Frama-C Bug Tracking System - Frama-C
View Issue Details
0001768Frama-CPlug-in > slicingpublic2014-04-30 22:332015-03-17 22:18
nguenaomer 
patrick 
normalcrashalways
closedfixed 
PCUbuntu 13.04
Frama-C Fluorine-20130601 
Frama-C Sodium 
0001768: Crah with the option -ulevel
When I execute $frama-c fsm.c -main main -slice-pragma main -ulevel 10 -then-on 'Slicing export' -print frama-c get crash with the following part of the log: [slicing] making slicing project 'Slicing'... [slicing] interpreting slicing requests from the command line... [kernel] Current source was: fsm.c:46 The full backtrace is: Raised at file "src/logic/logic_interp.ml", line 796, characters 6-39 Called from file "list.ml", line 75, characters 12-15
Here is fsm.c: int choix ; int state = 1; int cumul =0 ; int step =0; //initialisation /*@ ensures \result==0 || \result==1 || \result==2 ; */ int choisir() ; void lecture() { choix = choisir() ; } void fsm_transition() { switch (state) { case 1: if (choix == 2) { cumul = cumul +2 ; state = 2 ; } else cumul++; break ; case 2: if ((step==50) && (choix==1)) state = 3 ; else cumul++ ; break ; case 3: if ((choix==0) && (cumul==10)) state = 1; default: break ; } } int main() { while (step>=0){ lecture() ; fsm_transition() ; if (state == 3) { /*@ slice pragma ctrl ;*/ break ; } step ++ ; } return 0 ; }
the program produce an output with the option -slevel
No tags attached.
has duplicate 0001906closed patrick Crash in the case of multiple pragma statements 
Issue History
2014-04-30 22:33nguenaomerNew Issue
2014-05-01 00:06yakobowskiNote Added: 0005065
2014-05-01 00:19nguenaomerNote Added: 0005066
2014-05-14 17:22patrickNote Added: 0005093
2014-05-14 17:24signolesAssigned To => patrick
2014-05-14 17:24signolesStatusnew => assigned
2014-05-14 17:26patrickStatusassigned => resolved
2014-05-14 17:26patrickResolutionopen => fixed
2014-05-16 11:11yakobowskiNote Added: 0005101
2014-08-06 16:09patrickRelationship addedhas duplicate 0001906
2015-03-17 22:17signolesFixed in Version => Frama-C Sodium
2015-03-17 22:18signolesStatusresolved => closed

Notes
(0005065)
yakobowski   
2014-05-01 00:06   
Multiple slicing pragma inside a single function are currently not supported. Unfortunately, this property is not properly checked, and analysing a code that does not honor it leads to the crash you observe. In your example, your unique slice pragma is duplicated when the loop is unrolled. If you have compiled Frama-C from source, you can remove the assertion at src/logic/logic_interp.ml:796. I'm reasonably sure that for simple cases, including yours, it is not needed.
(0005066)
nguenaomer   
2014-05-01 00:19   
Thank you for this helful reply ! However, I will not change the source of frama-c. I still wonder why the -ulevel option keeps loop in the program after the unfoldings. Thanks $frama-c fsm.c -ulevel 10 -print [kernel] preprocessing with "gcc -C -E -I. fsm.c" /* Generated by Frama-C */ int choix; int state = 1; int cumul = 0; int step = 0; /*@ ensures (\result ≡ 0 ∨ \result ≡ 1) ∨ \result ≡ 2; */ extern int choisir(); void lecture(void) { choix = choisir(); return; } void fsm_transition(void) { switch (state) { case 1: ; if (choix == 2) { cumul += 2; state = 2; } else cumul ++; break; case 2: ; if (step == 50) if (choix == 1) state = 3; else cumul ++; else cumul ++; break; case 3: ; if (choix == 0) if (cumul == 10) state = 1; default: ; break; } return; } int main(void) { int __retres; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_12_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_11_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_10_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_9_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_8_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_7_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_6_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_5_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_4_loop: /* internal */ ; if (! (step >= 0)) goto unrolling_2_loop; lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; goto unrolling_2_loop; } step ++; unrolling_3_loop: /* internal */ ; while (step >= 0) { lecture(); fsm_transition(); if (state == 3) { /*@ slice pragma ctrl; */ ; break; } step ++; } unrolling_2_loop: /* internal */ ; __retres = 0; return __retres; }
(0005093)
patrick   
2014-05-14 17:22   
Fixed in removing assertion at src/logic/logic_interp.ml:796.
(0005101)
yakobowski   
2014-05-16 11:11   
~5066 : the subpart of Frama-C that performs loop unrolling does not try to "understand" loops. It just copies the body N times. As it cannot guarantee that the loop is fully unrolled, the body is kept in case it gets executed. If the loop is fully unrolled and you want to remove its body (after Value has ran), you can use the Sparecode plugin. It is seems similar to Slicing, but remove all dead code. Furthermore, it will also remove quite a few other things, like useless conditional tests that stem from the loop condition.