| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0000414 | Frama-C | Plug-in > Eva | public | 2010-02-19 14:37 | 2010-04-13 15:33 | ||||
| Reporter | sduprat | ||||||||
| Assigned To | pascal | ||||||||
| Priority | normal | Severity | feature | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | Frama-C Beryllium-20090902 | ||||||||
| Target Version | Fixed in Version | Frama-C Boron-20100401 | |||||||
| Summary | 0000414: imprecision in widening/narrowing for char and short index | ||||||||
| Description | Hello Stéphane, > Depending the type of i, the range is not the same. > The range of i in the loop is [0..10] (for int) or [0..15] for char or > short. _____ void main(void) { char i=0; int j=0; while (i<10) i++; while (j<10) j++; } [value] ====== VALUES COMPUTED ====== [value] Values for function main: i IN {10; 11; 12; 13; 14; 15; } j IN {10; } _____ It's interesting that you noticed this behavior, because I fixed a comparable problem on short notice this summer for an intern who had to demo his plug-in the following week. Note that the AST for the two loops is different: i = (char)0; j = 0; while ((int )i < 10) {i = (char )((int )i + 1);} while (j < 10) {j ++;} CIL transforms the code thus because the C standard specifies that operators such as ++ do not operate on types smaller than int, and that values of these types are implicitly promoted to int in these conditions. Meanwhile, in the absence of any loop-related option, the value analysis tries to keep computations short at the price of precision by using a technique called "widening". In order to limit the loss of precision, however, various heuristics are used, including a syntactic one for the j loop that recognizes that j IN [0..10] is a good candidate for the loop invariant. This heuristic does not currently recognize the condition ((int )i < 10) as one where it would be valuable to try the same kind of invariant. I have filed this issue as "feature wish" in the Bug Tracking System, so that it is not forgotten. http://bts.frama-c.com/view.php?id=325 Pascal | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
| Notes |
|
|
pascal (reporter) 2010-02-19 16:10 |
Stéphane, quand je dis que je mets une idée dans le BTS et que je donne le numéro, pas la peine de re-soumettre la même pour me rappeler, il suffit de t'abonner à ce bug report ou de voter dessus. |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-02-19 14:37 | sduprat | New Issue | |
| 2010-02-19 14:37 | sduprat | Status | new => assigned |
| 2010-02-19 14:37 | sduprat | Assigned To | => pascal |
| 2010-02-19 14:46 | pascal | Relationship added | duplicate of 0000325 |
| 2010-02-19 16:10 | pascal | Note Added: 0000703 | |
| 2010-02-19 16:11 | pascal | Status | assigned => resolved |
| 2010-02-19 16:11 | pascal | Resolution | open => fixed |
| 2010-04-13 15:30 | signoles | Status | resolved => new |
| 2010-04-13 15:31 | signoles | Status | new => closed |
| 2010-04-13 15:33 | signoles | Fixed in Version | => Frama-C Boron |
| 2018-01-12 14:26 | signoles | Category | Plug-in > value analysis => Plug-in > Eva |
| Issue History |