From 2932b531ceff2cd4573714aeaeb9b4e537d36af8 Mon Sep 17 00:00:00 2001 From: Xavier Leroy Date: Sun, 19 Jul 2015 09:29:45 +0200 Subject: Value analysis: keep track of pointer values that leak through arithmetic operations with undefined behaviors. Consider (x ^ 1) ^ 1 where x is a intptr_t containing a pointer value. "x ^ 1" evaluates to Vundef in the CompCert semantics, hence the value analysis, in strict mode, gives abstract result Ifptr Pbot (= any number but not a pointer). In relaxed mode, we now give abstract result Ifptr (poffset p) where p is the abstraction of the pointer, thus keeping track of the actual leak of the pointer value. --- backend/ValueAnalysis.v | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'backend/ValueAnalysis.v') diff --git a/backend/ValueAnalysis.v b/backend/ValueAnalysis.v index 28934ce9..c559aa25 100644 --- a/backend/ValueAnalysis.v +++ b/backend/ValueAnalysis.v @@ -79,11 +79,11 @@ Definition transfer_builtin (ae: aenv) (am: amem) (rm: romem) (ef: external_func VA.State (AE.set res a ae) am | Builtin_vstore chunk aaddr av => let am' := storev chunk am aaddr av in - VA.State (AE.set res itop ae) (mlub am am') + VA.State (AE.set res ntop ae) (mlub am am') | Builtin_memcpy sz al adst asrc => let p := loadbytes am rm (aptr_of_aval asrc) in let am' := storebytes am (aptr_of_aval adst) sz p in - VA.State (AE.set res itop ae) am' + VA.State (AE.set res ntop ae) am' | Builtin_annot_val av => VA.State (AE.set res av ae) am | Builtin_default => @@ -164,9 +164,9 @@ Definition store_init_data (ab: ablock) (p: Z) (id: init_data) : ablock := | Init_int32 n => ablock_store Mint32 ab p (I n) | Init_int64 n => ablock_store Mint64 ab p (L n) | Init_float32 n => ablock_store Mfloat32 ab p - (if propagate_float_constants tt then FS n else ftop) + (if propagate_float_constants tt then FS n else ntop) | Init_float64 n => ablock_store Mfloat64 ab p - (if propagate_float_constants tt then F n else ftop) + (if propagate_float_constants tt then F n else ntop) | Init_addrof symb ofs => ablock_store Mint32 ab p (Ptr (Gl symb ofs)) | Init_space n => ab end. -- cgit