Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bitfield Domain #1623

Draft
wants to merge 146 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
146 commits
Select commit Hold shift + click to select a range
9b0002f
initial tests
ManuelLerchner Oct 23, 2024
582630c
implement first bad solution
ManuelLerchner Oct 23, 2024
3042aae
begin int domain rewrite to include bitfield
ManuelLerchner Oct 27, 2024
a609f3d
fix bitfield domain
ManuelLerchner Oct 29, 2024
696c110
Draft of incredibly messy impls of bitfield shift operations that nee…
iC4rl0s Nov 4, 2024
0630662
some bug fixes
Nov 4, 2024
fd89907
implemented add, sub and mul
Nov 4, 2024
8a91829
reverted some changes due to incorrect implementations
Nov 5, 2024
5c0fdbb
optimized shifts that concretize the shifting constants from an abstr…
iC4rl0s Nov 5, 2024
087d4a9
minor bug in max_shift
iC4rl0s Nov 5, 2024
0116023
comparison bug in max_shift
iC4rl0s Nov 5, 2024
03961c0
begin overflow handling
ManuelLerchner Nov 7, 2024
d42b989
separation of break_down into break_down_to_const_bitfields and break…
iC4rl0s Nov 7, 2024
6a26669
clean up; begin other methods
ManuelLerchner Nov 7, 2024
05b3d8e
format
ManuelLerchner Nov 8, 2024
27c9876
make it more functional. untested
iC4rl0s Nov 8, 2024
ca7c040
bug fix: Bitfields with z set to zero missed
iC4rl0s Nov 8, 2024
1338d65
Implementation of arithmetic operators (including neg) (#8)
AdrianKrauss Nov 12, 2024
447db3d
fix comments
ManuelLerchner Nov 12, 2024
3a00c0b
Merge branch 'master' into overflow-handling
ManuelLerchner Nov 12, 2024
89294a9
delete bitfield ml
ManuelLerchner Nov 12, 2024
c78510b
fix
ManuelLerchner Nov 12, 2024
ec166cb
Merge pull request #5 from ManuelLerchner/overflow-handling
ManuelLerchner Nov 12, 2024
1adccde
hotfix refinements
ManuelLerchner Nov 12, 2024
2e05197
.
Draggon01 Nov 12, 2024
897d6a2
bitfield shifts pr ready
iC4rl0s Nov 12, 2024
7d5913a
Merge branch 'master' into bitfield-shifts. Doesnt compile yet
ManuelLerchner Nov 12, 2024
257cc5b
added norm to almost every function which usess ikind
Nov 12, 2024
24b3719
added correct fil and deleted test file
Nov 12, 2024
cbfbf28
bug fix: signedness with right shift considered
iC4rl0s Nov 12, 2024
87b0189
Merge branch 'bitfield-shifts' of github.com:ManuelLerchner/analyzer …
iC4rl0s Nov 12, 2024
ff8c4c7
refine hotfix2
ManuelLerchner Nov 14, 2024
d405853
Revert "refine hotfix2"
ManuelLerchner Nov 14, 2024
ffc7285
refine hotfix2
ManuelLerchner Nov 14, 2024
5ec64ad
restore refine with congruence, as it was lost during merging
ManuelLerchner Nov 14, 2024
8cd7e62
Merge branch 'master' into 10-extend-norm-to-arithmetic-operations
ManuelLerchner Nov 14, 2024
a31dc67
intDomain.ml is compilable
iC4rl0s Nov 15, 2024
28d9db0
Avoiding unnecessary computation when min{b} > ceil(log2 max{a}) in s…
iC4rl0s Nov 16, 2024
6177b13
begin first unit tests
ManuelLerchner Nov 18, 2024
8e8b9cb
add simple shift unit tests
Draggon01 Nov 18, 2024
ed56bd8
Merge branch 'master' into bitfield-shifts
Draggon01 Nov 18, 2024
9ae2b8f
base test impl
Draggon01 Nov 19, 2024
874e1ed
merge unit tests
Draggon01 Nov 19, 2024
5ce8db7
add simple tests
Draggon01 Nov 19, 2024
4170f7f
fix small bug in constant shifting expecting isSigned ik to check if …
Draggon01 Nov 19, 2024
cd1bd06
Merge pull request #14 from ManuelLerchner/unit-tests
ManuelLerchner Nov 19, 2024
5eafd97
Merge pull request #12 from ManuelLerchner/bitfield-shifts
ManuelLerchner Nov 19, 2024
811590d
added bitfield to quickcheck
Nov 19, 2024
6999a20
two bug fixes
Nov 19, 2024
9f72163
Merge branch 'master' into 10-extend-norm-to-arithmetic-operations
ManuelLerchner Nov 19, 2024
c660277
Merge pull request #13 from ManuelLerchner/10-extend-norm-to-arithmet…
ManuelLerchner Nov 19, 2024
146d858
hotfix compilationn
ManuelLerchner Nov 19, 2024
55bc2b3
Merge branch 'master' into Add-tests
AdrianKrauss Nov 19, 2024
90e1e99
Merge pull request #15 from ManuelLerchner/Add-tests
ManuelLerchner Nov 19, 2024
6a32e42
hotfix compilation again
ManuelLerchner Nov 19, 2024
47b7a56
hotfix name clash after merge
ManuelLerchner Nov 19, 2024
5606e67
logand fix
ManuelLerchner Nov 19, 2024
8b1fbfc
bug fixes for arith ops
Nov 19, 2024
4bf31cc
fixed norm
Nov 19, 2024
0b4b4a1
is_invalid and mul fix
Nov 19, 2024
15520a8
assertion function for shifts
iC4rl0s Nov 19, 2024
d55eab5
bug fix in get_bit and further tests that lead to fails
iC4rl0s Nov 19, 2024
6562161
clean up
ManuelLerchner Nov 19, 2024
2aa27f8
fix compile warnings
ManuelLerchner Nov 19, 2024
ad5f6f8
format
ManuelLerchner Nov 19, 2024
cfa0091
improve arbitrary
ManuelLerchner Nov 19, 2024
98a2d24
Merge branch 'quickcheck-fixes' of github.com:ManuelLerchner/analyzer…
ManuelLerchner Nov 19, 2024
5914695
fix bug after merge
ManuelLerchner Nov 19, 2024
4a542be
Merge branch 'goblint:master' into master
ManuelLerchner Nov 19, 2024
15f7abe
changed narrow and added unit tests for arith ops
Nov 21, 2024
f9f7fce
add some regression tests
ManuelLerchner Nov 24, 2024
1b6459d
reworked bitfield shifts, infix operators and some simple tests. sign…
iC4rl0s Nov 25, 2024
31def4b
shift a b = zero when min{b} >= ceil(log (Size.bit ik))
iC4rl0s Nov 25, 2024
2ba8f38
negative shifts are undefined
iC4rl0s Nov 25, 2024
b6762af
bugfix: zero bits for lsb bitmask
iC4rl0s Nov 25, 2024
b6ee7fa
refactored min and max
Nov 25, 2024
a933c4e
Merge remote-tracking branch 'refs/remotes/origin/quickcheck-fixes' i…
Nov 26, 2024
e2366ff
added infix to all functions
Nov 26, 2024
addda52
extract tuple 6 from intDomain file
Draggon01 Nov 26, 2024
29bcca1
bugfix: shift_right did not shift right
iC4rl0s Nov 26, 2024
7984a0a
to_pretty_bits displays concrete values for a small enough number of …
iC4rl0s Nov 26, 2024
ed1999a
small QoL improvements and bug fixes
iC4rl0s Nov 26, 2024
7fa0100
bugfix: certain zeros and uncertain ones
iC4rl0s Nov 26, 2024
96e5737
add regression test for refinement
ManuelLerchner Nov 27, 2024
90338a7
add more regression tests for refines
ManuelLerchner Nov 27, 2024
f25a578
improve refine with interval; add regression tests
ManuelLerchner Nov 28, 2024
e9286e7
fixed bitshifts
Draggon01 Dec 3, 2024
3e4928a
removed commmented code and old wrong testcases
Draggon01 Dec 3, 2024
9bcd884
fixed edge case where shift with 0 was done without zero in shifting bf
Draggon01 Dec 3, 2024
6fe1162
added of bitfield for refinements
Dec 3, 2024
5301322
Merge pull request #18 from ManuelLerchner/quickcheck-fixes
ManuelLerchner Dec 3, 2024
0fa8ca7
Merge branch 'master' of github.com:ManuelLerchner/analyzer into more…
ManuelLerchner Dec 3, 2024
bad0bb8
remove duplicate function
ManuelLerchner Dec 3, 2024
abde7e4
Revert "remove duplicate function"
ManuelLerchner Dec 3, 2024
937b341
Reapply "remove duplicate function"
ManuelLerchner Dec 3, 2024
ddfaace
fix bug
ManuelLerchner Dec 3, 2024
24f305f
add some more tests
ManuelLerchner Dec 4, 2024
7c4411d
add missing regression tests
ManuelLerchner Dec 4, 2024
6c2c570
simple refinements for base invariant with bitfields
Dec 7, 2024
f237a9e
shift_right and shift_left return bot when the result or the paramete…
iC4rl0s Dec 9, 2024
e4eefd9
added to_bitfield to refine base invariant further and regression test
Dec 9, 2024
8d4a4b8
Merge pull request #19 from ManuelLerchner/more-regression-tests
ManuelLerchner Dec 10, 2024
8d7faf9
Merge pull request #20 from ManuelLerchner/extract-tuple-six
ManuelLerchner Dec 10, 2024
e2568fd
Merge branch 'master' of github.com:ManuelLerchner/analyzer into inva…
ManuelLerchner Dec 10, 2024
ccb13c1
Merge pull request #21 from ManuelLerchner/invariant
ManuelLerchner Dec 10, 2024
88b0dfc
hotfix regression tests
ManuelLerchner Dec 10, 2024
86fdeb5
Merge branch 'goblint:master' into master
ManuelLerchner Dec 10, 2024
60fbbf5
improved property tests for bitshifts
iC4rl0s Dec 11, 2024
ed27d3d
fix show
ManuelLerchner Dec 11, 2024
58eeeb4
Merge branch 'master' of github.com:ManuelLerchner/analyzer
ManuelLerchner Dec 11, 2024
dbe2e00
some property tests failed as generators were not constrained to the ik
iC4rl0s Dec 11, 2024
810a966
fixed overflow in norm
Dec 11, 2024
d7b8755
renaming due to merge conflict
Dec 11, 2024
541a87d
Merge branch 'master' into overflow
AdrianKrauss Dec 11, 2024
686633a
two bug fixes
Dec 11, 2024
4b3a0f8
improved logging
iC4rl0s Dec 11, 2024
dee9036
overflow behavior cannot be checked by property tests
iC4rl0s Dec 11, 2024
d6e3f61
more robust tests with a found bug
iC4rl0s Dec 11, 2024
e3145ad
revert to basic unit tests
iC4rl0s Dec 11, 2024
6c720b8
Merge remote-tracking branch 'origin/overflow' into tests
iC4rl0s Dec 11, 2024
f09ead4
bug in exclude_undefined_bitshifts must be fixed or behavior defined
iC4rl0s Dec 12, 2024
8b53b08
Added distinction between invalid and undefined bitshifts. In the for…
iC4rl0s Dec 12, 2024
c682527
added pape rreferences and refined div
Dec 13, 2024
7a8b3ad
added some more cases
Draggon01 Dec 15, 2024
8cf7192
more tests and overflow bugs detected. comment out TODO fails to see
iC4rl0s Dec 16, 2024
79a859a
bugfix: zero shifted by anything should be zero
iC4rl0s Dec 16, 2024
bfe5dc6
Merge branch 'master' of github.com:goblint/analyzer into goblint-master
ManuelLerchner Dec 16, 2024
ed56056
Merge branch 'goblint-master'
ManuelLerchner Dec 16, 2024
f40fefb
refactored intDomain
Dec 17, 2024
e1d948d
Merge branch 'master' into tests
AdrianKrauss Dec 17, 2024
57ac94a
merge
Draggon01 Dec 17, 2024
6c7f899
exclude bitfield in modules python script as other intdomains
Draggon01 Dec 17, 2024
313adb8
changed to top_of
Dec 17, 2024
ee9f358
merge
Dec 17, 2024
288bf0d
Merge remote-tracking branch 'refs/remotes/origin/tests' into tests
Dec 17, 2024
306aa33
improved refinements with bitfield
Dec 17, 2024
3862f2e
added overflow checking
Draggon01 Dec 17, 2024
b683875
added missing bf in create
Draggon01 Dec 17, 2024
26a23f5
bugfixes for overflow errs
iC4rl0s Dec 17, 2024
f70838d
Merge branch 'tests' of github.com:ManuelLerchner/analyzer into tests
iC4rl0s Dec 17, 2024
2e85cc9
Merge pull request #22 from ManuelLerchner/tests
iC4rl0s Dec 17, 2024
898a68e
fixed all current ocp-indent failures
Draggon01 Dec 18, 2024
0cc16dc
added regression test
Draggon01 Dec 19, 2024
65237fd
fixed overflow handling
Dec 19, 2024
5cf4620
Merge pull request #26 from ManuelLerchner/precission
ManuelLerchner Dec 20, 2024
dc68f48
Merge pull request #25 from ManuelLerchner/indent-fixes
ManuelLerchner Dec 20, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
211 changes: 211 additions & 0 deletions src/analyses/bitfield.ml
Original file line number Diff line number Diff line change
@@ -0,0 +1,211 @@
(** Simplest possible analysis with unit domain ([unit]). *)

open GoblintCil
open Analyses


module Bitfield= struct
module I = IntDomain.Flattened

type t = I.t * I.t

(* abstract operators from the paper *)

let of_int (z:Z.t) : t = (I.lognot @@ I.of_int (Z.to_int64 z), I.of_int (Z.to_int64 z))

let logneg (p:t) :t = let (z,o) = p in (o,z)

let logand (p1:t) (p2:t) :t = let (z1,o1) = p1 in let (z2,o2) = p2 in (I.logor z1 z2, I.logand o1 o2)

let logor (p1:t) (p2:t) :t = let (z1,o1) = p1 in let (z2,o2) = p2 in (I.logand z1 z2, I.logor o1 o2)

let logxor (p1:t) (p2:t) :t = let (z1,o1) = p1 in let (z2,o2) = p2 in (I.logor (I.logand z1 (I.lognot o2)) (I.logand (I.lognot o1) o2), I.logor (I.logand o1 (I.lognot o2)) (I.logand (I.lognot o1) o2))

let logshiftleft (p1:t) (p2:t) :t = failwith "Not implemented"

let logshiftright (p1:t) (p2:t) :t = failwith "Not implemented"


let join (z1,o1) (z2,o2) =
(I.logor z1 z2, I.logor o1 o2)

let meet (z1,o1) (z2,o2) = let nabla x y= (if x = I.logor x y then y else (I.of_int (Z.to_int64 (Z.minus_one) ))) in
(nabla z1 z2, nabla o1 o2)

(* todo wrap *)


let equal (z1,o1) (z2,o2) = z1 = z2 && o1 = o2
let hash (z,o) = I.hash z + 31 * I.hash o
let compare (z1,o1) (z2,o2) =
match compare z1 z2 with
| 0 -> compare o1 o2
| c -> c

let show (z,o) = Printf.sprintf "Bitfield{z:%s,o:%s}" (I.show z) (I.show o)

let pretty () (z,o) = Pretty.dprintf "Bitfield{z:%s,o:%s}" (I.show z) (I.show o)
let printXml out(z,o) = BatPrintf.fprintf out "<Bitfield><z>%a</z><o>%a</o></Bitfield>" I.printXml z I.printXml o

let name () = "Bitfield"

let to_yojson (z,o) = I.to_yojson z (*TODO*)


let tag (z,o) = Hashtbl.hash (z,o)
let arbitrary () = QCheck.pair (I.arbitrary ()) (I.arbitrary ())
let relift x = x

let leq (z1,o1) (z2,o2) = I.leq z1 z2 && I.leq o1 o2


let widen (z1,o1) (z2,o2) = if I.leq z1 z2 && I.leq o1 o2 then (z2, o2) else (I.top (), I.top ())

let narrow = meet

let pretty_diff () ((z1,o1),(z2,o2)) =
Pretty.dprintf "Bitfield: (%s,%s) not leq (%s,%s)" (I.show z1) (I.show o1) (I.show z2) (I.show o2)



let top () : t = (I.of_int (Z.to_int64 (Z.minus_one)), I.of_int (Z.to_int64 (Z.minus_one)))
let bot () : t = (I.of_int (Z.to_int64 Z.zero), I.of_int (Z.to_int64 Z.zero))
let is_top (e:t) = e = top ()
let is_bot (e:t) = e = bot ()
end



(* module Spec : Analyses.MCPSpec with module D = Lattice.Unit and module C = Printable.Unit and type marshal = unit = *)
(* No signature so others can override module G *)
module Spec =
struct
include Analyses.DefaultSpec

module B = Bitfield

let name () = "bitfield"
module D = MapDomain.MapBot (Basetype.Variables) (B)
include Analyses.ValueContexts(D)



let is_integer_var (v: varinfo) =
match v.vtype with
| TInt _ -> true
| _ -> false


let get_local = function
| Var v, NoOffset when is_integer_var v && not (v.vglob || v.vaddrof) -> Some v (* local integer variable whose address is never taken *)
| _, _ -> None

let rec eval (state : D.t) (e: exp) =
match e with
| Const c -> (match c with
| CInt (i,_,_) ->
(try B.of_int i with Z.Overflow -> B.top ())
(* Our underlying int domain here can not deal with values that do not fit into int64 *)
(* Use Z.to_int64 instead of Cilint.int64_of_cilint to get exception instead of silent wrap-around *)
| _ -> B.top ()



)
| Lval (Var x, NoOffset) when is_integer_var x && not (x.vglob || x.vaddrof) ->
(try D.find x state with Not_found -> B.top ())
| _ -> B.top ()


(* Map of integers variables to our signs lattice. *)
(* transfer functions *)
let assign ctx (lval:lval) (rval:exp) : D.t =
print_endline "assign";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging

let d = ctx.local in
match lval with
| (Var x, NoOffset) ->
(* Convert the raw tuple to a proper Bitfield.t value *)
let v = eval d rval in
D.add x v d
| _ -> d

let branch ctx (exp:exp) (tv:bool) : D.t =
print_endline "branch";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
let d = ctx.local in
match exp with
| BinOp (Eq, e1, e2, _) ->
(match e1, e2 with
| Lval (Var x, NoOffset), Const (CInt (i,_,_)) when is_integer_var x && not (x.vglob || x.vaddrof) ->
let v = eval d e2 in
if tv then
D.add x v d else
D.add x (B.logneg v) d
| _ -> d
)

| _ -> d


let body ctx (f:fundec) : D.t =
print_endline "body";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
ctx.local

let return ctx (exp:exp option) (f:fundec) : D.t =
print_endline "return";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
ctx.local

let enter ctx (lval: lval option) (f:fundec) (args:exp list) : (D.t * D.t) list =
print_endline "enter";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
[ctx.local, ctx.local]


let assert_holds (d: D.t) (e:exp) =
print_endline "assert_holds";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
match e with
| BinOp (Eq, e1, e2, _) ->
(match e1, e2 with
| BinOp (BAnd, a,b,_), Const (CInt (i,_,_)) ->
let pl=eval d a in
let pr=eval d b in
let and_result=B.logand pl pr in
B.equal and_result (B.of_int i)
| _ -> false
)
| _ -> false


let query ctx (type a) (q: a Queries.t): a Queries.result =
print_endline "query";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
let open Queries in
match q with
| EvalInt e when assert_holds ctx.local e ->
let ik = Cilfacade.get_ikind_exp e in
ID.of_bool ik true
| _ -> Result.top q


let combine_env ctx lval fexp f args fc au f_ask =
print_endline "combine_env";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
au

let combine_assign ctx (lval:lval option) fexp (f:fundec) (args:exp list) fc (au:D.t) (f_ask: Queries.ask) : D.t =
print_endline "combine_assign";

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: semgrep.print-not-logging Warning

printing should be replaced with logging
ctx.local

let special ctx (lval: lval option) (f:varinfo) (arglist:exp list) : D.t =
let d = ctx.local in
match lval with
| Some (Var x, NoOffset) -> D.add x( B.top ()) d
| _ -> d



let startstate v = D.bot ()
let threadenter ctx ~multiple lval f args = [D.top ()]
let threadspawn ctx ~multiple lval f args fctx = ctx.local
let exitstate v = D.top ()
end

let _ =
MCP.register_analysis (module Spec : MCPSpec)
Loading
Loading