-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support memory invalidation in LLVM memory model #312
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't carefully examined the logic of readMemInvalidate
, but I think these changes make sense. It's a simple addition that significantly improves our ability to do sound verification.
This breaks If you create a branch in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty good to me, except that I think we'll need to expose more memory initialization options. We need to be able to allocate the globals that are mentioned in SAW function preconditions, in addition to "all" globals and just the constant ones.
So, we should probably rename initializeMemory'
to just initializeMemory
, and rename initializeMemory
to initializeAllMemory
or something, similar to how we have populateGobals
, populateAllGlobals
and populateConstantGlobals
.
With the naming changes, the Once that's fixed, are there any remaining objections to merging this? |
* Support memory invalidation in LLVM memory model * Support not allocating all globals when initializing LLVM memory * Change crux-llvm to reflect initializeMemory name change
Adds a new
WriteSource
calledMemInvalidate
. Reading from invalidated memory yields an error with a user-specified message.This facilitates a
saw-script
change that should fix the compositional verification soundness bug described in GaloisInc/saw-script#30.