Tests demonstrating pointer-encoding unsoundness

[tautschnig]

The tests exercise the way the back-end encodes pointers. Upcoming
encoding changes will ensure that these can soundly be handled.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #5823 (e5e8239) into develop (09251eb) will increase coverage by 0.00%.
The diff coverage is 83.62%.

@@           Coverage Diff            @@
##           develop    #5823   +/-   ##
========================================
  Coverage    72.85%   72.85%           
========================================
  Files         1423     1421    -2     
  Lines       154072   154130   +58     
========================================
+ Hits        112244   112292   +48     
- Misses       41828    41838   +10     

Impacted Files	Coverage Δ
src/solvers/flattening/boolbv_union.cpp	57.14% <0.00%> (ø)
src/solvers/flattening/boolbv_with.cpp	65.30% <0.00%> (ø)
src/solvers/flattening/boolbv.h	69.56% <50.00%> (-4.12%)	⬇️
src/solvers/flattening/bv_pointers.cpp	82.93% <86.02%> (+0.52%)	⬆️
src/solvers/flattening/boolbv_byte_extract.cpp	70.00% <100.00%> (ø)
src/solvers/flattening/boolbv_byte_update.cpp	100.00% <100.00%> (ø)
src/solvers/flattening/boolbv_width.cpp	76.69% <100.00%> (-0.23%)	⬇️
src/solvers/flattening/boolbv_width.h	100.00% <100.00%> (ø)
src/solvers/flattening/bv_pointers.h	100.00% <100.00%> (ø)
src/util/endianness_map.h	100.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 92659b5...e5e8239. Read the comment docs.

[kroening]

This one feels like it's a bit overfitted to the current encoding -- how about checking that the conversion to an integer doesn't get smaller?

[tautschnig]

Done.

[martin-cs]

Without knowing the bigger picture of what you are planning with pointer encodings it's a bit hard to say but... I'm not particularly comfortable with these.

[martin-cs]

I'm a little concerned by this. As I understand CBMC's memory model we do not support literal addresses. I don't think we are required to do so by the standard either.

[tautschnig]

I'd say we half-support them... And I'd really like to see that fixed as well, might just happen along the way ;-)

[martin-cs]

Is this unsound? ISO-9899 allows conversion of pointers to integers but doesn't say what they will be. Thinking about actual platforms, this kind of thing could be ASLR dependent!

[tautschnig]

Agreed, and I would thus argue that the assertion below ought to be considered reachable by a sound verification tool (i.e., there exists some system configuration under which p is less or equal to 42).