goblint
Precise `strdup`
Currently strdup (and strndup) return an unknown pointer, which can make things very imprecise. Instead we should:
- [ ] Return a pointer to freshly allocated memory, the same way as
malloc. - [ ] Create a corresponding blob as its value.
- [ ] Blob size should come from the argument string constant or blob size.
- [ ] Blob contents should copy the argument blob contents or summarize the string constant.
- [ ]
strndupshould additionally only have maximum lengthnand copy as long prefix.
@nathanschmidt will tackle this as it is quite related to his string domain work.
Now that the thesis is done, will this still be worked on or not?
I don't recall where I originally noticed this, but this may be quite crucial now because silver searcher has lots of likely-spurious race warnings related to a strndup. I don't know for sure whether this would avoid them, but we might have to do this ourselves since the PLDI paper is high priority.
Now that the thesis is done, will this still be worked on or not?
Sorry I haven't found the time to do so yet. I'll try to do this next week, let me know if that is soon enough
If you can get around to it next week, I think that is timely enough; However, please don't feel obligated to do it if you don't want to, as the thesis is officially over now.
After some more digging into silver searcher it appears that strdup might not be the main biggest hurdle. Rather it seems proper value analysis of thread-local variables (#876) is more crucial to get rid of unknown pointers that cause imprecise type-based memory accesses.
Nathan has finished his thesis now and will sadly not have time to work on this, so I unassigned him.