Bitfield Domain #1623
Merged
Bitfield Domain #1623
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d some revision. Possible side-effects and runtime in O(n^2) while O(n) should be possible.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Semgrep OSS found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
…act bitfield by eliminating constants that would result in a shift to zero beforehand
* implemented modulo * current changes * implementation of add, sub, mul based on paper * implemented neg * bug fixes for arith operators --------- Co-authored-by: Adrian Krauß <ge96kir@tum.de>
Overflow and wrapping
More Pull request feedback
…s not assume sign bit extension with negative first param
…lyzer into pull-request-feedback
sim642
reviewed
Feb 13, 2025
sim642
reviewed
Feb 13, 2025
|
Thanks for addressing my comments! I think I'm now satisfied. There are some unresolved comments from @michael-schwarz and @jerhard among the hundreds of "hidden items" above. So before merging those should be still considered. Just nothing it here since they're hidden by default and thus easy to miss. |
|
The old ones were almost all addressed, I closed them. The open one is this one #1623 (comment) and the one about Great job everyone 💯 🎉 🎉 |
change refinement as requested
michael-schwarz
added a commit
that referenced
this pull request
Feb 14, 2025
sim642
added a commit
that referenced
this pull request
Feb 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This pull request enhances the existing
IntDomainby introducing a new BitfieldDomain. The fullIntDomainnow consists of(DefExc, Interval, Enums, Congruence, IntervalSet, Bitfield).The new Bitfield Domain is based on the Paper
Abstract Domains for Bit-Level Machine Integer and Floating-Point Operations, and keeps track of each bit in an integer individually (conceptually, this is similar to a boolean lattice for each bit).This allows for very precise analysis of bitwise operations.
The new domain can be enabled with
--enable ana.int.bitfieldExample
For example, joining$of\_int(8) \sqcup of\_int(10) \equiv 0b1000 \sqcup 0b1010 = 0b10?0$ maintains most information about the bits; only the second bit differs in both numbers and therefore becomes unknown (unknown bits are shown using a question-mark symbol).
In this case, no over-approximation happens and the join is exact.
Bitwise operators such as
&, |, <<, >>, ~, ...can now deal with this information very precisely.Refinements
As the existing
IntDomainallows for mutual refinements of the subdomains, this PR also adds all newly possible refinement directions to improve precision in theIntDomain.We did, however, have some problems with non-termination when using refinements.
Some of these issues are however also present on the master branch, and indicate a more fundamental problem with refinements (See #1671).
Note
This implementation is part of the
Automated Bug Hunting and Beyondpractical course at TUM.