Merge pull request #7909 from esteffin/esteffin/define-shadow-memory-primitives

Enable typechecking of shadow memory primitives

Author: Enrico Steffinlongo

regression/cbmc-shadow-memory/declarations1/test_bad1.desc

@@ -3,7 +3,8 @@ bad1.c
 --function bad_declaration1 --verbosity 10
 ^EXIT=6$
 ^SIGNAL=0$
-^A shadow memory field must not be larger than 8 bits.
+^file bad1\.c line 3 function bad_declaration1: __CPROVER_field_decl_local argument 2 must be a byte-sized integer, but \(\(signed int\)0\) has type `signed int`
+^CONVERSION ERROR
 --
 --
 Test that a shadow memory declaration of a too large type is rejected.

regression/cbmc-shadow-memory/declarations1/test_bad2.desc

@@ -3,7 +3,8 @@ bad2.c
 --function bad_declaration2 --verbosity 10
 ^EXIT=6$
 ^SIGNAL=0$
-^A shadow memory field must be of a bitvector type.
+^file bad2\.c line 7 function bad_declaration2: __CPROVER_field_decl_global argument 2 must be a byte-sized integer, but \(s\) has type `struct STRUCT`
+^CONVERSION ERROR
 --
 --
 Test that a shadow memory declaration of a non-bitvector type is rejected.

regression/cbmc-shadow-memory/intrinsics_warnings1/intrinsics_warn.c

@@ -0,0 +1,32 @@
+//
+// Created by Fotis Koutoulakis on 19/09/2023.
+//
+#include <assert.h>
+#include <stdio.h>
+
+struct S
+{
+  int i;
+  int j;
+};
+
+int main()
+{
+  __CPROVER_field_decl_local("uninitialized", (char)0);
+  __CPROVER_field_decl_global("uninitialized-global", (char)0);
+
+  struct S s;
+  char a;
+
+  __CPROVER_set_field(&a, "uninitialized", 1);
+
+  assert(__CPROVER_get_field(&a, "uninitialized") == 1);
+
+  __CPROVER_set_field(&s, "uninitialized", 1);
+
+  assert(__CPROVER_get_field(&s, "uninitialized") == 1);
+  assert(__CPROVER_get_field(&s.i, "uninitialized") == 1);
+  assert(__CPROVER_get_field(&s.j, "uninitialized") == 1);
+
+  return 0;
+}

regression/cbmc-shadow-memory/intrinsics_warnings1/test.desc

@@ -0,0 +1,16 @@
+CORE
+intrinsics_warn.c
+
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+WARNING: no body for function
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_global' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_local' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_set_field' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_get_field' is not declared
+--
+This test is making sure that we don't get any of the log messages warning
+for the shadow memory intrinsics being undefined after the type check phase.

regression/cbmc-shadow-memory/intrinsics_warnings2/test.desc

@@ -0,0 +1,18 @@
+CORE
+typechecking_warning.c
+
+^EXIT=6$
+^SIGNAL=0$
+^CONVERSION ERROR$
+file typechecking_warning\.c line \d function main: __CPROVER_field_decl_local argument 2 must be a byte-sized integer, but \(10ul\) has type `unsigned long int`
+--
+^warning: ignoring
+WARNING: no body for function
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_global' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_local' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_set_field' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_get_field' is not declared
+--
+This test is part of a suite of tests we have for ensuring that the typechecker
+comes up with proper error messages in the case of shadow memory intrinsics
+failing the typechecking phase.

regression/cbmc-shadow-memory/intrinsics_warnings2/typechecking_warning.c

@@ -0,0 +1,9 @@
+//
+// Created by Fotis Koutoulakis on 19/09/2023.
+//
+int main()
+{
+  __CPROVER_field_decl_local("uninitialized", 10ul);
+
+  return 0;
+}

regression/cbmc-shadow-memory/intrinsics_warnings3/test.desc

@@ -0,0 +1,18 @@
+CORE
+typechecking_warning.c
+
+^EXIT=6$
+^SIGNAL=0$
+^CONVERSION ERROR$
+file typechecking_warning\.c line \d function main: __CPROVER_field_decl_local takes exactly 2 arguments, but 1 were provided
+--
+^warning: ignoring
+WARNING: no body for function
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_global' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_field_decl_local' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_set_field' is not declared
+file intrinsics_warn.c line \d+ function main: function '__CPROVER_get_field' is not declared
+--
+This test is part of a suite of tests we have for ensuring that the typechecker
+comes up with proper error messages in the case of shadow memory intrinsics
+failing the typechecking phase.

regression/cbmc-shadow-memory/intrinsics_warnings3/typechecking_warning.c

@@ -0,0 +1,9 @@
+//
+// Created by Fotis Koutoulakis on 19/09/2023.
+//
+int main()
+{
+  __CPROVER_field_decl_local("uninitialized");
+
+  return 0;
+}

regression/cbmc-shadow-memory/void-ptr-param-get1/test.desc

@@ -3,6 +3,7 @@ main.c
 
 ^EXIT=6$
 ^SIGNAL=0$
-Shadow memory: cannot get shadow memory via type void\* for f_void_ptr::s
+^file main\.c line 12 function f_void_ptr: __CPROVER_get_field argument 1 must be a non-void pointer, but \(s\) has type `void \*`. Insert a cast to the type that you want to access\.
+CONVERSION ERROR
 --
 ^warning: ignoring

regression/cbmc-shadow-memory/void-ptr-param-set1/test.desc

@@ -3,6 +3,7 @@ main.c
 
 ^EXIT=6$
 ^SIGNAL=0$
-Shadow memory: cannot set shadow memory via type void\* for f_void_ptr::s
+^file main\.c line 12 function f_void_ptr: __CPROVER_set_field argument 1 must be a non-void pointer, but \(s\) has type `void \*`\. Insert a cast to the type that you want to access\.
+^CONVERSION ERROR
 --
 ^warning: ignoring