Project

General

Profile

Actions

Feature #6912

closed

Support for several advices for memory allocation functions (kzalloc)

Added by Vadim Mutilin almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
Requirement specifications
Target version:
-
Start date:
03/01/2016
Due date:
% Done:

0%

Estimated time:
Published in build:
5b44e4b

Description

Memory allocation functions should be instrumented for different aspects
Namely:
1. Common parts of rule models impose restrictions on allocated pointers. For example, the ERR_PTR model should restrict value of successfully allocated pointer. The resulting pointer should be <= LDV_PTR_MAX
2. Rule models itself like 43_1a perform checks of input parameters and may also depend on returning values.
3. Memory allocation functions should not have a body. Thus they should be replaced by some functions without body.
For example, kzalloc is defined as inline function and has a body. It should be replaced, for example, by ldv_kzalloc, declared for verification task.

Suggested workaround approach defines a default model for memory allocation functions
For example,

pointcut ALLOC_AROUND: execution(static inline void *kzalloc(size_t size, gfp_t flags))

around: ALLOC_AROUND
{
  void *res;
  ldv_before_kzalloc(size, flags); 
  res = ldv_kzalloc(size, flags);
  ldv_after_kzalloc(res, size, flags);
  return res;
}

//ldv_kzalloc name is provided as configuration for verification tool
void *ldv_kzalloc(size_t size, gfp_t flags);
//the following functions may be implemented by commons parts and rule models
void ldv_before_kzalloc(size_t size, gfp_t flags);
void ldv_after_kzalloc(void *ptr, size_t size, gfp_t flags);

For example, for ERR_PTR:

void ldv_after_kzalloc(void *ptr, size_t size, gfp_t flags) {
    ldv_assume(ptr<=LDV_PTR_MAX);
}

for 43_1a:
void ldv_before_kzalloc(size_t size, gfp_t flags) {
    ldv_check_alloc_flags(flags);
}


Related issues 2 (0 open2 closed)

Related to Klever - Feature #7237: Improve existing rule specificationsClosedVitaly Mordan06/24/201606/24/2016

Actions
Blocks Klever - Feature #7352: Add models for dev_get_drvdata() and dev_set_drvdata()ClosedVitaly Mordan06/28/2016

Actions
Actions #1

Updated by Vadim Mutilin over 8 years ago

  • Assignee set to Vitaly Mordan
Actions #2

Updated by Evgeny Novikov over 8 years ago

  • Subject changed from Support for several aspects for memory allocation functions (kzalloc) to Support for several advices for memory allocation functions (kzalloc)
  • Category set to Requirement specifications
  • Priority changed from Normal to Urgent

Several additions.

There should be at least a declaration for ldv_kzalloc() to avoid build errors. I hope that it will be presented by Ilja tomorrow.

I guess that ldv_kzalloc() should return not only pointer that isn't greater than LDV_PTR_MAX but the whole successfully allocated region should lie before LDV_PTR_MAX, i.e.

void ldv_after_kzalloc(void *ptr, size_t size, gfp_t flags) {
    ldv_assume(ptr + size < LDV_PTR_MAX);
}

I don't think that now we need to pass size to ldv_before_kzalloc() and flags to ldv_after_kzalloc(). Maybe this won't be the case in future.

Actions #3

Updated by Evgeny Novikov over 8 years ago

  • Priority changed from Urgent to Normal

Don't understand why I raised this issue priority.

Actions #4

Updated by Vitaly Mordan over 8 years ago

Related work to this issue was started in branch fix_6912.
It implements all internal memory allocation and non-deterministic functions through SV-COMP functions.
Alloc aspect is suggested to use for each rule specification, but it will affect verification results (a lot of transitions for verdicts are expected).

Actions #5

Updated by Evgeny Novikov over 8 years ago

  • Status changed from New to Open
  • Priority changed from Normal to Urgent

Due to absence of the kzalloc model we get one false alarm in the validation set (2799366670b3~/drivers/target/target_core_iblock.ko/linux:bio).

Don't worry about verdict transitions. We need this model any way.

Actions #6

Updated by Evgeny Novikov over 8 years ago

  • Status changed from Open to Closed
  • Published in build set to 3803ab4

The branch was merged to master in 3803ab4, but without corresponding efforts at the verifier side (https://svn.sosy-lab.org/trac/cpachecker/ticket/268) our models of no use.

Actions #7

Updated by Evgeny Novikov over 8 years ago

  • Published in build changed from 3803ab4 to 5b44e4b

One fix was added in 5b44e4b. Before allocating memory with unknown memory sizes couldn't fail.

Actions

Also available in: Atom PDF