From 9b4b255f29f887b5cffb38280e7ebf86ed7cdd4c Mon Sep 17 00:00:00 2001
From: Michael Schwarz <michael.schwarz93@gmail.com>
Date: Mon, 27 May 2024 17:45:58 +0200
Subject: [PATCH] Fix `mutex-meet` for malloc after thread creation

---
 src/analyses/apron/relationPriv.apron.ml |  9 +++++++--
 tests/regression/46-apron2/89-malloc.c   | 21 +++++++++++++++++++++
 tests/regression/46-apron2/90-malloc2.c  | 21 +++++++++++++++++++++
 3 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 tests/regression/46-apron2/89-malloc.c
 create mode 100644 tests/regression/46-apron2/90-malloc2.c

diff --git a/src/analyses/apron/relationPriv.apron.ml b/src/analyses/apron/relationPriv.apron.ml
index 61da6ddc42..046e1230d7 100644
--- a/src/analyses/apron/relationPriv.apron.ml
+++ b/src/analyses/apron/relationPriv.apron.ml
@@ -479,7 +479,7 @@ struct
     let get_mutex_inits' = keep_only_protected_globals ask m get_mutex_inits in
     RD.join get_m get_mutex_inits'
 
-  let get_mutex_global_g_with_mutex_inits ask getg g =
+  let get_mutex_global_g_with_mutex_inits (ask:Q.ask) getg g =
     let g_var = AV.global g in
     let get_mutex_global_g =
       if Param.handle_atomic then (
@@ -487,7 +487,12 @@ struct
         RD.keep_vars (getg (V.mutex atomic_mutex)) [g_var]
       )
       else
-        getg (V.global g)
+        let r = getg (V.global g) in
+        if RD.is_bot r && (ask.f (Queries.IsAllocVar g)) then
+          (* malloc'ed blobs may not have a value here yet *)
+          RD.top ()
+        else
+          r
     in
     let get_mutex_inits = getg V.mutex_inits in
     let get_mutex_inits' = RD.keep_vars get_mutex_inits [g_var] in
diff --git a/tests/regression/46-apron2/89-malloc.c b/tests/regression/46-apron2/89-malloc.c
new file mode 100644
index 0000000000..8780568748
--- /dev/null
+++ b/tests/regression/46-apron2/89-malloc.c
@@ -0,0 +1,21 @@
+// SKIP PARAM: --set ana.activated[+] apron  --set ana.relation.privatization mutex-meet --set ana.apron.domain interval --set sem.int.signed_overflow assume_none
+// Checks that assinging to malloc'ed memory does not cause both branches to be dead
+#include <pthread.h>
+#include <goblint.h>
+void nop(void* arg) {
+}
+
+void main() {
+  pthread_t thread;
+  pthread_create(&thread, 0, &nop, 0);
+
+  long *k = malloc(sizeof(long));
+  *k = 5;
+  if (1)
+    ;
+
+  __goblint_check(*k >= 5); // Reachable and true
+
+  *k = *k+1;
+  __goblint_check(*k >= 5); // Reachable and true
+}
diff --git a/tests/regression/46-apron2/90-malloc2.c b/tests/regression/46-apron2/90-malloc2.c
new file mode 100644
index 0000000000..36696956e7
--- /dev/null
+++ b/tests/regression/46-apron2/90-malloc2.c
@@ -0,0 +1,21 @@
+// SKIP PARAM: --set ana.activated[+] apron --set ana.path_sens[+] threadflag  --set ana.relation.privatization mutex-meet-tid --set ana.apron.domain interval --set sem.int.signed_overflow assume_none
+// Checks that assinging to malloc'ed memory does not cause both branches to be dead
+#include <pthread.h>
+#include <goblint.h>
+void nop(void* arg) {
+}
+
+void main() {
+  pthread_t thread;
+  pthread_create(&thread, 0, &nop, 0);
+
+  long *k = malloc(sizeof(long));
+  *k = 5;
+  if (1)
+    ;
+
+  __goblint_check(*k >= 5); // Reachable and true
+
+  *k = *k+1;
+  __goblint_check(*k >= 5); // Reachable and true
+}