Frama-C Bug Tracking System - Frama-C
View Issue Details
0001059Frama-CKernelpublic2012-01-07 17:362014-02-12 16:58
pascal 
virgile 
normalmajoralways
closedfixed 
Frama-C Nitrogen-20111001 
Frama-C Oxygen-20120901 
0001059: Undefined behavior with embedded assignment goes undetected
It seems to me that the following program exhibits undefined behavior due to a= and ++a not being separated by a sequence point.

int main() {
    int a = 1;
    int b = 0;

    if (a = b || ++a == 2)
        printf("T: a=%i, b=%i", a, b);
    else
        printf("F: a=%i, b=%i", a, b);

    return 0;
}

But the following command gives no sign that the undefined behavior is detected:


$ bin/toplevel.opt -unspecified-access -val t.c -print
[kernel] preprocessing with "gcc -C -E -I. t.c"
[value] Analyzing a complete application starting at main
[value] Computing initial state
[value] Initial state computed
[value] Values of globals at initialization
[value] computing for function printf <- main.
        Called from t.c:6.
[kernel] warning: No code for function printf, default assigns generated
[value] Done for function printf
[value] Recording results for main
[value] done for function main
[value] ====== VALUES COMPUTED ======
[value] Values at end of function main:
          a ? {1}
          b ? {0}
          __retres ? {0}
/* Generated by Frama-C */
/*@ behavior generated:
      assigns \at(\result,Post) \from \nothing; */
extern int ( /* missing proto */ printf)();
int main(void)
{
  int __retres;
  int a;
  int b;
  int tmp;
  a = 1;
  b = 0;
  if (b) { tmp = 1; }
  else {
    a ++;
    if (a == 2) { tmp = 1; } else { tmp = 0; } }
  a = tmp;
  if (a) { printf("T: a=%i, b=%i",a,b); }
  else { printf("F: a=%i, b=%i",a,b); }
  __retres = 0;
  return (__retres);
}
No tags attached.
Issue History
2012-01-07 17:36pascalNew Issue
2012-01-07 17:36pascalStatusnew => assigned
2012-01-07 17:36pascalAssigned To => virgile
2012-01-08 13:41pascalNote Added: 0002572
2012-09-05 18:51svnCheckin
2012-09-05 18:51svnStatusassigned => resolved
2012-09-05 18:51svnResolutionopen => fixed
2012-09-19 17:15signolesFixed in Version => Frama-C Oxygen-20120901
2012-09-19 17:16signolesStatusresolved => closed
2014-02-12 16:58Note Added: 0004619
2014-02-12 16:58Statusclosed => resolved

Notes
(0002572)
pascal   
2012-01-08 13:41   
Note that the condition is parsed (a = (b || ++a == 2)). This much is apparently correct.
(0004619)
   
2014-02-12 16:58   
Fix committed to stable/neon branch.