Skip to content

get_subexpression_at_offset: do not permit out-of-bounds access #7394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 28, 2022
Merged

get_subexpression_at_offset: do not permit out-of-bounds access #7394

merged 3 commits into from
Nov 28, 2022

Conversation

tautschnig
Copy link
Collaborator

An indexed access must not be out of bounds. This was surfaced by union field sensitivity, which ended up generating SSA symbols with indices beyond array bounds.

  • Each commit message has a non-empty body, explaining why the change was made.
  • n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • n/a My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@peterschrammel peterschrammel removed their assignment Nov 28, 2022
@tautschnig
Java trace validation: byte extract may apply to arrays and others
ffdf10f 
There is no reason to restrict byte extract applications to actual
constants (these are, actually, unlikely the expected source operand of
a byte extract). With upcoming fixes array_nonconstsize_nonconstaccess
will rightly apply byte extracts to arrays.
@tautschnig
bv_get_unbounded_array: consider model-specific size
f71c0ae 
For arrays with symbolic size, a particular model returned by the solver
need not have a size large enough to contain indices across all possible
paths. Only those relevant for the path taken in this model will be part
of the result.
@tautschnig
get_subexpression_at_offset: do not permit out-of-bounds access
941030e 
An indexed access must not be out of bounds. This was surfaced by union
field sensitivity, which ended up generating SSA symbols with indices
beyond array bounds.
@tautschnig tautschnig force-pushed the bugfixes/array-out-of-bounds branch from 8bbb050 to 941030e Compare November 28, 2022 11:50
@tautschnig tautschnig assigned tautschnig and unassigned kroening Nov 28, 2022
@tautschnig tautschnig merged commit c3b72e4 into diffblue:develop Nov 28, 2022
@tautschnig tautschnig deleted the bugfixes/array-out-of-bounds branch November 28, 2022 13:01
peterschrammel added a commit to peterschrammel/cbmc that referenced this pull request Dec 4, 2022
@peterschrammel
Another regression test for union field sensitivity
e78096c 
Relates to the bug fixed in diffblue#7394.
See also diffblue#7388.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterschrammel peterschrammel peterschrammel approved these changes

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@romainbrenguier romainbrenguier Awaiting requested review from romainbrenguier

@martin-cs martin-cs Awaiting requested review from martin-cs martin-cs is a code owner

Assignees

@tautschnig tautschnig

Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tautschnig @peterschrammel @kroening