Undefined behavior with embedded assignment goes undetected
ID0001059: This issue was created automatically from Mantis Issue 1059. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0001059 | Frama-C | Kernel | public | 2012-01-07 | 2014-02-12 |
| Reporter | pascal | Assigned To | virgile | Resolution | fixed |
| Priority | normal | Severity | major | Reproducibility | always |
| Platform | - | OS | - | OS Version | - |
| Product Version | Frama-C Nitrogen-20111001 | Target Version | - | Fixed in Version | Frama-C Oxygen-20120901 |
Description :
It seems to me that the following program exhibits undefined behavior due to a= and ++a not being separated by a sequence point.
int main() { int a = 1; int b = 0;
if (a = b || ++a == 2)
printf("T: a=%i, b=%i", a, b);
else
printf("F: a=%i, b=%i", a, b);
return 0;}
But the following command gives no sign that the undefined behavior is detected:
$ bin/toplevel.opt -unspecified-access -val t.c -print [kernel] preprocessing with "gcc -C -E -I. t.c" [value] Analyzing a complete application starting at main [value] Computing initial state [value] Initial state computed [value] Values of globals at initialization [value] computing for function printf <- main. Called from t.c:6. [kernel] warning: No code for function printf, default assigns generated [value] Done for function printf [value] Recording results for main [value] done for function main [value] ====== VALUES COMPUTED ====== [value] Values at end of function main: a ? {1} b ? {0} __retres ? {0} /* Generated by Frama-C / /@ behavior generated: assigns \at(\result,Post) \from \nothing; / extern int ( / missing proto */ printf)(); int main(void) { int __retres; int a; int b; int tmp; a = 1; b = 0; if (b) { tmp = 1; } else { a ++; if (a == 2) { tmp = 1; } else { tmp = 0; } } a = tmp; if (a) { printf("T: a=%i, b=%i",a,b); } else { printf("F: a=%i, b=%i",a,b); } __retres = 0; return (__retres); }