Improve the value domain to keep track of integer sets #129

arthaud · 2019-07-09T22:02:54Z

On the following code:

int main() {
    const int indexes[5] = {2, 0, 4, 1, 3};
    int array[5];

    for (int i = 0; i < 5; i++) {
        int index = indexes[i];
        array[index] = index;
    }

    return 0;
}

IKOS produces the following warning:

test.c:7:22: warning: possible buffer overflow, could not bound index for access of local variable 'array' of 5 elements
        array[index] = index;
                     ^

To remove this warning, the analysis needs to bound all the integers stored in the indexes array. It could infer that indexes[i] is in [0, 4] and prove that the array access is safe.

The text was updated successfully, but these errors were encountered:

arthaud · 2019-07-10T22:45:38Z

This could be implemented in the memory domain by adding a map from memory locations to a value set abstraction.

This is already implemented for pointers with the _pointer_sets map.

This false positive appears in our benchmarks:

2 times in aeroquad
5 times in gen2

arthaud added C-false-positive Category: False Positive L-c Language: C P-medium Priority: Medium C-feature-request Category: Feature Request labels Jul 9, 2019

arthaud mentioned this issue Aug 5, 2019

Improve the uninitialized variable analysis #99

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve the value domain to keep track of integer sets #129

Improve the value domain to keep track of integer sets #129

arthaud commented Jul 9, 2019

arthaud commented Jul 10, 2019 •

edited

Improve the value domain to keep track of integer sets #129

Improve the value domain to keep track of integer sets #129

Comments

arthaud commented Jul 9, 2019

arthaud commented Jul 10, 2019 • edited

arthaud commented Jul 10, 2019 •

edited