Avoid null-pointer arithmetic #703
Conversation
Signed-off-by: Felipe R. Monteiro <[email protected]>
Signed-off-by: Felipe R. Monteiro <[email protected]>
Signed-off-by: Felipe R. Monteiro <[email protected]>
Signed-off-by: Felipe R. Monteiro <[email protected]>
|
Ref.: #704 |
robin-aws
left a comment
robin-aws
left a comment
There was a problem hiding this comment.
Would you mind adding a bit more context to the PR description (and hence the actual commit) about this being for forwards compatibility with CBMC 5.29?
| PROOF_SOURCES += $(PROOF_SOURCE)/make_common_data_structures.c | ||
| ########### | ||
|
|
||
| REMOVE_FUNCTION_BODY += aws_byte_cursor_advance |
There was a problem hiding this comment.
Just to double check my understanding: this just makes these functions opaque to CBMC, which happens to make the proof less expensive?
There was a problem hiding this comment.
This improves our coverage metric, by discarding functions that are unreachable for this proof. The else branch in field_sized is unreachable, so these functions are never called; however, our coverage analysis still considers this path in the coverage metric. By removing this unreachable functions, we improve coverage metric. If they ever become reachable, our report will through a warning.
There was a problem hiding this comment.
Of the function bodies removed here, it looks like only aws_byte_cursor_advance appears directly in the else branch in question. Is it sufficient to remove just that function body, or do we need to manually list all the other functions that are transitively called, as done here?
There was a problem hiding this comment.
@alex-chew we only need to specify the functions that are directly included in the path, you're correct. I updated the list of these function for the aws_cryptosdk_serialize_frame proof and add a comment explaining why we do this.
There was a problem hiding this comment.
aws_byte_cursor_read_be32 and aws_byte_cursor_read_be64 functions are included in the coverage metric because of field_helper, but we also never reach the else branch there either.
…me proof Signed-off-by: Felipe R. Monteiro <[email protected]>
3 participants
Issue #, if available:
N/A.
Description of changes:
This PR contains two changes:
We have run CBMC 5.30.1 on all proofs in ESDK-C. We must fix these issues before we update CBMC version in CI.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: