analyzer icon indicating copy to clipboard operation
analyzer copied to clipboard

Published 20 hours ago verified publisher icon goblint

Writing through pointer of differently sized type

Open stilscher opened this issue 3 years ago • 4 comments

In the following example an integer is written through a char pointer. The following assert should fail, because only part of the integer value was overwritten. But currently the assert succeeds and this should be fixed.

https://github.com/goblint/analyzer/blob/59d7885d2dd62b451bc8db2a089d7a9550c3da2a/tests/regression/02-base/74-int-written-with-char-pointer.c#L1-L9

This example has been added as regression test on this branch.

stilscher avatar Jan 31 '22 09:01 stilscher

I guess while //FAIL is ideal, we'd be happy with //UNKNOWN! too here.

michael-schwarz avatar Jan 31 '22 09:01 michael-schwarz

Now this seems tricky because we'll somehow have to keep track of the casts and do something special. We already perform a cast from char to int at that write, but since the value is in bounds, int domains just keep the 65 because that's what a cast normally would do. Instead we somehow need to invalidate it.

sim642 avatar Jan 31 '22 13:01 sim642

Yes, I think we can not just ignore the type of the left-hand side anymore and just go based off the address.

michael-schwarz avatar Jan 31 '22 15:01 michael-schwarz

This point came up again in a discussion with @vesalvojdani regarding all the things that addresses and their offsets, including #816. It seems that our addresses need to be typed.

sim642 avatar Aug 08 '22 11:08 sim642