Frama-C Bug Tracking System - Frama-C
View Issue Details
0000997Frama-CPlug-in > Evapublic2011-10-23 11:372012-09-19 17:16
yakobowski 
yakobowski 
normalminoralways
closedfixed 
Frama-C Nitrogen-20111001 
Frama-C Oxygen-20120901 
0000997: Warnings in presence of Top floats
Consider the following program analyzed with frama-c -val -absolute-valid-range 0-100 const short max = 255; const short min = 0; extern float u[256]; float main () { short r; float f = *((float *)18); // assert -3.40282346639e+38 <= f <= 3.40282346639e+38; int j = 2; // To be able to see the value of f in the gui if(f >= max) r = max; else if (f <= min) r = min; else r = f + 0.5; return u[r]; } The results are not optimal, as the access to u[r] is not proven correct. The reason is as follows: with a "normal" float, the reductions within the 'if' take place normally, and r belongs to [0..255]. However, here we have a Topint inside a float, and the reduction does not happen. If we activate the assertion to help the user, the result is worse: the assertion is incorrectly proven correct, as the conversion to a finite float happens before the truth value of the assertion is computed. Moreover, since the assertion is "correct", no reduction by the assertion occurs, and the access to u[r] is still not correct.
No tags attached.
Issue History
2011-10-23 11:37yakobowskiNew Issue
2011-10-23 11:37yakobowskiStatusnew => assigned
2011-10-23 11:37yakobowskiAssigned To => pascal
2011-10-23 13:51svnCheckin
2011-10-23 18:48yakobowskiAssigned Topascal => yakobowski
2011-10-24 11:29yakobowskiNote Added: 0002422
2011-10-24 11:29yakobowskiStatusassigned => resolved
2011-10-24 11:29yakobowskiResolutionopen => fixed
2011-11-21 23:38svnCheckin
2012-09-19 17:15signolesFixed in Version => Frama-C Oxygen-20120901
2012-09-19 17:16signolesStatusresolved => closed
2018-01-12 14:26signolesCategoryPlug-in > value analysis => Plug-in > Eva

Notes
(0002422)
yakobowski   
2011-10-24 11:29   
Fixed in revision 15912.