Skip to content

No check for signed overflow in some cases. #561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
roconnor-blockstream opened this issue Apr 4, 2022 · 0 comments · Fixed by #567
Closed

No check for signed overflow in some cases. #561

roconnor-blockstream opened this issue Apr 4, 2022 · 0 comments · Fixed by #567

Comments

@roconnor-blockstream
Copy link
Contributor

Consider the following function:

void test(long a, long b) {
  long c = (unsigned int) a * b;
  long d = a * (unsigned int) b;
}

In both cases the unsigned int argument is promoted to signed long and the multiplication is performed as a signed long multiplication. In both cases an signed integer overflow could occur and we would need to verify that it does not.

However when run through VST only the d assignment yields an overflow side-condition check, while the c assignment appears to progress without checking for overflow.

Require Import VST.floyd.proofauto.
Require Import test.

Instance CompSpecs : compspecs. make_compspecs prog. Defined.
Definition Vprog : varspecs. mk_varspecs prog. Defined.

Definition test_spec : ident * funspec :=
DECLARE _test
  WITH a : int64, b : int64
  PRE [ tlong, tlong ]
    PROP()
    PARAMS(Vlong a; Vlong b)
  SEP()
POST [ tvoid ]
  PROP()
  RETURN()
  SEP().

Definition Gprog := ltac:(with_library prog
  [test_spec
  ]).

Lemma body_test: semax_body Vprog Gprog f_test test_spec.
Proof.
start_function.
forward.
(* missing overflow entailment check. *)
forward.
(* overflow entailment check is produced here. *)
Abort.
@andrew-appel andrew-appel mentioned this issue Apr 21, 2022
Open
andrew-appel added a commit that referenced this issue Apr 21, 2022
@andrew-appel
Fix issue #561 (missing check for long-long signed overflow)
9a91f41 
and also, fix a bug with extendM that was inadvertently introduced
in P.R. #555.
@andrew-appel andrew-appel mentioned this issue Apr 21, 2022
Merged
andrew-appel added a commit that referenced this issue Apr 21, 2022
@andrew-appel
Merge pull request #567 from PrincetonUniversity/bugfixes
d80fecd 
Fix issue #561 (missing check for long-long signed overflow)
roconnor-blockstream added a commit to BlockstreamResearch/simplicity that referenced this issue May 27, 2022
@roconnor-blockstream
VST-preview.
6908f86 
Take an unrelease branch from VST that fixes
PrincetonUniversity/VST#561
roconnor-blockstream added a commit to BlockstreamResearch/simplicity that referenced this issue Oct 24, 2022
@roconnor-blockstream
VST-preview.
fb7f59e 
Take an unrelease branch from VST that fixes
PrincetonUniversity/VST#561
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix issue #561 (missing check for long-long signed overflow) PrincetonUniversity/VST
1 participant
@roconnor-blockstream