0000523: struct-type expression in loop-assigns causes crash

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0000523

Frama-C

Plug-in > jessie

public

2010-06-28 19:10

2010-12-18 11:19

Reporter

Jochen

Assigned To

cmarche

Priority

normal

Severity

crash

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

Frama-C Boron-20100401

Target Version

Fixed in Version

Frama-C Carbon-20101202-beta2

Summary

0000523: struct-type expression in loop-assigns causes crash

Description

When running the attached program, Jessie asked me to report a crash:

liveness_test.c:75:[jessie] failure: Unexpected failure.
                  Please submit bug report (Ref. "interp.ml:994:8").
[kernel] The full backtrace is:
         Raised at file "src/kernel/log.ml", line 506, characters 30-31
         Called from file "src/kernel/log.ml", line 500, characters 2-9
         Re-raised at file "src/kernel/log.ml", line 503, characters 8-9
         Called from file "src/lib/type.ml", line 746, characters 40-45
         Called from file "queue.ml", line 134, characters 6-20
         Called from file "src/kernel/boot.ml", line 50, characters 4-20
         Called from file "src/kernel/cmdline.ml", line 170, characters 4-8

         Plug-in jessie aborted because of an internal error.
         Please report as 'crash' at http://bts.frama-c.com [^]

It seems to be caused by the struct-type expression "hist[t]" in the loop-assigns clause in line 75. When I provide each struct-field by its own (see line 82; you can switch between both versions using the "#define" in line 3), Jessie works without problems.

Tags

No tags attached.

Attached Files

liveness_test.c [^] (1,730 bytes) 2010-06-28 19:10 [Show Content] [Hide Content]

// uncomment to demonstrate crash:
#define loopAssignsStruct

typedef int timeT;
typedef int speedT;
typedef int bool;

#define true		((bool)1)
#define false		((bool)0)

#define endOfTime	0x000fffff



/*@ ensures *sp < \old(*sp);
    assigns \nothing;
    //assigns *sp;
*/
extern void doBrake(speedT *sp);



/*@ ensures \result == true || \result == false;
    assigns \nothing;
*/
extern bool boolSensorValue(void);


/*@ 
    requires \valid(emState);
    requires \valid(sp);
    assigns *emState;
    ensures emButton ==> *emState;
    ensures !emButton && *sp == 0 ==> !*emState;
*/
void handleEmergency(
    bool emButton,
    bool *emState,
    speedT *sp)
{
    if (emButton) {
	*emState = true;
    } else if (*sp == 0) {
	*emState = false;
    }
    if (*emState)
	doBrake(sp);
}


struct _state {
    speedT speed;
    bool emState;
    bool emButton;
};

struct _state hist[endOfTime];

/*@ ensures \forall timeT t1; hist[t1].emButton
	==> \exists timeT t2; t2 >= t1 && hist[t2].speed == 0;
*/
void main(void)
{
    timeT t;
    speedT speed;
    bool emState;
    bool emButton;

    emState = false;
#ifdef loopAssignsStruct
    /*@ loop variant endOfTime - t;
	loop invariant 0 <= t <= endOfTime;
	loop invariant emButton ==> emState;
	loop assigns emButton,emState,speed,hist[t];
    */
#else
    /*@ loop variant endOfTime - t;
	loop invariant 0 <= t <= endOfTime;
	loop invariant emButton ==> emState;
	loop assigns emButton,emState,speed,
	     hist[t].speed,hist[t].emState,hist[t].emButton;
    */
#endif
    for (t=0; t<endOfTime; ++t) {
	emButton = boolSensorValue();
	handleEmergency(emButton,&emState,&speed);
	hist[t].speed = speed;
	hist[t].emState = emState;
	hist[t].emButton = emButton;
    }
}

Relationships

Notes
(0001318) cmarche (developer) 2010-12-16 17:18	Why 2.28 now outputs a better message.

Issue History
Date Modified	Username	Field	Change
2010-06-28 19:10	Jochen	New Issue
2010-06-28 19:10	Jochen	Status	new => assigned
2010-06-28 19:10	Jochen	Assigned To	=> cmarche
2010-06-28 19:10	Jochen	File Added: liveness_test.c
2010-12-16 17:18	cmarche	Note Added: 0001318
2010-12-16 17:18	cmarche	Status	assigned => resolved
2010-12-16 17:18	cmarche	Resolution	open => fixed
2010-12-18 11:18	signoles	Fixed in Version	=> Frama-C Carbon-20101202-beta2
2010-12-18 11:19	signoles	Status	resolved => closed