From 41235626f217d3625e482cfe0aaae2f6d27d6741 Mon Sep 17 00:00:00 2001
From: Andre Maroneze <andre.oliveiramaroneze@cea.fr>
Date: Fri, 2 Oct 2015 17:00:07 +0200
Subject: [PATCH] [Value] new str* builtins
---
src/plugins/value/builtins_nonfree.ml | 708 -------
src/plugins/value/builtins_nonfree_string.ml | 1553 ++++++++++++++
src/plugins/value/builtins_nonfree_string.mli | 17 +
tests/non-free/cmp.c | 9 -
tests/non-free/memchr.c | 575 ++++++
tests/non-free/memcmp.c | 46 -
tests/non-free/oracle/memchr.err.oracle | 0
tests/non-free/oracle/memchr.res.oracle | 1775 +++++++++++++++++
tests/non-free/oracle/strchr.err.oracle | 0
tests/non-free/oracle/strchr.res.oracle | 1497 ++++++++++++++
tests/non-free/oracle/strlen.res.oracle | 483 ++++-
tests/non-free/oracle/strnlen.res.oracle | 3 +-
tests/non-free/oracle/strnlen2.err.oracle | 0
tests/non-free/oracle/strnlen2.res.oracle | 920 +++++++++
tests/non-free/strchr.c | 469 +++++
tests/non-free/strcmp.c | 127 --
tests/non-free/strlen.c | 262 ++-
tests/non-free/strnlen2.c | 508 +++++
18 files changed, 8007 insertions(+), 945 deletions(-)
create mode 100644 src/plugins/value/builtins_nonfree_string.ml
create mode 100644 src/plugins/value/builtins_nonfree_string.mli
delete mode 100644 tests/non-free/cmp.c
create mode 100644 tests/non-free/memchr.c
delete mode 100644 tests/non-free/memcmp.c
create mode 100644 tests/non-free/oracle/memchr.err.oracle
create mode 100644 tests/non-free/oracle/memchr.res.oracle
create mode 100644 tests/non-free/oracle/strchr.err.oracle
create mode 100644 tests/non-free/oracle/strchr.res.oracle
create mode 100644 tests/non-free/oracle/strnlen2.err.oracle
create mode 100644 tests/non-free/oracle/strnlen2.res.oracle
create mode 100644 tests/non-free/strchr.c
delete mode 100644 tests/non-free/strcmp.c
create mode 100644 tests/non-free/strnlen2.c
diff --git a/src/plugins/value/builtins_nonfree.ml b/src/plugins/value/builtins_nonfree.ml
index 3c7f3f2aaa5..daf6c297de7 100644
--- a/src/plugins/value/builtins_nonfree.ml
+++ b/src/plugins/value/builtins_nonfree.ml
@@ -24,8 +24,6 @@ let dkey = Value_parameters.register_category "imprecision"
exception Base_aligned_error
exception Found_misaligned_base
-let two61 = Integer.two_power_of_int 61
-
let frama_C_is_base_aligned state actuals =
try begin
match actuals with
@@ -728,712 +726,6 @@ let frama_c_memset state actuals =
let () = register_builtin "Frama_C_memset" frama_c_memset
-
-(* strlen builtin *)
-exception Abort_to_top
-
-let is_init v =
- Cvalue.V_Or_Uninitialized.is_initialized v
-
-let singleton_eight = Ival.inject_singleton Int.eight
-
-let abstract_strlen ~max ~emit_alarm str state =
- (* Checks whether the call to strlen would provoke a rte:
- Calls emit_alarm (e.g. to emit \valid_string(...)) if anything at all
- is wrong.
- Returns top_int in most complicated cases
- (e.g. too many offsets to consider)
- *)
- Value_parameters.debug "string offsetmap is %a"
- Location_Bytes.pretty str ;
- let with_alarms =
- let emit = { CilE.a_log = false; CilE.a_call = emit_alarm } in
- { CilE.imprecision_tracing = CilE.a_ignore;
- defined_logic = emit;
- unspecified = emit;
- others = emit;
- }
- in
- let value =
- try
- match str with
- | Location_Bytes.Top(_,_) ->
- emit_alarm();
- Ival.top
- | Location_Bytes.Map m ->
- let do_one_offsetmap base ival =
- (* The right way to do it would be:
- start from min of ival,
- accumulate and do some work when crossing start of next ival value.
- If bottoming, start again from next ival value.
- The current implementation has subpar complexity (Ival.fold_enum).
- *)
- Value_parameters.debug "Base %a" Base.pretty base;
- Value_parameters.debug "Ival is %a" Ival.pretty ival ;
- let validity = Base.validity base in
- match Cvalue.Model.find_base_or_default base state with
- | `Bottom -> Ival.bottom
- | `Top -> raise Abort_to_top
- | `Map offsetmap ->
- Value_parameters.debug "omap is %a"
- Cvalue.V_Offsetmap.pretty offsetmap;
- let val_strlen =
- Ival.fold_enum
- (* does nothing for ival *)
- (fun ival acc_val ->
- let rival = ref (Ival.scale Int.eight ival) in
- let offset = ref Int.zero in
- let continue = ref true in
- let racc = ref acc_val in
- while !continue && Int.lt !offset max do
- let alarm, v =
- Cvalue.V_Offsetmap.find
- ~validity ~offsets:!rival ~size:Int.eight offsetmap
- in
- if alarm then Valarms.warn_mem_read with_alarms;
- Value_parameters.debug "find_ival(8) on %a returns %a"
- Ival.pretty !rival
- Cvalue.V_Or_Uninitialized.pretty v ;
- if not (is_init v) then
- begin
- Value_parameters.debug "Uninitialized: end of string" ;
- racc :=
- Ival.join !racc
- (Ival.inject_singleton !offset)
- end
- else
- begin
- let v' = Cvalue.V_Or_Uninitialized.get_v v in
- if Cvalue.V.is_bottom v' then (
- continue := false ;
- Value_parameters.debug
- "continue set to false because invalid address"
- )
- else (
- let iv =
- try
- V.project_ival v'
- with V.Not_based_on_null ->
- Value_parameters.warning ~current:true
- "buffer contains addresses %a@." V.pretty v';
- emit_alarm();
- raise Abort_to_top
- in
- begin
- if (Ival.is_zero iv) then (
- Value_parameters.debug "Is_zero: rmax init";
- racc :=
- Ival.join !racc
- (Ival.inject_singleton !offset) ;
- continue := false;
- ) else if not(Ival.contains_zero iv) then (
- Value_parameters.debug "No_zero: rmin init";
- ) else (
- Value_parameters.debug "Neither: rmin init";
- racc :=
- Ival.join !racc
- (Ival.inject_singleton !offset)
- )
- end
- )
- end;
-
- if !continue then (
- rival := Ival.add_int singleton_eight !rival;
- offset := Int.succ !offset
- )
- done;
- let racc = !racc in
- let racc =
- if Int.ge !offset max
- then Ival.join racc (Ival.inject_singleton max)
- else racc
- in
- let nacc = Ival.join acc_val racc in
- Value_parameters.debug "nacc = %a" Ival.pretty nacc ;
- nacc
- ) ival Ival.bottom
- in
- Value_parameters.debug "val_strlen = %a"
- Ival.pretty val_strlen ;
- val_strlen
- in
- let accumulate_one_offsetmap base ival acc =
- Ival.join acc (do_one_offsetmap base ival)
- in
- let computed_strlen =
- Cvalue.V.M.fold accumulate_one_offsetmap m Ival.bottom
- in
- Value_parameters.debug" size is %a" Ival.pretty computed_strlen ;
- computed_strlen
- with
- | Abort_to_top
- | Ival.Error_Top (* from fold_enum *) -> Ival.top
- in
- value
-
-let frama_c_strlen state actuals =
- if Value_parameters.ValShowProgress.get () then
- Value_parameters.feedback ~current:true "Call to builtin strlen(%a)%t"
- pretty_actuals actuals Value_util.pp_callstack;
- match actuals with
- | [ exp_str, str, _ ] ->
- let notyet = ref true in
- let emit_alarm () =
- if !notyet
- then begin
- notyet := true;
- Valarms.set_syntactic_context (Valarms.SyUnOp exp_str) ;
- Valarms.warn_valid_string (warn_all_quiet_mode ())
- end
- in
- let value =
- abstract_strlen ~max:two61 ~emit_alarm str state
- in
- if Ival.is_bottom value
- then
- { Value_types.c_values = [ None, Cvalue.Model.bottom];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- else
- { Value_types.c_values =
- [ Eval_op.wrap_size_t (V.inject_ival value), state ];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- | _ ->
- raise Db.Value.Aborted
-
-let () = register_builtin "Frama_C_strlen" frama_c_strlen
-
-let frama_c_strnlen state actuals =
- if Value_parameters.ValShowProgress.get () then
- Value_parameters.feedback ~current:true "Call to builtin strnlen(%a)%t"
- pretty_actuals actuals Value_util.pp_callstack;
- let notyet = ref true in
- let emit_alarm () =
- if !notyet
- then begin
- notyet := false;
- Value_parameters.warning ~once:true ~current:true "assert (string valid up to n)";
- end
- in
- try
- ( match actuals with
- | [ (_exp_str, str, _); (_, n, _) ] ->
- let n = V.project_ival n in
- let max = Extlib.the (Ival.max_int n) in
- let value = abstract_strlen ~max ~emit_alarm str state in
- if Ival.is_bottom value
- then
- { Value_types.c_values = [ None, Cvalue.Model.bottom];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- else
- let rangevalue =
- Ival.inject_range (Some Int.zero) (Ival.max_int value)
- in
- let value = Ival.join value (Ival.narrow rangevalue n) in
- { Value_types.c_values =
- [ Eval_op.wrap_size_t (V.inject_ival value), state ];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- | _ ->
- raise Db.Value.Aborted)
- with
- V.Not_based_on_null (* from project_ival *) ->
- Value_parameters.warning ~once:true ~current:true
- "assert(no address in second argument of strnlen)";
- emit_alarm();
- { Value_types.c_values = [Eval_op.wrap_size_t V.top_int, state];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
-
-let () = register_builtin "Frama_C_strnlen" frama_c_strnlen
-
-(* str(n)cmp builtins *)
-
-let abstract_strcmp ~size ~signed ~min ~max ~emit_alarm
- str1 syn1 str2 syn2 state =
- (* Checks whether the call to strcmp respects the preconditions:
- Calls emit_alarm syn? (e.g. to emit \valid_string(...))
- if anything at all is wrong.
- Returns top_int in most complicated cases
- (e.g. too many offsets to consider)
- *)
- let make_with_alarms r =
- let emit = { CilE.a_log = false; CilE.a_call = r } in
- { CilE.imprecision_tracing = CilE.a_ignore;
- defined_logic = emit;
- unspecified = emit;
- others = emit;
- }
- in
- ( match str1, str2 with
- | Location_Bytes.Top _, _ | _, Location_Bytes.Top _ ->
- emit_alarm syn1;
- emit_alarm syn2;
- Ival.join Ival.minus_one Ival.zero_or_one
- | Location_Bytes.Map _, Location_Bytes.Map _ ->
- let negative_res = ref false in
- let positive_res = ref false in
- let zero_res = ref false in
- let min = ref min in
- let max = ref max in
- let warn1 = ref false in
- let warn2 = ref false in
- let set_warn1 () = warn1 := true in
- let set_warn2 () = warn2 := true in
- let with_alarms1 = make_with_alarms set_warn1 in
- let with_alarms2 = make_with_alarms set_warn2 in
- let locb1 = ref (Locations.loc_bytes_to_loc_bits str1) in
- let locb2 = ref (Locations.loc_bytes_to_loc_bits str2) in
- let size_size = Int_Base.inject size in
- let size_ival = Ival.inject_singleton size in
- while Int.gt !max Int.zero do
- let read_char_and_filter_0 warn with_alarms lobc
- (chars_acc, locb_acc as acc) =
- let loc = Locations.make_loc lobc size_size in
- let char = Eval_op.find ~with_alarms state loc in
- let char, address =
- Cvalue.V.split Base.null char
- in
- if not (Cvalue.V.is_bottom address) then warn := true;
- if Ival.is_bottom char
- then acc
- else begin
- let char = Ival.cast ~size ~signed ~value:char in
- Ival.join char chars_acc,
- if Ival.is_zero char
- then locb_acc
- else
- Location_Bits.join loc.Locations.loc locb_acc
- end
- in
- let acc = Ival.bottom, Location_Bits.bottom in
- let chars1, new_locb1 =
- Location_Bits.fold_enum
- (read_char_and_filter_0 warn1 with_alarms1)
- !locb1
- acc
- in
- let chars2, new_locb2 =
- Location_Bits.fold_enum
- (read_char_and_filter_0 warn2 with_alarms2)
- !locb2
- acc
- in
-(* Format.printf "iteration %a %a %a %a %B %B@."
- Ival.pretty chars1 Ival.pretty chars2
- Location_Bits.pretty new_locb1
- Location_Bits.pretty new_locb2
- !warn1 !warn2; *)
- if Ival.is_bottom chars1
- then begin
- (* alarm already scheduled for str1, but what about str2? *)
- if not !warn2
- then ignore(abstract_strlen ~max:!max ~emit_alarm:set_warn2
- str2 state);
- max := Int.minus_one (* exit loop immediately *)
- end
- else if Ival.is_bottom chars2
- then begin
- if not !warn1
- then ignore(abstract_strlen ~max:!max ~emit_alarm:set_warn1
- str1 state);
- max := Int.minus_one (* exit loop immediately *)
- end
- else
- let f min1 max1 min2 max2 =
- if Ival.compare_min_max min1 max2 < 0 then negative_res := true;
- if Ival.compare_min_max min2 max1 < 0 then positive_res := true;
- in
- Ival.compare_C f chars1 chars2;
-(* Format.printf "iteration--- pos:%B zero:%B neg:%B@."
- !positive_res !zero_res !negative_res; *)
- if not (Ival.intersects chars1 chars2)
- then begin
- (* check for well-formedness of the strings now since we
- aren't going to finish reading them *)
- (let max = !max in
- if not !warn1
- then ignore(abstract_strlen ~max ~emit_alarm:set_warn1 str1 state);
- if not !warn2
- then ignore(abstract_strlen ~max ~emit_alarm:set_warn2 str2 state));
- max := Int.minus_one (* exit loop immediately *)
- end
- else begin
- if Ival.contains_zero chars1 && Ival.contains_zero chars2
- then zero_res := true;
-
- if Location_Bits.is_bottom new_locb1
- then begin
- if not !warn2
- then ignore(abstract_strlen ~max:!max ~emit_alarm:set_warn2
- str2 state);
- max := Int.minus_one (* exit loop immediately *)
- end
- else if Location_Bits.is_bottom new_locb2
- then begin
- if not !warn1
- then ignore(abstract_strlen ~max:!max ~emit_alarm:set_warn1
- str1 state);
- max := Int.minus_one (* exit loop immediately *)
- end
- else begin
- (* continue the loop; prepare next iteration *)
- locb1 := Location_Bits.shift size_ival new_locb1;
- locb2 := Location_Bits.shift size_ival new_locb2;
- max := Int.pred !max;
- min := Int.pred !min;
- end
- end;
- done;
- if !warn1 then emit_alarm syn1;
- if !warn2 then emit_alarm syn2;
- let res =
- if !zero_res || Int.le !min Int.zero
- then Ival.zero
- else Ival.bottom
- in
- let res = if !positive_res then Ival.join Ival.one res else res in
- if !negative_res then Ival.join Ival.minus_one res else res)
-
-let frama_c_strcmp name ~size ~signed state actuals =
- if Value_parameters.ValShowProgress.get () then
- Value_parameters.feedback ~current:true "Call to builtin %s(%a)%t"
- name
- pretty_actuals actuals Value_util.pp_callstack;
- match actuals with
- | [ exp1, str1, _; exp2, str2, _ ] ->
- let emit_alarm str =
- Valarms.set_syntactic_context (Valarms.SyUnOp str) ;
- Valarms.warn_valid_string (warn_all_quiet_mode ())
- in
- let value =
- abstract_strcmp ~min:two61 ~max:two61 ~size ~signed
- ~emit_alarm str1 exp1 str2 exp2 state
- in
- if Ival.is_bottom value
- then
- { Value_types.c_values = [ None, Cvalue.Model.bottom];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- else
- { Value_types.c_values = [Eval_op.wrap_int (V.inject_ival value), state ];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- | _ ->
- raise Db.Value.Aborted
-
-let frama_c_wcscmp state actuals =
- let wchar = Cil.theMachine.Cil.wcharType in
- let signed = Cil.isSignedInteger wchar in
- let size = Int.of_int (Cil.bitsSizeOf wchar) in
- Value_parameters.warning ~once:true "wcscmp builtin untested and known to emit the wrong alarm";
- frama_c_strcmp "wcscmp" ~signed ~size state actuals
-
-let frama_c_strcmp =
- frama_c_strcmp "strcmp"
- ~signed:false (* C11 7.24.4:1 *) ~size:(Bit_utils.sizeofchar ())
-
-let () = register_builtin "Frama_C_wcscmp" frama_c_wcscmp
-let () = register_builtin "Frama_C_strcmp" frama_c_strcmp
-
-let frama_c_strncmp name ~size ~signed state actuals =
- if Value_parameters.ValShowProgress.get () then
- Value_parameters.feedback ~current:true "Call to builtin %s(%a)%t"
- name pretty_actuals actuals Value_util.pp_callstack;
- match actuals with
- | [ exp1, str1, _; exp2, str2, _; _, n, _ ] ->
- let notyet = ref true in
- let emit_alarm e =
- if !notyet
- then begin
- notyet := false;
- Value_parameters.warning ~once:true ~current:true
- "assert (string %a valid up to n)" Printer.pp_exp e;
- end
- in
- let n = V.project_ival n in
- let min = Extlib.the (Ival.min_int n) in
- let max = Extlib.the (Ival.max_int n) in
- let value =
- abstract_strcmp ~min ~max ~emit_alarm ~signed ~size
- str1 exp1 str2 exp2 state
- in
- if Ival.is_bottom value
- then
- { Value_types.c_values = [ None, Cvalue.Model.bottom];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- else
- { Value_types.c_values = [Eval_op.wrap_int (V.inject_ival value), state ];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- | _ ->
- raise Db.Value.Aborted
-
-let frama_c_wcsncmp state actuals =
- let wchar = Cil.theMachine.Cil.wcharType in
- let signed = Cil.isSignedInteger wchar in
- let size = Int.of_int (Cil.bitsSizeOf wchar) in
- Value_parameters.warning ~once:true "wcsncmp builtin untested and known to emit the wrong alarm";
- frama_c_strncmp "wcsncmp" ~signed ~size state actuals
-
-let frama_c_strncmp =
- frama_c_strncmp "strncmp"
- ~signed:false (* C11 7.24.4:1 *) ~size:(Bit_utils.sizeofchar ())
-
-let () = register_builtin "Frama_C_wcsncmp" frama_c_wcsncmp
-let () = register_builtin "Frama_C_strncmp" frama_c_strncmp
-
-(* memcmp builtin *)
-
-let int_hrange = Int.two_power_of_int (8 * Cil.theMachine.Cil.theMachine.sizeof_int -1)
-
-let int_neg_ival () =
- Ival.inject_range
- (Some (Int.neg int_hrange))
- (Some (Int.of_int (-1)))
-
-let int_pos_ival () =
- Ival.inject_range
- (Some Int.one)
- (Some (Int.pred int_hrange))
-
-let int_nonpos_ival () =
- Ival.inject_range
- (Some (Int.neg int_hrange))
- (Some Int.zero)
-
-let int_nonneg_ival () =
- Ival.inject_range
- (Some Int.zero)
- (Some (Int.pred int_hrange))
-
-let memcmp_ivals lival1 lival2 validity1 validity2 offsetmap1 offsetmap2 size =
- Ival.fold_enum
- (fun ival1 acc_val1 ->
- if (Cvalue.V.is_topint acc_val1) then raise Abort_to_top ;
- let rival1 = ref (Ival.mul ival1 (Ival.inject_singleton Int.eight)) in
- let val_cmp2 =
- Ival.fold_enum
- (fun ival2 acc_val2 ->
- if (Cvalue.V.is_topint acc_val2) then raise Abort_to_top ;
- let rival2 = ref (Ival.scale Int.eight ival2) in
- let offset = ref 0
- and continue = ref true
- and racc = ref acc_val2 in
- while(!continue && (!offset < size) && not (Cvalue.V.is_topint !racc)) do
-(*
- Value_parameters.feedback "reading at rival1=%a rival2=%a"
- Ival.pretty !rival1 Ival.pretty !rival2 ;
-*)
- let find ~validity ~offsets offm =
- match offm with
- | `Bottom -> true, V_Or_Uninitialized.bottom
- | `Top -> raise Abort_to_top
- | `Map m ->
- Cvalue.V_Offsetmap.find ~validity ~offsets ~size:Int.eight m
- in
- let _, v1 = find ~validity:validity1 ~offsets:!rival1 offsetmap1
- and _, v2 = find ~validity:validity2 ~offsets:!rival2 offsetmap2
- in
- if not (is_init v1 && is_init v2) then
- begin
- (* should be a runtime error: read uninitialized value *)
- Value_parameters.feedback
- "Frama_C_memcmp: potential rte (read uninit)" ;
- racc := Cvalue.V.top_int ;
- continue := false
- end
- else
- let w1 = Cvalue.V_Or_Uninitialized.get_v v1
- and w2 = Cvalue.V_Or_Uninitialized.get_v v2 in
- if (Cvalue.V.is_bottom w1) || (Cvalue.V.is_bottom w2) then (
- (* should be a runtime error: read out of bounds *)
- Value_parameters.feedback
- "Frama_C_rte: potential rte (read out of bounds)";
- racc := Cvalue.V.top_int ;
- continue := false
- ) else (
- let iv1 =
- Ival.cast ~size:Int.eight ~signed:false
- ~value:(Cvalue.V.project_ival w1)
- and iv2 =
- Ival.cast ~size:Int.eight ~signed:false
- ~value:(Cvalue.V.project_ival w2) in
- if (Ival.is_singleton_int iv1) && (Ival.is_singleton_int iv2) then (
- match Ival.min_int iv1, Ival.min_int iv2 with
- | Some u1, Some u2 ->
- let cmp = Abstract_interp.Int.compare u1 u2 in
- if (cmp < 0) then (
- continue := false ;
- racc :=
- Cvalue.V.inject_ival (int_neg_ival ())
- ) else if (cmp > 0) then (
- continue := false ;
- racc :=
- Cvalue.V.inject_ival (int_pos_ival ())
- ) (* else continue *)
- | _, _ -> assert false
- ) else
- let lower1,upper1 = Ival.min_and_max iv1
- and lower2,upper2 = Ival.min_and_max iv2 in
- match upper1,lower2 with
- | Some u, Some l ->
- let cmp = Abstract_interp.Int.compare u l in
- if cmp < 0 then (
- continue := false ;
- racc :=
- Cvalue.V.inject_ival (int_neg_ival ())
- ) else if (cmp = 0) then (
- racc :=
- Cvalue.V.inject_ival (int_nonpos_ival ())
- (* and continue *)
- ) else (
- match upper2, lower1 with
- | Some u, Some l ->
- let cmp = Abstract_interp.Int.compare u l in
- if (cmp < 0) then (
- continue := false;
- racc :=
- Cvalue.V.inject_ival (int_pos_ival ())
- ) else if (cmp = 0) then (
- racc :=
- Cvalue.V.inject_ival (int_nonneg_ival ())
- (* and continue *)
- ) else racc := Cvalue.V.top_int (* continue := false *)
- | _, _ -> assert false
- )
- | _, _ -> assert false
- )
- ;
- if !continue then (
- rival1 :=
- Ival.add_int
- (Ival.inject_singleton Int.eight)
- !rival1
- ;
- rival2 :=
- Ival.add_int
- (Ival.inject_singleton Int.eight)
- !rival2
- ;
- incr offset
- )
- done
- ;
- if Cvalue.V.is_bottom !racc then
- racc := Cvalue.V.inject_ival (Ival.zero)
- ;
- Cvalue.V.join acc_val2 !racc
- ) lival2 Cvalue.V.bottom
- in
- Cvalue.V.join acc_val1 val_cmp2
- ) lival1 Cvalue.V.bottom
-
-let frama_c_memcmp state actuals =
- let compute (exp_fst,fst,_) (_exp_snd,snd,_) (exp_size,size,_) =
- if Value_parameters.ValShowProgress.get () then
- Value_parameters.feedback ~current:true "Call to builtin memcmp(%a)%t"
- pretty_actuals actuals Value_util.pp_callstack;
- if V.equal size V.singleton_zero
- then
- { Value_types.c_values = [Eval_op.wrap_int V.singleton_zero, state];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- else
- try
- let plevel = Value_parameters.ArrayPrecisionLevel.get() in
- let _with_alarms = warn_all_quiet_mode () in
- let size =
- try
- V.project_ival size
- with V.Not_based_on_null ->
- Value_parameters.feedback ~current:true
- "Call to builtin memcmp(): address as size";
- raise Abort_to_top
- in
- let _min,max = Ival.min_and_max size in
- let max = match max with None -> assert false (* TODO *) | Some m -> m in
- let term_size = Logic_utils.expr_to_term ~cast:true exp_size in
- let array_fst = Logic_utils.array_with_range exp_fst term_size in
- Valarms.set_syntactic_context (Valarms.SyMemLogic array_fst);
- let val_cmp = (
- match fst, snd with
- | Cvalue.V.Top(_,_), _
- | _, Cvalue.V.Top(_,_) -> Cvalue.V.top_int
- | Cvalue.V.Map m1, Cvalue.V.Map m2 ->
- Cvalue.V.M.fold
- (fun base1 ival1 acc1 ->
- if Cvalue.V.is_topint acc1 then raise Abort_to_top ;
- let validity1 = Base.validity base1 in
- let offsetmap1 =
- Cvalue.Model.find_base_or_default base1 state
- in
- let val_cmp0 =
- Cvalue.V.M.fold
- (fun base2 ival2 acc2 ->
- if (Cvalue.V.is_topint acc2) then raise Abort_to_top ;
- let validity2 = Base.validity base2 in
- let offsetmap2 =
- Cvalue.Model.find_base_or_default base2 state
- in
- let val_cmp1 =
- if Int.compare max (Int.of_int plevel) > 0 then
- raise Abort_to_top
- else
- memcmp_ivals ival1 ival2
- validity1 validity2
- offsetmap1 offsetmap2
- (Int.to_int max)
- in Cvalue.V.join acc2 val_cmp1
- ) m2 Cvalue.V.bottom
- in Cvalue.V.join acc1 val_cmp0
- ) m1 Cvalue.V.bottom
- )
- in
- { Value_types.c_values = [Eval_op.wrap_int val_cmp, state];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- with
- Abort_to_top
- | Ival.Error_Top (* from fold_enum *) ->
- { Value_types.c_values = [Eval_op.wrap_int V.top_int, state];
- c_clobbered = Base.SetLattice.bottom;
- c_cacheable = Value_types.Cacheable;
- }
- in
- try
- match actuals with
- | [fst; snd; size] ->
- compute fst snd size
- | _ -> raise Db.Value.Outside_builtin_possibilities
- with
- | Db.Value.Outside_builtin_possibilities ->
- Value_parameters.result
- "Invalid call to Frama_C_memcmp builtin %a%t"
- pretty_actuals actuals Value_util.pp_callstack;
- raise Db.Value.Outside_builtin_possibilities
- | Db.Value.Aborted ->
- Value_parameters.error
- "Invalid call to Frama_C_memcmp%a" pretty_actuals actuals;
- raise Db.Value.Aborted
-
-let () = register_builtin "Frama_C_memcmp" frama_c_memcmp
-
let frama_c_interval_split state actuals =
try
begin match actuals with
diff --git a/src/plugins/value/builtins_nonfree_string.ml b/src/plugins/value/builtins_nonfree_string.ml
new file mode 100644
index 00000000000..b4601230c06
--- /dev/null
+++ b/src/plugins/value/builtins_nonfree_string.ml
@@ -0,0 +1,1553 @@
+(**************************************************************************)
+(* *)
+(* This file is part of Frama-C. *)
+(* *)
+(* Copyright (C) 2007-2015 *)
+(* CEA (Commissariat à l'énergie atomique et aux énergies *)
+(* alternatives) *)
+(* *)
+(* All rights reserved. *)
+(* Contact CEA LIST for licensing. *)
+(* *)
+(**************************************************************************)
+
+open Abstract_interp
+open Locations
+open Value_util
+
+(* Key used for logging everything related to str-builtins (not only strlen)*)
+let dkey = Value_parameters.register_category "strlen"
+
+(* for debugging *)
+(*let callstack_base = ref 0
+let reset_callstack_base () =
+ let len = Printexc.raw_backtrace_length (Printexc.get_callstack 999) in
+ callstack_base := len
+let get_callstack_depth () : int =
+ Printexc.raw_backtrace_length (Printexc.get_callstack 999) - !callstack_base*)
+let fpf s =
+ (*the callstack length can be used to indent debugging messages*)
+ (*let prefix = String.make (get_callstack_depth ()) ' ' in*)
+ Value_parameters.printf ~dkey s
+
+module I (* alias for Integer, for better readability *) = struct
+ let ( = ) = Integer.equal
+ let ( <> ) x y = not (Integer.equal x y)
+ let ( < ) = Integer.lt
+ let ( > ) = Integer.gt
+(* let ( <= ) = Integer.le*)
+ let ( >= ) = Integer.ge
+ let ( + ) = Integer.add
+ let ( - ) = Integer.sub
+ let ( * ) = Integer.mul
+ let ( / ) = Integer.pos_div
+ let ( % ) = Integer.pos_rem
+ let zero = Integer.zero
+ let one = Integer.one
+ let minus_one = Integer.minus_one
+ let eight = Integer.eight
+ let succ = Integer.succ
+ let pred = Integer.pred
+ let of_int = Integer.of_int
+ let min = Integer.min
+ let max = Integer.max
+ (* Returns the minimum value of an Ival. Requires a non-bottom Ival
+ having a bounded minimum value. *)
+ let the_min ival = Extlib.the (fst (Ival.min_and_max ival))
+ (* Returns the maximum value of an Ival. Requires a non-bottom Ival
+ having a bounded maximum value. *)
+(* let the_max ival = Extlib.the (snd (Ival.min_and_max ival))*)
+end
+
+module VU = Cvalue.V_Or_Uninitialized
+
+(* Init_status describes if a given byte is:
+ - always initialized or maybe initialized;
+ - always non-escaping or maybe escaping;
+ - always determinate or maybe indeterminate (out of bounds). *)
+module Init_status = struct
+ type t = {
+ maybe_uninit : bool;
+ maybe_esc : bool;
+ maybe_indet : bool;
+ }
+ let hash is = match is.maybe_uninit, is.maybe_esc, is.maybe_indet with
+ | false, false, false -> 3
+ | true, false, false -> 5
+ | false, true, false -> 7
+ | true, true, false -> 11
+ | false, false, true -> 13
+ | true, false, true -> 17
+ | false, true, true -> 19
+ | true, true, true -> 23
+ let bottom = { maybe_uninit = false; maybe_esc = false; maybe_indet = false }
+ let top = { maybe_uninit = true; maybe_esc = true; maybe_indet = true }
+ let join is1 is2 =
+ let maybe_uninit = is1.maybe_uninit || is2.maybe_uninit in
+ let maybe_esc = is1.maybe_esc || is2.maybe_esc in
+ let maybe_indet = is1.maybe_indet || is2.maybe_indet in
+ { maybe_uninit; maybe_esc; maybe_indet }
+ let narrow is1 is2 =
+ let maybe_uninit = is1.maybe_uninit && is2.maybe_uninit in
+ let maybe_esc = is1.maybe_esc && is2.maybe_esc in
+ let maybe_indet = is1.maybe_indet && is2.maybe_indet in
+ { maybe_uninit; maybe_esc; maybe_indet }
+
+ (* sets [maybe_indet] to true, without modifying the other flags *)
+ let may_indet is =
+ { maybe_uninit = is.maybe_uninit; maybe_esc = is.maybe_esc;
+ maybe_indet = true }
+
+ (* if [is] is currently "clean" (initialized/non-escaping), then
+ add [maybe_indet] as error, otherwise do not modify it. *)
+ let ensure_an_error is =
+ if not (is.maybe_uninit && is.maybe_esc) then may_indet is
+ else is
+
+ let pretty fmt is =
+ Format.fprintf fmt "%sINIT/%sESC%s"
+ (if is.maybe_uninit then "UN" else "")
+ (if is.maybe_esc then "" else "NO_")
+ (if is.maybe_indet then "/MAYBE_INDET" else "")
+
+ (* creates a new Init_status, copying flags from [vu] and with initial
+ [maybe_indet]. *)
+ let of_vu vu maybe_indet =
+ let maybe_uninit = not (VU.is_initialized vu) in
+ let maybe_esc = not (VU.is_noesc vu) in
+ { maybe_uninit; maybe_esc; maybe_indet }
+end
+module IS = Init_status
+
+(* Values used by [Found_status] to represent whether the searched character [c]
+ ('\0' in case of strlen/strnlen, any character in case of memchr),
+ Note that strchr needs to search both for the character [c] and the end of
+ the string, and distinguish between which one was found (TODO).
+ is present in a given byte:
+ - 1 means "contains [c]"
+ - 0 means "does not contain [c]"
+ - {0,1} means "may contain [c]"
+ - [Ival.bottom] is used for invalid (e.g. indeterminate) values. *)
+(*let maybe_val = Cvalue.V.zero_or_one
+let must_val = Cvalue.V.inject_ival Ival.one
+let none_val = Cvalue.V.inject_ival Ival.zero
+let invalid_val = Cvalue.V.inject_ival Ival.bottom*)
+
+(* [Found_status] resumes, for each byte, whether the searched
+ character is present (always/maybe/never/invalid access).
+ Used both for the searched character and the stop character
+ (esp. in strchr). *)
+module Found_status = struct
+ type t = Maybe | Must | Non | Invalid
+ let hash = function
+ | Maybe -> 7
+ | Must -> 11
+ | Non -> 13
+ | Invalid -> 17
+ let pretty fmt = function
+ | Maybe -> Format.fprintf fmt "Maybe"
+ | Must -> Format.fprintf fmt "Must"
+ | Non -> Format.fprintf fmt "Non"
+ | Invalid -> Format.fprintf fmt "Invalid"
+ let bottom = Invalid
+ let top = Maybe
+ let join fs1 fs2 = match fs1, fs2 with
+ | Maybe, _
+ | _, Maybe
+ | Must, Non -> Maybe
+ | Must, _
+ | _, Must -> Must
+ | Non, _
+ | _, Non -> Non
+ | Invalid, Invalid -> Invalid
+ let narrow fs1 fs2 = match fs1, fs2 with
+ | Invalid, _
+ | _, Invalid
+ | Must, Non -> Invalid
+ | Must, _
+ | _, Must -> Must
+ | Non, _
+ | _, Non -> Non
+ | Maybe, Maybe -> Maybe
+end
+module FS = Found_status
+
+(* [byte_status] resumes the initialization and found/not found status
+ for each byte in the simplified Bytecharmap. *)
+module Byte_status = struct
+ type t = { search_st: FS.t; stop_st: FS.t; init_st: IS.t }
+ let bottom = { search_st = FS.bottom; stop_st = FS.bottom; init_st = IS.bottom }
+ let top = { search_st = FS.top; stop_st = FS.top; init_st = IS.top }
+ let equal bs1 bs2 =
+ bs1.search_st = bs2.search_st
+ && bs1.stop_st = bs2.stop_st
+ && bs1.init_st = bs2.init_st
+ let join bs1 bs2 = {
+ search_st = FS.join bs1.search_st bs2.search_st;
+ stop_st = FS.join bs1.stop_st bs2.stop_st;
+ init_st = IS.join bs1.init_st bs2.init_st;
+ }
+ let is_included bs1 bs2 = equal (join bs1 bs2) bs2
+ let join_and_is_included bs1 bs2 =
+ let j = join bs1 bs2 in
+ j, equal j bs2
+ let narrow bs1 bs2 = {
+ search_st = FS.narrow bs1.search_st bs2.search_st;
+ stop_st = FS.narrow bs1.stop_st bs2.stop_st;
+ init_st = IS.narrow bs1.init_st bs2.init_st;
+ }
+ let hash bs =
+ 17 * FS.hash bs.search_st + 23 * FS.hash bs.stop_st + 31 * IS.hash bs.init_st
+ let pretty fmt bs =
+ Format.fprintf fmt "{search_st:%a,stop_st:%a,init_st:%a}"
+ FS.pretty bs.search_st FS.pretty bs.stop_st IS.pretty bs.init_st
+end
+module BS = Byte_status
+
+(* Datatype used to construct [Bytecharmap]. *)
+module Str_datatype = struct
+ (* Definitions for datatype *)
+ type t = Byte_status.t
+ let hash = Byte_status.hash
+ let name = "Str_datatype"
+ let rehash = Datatype.identity
+ let structural_descr = Structural_descr.t_abstract
+ let reprs = [Byte_status.bottom]
+ let equal t1 t2 = Byte_status.equal t1 t2
+ let compare t1 t2 = compare t1 t2
+ let copy = Datatype.identity
+ let internal_pretty_code _ _ _ = ()
+ let pretty = Byte_status.pretty
+ let varname t = "str_" ^ (Pretty_utils.sfprintf "%a" pretty t)
+ let mem_project _ _ = false
+end
+module type Str_lattice_sig = sig
+ type t
+ include Datatype.S with type t := t
+ include Lattice_type.Bounded_Join_Semi_Lattice with type t := t
+ include Lattice_type.With_Top with type t := t
+ include Lattice_type.With_Narrow with type t := t
+end
+module Str_lattice = struct
+ module M = Datatype.Make(Str_datatype)
+ include M
+ module BS = Byte_status
+ let join = BS.join
+ let is_included = BS.is_included
+ let join_and_is_included = BS.join_and_is_included
+ let bottom = BS.bottom
+ let top = BS.top
+ let narrow = BS.narrow
+end
+module SL = Str_lattice
+module Bytecharmap = Offsetmap.Make_bitwise(Str_lattice)
+
+(* converts bits to bytes, emitting a warning in case of inexact division. *)
+let bytes_of_bits ?inexact i =
+ if I.(i % eight <> zero) &&
+ match inexact with | Some b -> not b | None -> true then
+ (* message for debugging purposes motly, should not happen *)
+ Value_parameters.warning "bytes_of_bits: inexact division (%a / 8)"
+ Int.pretty i;
+ I.(i / eight)
+let bits_of_bytes i = I.(i * eight)
+let is_byte_aligned i = I.(i % eight = zero)
+
+(* Given a value from a bytecharmap, returns its found_status.
+ Special case for '\0' (more efficient, used by strlen/strnlen). *)
+let found_status_of_v_zero vu =
+ let cv = VU.get_v vu in
+ if Cvalue.V.is_bottom cv then FS.Invalid
+ else if (Cvalue.V.contains_zero cv) then
+ if (not (Cvalue.V.contains_non_zero cv)) then FS.Must
+ else FS.Maybe
+ else FS.Non
+
+(* Given a value from a bytecharmap, returns its byte_status.
+ Searches for the character(s) in [chr] (memchr). *)
+let found_status_of_v_char chr vu =
+ let cv = VU.get_v vu in
+ if Cvalue.V.is_bottom cv then FS.Invalid
+ else if Cvalue.V.intersects chr cv then
+ (* maybe or must *)
+ if Cvalue.V.cardinal_zero_or_one chr && Cvalue.V.equal chr cv then
+ FS.Must
+ else FS.Maybe
+ else FS.Non
+
+(* used to filter searched characters from stopping characters, for
+ better precision *)
+let found_status_of_bottom vu =
+ let cv = VU.get_v vu in
+ if Cvalue.V.is_bottom cv then FS.Invalid
+ else FS.Non
+
+let zero_zero_bs_of_vu vu : BS.t =
+ let search_st = found_status_of_v_zero vu in
+ let stop_st = found_status_of_bottom vu in
+(* let stop_st = found_status_of_v_zero vu in*)
+ let init_st = IS.of_vu vu false in
+ { BS.search_st; stop_st; init_st }
+
+let char_char_bs_of_vu chr vu : BS.t =
+ let search_st = found_status_of_v_char chr vu in
+ let stop_st = found_status_of_bottom vu in
+(* let stop_st = found_status_of_v_char chr vu in*)
+ let init_st = IS.of_vu vu false in
+ { BS.search_st; stop_st; init_st }
+
+let char_zero_bs_of_vu chr vu : BS.t =
+ let search_st = found_status_of_v_char chr vu in
+ let stop_st =
+ if Cvalue.V.equal chr Cvalue.V.singleton_zero then found_status_of_bottom vu
+ else found_status_of_v_zero vu
+ in
+ let init_st = IS.of_vu vu false in
+ { BS.search_st; stop_st; init_st }
+
+(*let bs_of_vu char_finder stop_finder vu : BS.t =
+ let search_st = char_finder vu in
+ let stop_st = stop_finder vu in
+ let init_st = IS.of_vu vu false in
+ { BS.search_st; stop_st; init_st }*)
+
+(* [add_byte_status validity offsets bs bcm] binds byte status [bs] to
+ offsets [offsets] in [bcm]. *)
+let add_byte_status ~validity offsets bs bcm =
+ let size = Int_Base.one in
+ let exact = true in
+ match Bytecharmap.add_binding_ival ~validity ~exact offsets ~size bs bcm with
+ | `Bottom -> assert false
+ | `Map m -> m
+
+(* Computes a [Bytecharmap.t] from a given base and its offsetmap.
+ The resulting map associates, to each byte offset in the base,
+ a status maybe/must/not indicating whether the searched character
+ can be found at that position.
+ [first_offset_bits] and [last_looked_bits] are an optimization:
+ instead of computing the map for the entire base, it is computed
+ only between these bits.
+ [base_end_bits] is used to compute the base length. *)
+let make_bytecharmap bs_of_vu_f base m first_offset_bits last_looked_bits base_end_bits =
+ let validity = Base.validity base in
+ (* last_looked_bits must be adjusted to be no larger than base_end_bits *)
+ let last_offset_bits = I.min last_looked_bits base_end_bits in
+ let base_size_bytes = bytes_of_bits I.(succ base_end_bits) in
+ let validitybyte (*validity/8*) = Base.Known (Int.zero, base_size_bytes) in
+ let bot = Bytecharmap.create ~size:base_size_bytes SL.bottom (* TODO *) in
+ Cvalue.V_Offsetmap.fold_between ~entire:false
+ (first_offset_bits, last_offset_bits)
+ (fun (range_start, range_end) (vu, size_bits, rel) acc ->
+ if is_byte_aligned range_start && is_byte_aligned I.(succ range_end) &&
+ ((is_byte_aligned (Obj.magic (*TODO*) rel) && is_byte_aligned size_bits
+ || I.(size_bits = one) )) then
+ begin (* linear in [size_bits] in some cases, or in [plevel] at most *)
+ if I.(size_bits = one) then (* isotropic value *)
+ let bs = bs_of_vu_f vu in
+ let offsets =
+ Ival.scale_div ~pos:true I.eight
+ (Ival.inject_range (Some range_start) (Some range_end))
+ in
+ add_byte_status ~validity:validitybyte offsets bs acc
+ else begin
+ let acc = ref acc in
+ let nb_bytes_val = I.(size_bits / eight) in
+ (* in this range of [nb_repeat] values, each composed of
+ [nb_bytes_val] bytes, write the first byte for each repetition
+ in the range, then the second byte, then the third, etc.
+
+ Example: the offsetmap below has three ranges, and we are
+ processing the second one (each underscore is a byte, values
+ are separated by vertical bars):
+
+ abc? abc? abc?
+ |________| |____|____|____| |____|____|
+ ^ ^
+ first_bit last_bit
+
+ This range has size 8 * 12 = 96 bits, composed of three
+ repetitions of the bytes "abc?" (where "?" is unknown).
+ The result we want in the end is the following, where
+ 'F' (for False) is "Non" and 'U' (for Unknown) is "Maybe":
+
+ FFFU FFFU FFFU
+ |________| |____|____|____| |____|____|
+ ^ ^
+ for i=0: start_byte stop_byte
+
+ ^ ^
+ for i=1: start_byte stop_byte
+
+ Each value occupies a single bit of the resulting bytecharmap.
+ In this example, [size_bits] equals 32, [nb_bytes_val] equals 4,
+ [range_end] equals [159] (64+95), [range_start] equals
+ [64] (159-95), [nb_repeat] equals 2 (truncated division;
+ it may be 0 if there are no repetitions), [start_byte] equals
+ 8, and [stop_byte] equals 16.
+
+ If nb_repeat is too high (above plevel), the result is
+ automatically approximated. *)
+ for i = 0 to (Int.to_int nb_bytes_val) - 1 do
+ let bs =
+ let cur_start_bits = I.(range_start + (of_int i * eight)) in
+ let offsets = Ival.inject_singleton cur_start_bits in
+ let _, vu =
+ Cvalue.V_Offsetmap.find ~validity ~offsets ~size:Int.eight m
+ in
+ bs_of_vu_f vu
+ in
+ let start_byte = I.(of_int i + range_start / eight) in
+ (* nb_repeat is intentionally truncating the division below
+ (may be 0). *)
+ let nb_repeat = I.((range_end -range_start) / size_bits) in
+ let stop_byte = I.(start_byte + nb_repeat * nb_bytes_val) in
+ let offsets =
+ Ival.inject_top (Some start_byte) (Some stop_byte)
+ (I.of_int i) nb_bytes_val
+ in
+ acc := add_byte_status ~validity:validitybyte offsets bs !acc
+ done;
+ !acc;
+ end
+ end
+ else begin (* code with bitfields; linear in the size of the range *)
+ let acc = ref acc in
+ for i = Int.to_int (bytes_of_bits ~inexact:true range_start) to
+ Int.to_int (bytes_of_bits ~inexact:true range_end)
+ do
+ let bs =
+ let cur_start_bits = I.(of_int i * eight) in
+ let offsets = Ival.inject_singleton cur_start_bits in
+ let _, vu =
+ Cvalue.V_Offsetmap.find ~validity ~offsets ~size:Int.eight m
+ in
+ bs_of_vu_f vu
+ in
+ let offsets = Ival.inject_singleton (I.of_int i) in
+ acc := add_byte_status ~validity:validitybyte offsets bs !acc
+ done;
+ !acc;
+ end
+ ) m bot
+
+(* Problems which can be diagnosed by str-related builtins. *)
+module Problem = struct
+ type t =
+ | Init of bool * Base.t
+ | Esc of bool * Base.t
+ | Indet of bool * Base.t
+ | Base of Base.t
+ | Misc of string
+
+ let pretty fmt = function
+ | Init (sure,_b) ->
+ Format.fprintf fmt "%suninitialized values"
+ (if sure then "" else "possible ")
+ | Esc (sure,_b) ->
+ Format.fprintf fmt "%sescaping addresses"
+ (if sure then "" else "possible ")
+ | Indet (sure,_b) ->
+ Format.fprintf fmt "%sreading indeterminate data"
+ (if sure then "" else "possibly ")
+ | Base base ->
+ Format.fprintf fmt "invalid base: %a" Base.pretty base
+ | Misc msg ->
+ Format.fprintf fmt "%s" msg
+
+ let weaken = function
+ | Init (_sure, base) -> Init(false, base)
+ | Esc (_sure, base) -> Esc(false, base)
+ | Indet (_sure, base) -> Indet(false, base)
+ | p -> p
+end
+
+module BaseMap = Map.Make(struct
+ type t = Base.t
+ let compare b1 b2 = Base.compare b1 b2
+ end)
+
+(* Builds a map from bases to offsets *)
+let basemap_of_locmap (m : Cvalue.V.M.t) : Ival.t BaseMap.t =
+ Cvalue.V.M.fold (fun base offs acc ->
+ BaseMap.add base offs acc
+ ) m BaseMap.empty
+
+let pp_problems fmt problems =
+ Format.fprintf fmt "@[%a:@.%a@]"
+ Printer.pp_location (Cil_const.CurrentLoc.get())
+ (Pretty_utils.pp_list ~pre:"@[" ~suf:"@]" ~sep:"@." Problem.pretty) problems
+
+let pp_problems_debug fmt problems =
+ Format.fprintf fmt "@[%a@]"
+ (Pretty_utils.pp_list ~pre:"@[" ~suf:"@]" ~sep:"@ " Problem.pretty) problems
+
+type exhausted_status = Maybe_exhausted of Int.t | Non_exhausted
+let pp_exh_st fmt = function
+ | Maybe_exhausted i -> Format.fprintf fmt "Maybe_exhausted(%a)" Int.pretty i
+ | Non_exhausted -> Format.fprintf fmt "Non_exhausted"
+let concatenate_exh es len opt_n_len =
+ match opt_n_len with
+ | None -> Non_exhausted
+ | Some n_len ->
+ assert (not (Ival.is_bottom n_len));
+ let n_min = Extlib.the (fst (Ival.min_and_max n_len)) in
+ if I.(len < n_min) then Non_exhausted
+ else
+ match es with
+ | Maybe_exhausted i -> Maybe_exhausted I.(i + len)
+ | Non_exhausted -> Maybe_exhausted len
+let join_exh es1 es2 = match es1, es2 with
+ | Maybe_exhausted i1, Maybe_exhausted i2 -> Maybe_exhausted (I.max i1 i2)
+ | Maybe_exhausted i, Non_exhausted
+ | Non_exhausted, Maybe_exhausted i -> Maybe_exhausted i
+ | Non_exhausted, Non_exhausted -> Non_exhausted
+
+module Base_res = struct
+ type t = {
+ vals: Ival.t;
+ char_fs: FS.t;
+ maybe_not_found: bool;
+ es: exhausted_status;
+ problems: Problem.t list;
+ }
+ let bottom = {vals = Ival.bottom; char_fs = FS.Invalid;
+ maybe_not_found = false; es = Non_exhausted; problems = []}
+ let join br1 br2 : t =
+ let vals = Ival.join br1.vals br2.vals in
+ let char_fs = FS.join br1.char_fs br2.char_fs in
+ let maybe_not_found = br1.maybe_not_found || br2.maybe_not_found in
+ let es = join_exh br1.es br2.es in
+ let problems = br1.problems @ br2.problems in
+ {vals; char_fs; maybe_not_found; es; (*has_null_result;*) problems}
+ let pretty fmt br =
+ Format.fprintf fmt "@[{vals:%a,fs:%a,es:%a,problems:%a}@]"
+ Ival.pretty br.vals FS.pretty br.char_fs
+ pp_exh_st br.es
+ pp_problems_debug br.problems
+end
+module BR = Base_res
+
+type bm_res_t = Base_res.t BaseMap.t
+
+(* Result of intermediate str-related functions.
+ [Maybe_ok(bounds,char_fs,maybe_found_stop,is)] indicates that there exists
+ at least one (possibly) valid result (including "not found").
+ [bounds] overapproximates the final result.
+ [char_fs] is summarizes the
+ presence of the searched character and is used by some callers.
+ [maybe_found_stop] is used to indicate, in the case where [bounds] is [None],
+ whether the stopping character has possibly been found *before* the searched
+ character (which implies a valid "not found" result).
+ [is] indicates the possibility of errors (initialization, dangligness,
+ invalid access).
+ [Never_ok(is)] indicates that no valid solution exists (the function always
+ fails). [is] contains the error(s) that occur (it should never be
+ [C_init_noesc] with [maybe_indet = false] in this case). *)
+type str_res_t =
+ | Maybe_ok of Ival.t (*bounds*)
+ * FS.t (*char_fs*)
+ * bool (*maybe_found_stop*)
+ * exhausted_status
+ * IS.t
+ | Never_ok of IS.t (* init_status; init/noesc with may_indet=false
+ is a nonsensical value here *)
+
+let pp_str_res_t fmt = function
+ | Maybe_ok (bounds,char_fs,maybe_found_stop,es,is) ->
+ Format.fprintf fmt "@[Maybe_ok(%a,%a,%b,%a,%a)@]" Ival.pretty bounds
+ FS.pretty char_fs maybe_found_stop pp_exh_st es IS.pretty is
+ | Never_ok (is) -> Format.fprintf fmt "@[Never_ok(%a)@]"
+ IS.pretty is
+
+let pp_opt_int_pair =
+ Pretty_utils.pp_opt (fun fmt (a,b) -> Format.fprintf fmt "@[%a,%a@]"
+ Int.pretty a Int.pretty b)
+
+(* Types and auxiliary functions related to the 'exact' function which computes,
+ for a single offset, the result of a search function on a given base.
+ This function is used as-is, in the case of a small set of offsets, and also
+ as first step of the imprecise, interval-based RTL search.
+ Note that the [n] argument of a limited-range search is not necessarily a
+ singleton. *)
+module Search_single_offset = struct
+ (* accumulator for [search] *)
+ type single_acc_t = {
+ zeroes: (Int.t * Int.t) option (* leftmost *possible* zero found so far,
+ and rightmost *possible* zero that is not
+ preceded by a definitive zero *);
+ maybe_found_stop: bool; (*maybe found stopping character BEFORE searched
+ character*)
+ is: IS.t;
+ fuel_left: (Int.t * Int.t) option (* None => unbounded fuel *);
+ }
+
+ let pp_acc_t fmt acc =
+ Format.fprintf fmt "@[{acc_singleton_t:zeroes=%a,fuel_left=%a,is=%a}@]"
+ pp_opt_int_pair acc.zeroes pp_opt_int_pair acc.fuel_left IS.pretty acc.is
+
+ (* Exceptions used to speed up the analysis:
+ - [Must_stop] indicates the either the searched character or the stopped
+ character have definitely been found, so the search may stop.
+ - [Maybe_no_fuel] indicates that the search cannot continue (either due to
+ reaching the end of the base, or due to a completely uninitialized value),
+ but at least one possible solution has been found.
+ - [Bottom_val] indicates that no possible solution has been found and the
+ search must stop. The only case where this does not lead to an error is
+ when a limited search (strnlen/memchr) has run out of "fuel" (and should
+ return the number of searched bytes). *)
+ exception Must_stop of (Int.t * Int.t) option (*bounds*)
+ * FS.t (*Found_status of searched character*)
+ * bool (*maybe_found_stop*)
+ * IS.t (*init status*)
+ exception Maybe_no_fuel of (Int.t * Int.t) option (*bounds*)
+ * bool (*maybe_found_stop*)
+ * Int.t (*rightmost contiguous valid byte*)
+ * IS.t
+ * bool (*maybe_had_fuel*)
+ exception Bottom_val of (Int.t * Int.t) option
+ * bool (*maybe_found_stop*)
+ * IS.t
+ * Int.t (*range_start*)
+
+ (* Initializes the fuel counters, converting unbounded fuel to a sufficiently
+ large (finite) value. *)
+ let init_fuel_from_n_len n_len max_looked_byte =
+ (* infinite_fuel is a value sufficiently high that should never reach zero
+ before the iteration ends *)
+ let infinite_fuel = Int.succ max_looked_byte in
+ match n_len with
+ | None -> None
+ | Some n ->
+ match Ival.min_and_max n with
+ | None, None -> Some (Int.zero, infinite_fuel)
+ | Some min, None -> Some (min, infinite_fuel)
+ | None, Some max -> Some (Int.zero, max)
+ | Some min, Some max -> Some (min, max)
+
+ (* Consumes [range_end - range_start + 1] units of fuel, updating minimum and
+ maximum counters accordingly. Note that [min_fuel < 0] is OK, but
+ [max_fuel < 0] should never happen. *)
+ let consume_fuel fuel range_start range_end =
+ Extlib.opt_bind
+ (fun (min_f, max_f) ->
+ let new_min = I.(max (min_f - (range_end + one - range_start)) zero) in
+ let new_max = I.(max_f - (range_end + one - range_start)) in
+ if I.(new_max < zero) then assert false
+ else Some (new_min, new_max)
+ ) fuel
+
+ (* fuel = None => unbounded fuel (strlen, or strnlen with unbounded argument)
+ fuel = (Some n_min, Some n_max) =>
+ can look only up to [n_max] bytes (does not include offset),
+ and must look at least [n_min] bytes *)
+ (* Performs a left-to-right search starting at a fixed offset.
+ Takes into account a possibly variable and possibly unbounded amount of
+ fuel (search distance). *)
+ let search bytecharmap offset n_len max_looked_byte : str_res_t =
+ fpf "search (single offset): offset: %a, n_len: %a, max_looked_byte: %a"
+ Int.pretty offset (Pretty_utils.pp_opt Ival.pretty) n_len
+ Int.pretty max_looked_byte;
+ let fuel = init_fuel_from_n_len n_len max_looked_byte in
+ fpf "search (single offset): init_fuel = %a" pp_opt_int_pair fuel;
+ let init_acc = { zeroes = None; maybe_found_stop = false;
+ fuel_left = fuel; is = IS.bottom; }
+ in
+ (* Note: min and max bounds are computed using absolute values
+ (instead of relative ones) during the fold, and only at the end
+ they are converted into relative bounds. *)
+ try
+ let acc =
+ Bytecharmap.fold_itv ~direction:`LTR ~entire:false
+ (fun (range_start, range_end) bs acc ->
+ fpf " fold_itv in search (single offset): range_offsets: \
+ %a - %a, acc = %a, bs: %a" Int.pretty range_start
+ Int.pretty range_end pp_acc_t acc Str_datatype.pretty bs;
+ match bs.BS.search_st with
+ | FS.Invalid ->
+ (* this Invalid can only be due to initialization/dangligness;
+ check if min_fuel has been reached (for strnlen), to find out
+ which exception to raise *)
+ begin
+ assert (bs.BS.stop_st = FS.Invalid);
+ let maybe_found_stop = false in
+ match acc.fuel_left with
+ | Some (min_f, max_f) when I.(min_f = zero) ->
+ (* min fuel has been consumed, strnlen has valid results *)
+ raise (Maybe_no_fuel (acc.zeroes, maybe_found_stop,
+ I.(pred range_start),
+ IS.may_indet acc.is, I.(max_f > zero)))
+ | _ ->
+ (* unbounded or excess min fuel => sure error *)
+ fpf "reached end of base with excess fuel \
+ (fuel_left = %a, offset was %a, max_looked_byte %a): \
+ Bottom_val, acc: %a" pp_opt_int_pair acc.fuel_left
+ Int.pretty offset Int.pretty max_looked_byte pp_acc_t acc;
+ let maybe_found_stop = false in
+ raise (Bottom_val (acc.zeroes, maybe_found_stop,
+ acc.is, range_start))
+ end
+ | FS.Must ->
+ begin
+ (* searched character was found, and because it is prioritary,
+ maybe_found_stop is [Non] *)
+ let maybe_found_stop = false in
+ match acc.zeroes with
+ | None ->
+ raise (Must_stop
+ (Some (range_start, range_start), FS.Must,
+ maybe_found_stop, IS.join acc.is bs.BS.init_st))
+ | Some (lz, _rz) ->
+ raise (Must_stop
+ (Some (lz, range_start), FS.Must,
+ maybe_found_stop, IS.join acc.is bs.BS.init_st))
+ end
+ | FS.Non ->
+ begin
+ (* searched character not found, look for stopping character *)
+ match bs.BS.stop_st with
+ | FS.Must ->
+ fpf "found stopping character (must)!";
+ let maybe_found_stop = true in
+ raise (Must_stop (acc.zeroes, FS.Non, maybe_found_stop,
+ IS.join acc.is bs.BS.init_st))
+ | FS.Maybe ->
+ (* possible stop character; continue *)
+ { zeroes = acc.zeroes;
+ maybe_found_stop = true;
+ fuel_left = consume_fuel acc.fuel_left range_start range_end;
+ is = IS.join acc.is bs.BS.init_st }
+ | FS.Non ->
+ { zeroes = acc.zeroes;
+ maybe_found_stop = acc.maybe_found_stop;
+ fuel_left = consume_fuel acc.fuel_left range_start range_end;
+ is = IS.join acc.is bs.BS.init_st }
+ | FS.Invalid -> (* impossible case *) assert false
+ end
+ | FS.Maybe ->
+ let zeroes = match acc.zeroes with
+ | None -> (range_start, range_end)
+ | Some (lz, _rz) -> (lz, range_end)
+ in
+ (* searched character possibly not found, look for stop character *)
+ begin
+ match bs.BS.stop_st with
+ | FS.Must ->
+ fpf "found stopping character (must)!";
+ let maybe_found_stop = true in
+ (*TODO: more precise tests to rule out "maybe found char" *)
+ raise (Must_stop (Some zeroes, FS.Maybe, maybe_found_stop,
+ IS.join acc.is bs.BS.init_st))
+ | FS.Maybe ->
+ (* possible stop character; continue *)
+ { zeroes = Some zeroes;
+ maybe_found_stop = true;
+ fuel_left = consume_fuel acc.fuel_left range_start range_end;
+ is = IS.join acc.is bs.BS.init_st }
+ | FS.Non ->
+ { zeroes = Some zeroes;
+ maybe_found_stop = acc.maybe_found_stop;
+ fuel_left = consume_fuel acc.fuel_left range_start range_end;
+ is = IS.join acc.is bs.BS.init_st }
+ | FS.Invalid -> (* impossible case *) assert false
+ end
+ ) (offset, max_looked_byte) bytecharmap init_acc
+ in
+ match acc.fuel_left with
+ | Some (min_f, max_f) when I.(min_f = zero) ->
+ (* min fuel has been consumed *)
+ fpf "reached end of base, but no excess fuel acc: %a" pp_acc_t acc;
+ raise (Maybe_no_fuel (acc.zeroes, acc.maybe_found_stop, max_looked_byte,
+ acc.is, I.(max_f > zero)))
+ | _ ->
+ (* unbounded or excess fuel, but reached end of base => invalid access *)
+ fpf "reached end of base with excess fuel \
+ (fuel_left = %a, offset was %a, max_looked_byte %a): \
+ Bottom_val, acc: %a"
+ pp_opt_int_pair acc.fuel_left Int.pretty offset
+ Int.pretty max_looked_byte pp_acc_t acc;
+ raise (Bottom_val (acc.zeroes, acc.maybe_found_stop,
+ acc.is, I.succ max_looked_byte))
+ with
+ | Must_stop (zeroes, char_fs, maybe_found_stop, is) ->
+ (* certainly found the searched or stopping character, will stop searching *)
+ (* char_fs may be Must (if found searched character),
+ or Maybe/None (if found stopping character).
+ if char_fs = Maybe/None, then there is a possible "not found" result. *)
+ fpf "Must_stop";
+ let res_ival = match zeroes with
+ | None -> Ival.bottom
+ | Some (lz, rz) ->
+ Ival.inject_range (Some I.(lz - offset)) (Some I.(rz - offset))
+ in
+ Maybe_ok (res_ival, char_fs, maybe_found_stop, Non_exhausted, is)
+ | Maybe_no_fuel (zeroes, maybe_found_stop, rcvb, is, maybe_had_fuel) ->
+ fpf "Maybe_no_fuel, zeroes: %a, rightmost contiguous valid byte: %a, \
+ maybe_had_fuel: %b" pp_opt_int_pair zeroes Int.pretty rcvb
+ maybe_had_fuel;
+ begin
+ match zeroes with
+ | None -> (* strnlen with no zeroes: return max_n *)
+ fpf "strnlen with no zeroes (exhausted n_len)";
+ let res = Ival.bottom in
+ let exh_n = I.(rcvb - offset + one) in
+ let new_is = if maybe_had_fuel then IS.may_indet is else is in
+ let char_fs = FS.Non in
+ Maybe_ok (res, char_fs, maybe_found_stop, Maybe_exhausted exh_n, new_is)
+ | Some (lz, rz) ->
+ fpf "strnlen with zeroes (exhausted n_len)";
+ (* strnlen with zeroes: exhausted n_len *)
+ (* note: there may be holes between the previous max and the
+ n_len exhaustion, therefore they are added in separate steps
+ (a single inject_range would lose precision) *)
+ let min = I.(lz - offset) in
+ let max = I.(rz - offset) in
+ let bounds_without_exhaustion =
+ Ival.inject_range (Some min) (Some max)
+ in
+ let max_from_n = I.(rcvb - offset + one) in
+ fpf "max_from_n: %a (rcvb: %a, offset: %a)"
+ Int.pretty max_from_n Int.pretty rcvb Int.pretty offset;
+ let bounds = bounds_without_exhaustion
+ in
+ let new_is = if maybe_had_fuel then IS.may_indet is else is in
+ let char_fs = FS.Maybe in
+ Maybe_ok (bounds, char_fs, maybe_found_stop,
+ Maybe_exhausted max_from_n, new_is)
+ end
+ | Bottom_val (zeroes, maybe_found_stop, is, p) ->
+ fpf "Bottom_val, zeroes: %a, p: %a" pp_opt_int_pair zeroes Int.pretty p;
+ (* reached invalid value, either completely uninit/dangling,
+ or end of base, depending on the value of [is] *)
+ begin
+ (* if zeroes = None, then no valid value may be returned => sure error *)
+ match zeroes with
+ | None -> Never_ok (IS.ensure_an_error is)
+ | Some (lz, rz) ->
+ (* both valid and invalid values exist =>
+ return alarms + valid values *)
+ let min = I.(lz - offset) in
+ let max = I.(rz - offset) in
+ let char_fs = FS.Maybe in
+ Maybe_ok (Ival.inject_range (Some min) (Some max), char_fs,
+ maybe_found_stop, Non_exhausted, IS.may_indet is)
+ end
+
+ (* joins two accumulators *)
+ let join_acc acc r =
+ match acc, r with
+ | Maybe_ok (bounds1, char_fs1, maybe_found_stop1, es1, is1),
+ Maybe_ok (bounds2, char_fs2, maybe_found_stop2, es2, is2) ->
+ Maybe_ok (Ival.join bounds1 bounds2, FS.join char_fs1 char_fs2,
+ maybe_found_stop1 || maybe_found_stop2,
+ join_exh es1 es2, IS.join is1 is2)
+ | Maybe_ok (bounds, char_fs, maybe_found_stop, es, is1), Never_ok (is2)
+ | Never_ok (is2), Maybe_ok (bounds, char_fs, maybe_found_stop, es, is1) ->
+ fpf "join_by_offs: combining Never_ok and Maybe_ok";
+ (* discard invalid one, but add its errors as a possibility *)
+ Maybe_ok (bounds, char_fs, maybe_found_stop, es,
+ IS.ensure_an_error (IS.join is1 is2))
+ | Never_ok (is1), Never_ok (is2) -> Never_ok (IS.join is1 is2)
+
+ (* Wrapper for [search] which prepares the [max_looked_byte]
+ parameter and joins the result with the accumulator [acc].
+ Needed by strnlen, since [last_looked_byte] may be imprecise due to the
+ fact that max(n_len) may be unbounded. *)
+ let search_and_acc bytecharmap offset ?n_len last_looked_byte acc =
+ let actual_last_byte = match n_len with
+ | None -> (* no change *) last_looked_byte
+ | Some ival ->
+ begin
+ match Ival.max_int ival with
+ | None -> (* no change *) last_looked_byte
+ | Some max_n -> I.(min last_looked_byte (pred (offset + max_n)))
+ end
+ in
+ fpf "search_and_acc (offset: %a), n_len: {%a}, last_looked_byte: %a, \
+ ajusted last_looked_byte: %a" Int.pretty offset
+ (Pretty_utils.pp_opt Ival.pretty) n_len Int.pretty last_looked_byte
+ Int.pretty actual_last_byte;
+ let res = search bytecharmap offset n_len actual_last_byte in
+ let res' = join_acc acc res in
+ fpf "search_and_acc will return: %a" pp_str_res_t res';
+ res'
+
+end
+
+(* To efficiently perform a search in an interval of offsets,
+ we proceed from right to left, starting at the last offset to be searched. *)
+module Search_ranges = struct
+
+ (* Accumulator for the iterator of [search].
+ Information about previous/best bounds is necessary due to the possibility
+ of "holes" between ranges. For instance, consider the following
+ bytecharmap, where T/F/U stands for True/False/Unknown (Must/None/Maybe):
+
+ F U F T U F T
+ |_|_|_|_|_|_|_|
+ 1 2 3 4 5 6 7
+
+ Suppose we search among all offsets in that interval, starting from the right:
+
+ - offset 7: Must, therefore {min=0,max=0}
+ - offset 6: None, therefore {min=0,max=1}
+ - offset 5: Maybe, therefore {min=0,max=2}
+ - offset 4: Must, therefore {min=0,max=2}
+
+ When we arrive at offset 3 (None), we must know (1) whether we are part
+ of an unbroken sequence of None/Maybe (which would mean that [max] should
+ be incremented), and also (2) what is the length of the *current* sequence
+ of unbroken None/Maybe. Without both these numbers, we cannot know if
+ the current value for [max] should increase (because we are adding yet
+ another byte range to it) or should stay the same (if we have started a
+ new sequence which is not yet larger than the largest one previously
+ found).
+
+ Using [prev_min/prev_max] in complement to [best_min/best_max] gives us
+ the required information to correctly and precisely compute the
+ result of the function. *)
+ type range_acc_t = {
+ prev_min: Int.t option; (* minimum bound for previous range *)
+ best_min: Int.t option; (* minimum bound among all previous ranges *)
+ prev_max: Int.t option; (* maximum bound for previous range *)
+ best_max: Int.t option; (* maximum bound among all previous ranges *)
+ maybe_not_found: bool; (* whether there is a possible "not found" solution *)
+ is: IS.t; (* accumulated init_status *)
+ prev_es: exhausted_status;
+ best_es: exhausted_status;
+ }
+
+ let pp_acc fmt acc =
+ Format.fprintf fmt "@[{ranges_acc:prev_min=%a,best_min=%a,prev_max=%a,\
+ best_max=%a,init=%a,best_es=%a,prev_es=%a}@]"
+ (Pretty_utils.pp_opt Int.pretty) acc.prev_min
+ (Pretty_utils.pp_opt Int.pretty) acc.best_min
+ (Pretty_utils.pp_opt Int.pretty) acc.prev_max
+ (Pretty_utils.pp_opt Int.pretty) acc.best_max
+ IS.pretty acc.is pp_exh_st acc.prev_es pp_exh_st acc.best_es
+
+ let make_acc prev_min best_min prev_max best_max maybe_not_found is prev_es best_es =
+ { prev_min; best_min; prev_max; best_max;
+ maybe_not_found; is; prev_es; best_es }
+
+ let indet_acc is =
+ make_acc None None None None false (IS.ensure_an_error is)
+ Non_exhausted Non_exhausted
+
+ let update_acc acc prev_min best_min prev_max best_max maybe_not_found is prev_es best_es =
+ { prev_min; best_min; prev_max; best_max; maybe_not_found;
+ is = IS.join acc.is is; prev_es; best_es }
+
+ (* initializes the accumulator used by the search by ranges *)
+ let search_init bytecharmap ?n_len last_looked_byte offset_end : range_acc_t =
+ match
+ let res =
+ Search_single_offset.search bytecharmap offset_end n_len last_looked_byte
+ in
+ fpf "search (single offset) returned: %a" pp_str_res_t res;
+ res
+ with
+ | Never_ok (is) -> indet_acc is
+ | Maybe_ok (bounds, char_fs, maybe_found_stop, es, is) ->
+ begin
+ match char_fs with
+ | FS.Invalid -> indet_acc is
+ | FS.Must ->
+ let omin, omax = Ival.min_and_max bounds in
+ let min, max = Extlib.the omin, Extlib.the omax in
+ (* the string to the right surely starts with a zero *)
+ let init_min = Some min in
+ let init_max = Some max in (* first next char guaranteed to be '\0' *)
+ make_acc init_min init_min init_max init_max maybe_found_stop is es es
+ | FS.Maybe ->
+ let omin, omax = Ival.min_and_max bounds in
+ let min, max = Extlib.the omin, Extlib.the omax in
+ let init_min = Some min in
+ let init_max = Some max in (* first next char may not be a '\0' *)
+ make_acc init_min init_min init_max init_max maybe_found_stop is es es
+ | FS.Non ->
+ (* can only happen with strnlen or when only
+ a stopping character has been found *)
+ assert (n_len <> None || maybe_found_stop);
+ fpf "NOT small_set: Non";
+ make_acc None None None None maybe_found_stop is es es
+ end
+
+ (* Performs right-to-left traversal of the Bytecharmap representing the string,
+ accumulating resulting bounds and error messages along the way. *)
+ let search_rtl range_start range_end bs ?n_len acc =
+ let range_len = Int.length range_start range_end in
+ fpf "@[search_rtl: range: %a - %a (len %a), bs: %a, acc: %a@]"
+ Int.pretty range_start Int.pretty range_end Int.pretty range_len
+ Str_datatype.pretty bs pp_acc acc;
+ let maybe_found_stop = match bs.BS.stop_st with
+ | FS.Must | FS.Maybe -> true
+ | _ -> false
+ in
+ match bs.BS.search_st with
+ | FS.Invalid ->
+ assert (bs.BS.stop_st = FS.Invalid);
+ (*TODO: for strn*, distinguish between "sure" Invalid and "maybe" Invalid*)
+ fpf "got v = Invalid, setting alarm, will propagate best_es: %a"
+ pp_exh_st acc.best_es;
+ { prev_min = None; best_min = acc.best_min;
+ prev_max = None; best_max = acc.best_max;
+ maybe_not_found = acc.maybe_not_found || maybe_found_stop;
+ is = IS.may_indet bs.BS.init_st;
+ prev_es = Non_exhausted; best_es = acc.best_es }
+ | FS.Must ->
+ fpf "got v = Must, will propagate best_es: %a" pp_exh_st acc.best_es;
+ let new_min = Some Int.zero in
+ let new_max = Some Int.zero in
+ let new_best_min = new_min in
+ let new_best_max =
+ match acc.best_max with
+ | None -> new_max
+ | _ -> acc.best_max
+ in
+ let new_es = Non_exhausted (* override previous exhausted_status *) in
+ let best_es = acc.best_es in
+ (* searched character certainly found, so only propagates maybe_not_found *)
+ let maybe_not_found = acc.maybe_not_found in
+ update_acc acc new_min new_best_min new_max new_best_max
+ maybe_not_found bs.BS.init_st new_es best_es
+ | FS.Maybe ->
+ let new_min = Some Int.zero in
+ let new_max_val =
+ match acc.prev_max with
+ | None -> (* last valid characters before Invalid =>
+ final character in the range assumed to be '0' =>
+ exclude it from maximum length *)
+ Int.pred range_len
+ | Some prev_max -> Int.add range_len prev_max
+ in
+ let new_max = Some new_max_val in
+ let new_best_min = new_min in
+ let new_best_max =
+ match acc.best_max with
+ | None -> new_max
+ | Some old_max_val -> Some (I.max old_max_val new_max_val)
+ in
+ let new_es = concatenate_exh acc.prev_es range_len n_len in
+ let best_es = join_exh acc.best_es new_es in
+ (* maintain previous exhausted status if Maybe *)
+ fpf "got v = Maybe, best_es: %a" pp_exh_st best_es;
+ (* searched character possibly not found found, so join maybe_found_stop *)
+ let maybe_not_found = maybe_found_stop || acc.maybe_not_found in
+ update_acc acc new_min new_best_min new_max new_best_max
+ maybe_not_found bs.BS.init_st new_es best_es
+ | FS.Non ->
+ let new_min = Extlib.opt_map
+ (fun prev_min -> Int.add prev_min range_len) acc.prev_min
+ in
+ let new_max_val =
+ match acc.prev_max with
+ | None -> Int.zero (* arbitrary value, never used*)
+ | Some prev_max_val -> Int.add range_len prev_max_val
+ in
+ let new_max = Some new_max_val in
+ let new_best_min = acc.best_min in
+ let new_best_max =
+ match acc.best_max with
+ | None -> None
+ | Some old_max_val -> Some (I.max old_max_val new_max_val)
+ in
+ let new_es = concatenate_exh acc.prev_es range_len n_len in
+ let best_es = join_exh acc.best_es new_es in
+ fpf "got v = Non, new_es = %a, new best_es: %a"
+ pp_exh_st new_es pp_exh_st best_es;
+ (* searched character not found found, so join maybe_found_stop *)
+ let maybe_not_found = maybe_found_stop || acc.maybe_not_found in
+ update_acc acc new_min new_best_min new_max new_best_max
+ maybe_not_found bs.BS.init_st new_es best_es
+
+ (* Used by strnlen to adjust the returned bounds, according to [n_len].
+ Necessary because the simultaneous computation for several offsets/values of
+ [n_len] may result in a bound that is less precise than the initial value of
+ [n_len]. This function then adjusts both max and min bounds to avoid losing
+ precision. *)
+ let adjust_bounds min_bounds max_bounds n_len =
+ try
+ match n_len with
+ | None -> (* no change *) (min_bounds, max_bounds)
+ | Some ival ->
+ begin
+ let new_max = match Ival.max_int ival, max_bounds with
+ | None, None -> (* nothing to do: raise Exit to return simply None *)
+ raise Exit
+ | None, Some max_b -> (* no change *) max_b
+ | Some max_n, None -> (* replace None with new_max? *) I.pred max_n
+ | Some max_n, Some max_b ->
+ fpf "adjust_bounds: max_b: %a, max_n: %a"
+ Int.pretty max_b Int.pretty max_n;
+ I.(min max_b (I.pred max_n))
+ in
+ fpf "adjust_bounds: new_max = %a" Int.pretty new_max;
+ match min_bounds with
+ | None -> (None, Some new_max)
+ | Some old_min ->
+ (* adjust min to ensure it is <= max *)
+ Some I.(min old_min new_max), Some new_max
+ end
+ with
+ | Exit ->
+ min_bounds, max_bounds
+
+ (* [search bytecharmap offset_ival offset_start offset_end n_len last_looked_byte]
+ searches for a character in [bytecharmap], for all offsets in [offset_ival]
+ and up to all lengths in [n_len].
+ [offset_start], [offset_end] and [last_looked_byte] are optimizations to
+ avoid searching the entire offsetmap. *)
+ (* last_looked_byte is [base_len+1] for strlen,
+ or [max_offset + max_n] for strnlen.
+ For strnlen, max_looked_byte may be adjusted by Search_single.search_and_acc
+ to a more precise value. *)
+ let search bytecharmap offset_ival offset_start offset_end ?n_len last_looked_byte =
+ fpf "@[by_offset_ival: offset_ival: %a, offset_start: %a, offset_end: %a, \
+ last_looked_byte: %a@]" Ival.pretty offset_ival Int.pretty offset_start
+ Int.pretty offset_end Int.pretty last_looked_byte;
+ let res =
+ match offset_ival with
+ | Ival.Set a ->
+ (* more precise but less efficient version *)
+ let init_acc =
+ Maybe_ok (Ival.bottom, FS.Non, false, Non_exhausted, IS.bottom)
+ in
+ Array.fold_left (fun acc offset ->
+ (* for each given offset, adjust [last_looked_byte] if strnlen *)
+ let res = Search_single_offset.search_and_acc
+ bytecharmap offset ?n_len last_looked_byte acc
+ in
+ fpf "search with small set, cur offset: %a, res: %a "
+ Int.pretty offset pp_str_res_t res;
+ res
+ ) init_acc a
+ | _ -> (* less precise but more efficient version *)
+ fpf "by_offset_ival: not a small set!";
+ let init_acc =
+ search_init bytecharmap ?n_len last_looked_byte offset_end
+ in
+ fpf "search_init returned init_acc = %a" pp_acc init_acc;
+ let res_acc =
+ Bytecharmap.fold_itv ~direction:`RTL ~entire:false
+ (fun (range_start, range_end) bs acc ->
+ search_rtl range_start range_end bs ?n_len acc
+ ) (offset_start, (I.pred offset_end)) bytecharmap init_acc
+ in
+ fpf "res_acc = %a" pp_acc res_acc;
+ match res_acc.best_min, res_acc.best_max with
+ | Some _, Some _ ->
+ (* for strnlen, adjust bounds according to the [n] argument *)
+ let (adj_min, adj_max) =
+ adjust_bounds res_acc.best_min res_acc.best_max n_len
+ in
+ Maybe_ok (Ival.inject_range adj_min adj_max,
+ (*fs not used by caller*)FS.Maybe, res_acc.maybe_not_found,
+ res_acc.best_es, res_acc.is)
+ | _, _ ->
+ Never_ok (res_acc.is)
+ in
+ res
+
+end
+
+exception Top_res of Problem.t
+
+(* Searches base [base+offset_arg], for up to [n_len] characters. *)
+let search_by_base bs_of_vu_f base offset_arg ?n_len state :
+ Ival.t * FS.t * bool * exhausted_status * Problem.t list =
+ fpf "base: %a (validity: %a)" Base.pretty base Base.pretty_validity
+ (Base.validity base);
+ let offsetmap = Cvalue.Model.find_base_or_default base state in
+ match offsetmap with
+ | `Bottom -> (* possibly invalid base *)
+ (Ival.bottom, FS.Invalid, false, Non_exhausted, [Problem.Base base])
+ | `Top -> assert false
+ | `Map offsetmap ->
+ let base_end_bit = Int.pred (Int_Base.project (Base.bits_sizeof base)) in
+ let base_end_byte = bytes_of_bits ~inexact:true base_end_bit (*truncated*) in
+ let offset_start = Extlib.opt_conv Int.zero (Ival.min_int offset_arg) in
+ let offset_start_bit = bits_of_bytes offset_start in
+ let offset_end = Extlib.opt_conv base_end_byte (Ival.max_int offset_arg) in
+ let max_looked_bit =
+ match n_len with
+ | None -> base_end_bit
+ | Some n ->
+ begin
+ match Ival.max_int n with
+ | Some max_n ->
+ (* compute the last byte that is possibly examined; if [max_n] is 0,
+ the last looked byte is -1 (no byte is examined) *)
+ if I.(max_n = zero) then I.minus_one
+ else
+ (* look at bytes between [offset_end] and [offset_end+max_n-1] *)
+ let max_looked_byte = I.(pred (offset_end + max_n)) in
+ fpf "max_looked_byte (before max end_base): \
+ %a (offset_end: %a, max_n: %a)" Int.pretty max_looked_byte
+ Int.pretty offset_end Int.pretty max_n;
+ let max_looked_byte = min max_looked_byte base_end_byte in
+ fpf "max_looked_byte (after max end_base): %a"
+ Int.pretty max_looked_byte;
+ (* for each byte, bits 0 to 7 are examined *)
+ I.(bits_of_bytes max_looked_byte + (of_int 7))
+ | None -> (* fallback to base size *) base_end_bit
+ end
+ in
+ fpf "max_looked_bit: %a" Int.pretty max_looked_bit;
+ let max_looked_byte = bytes_of_bits ~inexact:true max_looked_bit in
+ (* adjust max_looked_byte for strlen() if needed
+ (may look past the end of the base) *)
+ let max_looked_byte =
+ if n_len = None then I.succ max_looked_byte else max_looked_byte
+ in
+ fpf "max_looked_byte (adjusted): %a" Int.pretty max_looked_byte;
+ (* convert to strlen-specific optimized bitwise offsetmap *)
+ let bytecharmap =
+ make_bytecharmap bs_of_vu_f base offsetmap offset_start_bit
+ max_looked_bit base_end_bit
+ in
+ fpf "bytecharmap: %a" Bytecharmap.pretty bytecharmap;
+
+ let res =
+ Search_ranges.search bytecharmap offset_arg offset_start offset_end
+ ?n_len max_looked_byte
+ in
+ fpf "by_offset_ival returned: %a" pp_str_res_t res;
+ match res with
+ | Never_ok (is) ->
+ let problems =
+ let prob_uninit =
+ if is.IS.maybe_uninit then [Problem.Init(true,base)] else []
+ in
+ let prob_esc =
+ if is.IS.maybe_esc then [Problem.Esc(true,base)] else []
+ in
+ let prob_indet =
+ if is.IS.maybe_indet then [Problem.Indet(true,base)] else []
+ in
+ prob_uninit @ prob_esc @ prob_indet
+ in
+ (Ival.bottom, FS.Invalid, false, Non_exhausted, problems)
+ | Maybe_ok (bounds, char_fs, maybe_found_stop, es, is(* maybe_indet*)) ->
+ (* special case: bounds is bottom, despite "Maybe_ok" =>
+ due to initialization (should only happen with an empty base) *)
+ if Ival.is_bottom bounds && es = Non_exhausted then
+ (Ival.bottom, FS.Invalid, maybe_found_stop, es,
+ [Problem.Indet(true,base)])
+ else
+ let problems =
+ let prob_uninit = if is.IS.maybe_uninit then
+ [Problem.Init(false,base)] else []
+ in
+ let prob_esc = if is.IS.maybe_esc then
+ [Problem.Esc(false,base)] else []
+ in
+ let prob_indet = if is.IS.maybe_indet then
+ [Problem.Indet(false,base)] else []
+ in
+ prob_uninit @ prob_esc @ prob_indet
+ in
+ (bounds, char_fs, maybe_found_stop, es, problems)
+
+(* Searches the pointer(s) [base+offs] for a given char
+ (according to [bs_of_vu_f]), possibly up to the length given by [n_ival].
+ If the [n] argument of the original function contains a small set,
+ then this function is called several times with a singleton value each time.
+ Otherwise, it is called once with a non-singleton interval.
+ [filter_n] indicates whether an upper bound equal to [n] must be filtered
+ (memchr: yes, strnlen: no).
+ [acc_res] and [acc_probs] contain the accumulated result
+ and list of warnings. *)
+let search_by_base_wrapper bs_of_vu_f state base offs ?n_ival ~include_exh () :
+ Base_res.t =
+ fpf "fold base(%a, offset %a)"
+ Base.pretty base Ival.pretty offs;
+ let (vals, char_fs, maybe_not_found, es, problems) =
+ search_by_base bs_of_vu_f base offs state ?n_len:n_ival
+ in
+ let vals' = if include_exh then
+ match es with
+ | Non_exhausted -> vals
+ | Maybe_exhausted i_exh ->
+ fpf "maybe exhausted, adding %a to vals (before filter): %a"
+ Int.pretty i_exh Ival.pretty vals;
+ let new_max =
+ match n_ival with
+ | Some n' ->
+ if not (Ival.is_bottom n') then
+ let max_n = Extlib.the (snd (Ival.min_and_max n')) in
+ I.(min i_exh max_n)
+ else i_exh
+ | None -> i_exh
+ in
+ let new_vals = Ival.join vals (Ival.inject_singleton new_max) in
+ fpf "filtered Maybe_exhausted: new_max: %a, new_vals: %a"
+ Int.pretty new_max Ival.pretty new_vals;
+ new_vals
+ else vals
+ in
+ let base_res = {BR.vals = vals'; char_fs; maybe_not_found; es; problems } in
+ fpf "@[base_res: %a, n_ival: %a@]" BR.pretty base_res
+ (Pretty_utils.pp_opt Ival.pretty) n_ival;
+ (* non-intuitive comparison: [compare_max_int i1 i2] is > 0 if
+ i1 is *smaller* than i2 *)
+ if not (Ival.is_bottom base_res.BR.vals) then
+ begin
+ match Ival.max_int base_res.BR.vals,
+ Extlib.opt_bind Ival.max_int n_ival with
+ | Some max_res, Some max_n ->
+ if I.(max_res > max_n) then
+ let _ = Format.printf "ASSERTION FAILURE: max_res(%a) > max_n(%a)"
+ Int.pretty max_res Int.pretty max_n in
+ assert false
+ | _, _ -> ()
+ end;
+ fpf "search_by_base_wrapper will return: %a" BR.pretty base_res;
+ base_res
+
+(* searches for a character (according to function [bs_of_v_f]) inside string
+ [str], in a given [state]. Returns a mapping from bases to [Base_res.t]. *)
+(* Generic search function used by several built-ins.
+ [name] is the built-in name (used for error messages),
+ [n_ival] is used for built-ins having a length argument.
+ May raise [Top_res]. *)
+let search_char_n bs_of_vu_f name state ?n ~include_exh str : bm_res_t =
+ try
+ let str_map =
+ match str with
+ | Location_Bytes.Top(_, _) ->
+ raise (Top_res (Problem.Misc "string argument is too imprecise, \
+ cannot compute a useful result."))
+ | Location_Bytes.Map m -> m
+ in
+ let offs_map = basemap_of_locmap str_map in
+ let search_f = search_by_base_wrapper bs_of_vu_f state in
+ let bm_res =
+ match n with
+ | None ->
+ BaseMap.mapi
+ (fun base offs -> search_f base offs ~include_exh:false ()) offs_map
+ | Some n' ->
+ let n_ival_all = Cvalue.V.project_ival n' in
+ match n_ival_all with
+ | Ival.Set n_vals ->
+ (* small set: compute a precise result for each value and join then *)
+ BaseMap.mapi (fun base offs ->
+ Array.fold_left (fun acc_br cur_n ->
+ let cur_n = Ival.inject_singleton cur_n in
+ let base_res =
+ search_f base offs ~n_ival:cur_n ~include_exh ()
+ in
+ Base_res.join acc_br base_res
+ ) Base_res.bottom n_vals
+ ) offs_map
+ | Ival.Top _ ->
+ BaseMap.mapi (fun base offs ->
+ search_f base offs ~n_ival:n_ival_all ~include_exh ()
+ ) offs_map
+ | Ival.Float _ -> (*should not happen*)
+ raise (Invalid_argument "n argument contains float")
+ in
+ bm_res
+ with
+ | Cvalue.V.Not_based_on_null (* from project_ival on argument [n] *) ->
+ raise (Top_res (Problem.Misc
+ ("assert(no address in second argument of " ^ name ^ ")")))
+ | Ival.Error_Top ->
+ raise (Top_res (Problem.Misc "Ival.Error_Top"))
+
+(* Computes an offset from a list of pairs (base, offset).
+ Used by strlen and similar built-ins.
+ Returns a [Cvalue.V.t]. *)
+let offset_of_base_res_f (bm : bm_res_t) =
+ let computed_offset =
+ BaseMap.fold (fun _base base_res acc ->
+ Ival.join acc base_res.BR.vals) bm Ival.bottom
+ in
+ fpf "computed_offset: %a" Ival.pretty computed_offset;
+ Cvalue.V.inject_ival computed_offset
+
+type exhaustion_status =
+ | No_exhaustion
+ | Maybe_exhaustion
+ | Sure_exhaustion
+
+(* Computes a pointer from a list of pairs (base, offset).
+ Used by memchr and similar built-ins.
+ [n] is used by [memchr] (and similar built-ins) to know if, in
+ case of length exhaustion, NULL should be added to the list of possible
+ results. In case of definitive exhaustion, then NULL becomes the only
+ possible result.
+ Returns a [Cvalue.V.t]. *)
+let pointer_of_base_res_f ?n (bm : bm_res_t) =
+ fpf "pointer_of_base_res_f (n? %a)" (Pretty_utils.pp_opt Cvalue.V.pretty) n;
+ let maybe_not_found = ref false in
+ let may_return_null = ref false in
+ (* possible exhaustion of the length argument [n] is detected by
+ checking if the offset may contain any value in [n];
+ definitive exhaustion is detected when the minimum offset is
+ equal to the maximum [n]. *)
+ let exhaustion_status =
+ match n with
+ | None -> fun _offs -> No_exhaustion (* no length => never exhausted *)
+ | Some v ->
+ let n_ival = Cvalue.V.project_ival v in
+ fun offs ->
+ if Ival.is_bottom offs then (* filtered by filter_offs *) Sure_exhaustion
+ else
+ let min_offs = I.the_min offs in
+ let max_n = match Ival.min_and_max n_ival with
+ | _, None -> assert false
+ | _, Some max -> max
+ in
+ fpf "exhaustion (min_offs: %a, max_n: %a) ? %s"
+ Int.pretty min_offs Int.pretty max_n
+ (if I.(min_offs >= max_n) then "Sure" else
+ if Ival.intersects offs n_ival then "Maybe" else "No");
+ if I.(min_offs >= max_n) then Sure_exhaustion
+ else if Ival.intersects offs n_ival then Maybe_exhaustion
+ else No_exhaustion
+ in
+ let res =
+ BaseMap.fold (fun base base_res acc ->
+ if base_res.BR.maybe_not_found then maybe_not_found := true;
+ if base_res.BR.es <> Non_exhausted (*BR.has_null_result*) then
+ (fpf "base possibly exhausted (%a), may return null"
+ pp_exh_st base_res.BR.es;
+ may_return_null := true);
+ let offset_ival = base_res.BR.vals in
+ fpf "BaseMap.fold: iterating base %a, offset %a"
+ Base.pretty base Ival.pretty offset_ival;
+ if Ival.is_bottom offset_ival then acc
+ else
+ match exhaustion_status offset_ival with
+ | Sure_exhaustion ->
+ fpf "SURE exhaustion for base %a, offset_ival %a" Base.pretty base
+ Ival.pretty offset_ival;
+ may_return_null := true;
+ acc (* do not add this base *)
+ | Maybe_exhaustion ->
+ fpf "MAYBE exhaustion for base %a, offset_ival %a" Base.pretty base
+ Ival.pretty offset_ival;
+ may_return_null := true;
+ Cvalue.V.join acc (Cvalue.V.inject base offset_ival)
+ | No_exhaustion ->
+ fpf "NO exhaustion for base %a, offset_ival %a" Base.pretty base
+ Ival.pretty offset_ival;
+ Cvalue.V.join acc (Cvalue.V.inject base offset_ival)
+ ) bm Cvalue.V.bottom
+ in
+ if !may_return_null || !maybe_not_found then
+ let _ = fpf "joining null base" in
+ Cvalue.V.join res (Cvalue.V.inject Base.null Ival.zero)
+ else res
+
+type str_builtin_type =
+ | Search_zero_stop_zero
+ | Search_char_stop_char
+ | Search_char_stop_zero
+
+(* Wrapper for [search_char_n] which checks arguments
+ (according to [has_char] and [has_n]), calls [search_char_n],
+ prints the result and produces the output
+ (according to [is_ret_pointer]) *)
+let search_char_n_wrapper name state actuals ~print_call str_builtin_type ~has_n ~is_ret_pointer =
+ (*reset_callstack_base ();*)
+ if print_call && Value_parameters.ValShowProgress.get () then
+ Value_parameters.feedback ~current:true "Call to builtin %s(%a)%t"
+ name pretty_actuals actuals Value_util.pp_callstack;
+ fpf "=-=-=-=-=-= NEW CALL TO NEW_FRAMA_C_%s (%a) =-=-=-=-=-="
+ name Printer.pp_location (Cil_const.CurrentLoc.get());
+ (* prepare auxiliary function *)
+ let eval_op_wrapper =
+ if is_ret_pointer then Eval_op.wrap_ptr else Eval_op.wrap_int
+ in
+ try
+ let (_exp_str, str, _) = List.nth actuals 0 in
+ let has_char, bs_of_vu_f =
+ match str_builtin_type with
+ | Search_zero_stop_zero ->
+ false, zero_zero_bs_of_vu
+ | Search_char_stop_char ->
+ let (_exp_chr, chr, _) = List.nth actuals 1 in
+ true, char_char_bs_of_vu chr
+ | Search_char_stop_zero ->
+ let (_exp_chr, chr, _) = List.nth actuals 1 in
+ true, char_zero_bs_of_vu chr
+ in
+ let n =
+ if has_n then
+ let n_index = if has_char then 2 else 1 in
+ let (_exp_n, n', _) = List.nth actuals n_index in
+ Some n'
+ else None
+ in
+ (* prepare auxiliary function *)
+ let res_of_base_res_f =
+ if is_ret_pointer then (pointer_of_base_res_f ?n) else offset_of_base_res_f
+ in
+ let value, problems =
+ try
+ let bm = search_char_n bs_of_vu_f name state ?n
+ ~include_exh:(not is_ret_pointer) str
+ in
+ let problems = BaseMap.fold (fun _base base_res acc ->
+ acc @ base_res.BR.problems) bm []
+ in
+ res_of_base_res_f bm, problems
+ with
+ | Top_res prob ->
+ Cvalue.V.top_int, [prob]
+ in
+ (* In case at least one base has a valid result,
+ 'weaken' alarm messages ("possibly ...") *)
+ let problems = if not (Cvalue.V.is_bottom value) then
+ List.map Problem.weaken problems else problems
+ in
+ if problems <> [] then
+ Value_parameters.warning ~source:(fst (Cil_const.CurrentLoc.get()))
+ "built-in %s: %a" name (pp_problems) problems;
+ let res_c_value = if Cvalue.V.is_bottom value then
+ None, Cvalue.Model.bottom
+ else eval_op_wrapper value, state
+ in
+ { Value_types.c_values = [res_c_value];
+ c_clobbered = Base.SetLattice.bottom;
+ c_cacheable = Value_types.Cacheable;}
+ with
+ | Failure "nth" ->
+ let bt = Printexc.get_backtrace () in
+ fpf "UNCAUGHT EXCEPTION:@.%s" bt;
+ Value_parameters.error
+ "Invalid argument for Frama_C_%s function" name;
+ raise Db.Value.Aborted
+ | _ ->
+ let bt = Printexc.get_backtrace () in
+ fpf "UNCAUGHT EXCEPTION:@.%s" bt;
+ Value_parameters.error
+ "Invalid argument for Frama_C_%s function" name;
+ raise Db.Value.Aborted
+
+let frama_c_strlen state actuals =
+ search_char_n_wrapper "strlen" state actuals
+ ~print_call:true Search_zero_stop_zero ~has_n:false ~is_ret_pointer:false
+let () = Builtins.register_builtin "Frama_C_strlen" frama_c_strlen
+
+let frama_c_strnlen state actuals =
+ search_char_n_wrapper "strnlen" state actuals
+ ~print_call:true Search_zero_stop_zero ~has_n:true ~is_ret_pointer:false
+let () = Builtins.register_builtin "Frama_C_strnlen" frama_c_strnlen
+
+let frama_c_rawmemchr state actuals =
+ search_char_n_wrapper "rawmemchr" state actuals
+ ~print_call:true Search_char_stop_char ~has_n:false ~is_ret_pointer:true
+let () = Builtins.register_builtin "Frama_C_rawmemchr" frama_c_rawmemchr
+
+let frama_c_memchr state actuals =
+ search_char_n_wrapper "memchr" state actuals
+ ~print_call:true Search_char_stop_char ~has_n:true ~is_ret_pointer:true
+let () = Builtins.register_builtin "Frama_C_memchr" frama_c_memchr
+
+let frama_c_strchr state actuals =
+ search_char_n_wrapper "strchr" state actuals
+ ~print_call:true Search_char_stop_zero ~has_n:false ~is_ret_pointer:true
+let () = Builtins.register_builtin "Frama_C_strchr" frama_c_strchr
diff --git a/src/plugins/value/builtins_nonfree_string.mli b/src/plugins/value/builtins_nonfree_string.mli
new file mode 100644
index 00000000000..7d4a67a2550
--- /dev/null
+++ b/src/plugins/value/builtins_nonfree_string.mli
@@ -0,0 +1,17 @@
+(**************************************************************************)
+(* *)
+(* This file is part of Frama-C. *)
+(* *)
+(* Copyright (C) 2007-2015 *)
+(* CEA (Commissariat à l'énergie atomique et aux énergies *)
+(* alternatives) *)
+(* *)
+(* All rights reserved. *)
+(* Contact CEA LIST for licensing. *)
+(* *)
+(**************************************************************************)
+
+(** Non-free Value builtins. Contact CEA LIST for licensing *)
+
+(** Nothing is exported, all the builtins are registered through
+ {Builtins.register_builtin} *)
diff --git a/tests/non-free/cmp.c b/tests/non-free/cmp.c
deleted file mode 100644
index 7e5d810339e..00000000000
--- a/tests/non-free/cmp.c
+++ /dev/null
@@ -1,9 +0,0 @@
-/* run.config
- OPT: -cpp-extra-args="-nostdinc -Ishare/libc" -val -no-results -val-builtin memcmp:Frama_C_memcmp
-*/
-
-#include "string.h"
-
-int main(int c, int d){
- memcmp(c, d, 0);
-}
diff --git a/tests/non-free/memchr.c b/tests/non-free/memchr.c
new file mode 100644
index 00000000000..f9282205feb
--- /dev/null
+++ b/tests/non-free/memchr.c
@@ -0,0 +1,575 @@
+#include "__fc_builtin.h"
+
+static volatile int nondet;
+#define assert_bottom(exp,id) if (nondet) { exp; Frama_C_show_each_unreachable_ ## id(); }
+#define memchr Frama_C_memchr
+//@ assigns \result \from ((char*)s)[0..], c, n;
+void *Frama_C_memchr(const void *s, int c, size_t n);
+const char* static_str = "Hello World\n";
+const char* zero_str = "abc\0\0\0abc";
+#define TSZ 12
+
+// Definitions for C++ oracle checking
+typedef int Ival;
+typedef int RES;
+#define NONDET(a,b) (nondet ? (a) : (b))
+#define IF_NONDET(var,val) if (nondet) var = val
+#define RANGE(from,to) Frama_C_interval(from,to)
+#define CHAR_ARRAY(var,n) char var[n]
+#define CHAR_PTR(var) char *var
+#define STRING(var,str) var = str;
+
+const char* tab_str[TSZ] =
+ {
+ "" , // 0
+ "a", // 1
+ "aa" , // 2
+ "aaa" , // 3
+ "aaaa" , // 4
+ "aaaaa" , // 5
+ "aaaaaa" , // 6
+ /* hole */
+ "aaaaaaaaa" , // 9
+ "aaaaaaaaaa" ,
+ "aaaaaaaaaaa",
+ "aaaaaaaaaaaa" ,
+ "aaaaaaaaaaaaa" }; // 13
+
+char unterminated_string[12] = "unterminated";
+
+int my_memchr(const void *p, size_t offs, int c, size_t n) {
+ const char *s = (const char*) p;
+ char *ss = memchr(s+offs,c,n);
+ int res;
+ if (ss == 0) {
+ res = -1;
+ } else {
+ res = ss - p;
+ }
+ Frama_C_show_each_mymemchr(res);
+ return res;
+}
+
+int my_memchr2(const void *p, const void *base, size_t offs, int c, size_t n) {
+ char *s = memchr(((const char *)p)+offs,c,n);
+ int res;
+ if (s == 0) {
+ res = -1;
+ } else {
+ res = s - base;
+ }
+ Frama_C_show_each_mymemchr2(res);
+ return res;
+}
+
+void small_sets(char c) {
+ CHAR_PTR(s);
+ STRING(s,"abc");
+ Ival o = NONDET(0, 1);
+ RES z1 = my_memchr(s, o, c, 4);
+ //@ assert (z1 == 2 || z1 == 3);
+ STRING(s,"\0bc");
+ o = NONDET(0,1);
+ RES z2 = my_memchr(s, o, c, 3);
+ Frama_C_show_each_z2(z2);
+ //@ assert (z2 == 0 || z2 == 2);
+ STRING(s,"");
+ RES z3 = my_memchr(s, 0, c, 0);
+ //@ assert (z3 == -1);
+ STRING(s,"b\0c");
+ o = NONDET(0,2);
+ RES z4 = my_memchr(s, o, c, 2);
+ //@ assert (z4 == 1);
+ CHAR_ARRAY(t, 4);
+ t[0] = t[1] = NONDET(0, 1);
+ t[2] = t[3] = 1;
+ RES z5 = my_memchr(t, 0, c, 4); // no warning
+ //@ assert z5 == -1 || z5 == 0 || z5 == 1;
+}
+
+void zero_termination(char c) {
+ CHAR_ARRAY(empty_or_non_terminated, 1);
+ empty_or_non_terminated[0] = NONDET(0, 100);
+ RES z1 = my_memchr(empty_or_non_terminated, 0, c, 1);
+ //@ assert z1 == -1 || z1 == 0;
+
+ CHAR_ARRAY(non_terminated, 1);
+ non_terminated[0] = 'X';
+ RES z2 = my_memchr(non_terminated, 0, c, 1);
+ //@ assert z2 == -1;
+ assert_bottom(my_memchr(non_terminated, 0, c, 2), non_terminated);
+
+ CHAR_ARRAY(non_terminated2, 4);
+ non_terminated2[0] = 76; non_terminated2[1] = 0;
+ non_terminated2[2] = 28; non_terminated2[3] = 14;
+ Ival o = NONDET(2, 3);
+ assert_bottom(my_memchr(non_terminated2, o, c, 4), non_terminated2);
+}
+
+void initialization(char c) {
+ char empty_or_uninitialized[1];
+ IF_NONDET(empty_or_uninitialized[0], 0);
+ RES z1 = my_memchr(empty_or_uninitialized, 0, c, 1);
+ //@ assert (z1 == -1 || z1 == 0);
+
+ char uninitialized[1];
+ assert_bottom(my_memchr(uninitialized, 0, c, 1),uninitialized);
+
+ CHAR_ARRAY(s, 2);
+ IF_NONDET(s[0], 1);
+ s[1] = 0;
+ RES z2 = my_memchr(s, 0, c, 2);
+ //@ assert (z2 == 1);
+
+ CHAR_ARRAY(t,4);
+ t[0] = t[1] = 10;
+ IF_NONDET(t[2], 10);
+ t[3] = 0;
+ RES z3 = my_memchr(t, 0, c, 4);
+ //@ assert (z3 == 3);
+}
+
+typedef struct {
+ int a:8;
+ int b:8;
+ int c:17;
+} st;
+
+void bitfields(char c) {
+ st s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ assert_bottom(Frama_C_memchr(p, c, 3),bitfields);
+}
+
+typedef struct {
+ int a:4;
+ int b:4;
+ int c:17;
+} st2;
+
+void bitfields2(char c) {
+ st2 s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ RES z1 = my_memchr(p, 0, c, 3);
+ //@assert (z1 == 2);
+}
+
+void init_array_nondet(char *a, int from, int to, int val1, int val2) {
+ int val = nondet ? val1 : val2;
+ Frama_C_memset(a + from, val, to-from+1);
+ from = to = val1 = val2 = -1; // reset to minimize oracle changes
+}
+
+void large(char c) {
+ char a[100];
+ init_array_nondet(a, 0, 99, 1, 2);
+ a[20] = 0;
+ a[75] = 0;
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_memchr(a, offset, c, 100);
+ //@ assert (z1 >= 0 && z1 <= 54);
+
+ offset = RANGE(5, 17);
+ RES z2 = my_memchr(a, offset, c, 100);
+ //@ assert (z2 >= 3 && z2 <= 15);
+
+ offset = RANGE(60, 74);
+ RES z3 = my_memchr(a, offset, c, 100);
+ //@ assert (z3 >= 1 && z3 <= 15);
+
+ offset = RANGE(63, 80);
+ RES z4 = my_memchr(a, offset, c, 100);
+ //@ assert (z4 >= 0 && z4 <= 12);
+
+ init_array_nondet(a, 0, 99, 0, 2);
+ offset = RANGE(50, 70);
+ RES z5 = my_memchr(a, offset, c, 100);
+ //@ assert (z5 >= 0 && z5 <= 49);
+}
+
+void large_uninit(char c) {
+ char a[100];
+ init_array_nondet(a, 0, 39, 1, 2);
+ init_array_nondet(a, 50, 94, 3, 4);
+ a[20] = 0;
+ a[75] = 0;
+
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_memchr(a, offset, c, 100);
+ //@ assert (z1 >= 0 && z1 <= 17);
+
+ a[98] = 0;
+ offset = RANGE(63, 80);
+ RES z2 = my_memchr(a, offset, c, 100);
+ //@ assert (z2 >= 0 && z2 <= 12);
+
+ offset = RANGE(45, 55);
+ RES z3 = my_memchr(a, offset, c, 100);
+ //@ assert (z3 >= 20 && z3 <= 25);
+
+ offset = 0; // avoid oracle diffs when changed
+}
+
+void escaping(char c) {
+ CHAR_ARRAY(s,4);
+ {
+ int x;
+ *((int *)s) = &x;
+ }
+ IF_NONDET(s[0], 0);
+ RES z1 = my_memchr(s, 0, c, 4); // alarm
+ //@ assert (z1 == 0);
+ s[0] = 0;
+ RES z2 = my_memchr(s, 0, c, 4); // no alarm
+ //@ assert (z2 == 0);
+}
+
+void misc(char c) {
+ const char* loc_str = "Bonjour Monde\n";
+ char loc_char_array[5];
+ RES sz1,sz2,sz3,sz4,sz5,sz6,sz7,sz8;
+ int x = 0xabcdef00;
+ RES z = 0x12345600;
+ int i;
+ char *str;
+
+ assert_bottom(Frama_C_memchr(unterminated_string, c, 13),unterminated_string);
+
+ str = nondet ? static_str : loc_str;
+ sz1 = my_memchr(str, 0, c, 15);
+ //@ assert(sz1 == 12 || sz1 == 14);
+ str = &x;
+ char *base = str;
+ str = nondet ? str : str + 3;
+ sz2 = my_memchr2(str, base, 0, c, 12);
+ //@ assert(sz2 == 0) ; // no, could also do an RTE
+ i = Frama_C_interval(0,TSZ-1);
+ str = tab_str[i];
+ sz3 = my_memchr(str, 0, c, 14);
+ //@ assert(sz3 >= 0 && sz3 <= 13);
+ loc_char_array[3] = '\0';
+ assert_bottom(my_memchr(loc_char_array, 0, c, 5),loc_char_array);
+ sz4 = my_memchr(zero_str, 0, c, 9);
+ //@ assert(sz4 == 3);
+ char *s1 = nondet ? "abc" : "ABCD";
+ char *s2 = nondet ? s1 : s1+1;
+ sz5 = my_memchr2(s2, s1, 0, c, 5);
+ //@ assert(sz5 >= 2 && sz5 <= 4);
+
+ s1 = nondet ? "efg" : "EFGH";
+ s2 = nondet ? s1+1 : s1+2;
+ sz6 = my_memchr2(s2, s1, 0, c, 5);
+ //@ assert(sz6 >= 1 && sz6 <= 3);
+
+ s1 = nondet ? "mno\0pqr" : "MNOP\0QRS";
+ for (int j = 0; j < 8; j++) {
+ sz7 = my_memchr(s1, j, c, 10);
+ //@ assert(sz7 >= 0 && sz7 <= 4);
+ }
+
+ char maybe_init[2];
+ maybe_init[1] = '\0';
+ IF_NONDET(maybe_init[0], 'A');
+ sz8 = my_memchr(maybe_init, 0, c, 2);
+ //@ assert(sz8 == 1);
+}
+
+void big_array (char c) {
+ int u[200];
+ int r[201];
+ int t[1000000];
+ int *p;
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+ p = &t[nondet];
+ *p = 0x10230067;
+
+ unsigned long len_u;
+ unsigned long len_r;
+ unsigned long len_t;
+
+ len_u = my_memchr(u, 0, c, 800); // below plevel; precise
+ len_r = my_memchr(r, 0, c, 805); // above plevel; imprecise
+ len_t = my_memchr(t, 0, c, 4000001); // *far* above plevel
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u == 1;
+ //@ assert len_r >= 1 && len_r <= 801;
+ //@ assert len_t >= 1 && len_t <= 3999997;
+
+ len_u = my_memchr(u, 0, c, 1600); // should be precise
+ len_r = my_memchr(r, 0, c, 1608);
+ len_t = my_memchr(t, 0, c, 8000000);
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u >= 0 && len_u <= 3;
+ //@ assert len_r >= 0 && len_r <= 802;
+ //@ assert len_t >= 0 && len_t <= 3999998;
+}
+
+void no_zero_but_ok(char c) {
+ CHAR_ARRAY(s,20);
+ s[0] = s[1] = s[2] = s[3] = s[4] = s[5] = s[6] = s[7] = s[8] = s[9] = 1;
+ s[10] = 0;
+ s[11] = s[12] = s[13] = 1;
+ s[14] = s[15] = s[16] = s[17] = s[18] = s[19] = nondet ? 1 : 0;
+ RES z1 = my_memchr(s, 0, c, 5);
+ //@assert z1 == -1;
+ RES z2 = my_memchr(s, 0, c, 11);
+ //@assert z2 == 10;
+ char *p = nondet ? s+1 : s+8;
+ RES z3 = my_memchr2(p, s, 0, c, 11);
+ //@assert z3 == 2 || z3 == 9;
+ p = nondet ? s+7 : s+11;
+ RES z4 = my_memchr2(p, s, 0, c, 4);
+ //@assert z4 == -1 || z4 == 3;
+ p = nondet ? s+7 : s+18;
+ RES z5 = my_memchr2(p, s, 0, c, 5); // maybe_indet = true
+ //@assert z5 == 0 || z5 == 1 || z5 == 3;
+}
+
+void small_sets_n(char c) {
+ char *s;
+ STRING(s,"abcde");
+ char *p = nondet ? s : s+1;
+ char n = nondet ? 2 : 5;
+ RES z1 = my_memchr2(p, s, 0, c, n);
+ //@assert z1 == -1 || z1 == 4;
+
+ STRING(s,"\0bcdef");
+ p = nondet ? s : s+1;
+ n = nondet ? 1 : 6;
+ RES z2 = my_memchr2(p, s, 0, c, n);
+ //@assert z2 == -1 || z2 == 0 || z2 == 5;
+
+ STRING(s,"bcd\0efg");
+ p = nondet ? s : s+2;
+ RES z3a = my_memchr2(p, s, 0, c, 4);
+ //@assert z3a == 1 || z3a == 3;
+
+ p = nondet ? s : s+2;
+ n = nondet ? 3 : 4;
+ RES z3b = my_memchr2(p, s, 0, c, n);
+ //@assert z3b == -1 || z3b == 1 || z3b == 3;
+
+ p = nondet ? s : s+2;
+ n = nondet ? 2 : 3;
+ RES z3 = my_memchr2(p, s, 0, c, n);
+ //@assert z3 == -1 || z3 == 1;
+
+ p = nondet ? s : nondet ? s+2 : s+4;
+ n = nondet ? 2 : 7;
+ RES z4 = my_memchr2(p, s, 0, c, n); // alarm
+ //@assert z4 == -1 || z4 == 1 || z4 == 3;
+}
+
+void large_n(char c) {
+ CHAR_ARRAY(a, 100);
+ init_array_nondet(a, 0, 99, 1, 2);
+ a[15] = 0;
+ a[28] = 0;
+ a[40] = 0;
+ a[75] = 0;
+ Ival offset = RANGE(3, 30);
+ Ival n = RANGE(10, 20);
+ RES z1 = my_memchr(a, offset, c, n);
+ //@assert -1 <= z1 <= 12;
+
+ a[28] = 1;
+ a[29] = 0;
+ RES z2 = my_memchr(a, offset, c, n);
+ //@assert -1 <= z2 <= 13;
+
+ a[40] = 1;
+ RES z3 = my_memchr(a, offset, c, n); // no alarm
+ //@assert -1 <= z3 <= 13;
+
+ offset = RANGE(5, 17);
+ RES z4 = my_memchr(a, offset, c, n);
+ //@assert -1 <= z4 <= 13;
+
+ offset = RANGE(60, 74);
+ RES z5 = my_memchr(a, offset, c, n);
+ //@assert -1 <= z5 <= 15;
+
+ offset = RANGE(63, 80);
+ RES z6 = my_memchr(a, offset, c, n); // no alarm
+ //@assert -1 <= z6 <= 12;
+
+ init_array_nondet(a, 0, 99, 0, 2);
+ offset = RANGE(50, 70);
+ RES z7 = my_memchr(a, offset, c, n);
+ //@assert -1 <= z7 <= 19;
+
+ n = RANGE(0, 100);
+ RES z8 = my_memchr(a, offset, c, n); // alarm
+ //@assert -1 <= z8 <= 49;
+
+ offset = RANGE(0, 10);
+ n = RANGE(0, 90);
+ RES z9 = my_memchr(a, offset, c, n); // no alarm
+ //@assert -1 <= z9 <= 89;
+}
+
+void unbounded_n(char c) {
+ int n = nondet;
+ if (n < 0) n = 0;
+ char *s;
+ STRING(s,"abc");
+ RES zu1 = my_memchr(s, 0, c, n);
+ //@ assert zu1 == -1 || zu1 == 3;
+ Ival o = NONDET(0,1);
+ RES zu2 = my_memchr(s, o, c, n);
+ //@ assert zu2 == -1 || zu2 == 2 || zu2 == 3;
+ STRING(s,"bcd\0eg");
+ RES zu3 = my_memchr(s, 0, c, n);
+ //@ assert zu3 == -1 || zu3 == 3;
+}
+
+void intervals(char c) {
+ CHAR_ARRAY(a, 100);
+ init_array_nondet(a, 0, 9, 0, 1);
+ init_array_nondet(a, 3, 6, 1, 1);
+ init_array_nondet(a, 11, 11, 0, 1);
+ init_array_nondet(a, 12, 15, 1, 1);
+ init_array_nondet(a, 16, 19, 0, 1);
+
+ Ival offset = RANGE(0,9);
+ Ival n = RANGE(0, 10);
+ RES z1 = my_memchr(a, offset, c, n);
+ //@ assert z1 >= -1 && z1 <= 9;
+
+ offset = RANGE(3,9);
+ n = RANGE(2,10);
+ RES z2 = my_memchr(a, offset, c, n);
+ //@ assert z2 >= -1 && z2 <= 6;
+
+ offset = RANGE(3,9);
+ n = RANGE(0,11);
+ RES z3 = my_memchr(a, offset, c, n);
+ //@ assert z3 >= -1 && z3 <= 6;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,9);
+ RES z4 = my_memchr(a, offset, c, n);
+ //@ assert z4 >= -1 && z4 <= 6;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,10);
+ RES z5 = my_memchr(a, offset, c, n);
+ //@ assert z5 >= -1 && z5 <= 6;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,11);
+ RES z6 = my_memchr(a, offset, c, n);
+ //@ assert z6 >= -1 && z6 <= 6;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,10);
+ RES z7 = my_memchr(a, offset, c, n);
+ //@ assert z7 >= -1 && z7 <= 8;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,10);
+ RES z8 = my_memchr(a, offset, c, n);
+ //@ assert z8 >= -1 && z8 <= 8;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,11);
+ RES z9 = my_memchr(a, offset, c, n);
+ //@ assert z9 >= -1 && z9 <= 8;
+}
+
+void small_sets_no_assertions(char c, RES *res) {
+ CHAR_PTR(s);
+ STRING(s,"abc");
+ Ival o = NONDET(0, 1);
+ res[0] = my_memchr(s, o, c, 4);
+ STRING(s,"\0bc");
+ o = NONDET(0,1);
+ res[1] = my_memchr(s, o, c, 3);
+ STRING(s,"");
+ res[2] = my_memchr(s, 0, c, 0);
+ STRING(s,"b\0c");
+ o = NONDET(0,2);
+ res[3] = my_memchr(s, o, c, 2);
+ CHAR_ARRAY(t, 4);
+ t[0] = t[1] = NONDET(c, 1);
+ t[2] = t[3] = 1;
+ res[4] = my_memchr(t, 0, c, 4);
+}
+
+void small_sets_chars() {
+ char c = 'a';
+ RES res[5];
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_res_a(res[0], res[1], res[2], res[3], res[4]);
+ //@ assert res[0] == 0 || res[0] == -1; // alarm
+ //@ assert res[1] == -1; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // no alarm
+ c = 'b';
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_res_b(res[0], res[1], res[2], res[3], res[4]);
+ //@ assert res[0] == 0 || res[0] == 1; // no alarm
+ //@ assert res[1] == 0 || res[1] == 1; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // no alarm
+
+ c = nondet ? 'a' : 'b'; // c IN {a; b}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_res_a_b(res[0], res[1], res[2], res[3], res[4]);
+ //@ assert res[0] == -1 || res[0] == 0 || res[0] == 1; // alarm
+ //@ assert res[1] == -1 || res[1] == 0 || res[1] == 1; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // no alarm
+
+ c = nondet ? 'b' : 'c'; // c IN {b; c}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_res_b_c(res[0], res[1], res[2], res[3], res[4]);
+ //@ assert -1 <= res[0] && res[0] <= 2; // no alarm
+ //@ assert -1 <= res[1] && res[1] <= 2; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0 || res[3] == 2; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // no alarm
+
+ if (nondet) c = 0; // c IN {b; c; 0}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_res_b_c_0(res[0], res[1], res[2], res[3], res[4]);
+ //@ assert -1 <= res[0] && res[0] <= 3; // no alarm
+ //@ assert -1 <= res[1] && res[1] <= 2; // no alarm
+ //@ assert res[2] == -1 || res[2] == 0; // no alarm
+ //@ assert -1 <= res[3] && res[3] <= 2; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // no alarm
+}
+
+int main () {
+ char c = 0;
+ small_sets(c);
+ zero_termination(c);
+ initialization(c);
+ large(c);
+ large_uninit(c);
+ misc(c);
+ bitfields(c);
+ bitfields2(c);
+ escaping(c);
+ big_array(c);
+ no_zero_but_ok(c);
+ small_sets_n(c);
+ large_n(c);
+ unbounded_n(c);
+ intervals(c);
+ small_sets_chars();
+
+ return 0;
+}
diff --git a/tests/non-free/memcmp.c b/tests/non-free/memcmp.c
deleted file mode 100644
index f85ac7b18c3..00000000000
--- a/tests/non-free/memcmp.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/* run.config
- STDOPT:
-*/
-#include "__fc_builtin.h"
-
-/*@ assigns \result \from ((char*)s1)[0.. n-1], ((char*)s2)[0.. n-1]; */
-extern int Frama_C_memcmp (const void *s1, const void *s2, size_t n);
-
-
-int main() {
- unsigned char t[6] = { 0xef, 0xcd , 0xab , 0x00, 0x01, 0x01 };
- char s[6] = { 0xef, 0xcd , 0xab , 0x00, 0x01, 0x01 };
- const char* s1 = "hello world\n";
- const char* s2 = "bla+hello world\n";
-
- int x = 0x00abcdef;
- int y = 0x01abcdef;
-
- int z = Frama_C_memcmp(&x,&x,4);
- //@ assert(z == 0);
-
- int a = Frama_C_memcmp(&x,&y,4);
- //@ assert(a < 0);
-
- int b = Frama_C_memcmp(&y,&x,4);
- //@ assert(b > 0);
-
- int c = Frama_C_memcmp(&x,t,4);
- //@ assert(c == 0);
-
- int d = Frama_C_memcmp(t,&x,4);
- //@ assert(d == 0);
-
- int e = Frama_C_memcmp(s,&x,4);
- //@ assert(e == 0);
-
- int f = Frama_C_memcmp(&x,s,4);
- //@ assert(f == 0);
-
- // int g = Frama_C_memcmp(&x,s,6);
-
- int h = Frama_C_memcmp(s1,s2+4,13);
- //@ assert(h == 0);
-
- return 0;
-}
diff --git a/tests/non-free/oracle/memchr.err.oracle b/tests/non-free/oracle/memchr.err.oracle
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/non-free/oracle/memchr.res.oracle b/tests/non-free/oracle/memchr.res.oracle
new file mode 100644
index 00000000000..fa1a60edf5f
--- /dev/null
+++ b/tests/non-free/oracle/memchr.res.oracle
@@ -0,0 +1,1775 @@
+[kernel] Parsing share/libc/__fc_builtin_for_normalization.i (no preprocessing)
+[kernel] Parsing tests/non-free/memchr.c (with preprocessing)
+[value] Analyzing a complete application starting at main
+[value] Computing initial state
+[value] Initial state computed
+[value] Values of globals at initialization
+ Frama_C_entropy_source ∈ [--..--]
+ static_str ∈ {{ "Hello World\n" }}
+ zero_str ∈ {{ "abc\000\000\000abc" }}
+ tab_str[0] ∈ {{ "" }}
+ [1] ∈ {{ "a" }}
+ [2] ∈ {{ "aa" }}
+ [3] ∈ {{ "aaa" }}
+ [4] ∈ {{ "aaaa" }}
+ [5] ∈ {{ "aaaaa" }}
+ [6] ∈ {{ "aaaaaa" }}
+ [7] ∈ {{ "aaaaaaaaa" }}
+ [8] ∈ {{ "aaaaaaaaaa" }}
+ [9] ∈ {{ "aaaaaaaaaaa" }}
+ [10] ∈ {{ "aaaaaaaaaaaa" }}
+ [11] ∈ {{ "aaaaaaaaaaaaa" }}
+ unterminated_string[0] ∈ {117}
+ [1] ∈ {110}
+ [2] ∈ {116}
+ [3] ∈ {101}
+ [4] ∈ {114}
+ [5] ∈ {109}
+ [6] ∈ {105}
+ [7] ∈ {110}
+ [8] ∈ {97}
+ [9] ∈ {116}
+ [10] ∈ {101}
+ [11] ∈ {100}
+ nondet ∈ [--..--]
+[value] computing for function small_sets <- main.
+ Called from tests/non-free/memchr.c:557.
+[value] computing for function my_memchr <- small_sets <- main.
+ Called from tests/non-free/memchr.c:69.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{0},{4}))
+[value] Called Frama_C_show_each_mymemchr({2; 3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:70:[value] Assertion got status valid.
+[value] computing for function my_memchr <- small_sets <- main.
+ Called from tests/non-free/memchr.c:73.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{0},{3}))
+[value] Called Frama_C_show_each_mymemchr({0; 2})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Called Frama_C_show_each_z2({0; 2})
+tests/non-free/memchr.c:75:[value] Assertion got status valid.
+[value] computing for function my_memchr <- small_sets <- main.
+ Called from tests/non-free/memchr.c:77.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{0},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:78:[value] Assertion got status valid.
+[value] computing for function my_memchr <- small_sets <- main.
+ Called from tests/non-free/memchr.c:81.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{0},{2}))
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:82:[value] Assertion got status valid.
+[value] computing for function my_memchr <- small_sets <- main.
+ Called from tests/non-free/memchr.c:86.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{0},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:87:[value] Assertion got status valid.
+[value] Recording results for small_sets
+[value] Done for function small_sets
+[value] computing for function zero_termination <- main.
+ Called from tests/non-free/memchr.c:558.
+[value] computing for function my_memchr <- zero_termination <- main.
+ Called from tests/non-free/memchr.c:93.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&empty_or_non_terminated }},{0},{1}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:94:[value] Assertion got status valid.
+[value] computing for function my_memchr <- zero_termination <- main.
+ Called from tests/non-free/memchr.c:98.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&non_terminated }},{0},{1}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:99:[value] Assertion got status valid.
+[value] computing for function my_memchr <- zero_termination <- main.
+ Called from tests/non-free/memchr.c:100.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&non_terminated }},{0},{2}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ reading indeterminate data
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- zero_termination <- main.
+ Called from tests/non-free/memchr.c:106.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&non_terminated2{[2], [3]} }},
+ {0},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ reading indeterminate data
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for zero_termination
+[value] Done for function zero_termination
+[value] computing for function initialization <- main.
+ Called from tests/non-free/memchr.c:559.
+[value] computing for function my_memchr <- initialization <- main.
+ Called from tests/non-free/memchr.c:112.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&empty_or_uninitialized }},{0},{1}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:113:[value] Assertion got status valid.
+[value] computing for function my_memchr <- initialization <- main.
+ Called from tests/non-free/memchr.c:116.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&uninitialized }},{0},{1}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ reading indeterminate data
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- initialization <- main.
+ Called from tests/non-free/memchr.c:121.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{2}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:122:[value] Assertion got status valid.
+[value] computing for function my_memchr <- initialization <- main.
+ Called from tests/non-free/memchr.c:128.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{0},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:129:[value] Assertion got status valid.
+[value] Recording results for initialization
+[value] Done for function initialization
+[value] computing for function large <- main.
+ Called from tests/non-free/memchr.c:560.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/memchr.c:171.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/memchr.c:174.
+[value] using specification for function Frama_C_interval
+share/libc/__fc_builtin.h:51:[value] Function Frama_C_interval: precondition got status valid.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large <- main.
+ Called from tests/non-free/memchr.c:175.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..30] }},{0},{100}))
+[value] Called Frama_C_show_each_mymemchr([0..54])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:176:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/memchr.c:178.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large <- main.
+ Called from tests/non-free/memchr.c:179.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [5..17] }},{0},{100}))
+[value] Called Frama_C_show_each_mymemchr([3..15])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:180:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/memchr.c:182.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large <- main.
+ Called from tests/non-free/memchr.c:183.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [60..74] }},{0},{100}))
+[value] Called Frama_C_show_each_mymemchr([1..15])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:184:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/memchr.c:186.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large <- main.
+ Called from tests/non-free/memchr.c:187.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [63..80] }},{0},{100}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([0..12])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:188:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/memchr.c:190.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/memchr.c:191.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large <- main.
+ Called from tests/non-free/memchr.c:192.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [50..70] }},{0},{100}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([0..49])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:193:[value] Assertion got status valid.
+[value] Recording results for large
+[value] Done for function large
+[value] computing for function large_uninit <- main.
+ Called from tests/non-free/memchr.c:561.
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:198.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{40}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:199.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a[50] }},{3; 4},{45}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:203.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:204.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..30] }},{0},{100}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([0..17])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:205:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:208.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:209.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [63..80] }},{0},{100}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([0..12])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:210:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:212.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_uninit <- main.
+ Called from tests/non-free/memchr.c:213.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [45..55] }},{0},{100}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({20; 21; 22; 23; 24; 25})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:214:[value] Assertion got status valid.
+[value] Recording results for large_uninit
+[value] Done for function large_uninit
+[value] computing for function misc <- main.
+ Called from tests/non-free/memchr.c:562.
+tests/non-free/memchr.c:242:[value] Call to builtin memchr(({{ (void const *)&unterminated_string }},{0},{13}))
+tests/non-free/memchr.c:242:[value] warning: built-in memchr: tests/non-free/memchr.c:242:
+ reading indeterminate data
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:245.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "Hello World\n" ; "Bonjour Monde\n" }},{0},{15}))
+tests/non-free/memchr.c:47:[kernel] warning: pointer subtraction: assert \base_addr(ss) ≡ \base_addr((char *)p);
+[value] Called Frama_C_show_each_mymemchr({12; 14})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:246:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- misc <- main.
+ Called from tests/non-free/memchr.c:250.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ &x + {0; 3} }},{0},{12}))
+tests/non-free/memchr.c:54:[value] warning: built-in memchr: tests/non-free/memchr.c:54:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr2({0})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:251:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- misc <- main.
+ Called from tests/non-free/memchr.c:252.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:254.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ;
+ "aaaaaa" ; "aaaaaaaaa" ; "aaaaaaaaaa" ;
+ "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ;
+ "aaaaaaaaaaaaa" }},{0},{14}))
+[value] Called Frama_C_show_each_mymemchr([0..13])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:255:[value] Assertion got status valid.
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:257.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&loc_char_array }},{0},{5}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ reading indeterminate data
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:258.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc\000\000\000abc" }},{0},{9}))
+[value] Called Frama_C_show_each_mymemchr({3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:259:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- misc <- main.
+ Called from tests/non-free/memchr.c:262.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "abc" + {0; 1} ; "ABCD" + {0; 1} }},{0},{5}))
+tests/non-free/memchr.c:59:[kernel] warning: pointer subtraction: assert \base_addr(s) ≡ \base_addr((char *)base);
+[value] Called Frama_C_show_each_mymemchr2({2; 3; 4})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:263:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- misc <- main.
+ Called from tests/non-free/memchr.c:267.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "efg" + {1; 2} ; "EFGH" + {1; 2} }},{0},{5}))
+[value] Called Frama_C_show_each_mymemchr2({1; 2; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:268:[value] Assertion got status valid.
+tests/non-free/memchr.c:271:[value] entering loop for the first time
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" ; "MNOP\000QRS" }},{0},{10}))
+[value] Called Frama_C_show_each_mymemchr({3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:273:[value] Assertion got status valid.
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" + {0; 1} ; "MNOP\000QRS" + {0; 1} }},
+ {0},{10}))
+[value] Called Frama_C_show_each_mymemchr({2; 3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" + {0; 1; 2} ;
+ "MNOP\000QRS" + {0; 1; 2} }},{0},{10}))
+[value] Called Frama_C_show_each_mymemchr({1; 2; 3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" + {0; 1; 2; 3} ;
+ "MNOP\000QRS" + {0; 1; 2; 3} }},{0},{10}))
+[value] Called Frama_C_show_each_mymemchr({0; 1; 2; 3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" + {0; 1; 2; 3; 4} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4} }},{0},{10}))
+[value] Called Frama_C_show_each_mymemchr({0; 1; 2; 3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:272.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "mno\000pqr" + {0; 1; 2; 3; 4; 5; 6; 7} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4; 5; 6; 7} }},
+ {0},{10}))
+[value] Called Frama_C_show_each_mymemchr({0; 1; 2; 3; 4})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- misc <- main.
+ Called from tests/non-free/memchr.c:279.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&maybe_init }},{0},{2}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:280:[value] Assertion got status valid.
+[value] Recording results for misc
+[value] Done for function misc
+[value] computing for function bitfields <- main.
+ Called from tests/non-free/memchr.c:563.
+tests/non-free/memchr.c:144:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{3}))
+tests/non-free/memchr.c:144:[value] warning: built-in memchr: tests/non-free/memchr.c:144:
+ reading indeterminate data
+[value] Recording results for bitfields
+[value] Done for function bitfields
+[value] computing for function bitfields2 <- main.
+ Called from tests/non-free/memchr.c:564.
+[value] computing for function my_memchr <- bitfields2 <- main.
+ Called from tests/non-free/memchr.c:159.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{3}))
+[value] Called Frama_C_show_each_mymemchr({2})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:160:[value] Assertion got status valid.
+[value] Recording results for bitfields2
+[value] Done for function bitfields2
+[value] computing for function escaping <- main.
+ Called from tests/non-free/memchr.c:565.
+tests/non-free/memchr.c:223:[value] warning: locals {x} escaping the scope of a block of escaping through s
+[value] computing for function my_memchr <- escaping <- main.
+ Called from tests/non-free/memchr.c:226.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible escaping addresses
+[value] Called Frama_C_show_each_mymemchr({0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:227:[value] Assertion got status valid.
+[value] computing for function my_memchr <- escaping <- main.
+ Called from tests/non-free/memchr.c:229.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{4}))
+[value] Called Frama_C_show_each_mymemchr({0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:230:[value] Assertion got status valid.
+[value] Recording results for escaping
+[value] Done for function escaping
+[value] computing for function big_array <- main.
+ Called from tests/non-free/memchr.c:566.
+tests/non-free/memchr.c:289:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/memchr.c:291:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/memchr.c:293:[kernel] warning: out of bounds write. assert \valid(p);
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:299.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&u }},{0},{800}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:300.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&r }},{0},{805}))
+tests/non-free/memchr.c:42:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:301.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{0},{4000001}))
+tests/non-free/memchr.c:42:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Called Frama_C_show_each({1}, {1}, {1})
+tests/non-free/memchr.c:303:[value] Assertion got status valid.
+tests/non-free/memchr.c:304:[value] Assertion got status valid.
+tests/non-free/memchr.c:305:[value] Assertion got status valid.
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:307.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&u }},{0},{1600}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:308.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&r }},{0},{1608}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- big_array <- main.
+ Called from tests/non-free/memchr.c:309.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{0},{8000000}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mymemchr({1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Called Frama_C_show_each({1}, {1}, {1})
+tests/non-free/memchr.c:311:[value] Assertion got status valid.
+tests/non-free/memchr.c:312:[value] Assertion got status valid.
+tests/non-free/memchr.c:313:[value] Assertion got status valid.
+[value] Recording results for big_array
+[value] Done for function big_array
+[value] computing for function no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:567.
+[value] computing for function my_memchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:322.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{5}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:323:[value] Assertion got status valid.
+[value] computing for function my_memchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:324.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&s }},{0},{11}))
+[value] Called Frama_C_show_each_mymemchr({10})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:325:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:327.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ (void const *)&s{[1], [8]} }},{0},{11}))
+[value] Called Frama_C_show_each_mymemchr2({2; 9})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:328:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:330.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ (void const *)&s{[7], [11]} }},{0},{4}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:331:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- no_zero_but_ok <- main.
+ Called from tests/non-free/memchr.c:333.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ (void const *)&s{[7], [18]} }},{0},{5}))
+tests/non-free/memchr.c:54:[value] warning: built-in memchr: tests/non-free/memchr.c:54:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr2({0; 1; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:334:[value] Assertion got status valid.
+[value] Recording results for no_zero_but_ok
+[value] Done for function no_zero_but_ok
+[value] computing for function small_sets_n <- main.
+ Called from tests/non-free/memchr.c:568.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:342.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "abcde" + {0; 1} }},{0},{2; 5}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 4})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:343:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:348.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "\000bcdef" + {0; 1} }},{0},{1; 6}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 0; 5})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:349:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:353.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "bcd\000efg" + {0; 2} }},{0},{4}))
+[value] Called Frama_C_show_each_mymemchr2({1; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:354:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:358.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "bcd\000efg" + {0; 2} }},{0},{3; 4}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 1; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:359:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:363.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "bcd\000efg" + {0; 2} }},{0},{2; 3}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 1})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:364:[value] Assertion got status valid.
+[value] computing for function my_memchr2 <- small_sets_n <- main.
+ Called from tests/non-free/memchr.c:368.
+tests/non-free/memchr.c:54:[value] Call to builtin memchr(({{ "bcd\000efg" + {0; 2; 4} }},{0},{2; 7}))
+[value] Called Frama_C_show_each_mymemchr2({-1; 1; 3})
+[value] Recording results for my_memchr2
+[value] Done for function my_memchr2
+tests/non-free/memchr.c:369:[value] Assertion got status valid.
+[value] Recording results for small_sets_n
+[value] Done for function small_sets_n
+[value] computing for function large_n <- main.
+ Called from tests/non-free/memchr.c:569.
+[value] computing for function init_array_nondet <- large_n <- main.
+ Called from tests/non-free/memchr.c:374.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:379.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:380.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:381.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..30] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..12])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:382:[value] Assertion got status valid.
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:386.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..30] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..13])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:387:[value] Assertion got status valid.
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:390.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..30] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..13])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:391:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:393.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:394.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [5..17] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..13])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:395:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:397.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:398.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [60..74] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..15])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:399:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:401.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:402.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [63..80] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..12])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:403:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large_n <- main.
+ Called from tests/non-free/memchr.c:405.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:406.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:407.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [50..70] }},{0},[10..20]))
+[value] Called Frama_C_show_each_mymemchr([-1..19])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:408:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:410.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:411.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [50..70] }},{0},[0..100]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([-1..49])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:412:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:414.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/memchr.c:415.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- large_n <- main.
+ Called from tests/non-free/memchr.c:416.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [0..10] }},{0},[0..90]))
+[value] Called Frama_C_show_each_mymemchr([-1..89])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:417:[value] Assertion got status valid.
+[value] Recording results for large_n
+[value] Done for function large_n
+[value] computing for function unbounded_n <- main.
+ Called from tests/non-free/memchr.c:570.
+[value] computing for function my_memchr <- unbounded_n <- main.
+ Called from tests/non-free/memchr.c:425.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" }},{0},[0..2147483647]))
+[value] Called Frama_C_show_each_mymemchr({-1; 3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:426:[value] Assertion got status valid.
+[value] computing for function my_memchr <- unbounded_n <- main.
+ Called from tests/non-free/memchr.c:428.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{0},[0..2147483647]))
+[value] Called Frama_C_show_each_mymemchr({-1; 2; 3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:429:[value] Assertion got status valid.
+[value] computing for function my_memchr <- unbounded_n <- main.
+ Called from tests/non-free/memchr.c:431.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "bcd\000eg" }},{0},[0..2147483647]))
+[value] Called Frama_C_show_each_mymemchr({-1; 3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:432:[value] Assertion got status valid.
+[value] Recording results for unbounded_n
+[value] Done for function unbounded_n
+[value] computing for function intervals <- main.
+ Called from tests/non-free/memchr.c:571.
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/memchr.c:437.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a }},{0; 1},{10}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/memchr.c:438.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a[3] }},{1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/memchr.c:439.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a[11] }},{0; 1},{1}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/memchr.c:440.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a[12] }},{1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/memchr.c:441.
+tests/non-free/memchr.c:165:[value] Call to builtin memset(({{ (void *)&a[16] }},{0; 1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:443.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:444.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:445.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [0..9] }},{0},[0..10]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([-1..9])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:446:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:448.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:449.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:450.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&a{[3], [4], [5], [6], [7], [8], [9]} }},
+ {0},[2..10]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3; 4; 5; 6})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:451:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:453.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:454.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:455.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&a{[3], [4], [5], [6], [7], [8], [9]} }},
+ {0},[0..11]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3; 4; 5; 6})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:456:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:458.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:459.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:460.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&a{[3], [4], [5], [6], [7], [8],
+ [9], [10]} }},{0},[0..9]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3; 4; 5; 6})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:461:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:463.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:464.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:465.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&a{[3], [4], [5], [6], [7], [8],
+ [9], [10]} }},{0},[0..10]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3; 4; 5; 6})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:466:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:468.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:469.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:470.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&a{[3], [4], [5], [6], [7], [8],
+ [9], [10]} }},{0},[0..11]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3; 4; 5; 6})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:471:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:473.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:474.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:475.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..11] }},{0},[0..10]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([-1..8])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:476:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:478.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:479.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:480.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..11] }},{0},[0..10]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([-1..8])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:481:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:483.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/memchr.c:484.
+[value] Done for function Frama_C_interval
+[value] computing for function my_memchr <- intervals <- main.
+ Called from tests/non-free/memchr.c:485.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ &a + [3..11] }},{0},[0..11]))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr([-1..8])
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+tests/non-free/memchr.c:486:[value] Assertion got status valid.
+[value] Recording results for intervals
+[value] Done for function intervals
+[value] computing for function small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:572.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:511.
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:493.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{97},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:496.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{97},{3}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:498.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{97},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:501.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{97},{2}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:505.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{97},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_res_a({0}, {-1}, {-1}, {-1}, {-1; 0; 1})
+tests/non-free/memchr.c:513:[value] Assertion got status valid.
+tests/non-free/memchr.c:514:[value] Assertion got status valid.
+tests/non-free/memchr.c:515:[value] Assertion got status valid.
+tests/non-free/memchr.c:516:[value] Assertion got status valid.
+tests/non-free/memchr.c:517:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:519.
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:493.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{98},{4}))
+[value] Called Frama_C_show_each_mymemchr({0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:496.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{98},{3}))
+[value] Called Frama_C_show_each_mymemchr({0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:498.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{98},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:501.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{98},{2}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:505.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{98},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_res_b({0; 1}, {0; 1}, {-1}, {-1; 0}, {-1; 0; 1})
+tests/non-free/memchr.c:521:[value] Assertion got status valid.
+tests/non-free/memchr.c:522:[value] Assertion got status valid.
+tests/non-free/memchr.c:523:[value] Assertion got status valid.
+tests/non-free/memchr.c:524:[value] Assertion got status valid.
+tests/non-free/memchr.c:525:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:528.
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:493.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{97; 98},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:496.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{97; 98},{3}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:498.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{97; 98},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:501.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{97; 98},{2}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:505.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{97; 98},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_res_a_b({-1; 0; 1},
+ {-1; 0; 1},
+ {-1},
+ {-1; 0},
+ {-1; 0; 1})
+tests/non-free/memchr.c:530:[value] Assertion got status valid.
+tests/non-free/memchr.c:531:[value] Assertion got status valid.
+tests/non-free/memchr.c:532:[value] Assertion got status valid.
+tests/non-free/memchr.c:533:[value] Assertion got status valid.
+tests/non-free/memchr.c:534:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:537.
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:493.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{98; 99},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:496.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{98; 99},{3}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:498.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{98; 99},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:501.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{98; 99},{2}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:505.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{98; 99},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_res_b_c({-1; 0; 1; 2},
+ {-1; 0; 1; 2},
+ {-1},
+ {-1; 0},
+ {-1; 0; 1})
+tests/non-free/memchr.c:539:[value] Assertion got status valid.
+tests/non-free/memchr.c:540:[value] Assertion got status valid.
+tests/non-free/memchr.c:541:[value] Assertion got status valid.
+tests/non-free/memchr.c:542:[value] Assertion got status valid.
+tests/non-free/memchr.c:543:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:546.
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:493.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "abc" + {0; 1} }},{0; 98; 99},{4}))
+tests/non-free/memchr.c:42:[value] warning: built-in memchr: tests/non-free/memchr.c:42:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2; 3})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:496.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "\000bc" + {0; 1} }},{0; 98; 99},{3}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1; 2})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:498.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "" }},{0; 98; 99},{0}))
+[value] Called Frama_C_show_each_mymemchr({-1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:501.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ "b\000c" + {0; 2} }},{0; 98; 99},{2}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] computing for function my_memchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/memchr.c:505.
+tests/non-free/memchr.c:42:[value] Call to builtin memchr(({{ (void const *)&t }},{0; 98; 99},{4}))
+[value] Called Frama_C_show_each_mymemchr({-1; 0; 1})
+[value] Recording results for my_memchr
+[value] Done for function my_memchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_res_b_c_0({-1; 0; 1; 2; 3},
+ {-1; 0; 1; 2},
+ {-1},
+ {-1; 0; 1},
+ {-1; 0; 1})
+tests/non-free/memchr.c:548:[value] Assertion got status valid.
+tests/non-free/memchr.c:549:[value] Assertion got status valid.
+tests/non-free/memchr.c:550:[value] Assertion got status valid.
+tests/non-free/memchr.c:551:[value] Assertion got status valid.
+tests/non-free/memchr.c:552:[value] Assertion got status valid.
+[value] Recording results for small_sets_chars
+[value] Done for function small_sets_chars
+[value] Recording results for main
+[value] done for function main
+[value] ====== VALUES COMPUTED ======
+[value] Values at end of function bitfields:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .[bits 16 to 31] ∈ UNINITIALIZED
+ .c ∈ {7}
+ .[bits 49 to 63] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+[value] Values at end of function init_array_nondet:
+ from ∈ {-1}
+ to ∈ {-1}
+ val1 ∈ {-1}
+ val2 ∈ {-1}
+ val ∈ {0; 1; 2; 3; 4}
+ a[0..99] ∈ {0; 1; 2}
+ a[0..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..94] ∈ {3; 4} or UNINITIALIZED
+ [95..99] ∈ UNINITIALIZED
+ a[0..99] ∈ {0; 1; 2}
+ a[0..9] ∈ {0; 1}
+ [10] ∈ UNINITIALIZED
+ [11] ∈ {0; 1} or UNINITIALIZED
+ [12..15] ∈ {1} or UNINITIALIZED
+ [16..19] ∈ {0; 1} or UNINITIALIZED
+ [20..99] ∈ UNINITIALIZED
+[value] Values at end of function my_memchr:
+ s ∈
+ {{ &t[0] ; &empty_or_non_terminated[0] ; &non_terminated[0] ;
+ &empty_or_uninitialized[0] ; &s[0] ; &t[0] ; (char const *)&s ;
+ &a[0] ; &a[0] ; &s[0] ; &maybe_init[0] ; (char const *)&u ;
+ (char const *)&r ; (char const *)&t ; &s[0] ; &a[0] ; &a[0] ; &t[0] ;
+ "Hello World\n" ; "abc\000\000\000abc" ; "" ; "a" ; "aa" ; "aaa" ;
+ "aaaa" ; "aaaaa" ; "aaaaaa" ; "aaaaaaaaa" ; "aaaaaaaaaa" ;
+ "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ; "aaaaaaaaaaaaa" ; "abc" ; "\000bc" ;
+ "" ; "b\000c" ; "Bonjour Monde\n" ; "mno\000pqr" ; "MNOP\000QRS" ;
+ "abc" ; "bcd\000eg" ; "abc" ; "\000bc" ; "" ; "b\000c" }}
+ ss ∈
+ {{ NULL ; &t{[0], [1]} ; &empty_or_non_terminated[0] ;
+ &empty_or_uninitialized[0] ; &s[1] ; &t[3] ; &s + {2} ; &a + [0..54] ;
+ &a + [0..25] ; &s[0] ; &maybe_init[1] ; &u + {1} ; &r + {1} ;
+ &t + {1} ; &s[10] ; &a + [0..89] ; &a + [0..9] ; &t{[0], [1]} ;
+ "Hello World\n" + {12} ; "abc\000\000\000abc" + {3} ; "" ; "a" + {1} ;
+ "aa" + {2} ; "aaa" + {3} ; "aaaa" + {4} ; "aaaaa" + {5} ;
+ "aaaaaa" + {6} ; "aaaaaaaaa" + {9} ; "aaaaaaaaaa" + {10} ;
+ "aaaaaaaaaaa" + {11} ; "aaaaaaaaaaaa" + {12} ;
+ "aaaaaaaaaaaaa" + {13} ; "abc" + {2; 3} ; "\000bc" + {0; 2} ;
+ "b\000c" + {1} ; "Bonjour Monde\n" + {14} ;
+ "mno\000pqr" + {0; 1; 2; 3} ; "MNOP\000QRS" + {0; 1; 2; 3; 4} ;
+ "abc" + {2; 3} ; "bcd\000eg" + {3} ; "abc" + {0; 1; 2; 3} ;
+ "\000bc" + {0; 1; 2} ; "b\000c" + {0; 1} }}
+ res ∈ [-1..89]
+[value] Values at end of function big_array:
+ u[0..199] ∈ {270729319} or UNINITIALIZED
+ r[0..200] ∈ {270729319} or UNINITIALIZED
+ t[0..999999] ∈ {270729319} or UNINITIALIZED
+ p ∈ {{ &t + [0..3999996],0%4 }}
+ len_u ∈ {1}
+ len_r ∈ {1}
+ len_t ∈ {1}
+[value] Values at end of function bitfields2:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .c ∈ {7}
+ .[bits 25 to 31] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+ z1 ∈ {2}
+[value] Values at end of function escaping:
+ s[0] ∈ {0}
+ [1..3] ∈ ESCAPINGADDR
+ z1 ∈ {0}
+ z2 ∈ {0}
+[value] Values at end of function initialization:
+ empty_or_uninitialized[0] ∈ {0} or UNINITIALIZED
+ z1 ∈ {0}
+ s[0] ∈ {1} or UNINITIALIZED
+ [1] ∈ {0}
+ z2 ∈ {1}
+ t[0..1] ∈ {10}
+ [2] ∈ {10} or UNINITIALIZED
+ [3] ∈ {0}
+ z3 ∈ {3}
+[value] Values at end of function intervals:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..2] ∈ {0; 1}
+ [3..6] ∈ {1}
+ [7..9] ∈ {0; 1}
+ [10] ∈ UNINITIALIZED
+ [11] ∈ {0; 1}
+ [12..15] ∈ {1}
+ [16..19] ∈ {0; 1}
+ [20..99] ∈ UNINITIALIZED
+ offset ∈ [3..11]
+ n ∈ [0..11]
+ z1 ∈ [-1..9]
+ z2 ∈ {-1; 0; 1; 2; 3; 4; 5; 6}
+ z3 ∈ {-1; 0; 1; 2; 3; 4; 5; 6}
+ z4 ∈ {-1; 0; 1; 2; 3; 4; 5; 6}
+ z5 ∈ {-1; 0; 1; 2; 3; 4; 5; 6}
+ z6 ∈ {-1; 0; 1; 2; 3; 4; 5; 6}
+ z7 ∈ [-1..8]
+ z8 ∈ [-1..8]
+ z9 ∈ [-1..8]
+[value] Values at end of function large:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [50..70]
+ z1 ∈ [0..54]
+ z2 ∈ [3..15]
+ z3 ∈ [1..15]
+ z4 ∈ [0..12]
+ z5 ∈ [0..49]
+[value] Values at end of function large_n:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [0..10]
+ n ∈ [0..90]
+ z1 ∈ [-1..12]
+ z2 ∈ [-1..13]
+ z3 ∈ [-1..13]
+ z4 ∈ [-1..13]
+ z5 ∈ [-1..15]
+ z6 ∈ [-1..12]
+ z7 ∈ [-1..19]
+ z8 ∈ [-1..49]
+ z9 ∈ [-1..89]
+[value] Values at end of function large_uninit:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..19] ∈ {1; 2}
+ [20] ∈ {0}
+ [21..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..74] ∈ {3; 4}
+ [75] ∈ {0}
+ [76..94] ∈ {3; 4}
+ [95..97] ∈ UNINITIALIZED
+ [98] ∈ {0}
+ [99] ∈ UNINITIALIZED
+ offset ∈ {0}
+ z1 ∈ [0..17]
+ z2 ∈ [0..12]
+ z3 ∈ {20; 21; 22; 23; 24; 25}
+[value] Values at end of function my_memchr2:
+ s ∈
+ {{ NULL ; (char *)&x ; &s{[0], [1], [2], [3], [9]} ; "abc" + {2; 3} ;
+ "ABCD" + {3; 4} ; "efg" + {1; 2} ; "EFGH" + {2; 3} ; "abcde" + {4} ;
+ "\000bcdef" + {0; 5} ; "bcd\000efg" + {1; 3} }}
+ res ∈ {-1; 0; 1; 2; 3; 4; 5; 9}
+[value] Values at end of function misc:
+ Frama_C_entropy_source ∈ [--..--]
+ loc_str ∈ {{ "Bonjour Monde\n" }}
+ loc_char_array[0..2] ∈ UNINITIALIZED
+ [3] ∈ {0}
+ [4] ∈ UNINITIALIZED
+ sz1 ∈ {12; 14}
+ sz2 ∈ {0}
+ sz3 ∈ [0..13]
+ sz4 ∈ {3}
+ sz5 ∈ {2; 3; 4}
+ sz6 ∈ {1; 2; 3}
+ sz7 ∈ {0; 1; 2; 3; 4} or UNINITIALIZED
+ sz8 ∈ {1}
+ x ∈ {-1412567296}
+ z ∈ {305419776}
+ i ∈ [0..11]
+ str ∈
+ {{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ; "aaaaaa" ; "aaaaaaaaa" ;
+ "aaaaaaaaaa" ; "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ; "aaaaaaaaaaaaa" }}
+ base ∈ {{ (char *)&x }}
+ s1 ∈ {{ "mno\000pqr" ; "MNOP\000QRS" }}
+ s2 ∈ {{ "efg" + {1; 2} ; "EFGH" + {1; 2} }}
+ maybe_init[0] ∈ {65} or UNINITIALIZED
+ [1] ∈ {0}
+[value] Values at end of function no_zero_but_ok:
+ s[0..9] ∈ {1}
+ [10] ∈ {0}
+ [11..13] ∈ {1}
+ [14..19] ∈ {0; 1}
+ z1 ∈ {-1}
+ z2 ∈ {10}
+ p ∈ {{ &s{[7], [18]} }}
+ z3 ∈ {2; 9}
+ z4 ∈ {-1; 3}
+ z5 ∈ {0; 1; 3}
+[value] Values at end of function small_sets:
+ s ∈ {{ "b\000c" }}
+ o ∈ {0; 2}
+ z1 ∈ {2; 3}
+ z2 ∈ {0; 2}
+ z3 ∈ {-1}
+ z4 ∈ {1}
+ t[0..1] ∈ {0; 1}
+ [2..3] ∈ {1}
+ z5 ∈ {-1; 0; 1}
+[value] Values at end of function small_sets_n:
+ s ∈ {{ "bcd\000efg" }}
+ p ∈ {{ "bcd\000efg" + {0; 2; 4} }}
+ n ∈ {2; 7}
+ z1 ∈ {-1; 4}
+ z2 ∈ {-1; 0; 5}
+ z3a ∈ {1; 3}
+ z3b ∈ {-1; 1; 3}
+ z3 ∈ {-1; 1}
+ z4 ∈ {-1; 1; 3}
+[value] Values at end of function small_sets_no_assertions:
+ s ∈ {{ "b\000c" }}
+ o ∈ {0; 2}
+ t[0..1] ∈ {0; 1; 97; 98; 99}
+ [2..3] ∈ {1}
+ res[0] ∈ {-1; 0; 1; 2; 3}
+ [1] ∈ {-1; 0; 1; 2}
+ [2] ∈ {-1}
+ [3..4] ∈ {-1; 0; 1}
+[value] Values at end of function small_sets_chars:
+ c ∈ {0; 98; 99}
+ res[0] ∈ {-1; 0; 1; 2; 3}
+ [1] ∈ {-1; 0; 1; 2}
+ [2] ∈ {-1}
+ [3..4] ∈ {-1; 0; 1}
+[value] Values at end of function unbounded_n:
+ n ∈ [0..2147483647]
+ s ∈ {{ "bcd\000eg" }}
+ zu1 ∈ {-1; 3}
+ o ∈ {0; 1}
+ zu2 ∈ {-1; 2; 3}
+ zu3 ∈ {-1; 3}
+[value] Values at end of function zero_termination:
+ empty_or_non_terminated[0] ∈ {0; 100}
+ z1 ∈ {-1; 0}
+ non_terminated[0] ∈ {88}
+ z2 ∈ {-1}
+ non_terminated2[0] ∈ {76}
+ [1] ∈ {0}
+ [2] ∈ {28}
+ [3] ∈ {14}
+ o ∈ {2; 3}
+[value] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
+ c ∈ {0}
+ __retres ∈ {0}
+[from] Computing for function bitfields
+[from] Computing for function Frama_C_memchr <-bitfields
+[from] Done for function Frama_C_memchr
+[from] Done for function bitfields
+[from] Computing for function init_array_nondet
+[from] Computing for function Frama_C_memset <-init_array_nondet
+[from] Done for function Frama_C_memset
+[from] Done for function init_array_nondet
+[from] Computing for function my_memchr
+[from] Done for function my_memchr
+[from] Computing for function big_array
+[from] Done for function big_array
+[from] Computing for function bitfields2
+[from] Done for function bitfields2
+[from] Computing for function escaping
+[from] Done for function escaping
+[from] Computing for function initialization
+[from] Done for function initialization
+[from] Computing for function intervals
+[from] Computing for function Frama_C_interval <-intervals
+[from] Done for function Frama_C_interval
+[from] Done for function intervals
+[from] Computing for function large
+[from] Done for function large
+[from] Computing for function large_n
+[from] Done for function large_n
+[from] Computing for function large_uninit
+[from] Done for function large_uninit
+[from] Computing for function my_memchr2
+[from] Done for function my_memchr2
+[from] Computing for function misc
+[from] Done for function misc
+[from] Computing for function no_zero_but_ok
+[from] Done for function no_zero_but_ok
+[from] Computing for function small_sets
+[from] Done for function small_sets
+[from] Computing for function small_sets_n
+[from] Done for function small_sets_n
+[from] Computing for function small_sets_no_assertions
+[from] Done for function small_sets_no_assertions
+[from] Computing for function small_sets_chars
+[from] Done for function small_sets_chars
+[from] Computing for function unbounded_n
+[from] Done for function unbounded_n
+[from] Computing for function zero_termination
+[from] Done for function zero_termination
+[from] Computing for function main
+[from] Done for function main
+[from] ====== DEPENDENCIES COMPUTED ======
+ These dependencies hold at termination for the executions that terminate:
+[from] Function Frama_C_interval:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM Frama_C_entropy_source; min; max
+[from] Function bitfields:
+ NO EFFECTS
+[from] Function init_array_nondet:
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+[from] Function my_memchr:
+ \result FROM unterminated_string[0..11]; p; c; n; t[0..3];
+ empty_or_non_terminated[0]; non_terminated[0];
+ non_terminated2[2..3]; empty_or_uninitialized[0];
+ uninitialized[0]; s[0..1]; t[0..3]; s; a[3..99]; a[3..99];
+ s[0..3]; loc_char_array[0..4]; x; maybe_init[0..1]; u[0..199];
+ r[0..200]; t[0..999999]; s[0..19]; a[0..99]; a[0..99];
+ t[0..3]; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[from] Function big_array:
+ NO EFFECTS
+[from] Function bitfields2:
+ NO EFFECTS
+[from] Function escaping:
+ NO EFFECTS
+[from] Function initialization:
+ NO EFFECTS
+[from] Function intervals:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_n:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_uninit:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function my_memchr2:
+ \result FROM unterminated_string[0..11]; base; c; n; loc_char_array[0..4];
+ x; maybe_init[0..1]; s[0..19]; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[from] Function misc:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function no_zero_but_ok:
+ NO EFFECTS
+[from] Function small_sets:
+ NO EFFECTS
+[from] Function small_sets_n:
+ NO EFFECTS
+[from] Function small_sets_no_assertions:
+ res[0..3]
+ FROM unterminated_string[0..11]; c; res; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39];
+ "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7];
+ "b\000c"; "Bonjour Monde\n"[bits 0 to 119]; "abc";
+ "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+ [4]
+ FROM unterminated_string[0..11]; c; res; nondet;
+ "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[from] Function small_sets_chars:
+ NO EFFECTS
+[from] Function unbounded_n:
+ NO EFFECTS
+[from] Function zero_termination:
+ NO EFFECTS
+[from] Function main:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM \nothing
+[from] ====== END OF DEPENDENCIES ======
+[inout] Out (internal) for function bitfields:
+ s{{.a; .b}; .c}; p
+[inout] Inputs for function bitfields:
+ nondet
+[inout] Out (internal) for function init_array_nondet:
+ from; to; val1; val2; val; tmp; a[0..99]; a[0..99]; a[0..99]; a[0..99]
+[inout] Inputs for function init_array_nondet:
+ nondet
+[inout] Out (internal) for function my_memchr:
+ s; ss; res
+[inout] Inputs for function my_memchr:
+ t[0..3]; empty_or_non_terminated[0]; non_terminated[0];
+ non_terminated2[0..3]; empty_or_uninitialized[0]; uninitialized[0];
+ s[0..1]; t[0..3]; s; a[0..99]; a[0..99]; s[0..3]; loc_char_array[0..4];
+ maybe_init[0..1]; u[0..199]; r[0..200]; t[0..999999]; s[0..19]; a[0..99];
+ a[0..99]; t[0..3]; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function big_array:
+ u[0..199]; r[0..200]; t[0..999999]; p; len_u; len_r; len_t; tmp; tmp_0;
+ tmp_1; tmp_2; tmp_3; tmp_4
+[inout] Inputs for function big_array:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function bitfields2:
+ s{.a; .b; .c}; p; z1
+[inout] Inputs for function bitfields2:
+ "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function escaping:
+ s[0..3]; z1; z2
+[inout] Inputs for function escaping:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function initialization:
+ empty_or_uninitialized[0]; z1; s[0..1]; z2; t[0..3]; z3
+[inout] Inputs for function initialization:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function intervals:
+ Frama_C_entropy_source; a[0..99]; offset; n; z1; z2; z3; z4; z5; z6;
+ z7; z8; z9
+[inout] Inputs for function intervals:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function large:
+ Frama_C_entropy_source; a[0..99]; offset; z1; z2; z3; z4; z5
+[inout] Inputs for function large:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function large_n:
+ Frama_C_entropy_source; a[0..99]; offset; n; z1; z2; z3; z4; z5; z6;
+ z7; z8; z9
+[inout] Inputs for function large_n:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function large_uninit:
+ Frama_C_entropy_source; a[0..99]; offset; z1; z2; z3
+[inout] Inputs for function large_uninit:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function my_memchr2:
+ s; res
+[inout] Inputs for function my_memchr2:
+ x; s[1..19]; "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31];
+ "EFGH"[bits 8 to 39]; "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]
+[inout] Out (internal) for function misc:
+ Frama_C_entropy_source; loc_str; loc_char_array[3]; sz1; sz2; sz3;
+ sz4; sz5; sz6; sz7; sz8; x; z; i; str; base; s1; tmp; s2; tmp_0; j;
+ maybe_init[0..1]
+[inout] Inputs for function misc:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function no_zero_but_ok:
+ s[0..19]; z1; z2; p; tmp_1; z3; z4; z5
+[inout] Inputs for function no_zero_but_ok:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abcde"[bits 0 to 47];
+ "\000bcdef"[bits 0 to 55]; "bcd\000efg"[bits 0 to 63]; "abc";
+ "bcd\000eg"[bits 0 to 55]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function small_sets:
+ s; o; tmp; z1; z2; z3; z4; t[0..3]; z5
+[inout] Inputs for function small_sets:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function small_sets_n:
+ s; p; tmp; n; tmp_0; z1; z2; z3a; z3b; z3; tmp_6; z4
+[inout] Inputs for function small_sets_n:
+ nondet; "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31];
+ "EFGH"[bits 8 to 39]; "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]
+[inout] Out (internal) for function small_sets_no_assertions:
+ s; o; tmp; t[0..3]; res[0..4]
+[inout] Inputs for function small_sets_no_assertions:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function small_sets_chars:
+ c; res[0..4]
+[inout] Inputs for function small_sets_chars:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function unbounded_n:
+ n; s; zu1; o; tmp_0; zu2; zu3
+[inout] Inputs for function unbounded_n:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function zero_termination:
+ empty_or_non_terminated[0]; z1; non_terminated[0]; z2;
+ non_terminated2[0..3]; o; tmp_1
+[inout] Inputs for function zero_termination:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source; c; __retres
+[inout] Inputs for function main:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"
diff --git a/tests/non-free/oracle/strchr.err.oracle b/tests/non-free/oracle/strchr.err.oracle
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/non-free/oracle/strchr.res.oracle b/tests/non-free/oracle/strchr.res.oracle
new file mode 100644
index 00000000000..018cf7e5b4b
--- /dev/null
+++ b/tests/non-free/oracle/strchr.res.oracle
@@ -0,0 +1,1497 @@
+[kernel] Parsing share/libc/__fc_builtin_for_normalization.i (no preprocessing)
+[kernel] Parsing tests/non-free/strchr.c (with preprocessing)
+[value] Analyzing a complete application starting at main
+[value] Computing initial state
+[value] Initial state computed
+[value] Values of globals at initialization
+ Frama_C_entropy_source ∈ [--..--]
+ static_str ∈ {{ "Hello World\n" }}
+ zero_str ∈ {{ "abc\000\000\000abc" }}
+ tab_str[0] ∈ {{ "" }}
+ [1] ∈ {{ "a" }}
+ [2] ∈ {{ "aa" }}
+ [3] ∈ {{ "aaa" }}
+ [4] ∈ {{ "aaaa" }}
+ [5] ∈ {{ "aaaaa" }}
+ [6] ∈ {{ "aaaaaa" }}
+ [7] ∈ {{ "aaaaaaaaa" }}
+ [8] ∈ {{ "aaaaaaaaaa" }}
+ [9] ∈ {{ "aaaaaaaaaaa" }}
+ [10] ∈ {{ "aaaaaaaaaaaa" }}
+ [11] ∈ {{ "aaaaaaaaaaaaa" }}
+ unterminated_string[0] ∈ {117}
+ [1] ∈ {110}
+ [2] ∈ {116}
+ [3] ∈ {101}
+ [4] ∈ {114}
+ [5] ∈ {109}
+ [6] ∈ {105}
+ [7] ∈ {110}
+ [8] ∈ {97}
+ [9] ∈ {116}
+ [10] ∈ {101}
+ [11] ∈ {100}
+ nondet ∈ [--..--]
+[value] computing for function small_sets <- main.
+ Called from tests/non-free/strchr.c:453.
+[value] computing for function my_strchr <- small_sets <- main.
+ Called from tests/non-free/strchr.c:68.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({2; 3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:69:[value] Assertion got status valid.
+[value] computing for function my_strchr <- small_sets <- main.
+ Called from tests/non-free/strchr.c:72.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({0; 2})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Called Frama_C_show_each_z2({0; 2})
+tests/non-free/strchr.c:74:[value] Assertion got status valid.
+[value] computing for function my_strchr <- small_sets <- main.
+ Called from tests/non-free/strchr.c:76.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{0}))
+[value] Called Frama_C_show_each_mystrchr({0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:77:[value] Assertion got status valid.
+[value] computing for function my_strchr <- small_sets <- main.
+ Called from tests/non-free/strchr.c:80.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:81:[value] Assertion got status valid.
+[value] computing for function my_strchr <- small_sets <- main.
+ Called from tests/non-free/strchr.c:85.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:86:[value] Assertion got status valid.
+[value] Recording results for small_sets
+[value] Done for function small_sets
+[value] computing for function zero_termination <- main.
+ Called from tests/non-free/strchr.c:454.
+[value] computing for function my_strchr <- zero_termination <- main.
+ Called from tests/non-free/strchr.c:92.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &empty_or_non_terminated[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:93:[value] Assertion got status valid.
+[value] computing for function my_strchr <- zero_termination <- main.
+ Called from tests/non-free/strchr.c:97.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &non_terminated[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ reading indeterminate data
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- zero_termination <- main.
+ Called from tests/non-free/strchr.c:103.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &non_terminated2[2] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ reading indeterminate data
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for zero_termination
+[value] Done for function zero_termination
+[value] computing for function initialization <- main.
+ Called from tests/non-free/strchr.c:455.
+[value] computing for function my_strchr <- initialization <- main.
+ Called from tests/non-free/strchr.c:109.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &empty_or_uninitialized[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:110:[value] Assertion got status valid.
+[value] computing for function my_strchr <- initialization <- main.
+ Called from tests/non-free/strchr.c:113.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &uninitialized[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ reading indeterminate data
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- initialization <- main.
+ Called from tests/non-free/strchr.c:118.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:119:[value] Assertion got status valid.
+[value] computing for function my_strchr <- initialization <- main.
+ Called from tests/non-free/strchr.c:125.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:126:[value] Assertion got status valid.
+[value] Recording results for initialization
+[value] Done for function initialization
+[value] computing for function large <- main.
+ Called from tests/non-free/strchr.c:456.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strchr.c:168.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strchr.c:171.
+[value] using specification for function Frama_C_interval
+share/libc/__fc_builtin.h:51:[value] Function Frama_C_interval: precondition got status valid.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large <- main.
+ Called from tests/non-free/strchr.c:172.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [3..30] }},{0}))
+[value] Called Frama_C_show_each_mystrchr([0..54])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:173:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strchr.c:175.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large <- main.
+ Called from tests/non-free/strchr.c:176.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [5..17] }},{0}))
+[value] Called Frama_C_show_each_mystrchr([3..15])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:177:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strchr.c:179.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large <- main.
+ Called from tests/non-free/strchr.c:180.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [60..74] }},{0}))
+[value] Called Frama_C_show_each_mystrchr([1..15])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:181:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strchr.c:183.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large <- main.
+ Called from tests/non-free/strchr.c:184.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [63..80] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..12])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:185:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strchr.c:187.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strchr.c:188.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large <- main.
+ Called from tests/non-free/strchr.c:189.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [50..70] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..49])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:190:[value] Assertion got status valid.
+[value] Recording results for large
+[value] Done for function large
+[value] computing for function large_uninit <- main.
+ Called from tests/non-free/strchr.c:457.
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:195.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{40}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:196.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&a[50] }},{3; 4},{45}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:200.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:201.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [3..30] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..17])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:202:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:205.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:206.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [63..80] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..12])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:207:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:209.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- large_uninit <- main.
+ Called from tests/non-free/strchr.c:210.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &a + [45..55] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({20; 21; 22; 23; 24; 25})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:211:[value] Assertion got status valid.
+[value] Recording results for large_uninit
+[value] Done for function large_uninit
+[value] computing for function misc <- main.
+ Called from tests/non-free/strchr.c:458.
+tests/non-free/strchr.c:239:[value] Call to builtin strchr(({{ &unterminated_string[0] }},{0}))
+tests/non-free/strchr.c:239:[value] warning: built-in strchr: tests/non-free/strchr.c:239:
+ reading indeterminate data
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:242.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "Hello World\n" ; "Bonjour Monde\n" }},{0}))
+tests/non-free/strchr.c:46:[kernel] warning: pointer subtraction: assert \base_addr(ss) ≡ \base_addr(s);
+[value] Called Frama_C_show_each_mystrchr({12; 14})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:243:[value] Assertion got status valid.
+[value] computing for function my_strchr2 <- misc <- main.
+ Called from tests/non-free/strchr.c:247.
+tests/non-free/strchr.c:53:[value] Call to builtin strchr(({{ &x + {0; 3} }},{0}))
+tests/non-free/strchr.c:53:[value] warning: built-in strchr: tests/non-free/strchr.c:53:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr2({0})
+[value] Recording results for my_strchr2
+[value] Done for function my_strchr2
+tests/non-free/strchr.c:248:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- misc <- main.
+ Called from tests/non-free/strchr.c:249.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:251.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ;
+ "aaaaaa" ; "aaaaaaaaa" ; "aaaaaaaaaa" ;
+ "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ;
+ "aaaaaaaaaaaaa" }},{0}))
+[value] Called Frama_C_show_each_mystrchr([0..13])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:252:[value] Assertion got status valid.
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:254.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &loc_char_array[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ reading indeterminate data
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:255.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc\000\000\000abc" }},{0}))
+[value] Called Frama_C_show_each_mystrchr({3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:256:[value] Assertion got status valid.
+[value] computing for function my_strchr2 <- misc <- main.
+ Called from tests/non-free/strchr.c:259.
+tests/non-free/strchr.c:53:[value] Call to builtin strchr(({{ "abc" + {0; 1} ; "ABCD" + {0; 1} }},{0}))
+tests/non-free/strchr.c:58:[kernel] warning: pointer subtraction: assert \base_addr(s) ≡ \base_addr((char *)base);
+[value] Called Frama_C_show_each_mystrchr2({2; 3; 4})
+[value] Recording results for my_strchr2
+[value] Done for function my_strchr2
+tests/non-free/strchr.c:260:[value] Assertion got status valid.
+[value] computing for function my_strchr2 <- misc <- main.
+ Called from tests/non-free/strchr.c:264.
+tests/non-free/strchr.c:53:[value] Call to builtin strchr(({{ "efg" + {1; 2} ; "EFGH" + {1; 2} }},{0}))
+[value] Called Frama_C_show_each_mystrchr2({1; 2; 3})
+[value] Recording results for my_strchr2
+[value] Done for function my_strchr2
+tests/non-free/strchr.c:265:[value] Assertion got status valid.
+tests/non-free/strchr.c:268:[value] entering loop for the first time
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" ; "MNOP\000QRS" }},{0}))
+[value] Called Frama_C_show_each_mystrchr({3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:270:[value] Assertion got status valid.
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" + {0; 1} ; "MNOP\000QRS" + {0; 1} }},
+ {0}))
+[value] Called Frama_C_show_each_mystrchr({2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" + {0; 1; 2} ;
+ "MNOP\000QRS" + {0; 1; 2} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({1; 2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" + {0; 1; 2; 3} ;
+ "MNOP\000QRS" + {0; 1; 2; 3} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({0; 1; 2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" + {0; 1; 2; 3; 4} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({0; 1; 2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:269.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "mno\000pqr" + {0; 1; 2; 3; 4; 5; 6; 7} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4; 5; 6; 7} }},
+ {0}))
+[value] Called Frama_C_show_each_mystrchr({0; 1; 2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- misc <- main.
+ Called from tests/non-free/strchr.c:276.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &maybe_init[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:277:[value] Assertion got status valid.
+[value] Recording results for misc
+[value] Done for function misc
+[value] computing for function bitfields <- main.
+ Called from tests/non-free/strchr.c:459.
+tests/non-free/strchr.c:141:[value] Call to builtin strchr(({{ (char const *)&s }},{0}))
+tests/non-free/strchr.c:141:[value] warning: built-in strchr: tests/non-free/strchr.c:141:
+ reading indeterminate data
+[value] Recording results for bitfields
+[value] Done for function bitfields
+[value] computing for function bitfields2 <- main.
+ Called from tests/non-free/strchr.c:460.
+[value] computing for function my_strchr <- bitfields2 <- main.
+ Called from tests/non-free/strchr.c:156.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&s }},{0}))
+[value] Called Frama_C_show_each_mystrchr({2})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:157:[value] Assertion got status valid.
+[value] Recording results for bitfields2
+[value] Done for function bitfields2
+[value] computing for function escaping <- main.
+ Called from tests/non-free/strchr.c:461.
+tests/non-free/strchr.c:220:[value] warning: locals {x} escaping the scope of a block of escaping through s
+[value] computing for function my_strchr <- escaping <- main.
+ Called from tests/non-free/strchr.c:223.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s[0] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible escaping addresses
+[value] Called Frama_C_show_each_mystrchr({0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:224:[value] Assertion got status valid.
+[value] computing for function my_strchr <- escaping <- main.
+ Called from tests/non-free/strchr.c:226.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s[0] }},{0}))
+[value] Called Frama_C_show_each_mystrchr({0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:227:[value] Assertion got status valid.
+[value] Recording results for escaping
+[value] Done for function escaping
+[value] computing for function big_array <- main.
+ Called from tests/non-free/strchr.c:462.
+tests/non-free/strchr.c:286:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strchr.c:288:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strchr.c:290:[kernel] warning: out of bounds write. assert \valid(p);
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:297.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&u }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:298.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&r }},{0}))
+tests/non-free/strchr.c:41:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:299.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&t }},{0}))
+tests/non-free/strchr.c:41:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+[value] Called Frama_C_show_each_mystrchr({1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Called Frama_C_show_each({1}, {1}, {1})
+tests/non-free/strchr.c:301:[value] Assertion got status valid.
+tests/non-free/strchr.c:302:[value] Assertion got status valid.
+tests/non-free/strchr.c:303:[value] Assertion got status valid.
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:305.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &u + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1; 2; 3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:306.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &r + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..800])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:307.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..3999996])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Called Frama_C_show_each({0; 1; 2; 3}, [0..800], [0..3999996])
+tests/non-free/strchr.c:309:[value] Assertion got status valid.
+tests/non-free/strchr.c:310:[value] Assertion got status valid.
+tests/non-free/strchr.c:311:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strchr.c:313.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&u }},{0; 1},{800}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strchr.c:314.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&r }},{0; 1},{804}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strchr.c:315.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&t }},{0; 1},{4000000}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+tests/non-free/strchr.c:317:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strchr.c:319:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strchr.c:321:[kernel] warning: out of bounds write. assert \valid(p);
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:322.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&u }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..799])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:323.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&r }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..803])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:324.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ (char const *)&t }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..3999999])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Called Frama_C_show_each([0..799], [0..803], [0..3999999])
+tests/non-free/strchr.c:326:[value] Assertion got status valid.
+tests/non-free/strchr.c:327:[value] Assertion got status valid.
+tests/non-free/strchr.c:328:[value] Assertion got status valid.
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:330.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &u + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..799])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:331.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &r + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..803])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- big_array <- main.
+ Called from tests/non-free/strchr.c:332.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t + [0..4294967295] }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([0..3999999])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Called Frama_C_show_each([0..799], [0..803], [0..3999999])
+tests/non-free/strchr.c:334:[value] Assertion got status valid.
+tests/non-free/strchr.c:335:[value] Assertion got status valid.
+tests/non-free/strchr.c:336:[value] Assertion got status valid.
+[value] Recording results for big_array
+[value] Done for function big_array
+[value] computing for function no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:463.
+[value] computing for function my_strchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:345.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s[0] }},{0}))
+[value] Called Frama_C_show_each_mystrchr({10})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:346:[value] Assertion got status valid.
+[value] computing for function my_strchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:347.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s[0] }},{0}))
+[value] Called Frama_C_show_each_mystrchr({10})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:348:[value] Assertion got status valid.
+[value] computing for function my_strchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:350.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s{[1], [8]} }},{0}))
+[value] Called Frama_C_show_each_mystrchr({2; 9})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:351:[value] Assertion got status valid.
+[value] computing for function my_strchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:353.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s{[7], [11]} }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({3; 4; 5; 6; 7; 8})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:354:[value] Assertion got status valid.
+[value] computing for function my_strchr <- no_zero_but_ok <- main.
+ Called from tests/non-free/strchr.c:356.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &s{[7], [18]} }},{0}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1; 3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:357:[value] Assertion got status valid.
+[value] Recording results for no_zero_but_ok
+[value] Done for function no_zero_but_ok
+[value] computing for function small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:464.
+[value] Called Frama_C_show_each_small_sets_chars()
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:382.
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:364.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{97}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:367.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{97}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:369.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{97}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:372.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{97}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:376.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{97}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_c({97})
+tests/non-free/strchr.c:384:[value] Assertion got status valid.
+tests/non-free/strchr.c:385:[value] Assertion got status valid.
+tests/non-free/strchr.c:386:[value] Assertion got status valid.
+tests/non-free/strchr.c:387:[value] Assertion got status valid.
+tests/non-free/strchr.c:388:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:390.
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:364.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{98}))
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:367.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{98}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:369.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{98}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:372.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{98}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:376.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{98}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_c({98})
+tests/non-free/strchr.c:392:[value] Assertion got status valid.
+tests/non-free/strchr.c:393:[value] Assertion got status valid.
+tests/non-free/strchr.c:394:[value] Assertion got status valid.
+tests/non-free/strchr.c:395:[value] Assertion got status valid.
+tests/non-free/strchr.c:396:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:399.
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:364.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{97; 98}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:367.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{97; 98}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:369.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{97; 98}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:372.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{97; 98}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:376.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{97; 98}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_c({97; 98})
+tests/non-free/strchr.c:401:[value] Assertion got status valid.
+tests/non-free/strchr.c:402:[value] Assertion got status valid.
+tests/non-free/strchr.c:403:[value] Assertion got status valid.
+tests/non-free/strchr.c:404:[value] Assertion got status valid.
+tests/non-free/strchr.c:405:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:408.
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:364.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1; 2})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:367.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:369.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{98; 99}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:372.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:376.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{98; 99}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_c({98; 99})
+tests/non-free/strchr.c:410:[value] Assertion got status valid.
+tests/non-free/strchr.c:411:[value] Assertion got status valid.
+tests/non-free/strchr.c:412:[value] Assertion got status valid.
+tests/non-free/strchr.c:413:[value] Assertion got status valid.
+tests/non-free/strchr.c:414:[value] Assertion got status valid.
+[value] computing for function small_sets_no_assertions <- small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:417.
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:364.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abc" + {0; 1} }},{0; 98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1; 2; 3})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:367.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "\000bc" + {0; 1} }},{0; 98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1; 2})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:369.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "" }},{0; 98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:372.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "b\000c" + {0; 2} }},{0; 98; 99}))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] computing for function my_strchr <- small_sets_no_assertions <-
+ small_sets_chars <- main.
+ Called from tests/non-free/strchr.c:376.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] }},{0; 98; 99}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for small_sets_no_assertions
+[value] Done for function small_sets_no_assertions
+[value] Called Frama_C_show_each_c({0; 98; 99})
+tests/non-free/strchr.c:419:[value] Assertion got status valid.
+tests/non-free/strchr.c:420:[value] Assertion got status valid.
+tests/non-free/strchr.c:421:[value] Assertion got status valid.
+tests/non-free/strchr.c:422:[value] Assertion got status valid.
+tests/non-free/strchr.c:423:[value] Assertion got status valid.
+[value] Recording results for small_sets_chars
+[value] Done for function small_sets_chars
+[value] computing for function unbounded <- main.
+ Called from tests/non-free/strchr.c:465.
+[value] computing for function my_strchr <- unbounded <- main.
+ Called from tests/non-free/strchr.c:430.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ "abcd" }},[-128..127]))
+[value] Called Frama_C_show_each_mystrchr({-1; 0; 1; 2; 3; 4})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:431:[value] Assertion got status valid.
+[value] computing for function my_strchr <- unbounded <- main.
+ Called from tests/non-free/strchr.c:435.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ" }},
+ [-128..127]))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([-1..26])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:436:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- unbounded <- main.
+ Called from tests/non-free/strchr.c:437.
+tests/non-free/strchr.c:162:[value] Call to builtin memset(({{ (void *)&t }},{0; 1},{30}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function my_strchr <- unbounded <- main.
+ Called from tests/non-free/strchr.c:438.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t[0] ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ" }},
+ [-128..127]))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([-1..29])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:439:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- unbounded <- main.
+ Called from tests/non-free/strchr.c:440.
+share/libc/__fc_builtin.h:51:[value] Function Frama_C_interval: precondition got status unknown.
+[value] Done for function Frama_C_interval
+[value] computing for function my_strchr <- unbounded <- main.
+ Called from tests/non-free/strchr.c:441.
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ &t + [0..2147483647] ;
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + [0..2147483647] }},
+ [-128..127]))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ possibly reading indeterminate data
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each_mystrchr([-1..29])
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+tests/non-free/strchr.c:442:[value] Assertion got status valid.
+[value] Recording results for unbounded
+[value] Done for function unbounded
+[value] computing for function invalid <- main.
+ Called from tests/non-free/strchr.c:466.
+[value] computing for function my_strchr <- invalid <- main.
+ Called from tests/non-free/strchr.c:448.
+tests/non-free/strchr.c:41:[value] warning: Operation {{ "hello" }} + {{ &s }} incurs a loss of precision
+tests/non-free/strchr.c:41:[value] Call to builtin strchr(({{ garbled mix of &{s; "hello"}
+ (origin: Arithmetic {tests/non-free/strchr.c:41}) }},
+ {1}))
+tests/non-free/strchr.c:41:[value] warning: built-in strchr: tests/non-free/strchr.c:41:
+ string argument is too imprecise, cannot compute a useful result.
+[value] Called Frama_C_show_each_mystrchr({-1})
+[value] Recording results for my_strchr
+[value] Done for function my_strchr
+[value] Recording results for invalid
+[value] Done for function invalid
+[value] Recording results for main
+[value] done for function main
+[value] ====== VALUES COMPUTED ======
+[value] Values at end of function bitfields:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .[bits 16 to 31] ∈ UNINITIALIZED
+ .c ∈ {7}
+ .[bits 49 to 63] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+[value] Values at end of function init_array_nondet:
+ from ∈ {-1}
+ to ∈ {-1}
+ val1 ∈ {-1}
+ val2 ∈ {-1}
+ val ∈ {0; 1; 2; 3; 4}
+ a[0..99] ∈ {0; 1; 2}
+ a[0..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..94] ∈ {3; 4} or UNINITIALIZED
+ [95..99] ∈ UNINITIALIZED
+ u[0..199] ∈ {0; 16843009}
+ r[0..200] ∈ {0; 16843009; 270729319} or UNINITIALIZED
+ t[0..999999] ∈ {0; 16843009; 270729319} or UNINITIALIZED
+ t[0..29] ∈ {0; 1}
+[value] Values at end of function my_strchr:
+ ss ∈
+ {{ NULL ; &t{[0], [1]} ; &empty_or_non_terminated[0] ;
+ &empty_or_uninitialized[0] ; &s[1] ; &t[3] ; &s + {2} ; &a + [0..54] ;
+ &a + [0..25] ; &s[0] ; &maybe_init[1] ; &u + [0..799] ;
+ &r + [0..803] ; &t + [0..3999999] ; &s + [0..10] ; &t{[0], [1]} ;
+ &t + [0..29] ; "Hello World\n" + {12} ; "abc\000\000\000abc" + {3} ;
+ "" ; "a" + {1} ; "aa" + {2} ; "aaa" + {3} ; "aaaa" + {4} ;
+ "aaaaa" + {5} ; "aaaaaa" + {6} ; "aaaaaaaaa" + {9} ;
+ "aaaaaaaaaa" + {10} ; "aaaaaaaaaaa" + {11} ; "aaaaaaaaaaaa" + {12} ;
+ "aaaaaaaaaaaaa" + {13} ; "abc" + {2; 3} ; "\000bc" + {0; 2} ;
+ "" ; "b\000c" + {1} ; "Bonjour Monde\n" + {14} ;
+ "mno\000pqr" + {0; 1; 2; 3} ; "MNOP\000QRS" + {0; 1; 2; 3; 4} ;
+ "abc" + {0; 1; 2; 3} ; "\000bc" + {0; 1; 2} ; "" ; "b\000c" + {0; 1} ;
+ "abcd" + {0; 1; 2; 3; 4} ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + [0..26] }}
+ res ∈ [-1..3999999]
+[value] Values at end of function big_array:
+ u[0..199] ∈ {0; 16843009; 270729319}
+ r[0..200] ∈ {0; 16843009; 270729319}
+ t[0..999999] ∈ {0; 16843009; 270729319}
+ p ∈ {{ &t + [0..3999996],0%4 }}
+ len_u ∈ [0..799]
+ len_r ∈ [0..803]
+ len_t ∈ [0..3999999]
+[value] Values at end of function bitfields2:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .c ∈ {7}
+ .[bits 25 to 31] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+ z1 ∈ {2}
+[value] Values at end of function escaping:
+ s[0] ∈ {0}
+ [1..3] ∈ ESCAPINGADDR
+ z1 ∈ {0}
+ z2 ∈ {0}
+[value] Values at end of function initialization:
+ empty_or_uninitialized[0] ∈ {0} or UNINITIALIZED
+ z1 ∈ {0}
+ s[0] ∈ {1} or UNINITIALIZED
+ [1] ∈ {0}
+ z2 ∈ {1}
+ t[0..1] ∈ {10}
+ [2] ∈ {10} or UNINITIALIZED
+ [3] ∈ {0}
+ z3 ∈ {3}
+[value] Values at end of function invalid:
+ s ∈ {{ "hello" }}
+[value] Values at end of function large:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [50..70]
+ z1 ∈ [0..54]
+ z2 ∈ [3..15]
+ z3 ∈ [1..15]
+ z4 ∈ [0..12]
+ z5 ∈ [0..49]
+[value] Values at end of function large_uninit:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..19] ∈ {1; 2}
+ [20] ∈ {0}
+ [21..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..74] ∈ {3; 4}
+ [75] ∈ {0}
+ [76..94] ∈ {3; 4}
+ [95..97] ∈ UNINITIALIZED
+ [98] ∈ {0}
+ [99] ∈ UNINITIALIZED
+ offset ∈ {0}
+ z1 ∈ [0..17]
+ z2 ∈ [0..12]
+ z3 ∈ {20; 21; 22; 23; 24; 25}
+[value] Values at end of function my_strchr2:
+ s ∈
+ {{ (char *)&x ; "abc" + {2; 3} ; "ABCD" + {3; 4} ; "efg" + {1; 2} ;
+ "EFGH" + {2; 3} }}
+ res ∈ {0; 1; 2; 3; 4}
+[value] Values at end of function misc:
+ Frama_C_entropy_source ∈ [--..--]
+ loc_str ∈ {{ "Bonjour Monde\n" }}
+ loc_char_array[0..2] ∈ UNINITIALIZED
+ [3] ∈ {0}
+ [4] ∈ UNINITIALIZED
+ sz1 ∈ {12; 14}
+ sz2 ∈ {0}
+ sz3 ∈ [0..13]
+ sz4 ∈ {3}
+ sz5 ∈ {2; 3; 4}
+ sz6 ∈ {1; 2; 3}
+ sz7 ∈ {0; 1; 2; 3; 4} or UNINITIALIZED
+ sz8 ∈ {1}
+ x ∈ {-1412567296}
+ z ∈ {305419776}
+ i ∈ [0..11]
+ str ∈
+ {{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ; "aaaaaa" ; "aaaaaaaaa" ;
+ "aaaaaaaaaa" ; "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ; "aaaaaaaaaaaaa" }}
+ base ∈ {{ (char *)&x }}
+ s1 ∈ {{ "mno\000pqr" ; "MNOP\000QRS" }}
+ s2 ∈ {{ "efg" + {1; 2} ; "EFGH" + {1; 2} }}
+ maybe_init[0] ∈ {65} or UNINITIALIZED
+ [1] ∈ {0}
+[value] Values at end of function no_zero_but_ok:
+ s[0..9] ∈ {1}
+ [10] ∈ {0}
+ [11..13] ∈ {1}
+ [14..19] ∈ {0; 1}
+ z1 ∈ {10}
+ z2 ∈ {10}
+ offs ∈ {7; 18}
+ z3 ∈ {2; 9}
+ z4 ∈ {3; 4; 5; 6; 7; 8}
+ z5 ∈ {0; 1; 3}
+[value] Values at end of function small_sets:
+ s ∈ {{ "b\000c" }}
+ o ∈ {0; 2}
+ z1 ∈ {2; 3}
+ z2 ∈ {0; 2}
+ z3 ∈ {0}
+ z4 ∈ {1}
+ t[0..1] ∈ {0; 1}
+ [2..3] ∈ {1}
+ z5 ∈ {0; 1}
+[value] Values at end of function small_sets_no_assertions:
+ s ∈ {{ "b\000c" }}
+ o ∈ {0; 2}
+ t[0..1] ∈ {0; 1; 97; 98; 99}
+ [2..3] ∈ {1}
+ res[0] ∈ {-1; 0; 1; 2; 3}
+ [1] ∈ {-1; 0; 1; 2}
+ [2] ∈ {-1; 0}
+ [3..4] ∈ {-1; 0; 1}
+[value] Values at end of function small_sets_chars:
+ c ∈ {0; 98; 99}
+ res[0] ∈ {-1; 0; 1; 2; 3}
+ [1] ∈ {-1; 0; 1; 2}
+ [2] ∈ {-1; 0}
+ [3..4] ∈ {-1; 0; 1}
+[value] Values at end of function unbounded:
+ Frama_C_entropy_source ∈ [--..--]
+ c ∈ [--..--]
+ s ∈ {{ &t[0] ; "ABCDEFGHIJKLMNOPQRSTUVWXYZ" }}
+ u1 ∈ {-1; 0; 1; 2; 3; 4}
+ t[0..29] ∈ {0; 1}
+ u2 ∈ [-1..26]
+ u3 ∈ [-1..29]
+ offset ∈ [0..2147483647]
+ u4 ∈ [-1..29]
+[value] Values at end of function zero_termination:
+ empty_or_non_terminated[0] ∈ {0; 100}
+ z1 ∈ {0}
+ non_terminated[0] ∈ {88}
+ non_terminated2[0] ∈ {76}
+ [1] ∈ {0}
+ [2] ∈ {28}
+ [3] ∈ {14}
+ o ∈ {2; 3}
+[value] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
+ c ∈ {0}
+ __retres ∈ {0}
+[from] Computing for function bitfields
+[from] Computing for function Frama_C_strchr <-bitfields
+[from] Done for function Frama_C_strchr
+[from] Done for function bitfields
+[from] Computing for function init_array_nondet
+[from] Computing for function Frama_C_memset <-init_array_nondet
+[from] Done for function Frama_C_memset
+[from] Done for function init_array_nondet
+[from] Computing for function my_strchr
+[from] Done for function my_strchr
+[from] Computing for function big_array
+[from] Done for function big_array
+[from] Computing for function bitfields2
+[from] Done for function bitfields2
+[from] Computing for function escaping
+[from] Done for function escaping
+[from] Computing for function initialization
+[from] Done for function initialization
+[from] Computing for function invalid
+[from] Done for function invalid
+[from] Computing for function large
+[from] Computing for function Frama_C_interval <-large
+[from] Done for function Frama_C_interval
+[from] Done for function large
+[from] Computing for function large_uninit
+[from] Done for function large_uninit
+[from] Computing for function my_strchr2
+[from] Done for function my_strchr2
+[from] Computing for function misc
+[from] Done for function misc
+[from] Computing for function no_zero_but_ok
+[from] Done for function no_zero_but_ok
+[from] Computing for function small_sets
+[from] Done for function small_sets
+[from] Computing for function small_sets_no_assertions
+[from] Done for function small_sets_no_assertions
+[from] Computing for function small_sets_chars
+[from] Done for function small_sets_chars
+[from] Computing for function unbounded
+[from] Done for function unbounded
+[from] Computing for function zero_termination
+[from] Done for function zero_termination
+[from] Computing for function main
+[from] Done for function main
+[from] ====== DEPENDENCIES COMPUTED ======
+ These dependencies hold at termination for the executions that terminate:
+[from] Function Frama_C_interval:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM Frama_C_entropy_source; min; max
+[from] Function bitfields:
+ NO EFFECTS
+[from] Function init_array_nondet:
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ u[0..199] FROM val1; val2; nondet (and SELF)
+ r[0..200] FROM val1; val2; nondet (and SELF)
+ t[0..999999] FROM val1; val2; nondet (and SELF)
+ t[0..29] FROM val1; val2; nondet (and SELF)
+[from] Function my_strchr:
+ \result FROM unterminated_string[0..11]; s; c; t[0..3];
+ empty_or_non_terminated[0]; non_terminated[0];
+ non_terminated2[0..3]; empty_or_uninitialized[0];
+ uninitialized[0]; s[0..1]; t[0..3]; s; a[0..99]; a[0..99];
+ s[0..3]; loc_char_array[0..4]; x; maybe_init[0..1]; u[0..199];
+ r[0..200]; t[0..999999]; s[0..19]; t[0..3]; t[0..29];
+ s; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"; "EFGH"[bits 0 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7];
+ "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[from] Function big_array:
+ NO EFFECTS
+[from] Function bitfields2:
+ NO EFFECTS
+[from] Function escaping:
+ NO EFFECTS
+[from] Function initialization:
+ NO EFFECTS
+[from] Function invalid:
+ NO EFFECTS
+[from] Function large:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_uninit:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function my_strchr2:
+ \result FROM unterminated_string[0..11]; base; c; loc_char_array[0..4];
+ x; maybe_init[0..1]; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"; "EFGH"[bits 0 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7];
+ "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[from] Function misc:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function no_zero_but_ok:
+ NO EFFECTS
+[from] Function small_sets:
+ NO EFFECTS
+[from] Function small_sets_no_assertions:
+ res[0..3]
+ FROM unterminated_string[0..11]; c; res; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7];
+ "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39];
+ "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7];
+ "b\000c"; "Bonjour Monde\n"[bits 0 to 119]; "abc";
+ "ABCD"[bits 0 to 39]; "efg"; "EFGH"[bits 0 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+ [4]
+ FROM unterminated_string[0..11]; c; res; nondet;
+ "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"; "EFGH"[bits 0 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7];
+ "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[from] Function small_sets_chars:
+ NO EFFECTS
+[from] Function unbounded:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function zero_termination:
+ NO EFFECTS
+[from] Function main:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM \nothing
+[from] ====== END OF DEPENDENCIES ======
+[inout] Out (internal) for function bitfields:
+ s{{.a; .b}; .c}; p
+[inout] Inputs for function bitfields:
+ nondet
+[inout] Out (internal) for function init_array_nondet:
+ from; to; val1; val2; val; tmp; a[0..99]; a[0..99]; u[0..199]; r[0..200];
+ t[0..999999]; t[0..29]
+[inout] Inputs for function init_array_nondet:
+ nondet
+[inout] Out (internal) for function my_strchr:
+ ss; res
+[inout] Inputs for function my_strchr:
+ t[0..3]; empty_or_non_terminated[0]; non_terminated[0];
+ non_terminated2[0..3]; empty_or_uninitialized[0]; uninitialized[0];
+ s[0..1]; t[0..3]; s; a[0..99]; a[0..99]; s[0..3]; loc_char_array[0..4];
+ maybe_init[0..1]; u[0..199]; r[0..200]; t[0..999999]; s[0..19]; t[0..3];
+ t[0..29]; s; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[inout] Out (internal) for function big_array:
+ u[0..199]; r[0..200]; t[0..999999]; p; len_u; len_r; len_t; tmp; tmp_0;
+ tmp_1; tmp_2; tmp_3; tmp_4; tmp_5; tmp_6; tmp_7; tmp_8; tmp_9; tmp_10
+[inout] Inputs for function big_array:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function bitfields2:
+ s{.a; .b; .c}; p; z1
+[inout] Inputs for function bitfields2:
+ "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function escaping:
+ s[0..3]; z1; z2
+[inout] Inputs for function escaping:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function initialization:
+ empty_or_uninitialized[0]; z1; s[0..1]; z2; t[0..3]; z3
+[inout] Inputs for function initialization:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function invalid:
+ s
+[inout] Inputs for function invalid:
+ "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function large:
+ Frama_C_entropy_source; a[0..99]; offset; z1; z2; z3; z4; z5
+[inout] Inputs for function large:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[inout] Out (internal) for function large_uninit:
+ Frama_C_entropy_source; a[0..99]; offset; z1; z2; z3
+[inout] Inputs for function large_uninit:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[inout] Out (internal) for function my_strchr2:
+ s; res
+[inout] Inputs for function my_strchr2:
+ x; "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39]
+[inout] Out (internal) for function misc:
+ Frama_C_entropy_source; loc_str; loc_char_array[3]; sz1; sz2; sz3;
+ sz4; sz5; sz6; sz7; sz8; x; z; i; str; base; s1; tmp; s2; tmp_0; j;
+ maybe_init[0..1]
+[inout] Inputs for function misc:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[inout] Out (internal) for function no_zero_but_ok:
+ s[0..19]; z1; z2; offs; tmp_1; z3; z4; z5
+[inout] Inputs for function no_zero_but_ok:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function small_sets:
+ s; o; tmp; z1; z2; z3; z4; t[0..3]; z5
+[inout] Inputs for function small_sets:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function small_sets_no_assertions:
+ s; o; tmp; t[0..3]; res[0..4]
+[inout] Inputs for function small_sets_no_assertions:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function small_sets_chars:
+ c; res[0..4]
+[inout] Inputs for function small_sets_chars:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function unbounded:
+ Frama_C_entropy_source; c; s; u1; t[0..29]; u2; u3; offset; u4
+[inout] Inputs for function unbounded:
+ Frama_C_entropy_source; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
+[inout] Out (internal) for function zero_termination:
+ empty_or_non_terminated[0]; z1; non_terminated[0]; non_terminated2[0..3];
+ o; tmp_0
+[inout] Inputs for function zero_termination:
+ nondet; "Hello World\n"[bits 0 to 103]; "abc\000\000\000abc"[bits 0 to 79];
+ ""[bits 0 to 7]; "a"[bits 0 to 15]; "aa"[bits 0 to 23]; "aaa";
+ "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47]; "aaaaaa"[bits 0 to 55];
+ "aaaaaaaaa"[bits 0 to 79]; "aaaaaaaaaa"[bits 0 to 87];
+ "aaaaaaaaaaa"[bits 0 to 95]; "aaaaaaaaaaaa"[bits 0 to 103];
+ "aaaaaaaaaaaaa"[bits 0 to 111]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "Bonjour Monde\n"[bits 0 to 119]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c";
+ "abcd"[bits 0 to 39]; "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215];
+ "hello"[bits 0 to 47]
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source; c; __retres
+[inout] Inputs for function main:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]; "abc"; "\000bc";
+ ""[bits 0 to 7]; "b\000c"; "abcd"[bits 0 to 39];
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"[bits 0 to 215]; "hello"[bits 0 to 47]
diff --git a/tests/non-free/oracle/strlen.res.oracle b/tests/non-free/oracle/strlen.res.oracle
index 7a2a42ed375..b8ff4af5ce3 100644
--- a/tests/non-free/oracle/strlen.res.oracle
+++ b/tests/non-free/oracle/strlen.res.oracle
@@ -31,39 +31,318 @@
[9] ∈ {116}
[10] ∈ {101}
[11] ∈ {100}
-tests/non-free/strlen.c:42:[value] Call to builtin strlen(({{ &unterminated_string[0] }}))
-tests/non-free/strlen.c:42:[kernel] warning: may not point to a valid string:
- assert \points_to_valid_string((char const *)unterminated_string);
-[value] computing for function Frama_C_nondet <- main.
- Called from tests/non-free/strlen.c:46.
-[value] using specification for function Frama_C_nondet
-[value] Done for function Frama_C_nondet
-tests/non-free/strlen.c:47:[value] Call to builtin strlen(({{ "Hello World\n" ; "Bonjour Monde\n" }}))
-tests/non-free/strlen.c:48:[value] Assertion got status valid.
-[value] computing for function Frama_C_nondet <- main.
- Called from tests/non-free/strlen.c:50.
-[value] Done for function Frama_C_nondet
-tests/non-free/strlen.c:51:[value] Call to builtin strlen(({{ &x + {0; 3} }}))
-tests/non-free/strlen.c:51:[kernel] warning: may not point to a valid string: assert \points_to_valid_string(str);
+ nondet ∈ [--..--]
+[value] computing for function small_sets <- main.
+ Called from tests/non-free/strlen.c:281.
+tests/non-free/strlen.c:36:[value] Call to builtin strlen(({{ "abc" + {0; 1} }}))
+tests/non-free/strlen.c:37:[value] Assertion got status valid.
+tests/non-free/strlen.c:41:[value] Call to builtin strlen(({{ "\000bc" + {0; 1} }}))
+tests/non-free/strlen.c:42:[value] Assertion got status valid.
+tests/non-free/strlen.c:46:[value] Call to builtin strlen(({{ "" }}))
+tests/non-free/strlen.c:47:[value] Assertion got status valid.
+tests/non-free/strlen.c:51:[value] Call to builtin strlen(({{ "b\000c" + {0; 2} }}))
tests/non-free/strlen.c:52:[value] Assertion got status valid.
-[value] computing for function Frama_C_interval <- main.
- Called from tests/non-free/strlen.c:53.
+tests/non-free/strlen.c:57:[value] Call to builtin strlen(({{ &t[0] }}))
+tests/non-free/strlen.c:57:[value] warning: built-in strlen: tests/non-free/strlen.c:57:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:58:[value] Assertion got status valid.
+[value] Recording results for small_sets
+[value] Done for function small_sets
+[value] computing for function zero_termination <- main.
+ Called from tests/non-free/strlen.c:282.
+tests/non-free/strlen.c:65:[value] Call to builtin strlen(({{ &empty_or_non_terminated[0] }}))
+tests/non-free/strlen.c:65:[value] warning: built-in strlen: tests/non-free/strlen.c:65:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:66:[value] Assertion got status valid.
+tests/non-free/strlen.c:69:[value] Call to builtin strlen(({{ &non_terminated[0] }}))
+tests/non-free/strlen.c:69:[value] warning: built-in strlen: tests/non-free/strlen.c:69:
+ reading indeterminate data
+tests/non-free/strlen.c:73:[value] Call to builtin strlen(({{ &non_terminated2{[2], [3]} }}))
+tests/non-free/strlen.c:73:[value] warning: built-in strlen: tests/non-free/strlen.c:73:
+ reading indeterminate data
+[value] Recording results for zero_termination
+[value] Done for function zero_termination
+[value] computing for function initialization <- main.
+ Called from tests/non-free/strlen.c:283.
+tests/non-free/strlen.c:80:[value] Call to builtin strlen(({{ &empty_or_uninitialized[0] }}))
+tests/non-free/strlen.c:80:[value] warning: built-in strlen: tests/non-free/strlen.c:80:
+ possible uninitialized values
+tests/non-free/strlen.c:81:[value] Assertion got status valid.
+tests/non-free/strlen.c:84:[value] Call to builtin strlen(({{ &uninitialized[0] }}))
+tests/non-free/strlen.c:84:[value] warning: built-in strlen: tests/non-free/strlen.c:84:
+ reading indeterminate data
+tests/non-free/strlen.c:90:[value] Call to builtin strlen(({{ &s[0] }}))
+tests/non-free/strlen.c:90:[value] warning: built-in strlen: tests/non-free/strlen.c:90:
+ possible uninitialized values
+tests/non-free/strlen.c:91:[value] Assertion got status valid.
+tests/non-free/strlen.c:98:[value] Call to builtin strlen(({{ &t[0] }}))
+tests/non-free/strlen.c:98:[value] warning: built-in strlen: tests/non-free/strlen.c:98:
+ possible uninitialized values
+tests/non-free/strlen.c:99:[value] Assertion got status valid.
+[value] Recording results for initialization
+[value] Done for function initialization
+[value] computing for function large <- main.
+ Called from tests/non-free/strlen.c:284.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strlen.c:141.
+tests/non-free/strlen.c:135:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strlen.c:144.
[value] using specification for function Frama_C_interval
share/libc/__fc_builtin.h:51:[value] Function Frama_C_interval: precondition got status valid.
[value] Done for function Frama_C_interval
-tests/non-free/strlen.c:55:[value] Call to builtin strlen(({{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ;
+tests/non-free/strlen.c:145:[value] Call to builtin strlen(({{ &a + [3..30] }}))
+tests/non-free/strlen.c:146:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strlen.c:148.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:149:[value] Call to builtin strlen(({{ &a + [5..17] }}))
+tests/non-free/strlen.c:150:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strlen.c:152.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:153:[value] Call to builtin strlen(({{ &a + [60..74] }}))
+tests/non-free/strlen.c:154:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strlen.c:156.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:157:[value] Call to builtin strlen(({{ &a + [63..80] }}))
+tests/non-free/strlen.c:157:[value] warning: built-in strlen: tests/non-free/strlen.c:157:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:158:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strlen.c:160.
+tests/non-free/strlen.c:135:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strlen.c:161.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:162:[value] Call to builtin strlen(({{ &a + [50..70] }}))
+tests/non-free/strlen.c:162:[value] warning: built-in strlen: tests/non-free/strlen.c:162:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:163:[value] Assertion got status valid.
+[value] Recording results for large
+[value] Done for function large
+[value] computing for function large_uninit <- main.
+ Called from tests/non-free/strlen.c:285.
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strlen.c:169.
+tests/non-free/strlen.c:135:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{40}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strlen.c:170.
+tests/non-free/strlen.c:135:[value] Call to builtin memset(({{ (void *)&a[50] }},{3; 4},{45}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strlen.c:174.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:175:[value] Call to builtin strlen(({{ &a + [3..30] }}))
+tests/non-free/strlen.c:175:[value] warning: built-in strlen: tests/non-free/strlen.c:175:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:176:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strlen.c:179.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:180:[value] Call to builtin strlen(({{ &a + [63..80] }}))
+tests/non-free/strlen.c:180:[value] warning: built-in strlen: tests/non-free/strlen.c:180:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:181:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strlen.c:183.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:184:[value] Call to builtin strlen(({{ &a + [45..55] }}))
+tests/non-free/strlen.c:184:[value] warning: built-in strlen: tests/non-free/strlen.c:184:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strlen.c:185:[value] Assertion got status valid.
+[value] Recording results for large_uninit
+[value] Done for function large_uninit
+[value] computing for function misc <- main.
+ Called from tests/non-free/strlen.c:286.
+tests/non-free/strlen.c:213:[value] Call to builtin strlen(({{ &unterminated_string[0] }}))
+tests/non-free/strlen.c:213:[value] warning: built-in strlen: tests/non-free/strlen.c:213:
+ reading indeterminate data
+tests/non-free/strlen.c:216:[value] Call to builtin strlen(({{ "Hello World\n" ; "Bonjour Monde\n" }}))
+tests/non-free/strlen.c:217:[value] Assertion got status valid.
+tests/non-free/strlen.c:220:[value] Call to builtin strlen(({{ &x + {0; 3} }}))
+tests/non-free/strlen.c:220:[value] warning: built-in strlen: tests/non-free/strlen.c:220:
+ possibly reading indeterminate data
+tests/non-free/strlen.c:221:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- misc <- main.
+ Called from tests/non-free/strlen.c:222.
+[value] Done for function Frama_C_interval
+tests/non-free/strlen.c:224:[value] Call to builtin strlen(({{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ;
"aaaaaa" ; "aaaaaaaaa" ; "aaaaaaaaaa" ;
"aaaaaaaaaaa" ; "aaaaaaaaaaaa" ;
"aaaaaaaaaaaaa" }}))
-tests/non-free/strlen.c:56:[value] Assertion got status valid.
-tests/non-free/strlen.c:58:[value] Call to builtin strlen(({{ &loc_char_array[0] }}))
-tests/non-free/strlen.c:59:[value] Assertion got status valid.
-tests/non-free/strlen.c:60:[value] Call to builtin strlen(({{ "abc\000\000\000abc" }}))
-tests/non-free/strlen.c:61:[value] Assertion got status valid.
+tests/non-free/strlen.c:225:[value] Assertion got status valid.
+tests/non-free/strlen.c:227:[value] Call to builtin strlen(({{ &loc_char_array[0] }}))
+tests/non-free/strlen.c:227:[value] warning: built-in strlen: tests/non-free/strlen.c:227:
+ reading indeterminate data
+tests/non-free/strlen.c:228:[value] Call to builtin strlen(({{ "abc\000\000\000abc" }}))
+tests/non-free/strlen.c:229:[value] Assertion got status valid.
+tests/non-free/strlen.c:232:[value] Call to builtin strlen(({{ "abc" + {0; 1} ; "ABCD" + {0; 1} }}))
+tests/non-free/strlen.c:233:[value] Assertion got status valid.
+tests/non-free/strlen.c:237:[value] Call to builtin strlen(({{ "efg" + {1; 2} ; "EFGH" + {1; 2} }}))
+tests/non-free/strlen.c:238:[value] Assertion got status valid.
+tests/non-free/strlen.c:241:[value] entering loop for the first time
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" ; "MNOP\000QRS" }}))
+tests/non-free/strlen.c:243:[value] Assertion got status valid.
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" + {0; 1} ; "MNOP\000QRS" + {0; 1} }}))
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" + {0; 1; 2} ;
+ "MNOP\000QRS" + {0; 1; 2} }}))
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" + {0; 1; 2; 3} ;
+ "MNOP\000QRS" + {0; 1; 2; 3} }}))
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" + {0; 1; 2; 3; 4} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4} }}))
+tests/non-free/strlen.c:242:[value] Call to builtin strlen(({{ "mno\000pqr" + {0; 1; 2; 3; 4; 5; 6; 7} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4; 5; 6; 7} }}))
+tests/non-free/strlen.c:249:[value] Call to builtin strlen(({{ &maybe_init[0] }}))
+tests/non-free/strlen.c:249:[value] warning: built-in strlen: tests/non-free/strlen.c:249:
+ possible uninitialized values
+tests/non-free/strlen.c:250:[value] Assertion got status valid.
+[value] Recording results for misc
+[value] Done for function misc
+[value] computing for function bitfields <- main.
+ Called from tests/non-free/strlen.c:287.
+tests/non-free/strlen.c:114:[value] Call to builtin strlen(({{ (char const *)&s }}))
+tests/non-free/strlen.c:114:[value] warning: built-in strlen: tests/non-free/strlen.c:114:
+ reading indeterminate data
+[value] Recording results for bitfields
+[value] Done for function bitfields
+[value] computing for function bitfields2 <- main.
+ Called from tests/non-free/strlen.c:288.
+tests/non-free/strlen.c:129:[value] Call to builtin strlen(({{ (char const *)&s }}))
+tests/non-free/strlen.c:130:[value] Assertion got status valid.
+[value] Recording results for bitfields2
+[value] Done for function bitfields2
+[value] computing for function escaping <- main.
+ Called from tests/non-free/strlen.c:289.
+tests/non-free/strlen.c:194:[value] warning: locals {x} escaping the scope of a block of escaping through s
+tests/non-free/strlen.c:197:[value] Call to builtin strlen(({{ &s[0] }}))
+tests/non-free/strlen.c:197:[value] warning: built-in strlen: tests/non-free/strlen.c:197:
+ possible escaping addresses
+tests/non-free/strlen.c:198:[value] Assertion got status valid.
+tests/non-free/strlen.c:200:[value] Call to builtin strlen(({{ &s[0] }}))
+tests/non-free/strlen.c:201:[value] Assertion got status valid.
+[value] Recording results for escaping
+[value] Done for function escaping
+[value] computing for function big_array <- main.
+ Called from tests/non-free/strlen.c:290.
+tests/non-free/strlen.c:259:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strlen.c:261:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strlen.c:263:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strlen.c:269:[value] Call to builtin strlen(({{ (char const *)&u }}))
+tests/non-free/strlen.c:269:[value] warning: built-in strlen: tests/non-free/strlen.c:269:
+ possible uninitialized values
+tests/non-free/strlen.c:270:[value] Call to builtin strlen(({{ (char const *)&r }}))
+tests/non-free/strlen.c:270:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strlen.c:270:[value] warning: built-in strlen: tests/non-free/strlen.c:270:
+ possible uninitialized values
+tests/non-free/strlen.c:271:[value] Call to builtin strlen(({{ (char const *)&t }}))
+tests/non-free/strlen.c:271:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strlen.c:271:[value] warning: built-in strlen: tests/non-free/strlen.c:271:
+ possible uninitialized values
+[value] Called Frama_C_show_each({1}, {1}, {1})
+tests/non-free/strlen.c:274:[value] Call to builtin strlen(({{ &u + [-8589934592..8589934588],0%4 }}))
+tests/non-free/strlen.c:274:[value] warning: built-in strlen: tests/non-free/strlen.c:274:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strlen.c:275:[value] Call to builtin strlen(({{ &r + [-8589934592..8589934588],0%4 }}))
+tests/non-free/strlen.c:275:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strlen.c:275:[value] warning: built-in strlen: tests/non-free/strlen.c:275:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strlen.c:276:[value] Call to builtin strlen(({{ &t + [-8589934592..8589934588],0%4 }}))
+tests/non-free/strlen.c:276:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strlen.c:276:[value] warning: built-in strlen: tests/non-free/strlen.c:276:
+ possible uninitialized values
+ possibly reading indeterminate data
+[value] Called Frama_C_show_each({0; 1; 2; 3}, [0..800], [0..3999996])
+[value] Recording results for big_array
+[value] Done for function big_array
[value] Recording results for main
[value] done for function main
[value] ====== VALUES COMPUTED ======
-[value] Values at end of function main:
+[value] Values at end of function big_array:
+ t[0..999999] ∈ {270729319} or UNINITIALIZED
+ u[0..199] ∈ {270729319} or UNINITIALIZED
+ r[0..200] ∈ {270729319} or UNINITIALIZED
+ p ∈ {{ &r + [0..800],0%4 }}
+ len_u ∈ {0; 1; 2; 3}
+ len_r ∈ [0..800]
+ len_t ∈ [0..3999996]
+[value] Values at end of function bitfields:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .[bits 16 to 31] ∈ UNINITIALIZED
+ .c ∈ {7}
+ .[bits 49 to 63] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+[value] Values at end of function bitfields2:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .c ∈ {7}
+ .[bits 25 to 31] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+ z1 ∈ {2}
+[value] Values at end of function escaping:
+ s[0] ∈ {0}
+ [1..3] ∈ ESCAPINGADDR
+ z1 ∈ {0}
+ z2 ∈ {0}
+[value] Values at end of function init_array_nondet:
+ size ∈ {-1}
+ val1 ∈ {-1}
+ val2 ∈ {-1}
+ val ∈ {0; 1; 2; 3; 4}
+ a[0..99] ∈ {0; 1; 2}
+ a[0..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..94] ∈ {3; 4} or UNINITIALIZED
+ [95..99] ∈ UNINITIALIZED
+[value] Values at end of function initialization:
+ empty_or_uninitialized[0] ∈ {0} or UNINITIALIZED
+ z1 ∈ {0}
+ s[0] ∈ {1} or UNINITIALIZED
+ [1] ∈ {0}
+ p ∈ {{ &t[0] }}
+ z2 ∈ {1}
+ t[0..1] ∈ {10}
+ [2] ∈ {10} or UNINITIALIZED
+ [3] ∈ {0}
+ z3 ∈ {3}
+[value] Values at end of function large:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [50..70]
+ z1 ∈ [0..54]
+ z2 ∈ [3..15]
+ z3 ∈ [1..15]
+ z4 ∈ [0..12]
+ z5 ∈ [0..49]
+[value] Values at end of function large_uninit:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..19] ∈ {1; 2}
+ [20] ∈ {0}
+ [21..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..74] ∈ {3; 4}
+ [75] ∈ {0}
+ [76..94] ∈ {3; 4}
+ [95..97] ∈ UNINITIALIZED
+ [98] ∈ {0}
+ [99] ∈ UNINITIALIZED
+ offset ∈ {0}
+ z1 ∈ [0..17]
+ z2 ∈ [0..12]
+ z3 ∈ {20; 21; 22; 23; 24; 25}
+[value] Values at end of function misc:
Frama_C_entropy_source ∈ [--..--]
loc_str ∈ {{ "Bonjour Monde\n" }}
loc_char_array[0..2] ∈ UNINITIALIZED
@@ -72,45 +351,173 @@ tests/non-free/strlen.c:61:[value] Assertion got status valid.
sz1 ∈ {12; 14}
sz2 ∈ {0}
sz3 ∈ [0..13]
- sz4 ∈ {0; 1; 2; 3}
- sz5 ∈ {3}
- szu ∈ UNINITIALIZED
+ sz4 ∈ {3}
+ sz5 ∈ {2; 3; 4}
+ sz6 ∈ {1; 2; 3}
+ sz7 ∈ {0; 1; 2; 3; 4} or UNINITIALIZED
+ sz8 ∈ {1}
x ∈ {-1412567296}
z ∈ {305419776}
i ∈ [0..11]
str ∈
{{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ; "aaaaaa" ; "aaaaaaaaa" ;
"aaaaaaaaaa" ; "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ; "aaaaaaaaaaaaa" }}
+ s1 ∈ {{ "mno\000pqr" ; "MNOP\000QRS" }}
+ s2 ∈ {{ "efg" + {1; 2} ; "EFGH" + {1; 2} }}
+ maybe_init[0] ∈ {65} or UNINITIALIZED
+ [1] ∈ {0}
+[value] Values at end of function small_sets:
+ s ∈ {{ "b\000c" }}
+ p ∈ {{ "b\000c" + {0; 2} }}
+ z1 ∈ {2; 3}
+ z2 ∈ {0; 2}
+ z3 ∈ {0}
+ z4 ∈ {1}
+ t[0..1] ∈ {0; 1}
+ [2..3] ∈ {1}
+ z5 ∈ {0; 1}
+[value] Values at end of function zero_termination:
+ empty_or_non_terminated[0] ∈ {0; 100}
+ z1 ∈ {0}
+ non_terminated[0] ∈ {88}
+ non_terminated2[0] ∈ {76}
+ [1] ∈ {0}
+ [2] ∈ {28}
+ [3] ∈ {14}
+ p ∈ {{ &non_terminated2{[2], [3]} }}
+[value] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
__retres ∈ {0}
-[from] Computing for function main
-[from] Computing for function Frama_C_strlen <-main
+[from] Computing for function big_array
+[from] Computing for function Frama_C_strlen <-big_array
[from] Done for function Frama_C_strlen
-[from] Computing for function Frama_C_nondet <-main
-[from] Done for function Frama_C_nondet
-[from] Computing for function Frama_C_interval <-main
+[from] Done for function big_array
+[from] Computing for function bitfields
+[from] Done for function bitfields
+[from] Computing for function bitfields2
+[from] Done for function bitfields2
+[from] Computing for function escaping
+[from] Done for function escaping
+[from] Computing for function init_array_nondet
+[from] Computing for function Frama_C_memset <-init_array_nondet
+[from] Done for function Frama_C_memset
+[from] Done for function init_array_nondet
+[from] Computing for function initialization
+[from] Done for function initialization
+[from] Computing for function large
+[from] Computing for function Frama_C_interval <-large
[from] Done for function Frama_C_interval
+[from] Done for function large
+[from] Computing for function large_uninit
+[from] Done for function large_uninit
+[from] Computing for function misc
+[from] Done for function misc
+[from] Computing for function small_sets
+[from] Done for function small_sets
+[from] Computing for function zero_termination
+[from] Done for function zero_termination
+[from] Computing for function main
[from] Done for function main
[from] ====== DEPENDENCIES COMPUTED ======
These dependencies hold at termination for the executions that terminate:
[from] Function Frama_C_interval:
Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
\result FROM Frama_C_entropy_source; min; max
-[from] Function Frama_C_nondet:
+[from] Function big_array:
+ NO EFFECTS
+[from] Function bitfields:
+ NO EFFECTS
+[from] Function bitfields2:
+ NO EFFECTS
+[from] Function escaping:
+ NO EFFECTS
+[from] Function init_array_nondet:
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+[from] Function initialization:
+ NO EFFECTS
+[from] Function large:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_uninit:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function misc:
Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
- \result FROM Frama_C_entropy_source; a; b
+[from] Function small_sets:
+ NO EFFECTS
+[from] Function zero_termination:
+ NO EFFECTS
[from] Function main:
Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
\result FROM \nothing
[from] ====== END OF DEPENDENCIES ======
-[inout] Out (internal) for function main:
+[inout] Out (internal) for function big_array:
+ t[0..999999]; u[0..199]; r[0..200]; p; len_u; len_r; len_t
+[inout] Inputs for function big_array:
+ nondet
+[inout] Out (internal) for function bitfields:
+ s{{.a; .b}; .c}; p
+[inout] Inputs for function bitfields:
+ nondet
+[inout] Out (internal) for function bitfields2:
+ s{.a; .b; .c}; p; z1; tmp
+[inout] Inputs for function bitfields2:
+ \nothing
+[inout] Out (internal) for function escaping:
+ s[0..3]; z1; tmp; z2; tmp_0
+[inout] Inputs for function escaping:
+ nondet
+[inout] Out (internal) for function init_array_nondet:
+ size; val1; val2; val; tmp; a[0..99]; a[0..99]
+[inout] Inputs for function init_array_nondet:
+ nondet
+[inout] Out (internal) for function initialization:
+ empty_or_uninitialized[0]; z1; tmp; s[0..1]; p; z2; tmp_0; t[0..3];
+ z3; tmp_1
+[inout] Inputs for function initialization:
+ nondet
+[inout] Out (internal) for function large:
+ Frama_C_entropy_source; a[0..99]; offset; z1; tmp_0; z2; tmp_1; z3;
+ tmp_2; z4; tmp_3; z5; tmp_4
+[inout] Inputs for function large:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function large_uninit:
+ Frama_C_entropy_source; a[0..99]; offset; z1; tmp_0; z2; tmp_1; z3; tmp_2
+[inout] Inputs for function large_uninit:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function misc:
Frama_C_entropy_source; loc_str; loc_char_array[3]; sz1; sz2; sz3;
- sz4; sz5; szu; x; z; i; str; tmp; tmp_0; __retres
-[inout] Inputs for function main:
+ sz4; sz5; sz6; sz7; sz8; x; z; i; str; s1; tmp; s2; tmp_0; j;
+ maybe_init[0..1]
+[inout] Inputs for function misc:
Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
- unterminated_string[0..11]; "Hello World\n"[bits 0 to 103];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
"abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
"aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
"aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
"aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
"aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
- "Bonjour Monde\n"[bits 0 to 119]
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]
+[inout] Out (internal) for function small_sets:
+ s; p; tmp; z1; tmp_0; z2; tmp_1; z3; tmp_2; z4; tmp_3; t[0..3]; z5; tmp_4
+[inout] Inputs for function small_sets:
+ nondet; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function zero_termination:
+ empty_or_non_terminated[0]; z1; tmp; non_terminated[0];
+ non_terminated2[0..3]; p; tmp_0
+[inout] Inputs for function zero_termination:
+ nondet
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source; __retres
+[inout] Inputs for function main:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71]
diff --git a/tests/non-free/oracle/strnlen.res.oracle b/tests/non-free/oracle/strnlen.res.oracle
index 3e0dacb5de5..cdd857a0bb9 100644
--- a/tests/non-free/oracle/strnlen.res.oracle
+++ b/tests/non-free/oracle/strnlen.res.oracle
@@ -18,7 +18,8 @@
tests/non-free/strnlen.i:9:[value] Call to builtin strnlen(({{ &t1[0] }},{3}))
tests/non-free/strnlen.i:10:[value] Call to builtin strnlen(({{ &t1[0] }},{5}))
tests/non-free/strnlen.i:11:[value] Call to builtin strnlen(({{ &t1[0] }},{6}))
-tests/non-free/strnlen.i:11:[value] warning: assert (string valid up to n)
+tests/non-free/strnlen.i:11:[value] warning: built-in strnlen: tests/non-free/strnlen.i:11:
+ reading indeterminate data
tests/non-free/strnlen.i:13:[value] Call to builtin strnlen(({{ &t2[0] }},{3}))
tests/non-free/strnlen.i:14:[value] Call to builtin strnlen(({{ &t2[0] }},{5}))
tests/non-free/strnlen.i:15:[value] Call to builtin strnlen(({{ &t2[0] }},{6}))
diff --git a/tests/non-free/oracle/strnlen2.err.oracle b/tests/non-free/oracle/strnlen2.err.oracle
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/non-free/oracle/strnlen2.res.oracle b/tests/non-free/oracle/strnlen2.res.oracle
new file mode 100644
index 00000000000..d2d6a4b8c7a
--- /dev/null
+++ b/tests/non-free/oracle/strnlen2.res.oracle
@@ -0,0 +1,920 @@
+[kernel] Parsing share/libc/__fc_builtin_for_normalization.i (no preprocessing)
+[kernel] Parsing tests/non-free/strnlen2.c (with preprocessing)
+[value] Analyzing a complete application starting at main
+[value] Computing initial state
+[value] Initial state computed
+[value] Values of globals at initialization
+ Frama_C_entropy_source ∈ [--..--]
+ static_str ∈ {{ "Hello World\n" }}
+ zero_str ∈ {{ "abc\000\000\000abc" }}
+ tab_str[0] ∈ {{ "" }}
+ [1] ∈ {{ "a" }}
+ [2] ∈ {{ "aa" }}
+ [3] ∈ {{ "aaa" }}
+ [4] ∈ {{ "aaaa" }}
+ [5] ∈ {{ "aaaaa" }}
+ [6] ∈ {{ "aaaaaa" }}
+ [7] ∈ {{ "aaaaaaaaa" }}
+ [8] ∈ {{ "aaaaaaaaaa" }}
+ [9] ∈ {{ "aaaaaaaaaaa" }}
+ [10] ∈ {{ "aaaaaaaaaaaa" }}
+ [11] ∈ {{ "aaaaaaaaaaaaa" }}
+ unterminated_string[0] ∈ {117}
+ [1] ∈ {110}
+ [2] ∈ {116}
+ [3] ∈ {101}
+ [4] ∈ {114}
+ [5] ∈ {109}
+ [6] ∈ {105}
+ [7] ∈ {110}
+ [8] ∈ {97}
+ [9] ∈ {116}
+ [10] ∈ {101}
+ [11] ∈ {100}
+ nondet ∈ [--..--]
+[value] computing for function small_sets <- main.
+ Called from tests/non-free/strnlen2.c:488.
+tests/non-free/strnlen2.c:45:[value] Call to builtin strnlen(({{ "abc" + {0; 1} }},{3}))
+tests/non-free/strnlen2.c:46:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:49:[value] Call to builtin strnlen(({{ "\000bc" + {0; 1} }},{2}))
+tests/non-free/strnlen2.c:50:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:52:[value] Call to builtin strnlen(({{ "" }},{0}))
+tests/non-free/strnlen2.c:53:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:56:[value] Call to builtin strnlen(({{ "b\000c" + {0; 2} }},{2}))
+tests/non-free/strnlen2.c:57:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:61:[value] Call to builtin strnlen(({{ &t[0] }},{4}))
+tests/non-free/strnlen2.c:62:[value] Assertion got status valid.
+[value] Recording results for small_sets
+[value] Done for function small_sets
+[value] computing for function zero_termination <- main.
+ Called from tests/non-free/strnlen2.c:489.
+tests/non-free/strnlen2.c:68:[value] Call to builtin strnlen(({{ &empty_or_non_terminated[0] }},{1}))
+tests/non-free/strnlen2.c:69:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:73:[value] Call to builtin strnlen(({{ &non_terminated[0] }},{2}))
+tests/non-free/strnlen2.c:73:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:73:
+ reading indeterminate data
+tests/non-free/strnlen2.c:79:[value] Call to builtin strnlen(({{ &non_terminated2{[2], [3]} }},{4}))
+tests/non-free/strnlen2.c:79:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:79:
+ reading indeterminate data
+[value] Recording results for zero_termination
+[value] Done for function zero_termination
+[value] computing for function initialization <- main.
+ Called from tests/non-free/strnlen2.c:491.
+tests/non-free/strnlen2.c:85:[value] Call to builtin strnlen(({{ &empty_or_uninitialized[0] }},{1}))
+tests/non-free/strnlen2.c:85:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:85:
+ possible uninitialized values
+tests/non-free/strnlen2.c:86:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:89:[value] Call to builtin strnlen(({{ &uninitialized[0] }},{1}))
+tests/non-free/strnlen2.c:89:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:89:
+ reading indeterminate data
+tests/non-free/strnlen2.c:94:[value] Call to builtin strnlen(({{ &s[0] }},{2}))
+tests/non-free/strnlen2.c:94:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:94:
+ possible uninitialized values
+tests/non-free/strnlen2.c:95:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:101:[value] Call to builtin strnlen(({{ &t[0] }},{4}))
+tests/non-free/strnlen2.c:101:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:101:
+ possible uninitialized values
+tests/non-free/strnlen2.c:102:[value] Assertion got status valid.
+[value] Recording results for initialization
+[value] Done for function initialization
+[value] computing for function large <- main.
+ Called from tests/non-free/strnlen2.c:492.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strnlen2.c:144.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strnlen2.c:147.
+[value] using specification for function Frama_C_interval
+share/libc/__fc_builtin.h:51:[value] Function Frama_C_interval: precondition got status valid.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:148:[value] Call to builtin strnlen(({{ &a + [3..30] }},{100}))
+tests/non-free/strnlen2.c:149:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strnlen2.c:151.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:152:[value] Call to builtin strnlen(({{ &a + [5..17] }},{100}))
+tests/non-free/strnlen2.c:153:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strnlen2.c:155.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:156:[value] Call to builtin strnlen(({{ &a + [60..74] }},{100}))
+tests/non-free/strnlen2.c:157:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strnlen2.c:159.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:160:[value] Call to builtin strnlen(({{ &a + [63..80] }},{100}))
+tests/non-free/strnlen2.c:160:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:160:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:161:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large <- main.
+ Called from tests/non-free/strnlen2.c:163.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large <- main.
+ Called from tests/non-free/strnlen2.c:164.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:165:[value] Call to builtin strnlen(({{ &a + [50..70] }},{100}))
+tests/non-free/strnlen2.c:165:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:165:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:166:[value] Assertion got status valid.
+[value] Recording results for large
+[value] Done for function large
+[value] computing for function large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:493.
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:171.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{40}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:172.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a[50] }},{3; 4},{45}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:176.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:177:[value] Call to builtin strnlen(({{ &a + [3..30] }},{100}))
+tests/non-free/strnlen2.c:177:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:177:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:178:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:181.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:182:[value] Call to builtin strnlen(({{ &a + [63..80] }},{100}))
+tests/non-free/strnlen2.c:182:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:182:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:183:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_uninit <- main.
+ Called from tests/non-free/strnlen2.c:185.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:186:[value] Call to builtin strnlen(({{ &a + [45..55] }},{100}))
+tests/non-free/strnlen2.c:186:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:186:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:187:[value] Assertion got status valid.
+[value] Recording results for large_uninit
+[value] Done for function large_uninit
+[value] computing for function misc <- main.
+ Called from tests/non-free/strnlen2.c:494.
+tests/non-free/strnlen2.c:215:[value] Call to builtin strnlen(({{ &unterminated_string[0] }},{13}))
+tests/non-free/strnlen2.c:215:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:215:
+ reading indeterminate data
+tests/non-free/strnlen2.c:218:[value] Call to builtin strnlen(({{ "Hello World\n" ; "Bonjour Monde\n" }},{14}))
+tests/non-free/strnlen2.c:219:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:222:[value] Call to builtin strnlen(({{ &x + {0; 3} }},{12}))
+tests/non-free/strnlen2.c:222:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:222:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:223:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- misc <- main.
+ Called from tests/non-free/strnlen2.c:224.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:226:[value] Call to builtin strnlen(({{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ;
+ "aaaaaa" ; "aaaaaaaaa" ; "aaaaaaaaaa" ;
+ "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ;
+ "aaaaaaaaaaaaa" }},{13}))
+tests/non-free/strnlen2.c:227:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:229:[value] Call to builtin strnlen(({{ &loc_char_array[0] }},{5}))
+tests/non-free/strnlen2.c:229:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:229:
+ reading indeterminate data
+tests/non-free/strnlen2.c:230:[value] Call to builtin strnlen(({{ "abc\000\000\000abc" }},{9}))
+tests/non-free/strnlen2.c:231:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:234:[value] Call to builtin strnlen(({{ "abc" + {0; 1} ; "ABCD" + {0; 1} }},{5}))
+tests/non-free/strnlen2.c:235:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:239:[value] Call to builtin strnlen(({{ "efg" + {1; 2} ; "EFGH" + {1; 2} }},{5}))
+tests/non-free/strnlen2.c:240:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:243:[value] entering loop for the first time
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" ; "MNOP\000QRS" }},{10}))
+tests/non-free/strnlen2.c:245:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" + {0; 1} ; "MNOP\000QRS" + {0; 1} }},
+ {10}))
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" + {0; 1; 2} ;
+ "MNOP\000QRS" + {0; 1; 2} }},{10}))
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" + {0; 1; 2; 3} ;
+ "MNOP\000QRS" + {0; 1; 2; 3} }},{10}))
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" + {0; 1; 2; 3; 4} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4} }},{10}))
+tests/non-free/strnlen2.c:244:[value] Call to builtin strnlen(({{ "mno\000pqr" + {0; 1; 2; 3; 4; 5; 6; 7} ;
+ "MNOP\000QRS" + {0; 1; 2; 3; 4; 5; 6; 7} }},
+ {10}))
+tests/non-free/strnlen2.c:251:[value] Call to builtin strnlen(({{ &maybe_init[0] }},{2}))
+tests/non-free/strnlen2.c:251:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:251:
+ possible uninitialized values
+tests/non-free/strnlen2.c:252:[value] Assertion got status valid.
+[value] Recording results for misc
+[value] Done for function misc
+[value] computing for function bitfields <- main.
+ Called from tests/non-free/strnlen2.c:495.
+tests/non-free/strnlen2.c:117:[value] Call to builtin strnlen(({{ (char const *)&s }},{3}))
+tests/non-free/strnlen2.c:117:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:117:
+ reading indeterminate data
+[value] Recording results for bitfields
+[value] Done for function bitfields
+[value] computing for function bitfields2 <- main.
+ Called from tests/non-free/strnlen2.c:496.
+tests/non-free/strnlen2.c:132:[value] Call to builtin strnlen(({{ (char const *)&s }},{3}))
+tests/non-free/strnlen2.c:133:[value] Assertion got status valid.
+[value] Recording results for bitfields2
+[value] Done for function bitfields2
+[value] computing for function escaping <- main.
+ Called from tests/non-free/strnlen2.c:497.
+tests/non-free/strnlen2.c:196:[value] warning: locals {x} escaping the scope of a block of escaping through s
+tests/non-free/strnlen2.c:199:[value] Call to builtin strnlen(({{ &s[0] }},{4}))
+tests/non-free/strnlen2.c:199:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:199:
+ possible escaping addresses
+tests/non-free/strnlen2.c:200:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:202:[value] Call to builtin strnlen(({{ &s[0] }},{4}))
+tests/non-free/strnlen2.c:203:[value] Assertion got status valid.
+[value] Recording results for escaping
+[value] Done for function escaping
+[value] computing for function big_array <- main.
+ Called from tests/non-free/strnlen2.c:498.
+tests/non-free/strnlen2.c:261:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:263:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:265:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:272:[value] Call to builtin strnlen(({{ (char const *)&u }},{800}))
+tests/non-free/strnlen2.c:272:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:272:
+ possible uninitialized values
+tests/non-free/strnlen2.c:273:[value] Call to builtin strnlen(({{ (char const *)&r }},{804}))
+tests/non-free/strnlen2.c:273:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:273:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:273:
+ possible uninitialized values
+tests/non-free/strnlen2.c:274:[value] Call to builtin strnlen(({{ (char const *)&t }},{4000000}))
+tests/non-free/strnlen2.c:274:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:274:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:274:
+ possible uninitialized values
+tests/non-free/strnlen2.c:275:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:276:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:277:[value] Assertion got status valid.
+[value] Called Frama_C_show_each({1}, {1}, {1})
+tests/non-free/strnlen2.c:282:[value] Call to builtin strnlen(({{ &u + [-8589934592..8589934588],0%4 }},{801}))
+tests/non-free/strnlen2.c:282:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:282:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:283:[value] Call to builtin strnlen(({{ &r + [-8589934592..8589934588],0%4 }},{805}))
+tests/non-free/strnlen2.c:283:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:283:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:283:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:284:[value] Call to builtin strnlen(({{ &t + [-8589934592..8589934588],0%4 }},{4000001}))
+tests/non-free/strnlen2.c:284:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:284:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:284:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:285:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:286:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:287:[value] Assertion got status valid.
+[value] Called Frama_C_show_each({0; 1; 2; 3}, [0..800], [0..3999996])
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strnlen2.c:291.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&u }},{0; 1},{800}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strnlen2.c:292.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&r }},{0; 1},{804}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- big_array <- main.
+ Called from tests/non-free/strnlen2.c:293.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&t }},{0; 1},{4000000}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+tests/non-free/strnlen2.c:295:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:297:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:299:[kernel] warning: out of bounds write. assert \valid(p);
+tests/non-free/strnlen2.c:300:[value] Call to builtin strnlen(({{ (char const *)&u }},{800}))
+tests/non-free/strnlen2.c:301:[value] Call to builtin strnlen(({{ (char const *)&r }},{804}))
+tests/non-free/strnlen2.c:301:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:302:[value] Call to builtin strnlen(({{ (char const *)&t }},{4000000}))
+tests/non-free/strnlen2.c:302:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:303:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:304:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:305:[value] Assertion got status valid.
+[value] Called Frama_C_show_each([0..800], [0..804], [0..4000000])
+tests/non-free/strnlen2.c:308:[value] Call to builtin strnlen(({{ &u + [-8589934592..8589934588],0%4 }},{801}))
+tests/non-free/strnlen2.c:308:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:308:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:309:[value] Call to builtin strnlen(({{ &r + [-8589934592..8589934588],0%4 }},{805}))
+tests/non-free/strnlen2.c:309:[kernel] more than 200(201) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:309:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:309:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:310:[value] Call to builtin strnlen(({{ &t + [-8589934592..8589934588],0%4 }},{4000001}))
+tests/non-free/strnlen2.c:310:[kernel] more than 200(1000000) locations to update in array. Approximating.
+tests/non-free/strnlen2.c:310:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:310:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:311:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:312:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:313:[value] Assertion got status valid.
+[value] Called Frama_C_show_each([0..799], [0..803], [0..3999999])
+[value] Recording results for big_array
+[value] Done for function big_array
+[value] computing for function no_zero_but_ok <- main.
+ Called from tests/non-free/strnlen2.c:500.
+tests/non-free/strnlen2.c:325:[value] Call to builtin strnlen(({{ &s[0] }},{5}))
+tests/non-free/strnlen2.c:326:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:327:[value] Call to builtin strnlen(({{ &s[0] }},{10}))
+tests/non-free/strnlen2.c:328:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:330:[value] Call to builtin strnlen(({{ &s{[1], [8]} }},{10}))
+tests/non-free/strnlen2.c:331:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:333:[value] Call to builtin strnlen(({{ &s{[7], [11]} }},{4}))
+tests/non-free/strnlen2.c:334:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:336:[value] Call to builtin strnlen(({{ &s{[7], [18]} }},{4}))
+tests/non-free/strnlen2.c:336:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:336:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:337:[value] Assertion got status valid.
+[value] Recording results for no_zero_but_ok
+[value] Done for function no_zero_but_ok
+[value] computing for function small_sets_n <- main.
+ Called from tests/non-free/strnlen2.c:501.
+tests/non-free/strnlen2.c:345:[value] Call to builtin strnlen(({{ "abcde" + {0; 1} }},{2; 5}))
+tests/non-free/strnlen2.c:346:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:351:[value] Call to builtin strnlen(({{ "\000bcdef" + {0; 1} }},{1; 4}))
+tests/non-free/strnlen2.c:352:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:356:[value] Call to builtin strnlen(({{ "bcd\000efg" + {0; 2} }},{2}))
+tests/non-free/strnlen2.c:357:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:361:[value] Call to builtin strnlen(({{ "bcd\000efg" + {0; 2} }},{2; 3}))
+tests/non-free/strnlen2.c:362:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:366:[value] Call to builtin strnlen(({{ "bcd\000efg" + {0; 2; 4} }},{2; 5}))
+tests/non-free/strnlen2.c:367:[value] Assertion got status valid.
+[value] Recording results for small_sets_n
+[value] Done for function small_sets_n
+[value] computing for function large_n <- main.
+ Called from tests/non-free/strnlen2.c:502.
+[value] computing for function init_array_nondet <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:372.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{1; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:377.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:378.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:379:[value] Call to builtin strnlen(({{ &a + [3..30] }},[10..20]))
+tests/non-free/strnlen2.c:380:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:384:[value] Call to builtin strnlen(({{ &a + [3..30] }},[10..20]))
+tests/non-free/strnlen2.c:385:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:388:[value] Call to builtin strnlen(({{ &a + [3..30] }},[10..20]))
+tests/non-free/strnlen2.c:389:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:391.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:392:[value] Call to builtin strnlen(({{ &a + [5..17] }},[10..20]))
+tests/non-free/strnlen2.c:393:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:395.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:396:[value] Call to builtin strnlen(({{ &a + [60..74] }},[10..20]))
+tests/non-free/strnlen2.c:397:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:399.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:400:[value] Call to builtin strnlen(({{ &a + [63..80] }},[10..20]))
+tests/non-free/strnlen2.c:401:[value] Assertion got status valid.
+[value] computing for function init_array_nondet <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:403.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{0; 2},{100}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:404.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:405:[value] Call to builtin strnlen(({{ &a + [50..70] }},[10..20]))
+tests/non-free/strnlen2.c:406:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:408.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:409:[value] Call to builtin strnlen(({{ &a + [50..70] }},[0..100]))
+tests/non-free/strnlen2.c:409:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:409:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:410:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:412.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- large_n <- main.
+ Called from tests/non-free/strnlen2.c:413.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:414:[value] Call to builtin strnlen(({{ &a + [0..10] }},[0..90]))
+tests/non-free/strnlen2.c:415:[value] Assertion got status valid.
+[value] Recording results for large_n
+[value] Done for function large_n
+[value] computing for function unbounded_n <- main.
+ Called from tests/non-free/strnlen2.c:504.
+tests/non-free/strnlen2.c:423:[value] Call to builtin strnlen(({{ "abc" }},[0..2147483647]))
+tests/non-free/strnlen2.c:424:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:426:[value] Call to builtin strnlen(({{ "abc" + {0; 1} }},[0..2147483647]))
+tests/non-free/strnlen2.c:427:[value] Assertion got status valid.
+tests/non-free/strnlen2.c:429:[value] Call to builtin strnlen(({{ "bcd\000eg" }},[0..2147483647]))
+tests/non-free/strnlen2.c:430:[value] Assertion got status valid.
+[value] Recording results for unbounded_n
+[value] Done for function unbounded_n
+[value] computing for function intervals <- main.
+ Called from tests/non-free/strnlen2.c:505.
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:435.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a }},{0; 1},{10}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:436.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a[3] }},{1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:437.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a[11] }},{0; 1},{1}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:438.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a[12] }},{1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function init_array_nondet <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:439.
+tests/non-free/strnlen2.c:138:[value] Call to builtin memset(({{ (void *)&a[16] }},{0; 1},{4}))
+[value] Recording results for init_array_nondet
+[value] Done for function init_array_nondet
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:441.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:442.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:443:[value] Call to builtin strnlen(({{ &a + [0..9] }},[0..9]))
+tests/non-free/strnlen2.c:443:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:443:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:444:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:446.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:447.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:448:[value] Call to builtin strnlen(({{ &a{[3], [4], [5], [6], [7], [8], [9]} }},[2..10]))
+tests/non-free/strnlen2.c:448:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:448:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:449:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:451.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:452.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:453:[value] Call to builtin strnlen(({{ &a{[3], [4], [5], [6], [7], [8], [9]} }},[0..11]))
+tests/non-free/strnlen2.c:453:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:453:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:454:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:456.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:457.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:458:[value] Call to builtin strnlen(({{ &a{[3], [4], [5], [6], [7], [8], [9], [10]} }},
+ [0..9]))
+tests/non-free/strnlen2.c:458:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:458:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:459:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:461.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:462.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:463:[value] Call to builtin strnlen(({{ &a{[3], [4], [5], [6], [7], [8], [9], [10]} }},
+ [0..10]))
+tests/non-free/strnlen2.c:463:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:463:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:464:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:466.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:467.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:468:[value] Call to builtin strnlen(({{ &a{[3], [4], [5], [6], [7], [8], [9], [10]} }},
+ [0..11]))
+tests/non-free/strnlen2.c:468:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:468:
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:469:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:471.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:472.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:473:[value] Call to builtin strnlen(({{ &a + [3..11] }},[0..9]))
+tests/non-free/strnlen2.c:473:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:473:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:474:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:476.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:477.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:478:[value] Call to builtin strnlen(({{ &a + [3..11] }},[0..10]))
+tests/non-free/strnlen2.c:478:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:478:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:479:[value] Assertion got status valid.
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:481.
+[value] Done for function Frama_C_interval
+[value] computing for function Frama_C_interval <- intervals <- main.
+ Called from tests/non-free/strnlen2.c:482.
+[value] Done for function Frama_C_interval
+tests/non-free/strnlen2.c:483:[value] Call to builtin strnlen(({{ &a + [3..11] }},[0..11]))
+tests/non-free/strnlen2.c:483:[value] warning: built-in strnlen: tests/non-free/strnlen2.c:483:
+ possible uninitialized values
+ possibly reading indeterminate data
+tests/non-free/strnlen2.c:484:[value] Assertion got status valid.
+[value] Recording results for intervals
+[value] Done for function intervals
+[value] Recording results for main
+[value] done for function main
+[value] ====== VALUES COMPUTED ======
+[value] Values at end of function bitfields:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .[bits 16 to 31] ∈ UNINITIALIZED
+ .c ∈ {7}
+ .[bits 49 to 63] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+[value] Values at end of function bitfields2:
+ s.a ∈ {3}
+ .b ∈ {1}
+ .c ∈ {7}
+ .[bits 25 to 31] ∈ UNINITIALIZED
+ p ∈ {{ (char *)&s }}
+ z1 ∈ {2}
+[value] Values at end of function escaping:
+ s[0] ∈ {0}
+ [1..3] ∈ ESCAPINGADDR
+ z1 ∈ {0}
+ z2 ∈ {0}
+[value] Values at end of function init_array_nondet:
+ from ∈ {-1}
+ to ∈ {-1}
+ val1 ∈ {-1}
+ val2 ∈ {-1}
+ val ∈ {0; 1; 2; 3; 4}
+ a[0..99] ∈ {0; 1; 2}
+ a[0..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..94] ∈ {3; 4} or UNINITIALIZED
+ [95..99] ∈ UNINITIALIZED
+ u[0..199] ∈ {0; 16843009}
+ r[0..200] ∈ {0; 16843009; 270729319} or UNINITIALIZED
+ t[0..999999] ∈ {0; 16843009; 270729319} or UNINITIALIZED
+ a[0..99] ∈ {0; 1; 2}
+ a[0..9] ∈ {0; 1}
+ [10] ∈ UNINITIALIZED
+ [11] ∈ {0; 1} or UNINITIALIZED
+ [12..15] ∈ {1} or UNINITIALIZED
+ [16..19] ∈ {0; 1} or UNINITIALIZED
+ [20..99] ∈ UNINITIALIZED
+[value] Values at end of function big_array:
+ u[0..199] ∈ {0; 16843009; 270729319}
+ r[0..200] ∈ {0; 16843009; 270729319}
+ t[0..999999] ∈ {0; 16843009; 270729319}
+ p ∈ {{ &t + [0..3999996],0%4 }}
+ len_u ∈ [0..799]
+ len_r ∈ [0..803]
+ len_t ∈ [0..3999999]
+[value] Values at end of function initialization:
+ empty_or_uninitialized[0] ∈ {0} or UNINITIALIZED
+ z1 ∈ {0}
+ s[0] ∈ {1} or UNINITIALIZED
+ [1] ∈ {0}
+ z2 ∈ {1}
+ t[0..1] ∈ {10}
+ [2] ∈ {10} or UNINITIALIZED
+ [3] ∈ {0}
+ z3 ∈ {3}
+[value] Values at end of function intervals:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..2] ∈ {0; 1}
+ [3..6] ∈ {1}
+ [7..9] ∈ {0; 1}
+ [10] ∈ UNINITIALIZED
+ [11] ∈ {0; 1}
+ [12..15] ∈ {1}
+ [16..19] ∈ {0; 1}
+ [20..99] ∈ UNINITIALIZED
+ offset ∈ [3..11]
+ n ∈ [0..11]
+ z1 ∈ [0..9]
+ z2 ∈ {0; 1; 2; 3; 4; 5; 6; 7}
+ z3 ∈ {0; 1; 2; 3; 4; 5; 6; 7}
+ z4 ∈ {0; 1; 2; 3; 4; 5; 6; 7}
+ z5 ∈ {0; 1; 2; 3; 4; 5; 6; 7}
+ z6 ∈ {0; 1; 2; 3; 4; 5; 6; 7}
+ z7 ∈ [0..9]
+ z8 ∈ [0..9]
+ z9 ∈ [0..9]
+[value] Values at end of function large:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [50..70]
+ z1 ∈ [0..54]
+ z2 ∈ [3..15]
+ z3 ∈ [1..15]
+ z4 ∈ [0..12]
+ z5 ∈ [0..49]
+[value] Values at end of function large_n:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..99] ∈ {0; 2}
+ offset ∈ [0..10]
+ n ∈ [0..90]
+ z1 ∈ [0..12]
+ z2 ∈ [0..13]
+ z3 ∈ [0..20]
+ z4 ∈ [0..13]
+ z5 ∈ [1..15]
+ z6 ∈ [0..20]
+ z7 ∈ [0..20]
+ z8 ∈ [0..50]
+ z9 ∈ [0..90]
+[value] Values at end of function large_uninit:
+ Frama_C_entropy_source ∈ [--..--]
+ a[0..19] ∈ {1; 2}
+ [20] ∈ {0}
+ [21..39] ∈ {1; 2}
+ [40..49] ∈ UNINITIALIZED
+ [50..74] ∈ {3; 4}
+ [75] ∈ {0}
+ [76..94] ∈ {3; 4}
+ [95..97] ∈ UNINITIALIZED
+ [98] ∈ {0}
+ [99] ∈ UNINITIALIZED
+ offset ∈ {0}
+ z1 ∈ [0..17]
+ z2 ∈ [0..12]
+ z3 ∈ {20; 21; 22; 23; 24; 25}
+[value] Values at end of function misc:
+ Frama_C_entropy_source ∈ [--..--]
+ loc_str ∈ {{ "Bonjour Monde\n" }}
+ loc_char_array[0..2] ∈ UNINITIALIZED
+ [3] ∈ {0}
+ [4] ∈ UNINITIALIZED
+ sz1 ∈ {12; 14}
+ sz2 ∈ {0}
+ sz3 ∈ [0..13]
+ sz4 ∈ {3}
+ sz5 ∈ {2; 3; 4}
+ sz6 ∈ {1; 2; 3}
+ sz7 ∈ {0; 1; 2; 3; 4} or UNINITIALIZED
+ sz8 ∈ {1}
+ x ∈ {-1412567296}
+ z ∈ {305419776}
+ i ∈ [0..11]
+ str ∈
+ {{ "" ; "a" ; "aa" ; "aaa" ; "aaaa" ; "aaaaa" ; "aaaaaa" ; "aaaaaaaaa" ;
+ "aaaaaaaaaa" ; "aaaaaaaaaaa" ; "aaaaaaaaaaaa" ; "aaaaaaaaaaaaa" }}
+ s1 ∈ {{ "mno\000pqr" ; "MNOP\000QRS" }}
+ s2 ∈ {{ "efg" + {1; 2} ; "EFGH" + {1; 2} }}
+ maybe_init[0] ∈ {65} or UNINITIALIZED
+ [1] ∈ {0}
+[value] Values at end of function no_zero_but_ok:
+ s[0..9] ∈ {1}
+ [10] ∈ {0}
+ [11..13] ∈ {1}
+ [14..19] ∈ {0; 1}
+ z1 ∈ {5}
+ z2 ∈ {10}
+ p ∈ {{ &s{[7], [18]} }}
+ z3 ∈ {2; 9}
+ z4 ∈ {3; 4}
+ z5 ∈ {0; 1; 3}
+[value] Values at end of function small_sets:
+ s ∈ {{ "b\000c" }}
+ o ∈ {0; 2}
+ z1 ∈ {2; 3}
+ z2 ∈ {0; 2}
+ z3 ∈ {0}
+ z4 ∈ {1}
+ t[0..1] ∈ {0; 1}
+ [2..3] ∈ {1}
+ z5 ∈ {0; 1; 4}
+[value] Values at end of function small_sets_n:
+ s ∈ {{ "bcd\000efg" }}
+ p ∈ {{ "bcd\000efg" + {0; 2; 4} }}
+ n ∈ {2; 5}
+ z1 ∈ {2; 4; 5}
+ z2 ∈ {0; 1; 4}
+ z3a ∈ {1; 2}
+ z3 ∈ {1; 2; 3}
+ z4 ∈ {1; 2; 3}
+[value] Values at end of function unbounded_n:
+ n ∈ [0..2147483647]
+ s ∈ {{ "bcd\000eg" }}
+ zu1 ∈ {3}
+ o ∈ {0; 1}
+ zu2 ∈ {2; 3}
+ zu3 ∈ {3}
+[value] Values at end of function zero_termination:
+ empty_or_non_terminated[0] ∈ {0; 100}
+ z1 ∈ {0; 1}
+ non_terminated[0] ∈ {88}
+ non_terminated2[0] ∈ {76}
+ [1] ∈ {0}
+ [2] ∈ {28}
+ [3] ∈ {14}
+ o ∈ {2; 3}
+[value] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
+ __retres ∈ {0}
+[from] Computing for function bitfields
+[from] Computing for function Frama_C_strnlen <-bitfields
+[from] Done for function Frama_C_strnlen
+[from] Done for function bitfields
+[from] Computing for function bitfields2
+[from] Done for function bitfields2
+[from] Computing for function escaping
+[from] Done for function escaping
+[from] Computing for function init_array_nondet
+[from] Computing for function Frama_C_memset <-init_array_nondet
+[from] Done for function Frama_C_memset
+[from] Done for function init_array_nondet
+[from] Computing for function big_array
+[from] Done for function big_array
+[from] Computing for function initialization
+[from] Done for function initialization
+[from] Computing for function intervals
+[from] Computing for function Frama_C_interval <-intervals
+[from] Done for function Frama_C_interval
+[from] Done for function intervals
+[from] Computing for function large
+[from] Done for function large
+[from] Computing for function large_n
+[from] Done for function large_n
+[from] Computing for function large_uninit
+[from] Done for function large_uninit
+[from] Computing for function misc
+[from] Done for function misc
+[from] Computing for function no_zero_but_ok
+[from] Done for function no_zero_but_ok
+[from] Computing for function small_sets
+[from] Done for function small_sets
+[from] Computing for function small_sets_n
+[from] Done for function small_sets_n
+[from] Computing for function unbounded_n
+[from] Done for function unbounded_n
+[from] Computing for function zero_termination
+[from] Done for function zero_termination
+[from] Computing for function main
+[from] Done for function main
+[from] ====== DEPENDENCIES COMPUTED ======
+ These dependencies hold at termination for the executions that terminate:
+[from] Function Frama_C_interval:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM Frama_C_entropy_source; min; max
+[from] Function bitfields:
+ NO EFFECTS
+[from] Function bitfields2:
+ NO EFFECTS
+[from] Function escaping:
+ NO EFFECTS
+[from] Function init_array_nondet:
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ u[0..199] FROM val1; val2; nondet (and SELF)
+ r[0..200] FROM val1; val2; nondet (and SELF)
+ t[0..999999] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+ a[0..99] FROM val1; val2; nondet (and SELF)
+[from] Function big_array:
+ NO EFFECTS
+[from] Function initialization:
+ NO EFFECTS
+[from] Function intervals:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_n:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function large_uninit:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function misc:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function no_zero_but_ok:
+ NO EFFECTS
+[from] Function small_sets:
+ NO EFFECTS
+[from] Function small_sets_n:
+ NO EFFECTS
+[from] Function unbounded_n:
+ NO EFFECTS
+[from] Function zero_termination:
+ NO EFFECTS
+[from] Function main:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM \nothing
+[from] ====== END OF DEPENDENCIES ======
+[inout] Out (internal) for function bitfields:
+ s{{.a; .b}; .c}; p
+[inout] Inputs for function bitfields:
+ nondet
+[inout] Out (internal) for function bitfields2:
+ s{.a; .b; .c}; p; z1; tmp
+[inout] Inputs for function bitfields2:
+ \nothing
+[inout] Out (internal) for function escaping:
+ s[0..3]; z1; tmp; z2; tmp_0
+[inout] Inputs for function escaping:
+ nondet
+[inout] Out (internal) for function init_array_nondet:
+ from; to; val1; val2; val; tmp; a[0..99]; a[0..99]; u[0..199]; r[0..200];
+ t[0..999999]; a[0..99]; a[0..99]
+[inout] Inputs for function init_array_nondet:
+ nondet
+[inout] Out (internal) for function big_array:
+ u[0..199]; r[0..200]; t[0..999999]; p; len_u; len_r; len_t
+[inout] Inputs for function big_array:
+ nondet
+[inout] Out (internal) for function initialization:
+ empty_or_uninitialized[0]; z1; tmp; s[0..1]; z2; tmp_0; t[0..3]; z3; tmp_1
+[inout] Inputs for function initialization:
+ nondet
+[inout] Out (internal) for function intervals:
+ Frama_C_entropy_source; a[0..99]; offset; n; z1; tmp_1; z2; tmp_2;
+ z3; tmp_3; z4; tmp_4; z5; tmp_5; z6; tmp_6; z7; tmp_7; z8; tmp_8; z9;
+ tmp_9
+[inout] Inputs for function intervals:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function large:
+ Frama_C_entropy_source; a[0..99]; offset; z1; tmp_0; z2; tmp_1; z3;
+ tmp_2; z4; tmp_3; z5; tmp_4
+[inout] Inputs for function large:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function large_n:
+ Frama_C_entropy_source; a[0..99]; offset; n; z1; tmp_1; z2; tmp_2;
+ z3; tmp_3; z4; tmp_4; z5; tmp_5; z6; tmp_6; z7; tmp_7; z8; tmp_8; z9;
+ tmp_9
+[inout] Inputs for function large_n:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function large_uninit:
+ Frama_C_entropy_source; a[0..99]; offset; z1; tmp_0; z2; tmp_1; z3; tmp_2
+[inout] Inputs for function large_uninit:
+ Frama_C_entropy_source; nondet
+[inout] Out (internal) for function misc:
+ Frama_C_entropy_source; loc_str; loc_char_array[3]; sz1; sz2; sz3;
+ sz4; sz5; sz6; sz7; sz8; x; z; i; str; s1; tmp; s2; tmp_0; j;
+ maybe_init[0..1]
+[inout] Inputs for function misc:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111];
+ "Bonjour Monde\n"[bits 0 to 119]; "abc"; "ABCD"[bits 0 to 39];
+ "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39]; "mno\000pqr"[bits 0 to 63];
+ "MNOP\000QRS"[bits 0 to 71]
+[inout] Out (internal) for function no_zero_but_ok:
+ s[0..19]; z1; tmp; z2; tmp_0; p; tmp_1; z3; tmp_2; z4; tmp_3; z5; tmp_4
+[inout] Inputs for function no_zero_but_ok:
+ nondet
+[inout] Out (internal) for function small_sets:
+ s; o; tmp; z1; tmp_0; z2; tmp_1; z3; tmp_2; z4; tmp_3; t[0..3]; z5; tmp_4
+[inout] Inputs for function small_sets:
+ nondet; "abc"; "\000bc"; ""[bits 0 to 7]; "b\000c"
+[inout] Out (internal) for function small_sets_n:
+ s; p; tmp; n; tmp_0; z1; tmp_1; z2; tmp_2; z3a; tmp_3; z3; tmp_4; tmp_5;
+ z4; tmp_6
+[inout] Inputs for function small_sets_n:
+ nondet; "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]
+[inout] Out (internal) for function unbounded_n:
+ n; s; zu1; tmp; o; tmp_0; zu2; tmp_1; zu3; tmp_2
+[inout] Inputs for function unbounded_n:
+ nondet; "abc"; "bcd\000eg"[bits 0 to 55]
+[inout] Out (internal) for function zero_termination:
+ empty_or_non_terminated[0]; z1; tmp; non_terminated[0];
+ non_terminated2[0..3]; o; tmp_0
+[inout] Inputs for function zero_termination:
+ nondet
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source; __retres
+[inout] Inputs for function main:
+ Frama_C_entropy_source; static_str; zero_str; tab_str[0..11];
+ unterminated_string[0..11]; nondet; "Hello World\n"[bits 0 to 103];
+ "abc\000\000\000abc"[bits 0 to 79]; ""[bits 0 to 7]; "a"[bits 0 to 15];
+ "aa"[bits 0 to 23]; "aaa"; "aaaa"[bits 0 to 39]; "aaaaa"[bits 0 to 47];
+ "aaaaaa"[bits 0 to 55]; "aaaaaaaaa"[bits 0 to 79];
+ "aaaaaaaaaa"[bits 0 to 87]; "aaaaaaaaaaa"[bits 0 to 95];
+ "aaaaaaaaaaaa"[bits 0 to 103]; "aaaaaaaaaaaaa"[bits 0 to 111]; "abc";
+ "\000bc"; ""[bits 0 to 7]; "b\000c"; "Bonjour Monde\n"[bits 0 to 119];
+ "abc"; "ABCD"[bits 0 to 39]; "efg"[bits 8 to 31]; "EFGH"[bits 8 to 39];
+ "mno\000pqr"[bits 0 to 63]; "MNOP\000QRS"[bits 0 to 71];
+ "abcde"[bits 0 to 47]; "\000bcdef"[bits 0 to 55];
+ "bcd\000efg"[bits 0 to 63]; "abc"; "bcd\000eg"[bits 0 to 55]
diff --git a/tests/non-free/strchr.c b/tests/non-free/strchr.c
new file mode 100644
index 00000000000..b6c20a2d2e0
--- /dev/null
+++ b/tests/non-free/strchr.c
@@ -0,0 +1,469 @@
+#include "__fc_builtin.h"
+
+static volatile int nondet;
+#define assert_bottom(exp,id) if (nondet) { exp; Frama_C_show_each_unreachable_ ## id(); }
+#define strchr Frama_C_strchr
+//@ assigns \result \from ((char*)s)[0..], c;
+char *Frama_C_strchr(const char *s, int c);
+const char* static_str = "Hello World\n";
+const char* zero_str = "abc\0\0\0abc";
+#define TSZ 12
+
+// Definitions for C++ oracle checking
+typedef int Ival;
+typedef int RES;
+#define NONDET(a,b) (nondet ? (a) : (b))
+#define IF_NONDET(var,val) if (nondet) var = val
+#define RANGE(from,to) Frama_C_interval(from,to)
+#define CHAR_ARRAY(var,n) char var[n]
+#define CHAR_PTR(var) char *var
+#define STRING(var,str) var = str;
+
+const char* tab_str[TSZ] =
+ {
+ "" , // 0
+ "a", // 1
+ "aa" , // 2
+ "aaa" , // 3
+ "aaaa" , // 4
+ "aaaaa" , // 5
+ "aaaaaa" , // 6
+ /* hole */
+ "aaaaaaaaa" , // 9
+ "aaaaaaaaaa" ,
+ "aaaaaaaaaaa",
+ "aaaaaaaaaaaa" ,
+ "aaaaaaaaaaaaa" }; // 13
+
+char unterminated_string[12] = "unterminated";
+
+int my_strchr(const char *s, size_t offs, int c) {
+ char *ss = strchr(s+offs,c);
+ int res;
+ if (ss == 0) {
+ res = -1;
+ } else {
+ res = ss - s;
+ }
+ Frama_C_show_each_mystrchr(res);
+ return res;
+}
+
+int my_strchr2(const void *p, const void *base, size_t offs, int c) {
+ char *s = strchr(((const char *)p)+offs,c);
+ int res;
+ if (s == 0) {
+ res = -1;
+ } else {
+ res = s - base;
+ }
+ Frama_C_show_each_mystrchr2(res);
+ return res;
+}
+
+void small_sets(char c) {
+ CHAR_PTR(s);
+ STRING(s,"abc");
+ Ival o = NONDET(0, 1);
+ RES z1 = my_strchr(s, o, c);
+ //@ assert (z1 == 2 || z1 == 3);
+ STRING(s,"\0bc");
+ o = NONDET(0,1);
+ RES z2 = my_strchr(s, o, c);
+ Frama_C_show_each_z2(z2);
+ //@ assert (z2 == 0 || z2 == 2);
+ STRING(s,"");
+ RES z3 = my_strchr(s, 0, c);
+ //@ assert (z3 == 0);
+ STRING(s,"b\0c");
+ o = NONDET(0,2);
+ RES z4 = my_strchr(s, o, c);
+ //@ assert (z4 == 1);
+ CHAR_ARRAY(t, 4);
+ t[0] = t[1] = NONDET(0, 1);
+ t[2] = t[3] = 1;
+ RES z5 = my_strchr(t, 0, c); // warning
+ //@ assert z5 == -1 || z5 == 0 || z5 == 1;
+}
+
+void zero_termination(char c) {
+ CHAR_ARRAY(empty_or_non_terminated, 1);
+ empty_or_non_terminated[0] = NONDET(0, 100);
+ RES z1 = my_strchr(empty_or_non_terminated, 0, c); // alarm
+ //@ assert z1 == -1 || z1 == 0;
+
+ CHAR_ARRAY(non_terminated, 1);
+ non_terminated[0] = 'X';
+ assert_bottom(my_strchr(non_terminated, 0, c), non_terminated);
+
+ CHAR_ARRAY(non_terminated2, 4);
+ non_terminated2[0] = 76; non_terminated2[1] = 0;
+ non_terminated2[2] = 28; non_terminated2[3] = 14;
+ Ival o = NONDET(2, 3);
+ assert_bottom(my_strchr(non_terminated2, 2, c), non_terminated2);
+}
+
+void initialization(char c) {
+ char empty_or_uninitialized[1];
+ IF_NONDET(empty_or_uninitialized[0], 0);
+ RES z1 = my_strchr(empty_or_uninitialized, 0, c); // alarm
+ //@ assert (z1 == 0);
+
+ char uninitialized[1];
+ assert_bottom(my_strchr(uninitialized, 0, c),uninitialized);
+
+ CHAR_ARRAY(s, 2);
+ IF_NONDET(s[0], 1);
+ s[1] = 0;
+ RES z2 = my_strchr(s, 0, c); // alarm
+ //@ assert (z2 == 1);
+
+ CHAR_ARRAY(t,4);
+ t[0] = t[1] = 10;
+ IF_NONDET(t[2], 10);
+ t[3] = 0;
+ RES z3 = my_strchr(t, 0, c); // alarm
+ //@ assert (z3 == 3);
+}
+
+typedef struct {
+ int a:8;
+ int b:8;
+ int c:17;
+} st;
+
+void bitfields(char c) {
+ st s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ assert_bottom(Frama_C_strchr(p, c),bitfields);
+}
+
+typedef struct {
+ int a:4;
+ int b:4;
+ int c:17;
+} st2;
+
+void bitfields2(char c) {
+ st2 s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ RES z1 = my_strchr(p, 0, c);
+ //@assert (z1 == 2);
+}
+
+void init_array_nondet(char *a, int from, int to, int val1, int val2) {
+ int val = nondet ? val1 : val2;
+ Frama_C_memset(a + from, val, to-from+1);
+ from = to = val1 = val2 = -1; // reset to minimize oracle changes
+}
+
+void large(char c) {
+ CHAR_ARRAY(a, 100);
+ init_array_nondet(a, 0, 99, 1, 2);
+ a[20] = 0;
+ a[75] = 0;
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_strchr(a, offset, c);
+ //@ assert (z1 >= 0 && z1 <= 54);
+
+ offset = RANGE(5, 17);
+ RES z2 = my_strchr(a, offset, c);
+ //@ assert (z2 >= 3 && z2 <= 15);
+
+ offset = RANGE(60, 74);
+ RES z3 = my_strchr(a, offset, c);
+ //@ assert (z3 >= 1 && z3 <= 15);
+
+ offset = RANGE(63, 80);
+ RES z4 = my_strchr(a, offset, c);
+ //@ assert (z4 >= 0 && z4 <= 12);
+
+ init_array_nondet(a, 0, 99, 0, 2);
+ offset = RANGE(50, 70);
+ RES z5 = my_strchr(a, offset, c);
+ //@ assert (z5 >= -1 && z5 <= 49);
+}
+
+void large_uninit(char c) {
+ char a[100];
+ init_array_nondet(a, 0, 39, 1, 2);
+ init_array_nondet(a, 50, 94, 3, 4);
+ a[20] = 0;
+ a[75] = 0;
+
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_strchr(a, offset, c);
+ //@ assert (z1 >= 0 && z1 <= 17);
+
+ a[98] = 0;
+ offset = RANGE(63, 80);
+ RES z2 = my_strchr(a, offset, c);
+ //@ assert (z2 >= 0 && z2 <= 12);
+
+ offset = RANGE(45, 55);
+ RES z3 = my_strchr(a, offset, c);
+ //@ assert (z3 >= 20 && z3 <= 25);
+
+ offset = 0; // avoid oracle diffs when changed
+}
+
+void escaping(char c) {
+ CHAR_ARRAY(s,4);
+ {
+ int x;
+ *((int *)s) = &x;
+ }
+ IF_NONDET(s[0], 0);
+ RES z1 = my_strchr(s, 0, c); // alarm
+ //@ assert (z1 == 0);
+ s[0] = 0;
+ RES z2 = my_strchr(s, 0, c); // no alarm
+ //@ assert (z2 == 0);
+}
+
+void misc(char c) {
+ const char* loc_str = "Bonjour Monde\n";
+ char loc_char_array[5];
+ RES sz1,sz2,sz3,sz4,sz5,sz6,sz7,sz8;
+ int x = 0xabcdef00;
+ RES z = 0x12345600;
+ int i;
+ char *str;
+
+ assert_bottom(Frama_C_strchr(unterminated_string, c),unterminated_string);
+
+ str = nondet ? static_str : loc_str;
+ sz1 = my_strchr(str, 0, c);
+ //@ assert(sz1 == 12 || sz1 == 14);
+ str = &x;
+ char *base = str;
+ str = nondet ? str : str + 3;
+ sz2 = my_strchr2(str, base, 0, c);
+ //@ assert(sz2 == 0) ; // no, could also do an RTE
+ i = Frama_C_interval(0,TSZ-1);
+ str = tab_str[i];
+ sz3 = my_strchr(str, 0, c);
+ //@ assert(sz3 >= 0 && sz3 <= 13);
+ loc_char_array[3] = '\0';
+ assert_bottom(my_strchr(loc_char_array, 0, c),loc_char_array);
+ sz4 = my_strchr(zero_str, 0, c);
+ //@ assert(sz4 == 3);
+ char *s1 = nondet ? "abc" : "ABCD";
+ char *s2 = nondet ? s1 : s1+1;
+ sz5 = my_strchr2(s2, s1, 0, c);
+ //@ assert(sz5 >= 2 && sz5 <= 4);
+
+ s1 = nondet ? "efg" : "EFGH";
+ s2 = nondet ? s1+1 : s1+2;
+ sz6 = my_strchr2(s2, s1, 0, c);
+ //@ assert(sz6 >= 1 && sz6 <= 3);
+
+ s1 = nondet ? "mno\0pqr" : "MNOP\0QRS";
+ for (int j = 0; j < 8; j++) {
+ sz7 = my_strchr(s1, j, c);
+ //@ assert(sz7 >= 0 && sz7 <= 4);
+ }
+
+ char maybe_init[2];
+ maybe_init[1] = '\0';
+ IF_NONDET(maybe_init[0], 'A');
+ sz8 = my_strchr(maybe_init, 0, c);
+ //@ assert(sz8 == 1);
+}
+
+void big_array (char c) {
+ int u[200];
+ int r[201];
+ int t[1000000];
+ int *p;
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+ p = &t[nondet];
+ *p = 0x10230067;
+
+ unsigned long len_u;
+ unsigned long len_r;
+ unsigned long len_t;
+
+ // without initialization, most accesses are invalid, so the result is precise
+ len_u = my_strchr(u, 0, c); // below plevel; precise
+ len_r = my_strchr(r, 0, c); // above plevel; imprecise
+ len_t = my_strchr(t, 0, c); // *far* above plevel
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u == 1;
+ //@ assert len_r == 1;
+ //@ assert len_t == 1;
+
+ len_u = my_strchr(u, nondet, c); // should be precise
+ len_r = my_strchr(r, nondet, c);
+ len_t = my_strchr(t, nondet, c);
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u >= 0 && len_u <= 3;
+ //@ assert len_r >= 0 && len_r <= 800;
+ //@ assert len_t >= 0 && len_t <= 3999996;
+
+ init_array_nondet(u, 0, sizeof(int)*200-1, 0, 1);
+ init_array_nondet(r, 0, sizeof(int)*201-1, 0, 1);
+ init_array_nondet(t, 0, sizeof(int)*1000000-1, 0, 1);
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+ p = &t[nondet];
+ *p = 0x10230067;
+ len_u = my_strchr(u, 0, c); // below plevel; precise
+ len_r = my_strchr(r, 0, c); // above plevel; imprecise
+ len_t = my_strchr(t, 0, c); // *far* above plevel
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u >= 0 && len_u <= 799;
+ //@ assert len_r >= 0 && len_r <= 803;
+ //@ assert len_t >= 0 && len_t <= 3999999;
+
+ len_u = my_strchr(u, nondet, c); // should be precise
+ len_r = my_strchr(r, nondet, c);
+ len_t = my_strchr(t, nondet, c);
+ Frama_C_show_each(len_u, len_r, len_t);
+ //@ assert len_u >= 0 && len_u <= 799;
+ //@ assert len_r >= 0 && len_r <= 803;
+ //@ assert len_t >= 0 && len_t <= 3999999;
+}
+
+void no_zero_but_ok(char c) {
+ CHAR_ARRAY(s,20);
+ s[0] = s[1] = s[2] = s[3] = s[4] = s[5] = s[6] = s[7] = s[8] = s[9] = 1;
+ s[10] = 0;
+ s[11] = s[12] = s[13] = 1;
+ s[14] = s[15] = s[16] = s[17] = s[18] = s[19] = NONDET(1, 0);
+ RES z1 = my_strchr(s, 0, c);
+ //@assert z1 == 10;
+ RES z2 = my_strchr(s, 0, c);
+ //@assert z2 == 10;
+ Ival offs = nondet ? 1 : 8;
+ RES z3 = my_strchr(s, offs, c);
+ //@assert z3 == 2 || z3 == 9;
+ offs = nondet ? 7 : 11;
+ RES z4 = my_strchr(s, offs, c);
+ //@assert z4 == -1 || (3 <= z4 && z4 <= 8);
+ offs = nondet ? 7 : 18;
+ RES z5 = my_strchr(s, offs, c); // maybe_indet = true
+ //@assert z5 == -1 || z5 == 0 || z5 == 1 || z5 == 3;
+}
+
+void small_sets_no_assertions(char c, RES *res) {
+ CHAR_PTR(s);
+ STRING(s,"abc");
+ Ival o = NONDET(0, 1);
+ res[0] = my_strchr(s, o, c);
+ STRING(s,"\0bc");
+ o = NONDET(0,1);
+ res[1] = my_strchr(s, o, c);
+ STRING(s,"");
+ res[2] = my_strchr(s, 0, c);
+ STRING(s,"b\0c");
+ o = NONDET(0,2);
+ res[3] = my_strchr(s, o, c);
+ CHAR_ARRAY(t, 4);
+ t[0] = t[1] = NONDET(c, 1);
+ t[2] = t[3] = 1;
+ res[4] = my_strchr(t, 0, c);
+}
+
+void small_sets_chars() {
+ char c = 'a';
+ RES res[5]; Frama_C_show_each_small_sets_chars();
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_c(c);
+ //@ assert res[0] == -1 || res[0] == 0; // no alarm
+ //@ assert res[1] == -1; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1; // no alarm
+ //@ assert res[4] == 0 || res[4] == 1; // alarm
+ c = 'b';
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_c(c);
+ //@ assert res[0] == 0 || res[0] == 1; // no alarm
+ //@ assert res[1] == -1 || res[1] == 0; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0; // no alarm
+ //@ assert res[4] == 0 || res[4] == 1; // alarm
+
+ c = nondet ? 'a' : 'b'; // c IN {'a'; 'b'}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_c(c);
+ //@ assert res[0] == -1 || res[0] == 0 || res[0] == 1; // no alarm
+ //@ assert res[1] == -1 || res[1] == 0; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0; // no alarm
+ //@ assert res[4] == 0 || res[4] == 1; // alarm
+
+ c = nondet ? 'b' : 'c'; // c IN {'b'; 'c'}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_c(c);
+ //@ assert -1 <= res[0] <= 2; // no alarm (-1 due to imprecision)
+ //@ assert -1 <= res[1] <= 1; // no alarm
+ //@ assert res[2] == -1; // no alarm
+ //@ assert res[3] == -1 || res[3] == 0; // no alarm
+ //@ assert res[4] == 0 || res[4] == 1; // no alarm
+
+ if (nondet) c = 0; // c IN {0; 'b'; 'c'}
+ small_sets_no_assertions(c, res);
+ Frama_C_show_each_c(c);
+ //@ assert -1 <= res[0] <= 3; // no alarm (-1 due to imprecision)
+ //@ assert -1 <= res[1] <= 2; // no alarm
+ //@ assert res[2] == -1 || res[2] == 0; // no alarm
+ //@ assert -1 <= res[3] <= 1; // no alarm
+ //@ assert res[4] == -1 || res[4] == 0 || res[4] == 1; // alarm
+}
+
+void unbounded() {
+ char c = nondet;
+ CHAR_PTR(s);
+ STRING(s,"abcd");
+ RES u1 = my_strchr(s, 0, c);
+ //@ assert -1 <= u1 <= 4; // no alarm
+ STRING(s,"ABCDEFGHIJKLMNOPQRSTUVWXYZ");
+ CHAR_ARRAY(t,30); // uninitialized
+ IF_NONDET(s, t);
+ RES u2 = my_strchr(s, 0, c);
+ //@ assert -1 <= u2 <= 26; // alarm
+ init_array_nondet(t, 0, 29, 0, 1);
+ RES u3 = my_strchr(s, 0, c);
+ //@ assert -1 <= u3 <= 29; // alarm
+ Ival offset = RANGE(0, nondet);
+ RES u4 = my_strchr(s, offset, c);
+ //@ assert -1 <= u4 <= 29; // alarm
+}
+
+void invalid() {
+ CHAR_PTR(s);
+ STRING(s,"hello");
+ my_strchr(s, &s, 1);
+}
+
+int main () {
+ char c = 0;
+ small_sets(c);
+ zero_termination(c);
+ initialization(c);
+ large(c);
+ large_uninit(c);
+ misc(c);
+ bitfields(c);
+ bitfields2(c);
+ escaping(c);
+ big_array(c);
+ no_zero_but_ok(c);
+ small_sets_chars();
+ unbounded();
+ invalid();
+
+ return 0;
+}
diff --git a/tests/non-free/strcmp.c b/tests/non-free/strcmp.c
deleted file mode 100644
index 3b8c7ed48c5..00000000000
--- a/tests/non-free/strcmp.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* run.config
- OPT: -val -journal-disable -val-builtin printf:Frama_C_printf -val-builtin strcmp:Frama_C_strcmp -val-builtin strncmp:Frama_C_strncmp
-*/
-
-/*@ assigns \result \from s1[0..], s2[0..]; */
-int strcmp(const char *s1, const char *s2);
-
-/*@ assigns \result \from s1[0..], s2[0..], n; */
-int strncmp(const char *s1, const char *s2, unsigned long n);
-
-/*@ assigns \nothing; */
-int printf(const char *fmt, ...);
-
-
-char *toto0 = "toto";
-char *abc0 = "abc";
-char *abd0 = "abd";
-char *a0 = "a";
-char abc[3] = "abc";
-
-char string_with_addr[] = "qwertyuioop";
-char string[] = "qwertyuioop";
-
-char commonv[] = "common variation";
-char commonf[] = "common fugue";
-
-volatile int u;
-
-char tmp[2];
-
-int t;
-
-void expect(int a)
-{
- printf("expect %d: %d\n", a, t);
-}
-
-int main() {
- int r1a, r2a, r3a, r4a;
- t = strcmp(toto0, toto0);
- expect(0);
- t = strcmp(abd0, abc0);
- expect(1);
-
- t = strcmp(abc0, a0);
- expect(1);
- t = strcmp(a0, abc0);
- expect(-1);
- t = strcmp("bbc", abc0);
- expect(1);
- t = strcmp(abc0, "bbc");
- expect(-1);
- t = strcmp(abc0, abd0);
- expect(-1);
-
- t = strcmp(commonf, commonv);
- expect(-1);
-
- printf("strncmp:\n");
- t = strncmp(abd0, abc0, 0);
- expect(0);
- t = strncmp(abd0, abc0, 1);
- expect(0);
- t = strncmp(abd0, abc0, 2);
- expect(0);
- t = strncmp(abd0, abc0, 3);
- expect(1);
- t = strncmp(abd0, abc0, 4);
- expect(1);
-
- t = strncmp(a0, abc0, 0);
- expect(0);
- t = strncmp(a0, abc0, 1);
- expect(0);
- t = strncmp(a0, "b", 0);
- expect(0);
- t = strncmp(a0, "b", 1);
- expect(-1);
-
- printf("char signedness tricks:\n");
- t = strcmp(a0, "\300");
- expect(-1);
-
- tmp[0] = 192;
- t = strcmp(a0, tmp);
- expect(-1);
-
- *(unsigned char *)tmp = 192;
- t = strcmp(a0, tmp);
- expect(-1);
-
- printf("END OF DETERMINISTIC TESTS\n");
-
- int rn1 = strncmp(abd0, abc0, 1 + !u);
- int rn2 = strncmp(abd0, abc0, 2 + !u);
- int rn3 = strncmp(abd0, abc0, 3 + !u);
-
- char *p1 = u ? abd0 : "abb";
- int r1_1m1 = strcmp(abc0, p1);
- int r2_1m1 = strcmp(p1, abc0);
-
- int r3_1m1, r4_m1;
- if (u)
- {
- if (u) commonv[5] = 0;
- r3_1m1 = strcmp(commonf, commonv);
- }
- else
- {
- if (u) commonf[5] = 0;
- r4_m1 = strcmp(commonf, commonv);
- }
- int r5_10m1 = strcmp(commonf, commonv);
-
- /* Alarms */
- if (u)
- r1a = strcmp(abc0, abc);
- if (u)
- r2a = strcmp(a0, abc);
- *(void**)(string_with_addr+4) = &r1a;
- if (u)
- r3a = strcmp(string, string_with_addr);
- if (u) *(void**)(string_with_addr+4) = 0;
- if (u)
- r4a = strcmp(string, string_with_addr);
-}
-
diff --git a/tests/non-free/strlen.c b/tests/non-free/strlen.c
index 6f39764839f..9663038c670 100644
--- a/tests/non-free/strlen.c
+++ b/tests/non-free/strlen.c
@@ -1,8 +1,10 @@
-/* run.config
- STDOPT:
-*/
#include "__fc_builtin.h"
+static volatile int nondet;
+#define assert_bottom(exp) if (nondet) { exp; Frama_C_show_each_unreachable(); }
+
+#define strlen Frama_C_strlen
+
//@ assigns \result \from p[0..];
size_t Frama_C_strlen(const char *p);
@@ -28,26 +30,193 @@ const char* tab_str[TSZ] =
char unterminated_string[12] = "unterminated";
-int main (int c) {
+void small_sets() {
+ char *s = "abc";
+ char *p = nondet ? s : (s+1);
+ int z1 = strlen(p);
+ //@ assert (z1 == 2 || z1 == 3);
+
+ s = "\0bc";
+ p = nondet ? s : (s+1);
+ int z2 = strlen(p);
+ //@ assert (z2 == 0 || z2 == 2);
+
+ s = "";
+ p = s;
+ int z3 = strlen(p);
+ //@ assert (z3 == 0);
+
+ s = "b\0c";
+ p = nondet ? s : (s+2);
+ int z4 = strlen(p);
+ //@ assert (z4 == 1);
+
+ char t[4];
+ t[0] = t[1] = nondet ? 0 : 1;
+ t[2] = t[3] = 1;
+ int z5 = Frama_C_strlen(t); // warning
+ //@ assert z5 == 0 || z5 == 1;
+
+}
+
+void zero_termination() {
+ char empty_or_non_terminated[1];
+ empty_or_non_terminated[0] = nondet ? 0 : 100;
+ int z1 = strlen(empty_or_non_terminated);
+ //@ assert (z1 == 0);
+
+ char non_terminated[1] = {'X'};
+ assert_bottom(strlen(non_terminated));
+
+ char non_terminated2[4] = { 76, 0, 28, 14 };
+ char *p = nondet ? ((char *)&non_terminated2) + 2 : ((char *)&non_terminated2) + 3;
+ assert_bottom(strlen(p));
+
+}
+
+void initialization() {
+ char empty_or_uninitialized[1];
+ if (nondet) empty_or_uninitialized[0] = 0;
+ int z1 = strlen(empty_or_uninitialized);
+ //@ assert (z1 == 0);
+
+ char uninitialized[1];
+ assert_bottom(strlen(uninitialized));
+
+ char s[2];
+ if (nondet) s[0] = 1;
+ s[1] = 0;
+ char *p = s;
+ int z2 = strlen(p);
+ //@ assert (z2 == 1);
+
+ char t[4];
+ t[0] = t[1] = 10;
+ if (nondet) t[2] = 10;
+ t[3] = 0;
+ p = t;
+ int z3 = strlen(p);
+ //@ assert (z3 == 3);
+}
+
+typedef struct {
+ int a:8;
+ int b:8;
+ int c:17;
+} st;
+
+void bitfields() {
+ st s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ assert_bottom(Frama_C_strlen(p));
+}
+
+typedef struct {
+ int a:4;
+ int b:4;
+ int c:17;
+} st2;
+
+void bitfields2() {
+ st2 s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ int z1 = Frama_C_strlen(p);
+ //@assert (z1 == 2);
+}
+
+void init_array_nondet(char *a, int size, int val1, int val2) {
+ int val = nondet ? val1 : val2;
+ Frama_C_memset(a, val, size);
+ size = val1 = val2 = -1; // reset to minimize oracle changes
+}
+
+void large() {
+ char a[100];
+ init_array_nondet(a, 100, 1, 2);
+ a[20] = 0;
+ a[75] = 0;
+ int offset = Frama_C_interval(3, 30);
+ int z1 = strlen(a + offset);
+ //@ assert (z1 >= 0 && z1 <= 54);
+
+ offset = Frama_C_interval(5, 17);
+ int z2 = strlen(a + offset);
+ //@ assert (z2 >= 3 && z2 <= 15);
+
+ offset = Frama_C_interval(60, 74);
+ int z3 = strlen(a + offset);
+ //@ assert (z3 >= 1 && z3 <= 15);
+
+ offset = Frama_C_interval(63, 80);
+ int z4 = strlen(a + offset);
+ //@ assert (z4 >= 0 && z4 <= 12);
+
+ init_array_nondet(a, 100, 0, 2);
+ offset = Frama_C_interval(50, 70);
+ int z5 = strlen(a + offset);
+ //@ assert (z5 >= 0 && z5 <= 49);
+
+}
+
+void large_uninit() {
+ char a[100];
+ init_array_nondet(a, 40, 1, 2);
+ init_array_nondet(a+50, 45, 3, 4);
+ a[20] = 0;
+ a[75] = 0;
+
+ int offset = Frama_C_interval(3, 30);
+ int z1 = strlen(a + offset);
+ //@ assert (z1 >= 0 && z1 <= 17);
+
+ a[98] = 0;
+ offset = Frama_C_interval(63, 80);
+ int z2 = strlen(a + offset);
+ //@ assert (z2 >= 0 && z2 <= 12);
+
+ offset = Frama_C_interval(45, 55);
+ int z3 = strlen(a + offset);
+ //@ assert (z3 >= 20 && z3 <= 25);
+
+ offset = 0; // avoid oracle diffs when changed
+}
+
+void escaping() {
+ char s[4];
+ {
+ int x;
+ *((int *)s) = &x;
+ }
+ if (nondet) s[0] = 0;
+ int z1 = strlen(s); // alarm
+ //@ assert (z1 == 0);
+ s[0] = 0;
+ int z2 = strlen(s); // no alarm
+ //@ assert (z2 == 0);
+}
+
+void misc() {
const char* loc_str = "Bonjour Monde\n";
char loc_char_array[5];
- size_t sz1,sz2,sz3,sz4,sz5, szu;
+ size_t sz1,sz2,sz3,sz4,sz5,sz6,sz7,sz8;
int x = 0xabcdef00;
int z = 0x12345600;
int i;
char *str;
- if (c & 1)
- {
- szu = Frama_C_strlen(unterminated_string);
- Frama_C_dump_each();
- }
+ assert_bottom(Frama_C_strlen(unterminated_string));
- str = Frama_C_nondet(0,1) ? static_str : loc_str;
+ str = nondet ? static_str : loc_str;
sz1 = Frama_C_strlen(str);
//@ assert(sz1 == 12) || (sz1 == 14);
str = &x;
- str = Frama_C_nondet(0,1) ? str : str + 3;
+ str = nondet ? str : str + 3;
sz2 = Frama_C_strlen(str);
//@ assert(sz2 == 0) ; // no, could also do an RTE
i = Frama_C_interval(0,TSZ-1);
@@ -55,9 +224,70 @@ int main (int c) {
sz3 = Frama_C_strlen(str);
//@ assert (sz3 >= 0) && (sz3 <= 13);
loc_char_array[3] = '\0';
- sz4 = Frama_C_strlen(loc_char_array);
- //@ assert (sz4 >=0) && (sz4 <=3);
- sz5 = Frama_C_strlen(zero_str);
- //@ assert(sz5 == 3);
+ assert_bottom(Frama_C_strlen(loc_char_array));
+ sz4 = Frama_C_strlen(zero_str);
+ //@ assert(sz4 == 3);
+ char *s1 = nondet ? "abc" : "ABCD";
+ char *s2 = nondet ? s1 : s1+1;
+ sz5 = Frama_C_strlen(s2);
+ //@ assert(sz5 >= 2 && sz5 <= 4);
+
+ s1 = nondet ? "efg" : "EFGH";
+ s2 = nondet ? s1+1 : s1+2;
+ sz6 = Frama_C_strlen(s2);
+ //@ assert(sz6 >= 1 && sz6 <= 3);
+
+ s1 = nondet ? "mno\0pqr" : "MNOP\0QRS";
+ for (int j = 0; j < 8; j++) {
+ sz7 = Frama_C_strlen(s1 + j);
+ //@ assert(sz7 >= 0 && sz7 <= 4);
+ }
+
+ char maybe_init[2];
+ maybe_init[1] = '\0';
+ if (nondet) maybe_init[0] = 'A';
+ sz8 = Frama_C_strlen(maybe_init);
+ //@ assert(sz8 == 1);
+}
+
+void big_array () {
+ int t[1000000];
+ int u[200];
+ int r[201];
+ int *p;
+ p = &t[nondet];
+ *p = 0x10230067;
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+
+ unsigned long len_u;
+ unsigned long len_r;
+ unsigned long len_t;
+
+ len_u = strlen(u); // below plevel; precise
+ len_r = strlen(r); // above plevel; imprecise
+ len_t = strlen(t); // *far* above plevel
+ Frama_C_show_each(len_u, len_r, len_t);
+
+ len_u = strlen(u+nondet); // should be precise
+ len_r = strlen(r+nondet);
+ len_t = strlen(t+nondet);
+ Frama_C_show_each(len_u, len_r, len_t);
+}
+
+int main (int c) {
+ small_sets();
+ zero_termination();
+ initialization();
+ large();
+ large_uninit();
+ misc();
+ bitfields();
+ bitfields2();
+ escaping();
+ big_array();
+
return 0;
}
diff --git a/tests/non-free/strnlen2.c b/tests/non-free/strnlen2.c
new file mode 100644
index 00000000000..375dcf63561
--- /dev/null
+++ b/tests/non-free/strnlen2.c
@@ -0,0 +1,508 @@
+#include "__fc_builtin.h"
+
+static volatile int nondet;
+#define assert_bottom(exp,id) if (nondet) { exp; Frama_C_show_each_unreachable_ ## id(); }
+#define strnlen Frama_C_strnlen
+//@ assigns \result \from p[0..];
+size_t Frama_C_strnlen(const char *p, size_t maxlen);
+const char* static_str = "Hello World\n";
+const char* zero_str = "abc\0\0\0abc";
+#define TSZ 12
+
+// Definitions for C++ oracle checking
+typedef int Ival;
+ typedef int RES;
+#define NONDET(a,b) (nondet ? (a) : (b))
+#define IF_NONDET(var,val) if (nondet) var = val
+#define RANGE(from,to) Frama_C_interval(from,to)
+#define my_strnlen(base,offs,n) strnlen(base+offs,n)
+#define CHAR_ARRAY(var,n) char var[n]
+#define CHAR_PTR(var) char *var
+#define STRING(var,str) var = str;
+
+const char* tab_str[TSZ] =
+ {
+ "" , // 0
+ "a", // 1
+ "aa" , // 2
+ "aaa" , // 3
+ "aaaa" , // 4
+ "aaaaa" , // 5
+ "aaaaaa" , // 6
+ /* hole */
+ "aaaaaaaaa" , // 9
+ "aaaaaaaaaa" ,
+ "aaaaaaaaaaa",
+ "aaaaaaaaaaaa" ,
+ "aaaaaaaaaaaaa" }; // 13
+
+char unterminated_string[12] = "unterminated";
+
+void small_sets() {
+ CHAR_PTR(s);
+ STRING(s,"abc");
+ Ival o = NONDET(0, 1);
+ RES z1 = my_strnlen(s, o, 3);
+ //@ assert (z1 == 2 || z1 == 3);
+ STRING(s,"\0bc");
+ o = NONDET(0,1);
+ RES z2 = my_strnlen(s, o, 2);
+ //@ assert (z2 == 0 || z2 == 2);
+ STRING(s,"");
+ RES z3 = my_strnlen(s, 0, 0);
+ //@ assert (z3 == 0);
+ STRING(s,"b\0c");
+ o = NONDET(0,2);
+ RES z4 = my_strnlen(s, o, 2);
+ //@ assert (z4 == 1);
+ CHAR_ARRAY(t, 4);
+ t[0] = t[1] = NONDET(0, 1);
+ t[2] = t[3] = 1;
+ RES z5 = my_strnlen(t, 0, 4); // no warning
+ //@ assert z5 == 0 || z5 == 1 || z5 == 4;
+}
+
+void zero_termination() {
+ CHAR_ARRAY(empty_or_non_terminated, 1);
+ empty_or_non_terminated[0] = NONDET(0, 100);
+ RES z1 = my_strnlen(empty_or_non_terminated, 0, 1);
+ //@ assert z1 == 0 || z1 == 1;
+
+ CHAR_ARRAY(non_terminated, 1);
+ non_terminated[0] = 'X';
+ assert_bottom(my_strnlen(non_terminated, 0, 2), non_terminated);
+
+ CHAR_ARRAY(non_terminated2, 4);
+ non_terminated2[0] = 76; non_terminated2[1] = 0;
+ non_terminated2[2] = 28; non_terminated2[3] = 14;
+ Ival o = NONDET(2, 3);
+ assert_bottom(my_strnlen(non_terminated2, o, 4), non_terminated2);
+}
+
+void initialization() {
+ char empty_or_uninitialized[1];
+ IF_NONDET(empty_or_uninitialized[0], 0);
+ RES z1 = strnlen(empty_or_uninitialized, 1);
+ //@ assert (z1 == 0);
+
+ char uninitialized[1];
+ assert_bottom(strnlen(uninitialized, 1),uninitialized);
+
+ CHAR_ARRAY(s, 2);
+ IF_NONDET(s[0], 1);
+ s[1] = 0;
+ RES z2 = strnlen(s, 2);
+ //@ assert (z2 == 1);
+
+ CHAR_ARRAY(t,4);
+ t[0] = t[1] = 10;
+ IF_NONDET(t[2], 10);
+ t[3] = 0;
+ RES z3 = strnlen(t, 4);
+ //@ assert (z3 == 3);
+}
+
+typedef struct {
+ int a:8;
+ int b:8;
+ int c:17;
+} st;
+
+void bitfields() {
+ st s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ assert_bottom(Frama_C_strnlen(p, 3),bitfields);
+}
+
+typedef struct {
+ int a:4;
+ int b:4;
+ int c:17;
+} st2;
+
+void bitfields2() {
+ st2 s;
+ s.a = 3;
+ s.b = 1;
+ s.c = 7;
+ char *p = &s;
+ RES z1 = Frama_C_strnlen(p, 3);
+ //@assert (z1 == 2);
+}
+
+void init_array_nondet(char *a, int from, int to, int val1, int val2) {
+ int val = nondet ? val1 : val2;
+ Frama_C_memset(a + from, val, to-from+1);
+ from = to = val1 = val2 = -1; // reset to minimize oracle changes
+}
+
+void large() {
+ char a[100];
+ init_array_nondet(a, 0, 99, 1, 2);
+ a[20] = 0;
+ a[75] = 0;
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_strnlen(a, offset, 100);
+ //@ assert (z1 >= 0 && z1 <= 54);
+
+ offset = RANGE(5, 17);
+ RES z2 = my_strnlen(a, offset, 100);
+ //@ assert (z2 >= 3 && z2 <= 15);
+
+ offset = RANGE(60, 74);
+ RES z3 = my_strnlen(a, offset, 100);
+ //@ assert (z3 >= 1 && z3 <= 15);
+
+ offset = RANGE(63, 80);
+ RES z4 = my_strnlen(a, offset, 100);
+ //@ assert (z4 >= 0 && z4 <= 12);
+
+ init_array_nondet(a, 0, 99, 0, 2);
+ offset = RANGE(50, 70);
+ RES z5 = my_strnlen(a, offset, 100);
+ //@ assert (z5 >= 0 && z5 <= 49);
+}
+
+void large_uninit() {
+ char a[100];
+ init_array_nondet(a, 0, 39, 1, 2);
+ init_array_nondet(a, 50, 94, 3, 4);
+ a[20] = 0;
+ a[75] = 0;
+
+ Ival offset = RANGE(3, 30);
+ RES z1 = my_strnlen(a, offset, 100);
+ //@ assert (z1 >= 0 && z1 <= 17);
+
+ a[98] = 0;
+ offset = RANGE(63, 80);
+ RES z2 = my_strnlen(a, offset, 100);
+ //@ assert (z2 >= 0 && z2 <= 12);
+
+ offset = RANGE(45, 55);
+ RES z3 = my_strnlen(a, offset, 100);
+ //@ assert (z3 >= 20 && z3 <= 25);
+
+ offset = 0; // avoid oracle diffs when changed
+}
+
+void escaping() {
+ CHAR_ARRAY(s,4);
+ {
+ int x;
+ *((int *)s) = &x;
+ }
+ IF_NONDET(s[0], 0);
+ RES z1 = strnlen(s, 4); // alarm
+ //@ assert (z1 == 0);
+ s[0] = 0;
+ RES z2 = strnlen(s, 4); // no alarm
+ //@ assert (z2 == 0);
+}
+
+void misc() {
+ const char* loc_str = "Bonjour Monde\n";
+ char loc_char_array[5];
+ size_t sz1,sz2,sz3,sz4,sz5,sz6,sz7,sz8;
+ int x = 0xabcdef00;
+ RES z = 0x12345600;
+ int i;
+ char *str;
+
+ assert_bottom(Frama_C_strnlen(unterminated_string, 13),unterminated_string);
+
+ str = nondet ? static_str : loc_str;
+ sz1 = Frama_C_strnlen(str, 14);
+ //@ assert(sz1 == 12) || (sz1 == 14);
+ str = &x;
+ str = nondet ? str : str + 3;
+ sz2 = Frama_C_strnlen(str, 12);
+ //@ assert(sz2 == 0) ; // no, could also do an RTE
+ i = Frama_C_interval(0,TSZ-1);
+ str = tab_str[i];
+ sz3 = Frama_C_strnlen(str, 13);
+ //@ assert (sz3 >= 0) && (sz3 <= 13);
+ loc_char_array[3] = '\0';
+ assert_bottom(Frama_C_strnlen(loc_char_array, 5),loc_char_array);
+ sz4 = Frama_C_strnlen(zero_str, 9);
+ //@ assert(sz4 == 3);
+ char *s1 = nondet ? "abc" : "ABCD";
+ char *s2 = nondet ? s1 : s1+1;
+ sz5 = Frama_C_strnlen(s2, 5);
+ //@ assert(sz5 >= 2 && sz5 <= 4);
+
+ s1 = nondet ? "efg" : "EFGH";
+ s2 = nondet ? s1+1 : s1+2;
+ sz6 = Frama_C_strnlen(s2, 5);
+ //@ assert(sz6 >= 1 && sz6 <= 3);
+
+ s1 = nondet ? "mno\0pqr" : "MNOP\0QRS";
+ for (int j = 0; j < 8; j++) {
+ sz7 = Frama_C_strnlen(s1 + j, 10);
+ //@ assert(sz7 >= 0 && sz7 <= 4);
+ }
+
+ char maybe_init[2];
+ maybe_init[1] = '\0';
+ IF_NONDET(maybe_init[0], 'A');
+ sz8 = Frama_C_strnlen(maybe_init, 2);
+ //@ assert(sz8 == 1);
+}
+
+void big_array () {
+ int u[200];
+ int r[201];
+ int t[1000000];
+ int *p;
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+ p = &t[nondet];
+ *p = 0x10230067;
+
+ unsigned long len_u;
+ unsigned long len_r;
+ unsigned long len_t;
+
+ // without initialization, most accesses are invalid, so the result is precise
+ len_u = strnlen(u, 800); // below plevel; precise
+ len_r = strnlen(r, 804); // above plevel; imprecise
+ len_t = strnlen(t, 4000000); // *far* above plevel
+ //@ assert len_u == 1;
+ //@ assert len_r == 1;
+ //@ assert len_t == 1;
+ Frama_C_show_each(len_u, len_r, len_t);
+
+ // less precise results here, but uninitialized values at the end of the
+ // arrays ensure a slightly better result than afterwards
+ len_u = strnlen(u+nondet,801); // should be precise
+ len_r = strnlen(r+nondet,805);
+ len_t = strnlen(t+nondet,4000001);
+ //@ assert len_u >= 0 && len_u <= 3;
+ //@ assert len_r >= 0 && len_r <= 800;
+ //@ assert len_t >= 0 && len_t <= 3999996;
+ Frama_C_show_each(len_u, len_r, len_t);
+
+ // initialization leads to less precise results
+ init_array_nondet(u, 0, sizeof(u)-1, 0, 1);
+ init_array_nondet(r, 0, sizeof(r)-1, 0, 1);
+ init_array_nondet(t, 0, sizeof(t)-1, 0, 1);
+ p = &u[nondet];
+ *p = 0x10230067;
+ p = &r[nondet];
+ *p = 0x10230067;
+ p = &t[nondet];
+ *p = 0x10230067;
+ len_u = strnlen(u, 800); // below plevel; precise
+ len_r = strnlen(r, 804); // above plevel; imprecise
+ len_t = strnlen(t, 4000000); // *far* above plevel
+ //@ assert len_u >= 0 && len_u <= 800;
+ //@ assert len_r >= 0 && len_r <= 804;
+ //@ assert len_t >= 0 && len_t <= 4000000;
+ Frama_C_show_each(len_u, len_r, len_t);
+
+ len_u = strnlen(u+nondet,801); // should be precise
+ len_r = strnlen(r+nondet,805);
+ len_t = strnlen(t+nondet,4000001);
+ //@ assert len_u >= 0 && len_u <= 799;
+ //@ assert len_r >= 0 && len_r <= 803;
+ //@ assert len_t >= 0 && len_t <= 3999999;
+ Frama_C_show_each(len_u, len_r, len_t);
+
+
+}
+
+void no_zero_but_ok() {
+ CHAR_ARRAY(s,20);
+ s[0] = s[1] = s[2] = s[3] = s[4] = s[5] = s[6] = s[7] = s[8] = s[9] = 1;
+ s[10] = 0;
+ s[11] = s[12] = s[13] = 1;
+ s[14] = s[15] = s[16] = s[17] = s[18] = s[19] = nondet ? 1 : 0;
+ RES z1 = strnlen(s, 5);
+ //@assert z1 == 5;
+ RES z2 = strnlen(s, 10);
+ //@assert z2 == 10;
+ char *p = nondet ? s+1 : s+8;
+ RES z3 = strnlen(p, 10);
+ //@assert z3 == 2 || z3 == 9;
+ p = nondet ? s+7 : s+11;
+ RES z4 = strnlen(p,4);
+ //@assert z4 == 3 || z4 == 4;
+ p = nondet ? s+7 : s+18;
+ RES z5 = strnlen(p,4); // maybe_indet = true
+ //@assert z5 == 0 || z5 == 1 || z5 == 3;
+}
+
+void small_sets_n() {
+ char *s;
+ STRING(s,"abcde");
+ char *p = nondet ? s : s+1;
+ char n = nondet ? 2 : 5;
+ RES z1 = strnlen(p, n);
+ //@assert z1 == 2 || z1 == 4 || z1 == 5;
+
+ STRING(s,"\0bcdef");
+ p = nondet ? s : s+1;
+ n = nondet ? 1 : 4;
+ RES z2 = strnlen(p, n);
+ //@assert z2 == 0 || z2 == 1 || z2 == 4;
+
+ STRING(s,"bcd\0efg");
+ p = nondet ? s : s+2;
+ RES z3a = strnlen(p, 2);
+ //@assert z3a == 1 || z3a == 2;
+
+ p = nondet ? s : s+2;
+ n = nondet ? 2 : 3;
+ RES z3 = strnlen(p, n);
+ //@assert z3 == 1 || z3 == 2 || z3 == 3;
+
+ p = nondet ? s : nondet ? s+2 : s+4;
+ n = nondet ? 2 : 5;
+ RES z4 = strnlen(p, n);
+ //@assert z4 == 1 || z4 == 2 || z4 == 3;
+}
+
+void large_n() {
+ CHAR_ARRAY(a, 100);
+ init_array_nondet(a, 0, 99, 1, 2);
+ a[15] = 0;
+ a[28] = 0;
+ a[40] = 0;
+ a[75] = 0;
+ Ival offset = RANGE(3, 30);
+ Ival n = RANGE(10, 20);
+ RES z1 = my_strnlen(a, offset, n);
+ //@assert z1 <= 12;
+
+ a[28] = 1;
+ a[29] = 0;
+ RES z2 = my_strnlen(a, offset, n);
+ //@assert z2 <= 13;
+
+ a[40] = 1;
+ RES z3 = my_strnlen(a, offset, n); // no alarm
+ //@assert z3 <= 20;
+
+ offset = RANGE(5, 17);
+ RES z4 = my_strnlen(a, offset, n);
+ //@assert z4 <= 13;
+
+ offset = RANGE(60, 74);
+ RES z5 = my_strnlen(a, offset, n);
+ //@assert z5 >= 1 && z5 <= 15;
+
+ offset = RANGE(63, 80);
+ RES z6 = my_strnlen(a, offset, n); // no alarm
+ //@assert z6 <= 20;
+
+ init_array_nondet(a, 0, 99, 0, 2);
+ offset = RANGE(50, 70);
+ RES z7 = my_strnlen(a, offset, n);
+ //@assert z7 <= 20;
+
+ n = RANGE(0, 100);
+ RES z8 = my_strnlen(a, offset, n); // alarm
+ //@assert z8 <= 50;
+
+ offset = RANGE(0, 10);
+ n = RANGE(0, 90);
+ RES z9 = my_strnlen(a, offset, n); // no alarm
+ //@assert z9 <= 90;
+}
+
+void unbounded_n() {
+ int n = nondet;
+ if (n < 0) n = 0;
+ char *s;
+ STRING(s,"abc");
+ RES zu1 = strnlen(s, n);
+ //@ assert zu1 == 3;
+ Ival o = NONDET(0,1);
+ RES zu2 = strnlen(s+o, n);
+ //@ assert zu2 == 2 || zu2 == 3;
+ STRING(s,"bcd\0eg");
+ RES zu3 = strnlen(s, n);
+ //@ assert zu3 == 3;
+}
+
+void intervals() {
+ CHAR_ARRAY(a, 100);
+ init_array_nondet(a, 0, 9, 0, 1);
+ init_array_nondet(a, 3, 6, 1, 1);
+ init_array_nondet(a, 11, 11, 0, 1);
+ init_array_nondet(a, 12, 15, 1, 1);
+ init_array_nondet(a, 16, 19, 0, 1);
+
+ Ival offset = RANGE(0,9);
+ Ival n = RANGE(0, 9);
+ RES z1 = my_strnlen(a, offset, n);
+ //@ assert z1 >= 0 && z1 <= 9;
+
+ offset = RANGE(3,9);
+ n = RANGE(2,10);
+ RES z2 = my_strnlen(a, offset, n);
+ //@ assert z2 >= 0 && z2 <= 7;
+
+ offset = RANGE(3,9);
+ n = RANGE(0,11);
+ RES z3 = my_strnlen(a, offset, n);
+ //@ assert z3 >= 0 && z3 <= 7;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,9);
+ RES z4 = my_strnlen(a, offset, n);
+ //@ assert z4 >= 0 && z4 <= 7;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,10);
+ RES z5 = my_strnlen(a, offset, n);
+ //@ assert z5 >= 0 && z5 <= 7;
+
+ offset = RANGE(3,10);
+ n = RANGE(0,11);
+ RES z6 = my_strnlen(a, offset, n);
+ //@ assert z6 >= 0 && z6 <= 7;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,9);
+ RES z7 = my_strnlen(a, offset, n);
+ //@ assert z7 >= 0 && z7 <= 9;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,10);
+ RES z8 = my_strnlen(a, offset, n);
+ //@ assert z8 >= 0 && z8 <= 9;
+
+ offset = RANGE(3,11);
+ n = RANGE(0,11);
+ RES z9 = my_strnlen(a, offset, n);
+ //@ assert z9 >= 0 && z9 <= 9;
+}
+
+int main (int c) {
+ small_sets();
+ zero_termination();
+
+ initialization();
+ large();
+ large_uninit();
+ misc();
+ bitfields();
+ bitfields2();
+ escaping();
+ big_array();
+
+ no_zero_but_ok();
+ small_sets_n();
+ large_n();
+
+ unbounded_n();
+ intervals();
+
+ return 0;
+}
--
GitLab