Skip to content

Unsoundness for comparing pointers to malloced values #316

Closed
#345
Closed
Unsoundness for comparing pointers to malloced values#316
#345
Assignees
sim642
Labels
bugunsound
@michael-schwarz

Description

@michael-schwarz
michael-schwarz
opened on Aug 8, 2021

While fiddling around with #310, I discovered this issue:

#include<stdlib.h>
#include<stdint.h>

void* malloc_2(size_t s) {
    return malloc(s);
}

int main() {
    int* ptr1 = malloc_2(sizeof(int));
    int* ptr2 = malloc_2(sizeof(int));

    // This is technically UB (comparing unrelated pointers)
    assert(ptr1==ptr2);

    // CIL turn this into the following, that is not UB and will fail in the concrete
    // Goblint claims that this holds
    assert((unsigned long) ptr1 == (unsigned long) ptr2); // UNKNOWN!
    
    // Here, we do not claim it holds, as we cast our abstract values to the type for ints on assignment
    int i1 =  (int)ptr1;
    int i2 =  (int)ptr2;
    assert(i1 == i2);

    return 0;
}

Not sure how high priority fixing this is, but I think it is definitely worth having an issue for it. This could be fixed quite easily once we have uniqueness information.

Metadata

Metadata

Assignees

Labels

bugunsound

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions