Clang 13 emits warnings related to uninitialized variables:

variable 'r' is used uninitialized whenever 'if'
condition is false [-Wsometimes-uninitialized]

This is due to the fact that the assert(0) macro, when using Frama-C's libc,
is expanded to __FC_assert. Since it is not known by the compiler, it cannot
consider it as "noreturn" when the condition is zero. Note that adding
'__attribute__ ((__noreturn__))' will not work: Frama-C will assume it
never returns, even when the condition is true.
Initializing the 'r' variables with a default value will not change the
actual behavior, and will avoid the warnings.

'Indeterminate' alarms are alarms about uninitialized memory, escaping pointers
and special floating-point values (infinite and NaN).

These alarms are emitted for functions specified by -eva-warn-copy-indeterminate
option, which is @all by default. These alarms can be disabled for some function
by -eva-warn-copy-indeterminate=-f, in which case they are also disabled for
the argument expressions of calls to [f].

However:
- the @all default value did not include functions without definition
  (for which a specification or a builtin is used).
- 'indeterminate' alarms were emitted anyway for the arguments of calls to
  functions without definition, except for builtins.
So no indeterminate alarms were emitted for the argument expressions of calls
to builtins (unless their definitions were included).

This commit fixes this behavior:
the @all default of -eva-warn-copy-indeterminate option include all functions
and special case for functions without definition or builtins are removed.

It still avoids to emit surch alarms on Eva directives such as Frama_C_show_each.

The preconditions generated in place of behaviors leading to NaN or infinite
floating-point values are now named.

Andre Maroneze authored 3 years ago and David Bühler committed 3 years ago

The Linux manpage for tan states that only a floating-point exception
(FE_OVERFLOW) occurs in case of result overflow, but the POSIX manpage mentions
that errno can be set to ERANGE.

it's pointless to be accurate for the ERANGE case while our current
modelization can't tell whether we will succeed in opening the
corresponding file in /proc.

most differences in Eva oracles come from the fact that now anonymous arguments are taken into
account when generating default assigns for prototypes with empty specs.

Andre Maroneze authored 4 years ago and David Bühler committed 3 years ago

Due to the absence of a long double version of the pow() logic function,
and due to likely little demand for ldexpl, this function has not been
specified.