Skip to content

Improve memOutOfBounds precision by being relational w.r.t. size and offset#2058

Open
sim642 wants to merge 11 commits into
masterfrom
memOutOfBounds-base-offset-relation
Open

Improve memOutOfBounds precision by being relational w.r.t. size and offset#2058
sim642 wants to merge 11 commits into
masterfrom
memOutOfBounds-base-offset-relation

Conversation

@sim642

@sim642 sim642 commented Jun 16, 2026

Copy link
Copy Markdown
Member

This is on top of #2057.

Previously memOutOfBounds was unnecessarily imprecise: for a points-to set, the sizes of targets and offsets of targets were joined separately, and then bounds were checked on the joined values.
This changes the bounds check to be per-target, without joining sizes and offsets.
It is illustrated by the added test which now passes.

sim642 added 10 commits June 15, 2026 13:47
@sim642
Add TODO test 74-invalid_deref/39-oob-base-offset-relation
4d5d7f8
@sim642
Extract get_addr_size in base and memOutOfBounds
9d26214
@sim642
Extract get_mval_offset in memOutOfBounds
65a7fbf
@sim642
Remove spurious top check from get_size_of_ptr_target
f52bb10 
This is just a size query, not the dereference itself.
get_addr_size returns `Top for UnknownPtr and that will be checked anyway.
Also this has no corresponding safe check, which makes it strange.
@sim642
Remove spurious checks from get_mval_offset
7a451fe 
This is just an offset query, not the dereference itself.
@sim642
Remove spurious checks from get_addr_offs
ff4a299 
This is just an offset query, not the dereference itself.
@sim642
Merge branch 'memOutOfBounds-blobsize-var' into memOutOfBounds-base-o…
d90abfc 
…ffset-relation
@sim642
Improve memOutOfBounds preicision by being relational w.r.t. size and…
8536e8d 
… offset
@sim642
Remove unused ptr arguments in memOutOfBounds
b9696d5
@sim642
Move some let bindings in memOutOfBounds
1802ac1 
Move some inward to avoid computing unnecessarily.
Move some outward (of let*) to compute only once.
@sim642 sim642 added this to the SV-COMP 2027 milestone Jun 16, 2026
@sim642 sim642 added sv-comp SV-COMP (analyses, results), witnesses precision pr-dependency Depends or builds on another PR, which should be merged before labels Jun 16, 2026
@michael-schwarz michael-schwarz changed the title Improve memOutOfBounds preicision by being relational w.r.t. size and offset Improve memOutOfBounds precision by being relational w.r.t. size and offset Jun 17, 2026
Base automatically changed from memOutOfBounds-blobsize-var to master June 17, 2026 11:42
@sim642 sim642 removed the pr-dependency Depends or builds on another PR, which should be merged before label Jun 17, 2026
@sim642

sim642 commented Jun 17, 2026

Copy link
Copy Markdown
Member Author

On sv-benchmarks with level02 and 90s, this makes no difference to verdicts.
Also this makes no difference to the dashboard checks comparison.
That's kind of disappointing.

@sim642 sim642 marked this pull request as ready for review June 17, 2026 11:46
Copilot AI review requested due to automatic review settings June 17, 2026 11:46
Copilot AI reviewed Jun 17, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

precision sv-comp SV-COMP (analyses, results), witnesses

Projects

None yet

Milestone

SV-COMP 2027

Development

Successfully merging this pull request may close these issues.

2 participants

@sim642