --- tests/regression/06-symbeq/20-mult_accs_nr.c | 2 +- tests/regression/06-symbeq/21-mult_accs_rc.c | 2 +- tests/regression/06-symbeq/21-mult_accs_rc.t | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/regression/06-symbeq/20-mult_accs_nr.c b/tests/regression/06-symbeq/20-mult_accs_nr.c index 7d66e3f5d2..50c8f19a62 100644 --- a/tests/regression/06-symbeq/20-mult_accs_nr.c +++ b/tests/regression/06-symbeq/20-mult_accs_nr.c @@ -15,7 +15,7 @@ void *t_fun(void *arg) { pthread_mutex_lock(&s->mutex); s->data = 5; // NORACE s->lore = 6; // NORACE - pthread_mutex_lock(&s->mutex); + pthread_mutex_unlock(&s->mutex); return NULL; } diff --git a/tests/regression/06-symbeq/21-mult_accs_rc.c b/tests/regression/06-symbeq/21-mult_accs_rc.c index 62550fab55..4acadb4a58 100644 --- a/tests/regression/06-symbeq/21-mult_accs_rc.c +++ b/tests/regression/06-symbeq/21-mult_accs_rc.c @@ -14,7 +14,7 @@ void *t_fun(void *arg) { pthread_mutex_lock(&s->mutex); s = get_s(); s->data = 5; // RACE! - pthread_mutex_lock(&s->mutex); + pthread_mutex_unlock(&s->mutex); return NULL; } diff --git a/tests/regression/06-symbeq/21-mult_accs_rc.t b/tests/regression/06-symbeq/21-mult_accs_rc.t index ca2e219b05..2eacd0382e 100644 --- a/tests/regression/06-symbeq/21-mult_accs_rc.t +++ b/tests/regression/06-symbeq/21-mult_accs_rc.t @@ -3,7 +3,7 @@ Disable info messages because race summary contains (safe) memory location count $ goblint --enable warn.deterministic --disable warn.info --enable ana.race.direct-arithmetic --set ana.activated[+] "'var_eq'" --set ana.activated[+] "'symb_locks'" 21-mult_accs_rc.c 2>&1 | tee default-output-1.txt [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:14:3-14:32) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:16:3-16:14) - [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:17:3-17:32) + [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:17:3-17:34) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:28:3-28:16) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:29:3-29:15) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:34:3-34:9) @@ -11,7 +11,8 @@ Disable info messages because race summary contains (safe) memory location count write with thread:[main, t_fun@21-mult_accs_rc.c:31:3-31:37] (conf. 100) (exp: & s->data) (21-mult_accs_rc.c:16:3-16:14) write with [symblock:{p-lock:*.mutex}, mhp:{created={[main, t_fun@21-mult_accs_rc.c:31:3-31:37]}}, thread:[main]] (conf. 100) (exp: & *d) (21-mult_accs_rc.c:34:3-34:9) [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:14:3-14:32) - [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:17:3-17:32) + [Warning][Unknown] unlocking NULL mutex (21-mult_accs_rc.c:17:3-17:34) + [Warning][Unknown] unlocking unknown mutex which may not be held (21-mult_accs_rc.c:17:3-17:34) [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:33:3-33:24) [Warning][Unknown] unlocking NULL mutex (21-mult_accs_rc.c:35:3-35:26) [Warning][Unknown] unlocking unknown mutex which may not be held (21-mult_accs_rc.c:35:3-35:26) @@ -23,14 +24,15 @@ Disable info messages because race summary contains (safe) memory location count $ goblint --enable warn.deterministic --disable warn.info --disable ana.race.direct-arithmetic --set ana.activated[+] "'var_eq'" --set ana.activated[+] "'symb_locks'" --enable allglobs 21-mult_accs_rc.c 2>&1 | tee default-output-2.txt [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:14:3-14:32) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:16:3-16:14) - [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:17:3-17:32) + [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:17:3-17:34) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:28:3-28:16) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:29:3-29:15) [Warning][Behavior > Undefined > NullPointerDereference][CWE-476] May dereference NULL pointer (21-mult_accs_rc.c:34:3-34:9) [Success][Race] Memory location (struct s).data (safe): write with thread:[main, t_fun@21-mult_accs_rc.c:31:3-31:37] (conf. 100) (exp: & s->data) (21-mult_accs_rc.c:16:3-16:14) [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:14:3-14:32) - [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:17:3-17:32) + [Warning][Unknown] unlocking NULL mutex (21-mult_accs_rc.c:17:3-17:34) + [Warning][Unknown] unlocking unknown mutex which may not be held (21-mult_accs_rc.c:17:3-17:34) [Warning][Unknown] locking NULL mutex (21-mult_accs_rc.c:33:3-33:24) [Warning][Unknown] unlocking NULL mutex (21-mult_accs_rc.c:35:3-35:26) [Warning][Unknown] unlocking unknown mutex which may not be held (21-mult_accs_rc.c:35:3-35:26) From 87ce3a5788ff89ffb931414ae29a6ca26442f6f5 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Tue, 10 Dec 2024 16:05:11 +0200 Subject: [PATCH 163/164] Comment reversal of PartitionDomain.SetSet --- src/domain/partitionDomain.ml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/domain/partitionDomain.ml b/src/domain/partitionDomain.ml index 316f4fb705..e97946e463 100644 --- a/src/domain/partitionDomain.ml +++ b/src/domain/partitionDomain.ml @@ -106,6 +106,9 @@ struct let show _ = "Partitions" + (* Top and bottom are reversed: + Bottom will be All (equations), i.e. contradiction, + Top will be empty set, i.e. no equations. *) let top = E.bot let bot = E.top let is_top = E.is_bot From 88b0dfc9d6729dcfd606e56132bcfe1061fd7949 Mon Sep 17 00:00:00 2001 From: ManuelLerchner Date: Tue, 10 Dec 2024 17:24:09 +0100 Subject: [PATCH 164/164] hotfix regression tests --- .../{03-simple-bitwise-c => 03-simple-bitwise.c} | 0 tests/regression/82-bitfield/08-refine-with-bitfield.c | 8 +++----- .../{09-refine-interval.c => 09-refine-intervalA.c} | 6 +++--- .../{10-refine-interval.c => 10-refine-intervalB.c} | 0 .../{11-refine-interval2.c => 11-refine-intervalC.c} | 0 5 files changed, 6 insertions(+), 8 deletions(-) rename tests/regression/82-bitfield/{03-simple-bitwise-c => 03-simple-bitwise.c} (100%) rename tests/regression/82-bitfield/{09-refine-interval.c => 09-refine-intervalA.c} (76%) rename tests/regression/82-bitfield/{10-refine-interval.c => 10-refine-intervalB.c} (100%) rename tests/regression/82-bitfield/{11-refine-interval2.c => 11-refine-intervalC.c} (100%) diff --git a/tests/regression/82-bitfield/03-simple-bitwise-c b/tests/regression/82-bitfield/03-simple-bitwise.c similarity index 100% rename from tests/regression/82-bitfield/03-simple-bitwise-c rename to tests/regression/82-bitfield/03-simple-bitwise.c diff --git a/tests/regression/82-bitfield/08-refine-with-bitfield.c b/tests/regression/82-bitfield/08-refine-with-bitfield.c index 64cb588f2d..9ca687671c 100644 --- a/tests/regression/82-bitfield/08-refine-with-bitfield.c +++ b/tests/regression/82-bitfield/08-refine-with-bitfield.c @@ -43,7 +43,6 @@ int main() { // Testing OR operations with patterns int OR_MASK = 0x55; // 01010101 in binary if ((a | OR_MASK) == 0x55) { - __goblint_assert(a == 0); // Only possible if a is 0 __goblint_assert((a | 0xFF) == 0xFF); // ORing with all 1s gives all 1s } @@ -74,7 +73,7 @@ int main() { if ((a & SHIFT_MASK) == SHIFT_MASK) { __goblint_assert((a & 12) == 12); // Both bits must be set __goblint_assert(((a >> 2) & 3) == 3); // When shifted right, lowest bits must be 11 - __goblint_assert(((a << 2) & 12) == 12); // When shifted left, highest bits must be 1100 + __goblint_assert(((a << 2) & 48) == 48); // When shifted left, highest bits must be 11 } int SHIFTED = 0x7 << 3; // 111000 in binary @@ -89,10 +88,9 @@ int main() { } // Testing bitwise complement - int COMP_MASK = ~0xF0; // Complement of 11110000 + int COMP_MASK = ~0x0F; if ((a & COMP_MASK) == 0x0F) { - __goblint_assert((a & 0xF0) == 0); // Upper 4 bits must be 0 - __goblint_assert((a & 0x0F) == 0x0F); // Lower 4 bits must be all 1s + __goblint_check(0); // NOWARN (unreachable) } return 0; diff --git a/tests/regression/82-bitfield/09-refine-interval.c b/tests/regression/82-bitfield/09-refine-intervalA.c similarity index 76% rename from tests/regression/82-bitfield/09-refine-interval.c rename to tests/regression/82-bitfield/09-refine-intervalA.c index 69c24ea0e3..0ff9f3b9e3 100644 --- a/tests/regression/82-bitfield/09-refine-interval.c +++ b/tests/regression/82-bitfield/09-refine-intervalA.c @@ -11,10 +11,10 @@ int main() { if ((a & inv_mask) == 0) { __goblint_check(a <= 14); // SUCCESS - __goblint_check(a >= 1); // SUCCESS + __goblint_check(a >= 0); // SUCCESS - if (1 <= a && a <= 14) { - printf("a is in the interval [1, 14]\n"); + if (0 <= a && a <= 14) { + printf("a is in the interval [0, 14]\n"); } else { __goblint_check(0); // NOWARN (unreachable) } diff --git a/tests/regression/82-bitfield/10-refine-interval.c b/tests/regression/82-bitfield/10-refine-intervalB.c similarity index 100% rename from tests/regression/82-bitfield/10-refine-interval.c rename to tests/regression/82-bitfield/10-refine-intervalB.c diff --git a/tests/regression/82-bitfield/11-refine-interval2.c b/tests/regression/82-bitfield/11-refine-intervalC.c similarity index 100% rename from tests/regression/82-bitfield/11-refine-interval2.c rename to tests/regression/82-bitfield/11-refine-intervalC.c