Revert the change to the use of unbounded arrays

[martin-cs]

This was introduced in #6194 but reported as breaking in #6230.

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[martin-cs]

@SaswatPadhi it would be great if you could let me know if this fixes your issue.

[codecov]

Codecov Report

Merging #6232 (fbbc5fd) into develop (0002950) will increase coverage by 8.01%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #6232      +/-   ##
===========================================
+ Coverage    67.40%   75.41%   +8.01%     
===========================================
  Files         1157     1459     +302     
  Lines        95236   161447   +66211     
===========================================
+ Hits         64197   121761   +57564     
- Misses       31039    39686    +8647     

Flag	Coverage Δ
cproversmt2	?
regression	?
unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/util/string_container.cpp	52.94% <0.00%> (-47.06%)	⬇️
src/solvers/prop/prop.cpp	42.85% <0.00%> (-41.76%)	⬇️
src/solvers/flattening/boolbv_member.cpp	53.65% <0.00%> (-38.65%)	⬇️
src/cpp/cpp_storage_spec.cpp	65.00% <0.00%> (-35.00%)	⬇️
src/util/cmdline.h	66.66% <0.00%> (-33.34%)	⬇️
src/solvers/strings/array_pool.h	66.66% <0.00%> (-33.34%)	⬇️
src/solvers/strings/string_refinement.h	66.66% <0.00%> (-33.34%)	⬇️
...rs/strings/string_concatenation_builtin_function.h	0.00% <0.00%> (-33.34%)	⬇️
src/cbmc/c_test_input_generator.cpp	60.00% <0.00%> (-30.33%)	⬇️
src/analyses/local_cfg.h	75.00% <0.00%> (-25.00%)	⬇️
... and 1438 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 06c563a...fbbc5fd. Read the comment docs.

[TGWDB]

Happy to approve (specially for faster turn around). Any chance of a regression test?

[martin-cs]

@TGWDB I would love a regression test and was hoping that @SaswatPadhi might be able to provide one.

[SaswatPadhi]

Thanks for the fix, @martin-cs.

We noticed this on a large s2n proof harness, but let me try to reduce it to a small regression test. I would look into large / dynamically allocated arrays, as you suggested.

[martin-cs]

Thanks @SaswatPadhi

[SaswatPadhi]

This is the most I could shrink it to:

#include <assert.h>
#include <stdint.h>
#include <stdlib.h>

static const uint16_t extensions[] = { 0, 1, 2, 3, 4, 5 };

#define COUNT (sizeof(extensions) / sizeof(extensions[0]))

typedef struct {
  uint8_t *data;
  uint32_t size;
  uint32_t allocated;
  unsigned growable :1;
} ext;

struct context {
  ext exts[COUNT];
};

struct conn {
  void *test;
  struct context ctx;
};

int main() {
  struct conn *s = malloc(sizeof(*s));
  if(s != NULL) s->test = NULL;
}

If I shrink the ext struct further, the invariant violation disappears, so may be there is some issue with alignment? Not sure ...

[martin-cs]

I have tried this example with the latest develop ( 06c563a ) and it doesn't crash. Can you double check and say something about the environment?

[TGWDB]

I also tested the example on cbmc release 5.33.0, 5.34.0, and a branch with the fix and had no crashes for any of them (on Ubuntu 20.04 LTS). That said, when I was working on original PR that had this error, there were some behaviours that appeared to be system specific w.r.t. array sizes.

[SaswatPadhi]

Sorry, I should have mentioned the full commandline:

cbmc --malloc-may-fail --malloc-fail-null --pointer-check test.c

[martin-cs]

Ah, yes, that does it! Thanks @SaswatPadhi

[feliperodri]

Any updates on that PR? @martin-cs @kroening

[martin-cs]

@feliperodri I am working on the test case that @SaswatPadhi sent and will add it ASAP.