Simmo Saan

icon indicating a website link https://sim642.eu icon indicating an email [email protected]

icon company University of Tartu icon location Estonia icon location PhD student: static program analysis, programming languages

Results 346 issues of Simmo Saan

Float domain ill-typed program crash on concrat/Mirai-Source-Code

2 comment

The following snippet, extracted from concrat/Mirai-Source-Code, crashes Goblint: ```c // PARAM: --enable ana.float.interval // Extracted from concrat/Mirai-Source-Code. extern int ( /* missing proto */ ceil)() ; int main() { int...

bug
benchmarking

Atomic operations support

1 comment

There are multiple families of atomic operations: - [ ] GCC `__sync` builtins: https://gcc.gnu.org/onlinedocs/gcc/_005f_005fsync-Builtins.html. - [ ] C11: https://en.cppreference.com/w/c/thread#Atomic_operations. There are three aspects in which to improve precision: - [...

feature
student-job
sv-comp
precision
benchmarking
c11
good first issue

Spurious type-based races for deep accesses to unknown pointers

1 comment

## Example ### Program ```c // PARAM: --set lib.activated[+] zlib #include #include void *t_fun(void *arg) { z_stream stream; inflateInit2(&stream, 32 + 15); return NULL; } int main(void) { pthread_t id;...

bug
precision
benchmarking

Too much time spent on reachability computations

## Problem ```console ./goblint ../goblint-bench/concrat/AirConnect/main.c -v --conf conf/examples/large-program.json ``` eventually terminates with ``` cputime walltime allocated count Default 394.815s 395.628s 522171.44MB 1× preprocess 0.055s 0.053s 0.02MB 1× FrontC 0.147s 0.149s...

performance
benchmarking

Convert all library functions to new specifications

Library activations (#1028) won't be precise until all of the old-style things are converted to new ones in appropriate groups: https://github.com/goblint/analyzer/blob/bcb4de29e22885570ba82f7ec9cee2e661854b7a/src/analyses/libraryFunctions.ml#L359-L400 https://github.com/goblint/analyzer/blob/bcb4de29e22885570ba82f7ec9cee2e661854b7a/src/analyses/libraryFunctions.ml#L500-L980 _Originally posted by @sim642 in https://github.com/goblint/analyzer/pull/996#discussion_r1143067617_

cleanup
precision
good first issue

Goblint-special functions for printing abstract state and expression values

In large programs (like zstd), it's rather inconvenient to check abstract states using g2html, etc, because it takes forever to produce that additional output on top of the already long...

feature
benchmarking
debugging
good first issue

Analysis coverage reports

3 comment

In larger programs and real-world projects it's often difficult to know whether a certain part of code was actually analyzed or not. Dead code warnings provide only partial information because...

feature
usability
student-job
unsound-usability

Precise `strdup`

6 comment

Currently `strdup` (and `strndup`) return an unknown pointer, which can make things very imprecise. Instead we should: - [ ] Return a pointer to freshly allocated memory, the same way...

feature
student-job
precision
good first issue

Duplication in prefix-type­ suffix race warnings

Suppose: ```c struct S { char* f; char* g; }; ``` If an access to type suffix `(char*)` races with an access to prefix `(struct S)`, then this is reported...

usability

Semaphore support

#800 and #1073 add multiplicity tracking for recursive mutexes. Maybe we could just reuse those abstract counters for semaphores as well.

precision
benchmarking