Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixpoint not reached with address sets #554

Closed
michael-schwarz opened this issue Jan 21, 2022 · 1 comment · Fixed by #559
Closed

Fixpoint not reached with address sets #554

michael-schwarz opened this issue Jan 21, 2022 · 1 comment · Fixed by #559
Assignees
@sim642
Labels
bug
Milestone
v2.0.0

Comments

@michael-schwarz
Copy link
Member

michael-schwarz commented Jan 21, 2022
edited
Loading

I extracted this small sample from goblint/bench#7 via creduce.

int a;

int main() { c(&a); }
int c(int *f) {
  unsigned long d;
  int *e = &a;
  d = 0;
  while (1) {
    e = f++;
    d++;
  }
}

The issue is HoarePO: {a[def_exc:Unknown int([-63,63])], a, NULL, ?} not leq {a[def_exc:Unknown int([-63,63])], a[def_exc:Unknown int([-63,63])], NULL, ?}.

Full message:

michael@michael-ThinkPad-X1-Carbon-6th:~/Documents/goblint-cil/analyzer$ ./goblint 1.c
Fixpoint not reached at node 84 "tmp = f;" on 1.c:10:5-10:12
 Solver computed:
 {([Reversed (top or Set (Normal Lvals * booleans)):{}, Unit:(),
    top or Set (variables):{}, booleans:False, MT mode:Singlethreaded,
    Thread * lifted created and Unit:(([main], {}), bot),
    value domain * array partitioning deps * Vars with Weak Update * P:(mapping {
                                                                          Global {
                                                                            a ->
                                                                              (0)
                                                                          }
                                                                          Local {
                                                                            d ->
                                                                              (Unknown int([0,64]))
                                                                            e ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a[def_exc:Unknown int([-63,63])], &a}
                                                                          }
                                                                          Parameter {
                                                                            f ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a}
                                                                          }
                                                                          Temp {
                                                                            tmp ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a[def_exc:Unknown int([-63,63])], NULL, ?}
                                                                          }
                                                                        }, mapping {
                                                                               }, {}, {}),
    lifted node:Unknown node, Unit:()], mapping {
                                          })}
 Right-Hand-Side:
 {([Reversed (top or Set (Normal Lvals * booleans)):{}, Unit:(),
    top or Set (variables):{}, booleans:False, MT mode:Singlethreaded,
    Thread * lifted created and Unit:(([main], {}), bot),
    value domain * array partitioning deps * Vars with Weak Update * P:(mapping {
                                                                          Global {
                                                                            a ->
                                                                              (0)
                                                                          }
                                                                          Local {
                                                                            d ->
                                                                              (Unknown int([0,8]))
                                                                            e ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a}
                                                                          }
                                                                          Parameter {
                                                                            f ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a}
                                                                          }
                                                                          Temp {
                                                                            tmp ->
                                                                              {&a[def_exc:Unknown int([-63,63])], &a, NULL, ?}
                                                                          }
                                                                        }, mapping {
                                                                               }, {}, {}),
    lifted node:Unknown node, Unit:()], mapping {
                                          })}
 Difference: ([Reversed (top or Set (Normal Lvals * booleans)):{}, Unit:(),
               top or Set (variables):{}, booleans:False,
               MT mode:Singlethreaded,
               Thread * lifted created and Unit:(([main], {}), bot),
               value domain * array partitioning deps * Vars with Weak Update * P:(mapping {
                                                                                     Global {
                                                                                       a ->
                                                                                         (0)
                                                                                     }
                                                                                     Local {
                                                                                       d ->
                                                                                         (Unknown int([0,8]))
                                                                                       e ->
                                                                                         {&a[def_exc:Unknown int([-63,63])], &a}
                                                                                     }
                                                                                     Parameter {
                                                                                       f ->
                                                                                         {&a[def_exc:Unknown int([-63,63])], &a}
                                                                                     }
                                                                                     Temp {
                                                                                       tmp ->
                                                                                         {&a[def_exc:Unknown int([-63,63])], &a, NULL, ?}
                                                                                     }
                                                                                   }, mapping {
                                                                                          }, {}, {}),
               lifted node:Unknown node, Unit:()], mapping {
                                                     }):
 not leq ([Reversed (top or Set (Normal Lvals * booleans)):{}, Unit:(),
           top or Set (variables):{}, booleans:False, MT mode:Singlethreaded,
           Thread * lifted created and Unit:(([main], {}), bot),
           value domain * array partitioning deps * Vars with Weak Update * P:(mapping {
                                                                                 Global {
                                                                                   a ->
                                                                                     (0)
                                                                                 }
                                                                                 Local {
                                                                                   d ->
                                                                                     (Unknown int([0,64]))
                                                                                   e ->
                                                                                     {&a[def_exc:Unknown int([-63,63])], &a[def_exc:Unknown int([-63,63])], &a}
                                                                                 }
                                                                                 Parameter {
                                                                                   f ->
                                                                                     {&a[def_exc:Unknown int([-63,63])], &a}
                                                                                 }
                                                                                 Temp {
                                                                                   tmp ->
                                                                                     {&a[def_exc:Unknown int([-63,63])], &a[def_exc:Unknown int([-63,63])], NULL, ?}
                                                                                 }
                                                                               }, mapping {
                                                                                      }, {}, {}),
           lifted node:Unknown node, Unit:()], mapping {
                                                 }) because Map: tmp =
 HoarePO: {a[def_exc:Unknown int([-63,63])], a, NULL, ?} not leq {a[def_exc:Unknown int([-63,63])], a[def_exc:Unknown int([-63,63])], NULL, ?}.

It is a slightly different case than goblint/bench#7 where both address sets are (at least textually) the same, so there might be several issues here or one issues is manifesting itself differently.
@sim642 sim642 changed the title Fixpoint not reached Fixpoint not reached with address sets Jan 21, 2022
@sim642 sim642 self-assigned this Jan 21, 2022
@sim642
Copy link
Member

sim642 commented Jan 21, 2022

I started looking into the minimized program and apparently it's a problem with the widening of address domain:

%%% ad: (tests/regression/02-base/71-ad.c:3:14-3:19)  widen {a[def_exc:1], a} {a[def_exc:Not {0}([0,7])]}
  %%% ad: -> {a[def_exc:Not {0}([0,7])], a[def_exc:Not {0}([0,7])]}

sim642 added a commit that referenced this issue Jan 21, 2022
@sim642
Fix address domain widening creating duplicates (closes #554)
374d78b
@sim642 sim642 mentioned this issue Jan 21, 2022
Merged
@sim642 sim642 added this to the v2.0.0 milestone Aug 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sim642 sim642

Labels
bug
Projects
None yet
Milestone
v2.0.0
Development

Successfully merging a pull request may close this issue.

Fix address domain widening creating duplicates goblint/analyzer
2 participants
@sim642 @michael-schwarz