Parsing Error

[pvouzis]

I am getting the following parsing error. Below is my configuration.

Any idea what might be going on?

This is installed on ubuntu 22.04

/home/ubuntu/goblint-2.4.0/goblint compile_commands.json 
/usr/include/glib-2.0/glib/gspawn.h[76:0-21] : syntax error
Parsing errorFatal error: exception Goblint_lib__Maingoblint.FrontendError("Frontc.ParseError: Parse error")

My setup

/home/ubuntu/goblint-2.4.0/goblint --version 
Goblint version: 2.4.0 (b129fab7de3ab5fd85d2f1340b2d9c5a4e4e2653)
Cil version:     2.0.4
Dune profile:    dev
OCaml version:   4.14.2
OCaml flambda:   true
Build time:      2024-09-05T14:17:42

cat compile_commands.json 
[
  {
    "arguments": [
      "/usr/bin/gcc",
      "-Wimplicit",
      "-Wparentheses",
      "-Wsequence-point",
      "-Wreturn-type",
      "-Wcast-qual",
      "-Wall",
      "-Wno-unknown-pragmas",
      "-Wno-long-long",
      "-Wall",
      "-pthread",
      "-I/usr/include/glib-2.0",
      "-I/usr/lib/x86_64-linux-gnu/glib-2.0/include",
      "-O3",
      "-c",
      "-o",
      "executeHTTP.o",
      "executeHTTP.c"
    ],
    "directory": "/home/ubuntu/nbclient/http",
    "file": "/home/ubuntu/nbclient/http/executeHTTP.c",
    "output": "/home/ubuntu/nbclient/http/executeHTTP.o"
  }
]

[pvouzis]

Then I installed it again from master (not from the release) and I don't get the parsing error, butI get the following error:

Fatal error: exception LibraryDsl.Pattern.Expected("Library function is called with more arguments than expected.")

Before that there a bunch of warnings, if that helps (these are only the last few before the error):

 /home/ubuntu/analyzer-master/goblint compile_commands.json 
gcc: warning: nbagent_main.o: linker input file unused because linking not done
gcc: warning: communication/communication.o: linker input file unused because linking not done
gcc: warning: communication/tcp.o: linker input file unused because linking not done
gcc: warning: communication/websocket.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/agent_info.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/command.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/global_thread.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/heartbeat.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/test_handler.o: linker input file unused because linking not done
gcc: warning: agent_mgmt/watchdog.o: linker input file unused because linking not done
gcc: warning: agent_utilities/common_utils.o: linker input file unused because linking not done
gcc: warning: agent_utilities/json_parsing.o: linker input file unused because linking not done
gcc: warning: agent_utilities/logging.o: linker input file unused because linking not done
gcc: warning: agent_utilities/log_print.o: linker input file unused because linking not done
gcc: warning: interface_mgmt/interface_mgmt.o: linker input file unused because linking not done
gcc: warning: interface_mgmt/wireless.o: linker input file unused because linking not done
gcc: warning: ping/libping.a: linker input file unused because linking not done
gcc: warning: dns/libdns.a: linker input file unused because linking not done
gcc: warning: http/libhttp.a: linker input file unused because linking not done
gcc: warning: traceroute/libtracert.a: linker input file unused because linking not done
gcc: warning: iperf/libiperf.a: linker input file unused because linking not done
gcc: warning: port/libport.a: linker input file unused because linking not done
gcc: warning: speed/libspeed.a: linker input file unused because linking not done
gcc: warning: voip/libvoip.a: linker input file unused because linking not done
gcc: warning: configure/libconfigure.a: linker input file unused because linking not done
gcc: warning: system_command/libsystemcommand.a: linker input file unused because linking not done
gcc: warning: wifi/libwifi.a: linker input file unused because linking not done
gcc: warning: path/libpath.a: linker input file unused because linking not done
gcc: warning: capture/libcapture.a: linker input file unused because linking not done
gcc: warning: /usr/local/lib/libjansson.a: linker input file unused because linking not done
gcc: warning: /usr/local/lib/libwebsockets.a: linker input file unused because linking not done
/usr/include/string.h:444: Warning: Incompatible declaration for strerror_r (from /home/ubuntu/nbclient/.goblint/preprocessed/ping/executePing.i(16)).
 Previous was at /usr/include/string.h:432 (from /home/ubuntu/nbclient/.goblint/preprocessed/nbagent_main.i (0)) (different type constructors: int  vs. char *) 
/usr/include/string.h:432: Warning: Incompatible declaration for strerror_r (from /home/ubuntu/nbclient/.goblint/preprocessed/dns/executeDNS.i(17)).
 Previous was at /usr/include/string.h:444 (from /home/ubuntu/nbclient/.goblint/preprocessed/ping/executePing.i (16)) (different type constructors: char * vs. int ) 
/usr/include/string.h:444: Warning: Incompatible declaration for strerror_r (from /home/ubuntu/nbclient/.goblint/preprocessed/system_command/system_command.i(25)).
 Previous was at /usr/include/string.h:432 (from /home/ubuntu/nbclient/.goblint/preprocessed/dns/executeDNS.i (17)) (different type constructors: int  vs. char *) 
/usr/include/string.h:432: Warning: Incompatible declaration for strerror_r (from /home/ubuntu/nbclient/.goblint/preprocessed/wifi/wifi.i(26)).
 Previous was at /usr/include/string.h:444 (from /home/ubuntu/nbclient/.goblint/preprocessed/system_command/system_command.i (25)) (different type constructors: char * vs. int ) 
/usr/include/stdio.h:350: Warning: The name fprintf is used for two distinct globals
/usr/include/stdio.h:356: Warning: The name printf is used for two distinct globals
/usr/include/stdio.h:358: Warning: The name sprintf is used for two distinct globals
/usr/include/stdio.h:365: Warning: The name vfprintf is used for two distinct globals
/usr/include/stdio.h:371: Warning: The name vprintf is used for two distinct globals
/usr/include/stdio.h:373: Warning: The name vsprintf is used for two distinct globals
/usr/include/stdio.h:378: Warning: The name snprintf is used for two distinct globals
/usr/include/stdio.h:382: Warning: The name vsnprintf is used for two distinct globals
/usr/include/stdio.h:403: Warning: The name vdprintf is used for two distinct globals

...
...


/usr/include/string.h:61: Warning: The name memset is used for two distinct globals
/usr/include/string.h:141: Warning: The name strcpy is used for two distinct globals
/usr/include/string.h:144: Warning: The name strncpy is used for two distinct globals
/usr/include/string.h:149: Warning: The name strcat is used for two distinct globals
/usr/include/string.h:152: Warning: The name strncat is used for two distinct globals
/usr/include/strings.h:38: Warning: The name bcopy is used for two distinct globals
/usr/include/strings.h:42: Warning: The name bzero is used for two distinct globals
/usr/include/string.h:466: Warning: The name explicit_bzero is used for two distinct globals
/usr/include/string.h:491: Warning: The name stpcpy is used for two distinct globals
/usr/include/string.h:499: Warning: The name stpncpy is used for two distinct globals
/usr/include/x86_64-linux-gnu/bits/socket.h:307: Warning: The name __cmsg_nxthdr is used for two distinct globals
/usr/include/x86_64-linux-gnu/sys/socket.h:145: Warning: The name recv is used for two distinct globals
/usr/include/x86_64-linux-gnu/sys/socket.h:163: Warning: The name recvfrom is used for two distinct globals
/usr/include/unistd.h:371: Warning: The name read is used for two distinct globals
/usr/include/unistd.h:531: Warning: The name getcwd is used for two distinct globals
/usr/include/unistd.h:545: Warning: The name getwd is used for two distinct globals
/usr/include/unistd.h:644: Warning: The name confstr is used for two distinct globals
/usr/include/unistd.h:711: Warning: The name getgroups is used for two distinct globals
/usr/include/unistd.h:803: Warning: The name ttyname_r is used for two distinct globals
/usr/include/unistd.h:838: Warning: The name readlink is used for two distinct globals
/usr/include/unistd.h:851: Warning: The name readlinkat is used for two distinct globals
/usr/include/unistd.h:889: Warning: The name getlogin_r is used for two distinct globals
/usr/include/unistd.h:911: Warning: The name gethostname is used for two distinct globals
/usr/include/unistd.h:930: Warning: The name getdomainname is used for two distinct globals
/usr/include/pthread.h:276: Warning: The name pthread_equal is used for two distinct globals
/usr/include/pthread.h:276: Warning: The name pthread_equal is used for two distinct globals
/home/ubuntu/analyzer-master/lib/libc/stub/src/stdlib.c:37: Warning: The name bsearch is used for two distinct globals
/home/ubuntu/analyzer-master/lib/libc/stub/src/stdlib.c:38: Warning: The name bsearch is used for two distinct globals
Fatal error: exception LibraryDsl.Pattern.Expected("Library function is called with more arguments than expected.")

[sim642]

The initial parsing error seems to be something we fixed in CIL since our latest release: goblint/cil#172. That's why it no longer appears on master.

The library function exception is easier to debug on the branch of unmerged PR #1560. On that branch, running Goblint with -v should output Marked with function ... in the exception backtrace somewhere.
It could be that we have some library function specification wrong (in libraryFunctions.ml), but I suspect another problem.

Somehow the compilation database only contains one file, but the GCC warnings (which I haven't seen before) suggest that the project consists of more than one C source file. If Goblint is given only some files and they call a function whose definition is missing, then it expects that to come from some standard library. But maybe that function has the name of a standard function (e.g. error) but is defined in another file (with different arguments than standard).
Compilation database generation (e.g. with bear) requires make clean (or equivalent) beforehand, such that the following call for database generation indeed goes through all files in the project and lists them in the database for Goblint to see. Otherwise, make might rebuild just some files and the database will end up only containing those, giving an incomplete view of the project.

[pvouzis]

I did create a database of the whole code with bear. Above, I wanted to show a smaller fraction of the compile code rather the whole thing that was overwhelming. In both cases, I was getting the same error.

I compiled from PR #1560 and I am running it now. I get output like the following.

Do these memory statics mean that it's swapping, because it's taking a while.

[Debug] Constructors: 
[Debug] Adding constructors to: main
[Debug] And now...  the Goblin!
[Debug] Startfuns: [main]
Exitfuns: []
Otherfuns: []
[Debug] Activated analyses: expRelation, base, threadid, threadflag, threadreturn, escape, mutexEvents, mutex, access, race, mallocWrapper, mhp, assert, pthreadMutexType
[Debug] Activated transformations: 
[Debug] Generating the control flow graph.
[Debug] cfgF (bindings=38609 buckets=32768 max_length=4 histo=5663,15750,11208,145,2 load=1.178254), cfgB (bindings=38606 buckets=32768 max_length=3 histo=5663,15776,11157,172 load=1.178162)
[Debug] Initializing 21 globals.
[Debug] Executing 256 assigns.
[Debug] Solving the constraint system with td3. Solver statistics are shown every 10s or by signal sigusr1.

[Debug] Unstable solver start vars in 1. phase:
[Debug] 	L:call of main (47460) on nbagent_main.c:252:1-1073:1


[Info] runtime: 00:00:56.353
[Info] vars: 44811, evals: 53424

[Debug] |rho|=44811
[Debug] |stable|=44073
[Debug] |infl|=44751
[Debug] |wpoint|=1
[Debug] |sides|=3121
[Debug] |side_dep|=0
[Debug] |side_infl|=0
[Debug] |var_messages|=0
[Debug] |rho_write|=0
[Debug] |dep|=38819
[Info] |called|=60
[Debug] Found 2142 contexts for 83 functions. Top 5 functions:
[Debug] 593	contexts for L:entry state of strncpy (1407755) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:1-97:1
[Debug] 562	contexts for L:entry state of logPrint (34985) on agent_utilities/log_print.c:23:1-104:1
[Debug] 202	contexts for L:entry state of snprintf (1407718) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:1-74:1
[Debug] 187	contexts for L:entry state of Strncpy (46482) on agent_utilities/common_utils.c:409:1-425:1
[Debug] 69	contexts for L:entry state of fprintf (1407712) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:102:1-107:1

Memory statistics: total=41255.25MB, max=1420.53MB, minor=41180.41MB, major=1793.40MB, promoted=1718.56MB
    minor collections=19655  major collections=21 compactions=0


[Info] runtime: 00:01:22.912
[Info] vars: 84658, evals: 109652

[Debug] |rho|=84658
[Debug] |stable|=83096
[Debug] |infl|=84615
[Debug] |wpoint|=9
[Debug] |sides|=5733
[Debug] |side_dep|=0
[Debug] |side_infl|=0
[Debug] |var_messages|=0
[Debug] |rho_write|=0
[Debug] |dep|=73127
[Info] |called|=235
[Debug] Found 3960 contexts for 142 functions. Top 5 functions:
[Debug] 1071	contexts for L:entry state of strncpy (1407755) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:1-97:1
[Debug] 1032	contexts for L:entry state of logPrint (34985) on agent_utilities/log_print.c:23:1-104:1
[Debug] 429	contexts for L:entry state of Strncpy (46482) on agent_utilities/common_utils.c:409:1-425:1
[Debug] 388	contexts for L:entry state of snprintf (1407718) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:1-74:1
[Debug] 108	contexts for L:entry state of fprintf (1407712) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:102:1-107:1

Memory statistics: total=71923.72MB, max=1420.53MB, minor=71843.08MB, major=2056.46MB, promoted=1975.82MB
    minor collections=34277  major collections=22 compactions=0


[Info] runtime: 00:01:49.508
[Info] vars: 124106, evals: 164471

[Debug] |rho|=124106
[Debug] |stable|=123621
[Debug] |infl|=124033
[Debug] |wpoint|=4
[Debug] |sides|=7648
[Debug] |side_dep|=0
[Debug] |side_infl|=0
[Debug] |var_messages|=0
[Debug] |rho_write|=0
[Debug] |dep|=108763
[Info] |called|=73
[Debug] Found 5771 contexts for 145 functions. Top 5 functions:
[Debug] 1549	contexts for L:entry state of strncpy (1407755) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:1-97:1
[Debug] 1504	contexts for L:entry state of logPrint (34985) on agent_utilities/log_print.c:23:1-104:1
[Debug] 683	contexts for L:entry state of Strncpy (46482) on agent_utilities/common_utils.c:409:1-425:1
[Debug] 599	contexts for L:entry state of snprintf (1407718) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:1-74:1
[Debug] 128	contexts for L:entry state of strncat (1407757) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:134:1-140:1

Memory statistics: total=108053.35MB, max=1633.61MB, minor=107970.82MB, major=2338.76MB, promoted=2256.23MB
    minor collections=51504  major collections=22 compactions=0


[Info] runtime: 00:02:15.563
[Info] vars: 161576, evals: 219281

[Debug] |rho|=161576
[Debug] |stable|=156460
[Debug] |infl|=161469
[Debug] |wpoint|=14
[Debug] |sides|=9834
[Debug] |side_dep|=0
[Debug] |side_infl|=0
[Debug] |var_messages|=0
[Debug] |rho_write|=0
[Debug] |dep|=141885
[Info] |called|=159
[Debug] Found 7673 contexts for 157 functions. Top 5 functions:
[Debug] 2148	contexts for L:entry state of strncpy (1407755) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:1-97:1
[Debug] 2077	contexts for L:entry state of logPrint (34985) on agent_utilities/log_print.c:23:1-104:1
[Debug] 812	contexts for L:entry state of Strncpy (46482) on agent_utilities/common_utils.c:409:1-425:1
[Debug] 722	contexts for L:entry state of snprintf (1407718) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:1-74:1
[Debug] 179	contexts for L:entry state of strncat (1407757) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:134:1-140:1

Memory statistics: total=146308.61MB, max=1878.66MB, minor=146215.57MB, major=2635.75MB, promoted=2542.71MB
    minor collections=69743  major collections=23 compactions=0


[Info] runtime: 00:11:09.381
[Info] vars: 181753, evals: 244077

[Debug] |rho|=181753
[Debug] |stable|=176652
[Debug] |infl|=181646
[Debug] |wpoint|=14
[Debug] |sides|=10722
[Debug] |side_dep|=0
[Debug] |side_infl|=0
[Debug] |var_messages|=0
[Debug] |rho_write|=0
[Debug] |dep|=160308
[Info] |called|=154
[Debug] Found 8497 contexts for 159 functions. Top 5 functions:
[Debug] 2275	contexts for L:entry state of strncpy (1407755) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:1-97:1
[Debug] 2232	contexts for L:entry state of logPrint (34985) on agent_utilities/log_print.c:23:1-104:1
[Debug] 1024	contexts for L:entry state of Strncpy (46482) on agent_utilities/common_utils.c:409:1-425:1
[Debug] 868	contexts for L:entry state of snprintf (1407718) on /usr/include/x86_64-linux-gnu/bits/stdio2.h:67:1-74:1
[Debug] 198	contexts for L:entry state of strncat (1407757) on /usr/include/x86_64-linux-gnu/bits/string_fortified.h:134:1-140:1

Memory statistics: total=163725.49MB, max=1878.66MB, minor=163631.54MB, major=2765.13MB, promoted=2671.19MB
    minor collections=78048  major collections=23 compactions=0

[sim642]

Above, I wanted to show a smaller fraction of the compile code rather the whole thing that was overwhelming

I see. Soundly analyzing incomplete programs is difficult though. For example, if a function is called whose body is unknown, it may do absolutely everything (including modifying all global variables arbitrarily). Goblint does support that (when the missing function's name doesn't match a standard library one, causing the crash you saw), but the resulting analysis is likely to be very imprecise as a result.

Do these memory statics mean that it's swapping, because it's taking a while.

These messages every 10 seconds simply indicate that the analysis is still running. It's unlikely to be swapping in this case: the maximum memory usage is under 2GB.

You could try the large-program configuration as suggested here: https://goblint.readthedocs.io/en/latest/user-guide/configuring/.

Alternatively, you could try something similar to your earlier attempt, but instead of excluding some files altogether, comment out calls to some (possibly large) parts of the program that you believe are irrelevant to what you're interested in. But of course that won't be sound w.r.t. to the entire program either.
The output above indicates Goblint analyzing some logging functions a lot. If it's possible to disable logging via preprocessing, that might also help to avoid spending time analyzing lots of logging code which likely isn't the actual logic you're interested in analyzing.

[pvouzis]

logPrint is called way too many times. Does goblint have a way to ask it to ignore it?

The previous output was on an Ubuntu VM. Actually, if I let it run it goes for 15-20 minutes, and the gets killed. I incrased the VM memory and CPUs to see if that helps.

Now I set it up on Mac as well, and know I see the syntax error. This doesn't come up on Linux. There are some changes in the compilation between Linux and MacOS.

Frontc is parsing /Users/panagiotisvouzis/Documents/nbclient/.goblint/preprocessed/ping/executePing.i
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/_stdio.h[137:9-18] : syntax error
Parsing errorFatal error: exception Goblint_lib__Maingoblint.FrontendError("Frontc.ParseError: Parse error")
Raised at Goblint_lib__Maingoblint.parse_preprocessed.get_ast_and_record_deps in file "src/maingoblint.ml", line 485, characters 6-70
Called from BatList.map in file "src/batList.ml", line 246, characters 23-28
Called from Goblint_lib__Maingoblint.preprocess_parse_merge in file "src/maingoblint.ml", line 520, characters 2-45
Called from Stdlib__Fun.protect in file "fun.ml", line 33, characters 8-15
Re-raised at Stdlib__Fun.protect in file "fun.ml", line 38, characters 6-52
Called from CamlinternalLazy.force_lazy_block in file "camlinternalLazy.ml", line 31, characters 17-27
Re-raised at CamlinternalLazy.force_lazy_block in file "camlinternalLazy.ml", line 36, characters 4-11
Called from Dune__exe__Goblint.main in file "src/goblint.ml", line 52, characters 17-32
Called from Stdlib.at_exit.new_exit in file "stdlib.ml", line 560, characters 59-63
Called from Stdlib.do_at_exit in file "stdlib.ml" (inlined), line 566, characters 20-61
Called from Std_exit in file "std_exit.ml", line 18, characters 8-20

[pvouzis]

After increasing the VM memory it finished the analysis in 2460 seconds.

[pvouzis]

Is there an introductory documentation on how to interpret the results?

Are there specific keywords I should search for in the output?

Also, how about false positives and false negatives? What should I expect?

[sim642]

After increasing the VM memory it finished the analysis in 2460 seconds.

Just wondering: is this with the default configuration on the entire project or did you need to do some simplifications (large-program configuration/excluding some code) to get to that?

Is there an introductory documentation on how to interpret the results?

Are there specific keywords I should search for in the output?

We don't really have such documentation. If you ran in verbose mode (-v), then the output will contain lots of debug "garbage" which probably isn't too meaningful without knowing Goblint's internals anyway. The lines you should care about are those starting with [Warning] or [Error]. Hopefully those are understandable without knowing Goblint deeply.

Also, how about false positives and false negatives? What should I expect?

Goblint intends to be sound, so there should be no false negatives (up to implementation errors in Goblint). If a problem can appear in real execution, then there should be a Goblint warning about it.
However, due to over-approximations, there will likely be a lot of warnings on any real-world project. Many of those are likely false positives. We don't have too many ways to manage those, but there are some ways to help Goblint using annotations: https://goblint.readthedocs.io/en/latest/user-guide/annotating/.

[pvouzis]

I used the large program simplification as you suggested, and also let it run with the default configuration. I think the running time is acceptable for what I do.

For example, I get the following output

[Warning][Race] Memory location (alloc@sid:18593) (race with conf. 110): (agent_mgmt/watchdog.c:100:29-100:106)
  free with [] (conf. 110)  (exp: (void *)watchdogFileThreadData) (agent_mgmt/watchdog.c:57:5-57:33)

I was mostly interested in detecting any race condition with goblint. By the way, is there a configuration file that I can use that filters only race conditions?

A couple of questions:

1. What are the "conf. 100", "conf. 110" messages?
2. I am not sure what kind of race is this.
   Line 100 is the following:

watchdogFileThreadData_t* newSb = (watchdogFileThreadData_t*)malloc(sizeof(watchdogFileThreadData_t));`

and line 57 is

free(watchdogFileThreadData);

To you give you some background, newSb is allocated by the main thread and holds the data needed by the watchdogFileThread thread which is also launched by the main thread. Then in watchdogFileThread newSb is free'ed.

I have executed the program with address and thread sanitization, as well as valgring for with memcheck and helgrind.

I haven't seen this issue popping up.

I am trying to understand if this is a valid race condition issue or a false positive.

[sim642]

The "conf." stands for "confidence", but it can practically be ignored. It's more of a historical thing that roughly tried to convey, how directly (or indirectly through pointers) the access happens.

The race warning should be interpreted as follows. The race is on a pseudo-variable (alloc@sid:18593) which corresponds to whatever is dynamically allocated by malloc on line 100. This pseudo-variable is an aggregate of all allocations at that point if it may be reached multiple times.
The racy access of that memory is the call of free on line 57. The [] indicates that Goblint doesn't have any information about it that could be used to rule out races. In particular, the access isn't even by a unique thread (according to Goblint), so Goblint thinks there may be multiple threads freeing the same pseudo-variable simultaneously, which would be a problem.

This perhaps isn't the usual kind of race one is looking for, so it can be disabled using --disable ana.race.free on the command line (or equivalently modifying the option in a JSON conf file). Goblint has possibly more precise multithreaded use-after-free/double-free analysis which isn't activated by default.

There are options to hide various warnings, e.g. --disable warn.behavior would hide warnings about various undefined-behavior. Race warnings are covered by a separate warn.race option which is enabled by default. Goblint options are defined using a schema which is visualized here: https://goblint.readthedocs.io/en/latest/jsfh/options.schema.html; although it's not very easy to search.

[pvouzis]

Got it. Thanks.