mrstanb
commented
11 months ago I think this could be configured to hold for many variables besides stdin, such as stdout, stderr, etc., right?
Open michael-schwarz opened 11 months ago
mrstanb
commented
11 months ago I think this could be configured to hold for many variables besides stdin, such as stdout, stderr, etc., right?
sim642
commented
11 months ago Doing it by the FILE type would cover all these and more. Access does so for ignoring races within these structures that should be treated as opaque.
michael-schwarz
commented
11 months ago Actually, we should hold off on doing this for now, as these warnings currently save us from being unsound in many cases:
#include<stdio.h>
int main() {
char *tmp;
char inputBuffer[14U] = {(char)'\000'};
tmp = fgets((char *)(& inputBuffer),50,stdin); //Reading too many chars
free(tmp2);
}This is a typical example of a buffer-overflow, and we currently do not produce warnings for it. We should address this after SV-COMP, potentially with specifying constraints for correct usage in the library function mechanism.
sim642
commented
11 months ago potentially with specifying constraints for correct usage in the library function mechanism.
Since such buffer overflow and file descriptor related things can grow quite complex, we might want to start thinking about not reinventing the wheel and reusing more general library function specifications. For example those used by Mopsa or Frama-C (ACSL).
We currently warn about accesses to
stdinfor code such as thisI think it does not make sense to produce such warnings for
stdin, but instead we would need to wran for the invalid writes toinputBuffer.