Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong handling of global pointers in constant structs #49

Open
danblitzhou opened this issue Oct 10, 2019 · 3 comments
Open

Wrong handling of global pointers in constant structs #49

danblitzhou opened this issue Oct 10, 2019 · 3 comments
Assignees
@caballa
Labels
bug

Comments

@danblitzhou
Copy link
Contributor

Consider the following llvm program:

source_filename = "/tmp/st.c"
target datalayout = "e-m:o-p:32:32-f64:32:64-f80:128-n8:16:32-S128"
target triple = "i386-apple-macosx10.13.0"

%struct.s = type { i16*, i32 } ; struct with a ptr to i16 and a i32 int
@g.ptr =  internal unnamed_addr global i16 42, align 4
declare void @verifier.assume.not(i1)
declare void @seahorn.fail()


; Function Attrs: noreturn
declare void @verifier.error() #0

; Function Attrs: noinline nounwind ssp uwtable
define i32 @main() local_unnamed_addr #2 {
entry:
  %v1 = load i16, i16* @g.ptr
  %v2.p = extractvalue %struct.s {i16* @g.ptr, i32 0}, 0
  %v2 = load i16, i16* %v2.p
  %cond = icmp eq i16 %v1, %v2
  call void @verifier.assume.not(i1 %cond)
  br label %verifier.error

verifier.error:                                   ; preds = %entry
  call void @seahorn.fail()
  br label %verifier.error.split

verifier.error.split:                             ; preds = %verifier.error
  ret i32 42
}

attributes #0 = { noreturn }
attributes #1 = { argmemonly nounwind }
attributes #2 = { noinline nounwind ssp uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="penryn" "target-features"="+cx16,+fxsr,+mmx,+sse,+sse2,+sse3,+sse4.1,+ssse3,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #3 = { nounwind }

!llvm.module.flags = !{!0, !1, !2}
!llvm.ident = !{!3}

!0 = !{i32 1, !"NumRegisterParameters", i32 0}
!1 = !{i32 1, !"wchar_size", i32 4}
!2 = !{i32 7, !"PIC Level", i32 2}
!3 = !{!"clang version 5.0.2 (tags/RELEASE_502/final)"}

g.ptr must alias v2.p, but sea-dsa says it does not.
Seems like the initialization of constant struct is ignored.
For convenience, the memory graph looks like this:

digraph unnamed {
        graph [center=true, ratio=true, bgcolor=lightgray, fontname=Helvetica];
        node  [fontname=Helvetica, fontsize=11];

        Node0x1516560 [shape=record,label="{\{0:i16\}:R}"];
        Node0x152a240 [shape=record,label="{\{0:i16*\}:R|{<s0>\<0, i16*\>}}"];
        Node0x152af40 [shape=record,label="{\{0:i16\}:SR}"];
        Node0x15120e8 [shape=plaintext, label ="v2.p"];
        Node0x15120e8 -> Node0x152af40[arrowtail=tee,label="0",fontsize=8,color=purple];
        Node0x1511ea0 [shape=plaintext, label ="%struct.s \{ i16* @g.ptr, i32 0 \}"];
        Node0x1511ea0 -> Node0x152a240[arrowtail=tee,label="0",fontsize=8,color=purple];
        Node0x1510f68 [shape=plaintext, label ="g.ptr"];
        Node0x1510f68 -> Node0x1516560[arrowtail=tee,label="0",fontsize=8,color=purple];
        Node0x152a240:s0 -> Node0x152af40[arrowtail=tee,label="0, i16*",fontsize=8];
}
@caballa
Copy link
Contributor

caballa commented Oct 10, 2019

The points-to graph that you attach is the one i would expect.
Why do you think that g.ptr and v2.p should alias?

@agurfinkel
Copy link
Contributor

because they both resolve to @g.ptr

@caballa
Copy link
Contributor

caballa commented Oct 10, 2019

OK, I see it now.

danblitzhou added a commit to danblitzhou/seahorn that referenced this issue Oct 18, 2019
@danblitzhou
[opsem]properly evaluate global pointer in constant struct;
a685172 
note: directly evaluating a global in a constant struct like this:
%struct.s = type { i16*, i32 } ; struct with a ptr to i16 and a i32 int
@g.ptr =  internal unnamed_addr global i16 42, align 4
%v2.p = extractvalue %struct.s {i16* @g.ptr, i32 0}, 0
will not work due to a memory analysis issue in seadsa: seahorn/sea-dsa#49
agurfinkel pushed a commit to seahorn/seahorn that referenced this issue Oct 18, 2019
@danblitzhou @agurfinkel
[opsem]properly evaluate global pointer in constant struct;
473aae5 
note: directly evaluating a global in a constant struct like this:
%struct.s = type { i16*, i32 } ; struct with a ptr to i16 and a i32 int
@g.ptr =  internal unnamed_addr global i16 42, align 4
%v2.p = extractvalue %struct.s {i16* @g.ptr, i32 0}, 0
will not work due to a memory analysis issue in seadsa: seahorn/sea-dsa#49
@caballa caballa added the bug label Nov 7, 2019
@caballa caballa self-assigned this Nov 7, 2019
caballa added a commit that referenced this issue Nov 7, 2019
@caballa
Add test cases for bug reported in issue #49
109ae43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caballa caballa

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caballa @agurfinkel @danblitzhou