symbiotic icon indicating copy to clipboard operation
symbiotic copied to clipboard

Published 20 hours ago verified publisher icon staticafi

More descriptive error traces

Open lzaoral opened this issue 3 years ago • 3 comments

I've following suggestions for rewording of current error traces emitted by klee.

  • All error traces that contain info about the origin of the allocated memory are only pointing to the executed LLVM IR: 
    Info:
    address: 82:0
    pointing to: object at Segment: [82] of size 16
        MO71[16] allocated at main():  %9 = call noalias i8* @malloc(i64 16) #3, !dbg !18
    It would be definitely useful to extend this with location info pointing to the original sources as well.
  • freeing stack memory is reported as free of alloca which suggests that the memory was explicitly allocated by alloca(3) which is generally not true. I suggest something like memory error: free of address on stack if the alloca(3) wasn't involved.
  • freeing invalid memory is reported as memory error: invalid pointer: free which suggests that there's something wrong with an invalid pointer named free. memory error: invalid pointer passed to free would be better.
  • memory error: out of bound pointer -> something like memory error: dereference of out-of-bound pointer as "just" having a pointer to invalid memory is not generally UB.
  • Integer overflow bugs are reported as follows:
    • location in input sources is missing
    • the message itself does not mention overflow at all
    Error: ASSERTION FAIL: __VERIFIER_error called
Stack:
    #000000042 in __INSTR_check_add_i32 (=2147483647, =10)
    #100000024 in main (=1, =0) at /home/lukas/rpm-symbiotic/tests/overflows/4/main.c:5
  • Generally traces that fail on __VERIFIER_error could say what was the actual assertion that failed (the integer overflow above is just one example) as the current trace itself is not sufficient: 
    Error: ASSERTION FAIL: verifier assertion failed
File: /opt/symbiotic/lib/verifier/klee/__VERIFIER_error.c
Line: 9
assembly.ll line: 13
Stack:
    #000000013 in __VERIFIER_error () at /opt/symbiotic/lib/verifier/klee/__VERIFIER_error.c:9
    #100000081 in main (=1, =0) at /home/lukas/rpm-symbiotic/tests/undefined/2/main.c:4

lzaoral avatar Aug 26 '21 11:08 lzaoral

I started to look into the first issue so that we use the linked location info in the traces:

MO71[16] allocated at main():  %9 = call noalias i8* @malloc(i64 16) #3, !dbg !18

and there is a problem if the instruction is an alloca because sbt-slicer removes the corresponding llvm.dbg.declare so the link between the instruction and debug info is lost. @mchalupa is there any way to convince the slicer to preserve the llvm.dbg.* instructions?

lzaoral avatar Oct 14 '21 11:10 lzaoral

@mchalupa is there any way to convince the slicer to preserve the llvm.dbg.* instructions?

Not a one that is implemented, but there is a way: we may set llvm.dbg.* instructions as dependencies of the instructions to which they are related. That is actually something that I was contemplating to do in the past, because we have already ran into some issues caused by missing dbg instructions.

mchalupa avatar Oct 14 '21 13:10 mchalupa

The unfinished work for allocation origins in a form of a patch is here: https://gist.github.com/lzaoral/b2d90972e651d14286c10b744b12e912

lzaoral avatar Feb 19 '23 15:02 lzaoral