Skip to content

do not access typet::subtype() without cast #3087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2018
Merged

do not access typet::subtype() without cast #3087

merged 1 commit into from
Oct 7, 2018

Conversation

kroening
Copy link
Member

@kroening kroening commented Oct 3, 2018

Rationale: not every type has a subtype, and if a type doesn't have one,
then accessing subtype() results in a memory safety violation. Casting to
the right specialisation prevents this.

Eventually, typet::subtype() will be removed to enforce this.

  • Each commit message has a non-empty body, explaining why the change was made.
  • My contribution is formatted in line with CODING_STANDARD.md.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@kroening kroening requested a review from tautschnig October 3, 2018 08:00
tautschnig
tautschnig approved these changes Oct 3, 2018
View reviewed changes
Copy link
Collaborator

@tautschnig tautschnig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, except I'm confused by parts of the commit message. It says "Casting to
the right specialisation prevents this." which I find misleading. It's the fact that these "casts" are non-trivial conversions doing checks. An actual cast like (type_with_subtypet)t would gain us nothing...

@tautschnig tautschnig assigned kroening and unassigned tautschnig Oct 3, 2018
@kroening
Copy link
Member Author

kroening commented Oct 3, 2018

"Checked casts"?
A "conversion" usually changes representation.

@tautschnig
Copy link
Collaborator

"checked casts" sounds like a reasonable solution.

do not access typet::subtype() without cast to appropriate specialisa…
bdfe7af 
…tion

Rationale: not every type has a subtype, and if a type doesn't have one,
then accessing subtype() results in a memory safety violation.  A checked
cast to the right specialisation prevents this.

Eventually, typet::subtype() will be removed to enforce this.
@kroening kroening removed their assignment Oct 3, 2018
allredj
allredj reviewed Oct 3, 2018
View reviewed changes
Copy link
Contributor

@allredj allredj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Passed Diffblue compatibility checks (cbmc commit: bdfe7af).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/86712175

smowton
smowton reviewed Oct 3, 2018
View reviewed changes
src/util/pointer_offset_size.cpp
DATA_INVARIANT(
array_type.id()==ID_array,
"index into array expected, found "+array_type.id_string());
index_expr.array().type().id() == ID_array,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

? Are you sure about removing the ns.follow, couldn't the array have symbol type here?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we don't use symbol types for arrays (anymore - I think many many years ago we might).

@peterschrammel peterschrammel removed their assignment Oct 6, 2018
@tautschnig tautschnig merged commit a0883eb into develop Oct 7, 2018
@tautschnig tautschnig deleted the type-cleanup3 branch October 7, 2018 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@allredj allredj allredj left review comments

@smowton smowton smowton approved these changes

@peterschrammel peterschrammel peterschrammel approved these changes

@chrisr-diffblue chrisr-diffblue Awaiting requested review from chrisr-diffblue

@martin-cs martin-cs Awaiting requested review from martin-cs martin-cs is a code owner

@pkesseli pkesseli Awaiting requested review from pkesseli

@thk123 thk123 Awaiting requested review from thk123

Assignees

@martin-cs martin-cs

@chrisr-diffblue chrisr-diffblue

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kroening @tautschnig @smowton @peterschrammel @allredj @martin-cs @chrisr-diffblue