Consider the following code example. We need to perform a bound check because the buf is being dereferenced. But also we need to increment the buf pointer by one. Currently, the tool generates a check such as if ((buf++) + 1 > data_end) ... which is wrong. The logic would be incorrect, since the if (*buf++ = 'x') would now check the next element. Also, the pointer would be incremented twice.
I do not have any idea on how to solve this issue. It seems that the tool needs to rewrite the code in simplification phase.
Consider the following code example. We need to perform a bound check because the
buf
is being dereferenced. But also we need to increment thebuf
pointer by one. Currently, the tool generates a check such asif ((buf++) + 1 > data_end) ...
which is wrong. The logic would be incorrect, since theif (*buf++ = 'x')
would now check the next element. Also, the pointer would be incremented twice.I do not have any idea on how to solve this issue. It seems that the tool needs to rewrite the code in simplification phase.