-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifying C written with C11 features using SAW #2099
Comments
What versions of SAW and LLVM are you using? I ask since this looks a lot like the bug reported in GaloisInc/llvm-pretty-bc-parser#250, where the LLVM bitcode parser's treatment of the the Generally speaking, SAW should support most C11 features, provided that they compile down to LLVM instructions that SAW knows how to reason about. That's usually the case. |
By the way, here is a test case (distilled from GaloisInc/llvm-pretty-bc-parser#251) that you can use to easily tell whether your version of SAW is affected by GaloisInc/llvm-pretty-bc-parser#250 or not: // test.c
#include <stdint.h>
#include <stdatomic.h>
atomic_int val = 0x928;
int do_atomic_update(atomic_int newval) {
int old_val = 0x928;
return atomic_compare_exchange_weak(&val, &old_val, newval);
}
With SAW 1.1, this test case passes regardless of whether you use a version of LLVM does or does not require opaque pointers:
|
Hi @RyanGlScott , thanks for mentioning this fix PR. It actually fixed the module loading issue, which is great. However, this means that I have to upgrade SAW in our CI and that hasn't been a pleasant experience. Above is the PR I worked on for fixing failures after upgrading SAW. There are a total of three lemmas failing. Two of them I was able to fix without too much trouble. There is one that revealed a change in SAW that caused the term to be much bigger than before, causing Z3 to fail to prove it. The lemma is called
I suspect the
The if conditions are I'm simply wondering if this kind of change is something you could directly recognize. Do you have any suggestions on what I could do? Is there some option that I can use to achieve the old version which is more pleasant to the eyes and easier to prove? |
Hi @RyanGlScott, any ideas for how to resolve this issue? |
Sorry for taking so long to reply. I don't immediately recognize what is going on, but I suspect that changing the Clang compiler flags in awslabs/aws-lc-verification#162 may cause the LLVM bitcode to be different enough to matter. I'd have to take a closer look to see if there are finer-grained Clang flags that would allow restoring the old behavior. |
Thanks! I would be really surprised if it's the compiler flag causing this issue but I could double check the LLVM generated. Btw, it sounds like there is no change in SAW that would lead to this behaviour? |
No, there hasn't been any deliberate changes on SAW's end (to my knowledge) that would affect the shape of proof goals in such a noticeable way. My understanding is that CMake passes different flags to Clang depending on whether you are compiling for C99 versus C11, so any information you can provide on how your setup might affect the resulting calls to Clang would be helpful. |
Thanks for the confirmation, I will look into it. It's unfortunate that it is very easy to get caught off-guard by compilation instability. |
When migrating AWS-LC to C11, all of our existing proofs failed with the following error at LLVM module loading step:
The function
CRYPTO_refcount_inc
is defined at https://github.com/aws/aws-lc/blob/main/crypto/refcount_lock.c#L29 for C99 and defined at https://github.com/aws/aws-lc/blob/main/crypto/refcount_c11.c#L37 for C11. Note that the C11 version is using the new atomic feature. I'm wondering if this means that SAW does not support new features in C11, therefore the LLVM loader couldn't understand the syntax. Any recommendations for how to get around this problem?The text was updated successfully, but these errors were encountered: