Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pathological BPF program can force long veriifcation times #783

Open
Alan-Jowett opened this issue Nov 9, 2024 · 4 comments
Open

Pathological BPF program can force long veriifcation times #783

Alan-Jowett opened this issue Nov 9, 2024 · 4 comments

Comments

@Alan-Jowett
Copy link
Contributor

Test case that causes the verifier to hang

test-case: Found by fuzzing
options: ["termination"]

pre: []

code:
  <start>: |
    r0 = 0
    r1 = 10
  <loop>: |
    w1 -= 1
    if r1 > 0 goto <loop>
    exit

post: []
@Alan-Jowett
Copy link
Contributor Author

Not sure if the time is in fact bounded, but it takes > 10 minutes

@elazarg
Copy link
Collaborator

elazarg commented Nov 9, 2024

We know for a fact that the current implementation of the numeric domain can diverge, due to changes I've introduced, which broke widening in some cases. I don't know if that's the underlying cause here.

@Alan-Jowett
Copy link
Contributor Author

This appears to be related to 32bit ALU ops. If I switch it to r1 -= 1 it converges.

@Alan-Jowett
Copy link
Contributor Author

This is actually a test case generated by DiffSpec

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elazarg @Alan-Jowett