| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000523 | Frama-C | Plug-in > jessie | public | 2010-06-28 19:10 | 2010-12-18 11:19 |
|
| Reporter | Jochen | |
| Assigned To | cmarche | |
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | Frama-C Boron-20100401 | |
| Target Version | | Fixed in Version | Frama-C Carbon-20101202-beta2 | |
|
| Summary | 0000523: struct-type expression in loop-assigns causes crash |
| Description | When running the attached program, Jessie asked me to report a crash:
liveness_test.c:75:[jessie] failure: Unexpected failure.
Please submit bug report (Ref. "interp.ml:994:8").
[kernel] The full backtrace is:
Raised at file "src/kernel/log.ml", line 506, characters 30-31
Called from file "src/kernel/log.ml", line 500, characters 2-9
Re-raised at file "src/kernel/log.ml", line 503, characters 8-9
Called from file "src/lib/type.ml", line 746, characters 40-45
Called from file "queue.ml", line 134, characters 6-20
Called from file "src/kernel/boot.ml", line 50, characters 4-20
Called from file "src/kernel/cmdline.ml", line 170, characters 4-8
Plug-in jessie aborted because of an internal error.
Please report as 'crash' at http://bts.frama-c.com
It seems to be caused by the struct-type expression "hist[t]" in the loop-assigns clause in line 75. When I provide each struct-field by its own (see line 82; you can switch between both versions using the "#define" in line 3), Jessie works without problems. |
| Tags | No tags attached. |
|
| Attached Files |  liveness_test.c [^] (1,730 bytes) 2010-06-28 19:10 [Show Content] [Hide Content]
// uncomment to demonstrate crash:
#define loopAssignsStruct
typedef int timeT;
typedef int speedT;
typedef int bool;
#define true ((bool)1)
#define false ((bool)0)
#define endOfTime 0x000fffff
/*@ ensures *sp < \old(*sp);
assigns \nothing;
//assigns *sp;
*/
extern void doBrake(speedT *sp);
/*@ ensures \result == true || \result == false;
assigns \nothing;
*/
extern bool boolSensorValue(void);
/*@
requires \valid(emState);
requires \valid(sp);
assigns *emState;
ensures emButton ==> *emState;
ensures !emButton && *sp == 0 ==> !*emState;
*/
void handleEmergency(
bool emButton,
bool *emState,
speedT *sp)
{
if (emButton) {
*emState = true;
} else if (*sp == 0) {
*emState = false;
}
if (*emState)
doBrake(sp);
}
struct _state {
speedT speed;
bool emState;
bool emButton;
};
struct _state hist[endOfTime];
/*@ ensures \forall timeT t1; hist[t1].emButton
==> \exists timeT t2; t2 >= t1 && hist[t2].speed == 0;
*/
void main(void)
{
timeT t;
speedT speed;
bool emState;
bool emButton;
emState = false;
#ifdef loopAssignsStruct
/*@ loop variant endOfTime - t;
loop invariant 0 <= t <= endOfTime;
loop invariant emButton ==> emState;
loop assigns emButton,emState,speed,hist[t];
*/
#else
/*@ loop variant endOfTime - t;
loop invariant 0 <= t <= endOfTime;
loop invariant emButton ==> emState;
loop assigns emButton,emState,speed,
hist[t].speed,hist[t].emState,hist[t].emButton;
*/
#endif
for (t=0; t<endOfTime; ++t) {
emButton = boolSensorValue();
handleEmergency(emButton,&emState,&speed);
hist[t].speed = speed;
hist[t].emState = emState;
hist[t].emButton = emButton;
}
}
|
|
Relationships 
Relationships