Skip to content

Fix interval division #1804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Sep 12, 2025
Merged

Fix interval division #1804

merged 10 commits into from
Sep 12, 2025

Conversation

@sim642
Copy link
Member

@sim642 sim642 commented Aug 5, 2025
edited
Loading

Closes #1803.

TODO

  • Clean up.
  • Confirm with interval set as well. (Or perhaps even split interval at 0).
  • Find out why domain tests couldn't find unsoundness: domain tests don't check the overflow flags of abstract operator results. Moreover, when the concrete operator calculates the overflowed value, it's forced into bounds by the abstraction before leq check.

@sim642 sim642 added this to the SV-COMP 2026 milestone Aug 5, 2025
@sim642 sim642 self-assigned this Aug 5, 2025
@sim642 sim642 added bug unsound sv-comp SV-COMP (analyses, results), witnesses labels Aug 5, 2025
@sim642 sim642 marked this pull request as ready for review August 14, 2025 09:50
sim642
sim642 commented Aug 14, 2025
View reviewed changes
src/cdomain/value/cdomains/int/intervalDomain.ml
Comment on lines -297 to -302
let is_zero v = Ints_t.compare v Ints_t.zero = 0 in
match y1, y2 with
| l, u when is_zero l && is_zero u -> (top_of ik,{underflow=false; overflow=false})
| l, _ when is_zero l -> div ik (Some (x1,x2)) (Some (Ints_t.one,y2))
| _, u when is_zero u -> div ik (Some (x1,x2)) (Some (y1, Ints_t.(neg one)))
| _ when leq (of_int ik (Ints_t.zero) |> fst) (Some (y1,y2)) -> (top_of ik,{underflow=false; overflow=false})
Copy link
Member Author

@sim642 sim642 Aug 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, I'm not sure why, but the old handling of division by 0 is quite inconsistent (i.e. not monotone in the second argument):

  • x / [0, 0] returns top (for division by 0).
  • x / [0, 42] delegates to x / [1, 42], which doesn't return top.
  • x / [-42, 0] delegates to x / [-42, -1], which doesn't return top.
  • x / [-42, 42] again returns top (for division by 0).

The new handling consistently returns top in all of the above cases.
Maybe the goal was to imitate the kind of split at 0 which is now part of the general logic in IArith.div?

@sim642 sim642 mentioned this pull request Aug 14, 2025
Open
@sim642 sim642 removed their assignment Sep 1, 2025
@sim642 sim642 merged commit 315bd09 into master Sep 12, 2025
19 checks passed
@sim642 sim642 deleted the issue-1803 branch September 12, 2025 13:30
sim642 added a commit that referenced this pull request Sep 23, 2025
@sim642
Remove unused code in interval domains (PR #1739, #1804)
09f63d4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug sv-comp SV-COMP (analyses, results), witnesses unsound

Projects

None yet

Milestone

SV-COMP 2026

Development

Successfully merging this pull request may close these issues.

Missing overflow warning on division by -1

2 participants

@sim642