C library: Refine and improve stdio models#8043
Open
tautschnig wants to merge 4 commits intodiffblue:developfrom
Open
C library: Refine and improve stdio models#8043tautschnig wants to merge 4 commits intodiffblue:developfrom
tautschnig wants to merge 4 commits intodiffblue:developfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #8043 +/- ##
========================================
Coverage 80.01% 80.01%
========================================
Files 1703 1703
Lines 188396 188402 +6
Branches 73 73
========================================
+ Hits 150738 150744 +6
Misses 37658 37658 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
tautschnig
force-pushed
the
bugfixes/stdio
branch
4 times, most recently
from
d479dc1 to
3917e27
Compare
tautschnig
requested review from
a team,
kroening,
peterschrammel and
remi-delmas-3000
as code owners
tautschnig
force-pushed
the
bugfixes/stdio
branch
from
3917e27 to
85ca3e5
Compare
7 tasks
tautschnig
force-pushed
the
bugfixes/stdio
branch
2 times, most recently
from
3d5bb00 to
22e9222
Compare
tautschnig
force-pushed
the
bugfixes/stdio
branch
from
22e9222 to
94cbfa2
Compare
tautschnig
force-pushed
the
bugfixes/stdio
branch
3 times, most recently
from
e7bf25e to
e0c978c
Compare
tautschnig
force-pushed
the
bugfixes/stdio
branch
from
e0c978c to
49f4cd1
Compare
tautschnig
force-pushed
the
bugfixes/stdio
branch
from
49f4cd1 to
aa95077
Compare
There was a problem hiding this comment.
Pull request overview
Refines CBMC’s C-library stdio/math models to improve portability (notably on BSDs where some stdio/math functions are macros) and to ensure stdin/stdout/stderr refer to valid objects when created via fdopen.
Changes:
- Adjust stdio models (
fdopen, macro#undefs, andfclose) to avoid macro collisions and invalid frees of standard streams. - Expand math support for builtin/macro variants (
__isfinite*,__isnormal*,__signbit*) and switch infinities to__CPROVER_*inf*. - Update/add regression tests and run
cbmc-libraryregressions on BSD CI.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/ansi-c/library_check.sh | Ignores additional platform/builtin math symbols during library checking. |
| src/ansi-c/library/stdio.c | Improves fdopen/_fdopen and standard stream handling; undefines macro-wrapped stdio functions locally. |
| src/ansi-c/library/math.c | Adds/adjusts builtin math entry points and uses __CPROVER_*inf* helpers. |
| src/ansi-c/c_typecheck_expr.cpp | Typechecks additional compiler builtin identifiers (__builtin_is*, __builtin_fabs*). |
| regression/contracts-dfcc/variant_multidimensional_ackermann/main.c | Disables printf call that lacks suitable contracts. |
| regression/cbmc-library/toupper/main.c | Skips test on BSDs pending conversion-table modeling. |
| regression/cbmc-library/tolower/main.c | Skips test on BSDs pending conversion-table modeling. |
| regression/cbmc-library/signbit/main.c | Adds assertions for signbit on double/long double (with Apple guard). |
| regression/cbmc-library/isnormal/main.c | Replaces placeholder failure with a builtin constness check. |
| regression/cbmc-library/isinf/main.c | Adds runtime and compile-time checks for GCC builtins. |
| regression/cbmc-library/isfinite/main.c | Adds behavioral checks comparing isfinite vs fpclassify. |
| regression/cbmc-library/fileno/main.c | Guards fileno assertion when fdopen returns NULL. |
| regression/cbmc-library/copysignl/test.desc | Promotes to CORE and adjusts options. |
| regression/cbmc-library/cnd_broadcast/test.desc | Promotes to CORE and adjusts options. |
| regression/cbmc-library/__fpclassify/main.c | Adds IEEE behavior checks and GCC builtin checks. |
| .github/workflows/bsd.yaml | Runs cbmc-library regressions on BSD jobs (some allowed to fail). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tautschnig
force-pushed
the
bugfixes/stdio
branch
2 times, most recently
from
6e8c0df to
c0a6cd9
Compare
3 tasks
tautschnig
force-pushed
the
bugfixes/stdio
branch
2 times, most recently
from
2d73775 to
7213b51
Compare
BSD systems appear to use `__` prefixed variants of several functions. Define these as needed. Also, avoid handling some GCC-style `__builtin_`-prefixed functions via models when others are done directly in the type checker: do all of them in the type checker.
Fixes portability to FreeBSD, which redefines several functions as macros that would only conditionally call that function. Also, ensure that stdin/stdout/stderr point to valid objects when those are fdopen'ed.
On macOS, the SDK's signbit macro expands to __inline_signbitf, __inline_signbitd, or __inline_signbitl (inline functions defined in the SDK header). These perform union-based bit manipulation that CBMC does not model correctly, especially for 80-bit long double on x86_64. Handle these the same way as __builtin_signbit* by converting them directly to sign_exprt in do_special_functions. Co-authored-by: Kiro <kiro-agent@users.noreply.github.com>
tautschnig
force-pushed
the
bugfixes/stdio
branch
2 times, most recently
from
a4cd8bf to
1b71b48
Compare
On FreeBSD, _FORTIFY_SOURCE uses the SSP __ssp_redirect mechanism which redirects fread to an inline wrapper that calls __ssp_real_fread (the actual implementation). Add a library model for __ssp_real_fread that delegates to fread so that CBMC can properly constrain its return value. Co-authored-by: Kiro <kiro-agent@users.noreply.github.com>
tautschnig
force-pushed
the
bugfixes/stdio
branch
from
cfe80ab to
5d17b24
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes portability to FreeBSD, which redefines several functions as macros that would only conditionally call that function. Also, ensure that stdin/stdout/stderr point to valid objects when those are fdopen'ed.