WP crash when type casting in lemma

ID0001804: This issue was created automatically from Mantis Issue 1804. Further discussion may take place here.

---

Id	Project	Category	View	Due Date	Updated
ID0001804	Frama-C	Plug-in > wp	public	2014-06-06	2014-06-06

Reporter	Ian	Assigned To	correnson	Resolution	open
Priority	normal	Severity	crash	Reproducibility	always
Platform	-	OS	Ubuntu	OS Version	-
Product Version	Frama-C Neon-20140301	Target Version	-	Fixed in Version	-

Description :

When using Typed+cast, a cast in a lemma can cause wp to crash. In the below example, removing the lemma will cause the assert to validate.

Steps To Reproduce :

Create file ptr_cast.c :

/*@
    lemma valid_pointers:
        \forall int **ptr; sizeof(int *) >= sizeof(int) ==> \valid(ptr) ==> \valid((int *) ptr);
*/

void f(int **ptr){
    //@ assert sizeof(int *) >= sizeof(int) ==> \valid(ptr) ==> \valid((int *) ptr);
}

Run : frama-c -cpp-command 'gcc -C -E' -pp-annot -wp -wp-model Typed+cast ptr_cast.c

Receive output :

[kernel] preprocessing with "gcc -C -E  -dD ptr_cast.c"
[wp] Running WP plugin...
[wp] Collecting axiomatic usage
ptr_cast.c:4:[wp] warning: Cast with incompatible pointers types (source: int**) (target: sint32*)
[wp] failure: Context 'Warning' non-initialized.
[kernel] Current source was: ptr_cast.c:7
         The full backtrace is:
         Raised at file "src/kernel/log.ml", line 524, characters 30-31
         Called from file "src/kernel/log.ml", line 518, characters 9-16
         Re-raised at file "src/kernel/log.ml", line 521, characters 15-16
         Called from file "src/wp/Warning.ml", line 117, characters 10-31
         Called from file "src/wp/MemTyped.ml", line 799, characters 3-111
         Called from file "src/wp/MemVar.ml", line 374, characters 23-51
         Called from file "src/wp/Cvalues.ml", line 433, characters 30-42
         Called from file "src/wp/LogicSemantics.ml", line 768, characters 12-27
         Called from file "src/wp/Context.ml", line 31, characters 12-17
         Re-raised at file "src/wp/Context.ml", line 34, characters 41-46
         Called from file "src/wp/LogicCompiler.ml", line 358, characters 20-35
         Called from file "src/wp/LogicSemantics.ml", line 779, characters 12-37
         Called from file "src/wp/Context.ml", line 31, characters 12-17
         Re-raised at file "src/wp/Context.ml", line 34, characters 41-46
         Called from file "src/wp/LogicCompiler.ml", line 357, characters 28-51
         Called from file "src/wp/LogicSemantics.ml", line 779, characters 12-37
         Called from file "src/wp/Context.ml", line 31, characters 12-17
         Re-raised at file "src/wp/Context.ml", line 34, characters 41-46
         Called from file "src/wp/LogicCompiler.ml", line 357, characters 28-51
         Called from file "src/wp/LogicSemantics.ml", line 779, characters 12-37
         Called from file "src/wp/Context.ml", line 31, characters 12-17
         Re-raised at file "src/wp/Context.ml", line 34, characters 41-46
         Called from file "src/wp/Lang.ml", line 869, characters 33-38
         Re-raised at file "src/wp/Lang.ml", line 870, characters 40-43
         Called from file "src/wp/LogicSemantics.ml", line 684, characters 11-54
         Called from file "src/wp/LogicSemantics.ml", line 779, characters 12-37
         Called from file "src/wp/Context.ml", line 31, characters 12-17
         Re-raised at file "src/wp/Context.ml", line 34, characters 41-46
         Called from file "src/wp/LogicCompiler.ml", line 326, characters 14-25
         Called from file "src/wp/Context.ml", line 68, characters 14-17
         Re-raised at file "src/wp/Context.ml", line 69, characters 43-48
         Called from file "src/wp/Context.ml", line 68, characters 14-17
         Re-raised at file "src/wp/Context.ml", line 69, characters 43-48
         Called from file "src/wp/Context.ml", line 68, characters 14-17
         Re-raised at file "src/wp/Context.ml", line 69, characters 43-48
         Called from file "src/wp/Context.ml", line 68, characters 14-17
         Re-raised at file "src/wp/Context.ml", line 69, characters 43-48
         Called from file "src/wp/LogicCompiler.ml", line 401, characters 24-83
         Called from file "src/wp/LogicCompiler.ml", line 673, characters 6-97
         Called from file "src/wp/LogicCompiler.ml", line 690, characters 19-41
         Called from file "src/wp/cfgWP.ml", line 1294, characters 31-42
         Called from file "map.ml", line 169, characters 20-25
         Called from file "src/wp/cfgWP.ml", line 1369, characters 14-54
         Called from file "src/wp/Model.ml", line 111, characters 17-20
         Re-raised at file "src/wp/Model.ml", line 116, characters 25-28
         Called from file "src/wp/Model.ml", line 117, characters 19-36
         Called from file "src/wp/register.ml", line 435, characters 17-42
         Called from file "src/wp/register.ml", line 574, characters 17-24
         Re-raised at file "src/wp/register.ml", line 578, characters 29-31
         Called from file "src/wp/register.ml", line 575, characters 17-24
         Re-raised at file "src/wp/register.ml", line 579, characters 32-34
         Called from file "src/wp/register.ml", line 575, characters 17-24
         Re-raised at file "src/wp/register.ml", line 579, characters 32-34
         Called from file "queue.ml", line 134, characters 6-20
         Called from file "src/kernel/boot.ml", line 37, characters 4-20
         Called from file "src/kernel/cmdline.ml", line 735, characters 2-9
         Called from file "src/kernel/cmdline.ml", line 214, characters 4-8
         
         Plug-in wp aborted: internal error.
         Please report as 'crash' at http://bts.frama-c.com/.
         Your Frama-C version is Neon-20140301.
         Note that a version and a backtrace alone often do not contain enough
         information to understand the bug. Guidelines for reporting bugs are at:
         http://bts.frama-c.com/dokuwiki/doku.php?id=mantis:frama-c:bug_reporting_guidelines