Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square*.i #1244

Closed
michael-schwarz opened this issue Nov 9, 2023 · 0 comments · Fixed by #1253
Closed

Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square*.i #1244

michael-schwarz opened this issue Nov 9, 2023 · 0 comments · Fixed by #1253
Assignees
@stilscher
Labels
feature precision sv-comp SV-COMP (analyses, results), witnesses
Milestone
SV-COMP 2024

Comments

@michael-schwarz
Copy link
Member

I compared our results with Mopsa and noticed that there is >100 simple CWE tasks where we fail to show that no overflow can occur, even though the code looks simple enough:
https://sv-comp.sosy-lab.org/2023/results/results-verified/META_NoOverflows.table.html#/table?filter=9(0*status*(category(in(unknown,error)))),13(0*status*(category(in(correct))))

The core boils down to the following check, which is a bit nasty as it requires relationality through a call of a library function abs (similar to what was done in #1041), and us implementing some sort of constant folding for functions like sqrt. However, this should definitely be within reach.

int data;
if (data > (-0x7fffffff - 1) && abs(data) < (long)sqrt((double)0x7fffffff))
{
    int result = data * data;
    printIntLine(result);
}

Maybe @stilscher this is something for you? It would be a good way to get comfortable with implementing analyses and should be doable in an afternoon or a rainy weekend.
@michael-schwarz michael-schwarz added this to the SV-COMP 2024 milestone Nov 9, 2023
@michael-schwarz michael-schwarz changed the title Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square.i Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square.i Nov 9, 2023
@michael-schwarz michael-schwarz changed the title Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square.i Low-Hanging Fruits in SV-COMP No-Overflow: CWE190-*-square*.i Nov 9, 2023
@sim642 sim642 added the sv-comp SV-COMP (analyses, results), witnesses label Nov 9, 2023
@stilscher stilscher self-assigned this Nov 9, 2023
@stilscher stilscher mentioned this issue Nov 17, 2023
Merged
@michael-schwarz michael-schwarz linked a pull request Nov 18, 2023 that will close this issue
Improving parameter of math function abs in condition #1253
Merged
@michael-schwarz michael-schwarz mentioned this issue Nov 18, 2023
Merged
@sim642 sim642 mentioned this issue Nov 24, 2023
Merged
sim642 added a commit to sim642/opam-repository that referenced this issue Nov 24, 2023
@sim642
[new release] goblint (2.3.0)
34ad5a7 
CHANGES:

Functionally equivalent to Goblint in SV-COMP 2024.

* Add termination analysis for loops (goblint/analyzer#1093).
* Add memory out-of-bounds analysis (goblint/analyzer#1094, goblint/analyzer#1197).
* Add memory leak analysis (goblint/analyzer#1127, goblint/analyzer#1241, goblint/analyzer#1246).
* Add SV-COMP `termination`, `valid-memsafety` and `valid-memcleanup` properties support (goblint/analyzer#1220, goblint/analyzer#1228, goblint/analyzer#1201, goblint/analyzer#1199, goblint/analyzer#1259, goblint/analyzer#1262).
* Add YAML witness version 2.0 support (goblint/analyzer#1238, goblint/analyzer#1240, goblint/analyzer#1217, goblint/analyzer#1226, goblint/analyzer#1225, goblint/analyzer#1248).
* Add final warnings about unsound results (goblint/analyzer#1190, goblint/analyzer#1191).
* Add many library function specifications (goblint/analyzer#1167, goblint/analyzer#1174, goblint/analyzer#1203, goblint/analyzer#1205, goblint/analyzer#1212, goblint/analyzer#1220, goblint/analyzer#1239, goblint/analyzer#1242, goblint/analyzer#1244, goblint/analyzer#1254, goblint/analyzer#1269).
* Adapt automatic configuration tuning (goblint/analyzer#912, goblint/analyzer#921, goblint/analyzer#987, goblint/analyzer#1168, goblint/analyzer#1214, goblint/analyzer#1234).
nberth pushed a commit to nberth/opam-repository that referenced this issue Jun 18, 2024
@sim642 @nberth
[new release] goblint (2.3.0)
8f8e773 
CHANGES:

Functionally equivalent to Goblint in SV-COMP 2024.

* Add termination analysis for loops (goblint/analyzer#1093).
* Add memory out-of-bounds analysis (goblint/analyzer#1094, goblint/analyzer#1197).
* Add memory leak analysis (goblint/analyzer#1127, goblint/analyzer#1241, goblint/analyzer#1246).
* Add SV-COMP `termination`, `valid-memsafety` and `valid-memcleanup` properties support (goblint/analyzer#1220, goblint/analyzer#1228, goblint/analyzer#1201, goblint/analyzer#1199, goblint/analyzer#1259, goblint/analyzer#1262).
* Add YAML witness version 2.0 support (goblint/analyzer#1238, goblint/analyzer#1240, goblint/analyzer#1217, goblint/analyzer#1226, goblint/analyzer#1225, goblint/analyzer#1248).
* Add final warnings about unsound results (goblint/analyzer#1190, goblint/analyzer#1191).
* Add many library function specifications (goblint/analyzer#1167, goblint/analyzer#1174, goblint/analyzer#1203, goblint/analyzer#1205, goblint/analyzer#1212, goblint/analyzer#1220, goblint/analyzer#1239, goblint/analyzer#1242, goblint/analyzer#1244, goblint/analyzer#1254, goblint/analyzer#1269).
* Adapt automatic configuration tuning (goblint/analyzer#912, goblint/analyzer#921, goblint/analyzer#987, goblint/analyzer#1168, goblint/analyzer#1214, goblint/analyzer#1234).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stilscher stilscher

Labels
feature precision sv-comp SV-COMP (analyses, results), witnesses
Projects
None yet
Milestone
SV-COMP 2024
Development

Successfully merging a pull request may close this issue.

Improving parameter of math function abs in condition goblint/analyzer
3 participants
@sim642 @michael-schwarz @stilscher