From efe0045964be2d1ebe2e3f0a01a0bb2a64c019a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20B=C3=BChler?= <david.buhler@cea.fr>
Date: Fri, 28 Feb 2020 14:38:10 +0100
Subject: [PATCH] [Eva] Adds a test for the alarm about the creation of invalid
pointers.
---
tests/value/invalid_pointer.c | 178 ++++++++
.../value/oracle/invalid_pointer.0.res.oracle | 409 ++++++++++++++++++
.../value/oracle/invalid_pointer.1.res.oracle | 337 +++++++++++++++
3 files changed, 924 insertions(+)
create mode 100644 tests/value/invalid_pointer.c
create mode 100644 tests/value/oracle/invalid_pointer.0.res.oracle
create mode 100644 tests/value/oracle/invalid_pointer.1.res.oracle
diff --git a/tests/value/invalid_pointer.c b/tests/value/invalid_pointer.c
new file mode 100644
index 00000000000..bde7ed009dc
--- /dev/null
+++ b/tests/value/invalid_pointer.c
@@ -0,0 +1,178 @@
+/* run.config*
+ STDOPT: +"-warn-invalid-pointer -absolute-valid-range=10-30"
+ STDOPT: +"-no-warn-invalid-pointer -absolute-valid-range=10-30"
+*/
+
+#include <__fc_builtin.h>
+#include <stdint.h>
+
+/* Tests the emission of \object_pointer alarms when -warn-invalid-pointer
+ is enabled. The second run should emit no alarm. */
+
+volatile int undet;
+
+/* Simple pointer computations. */
+void pointer_computation () {
+ int x;
+ int *p = &x;
+ if (undet)
+ p--; // Red alarm.
+ p++; // No alarm.
+ if (undet)
+ p++; // Red alarm.
+ int i = undet;
+ p += i; // Unknown alarm. [i] should be reduced to {-1, 0}.
+ int j = undet;
+ p -= j; // Unknown alarm. [j] should be reduced to {-1, 0, 1}.
+ p --; // Unknown alarm. [p] should be exactly {&x}.
+ int array[25];
+ int *q = undet ? &x : &array[0];
+ int offset1 = Frama_C_interval(0, 10);
+ q += offset1; // Unknown alarm. [offset1] should not be reduced.
+ int offset2 = Frama_C_interval(0, 50);
+ q += offset2; // Unknown alarm. [offset2] should be reduced to [0..25].
+ q += 0; // No alarm.
+}
+
+/* Increment or decrement pointers in loops. */
+void pointer_in_loops () {
+ int t[128];
+ int *p = &t[0];
+ /*@ loop unroll 128; */
+ for (int i = 0; i < 128; i++) {
+ *p = i;
+ p++; // No alarm.
+ }
+ if (undet) {
+ int *q = &t[127];
+ /*@ loop unroll 128; */
+ for (int i = 0; i < 128; i++) {
+ *q = i;
+ q--; // Alarm in the last iteration: q points to t[-1].
+ }
+ Frama_C_show_each_bottom(q); // Should not be reached.
+ }
+}
+
+/* Conversion integer -> pointer. */
+void int_conversion () {
+ int x, *p;
+ p = (int *)0; // NULL pointer: always ok.
+ p = (int *) 20; // Inside -absolute-valid-range: no alarms.
+ if (undet) {
+ p = (int *) 42; // Outside -absolute-valid-range: red alarm.
+ }
+ x = Frama_C_interval(15, 25);
+ p = (int *) x; // Inside -absolute-valid-range: no alarms.
+ x = Frama_C_interval(100, 500);
+ if (undet) {
+ p = (int *) x; // Outside -absolute-valid-range: red alarm.
+ }
+ x = Frama_C_interval(15, 100);
+ p = (int *) x; // Unknown alarm. [x] should be reduced to [15..31].
+ p = (int *) undet; // Unknown alarm. [p] should be have value in [0..31].
+}
+
+void addrof () {
+ int a[10], *p;
+ p = &(a[0]);
+ p = &(a[10]);
+ if (undet)
+ p = &(a[11]); // Invalid alarm
+ if (undet)
+ p = &(a[-1]); // Invalid alarm
+ int offset = undet;
+ p = &(a[offset]); /* Unknown alarm. [offset] should be reduced to [0..10]. */
+}
+
+typedef union {
+ uintptr_t integer;
+ int *pointer;
+} ptr_union;
+
+/* Creates invalid pointers through an union. */
+void union_pointer () {
+ int *p;
+ ptr_union u;
+ u.integer = 0;
+ p = u.pointer; // No alarm.
+ if (undet) {
+ u.integer = 42;
+ p = u.pointer; // Red alarm.
+ }
+ u.integer = undet;
+ p = u.pointer; // Unknown alarm. [u.integer] should be reduced to [0..31].
+}
+
+/* Creates invalid pointers through untyped writes. */
+void write_pointer () {
+ int x;
+ int *p = 0;
+ *((uintptr_t *) &p) = &x;
+ int *q = p; // No alarm.
+ *((uintptr_t *) &p) = (uintptr_t)p + undet;
+ q = p; // Unknown alarm.
+ *((uintptr_t *) &p) = 42;
+ if (undet) {
+ q = p; // Red alarm.
+ }
+}
+
+/* Tests the evaluation of the logical predicate \object_pointer when
+ -warn-invalid-pointer is disabled. */
+void object_pointer_predicate () {
+ int x, array[64];
+ int *p = &x;
+ /*@ assert \object_pointer(p); */
+ if (undet) {
+ p--;
+ /*@ assert \object_pointer(p); */
+ }
+ p++;
+ /*@ assert \object_pointer(p); */
+ if (undet) {
+ p++;
+ /*@ assert \object_pointer(p); */
+ }
+ p += undet;
+ /*@ assert \object_pointer(p); */
+ /*@ assert \object_pointer(p); */
+ Frama_C_show_each_object_pointer(p);
+ p = (int *)((uintptr_t)&x + undet);
+ /*@ assert \object_pointer(p); */
+ /*@ assert \object_pointer(p); */
+ Frama_C_show_each_object_pointer_char(p);
+ int i = Frama_C_interval(0, 20);
+ p = undet ? &x : &array[i];
+ /*@ assert \object_pointer(p); */
+ p += i;
+ /*@ assert \object_pointer(p); */
+ p += undet;
+ /*@ assert \object_pointer(p); */
+ Frama_C_show_each_object_pointer_array(p);
+ p = (int *) 0;
+ /*@ assert \object_pointer(p); */
+ if (undet)
+ p = (int *) 20;
+ /*@ assert \object_pointer(p); */
+ if (undet)
+ p = (int *) 50;
+ /*@ assert \object_pointer(p); */
+ p = (int *) undet;
+ /*@ assert \object_pointer(p); */
+ if (undet) {
+ p = (int *) 100;
+ /*@ assert \object_pointer(p); */
+ }
+}
+
+
+void main () {
+ pointer_computation ();
+ pointer_in_loops ();
+ int_conversion ();
+ addrof ();
+ union_pointer ();
+ write_pointer ();
+ object_pointer_predicate ();
+}
diff --git a/tests/value/oracle/invalid_pointer.0.res.oracle b/tests/value/oracle/invalid_pointer.0.res.oracle
new file mode 100644
index 00000000000..4f0f2133ff5
--- /dev/null
+++ b/tests/value/oracle/invalid_pointer.0.res.oracle
@@ -0,0 +1,409 @@
+[kernel] Parsing tests/value/invalid_pointer.c (with preprocessing)
+[kernel:typing:int-conversion] tests/value/invalid_pointer.c:111: Warning:
+ Conversion from a pointer to an integer without an explicit cast
+[eva] Analyzing a complete application starting at main
+[eva] Computing initial state
+[eva] Initial state computed
+[eva:initial-state] Values of globals at initialization
+ NULL[rbits 80 to 247] ∈ [--..--]
+ undet ∈ [--..--]
+[eva] computing for function pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:171.
+[eva:alarm] tests/value/invalid_pointer.c:19: Warning:
+ invalid pointer creation. assert \object_pointer(p - 1);
+[eva:alarm] tests/value/invalid_pointer.c:22: Warning:
+ invalid pointer creation. assert \object_pointer(p + 1);
+[eva:alarm] tests/value/invalid_pointer.c:24: Warning:
+ invalid pointer creation. assert \object_pointer(p + i);
+[eva:alarm] tests/value/invalid_pointer.c:26: Warning:
+ invalid pointer creation. assert \object_pointer(p - j);
+[eva:alarm] tests/value/invalid_pointer.c:27: Warning:
+ invalid pointer creation. assert \object_pointer(p - 1);
+[eva] computing for function Frama_C_interval <- pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:30.
+[eva] using specification for function Frama_C_interval
+[eva] tests/value/invalid_pointer.c:30:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva:alarm] tests/value/invalid_pointer.c:31: Warning:
+ invalid pointer creation. assert \object_pointer(q + offset1);
+[eva] computing for function Frama_C_interval <- pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:32.
+[eva] tests/value/invalid_pointer.c:32:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva:alarm] tests/value/invalid_pointer.c:33: Warning:
+ invalid pointer creation. assert \object_pointer(q + offset2);
+[eva] Recording results for pointer_computation
+[eva] Done for function pointer_computation
+[eva] computing for function pointer_in_loops <- main.
+ Called from tests/value/invalid_pointer.c:172.
+[eva] tests/value/invalid_pointer.c:42:
+ Trace partitioning superposing up to 100 states
+[eva:alarm] tests/value/invalid_pointer.c:51: Warning:
+ invalid pointer creation. assert \object_pointer(q - 1);
+[eva] Recording results for pointer_in_loops
+[eva] Done for function pointer_in_loops
+[eva] computing for function int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:173.
+[eva:alarm] tests/value/invalid_pointer.c:63: Warning:
+ invalid pointer creation. assert \object_pointer((int *)42);
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:65.
+[eva] tests/value/invalid_pointer.c:65:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:67.
+[eva] tests/value/invalid_pointer.c:67:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva:alarm] tests/value/invalid_pointer.c:69: Warning:
+ invalid pointer creation. assert \object_pointer((int *)x);
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:71.
+[eva] tests/value/invalid_pointer.c:71:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva:alarm] tests/value/invalid_pointer.c:72: Warning:
+ invalid pointer creation. assert \object_pointer((int *)x);
+[eva:alarm] tests/value/invalid_pointer.c:73: Warning:
+ invalid pointer creation. assert \object_pointer((int *)undet);
+[eva] Recording results for int_conversion
+[eva] Done for function int_conversion
+[eva] computing for function addrof <- main.
+ Called from tests/value/invalid_pointer.c:174.
+[eva:alarm] tests/value/invalid_pointer.c:81: Warning:
+ invalid pointer creation. assert \object_pointer(&a[11]);
+[eva:alarm] tests/value/invalid_pointer.c:83: Warning:
+ invalid pointer creation. assert \object_pointer(&a[(int)(-1)]);
+[eva:alarm] tests/value/invalid_pointer.c:85: Warning:
+ invalid pointer creation. assert \object_pointer(&a[offset]);
+[eva] Recording results for addrof
+[eva] Done for function addrof
+[eva] computing for function union_pointer <- main.
+ Called from tests/value/invalid_pointer.c:175.
+[eva:alarm] tests/value/invalid_pointer.c:101: Warning:
+ invalid pointer creation. assert \object_pointer(u.pointer);
+[eva:alarm] tests/value/invalid_pointer.c:104: Warning:
+ invalid pointer creation. assert \object_pointer(u.pointer);
+[eva] Recording results for union_pointer
+[eva] Done for function union_pointer
+[eva] computing for function write_pointer <- main.
+ Called from tests/value/invalid_pointer.c:176.
+[eva:alarm] tests/value/invalid_pointer.c:114: Warning:
+ invalid pointer creation. assert \object_pointer(p);
+[eva:alarm] tests/value/invalid_pointer.c:117: Warning:
+ invalid pointer creation. assert \object_pointer(p);
+[eva] Recording results for write_pointer
+[eva] Done for function write_pointer
+[eva] computing for function object_pointer_predicate <- main.
+ Called from tests/value/invalid_pointer.c:177.
+[eva] tests/value/invalid_pointer.c:126: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:128: Warning:
+ invalid pointer creation. assert \object_pointer(p - 1);
+[eva] tests/value/invalid_pointer.c:132: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:134: Warning:
+ invalid pointer creation. assert \object_pointer(p + 1);
+[eva:alarm] tests/value/invalid_pointer.c:137: Warning:
+ invalid pointer creation. assert \object_pointer(p + undet);
+[eva] tests/value/invalid_pointer.c:138: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:139: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:140:
+ Frama_C_show_each_object_pointer: {{ &x + {0; 4} }}
+[eva:alarm] tests/value/invalid_pointer.c:141: Warning:
+ invalid pointer creation.
+ assert
+ \object_pointer((int *)((unsigned int)((unsigned int)(&x) +
+ (unsigned int)undet)));
+[eva] tests/value/invalid_pointer.c:142: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:143: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:144:
+ Frama_C_show_each_object_pointer_char: {{ &x + {0; 1; 2; 3; 4} }}
+[eva] computing for function Frama_C_interval <- object_pointer_predicate <- main.
+ Called from tests/value/invalid_pointer.c:145.
+[eva] tests/value/invalid_pointer.c:145:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] tests/value/invalid_pointer.c:147: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:148: Warning:
+ invalid pointer creation. assert \object_pointer(p + i);
+[eva] tests/value/invalid_pointer.c:149: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:150: Warning:
+ invalid pointer creation. assert \object_pointer(p + undet);
+[eva] tests/value/invalid_pointer.c:151: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:152:
+ Frama_C_show_each_object_pointer_array:
+ {{ &x + {0; 4} ; &array + [0..256],0%4 }}
+[eva] tests/value/invalid_pointer.c:154: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:157: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:159: Warning:
+ invalid pointer creation. assert \object_pointer((int *)50);
+[eva:alarm] tests/value/invalid_pointer.c:160: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:161: Warning:
+ invalid pointer creation. assert \object_pointer((int *)undet);
+[eva:alarm] tests/value/invalid_pointer.c:162: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:164: Warning:
+ invalid pointer creation. assert \object_pointer((int *)100);
+[eva] Recording results for object_pointer_predicate
+[eva] Done for function object_pointer_predicate
+[eva] Recording results for main
+[eva] done for function main
+[eva] tests/value/invalid_pointer.c:19:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:22:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:63:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:69:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:81:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:83:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:101:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:117:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:128:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:134:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:159:
+ assertion 'Eva,pointer_value' got final status invalid.
+[eva] tests/value/invalid_pointer.c:164:
+ assertion 'Eva,pointer_value' got final status invalid.
+[scope:rm_asserts] removing 2 assertion(s)
+[eva] ====== VALUES COMPUTED ======
+[eva:final-states] Values at end of function addrof:
+ p ∈ {{ &a + [0..40],0%4 }}
+ offset ∈ [--..--]
+[eva:final-states] Values at end of function int_conversion:
+ Frama_C_entropy_source ∈ [--..--]
+ x ∈ [15..31]
+ p ∈ [0..31]
+[eva:final-states] Values at end of function object_pointer_predicate:
+ Frama_C_entropy_source ∈ [--..--]
+ p ∈ [0..31]
+ i ∈ [0..20]
+[eva:final-states] Values at end of function pointer_computation:
+ Frama_C_entropy_source ∈ [--..--]
+ p ∈ {{ &x }}
+ i ∈ {-1; 0}
+ j ∈ {-1; 0; 1}
+ q ∈ {{ &x + {0; 4} ; &array + [0..100],0%4 }}
+ offset1 ∈ [0..10]
+ offset2 ∈ [0..25]
+[eva:final-states] Values at end of function pointer_in_loops:
+ t[0] ∈ {0}
+ [1] ∈ {1}
+ [2] ∈ {2}
+ [3] ∈ {3}
+ [4] ∈ {4}
+ [5] ∈ {5}
+ [6] ∈ {6}
+ [7] ∈ {7}
+ [8] ∈ {8}
+ [9] ∈ {9}
+ [10] ∈ {10}
+ [11] ∈ {11}
+ [12] ∈ {12}
+ [13] ∈ {13}
+ [14] ∈ {14}
+ [15] ∈ {15}
+ [16] ∈ {16}
+ [17] ∈ {17}
+ [18] ∈ {18}
+ [19] ∈ {19}
+ [20] ∈ {20}
+ [21] ∈ {21}
+ [22] ∈ {22}
+ [23] ∈ {23}
+ [24] ∈ {24}
+ [25] ∈ {25}
+ [26] ∈ {26}
+ [27] ∈ {27}
+ [28] ∈ {28}
+ [29] ∈ {29}
+ [30] ∈ {30}
+ [31] ∈ {31}
+ [32] ∈ {32}
+ [33] ∈ {33}
+ [34] ∈ {34}
+ [35] ∈ {35}
+ [36] ∈ {36}
+ [37] ∈ {37}
+ [38] ∈ {38}
+ [39] ∈ {39}
+ [40] ∈ {40}
+ [41] ∈ {41}
+ [42] ∈ {42}
+ [43] ∈ {43}
+ [44] ∈ {44}
+ [45] ∈ {45}
+ [46] ∈ {46}
+ [47] ∈ {47}
+ [48] ∈ {48}
+ [49] ∈ {49}
+ [50] ∈ {50}
+ [51] ∈ {51}
+ [52] ∈ {52}
+ [53] ∈ {53}
+ [54] ∈ {54}
+ [55] ∈ {55}
+ [56] ∈ {56}
+ [57] ∈ {57}
+ [58] ∈ {58}
+ [59] ∈ {59}
+ [60] ∈ {60}
+ [61] ∈ {61}
+ [62] ∈ {62}
+ [63] ∈ {63}
+ [64] ∈ {64}
+ [65] ∈ {65}
+ [66] ∈ {66}
+ [67] ∈ {67}
+ [68] ∈ {68}
+ [69] ∈ {69}
+ [70] ∈ {70}
+ [71] ∈ {71}
+ [72] ∈ {72}
+ [73] ∈ {73}
+ [74] ∈ {74}
+ [75] ∈ {75}
+ [76] ∈ {76}
+ [77] ∈ {77}
+ [78] ∈ {78}
+ [79] ∈ {79}
+ [80] ∈ {80}
+ [81] ∈ {81}
+ [82] ∈ {82}
+ [83] ∈ {83}
+ [84] ∈ {84}
+ [85] ∈ {85}
+ [86] ∈ {86}
+ [87] ∈ {87}
+ [88] ∈ {88}
+ [89] ∈ {89}
+ [90] ∈ {90}
+ [91] ∈ {91}
+ [92] ∈ {92}
+ [93] ∈ {93}
+ [94] ∈ {94}
+ [95] ∈ {95}
+ [96] ∈ {96}
+ [97] ∈ {97}
+ [98] ∈ {98}
+ [99] ∈ {99}
+ [100] ∈ {100}
+ [101] ∈ {101}
+ [102] ∈ {102}
+ [103] ∈ {103}
+ [104] ∈ {104}
+ [105] ∈ {105}
+ [106] ∈ {106}
+ [107] ∈ {107}
+ [108] ∈ {108}
+ [109] ∈ {109}
+ [110] ∈ {110}
+ [111] ∈ {111}
+ [112] ∈ {112}
+ [113] ∈ {113}
+ [114] ∈ {114}
+ [115] ∈ {115}
+ [116] ∈ {116}
+ [117] ∈ {117}
+ [118] ∈ {118}
+ [119] ∈ {119}
+ [120] ∈ {120}
+ [121] ∈ {121}
+ [122] ∈ {122}
+ [123] ∈ {123}
+ [124] ∈ {124}
+ [125] ∈ {125}
+ [126] ∈ {126}
+ [127] ∈ {127}
+ p ∈ {{ &t[128] }}
+[eva:final-states] Values at end of function union_pointer:
+ p ∈ [0..31]
+ u{.integer; .pointer} ∈ [0..31]
+[eva:final-states] Values at end of function write_pointer:
+ p ∈ {42}
+ q ∈ {{ &x + {0; 1; 2; 3; 4} }}
+[eva:final-states] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
+[from] Computing for function addrof
+[from] Done for function addrof
+[from] Computing for function int_conversion
+[from] Computing for function Frama_C_interval <-int_conversion
+[from] Done for function Frama_C_interval
+[from] Done for function int_conversion
+[from] Computing for function object_pointer_predicate
+[from] Done for function object_pointer_predicate
+[from] Computing for function pointer_computation
+[from] Done for function pointer_computation
+[from] Computing for function pointer_in_loops
+[from] Done for function pointer_in_loops
+[from] Computing for function union_pointer
+[from] Done for function union_pointer
+[from] Computing for function write_pointer
+[from] Done for function write_pointer
+[from] Computing for function main
+[from] Done for function main
+[from] ====== DEPENDENCIES COMPUTED ======
+ These dependencies hold at termination for the executions that terminate:
+[from] Function Frama_C_interval:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM Frama_C_entropy_source; min; max
+[from] Function addrof:
+ NO EFFECTS
+[from] Function int_conversion:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function object_pointer_predicate:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function pointer_computation:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function pointer_in_loops:
+ NO EFFECTS
+[from] Function union_pointer:
+ NO EFFECTS
+[from] Function write_pointer:
+ NO EFFECTS
+[from] Function main:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] ====== END OF DEPENDENCIES ======
+[inout] Out (internal) for function addrof:
+ p; offset
+[inout] Inputs for function addrof:
+ undet
+[inout] Out (internal) for function int_conversion:
+ Frama_C_entropy_source; x; p
+[inout] Inputs for function int_conversion:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function object_pointer_predicate:
+ Frama_C_entropy_source; p; i
+[inout] Inputs for function object_pointer_predicate:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function pointer_computation:
+ Frama_C_entropy_source; p; i; j; q; tmp; offset1; offset2
+[inout] Inputs for function pointer_computation:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function pointer_in_loops:
+ t[0..127]; p; i; q; i_0
+[inout] Inputs for function pointer_in_loops:
+ undet
+[inout] Out (internal) for function union_pointer:
+ p; u
+[inout] Inputs for function union_pointer:
+ undet
+[inout] Out (internal) for function write_pointer:
+ p; q
+[inout] Inputs for function write_pointer:
+ undet
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source
+[inout] Inputs for function main:
+ Frama_C_entropy_source; undet
diff --git a/tests/value/oracle/invalid_pointer.1.res.oracle b/tests/value/oracle/invalid_pointer.1.res.oracle
new file mode 100644
index 00000000000..ccb4096a72d
--- /dev/null
+++ b/tests/value/oracle/invalid_pointer.1.res.oracle
@@ -0,0 +1,337 @@
+[kernel] Parsing tests/value/invalid_pointer.c (with preprocessing)
+[kernel:typing:int-conversion] tests/value/invalid_pointer.c:111: Warning:
+ Conversion from a pointer to an integer without an explicit cast
+[eva] Analyzing a complete application starting at main
+[eva] Computing initial state
+[eva] Initial state computed
+[eva:initial-state] Values of globals at initialization
+ NULL[rbits 80 to 247] ∈ [--..--]
+ undet ∈ [--..--]
+[eva] computing for function pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:171.
+[eva] computing for function Frama_C_interval <- pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:30.
+[eva] using specification for function Frama_C_interval
+[eva] tests/value/invalid_pointer.c:30:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] computing for function Frama_C_interval <- pointer_computation <- main.
+ Called from tests/value/invalid_pointer.c:32.
+[eva] tests/value/invalid_pointer.c:32:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] Recording results for pointer_computation
+[eva] Done for function pointer_computation
+[eva] computing for function pointer_in_loops <- main.
+ Called from tests/value/invalid_pointer.c:172.
+[eva] tests/value/invalid_pointer.c:42:
+ Trace partitioning superposing up to 100 states
+[eva] tests/value/invalid_pointer.c:53:
+ Frama_C_show_each_bottom: {{ &t + {-4} }}
+[eva] Recording results for pointer_in_loops
+[eva] Done for function pointer_in_loops
+[eva] computing for function int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:173.
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:65.
+[eva] tests/value/invalid_pointer.c:65:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:67.
+[eva] tests/value/invalid_pointer.c:67:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] computing for function Frama_C_interval <- int_conversion <- main.
+ Called from tests/value/invalid_pointer.c:71.
+[eva] tests/value/invalid_pointer.c:71:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] Recording results for int_conversion
+[eva] Done for function int_conversion
+[eva] computing for function addrof <- main.
+ Called from tests/value/invalid_pointer.c:174.
+[eva] Recording results for addrof
+[eva] Done for function addrof
+[eva] computing for function union_pointer <- main.
+ Called from tests/value/invalid_pointer.c:175.
+[eva] Recording results for union_pointer
+[eva] Done for function union_pointer
+[eva] computing for function write_pointer <- main.
+ Called from tests/value/invalid_pointer.c:176.
+[eva] Recording results for write_pointer
+[eva] Done for function write_pointer
+[eva] computing for function object_pointer_predicate <- main.
+ Called from tests/value/invalid_pointer.c:177.
+[eva] tests/value/invalid_pointer.c:126: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:129: Warning:
+ assertion got status invalid (stopping propagation).
+[eva] tests/value/invalid_pointer.c:132: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:135: Warning:
+ assertion got status invalid (stopping propagation).
+[eva:alarm] tests/value/invalid_pointer.c:138: Warning:
+ assertion got status unknown.
+[eva] tests/value/invalid_pointer.c:139: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:140:
+ Frama_C_show_each_object_pointer: {{ &x + {0; 4} }}
+[eva:alarm] tests/value/invalid_pointer.c:142: Warning:
+ assertion got status unknown.
+[eva] tests/value/invalid_pointer.c:143: assertion got status valid.
+[eva] tests/value/invalid_pointer.c:144:
+ Frama_C_show_each_object_pointer_char: {{ &x + {0; 1; 2; 3; 4} }}
+[eva] computing for function Frama_C_interval <- object_pointer_predicate <- main.
+ Called from tests/value/invalid_pointer.c:145.
+[eva] tests/value/invalid_pointer.c:145:
+ function Frama_C_interval: precondition 'order' got status valid.
+[eva] Done for function Frama_C_interval
+[eva] tests/value/invalid_pointer.c:147: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:149: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:151: Warning:
+ assertion got status unknown.
+[eva] tests/value/invalid_pointer.c:152:
+ Frama_C_show_each_object_pointer_array:
+ {{ &x + {0; 4} ; &array + [0..256],0%4 }}
+[eva] tests/value/invalid_pointer.c:154: assertion got status valid.
+[eva:alarm] tests/value/invalid_pointer.c:157: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:160: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:162: Warning:
+ assertion got status unknown.
+[eva:alarm] tests/value/invalid_pointer.c:165: Warning:
+ assertion got status invalid (stopping propagation).
+[eva] Recording results for object_pointer_predicate
+[eva] Done for function object_pointer_predicate
+[eva] Recording results for main
+[eva] done for function main
+[scope:rm_asserts] removing 2 assertion(s)
+[eva] ====== VALUES COMPUTED ======
+[eva:final-states] Values at end of function addrof:
+ p ∈ {{ &a + [-8589934592..8589934588],0%4 }}
+ offset ∈ [--..--]
+[eva:final-states] Values at end of function int_conversion:
+ Frama_C_entropy_source ∈ [--..--]
+ x ∈ [15..100]
+ p ∈ [--..--]
+[eva:final-states] Values at end of function object_pointer_predicate:
+ Frama_C_entropy_source ∈ [--..--]
+ p ∈ [0..31]
+ i ∈ [0..20]
+[eva:final-states] Values at end of function pointer_computation:
+ Frama_C_entropy_source ∈ [--..--]
+ p ∈ {{ &x + [-17179869184..17179869184],0%4 }}
+ i ∈ [--..--]
+ j ∈ [--..--]
+ q ∈ {{ &x + [0..240],0%4 ; &array + [0..240],0%4 }}
+ offset1 ∈ [0..10]
+ offset2 ∈ [0..50]
+[eva:final-states] Values at end of function pointer_in_loops:
+ t[0] ∈ {0; 127}
+ [1] ∈ {1; 126}
+ [2] ∈ {2; 125}
+ [3] ∈ {3; 124}
+ [4] ∈ {4; 123}
+ [5] ∈ {5; 122}
+ [6] ∈ {6; 121}
+ [7] ∈ {7; 120}
+ [8] ∈ {8; 119}
+ [9] ∈ {9; 118}
+ [10] ∈ {10; 117}
+ [11] ∈ {11; 116}
+ [12] ∈ {12; 115}
+ [13] ∈ {13; 114}
+ [14] ∈ {14; 113}
+ [15] ∈ {15; 112}
+ [16] ∈ {16; 111}
+ [17] ∈ {17; 110}
+ [18] ∈ {18; 109}
+ [19] ∈ {19; 108}
+ [20] ∈ {20; 107}
+ [21] ∈ {21; 106}
+ [22] ∈ {22; 105}
+ [23] ∈ {23; 104}
+ [24] ∈ {24; 103}
+ [25] ∈ {25; 102}
+ [26] ∈ {26; 101}
+ [27] ∈ {27; 100}
+ [28] ∈ {28; 99}
+ [29] ∈ {29; 98}
+ [30] ∈ {30; 97}
+ [31] ∈ {31; 96}
+ [32] ∈ {32; 95}
+ [33] ∈ {33; 94}
+ [34] ∈ {34; 93}
+ [35] ∈ {35; 92}
+ [36] ∈ {36; 91}
+ [37] ∈ {37; 90}
+ [38] ∈ {38; 89}
+ [39] ∈ {39; 88}
+ [40] ∈ {40; 87}
+ [41] ∈ {41; 86}
+ [42] ∈ {42; 85}
+ [43] ∈ {43; 84}
+ [44] ∈ {44; 83}
+ [45] ∈ {45; 82}
+ [46] ∈ {46; 81}
+ [47] ∈ {47; 80}
+ [48] ∈ {48; 79}
+ [49] ∈ {49; 78}
+ [50] ∈ {50; 77}
+ [51] ∈ {51; 76}
+ [52] ∈ {52; 75}
+ [53] ∈ {53; 74}
+ [54] ∈ {54; 73}
+ [55] ∈ {55; 72}
+ [56] ∈ {56; 71}
+ [57] ∈ {57; 70}
+ [58] ∈ {58; 69}
+ [59] ∈ {59; 68}
+ [60] ∈ {60; 67}
+ [61] ∈ {61; 66}
+ [62] ∈ {62; 65}
+ [63..64] ∈ {63; 64}
+ [65] ∈ {62; 65}
+ [66] ∈ {61; 66}
+ [67] ∈ {60; 67}
+ [68] ∈ {59; 68}
+ [69] ∈ {58; 69}
+ [70] ∈ {57; 70}
+ [71] ∈ {56; 71}
+ [72] ∈ {55; 72}
+ [73] ∈ {54; 73}
+ [74] ∈ {53; 74}
+ [75] ∈ {52; 75}
+ [76] ∈ {51; 76}
+ [77] ∈ {50; 77}
+ [78] ∈ {49; 78}
+ [79] ∈ {48; 79}
+ [80] ∈ {47; 80}
+ [81] ∈ {46; 81}
+ [82] ∈ {45; 82}
+ [83] ∈ {44; 83}
+ [84] ∈ {43; 84}
+ [85] ∈ {42; 85}
+ [86] ∈ {41; 86}
+ [87] ∈ {40; 87}
+ [88] ∈ {39; 88}
+ [89] ∈ {38; 89}
+ [90] ∈ {37; 90}
+ [91] ∈ {36; 91}
+ [92] ∈ {35; 92}
+ [93] ∈ {34; 93}
+ [94] ∈ {33; 94}
+ [95] ∈ {32; 95}
+ [96] ∈ {31; 96}
+ [97] ∈ {30; 97}
+ [98] ∈ {29; 98}
+ [99] ∈ {28; 99}
+ [100] ∈ {27; 100}
+ [101] ∈ {26; 101}
+ [102] ∈ {25; 102}
+ [103] ∈ {24; 103}
+ [104] ∈ {23; 104}
+ [105] ∈ {22; 105}
+ [106] ∈ {21; 106}
+ [107] ∈ {20; 107}
+ [108] ∈ {19; 108}
+ [109] ∈ {18; 109}
+ [110] ∈ {17; 110}
+ [111] ∈ {16; 111}
+ [112] ∈ {15; 112}
+ [113] ∈ {14; 113}
+ [114] ∈ {13; 114}
+ [115] ∈ {12; 115}
+ [116] ∈ {11; 116}
+ [117] ∈ {10; 117}
+ [118] ∈ {9; 118}
+ [119] ∈ {8; 119}
+ [120] ∈ {7; 120}
+ [121] ∈ {6; 121}
+ [122] ∈ {5; 122}
+ [123] ∈ {4; 123}
+ [124] ∈ {3; 124}
+ [125] ∈ {2; 125}
+ [126] ∈ {1; 126}
+ [127] ∈ {0; 127}
+ p ∈ {{ &t[128] }}
+[eva:final-states] Values at end of function union_pointer:
+ p ∈ [--..--]
+ u ∈ [--..--]
+[eva:final-states] Values at end of function write_pointer:
+ p ∈ {42}
+ q ∈ {{ NULL + {42} ; &x + [0..4294967295] }}
+[eva:final-states] Values at end of function main:
+ Frama_C_entropy_source ∈ [--..--]
+[from] Computing for function addrof
+[from] Done for function addrof
+[from] Computing for function int_conversion
+[from] Computing for function Frama_C_interval <-int_conversion
+[from] Done for function Frama_C_interval
+[from] Done for function int_conversion
+[from] Computing for function object_pointer_predicate
+[from] Done for function object_pointer_predicate
+[from] Computing for function pointer_computation
+[from] Done for function pointer_computation
+[from] Computing for function pointer_in_loops
+[from] Done for function pointer_in_loops
+[from] Computing for function union_pointer
+[from] Done for function union_pointer
+[from] Computing for function write_pointer
+[from] Done for function write_pointer
+[from] Computing for function main
+[from] Done for function main
+[from] ====== DEPENDENCIES COMPUTED ======
+ These dependencies hold at termination for the executions that terminate:
+[from] Function Frama_C_interval:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+ \result FROM Frama_C_entropy_source; min; max
+[from] Function addrof:
+ NO EFFECTS
+[from] Function int_conversion:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function object_pointer_predicate:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function pointer_computation:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] Function pointer_in_loops:
+ NO EFFECTS
+[from] Function union_pointer:
+ NO EFFECTS
+[from] Function write_pointer:
+ NO EFFECTS
+[from] Function main:
+ Frama_C_entropy_source FROM Frama_C_entropy_source (and SELF)
+[from] ====== END OF DEPENDENCIES ======
+[inout] Out (internal) for function addrof:
+ p; offset
+[inout] Inputs for function addrof:
+ undet
+[inout] Out (internal) for function int_conversion:
+ Frama_C_entropy_source; x; p
+[inout] Inputs for function int_conversion:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function object_pointer_predicate:
+ Frama_C_entropy_source; p; i
+[inout] Inputs for function object_pointer_predicate:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function pointer_computation:
+ Frama_C_entropy_source; p; i; j; q; tmp; offset1; offset2
+[inout] Inputs for function pointer_computation:
+ Frama_C_entropy_source; undet
+[inout] Out (internal) for function pointer_in_loops:
+ t[0..127]; p; i; q; i_0
+[inout] Inputs for function pointer_in_loops:
+ undet
+[inout] Out (internal) for function union_pointer:
+ p; u
+[inout] Inputs for function union_pointer:
+ undet
+[inout] Out (internal) for function write_pointer:
+ p; q
+[inout] Inputs for function write_pointer:
+ undet
+[inout] Out (internal) for function main:
+ Frama_C_entropy_source
+[inout] Inputs for function main:
+ Frama_C_entropy_source; undet
--
GitLab