-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Emit
dead
goto-instructions on MIR StatementDead (#3063)
This commit adds a new `Dead` goto-instruction that gets codegened whenever Kani sees a MIR `StatementDead` statement. This new goto instruction corresponds to the CBMC [code_deadt]( https://diffblue.github.io/cbmc/classcode__deadt.html) statement that marks the point where a local variable goes out of scope. This new instruction is needed to detect invalid accesses of dead local variables. The commit also codegens a CBMC `Decl` instruction upon seeing a MIR StatementLive. This ensures that variables that go out of scope at the end of a loop are not falsely marked as having a dead dereference when they are accessed on the next loop iteration. Resolves #3061. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.
- Loading branch information
Showing
20 changed files
with
65 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
coverage/reachable/assert-false/main.rs, 6, FULL | ||
coverage/reachable/assert-false/main.rs, 7, FULL | ||
coverage/reachable/assert-false/main.rs, 11, FULL | ||
coverage/reachable/assert-false/main.rs, 12, FULL | ||
coverage/reachable/assert-false/main.rs, 15, FULL | ||
coverage/reachable/assert-false/main.rs, 11, PARTIAL | ||
coverage/reachable/assert-false/main.rs, 12, PARTIAL | ||
coverage/reachable/assert-false/main.rs, 15, PARTIAL | ||
coverage/reachable/assert-false/main.rs, 16, FULL | ||
coverage/reachable/assert-false/main.rs, 17, PARTIAL | ||
coverage/reachable/assert-false/main.rs, 19, FULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
coverage/reachable/assert/reachable_pass/test.rs, 6, FULL | ||
coverage/reachable/assert/reachable_pass/test.rs, 7, FULL | ||
coverage/reachable/assert/reachable_pass/test.rs, 7, PARTIAL | ||
coverage/reachable/assert/reachable_pass/test.rs, 8, FULL | ||
coverage/reachable/assert/reachable_pass/test.rs, 10, FULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
coverage/reachable/bounds/reachable_fail/test.rs, 5, PARTIAL | ||
coverage/reachable/bounds/reachable_fail/test.rs, 6, NONE | ||
coverage/reachable/bounds/reachable_fail/test.rs, 10, FULL | ||
coverage/reachable/bounds/reachable_fail/test.rs, 10, PARTIAL | ||
coverage/reachable/bounds/reachable_fail/test.rs, 11, NONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
coverage/reachable/div-zero/reachable_fail/test.rs, 5, PARTIAL | ||
coverage/reachable/div-zero/reachable_fail/test.rs, 6, NONE | ||
coverage/reachable/div-zero/reachable_fail/test.rs, 10, FULL | ||
coverage/reachable/div-zero/reachable_fail/test.rs, 10, PARTIAL | ||
coverage/reachable/div-zero/reachable_fail/test.rs, 11, NONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
coverage/reachable/overflow/reachable_fail/test.rs, 8, PARTIAL | ||
coverage/reachable/overflow/reachable_fail/test.rs, 9, FULL | ||
coverage/reachable/overflow/reachable_fail/test.rs, 13, FULL | ||
coverage/reachable/overflow/reachable_fail/test.rs, 14, FULL | ||
coverage/reachable/overflow/reachable_fail/test.rs, 14, PARTIAL | ||
coverage/reachable/overflow/reachable_fail/test.rs, 15, NONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
coverage/reachable/rem-zero/reachable_fail/test.rs, 5, PARTIAL | ||
coverage/reachable/rem-zero/reachable_fail/test.rs, 6, NONE | ||
coverage/reachable/rem-zero/reachable_fail/test.rs, 10, FULL | ||
coverage/reachable/rem-zero/reachable_fail/test.rs, 10, PARTIAL | ||
coverage/reachable/rem-zero/reachable_fail/test.rs, 11, NONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
coverage/unreachable/assert_eq/test.rs, 6, FULL | ||
coverage/unreachable/assert_eq/test.rs, 7, FULL | ||
coverage/unreachable/assert_eq/test.rs, 8, FULL | ||
coverage/unreachable/assert_eq/test.rs, 8, PARTIAL | ||
coverage/unreachable/assert_eq/test.rs, 9, NONE | ||
coverage/unreachable/assert_eq/test.rs, 11, FULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
coverage/unreachable/assert_ne/test.rs, 6, FULL | ||
coverage/unreachable/assert_ne/test.rs, 7, FULL | ||
coverage/unreachable/assert_ne/test.rs, 8, FULL | ||
coverage/unreachable/assert_ne/test.rs, 10, FULL | ||
coverage/unreachable/assert_ne/test.rs, 10, PARTIAL | ||
coverage/unreachable/assert_ne/test.rs, 11, NONE | ||
coverage/unreachable/assert_ne/test.rs, 14, FULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
coverage/unreachable/tutorial_unreachable/main.rs, 6, FULL | ||
coverage/unreachable/tutorial_unreachable/main.rs, 7, FULL | ||
coverage/unreachable/tutorial_unreachable/main.rs, 8, FULL | ||
coverage/unreachable/tutorial_unreachable/main.rs, 8, PARTIAL | ||
coverage/unreachable/tutorial_unreachable/main.rs, 9, NONE | ||
coverage/unreachable/tutorial_unreachable/main.rs, 11, FULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
SUCCESS\ | ||
address must be a multiple of its type's alignment | ||
FAILURE\ | ||
unsafe { *raw_ptr } == 10 | ||
SUCCESS\ | ||
pointer NULL | ||
SUCCESS\ | ||
pointer invalid | ||
SUCCESS\ | ||
deallocated dynamic object | ||
FAILURE\ | ||
dead object | ||
SUCCESS\ | ||
pointer outside object bounds | ||
SUCCESS\ | ||
invalid integer address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
// Copyright Kani Contributors | ||
// SPDX-License-Identifier: Apache-2.0 OR MIT | ||
// | ||
// This test checks an issue reported in github.com/model-checking/kani#3063. | ||
// The access of the raw pointer should fail because the value being dereferenced has gone out of | ||
// scope at the time of access. | ||
|
||
#[kani::proof] | ||
pub fn check_invalid_ptr() { | ||
let raw_ptr = { | ||
let var = 10; | ||
&var as *const _ | ||
}; | ||
|
||
// This should fail since it is de-referencing a dead object. | ||
assert_eq!(unsafe { *raw_ptr }, 10); | ||
} |