ebpf-verifier icon indicating copy to clipboard operation
ebpf-verifier copied to clipboard
verified publisher icon vbpf

The widening operator causes termination issues

Open Maxime-Derri opened this issue 1 month ago • 4 comments

I encountered a case where the widening operator returns an empty abstract state (bottom), leading the verifier to loop indefinitely.

A test is provided ex_widening.zip:

  • section: xdp
  • function: crossing_64_bit_signed_boundary_1

Note that in previous versions, probably before the introduction of the separated type domain, the test was accepted.

Maxime-Derri avatar Nov 27 '25 14:11 Maxime-Derri

For debugging, you can add a print before and after the extrapolate() function to check that the invariant is bottom.

Maxime-Derri avatar Nov 27 '25 14:11 Maxime-Derri

Do you know if this is distinct from #783?

elazarg avatar Nov 27 '25 16:11 elazarg

Hmm I didn't tested this issue

Maxime-Derri avatar Nov 27 '25 16:11 Maxime-Derri

In the issue you mentionned, Alan Jowett said that the verifier hang for 10min and assertions where checked after the invariant computation meaning that the verifier found an invariant? Here the abstract state is bottom.

Maxime-Derri avatar Nov 27 '25 16:11 Maxime-Derri