| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0001059 | Frama-C | Kernel | public | 2012-01-07 17:36 | 2014-02-12 16:58 | ||||
| Reporter | pascal | ||||||||
| Assigned To | virgile | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | Frama-C Nitrogen-20111001 | ||||||||
| Target Version | Fixed in Version | Frama-C Oxygen-20120901 | |||||||
| Summary | 0001059: Undefined behavior with embedded assignment goes undetected | ||||||||
| Description | It seems to me that the following program exhibits undefined behavior due to a= and ++a not being separated by a sequence point. int main() { int a = 1; int b = 0; if (a = b || ++a == 2) printf("T: a=%i, b=%i", a, b); else printf("F: a=%i, b=%i", a, b); return 0; } But the following command gives no sign that the undefined behavior is detected: $ bin/toplevel.opt -unspecified-access -val t.c -print [kernel] preprocessing with "gcc -C -E -I. t.c" [value] Analyzing a complete application starting at main [value] Computing initial state [value] Initial state computed [value] Values of globals at initialization [value] computing for function printf <- main. Called from t.c:6. [kernel] warning: No code for function printf, default assigns generated [value] Done for function printf [value] Recording results for main [value] done for function main [value] ====== VALUES COMPUTED ====== [value] Values at end of function main: a ? {1} b ? {0} __retres ? {0} /* Generated by Frama-C */ /*@ behavior generated: assigns \at(\result,Post) \from \nothing; */ extern int ( /* missing proto */ printf)(); int main(void) { int __retres; int a; int b; int tmp; a = 1; b = 0; if (b) { tmp = 1; } else { a ++; if (a == 2) { tmp = 1; } else { tmp = 0; } } a = tmp; if (a) { printf("T: a=%i, b=%i",a,b); } else { printf("F: a=%i, b=%i",a,b); } __retres = 0; return (__retres); } | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
|
pascal (reporter) 2012-01-08 13:41 |
Note that the condition is parsed (a = (b || ++a == 2)). This much is apparently correct. |
|
2014-02-12 16:58 |
Fix committed to stable/neon branch. |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-01-07 17:36 | pascal | New Issue | |
| 2012-01-07 17:36 | pascal | Status | new => assigned |
| 2012-01-07 17:36 | pascal | Assigned To | => virgile |
| 2012-01-08 13:41 | pascal | Note Added: 0002572 | |
| 2012-09-05 18:51 | svn | ||
| 2012-09-05 18:51 | svn | Status | assigned => resolved |
| 2012-09-05 18:51 | svn | Resolution | open => fixed |
| 2012-09-19 17:15 | signoles | Fixed in Version | => Frama-C Oxygen-20120901 |
| 2012-09-19 17:16 | signoles | Status | resolved => closed |
| 2013-12-19 01:11 | Source_changeset_attached | => framac master 4ff3cfac | |
| 2014-02-12 16:53 | Source_changeset_attached | => framac stable/neon 4ff3cfac | |
| 2014-02-12 16:58 | Note Added: 0004619 | ||
| 2014-02-12 16:58 | Status | closed => resolved | |
| Issue History |