memcpy fails to warn when called on invalid pointer #5514
Description
#include <assert.h>
#include <stdlib.h>
int main (void) {
int d;
void* s = malloc(0);
memcpy(&d,s,0);
memcpy(s,&d,0);
}
╰─$ cbmc test.c 10 ↵
CBMC version 5.14.1 (cbmc-5.14.1) 64-bit x86_64 macos
Parsing test.c
Converting
Type-checking test
file test.c line 8 function main: function 'memcpy' is not declared
Generating GOTO Program
Adding CPROVER library (x86_64)
file <builtin-library-memcpy> line 9: error: implicit function declaration 'memcpy'
old definition in module 'test' file test.c line 8 function main
signed int (void)
new definition in module '<built-in-library>' file <builtin-library-memcpy> line 9
void * (void *dst, const void *src, size_t n)
Removal of function pointers and virtual functions
Generic Property Instrumentation
Running with 8 object bits, 56 offset bits (default)
Starting Bounded Model Checking
size of program expression: 111 steps
simple slicing removed 0 assignments
Generated 6 VCC(s), 0 remaining after simplification
** Results:
<builtin-library-malloc> function malloc
[malloc.assertion.1] line 26 max allocation size exceeded: SUCCESS
[malloc.assertion.2] line 31 max allocation may fail: SUCCESS
test.c function main
[main.precondition_instance.1] line 8 memcpy src/dst overlap: SUCCESS
[main.precondition_instance.2] line 8 memcpy source region readable: SUCCESS
[main.precondition_instance.3] line 8 memcpy destination region writeable: SUCCESS
[main.precondition_instance.4] line 9 memcpy src/dst overlap: SUCCESS
[main.precondition_instance.5] line 9 memcpy source region readable: SUCCESS
[main.precondition_instance.6] line 9 memcpy destination region writeable: SUCCESS
** 0 of 8 failed (1 iterations)
VERIFICATION SUCCESSFUL
I expected that the result of malloc(0) would be either null, or an invalid pointer, and that memcpy would reject it as per https://www.imperialviolet.org/2016/06/26/nonnull.html
Instead, it passes.