esbmc icon indicating copy to clipboard operation
esbmc copied to clipboard

Published 20 hours ago verified publisher icon esbmc

[C++ Verification] Segfault verifying program containing `new`

Open fbrausse opened this issue 1 year ago • 15 comments

I'm getting a segmentation fault when running ESBMC on

#include <memory>

int main()
{
	int *p = new int;
}

fbrausse avatar Mar 10 '23 14:03 fbrausse

@kunjsong01: @brcfarias will work on this issue. Is that okay for you?

lucasccordeiro avatar May 17 '23 15:05 lucasccordeiro

@lucasccordeiro sure, thanks

kunjsong01 avatar May 17 '23 15:05 kunjsong01

I have assigned this issue to @brcfarias.

lucasccordeiro avatar May 17 '23 15:05 lucasccordeiro

I have submitted a first part of the fix in #1045.

brcfarias avatar May 28 '23 12:05 brcfarias

Closed via https://github.com/esbmc/esbmc/pull/1045.

lucasccordeiro avatar May 30 '23 07:05 lucasccordeiro

@kunjsong01, After merging #1045 we are crashing due to the abort() on this line It is possible to reproduce with the following snippet:

struct Foo {
  virtual void bar();
};

int main(void) {
    return 0;
}

If we don't declare the method as virtual the problem doesn't occur. Could you confirm wheter declaring as virtual should make difference considering that the definition is not avaiable?

brcfarias avatar Jun 05 '23 19:06 brcfarias

We could relax our constraints here.

GCC and Clang do not abort or give a warning message because The virtual method isn't pure virtual and hasn't a method implementation.

@kunjsong01: what do you think?

lucasccordeiro avatar Jun 06 '23 06:06 lucasccordeiro

We could relax our constraints here.

GCC and Clang do not abort or give a warning message because The virtual method isn't pure virtual and hasn't a method implementation.

@kunjsong01: what do you think?

sounds like the way to go, and worth a try.

BTW, @brcfarias just a quick confirmation regarding #include <memory> --- did you include the ESBMC's C++ operational models in the command? something like "-I <path_to_library>/library" where library refers to https://github.com/esbmc/esbmc/tree/master/src/cpp/library.

kunjsong01 avatar Jun 06 '23 06:06 kunjsong01

Did you include the ESBMC's C++ operational models in the command? something like "-I <path_to_library>/library"

I was not using this parameter.

brcfarias avatar Jun 06 '23 10:06 brcfarias

@brcfarias for C++ verification we usually use "-I <path_to_library>/library" so that we can use the ESBMC's C++ OMs instead of the original libraries

kunjsong01 avatar Jun 06 '23 13:06 kunjsong01

Reopening since the test case still doesn't pass. See also #1060.

fbrausse avatar Jun 20 '23 13:06 fbrausse

@brcfarias: can I ask you for the status of this issue?

lucasccordeiro avatar Jan 22 '24 16:01 lucasccordeiro

There is no segmentation fault now for this issue after integrating https://github.com/esbmc/esbmc/pull/1636.

@XLiZHI: can I ask you to check this issue? We might be missing the memory OM here.

lucasccordeiro avatar Feb 01 '24 20:02 lucasccordeiro

@XLiZHI: can I ask you to check this issue? We might be missing the memory OM here.

The issue is now in OM memory (PARSING ERROR) and I think we have two ways to resolve it, maintain it or use the standard library after improving the frontend.

XLiZHI avatar Feb 02 '24 04:02 XLiZHI

Many thanks, @XLiZHI.

We have a common agreement that we must improve our Clang C++ front end first. Let's focus on the issues that will enhance our Clang C++ frontend.

lucasccordeiro avatar Feb 04 '24 20:02 lucasccordeiro

fixed by #1685

XLiZHI avatar Apr 03 '24 21:04 XLiZHI