From 2456011c4d62f7da67a370ab7eddc8f330d984c3 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Tue, 25 Jul 2017 15:02:14 +0200 Subject: [PATCH 01/10] Make configt::set_classpath private It's only called from within configt. --- src/util/config.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/util/config.h b/src/util/config.h index 6fb4a5a2376..992fac2e6bd 100644 --- a/src/util/config.h +++ b/src/util/config.h @@ -152,10 +152,11 @@ class configt bool set(const cmdlinet &cmdline); - void set_classpath(const std::string &cp); - static irep_idt this_architecture(); static irep_idt this_operating_system(); + +private: + void set_classpath(const std::string &cp); }; extern configt config; From e59511c9168f04cb21e85642aa8875c1cb4b4efd Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Tue, 25 Jul 2017 14:53:25 +0200 Subject: [PATCH 02/10] Factorize setting config from symbol table when reading goto binaries --- src/cbmc/cbmc_parse_options.cpp | 3 --- src/clobber/clobber_parse_options.cpp | 2 -- src/goto-diff/goto_diff_parse_options.cpp | 1 - src/goto-instrument/goto_instrument_parse_options.cpp | 1 - src/goto-programs/initialize_goto_model.cpp | 3 --- src/goto-programs/read_goto_binary.cpp | 4 ++++ src/musketeer/musketeer_parse_options.cpp | 2 -- 7 files changed, 4 insertions(+), 12 deletions(-) diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp index 3ea44b82999..902479b7c1f 100644 --- a/src/cbmc/cbmc_parse_options.cpp +++ b/src/cbmc/cbmc_parse_options.cpp @@ -677,9 +677,6 @@ int cbmc_parse_optionst::get_goto_program( } } - if(!binaries.empty()) - config.set_from_symbol_table(symbol_table); - if(cmdline.isset("show-symbol-table")) { show_symbol_table(); diff --git a/src/clobber/clobber_parse_options.cpp b/src/clobber/clobber_parse_options.cpp index 7915a567caa..ae13320f9cb 100644 --- a/src/clobber/clobber_parse_options.cpp +++ b/src/clobber/clobber_parse_options.cpp @@ -208,8 +208,6 @@ bool clobber_parse_optionst::get_goto_program( symbol_table, goto_functions, get_message_handler())) return true; - config.set_from_symbol_table(symbol_table); - if(cmdline.isset("show-symbol-table")) { show_symbol_table(); diff --git a/src/goto-diff/goto_diff_parse_options.cpp b/src/goto-diff/goto_diff_parse_options.cpp index ee2a74a0b24..94cf6bcbf5e 100644 --- a/src/goto-diff/goto_diff_parse_options.cpp +++ b/src/goto-diff/goto_diff_parse_options.cpp @@ -346,7 +346,6 @@ int goto_diff_parse_optionst::get_goto_program( return 6; config.set(cmdline); - config.set_from_symbol_table(goto_model.symbol_table); // This one is done. cmdline.args.erase(cmdline.args.begin()); diff --git a/src/goto-instrument/goto_instrument_parse_options.cpp b/src/goto-instrument/goto_instrument_parse_options.cpp index 92995c74252..a770ffa6666 100644 --- a/src/goto-instrument/goto_instrument_parse_options.cpp +++ b/src/goto-instrument/goto_instrument_parse_options.cpp @@ -866,7 +866,6 @@ void goto_instrument_parse_optionst::get_goto_program() throw 0; config.set(cmdline); - config.set_from_symbol_table(symbol_table); } void goto_instrument_parse_optionst::instrument_goto_program() diff --git a/src/goto-programs/initialize_goto_model.cpp b/src/goto-programs/initialize_goto_model.cpp index df678c522c4..e18f78e70f9 100644 --- a/src/goto-programs/initialize_goto_model.cpp +++ b/src/goto-programs/initialize_goto_model.cpp @@ -130,9 +130,6 @@ bool initialize_goto_model( return true; } - if(!binaries.empty()) - config.set_from_symbol_table(goto_model.symbol_table); - msg.status() << "Generating GOTO Program" << messaget::eom; goto_convert( diff --git a/src/goto-programs/read_goto_binary.cpp b/src/goto-programs/read_goto_binary.cpp index 6eaede5fd97..7560ca66e9d 100644 --- a/src/goto-programs/read_goto_binary.cpp +++ b/src/goto-programs/read_goto_binary.cpp @@ -26,6 +26,7 @@ Module: Read Goto Programs #include #include #include +#include #include @@ -382,6 +383,9 @@ bool read_object_and_link( linking.object_type_updates)) return true; + // reading successful, let's update config + config.set_from_symbol_table(symbol_table); + return false; } diff --git a/src/musketeer/musketeer_parse_options.cpp b/src/musketeer/musketeer_parse_options.cpp index 16860e7b20d..1918d939cc5 100644 --- a/src/musketeer/musketeer_parse_options.cpp +++ b/src/musketeer/musketeer_parse_options.cpp @@ -138,8 +138,6 @@ void goto_fence_inserter_parse_optionst::get_goto_program( if(read_goto_binary(cmdline.args[0], symbol_table, goto_functions, get_message_handler())) throw 0; - - config.set_from_symbol_table(symbol_table); } void goto_fence_inserter_parse_optionst::instrument_goto_program( From 71d55ec3b5e1de6bb74b4378137673e0e7206ecb Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Thu, 20 Jul 2017 22:46:22 +0100 Subject: [PATCH 03/10] Replace BV_ADDR_BITS by config setting --- src/goto-programs/json_goto_trace.cpp | 5 ++-- src/solvers/flattening/bv_pointers.cpp | 2 +- src/solvers/flattening/pointer_logic.h | 2 +- src/solvers/smt1/smt1_conv.cpp | 34 ++++++++++++++----------- src/solvers/smt2/smt2_conv.cpp | 35 +++++++++++++++----------- src/util/config.cpp | 2 ++ src/util/config.h | 6 +++++ 7 files changed, 52 insertions(+), 34 deletions(-) diff --git a/src/goto-programs/json_goto_trace.cpp b/src/goto-programs/json_goto_trace.cpp index 3f4397f3c8e..3580d1a689a 100644 --- a/src/goto-programs/json_goto_trace.cpp +++ b/src/goto-programs/json_goto_trace.cpp @@ -15,9 +15,9 @@ Author: Daniel Kroening #include #include +#include #include -#include #include "json_goto_trace.h" @@ -33,7 +33,8 @@ void remove_pointer_offsets(exprt &src) std::string binary_str=id2string(to_constant_expr(src.op0()).get_value()); // The constant address consists of OBJECT-ID || OFFSET. // Shift out the object-identifier bits, leaving only the offset: - mp_integer offset=binary2integer(binary_str.substr(BV_ADDR_BITS), false); + mp_integer offset=binary2integer( + binary_str.substr(config.bv_encoding.object_bits), false); src=from_integer(offset, src.type()); } else diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp index aeecd21e2bc..bd846bb08af 100644 --- a/src/solvers/flattening/bv_pointers.cpp +++ b/src/solvers/flattening/bv_pointers.cpp @@ -96,7 +96,7 @@ bv_pointerst::bv_pointerst( boolbvt(_ns, _prop), pointer_logic(_ns) { - object_bits=BV_ADDR_BITS; + object_bits=config.bv_encoding.object_bits; offset_bits=config.ansi_c.pointer_width-object_bits; bits=config.ansi_c.pointer_width; } diff --git a/src/solvers/flattening/pointer_logic.h b/src/solvers/flattening/pointer_logic.h index a0dc8b7fb50..d094dbd8523 100644 --- a/src/solvers/flattening/pointer_logic.h +++ b/src/solvers/flattening/pointer_logic.h @@ -16,7 +16,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include -#define BV_ADDR_BITS 8 +class namespacet; class pointer_logict { diff --git a/src/solvers/smt1/smt1_conv.cpp b/src/solvers/smt1/smt1_conv.cpp index ac2326fbc07..831c9513b89 100644 --- a/src/solvers/smt1/smt1_conv.cpp +++ b/src/solvers/smt1/smt1_conv.cpp @@ -19,6 +19,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include #include +#include #include @@ -152,10 +153,11 @@ exprt smt1_convt::ce_value( pointer_logict::pointert p; p.object=integer2unsigned( binary2integer( - value.substr(0, BV_ADDR_BITS), false)); + value.substr(0, config.bv_encoding.object_bits), false)); p.offset= - binary2integer(value.substr(BV_ADDR_BITS, std::string::npos), true); + binary2integer( + value.substr(config.bv_encoding.object_bits, std::string::npos), true); result.copy_to_operands(pointer_logic.pointer_expr(p, type)); @@ -259,8 +261,10 @@ void smt1_convt::convert_address_of_rec( { out << "(concat" - << " bv" << pointer_logic.add_object(expr) << "[" << BV_ADDR_BITS << "]" - << " bv0[" << boolbv_width(result_type)-BV_ADDR_BITS << "]" + << " bv" << pointer_logic.add_object(expr) << "[" + << config.bv_encoding.object_bits << "]" + << " bv0[" + << boolbv_width(result_type)-config.bv_encoding.object_bits << "]" << ")"; } else if(expr.id()==ID_index) @@ -886,8 +890,8 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv) assert(expr.operands().size()==1); assert(expr.op0().type().id()==ID_pointer); std::size_t op_width=boolbv_width(expr.op0().type()); - out << "(zero_extend[" << BV_ADDR_BITS << "] (extract[" - << (op_width-1-BV_ADDR_BITS) + out << "(zero_extend[" << config.bv_encoding.object_bits << "] (extract[" + << (op_width-1-config.bv_encoding.object_bits) << ":0] "; convert_expr(expr.op0(), true); out << "))"; @@ -898,7 +902,7 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv) assert(expr.operands().size()==1); assert(expr.op0().type().id()==ID_pointer); std::size_t op_width=boolbv_width(expr.op0().type()); - signed int ext=boolbv_width(expr.type())-BV_ADDR_BITS; + signed int ext=boolbv_width(expr.type())-config.bv_encoding.object_bits; if(ext>0) out << "(zero_extend[" << ext << "] "; @@ -906,7 +910,7 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv) out << "(extract[" << (op_width-1) << ":" - << op_width-1-BV_ADDR_BITS << "] "; + << op_width-1-config.bv_encoding.object_bits << "] "; convert_expr(expr.op0(), true); out << ")"; @@ -930,10 +934,10 @@ void smt1_convt::convert_expr(const exprt &expr, bool bool_as_bv) out << "(= (extract[" << (op_width-1) - << ":" << op_width-BV_ADDR_BITS << "] "; + << ":" << op_width-config.bv_encoding.object_bits << "] "; convert_expr(expr.op0(), true); out << ") bv" << pointer_logic.get_invalid_object() - << "[" << BV_ADDR_BITS << "])"; + << "[" << config.bv_encoding.object_bits << "])"; // this may have to be converted from_bool_end(type, bool_as_bv); @@ -1850,8 +1854,8 @@ void smt1_convt::convert_constant( assert(boolbv_width(expr.type())!=0); out << "(concat" << " bv" << pointer_logic.get_null_object() - << "[" << BV_ADDR_BITS << "]" - << " bv0[" << boolbv_width(expr.type())-BV_ADDR_BITS + << "[" << config.bv_encoding.object_bits << "]" + << " bv0[" << boolbv_width(expr.type())-config.bv_encoding.object_bits << "]" << ")"; // concat } @@ -1942,14 +1946,14 @@ void smt1_convt::convert_is_dynamic_object( out << "(let (?obj (extract[" << (op_width-1) - << ":" << op_width-BV_ADDR_BITS << "] "; + << ":" << op_width-config.bv_encoding.object_bits << "] "; convert_expr(expr.op0(), true); out << ")) "; if(dynamic_objects.size()==1) { out << "(= bv" << dynamic_objects.front() - << "[" << BV_ADDR_BITS << "] ?obj)"; + << "[" << config.bv_encoding.object_bits << "] ?obj)"; } else { @@ -1957,7 +1961,7 @@ void smt1_convt::convert_is_dynamic_object( for(const auto &obj : dynamic_objects) out << " (= bv" << obj - << "[" << BV_ADDR_BITS << "] ?obj)"; + << "[" << config.bv_encoding.object_bits << "] ?obj)"; out << ")"; // or } diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp index a26dd2445c6..c077eff105c 100644 --- a/src/solvers/smt2/smt2_conv.cpp +++ b/src/solvers/smt2/smt2_conv.cpp @@ -21,6 +21,7 @@ Author: Daniel Kroening, kroening@kroening.com #include #include #include +#include #include @@ -141,7 +142,7 @@ void smt2_convt::define_object_size( std::size_t pointer_width = boolbv_width(ptr.type()); std::size_t number = 0; std::size_t h=pointer_width-1; - std::size_t l=pointer_width-BV_ADDR_BITS; + std::size_t l=pointer_width-config.bv_encoding.object_bits; for(const auto &o : pointer_logic.objects) { @@ -160,9 +161,10 @@ void smt2_convt::define_object_size( out << "(assert (implies (= " << "((_ extract " << h << " " << l << ") "; convert_expr(ptr); - out << ") (_ bv" << number << " " << BV_ADDR_BITS << "))" << - "(= " << id << " (_ bv" << object_size.to_ulong() << " " << - size_width << "))))\n"; + out << ") (_ bv" << number << " " + << config.bv_encoding.object_bits << "))" + << "(= " << id << " (_ bv" << object_size.to_ulong() << " " + << size_width << "))))\n"; ++number; } @@ -453,7 +455,7 @@ exprt smt2_convt::parse_rec(const irept &src, const typet &_type) to_integer(bv_expr, v); // split into object and offset - mp_integer pow=power(2, width-BV_ADDR_BITS); + mp_integer pow=power(2, width-config.bv_encoding.object_bits); pointer_logict::pointert ptr; ptr.object=integer2size_t(v/pow); ptr.offset=v%pow; @@ -486,8 +488,10 @@ void smt2_convt::convert_address_of_rec( { out << "(concat (_ bv" - << pointer_logic.add_object(expr) << " " << BV_ADDR_BITS << ")" - << " (_ bv0 " << boolbv_width(result_type)-BV_ADDR_BITS << "))"; + << pointer_logic.add_object(expr) << " " + << config.bv_encoding.object_bits << ")" + << " (_ bv0 " + << boolbv_width(result_type)-config.bv_encoding.object_bits << "))"; } else if(expr.id()==ID_index) { @@ -1305,7 +1309,8 @@ void smt2_convt::convert_expr(const exprt &expr) { assert(expr.operands().size()==1); assert(expr.op0().type().id()==ID_pointer); - std::size_t offset_bits=boolbv_width(expr.op0().type())-BV_ADDR_BITS; + std::size_t offset_bits= + boolbv_width(expr.op0().type())-config.bv_encoding.object_bits; std::size_t result_width=boolbv_width(expr.type()); // max extract width @@ -1327,7 +1332,7 @@ void smt2_convt::convert_expr(const exprt &expr) { assert(expr.operands().size()==1); assert(expr.op0().type().id()==ID_pointer); - std::size_t ext=boolbv_width(expr.type())-BV_ADDR_BITS; + std::size_t ext=boolbv_width(expr.type())-config.bv_encoding.object_bits; std::size_t pointer_width=boolbv_width(expr.op0().type()); if(ext>0) @@ -1335,7 +1340,7 @@ void smt2_convt::convert_expr(const exprt &expr) out << "((_ extract " << pointer_width-1 << " " - << pointer_width-BV_ADDR_BITS << ") "; + << pointer_width-config.bv_encoding.object_bits << ") "; convert_expr(expr.op0()); out << ")"; @@ -1353,10 +1358,10 @@ void smt2_convt::convert_expr(const exprt &expr) std::size_t pointer_width=boolbv_width(expr.op0().type()); out << "(= ((_ extract " << pointer_width-1 << " " - << pointer_width-BV_ADDR_BITS << ") "; + << pointer_width-config.bv_encoding.object_bits << ") "; convert_expr(expr.op0()); out << ") (_ bv" << pointer_logic.get_invalid_object() - << " " << BV_ADDR_BITS << "))"; + << " " << config.bv_encoding.object_bits << "))"; } else if(expr.id()=="pointer_object_has_type") { @@ -2722,14 +2727,14 @@ void smt2_convt::convert_is_dynamic_object(const exprt &expr) out << "(let ((?obj ((_ extract " << pointer_width-1 << " " - << pointer_width-BV_ADDR_BITS << ") "; + << pointer_width-config.bv_encoding.object_bits << ") "; convert_expr(expr.op0()); out << "))) "; if(dynamic_objects.size()==1) { out << "(= (_ bv" << dynamic_objects.front() - << " " << BV_ADDR_BITS << ") ?obj)"; + << " " << config.bv_encoding.object_bits << ") ?obj)"; } else { @@ -2737,7 +2742,7 @@ void smt2_convt::convert_is_dynamic_object(const exprt &expr) for(const auto &object : dynamic_objects) out << " (= (_ bv" << object - << " " << BV_ADDR_BITS << ") ?obj)"; + << " " << config.bv_encoding.object_bits << ") ?obj)"; out << ")"; // or } diff --git a/src/util/config.cpp b/src/util/config.cpp index 2422092f4c0..71d5517ca87 100644 --- a/src/util/config.cpp +++ b/src/util/config.cpp @@ -730,6 +730,8 @@ bool configt::set(const cmdlinet &cmdline) cpp.cpp_standard=cppt::default_cpp_standard(); + bv_encoding.object_bits=8; + ansi_c.single_precision_constant=false; ansi_c.for_has_scope=true; // C99 or later ansi_c.c_standard=ansi_ct::default_c_standard(); diff --git a/src/util/config.h b/src/util/config.h index 992fac2e6bd..22f8de1df08 100644 --- a/src/util/config.h +++ b/src/util/config.h @@ -143,6 +143,12 @@ class configt irep_idt main_class; } java; + struct bv_encodingt + { + // number of bits to encode heap object addresses + unsigned object_bits; + } bv_encoding; + // this is the function to start executing std::string main; From dacf8faf6d3b1d65da8e7ea6959df3f7c15d744d Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Thu, 20 Jul 2017 23:49:51 +0100 Subject: [PATCH 04/10] Better error message when too many dynamic objects --- regression/cbmc/address_space_size_limit1/test.desc | 2 +- src/solvers/flattening/bv_pointers.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/regression/cbmc/address_space_size_limit1/test.desc b/regression/cbmc/address_space_size_limit1/test.desc index 9dcfb8970aa..1cb3a86cd65 100644 --- a/regression/cbmc/address_space_size_limit1/test.desc +++ b/regression/cbmc/address_space_size_limit1/test.desc @@ -1,5 +1,5 @@ CORE test.c --no-simplify --unwind 300 -too many variables +too many addressed objects -- diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp index bd846bb08af..9a0c330fa32 100644 --- a/src/solvers/flattening/bv_pointers.cpp +++ b/src/solvers/flattening/bv_pointers.cpp @@ -683,7 +683,7 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv) std::size_t a=pointer_logic.add_object(expr); if(a==(std::size_t(1)< Date: Thu, 20 Jul 2017 23:44:56 +0100 Subject: [PATCH 05/10] Allow specifying object-bits via command line and language defaults --- .../cbmc/address_space_size_limit1/test.desc | 2 +- src/cbmc/cbmc_parse_options.cpp | 1 + src/cbmc/cbmc_parse_options.h | 1 + src/langapi/language_ui.cpp | 3 ++ src/solvers/flattening/bv_pointers.cpp | 8 ++- src/util/config.cpp | 49 ++++++++++++++++++- src/util/config.h | 11 +++++ 7 files changed, 71 insertions(+), 4 deletions(-) diff --git a/regression/cbmc/address_space_size_limit1/test.desc b/regression/cbmc/address_space_size_limit1/test.desc index 1cb3a86cd65..d0d0ed3c04e 100644 --- a/regression/cbmc/address_space_size_limit1/test.desc +++ b/regression/cbmc/address_space_size_limit1/test.desc @@ -1,5 +1,5 @@ CORE test.c ---no-simplify --unwind 300 +--no-simplify --unwind 300 --object-bits 8 too many addressed objects -- diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp index 902479b7c1f..bd9396baa69 100644 --- a/src/cbmc/cbmc_parse_options.cpp +++ b/src/cbmc/cbmc_parse_options.cpp @@ -1095,6 +1095,7 @@ void cbmc_parse_optionst::help() " --graphml-witness filename write the witness in GraphML format to filename\n" // NOLINT(*) "\n" "Backend options:\n" + " --object-bits n number of bits used for object addresses\n" " --dimacs generate CNF in DIMACS format\n" " --beautify beautify the counterexample (greedy heuristic)\n" // NOLINT(*) " --localize-faults localize faults (experimental)\n" diff --git a/src/cbmc/cbmc_parse_options.h b/src/cbmc/cbmc_parse_options.h index 145ff8e6e77..0a367ccc60d 100644 --- a/src/cbmc/cbmc_parse_options.h +++ b/src/cbmc/cbmc_parse_options.h @@ -31,6 +31,7 @@ class optionst; "(debug-level):(no-propagation)(no-simplify-if)" \ "(document-subgoals)(outfile):(test-preprocessor)" \ "D:I:(c89)(c99)(c11)(cpp89)(cpp99)(cpp11)" \ + "(object-bits):" \ "(classpath):(cp):(main-class):" \ "(depth):(partial-loops)(no-unwinding-assertions)(unwinding-assertions)" \ OPT_GOTO_CHECK \ diff --git a/src/langapi/language_ui.cpp b/src/langapi/language_ui.cpp index fe24dff1887..33916adb0f6 100644 --- a/src/langapi/language_ui.cpp +++ b/src/langapi/language_ui.cpp @@ -14,6 +14,7 @@ Author: Daniel Kroening, kroening@cs.cmu.edu #include #include #include +#include #include #include "language_ui.h" @@ -125,6 +126,8 @@ bool language_uit::final() return true; } + config.set_object_bits_from_symbol_table(symbol_table); + return false; } diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp index 9a0c330fa32..fdc0a6780e5 100644 --- a/src/solvers/flattening/bv_pointers.cpp +++ b/src/solvers/flattening/bv_pointers.cpp @@ -682,8 +682,12 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv) { std::size_t a=pointer_logic.add_object(expr); - if(a==(std::size_t(1)< classpatht; classpatht classpath; irep_idt main_class; + + static const unsigned default_object_bits=16; } java; struct bv_encodingt { // number of bits to encode heap object addresses unsigned object_bits; + bool is_object_bits_default; + + static const unsigned default_object_bits=8; } bv_encoding; // this is the function to start executing @@ -158,6 +167,8 @@ class configt bool set(const cmdlinet &cmdline); + void set_object_bits_from_symbol_table(const symbol_tablet &); + static irep_idt this_architecture(); static irep_idt this_operating_system(); From f8bf577ce7277e9246e551b2e4c0f728d4567bd5 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Wed, 2 Aug 2017 15:28:43 +0100 Subject: [PATCH 06/10] Catch command line parsing exceptions --- src/cbmc/cbmc_parse_options.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp index bd9396baa69..215f6abacf9 100644 --- a/src/cbmc/cbmc_parse_options.cpp +++ b/src/cbmc/cbmc_parse_options.cpp @@ -448,7 +448,23 @@ int cbmc_parse_optionst::doit() // optionst options; - get_command_line_options(options); + try + { + get_command_line_options(options); + } + + catch(const char *error_msg) + { + error() << error_msg << eom; + return 6; // should contemplate EX_SOFTWARE from sysexits.h + } + + catch(const std::string error_msg) + { + error() << error_msg << eom; + return 6; // should contemplate EX_SOFTWARE from sysexits.h + } + eval_verbosity(); // From d122cfb3fe1cced0745b35d74569a4d490b78873 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Fri, 21 Jul 2017 00:15:35 +0100 Subject: [PATCH 07/10] Add java address space limits tests --- .../address_space_size_limit1/Test.class | Bin 0 -> 640 bytes .../cbmc-java/address_space_size_limit1/Test.java | 13 +++++++++++++ .../cbmc-java/address_space_size_limit1/test.desc | 5 +++++ .../address_space_size_limit2/Test.class | Bin 0 -> 640 bytes .../cbmc-java/address_space_size_limit2/Test.java | 13 +++++++++++++ .../cbmc-java/address_space_size_limit2/test.desc | 8 ++++++++ 6 files changed, 39 insertions(+) create mode 100644 regression/cbmc-java/address_space_size_limit1/Test.class create mode 100644 regression/cbmc-java/address_space_size_limit1/Test.java create mode 100644 regression/cbmc-java/address_space_size_limit1/test.desc create mode 100644 regression/cbmc-java/address_space_size_limit2/Test.class create mode 100644 regression/cbmc-java/address_space_size_limit2/Test.java create mode 100644 regression/cbmc-java/address_space_size_limit2/test.desc diff --git a/regression/cbmc-java/address_space_size_limit1/Test.class b/regression/cbmc-java/address_space_size_limit1/Test.class new file mode 100644 index 0000000000000000000000000000000000000000..5f81fc826ffa983a71fe170b00828a9d1b6ffa96 GIT binary patch literal 640 zcmYL{T~8B16o%ikv)yU83zV<6bhQW~Rzf5(B%06|3~EAB0_ylDXEFn+4zpw(3!t{f1Yx(;>nm|)ko@4e)()$1t2 zL_>$_MgO#=qCKPL!fBvGLa}z(I1XM1Yuz9`T5Bee4v#j>#j$1*v`=<|SE*j&HX&PY zcZYOQGa9$q>ql+%TpM6+PsPc7!}2hWk_Q)gZey}0G2y|(7@<7s_T=9T&!VUoNi2D| zgJnWtB-w2pt9C+=hYbVT;7LZstuDU;kI+%Ej#TGAj-4lcF0jc1EbvR__?azU>=R}vkuiqncfmwf5JopIf4f0oT_6LyP4c$uV73PE44*MHtZ*v^ydH0aL z&2S|T@e^5+m@Sr&MG>W;h4s`HFgYbYBYOd9U&0n2kQuT6I;WJAf#q%TUxISldhQRu C&~X6( literal 0 HcmV?d00001 diff --git a/regression/cbmc-java/address_space_size_limit1/Test.java b/regression/cbmc-java/address_space_size_limit1/Test.java new file mode 100644 index 00000000000..4f60b51e973 --- /dev/null +++ b/regression/cbmc-java/address_space_size_limit1/Test.java @@ -0,0 +1,13 @@ +public class Test { + int x; + Test(int x) { this.x = x; } + + public static void main(String[] args) { + int i; + Test[] tests = new Test[30]; + for(i = 0; i < 30; ++i) { + tests[i] = new Test(i); + } + assert i == tests[0].x; + } +} diff --git a/regression/cbmc-java/address_space_size_limit1/test.desc b/regression/cbmc-java/address_space_size_limit1/test.desc new file mode 100644 index 00000000000..d08ff5b05c1 --- /dev/null +++ b/regression/cbmc-java/address_space_size_limit1/test.desc @@ -0,0 +1,5 @@ +CORE +Test.class +--object-bits 4 +too many addressed objects +-- diff --git a/regression/cbmc-java/address_space_size_limit2/Test.class b/regression/cbmc-java/address_space_size_limit2/Test.class new file mode 100644 index 0000000000000000000000000000000000000000..5f81fc826ffa983a71fe170b00828a9d1b6ffa96 GIT binary patch literal 640 zcmYL{T~8B16o%ikv)yU83zV<6bhQW~Rzf5(B%06|3~EAB0_ylDXEFn+4zpw(3!t{f1Yx(;>nm|)ko@4e)()$1t2 zL_>$_MgO#=qCKPL!fBvGLa}z(I1XM1Yuz9`T5Bee4v#j>#j$1*v`=<|SE*j&HX&PY zcZYOQGa9$q>ql+%TpM6+PsPc7!}2hWk_Q)gZey}0G2y|(7@<7s_T=9T&!VUoNi2D| zgJnWtB-w2pt9C+=hYbVT;7LZstuDU;kI+%Ej#TGAj-4lcF0jc1EbvR__?azU>=R}vkuiqncfmwf5JopIf4f0oT_6LyP4c$uV73PE44*MHtZ*v^ydH0aL z&2S|T@e^5+m@Sr&MG>W;h4s`HFgYbYBYOd9U&0n2kQuT6I;WJAf#q%TUxISldhQRu C&~X6( literal 0 HcmV?d00001 diff --git a/regression/cbmc-java/address_space_size_limit2/Test.java b/regression/cbmc-java/address_space_size_limit2/Test.java new file mode 100644 index 00000000000..4f60b51e973 --- /dev/null +++ b/regression/cbmc-java/address_space_size_limit2/Test.java @@ -0,0 +1,13 @@ +public class Test { + int x; + Test(int x) { this.x = x; } + + public static void main(String[] args) { + int i; + Test[] tests = new Test[30]; + for(i = 0; i < 30; ++i) { + tests[i] = new Test(i); + } + assert i == tests[0].x; + } +} diff --git a/regression/cbmc-java/address_space_size_limit2/test.desc b/regression/cbmc-java/address_space_size_limit2/test.desc new file mode 100644 index 00000000000..9cf9d12a7f7 --- /dev/null +++ b/regression/cbmc-java/address_space_size_limit2/test.desc @@ -0,0 +1,8 @@ +CORE +Test.class +--object-bits 8 +^EXIT=10$ +^SIGNAL=0$ +^VERIFICATION FAILED$ +^\[java::Test.main:\(\[Ljava/lang/String;\)V.assertion.1\] .*: FAILURE$ +-- From 28d478d4848aaf65fa6917683d288aae3da2b3c2 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Fri, 21 Jul 2017 00:35:28 +0100 Subject: [PATCH 08/10] Tests for overflows in pointer arithmetic One is detected with --pointer-check enabled, the other one is currently not detected. --- .../cbmc/address_space_size_limit2/test.c | 10 ++ .../cbmc/address_space_size_limit2/test.desc | 5 + .../cbmc/address_space_size_limit3/main.c | 136 ++++++++++++++++++ .../cbmc/address_space_size_limit3/test.desc | 11 ++ 4 files changed, 162 insertions(+) create mode 100644 regression/cbmc/address_space_size_limit2/test.c create mode 100644 regression/cbmc/address_space_size_limit2/test.desc create mode 100644 regression/cbmc/address_space_size_limit3/main.c create mode 100644 regression/cbmc/address_space_size_limit3/test.desc diff --git a/regression/cbmc/address_space_size_limit2/test.c b/regression/cbmc/address_space_size_limit2/test.c new file mode 100644 index 00000000000..c35cc13da7f --- /dev/null +++ b/regression/cbmc/address_space_size_limit2/test.c @@ -0,0 +1,10 @@ +#include +#include + +int main(int argc, char** argv) +{ + char* c=(char*)malloc(10); + char* d=c; + for(char i=0; i<10; i++, d++); + assert((size_t)d==(size_t)c+10); +} diff --git a/regression/cbmc/address_space_size_limit2/test.desc b/regression/cbmc/address_space_size_limit2/test.desc new file mode 100644 index 00000000000..63d05de2268 --- /dev/null +++ b/regression/cbmc/address_space_size_limit2/test.desc @@ -0,0 +1,5 @@ +KNOWNBUG +test.c +--32 --object-bits 31 --unwind 11 --no-simplify +dynamic object too large +-- diff --git a/regression/cbmc/address_space_size_limit3/main.c b/regression/cbmc/address_space_size_limit3/main.c new file mode 100644 index 00000000000..6c62d538ee5 --- /dev/null +++ b/regression/cbmc/address_space_size_limit3/main.c @@ -0,0 +1,136 @@ +// copy of Pointer_Arithmetic12 + +#include + +#include + +uint32_t __stack[32]; + +uint32_t eax; +uint32_t ebp; +uint32_t ebx; +uint32_t ecx; +uint32_t edi; +uint32_t edx; +uint32_t esi; +uint32_t esp=(uint32_t)&(__stack[31]); +uint32_t var0; +uint32_t var1; +uint32_t var10; +uint32_t var11; +uint32_t var12; +uint32_t var13; +uint32_t var14; +uint32_t var15; +uint32_t var16; +uint32_t var2; +uint32_t var3; +uint32_t var4; +uint32_t var5; +uint32_t var6; +uint32_t var7; +uint32_t var8; +uint32_t var9; + +void g__L_0x3b4_0() +{ + L_0x3b4_0: esp-=0x4; + L_0x3b4_1: *(uint32_t*)(esp)=ebp; + L_0x3b5_0: ebp=esp; + L_0x3b7_0: var4=ebp; + L_0x3b7_1: var4+=0xc; + L_0x3b7_2: eax=*(uint32_t*)(var4); + L_0x3ba_0: edx=eax; + L_0x3bc_0: edx&=0x3; + L_0x3bf_0: var5=ebp; + L_0x3bf_1: var5+=0x8; + L_0x3bf_2: eax=*(uint32_t*)(var5); + L_0x3c2_0: *(uint32_t*)(eax)=edx; + L_0x3c4_0: ebp=*(uint32_t*)(esp); + L_0x3c4_1: esp+=0x4; + L_0x3c5_0: return; +} + +void f__L_0x3c6_0() +{ + L_0x3c6_0: esp-=0x4; + L_0x3c6_1: *(uint32_t*)(esp)=ebp; + L_0x3c7_0: ebp=esp; + L_0x3c9_0: esp-=0x18; + L_0x3cc_0: var6=ebp; + L_0x3cc_1: var6-=0x4; + L_0x3cc_2: *(uint32_t*)(var6)=0x0; + L_0x3d3_0: var7=ebp; + L_0x3d3_1: var7-=0x8; + L_0x3d3_2: *(uint32_t*)(var7)=0x0; + L_0x3da_0: var8=ebp; + L_0x3da_1: var8+=0x8; + L_0x3da_2: eax=*(uint32_t*)(var8); + L_0x3dd_0: var9=ebp; + L_0x3dd_1: var9-=0x4; + L_0x3dd_2: *(uint32_t*)(var9)=eax; + L_0x3e0_0: var10=ebp; + L_0x3e0_1: var10-=0x4; + L_0x3e0_2: eax=*(uint32_t*)(var10); + L_0x3e3_0: var11=esp; + L_0x3e3_1: var11+=0x4; + L_0x3e3_2: *(uint32_t*)(var11)=eax; + L_0x3e7_0: var12=ebp; + L_0x3e7_1: var12-=0x8; + L_0x3e7_2: eax=(uint32_t)&*(uint32_t*)(var12); + L_0x3ea_0: *(uint32_t*)(esp)=eax; + L_0x3ed_0: esp-=4; g__L_0x3b4_0(); esp+=4; + L_0x3f2_0: var13=ebp; + L_0x3f2_1: var13-=0x4; + L_0x3f2_2: *(uint32_t*)(var13)=0x5; + L_0x3f9_0: var14=ebp; + L_0x3f9_1: var14-=0x8; + L_0x3f9_2: eax=*(uint32_t*)(var14); + L_0x3fc_0: esp=ebp; + L_0x3fc_1: ebp=*(uint32_t*)(esp); + L_0x3fc_2: esp+=0x4; + L_0x3fd_0: return; +} + +int main() +{ + L_0x3fe_0: esp-=0x4; + L_0x3fe_1: *(uint32_t*)(esp)=ebp; + L_0x3ff_0: ebp=esp; + L_0x401_0: esp-=0x14; + L_0x404_0: var15=ebp; + L_0x404_1: var15-=0x4; +#ifdef NONDET + L_0x404_2: *(uint32_t*)(var15)=nondet_uint(); +#else + L_0x404_2: *(uint32_t*)(var15)=0xffffffff; +#endif + L_0x40b_0: var16=ebp; + L_0x40b_1: var16-=0x4; + L_0x40b_2: eax=*(uint32_t*)(var16); + L_0x40e_0: *(uint32_t*)(esp)=eax; + L_0x411_0: esp-=4; f__L_0x3c6_0(); esp+=4; +#if 1 + uint32_t eax1=eax; + C_0x3ff_0: ebp=esp; + C_0x401_0: esp-=0x14; + C_0x404_0: var15=ebp; + C_0x404_1: var15-=0x4; +#ifdef NONDET + C_0x404_2: *(uint32_t*)(var15)=nondet_uint(); +#else + C_0x404_2: *(uint32_t*)(var15)=0xffffffff; +#endif + C_0x40b_0: var16=ebp; + C_0x40b_1: var16-=0x4; + C_0x40b_2: eax=*(uint32_t*)(var16); + C_0x40e_0: *(uint32_t*)(esp)=eax; + C_0x411_0: esp-=4; f__L_0x3c6_0(); esp+=4; + uint32_t eax2=eax; + assert(eax2==eax1); +#endif + L_0x416_0: esp=ebp; + L_0x416_1: ebp=*(uint32_t*)(esp); + L_0x416_2: esp+=0x4; + L_0x417_0: return 0; +} diff --git a/regression/cbmc/address_space_size_limit3/test.desc b/regression/cbmc/address_space_size_limit3/test.desc new file mode 100644 index 00000000000..ee7b4e94ab8 --- /dev/null +++ b/regression/cbmc/address_space_size_limit3/test.desc @@ -0,0 +1,11 @@ +CORE +main.c +--32 --little-endian --object-bits 25 --pointer-check +^EXIT=10$ +^SIGNAL=0$ +^VERIFICATION FAILED$ +^.* dereference failure: pointer outside object bounds in .*: FAILURE$ +-- +^warning: ignoring +-- +requires at least 8 offset bits From 55d4011a007adb1601bd791de0e228fbf38b1a73 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Sat, 22 Jul 2017 21:19:27 +0100 Subject: [PATCH 09/10] Fix getting model for object address (unsigned -> size_t) Bug exhibited by cbmc-java/iterator2 when run with --object-bits 35 --- src/solvers/flattening/bv_pointers.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp index fdc0a6780e5..22cbfc7a963 100644 --- a/src/solvers/flattening/bv_pointers.cpp +++ b/src/solvers/flattening/bv_pointers.cpp @@ -601,7 +601,7 @@ exprt bv_pointerst::bv_get_rec( result.set_value(value); pointer_logict::pointert pointer; - pointer.object=integer2unsigned(binary2integer(value_addr, false)); + pointer.object=integer2size_t(binary2integer(value_addr, false)); pointer.offset=binary2integer(value_offset, true); // we add the elaborated expression as operand From ef43fc99d447c1bddede5126475d2c239cdbd2a0 Mon Sep 17 00:00:00 2001 From: Peter Schrammel Date: Wed, 26 Jul 2017 11:27:10 +0200 Subject: [PATCH 10/10] Output message about used object bits settings --- src/cbmc/cbmc_parse_options.cpp | 2 ++ src/util/config.cpp | 10 ++++++++++ src/util/config.h | 1 + 3 files changed, 13 insertions(+) diff --git a/src/cbmc/cbmc_parse_options.cpp b/src/cbmc/cbmc_parse_options.cpp index 215f6abacf9..dbfb16fa917 100644 --- a/src/cbmc/cbmc_parse_options.cpp +++ b/src/cbmc/cbmc_parse_options.cpp @@ -720,6 +720,8 @@ int cbmc_parse_optionst::get_goto_program( show_goto_functions(ns, get_ui(), goto_functions); return 0; } + + status() << config.object_bits_info() << eom; } catch(const char *e) diff --git a/src/util/config.cpp b/src/util/config.cpp index 59a596d9436..c666ae54aa6 100644 --- a/src/util/config.cpp +++ b/src/util/config.cpp @@ -1194,6 +1194,16 @@ void configt::set_object_bits_from_symbol_table( } } +std::string configt::object_bits_info() +{ + return "Running with "+std::to_string(bv_encoding.object_bits)+ + " object bits, "+ + std::to_string(ansi_c.pointer_width-bv_encoding.object_bits)+ + " offset bits ("+ + (bv_encoding.is_object_bits_default ? "default" : "user-specified")+ + ")"; +} + irep_idt configt::this_architecture() { irep_idt this_arch; diff --git a/src/util/config.h b/src/util/config.h index 30903aa2f2e..4b1b39c1402 100644 --- a/src/util/config.h +++ b/src/util/config.h @@ -168,6 +168,7 @@ class configt bool set(const cmdlinet &cmdline); void set_object_bits_from_symbol_table(const symbol_tablet &); + std::string object_bits_info(); static irep_idt this_architecture(); static irep_idt this_operating_system();