Comments (4)
marek-trtik
commented on September 9, 2024
Log from last year:
./cbmc --graphml-witness witness.graphml --32 --propertyfile ../../sv-benchmarks/c/MemSafety.prp ../../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i
--------------------------------------------------------------------------------
Unwind: 2
CBMC version 5.6 64-bit x86_64 linux
Parsing ../../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i
Converting
Type-checking test-bitfields-1_true-valid-memsafety
Generating GOTO Program
Adding CPROVER library (x86_64)
file <command-line> line 0: <command-line>:0:0: warning: "__STDC_VERSION__" redefined
<built-in>: note: this is the location of the previous definition
Removal of function pointers and virtual functions
Partial Inlining
Generic Property Instrumentation
Starting Bounded Model Checking
size of program expression: 198 steps
simple slicing removed 1 assignments
Generated 68 VCC(s), 19 remaining after simplification
Passing problem to propositional reduction
converting SSA
Running propositional reduction
Post-processing
Solving with Glucose Syrup with simplifier
777 variables, 449 clauses
SAT checker: instance is UNSATISFIABLE
Runtime decision procedure: 0.001s
VERIFICATION SUCCESSFUL
EC=0
TRUE
from cbmc.
marek-trtik
commented on September 9, 2024
Log from this year:
./xtest --graphml-witness witness.graphml --32 --propertyfile ../sv-benchmarks/c/MemSafety.prp ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i
--------------------------------------------------------------------------------
./xtest-binary --graphml-witness /tmp/BenchExec_run_6a0rm5by/tmp/xtest-log.lSMqzi.witness --unwind 2 --stop-on-fail --32 --pointer-check --memory-leak-check --bounds-check --no-assertions --function main ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i
Unwind: 2
CBMC version 5.8 64-bit x86_64 linux
Parsing ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i
Converting
Type-checking test-bitfields-1_true-valid-memsafety
Generating GOTO Program
Adding CPROVER library (x86_64)
file <command-line> line 0: <command-line>:0:0: warning: "__STDC_VERSION__" redefined
<built-in>: note: this is the location of the previous definition
Removal of function pointers and virtual functions
Generic Property Instrumentation
Running with 8 object bits, 24 offset bits (default)
Starting Bounded Model Checking
size of program expression: 208 steps
simple slicing removed 1 assignments
Generated 68 VCC(s), 19 remaining after simplification
Passing problem to propositional reduction
converting SSA
Running propositional reduction
Post-processing
Solving with Glucose Syrup with simplifier
307 variables, 210 clauses
SAT checker: instance is SATISFIABLE
Runtime decision procedure: 0s
Building error trace
Counterexample:
State 18 file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 22 function main thread 0
----------------------------------------------------
p=((struct A *)NULL) (00000000000000000000000000000000)
State 22 file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 23 function main thread 0
----------------------------------------------------
malloc_size=2u (00000000000000000000000000000010)
State 40 file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 23 function main thread 0
----------------------------------------------------
p=dynamic_object1 (00000010000000000000000000000000)
State 42 file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 24 function main thread 0
----------------------------------------------------
dynamic_object1={ 1, 0 } ({ 00000001, 00000000 })
State 47 file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 28 function main thread 0
----------------------------------------------------
dynamic_object1={ 1, 2 } ({ 00000001, 00000010 })
Violated property:
file ../sv-benchmarks/c/ldv-memsafety-bitfields/test-bitfields-1_true-valid-memsafety.i line 32 function main
dereference failure: pointer outside dynamic object bounds in *p
!(POINTER_OBJECT(p) == POINTER_OBJECT(__CPROVER_malloc_object)) || POINTER_OFFSET(p) + 2 >= 0 && __CPROVER_malloc_size >= (unsigned int)POINTER_OFFSET(p) + 3u
VERIFICATION FAILED
EC=10
FALSE(valid-deref)
from cbmc.
marek-trtik
commented on September 9, 2024
The cause is here:
https://github.com/marek-trtik/cbmc/blob/sv-comp-2018-patches/src/analyses/goto_check.cpp#L1071
from cbmc.
marek-trtik
commented on September 9, 2024
I made another duplicate issue. This time of #2.
from cbmc.
Related Issues (20)
- OBSOLETE
- Improve the witness generation for ProductLines, Floats, and Sequentialized
- 18 red memsafety benchmarks HOT 4
- Fixing: byte_extract flatting with negative offset: byte_extract_little_endian HOT 2
- Fixing: equality without matching types HOT 13
- Fixing: too many addressed objects: maximum number of objects is set to 2^n=256 (with n=8); HOT 2
- Fixing: too many addressed objects HOT 4
- Fixing: pointer handling for concurrency is unsound HOT 2
- Fixing: byte_update of unknown width: byte_update_little_endian HOT 2
- Fixing: implicit conversion not permitted HOT 2
- Fixing: warning: ignoring array_of HOT 3
- Fixing: cannot unpack struct with non-byte aligned components HOT 1
- RED status - strcpy/memcpy HOT 2
- Type-checking failure: "numeric exception"/"identifier XYZ not found" HOT 6
- No violation node for some benchmarks in the memory safety category HOT 3
- Incorrect FALSE detected in function strncpy (43_1a_cilled_true-unreach-call_ok_nondet_linux-43_1a-drivers--power--test_power.ko-ldv_main0_sequence_infinite_withcheck_stateful.cil.out.c) HOT 3
- Incorrect FALSE detected in function strcpy (module_get_put-drivers-char-ipmi-ipmi_watchdog.ko_true-unreach-call.cil.out.i.pp.i) HOT 6
- Incorrect FALSE related to pointer outside dynamic object bounds HOT 9
- Incorrect TRUE for warning: ignoring bswap HOT 4
- Incorrect TRUE for ldv-linux-4.0-rc1-mav/linux-4.0-rc1---drivers--usb--misc--legousbtower.ko_false-unreach-call.cil.c HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cbmc.