mirror of
https://github.com/Z3Prover/z3
synced 2026-07-05 23:06:12 +00:00
Merge pull request #8699 from Z3Prover/copilot/fix-missed-bugs-ff-by-one
Fix off-by-one vulnerabilities in ackermannization module
This commit is contained in:
commit
369890330e
3 changed files with 4 additions and 6 deletions
|
|
@ -38,8 +38,7 @@ public:
|
||||||
TRACE(goal, g->display(tout << "in\n"););
|
TRACE(goal, g->display(tout << "in\n"););
|
||||||
|
|
||||||
ptr_vector<expr> flas;
|
ptr_vector<expr> flas;
|
||||||
const unsigned sz = g->size();
|
for (auto [f, dep, pr] : *g) flas.push_back(f);
|
||||||
for (unsigned i = 0; i < sz; ++i) flas.push_back(g->form(i));
|
|
||||||
lackr lackr(m, m_p, m_st, flas, nullptr);
|
lackr lackr(m, m_p, m_st, flas, nullptr);
|
||||||
|
|
||||||
// mk result
|
// mk result
|
||||||
|
|
|
||||||
|
|
@ -62,10 +62,9 @@ class ackr_bound_probe : public probe {
|
||||||
public:
|
public:
|
||||||
result operator()(goal const & g) override {
|
result operator()(goal const & g) override {
|
||||||
proc p(g.m());
|
proc p(g.m());
|
||||||
unsigned sz = g.size();
|
|
||||||
expr_fast_mark1 visited;
|
expr_fast_mark1 visited;
|
||||||
for (unsigned i = 0; i < sz; ++i) {
|
for (auto [curr, dep, pr] : g) {
|
||||||
for_each_expr_core<proc, expr_fast_mark1, true, true>(p, visited, g.form(i));
|
for_each_expr_core<proc, expr_fast_mark1, true, true>(p, visited, curr);
|
||||||
}
|
}
|
||||||
p.prune_non_select();
|
p.prune_non_select();
|
||||||
double total = ackr_helper::calculate_lemma_bound(p.m_fun2terms, p.m_sel2terms);
|
double total = ackr_helper::calculate_lemma_bound(p.m_fun2terms, p.m_sel2terms);
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ void ackr_model_converter::convert_constants(model * source, model * destination
|
||||||
evaluator.set_model_completion(true);
|
evaluator.set_model_completion(true);
|
||||||
array_util autil(m);
|
array_util autil(m);
|
||||||
|
|
||||||
for (unsigned i = 0; i < source->get_num_constants(); ++i) {
|
for (unsigned i = 0, n = source->get_num_constants(); i < n; ++i) {
|
||||||
func_decl * const c = source->get_constant(i);
|
func_decl * const c = source->get_constant(i);
|
||||||
app * const term = info->find_term(c);
|
app * const term = info->find_term(c);
|
||||||
expr * value = source->get_const_interp(c);
|
expr * value = source->get_const_interp(c);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue