Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • F frama-c
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 168
    • Issues 168
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • pub
  • frama-c
  • Issues
  • #2032
Closed
Open
Issue created Jun 26, 2012 by mantis-gitlab-migration@mantis-gitlab-migration

Feedback about value analysis degeneration

ID0001221: This issue was created automatically from Mantis Issue 1221. Further discussion may take place here.


Id Project Category View Due Date Updated
ID0001221 Frama-C Plug-in > Eva public 2012-06-26 2012-07-03
Reporter Anne Assigned To pascal Resolution no change required
Priority normal Severity feature Reproducibility have not tried
Platform - OS - OS Version -
Product Version Frama-C Nitrogen-20111001 Target Version - Fixed in Version -

Description :

It would be great to have more information about the reasons why the value analysis degenerates in some cases. For instance : $ frama-c -val toto.c with : int main (int argc, char * argv []) { char * s1 = argv[1]; char * s2 = argv[2]; return 0; } gives : toto.c:2:[kernel] warning: out of bounds read. assert \valid(argv+1); toto.c:3:[kernel] warning: out of bounds read. assert \valid(argv+2); [value] Recording results for main [value] done for function main [value] ====== VALUES COMPUTED ====== [value] Values for function main: NON TERMINATING FUNCTION

I know now that I have to use -context-width, but it is not easy to guess from the value analysis output, especially if we don't know if the function doesn't terminate for other reasons... Would it be possible to give the first statement where the state is BOTTOM for instance : this would be a hint.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking