diff --git a/src/cdomain/value/cdomains/valueDomain.ml b/src/cdomain/value/cdomains/valueDomain.ml index b126d712bf..af101b933b 100644 --- a/src/cdomain/value/cdomains/valueDomain.ml +++ b/src/cdomain/value/cdomains/valueDomain.ml @@ -561,7 +561,13 @@ struct | (_, Top) -> true | (Top, _) -> false | (Bot, _) -> true - | (_, Bot) -> false + | (x, Bot) -> + if !AnalysisState.bot_in_blob_leq_bot then + match x with + | Blob (x,s,o) -> leq x Bot + | _ -> false + else + false | (Int x, Int y) -> ID.leq x y | (Float x, Float y) -> FD.leq x y | (Int x, Address y) when ID.to_int x = Some Z.zero && not (AD.is_not_null y) -> true diff --git a/src/common/framework/analysisState.ml b/src/common/framework/analysisState.ml index 96816b8529..4dd4744967 100644 --- a/src/common/framework/analysisState.ml +++ b/src/common/framework/analysisState.ml @@ -40,4 +40,7 @@ let verified : bool option ref = ref None let unsound_both_branches_dead: bool option ref = ref None (** [Some true] if unsound both branches dead occurs in analysis results. [Some false] if it doesn't occur. - [None] if [ana.dead-code.branches] option is disabled and this isn't checked. *) \ No newline at end of file + [None] if [ana.dead-code.branches] option is disabled and this isn't checked. *) + +(* Comparison mode where blobs with bot content that are not zero-initalized are considered equivalent to top-level bot *) +let bot_in_blob_leq_bot = ref false diff --git a/src/privPrecCompare.ml b/src/privPrecCompare.ml index b4588e25bd..3b2e385383 100644 --- a/src/privPrecCompare.ml +++ b/src/privPrecCompare.ml @@ -4,4 +4,5 @@ open Goblint_lib module A = PrecCompare.MakeDump (PrivPrecCompareUtil) let () = + AnalysisState.bot_in_blob_leq_bot := true; A.main ()