Skip to content

Detect Array out of bounds#257

Merged
sim642 merged 106 commits intogoblint:masterfrom
vandah:array_oob
Aug 24, 2021
Merged

Detect Array out of bounds#257
sim642 merged 106 commits intogoblint:masterfrom
vandah:array_oob

Conversation

@Wherekonshade
Copy link
Copy Markdown
Contributor

@Wherekonshade Wherekonshade commented Jun 17, 2021

This PR fixes #198
We introduced detection for out of bounds accesses in arrays. This works for both statically and dynamically sized arrays. With interval analysis enabled we can also properly detect out of bounds accesses inside for loops or other constructs taken into account by the interval analysis.
We added regression tests for the following cases:

  • basic
  • pointer
  • multidimensional
  • dynamically sized
  • pointer to arrays of different sizes
  • arrays within structures

The warnings fall into the behavior category and in the new warning system, they can be disabled with --disable dbg.warn.behavior along with other Behavior warnings.
The warnings are also tagged as May/Must according to the certainty with which we know that the situation occurs.
The warning can also specify if the access happened PastEnd, BeforeStart or Unknown

EdinCitaku and others added 30 commits May 10, 2021 13:26
@EdinCitaku
added out of bound check for idx => array length
2c4e7bc
@EdinCitaku
added regression tests, also minor fix up to the array out of bounds …
e656bb4 
…check
@EdinCitaku
Added documentation and minor fixup
611b3e7
@EdinCitaku
edited regression test
0568aca
@Wherekonshade
flag check in arraydomain
2cd9cc5
@Wherekonshade
default flag added
cbbc4e0
@Wherekonshade
flag changed to analyses category
e2aa452
@vandah
zero check + formatting for ocp-indent
4e8840c
@vandah
enable arrayoob option in the regression test
89f7bfb
@Wherekonshade
arrayoob pointer test added
9c6b5b7
@Wherekonshade
multidimensional arrayoob test added
b2746b0
@Wherekonshade
dynamically sized array oob access test added
ed1f9ec
@Wherekonshade
pointer pointing to arrays of different sizes
3d3c95d
@Wherekonshade
array oob access test for arrays within structures added
e7f2a5d
@vandah
ocp-indent base.ml
f962c7e
@vandah
interval fix
cf47944
@EdinCitaku
fix regression tests by adding appropriate params
52114e7
@Wherekonshade
removed uninit param
ad03f58
@Wherekonshade
fixed mistake in 26/08 test
6b170cc
@EdinCitaku
fix
8f9e434
@EdinCitaku
Merge branch 'arrayoob-zerocheck' of github.com:vandah/analyzer into …
e3a8288 
…arrayoob-zerocheck
@Wherekonshade
quickfix 26/08
a5241c2
@Wherekonshade
yet another 26/08 fix
e369b22
@vandah
differentiate more types of warnings
1b9296e 
- must vs may
- before array vs past array end
@vandah
arrayoob - refactor local variables
58317dc
@vandah
warning message typo
a010e5a
@vandah
fix test files for 26/06 and 26/08
99bd7f2
@vandah
fix tests
b01f794
@Wherekonshade
naming
564e6a6
@Wherekonshade
added NOWARNs
cb2398c
jerhard
jerhard reviewed Jul 1, 2021
View reviewed changes
Wherekonshade and others added 24 commits July 1, 2021 11:25
@Wherekonshade
Cleanup
8b15ad1
@vandah
warn -> warn_at, warn_filter -> warn
9e71887
@vandah
remove commented out code from messages.ml
049337b
@vandah
make certainty an optional parameter
19c29cc 
also renames Warning -> WarningWithCertainty and WarnType -> Warning
@vandah
really nested warning types
ac256d7
@vandah
add create functions to submodules
7f4088a 
also remove the array type because arrayoob is under UB
@vandah
complete the removal of the Array type of warning
4403b56
@vandah
Merge branch 'master' into warnings_rework
0617b88
@vandah
use parameters of Integer and Cast
2b23f15 
also uses concatenation instead of redundant sprintf
@vandah
remove testing warning
c8b7097
@vandah
move to_string inside should_warn
c4eb3ad 
and replace unused parameters with `_`
@vandah
M.report -> M.warn_each
3132fc8 
also adds optional location to warn_each
@vandah
add [Warning] tag to all warnings
4bc586f 
this eliminates the need to specify the regexes separately in
update_suite.rb
later it would probably be nice if the categories were parsed and
checked there

also changes formatting of the warning tags
@vandah
remove [Warning] tag from Debug
a58eac7
@Wherekonshade
merge warnings rework
191934f
@vandah
updated warning syntax
6838149
@vandah
parse warning types from spec analysis
b57e08f
@vandah
make warning an optional argument
6cc42d2 
also adds optional msg argument and removes string params from unknown
and debug
@vandah
try to fix warn calls also in comments
92b8d73
@vandah
revert irrelevant change in regtests
830bb9c
@vandah
remove category string from spec warns
73cec78
@vandah
warnings documentation
843ed01
@vandah
Merge branch 'warnings_rework' into array_oob
dbff7ce
@vandah
new correct syntax for warnings
d2c40f3
@sim642 sim642 merged commit a7ef19f into goblint:master Aug 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sim642 sim642 sim642 left review comments

@vogler vogler vogler left review comments

@jerhard jerhard jerhard left review comments

@felihong felihong Awaiting requested review from felihong

@hydrogenoxide hydrogenoxide Awaiting requested review from hydrogenoxide

@MartinWehking MartinWehking Awaiting requested review from MartinWehking

@nicokn nicokn Awaiting requested review from nicokn

+1 more reviewer

@vandah vandah vandah left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

practical-course Practical Course at TUM student-job

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Detect Array out of bounds

7 participants

@Wherekonshade @sim642 @vogler @jerhard @vandah @michael-schwarz @EdinCitaku