crash bug in r11859
ID0000715: This issue was created automatically from Mantis Issue 715. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0000715 | Frama-C | Plug-in > Eva | public | 2011-02-12 | 2011-10-10 |
| Reporter | regehr | Assigned To | pascal | Resolution | fixed |
| Priority | normal | Severity | crash | Reproducibility | always |
| Platform | - | OS | - | OS Version | - |
| Product Version | Frama-C GIT, precise the release id | Target Version | - | Fixed in Version | Frama-C Nitrogen-20111001 |
Description :
Seen using Ubuntu 10.10 on x86. OCaml and other tools are from the installation, nothing on this machine is customized.
regehr@home:~/csmith/scripts$ ~/z/frama-c/bin/toplevel.opt -val -slevel 250 foo_pp.c [kernel] preprocessing with "gcc -C -E -I. foo_pp.c" [value] Analyzing a complete application starting at main [value] Computing initial state [value] Initial state computed [value] Values of globals at initialization csmith_sink_ ? -..- __undefined ? {0; } g_8 ? -..- g_13 ? {1817273653; } g_12 ? {{ &g_13 ;}} g_11 ? -..- g_18 ? {111102337; } g_33 ? -..- g_73 ? {14749; } g_75 ? {-1719621896; } g_74 ? {{ &g_75 ;}} g_79 ? {{ &g_74 ;}} g_122 ? {{ &g_12 ;}} g_121 ? -..- g_126 ? -..- g_152 ? -..- g_169 ? -..- g_193 ? {0; } g_195 ? {0; } g_385 ? -..- [value] computing for function platform_main_begin <-main. Called from foo.c:380. [value] Recording results for platform_main_begin [value] Done for function platform_main_begin [value] computing for function func_1 <-main. Called from foo.c:381. [value] computing for function func_2 <-func_1 <-main. Called from foo.c:61. [value] Recording results for func_2 [value] Done for function func_2 [value] computing for function func_35 <-func_1 <-main. Called from foo.c:61. [value] Recording results for func_35 [value] Done for function func_35 [value] computing for function safe_div_func_int64_t_s_s <-func_1 <-main. Called from foo.c:61. [value] Recording results for safe_div_func_int64_t_s_s [value] Done for function safe_div_func_int64_t_s_s [value] computing for function safe_div_func_int32_t_s_s <-func_1 <-main. Called from foo.c:61. [value] Recording results for safe_div_func_int32_t_s_s [value] Done for function safe_div_func_int32_t_s_s [value] computing for function safe_mul_func_int8_t_s_s <-func_1 <-main. Called from foo.c:61. [value] Recording results for safe_mul_func_int8_t_s_s [value] Done for function safe_mul_func_int8_t_s_s [value] computing for function func_51 <-func_1 <-main. Called from foo.c:61. [value] Recording results for func_51 [value] Done for function func_51 foo.c:61:[kernel] warning: out of bounds read. assert \valid(g_169); [kernel] The full backtrace is: Called from file "src/value/eval.ml", line 3878, characters 6-16 Called from file "list.ml", line 57, characters 20-23 Called from file "src/value/eval.ml", line 3847, characters 7-1023 Called from file "list.ml", line 74, characters 24-34 Called from file "src/value/eval.ml", line 4090, characters 7-62 Called from file "cil/src/ext/dataflow.ml", line 274, characters 27-46 Called from file "cil/src/ext/dataflow.ml", line 287, characters 16-40 Called from file "cil/src/ext/dataflow.ml", line 402, characters 8-21 Called from file "cil/src/ext/dataflow.ml", line 406, characters 9-22 Called from file "src/value/eval.ml", line 4681, characters 14-37 Called from file "src/value/eval.ml", line 5314, characters 5-60 Called from file "src/value/eval.ml", line 3900, characters 2-105 Called from file "src/value/eval.ml", line 3918, characters 7-93 Called from file "list.ml", line 74, characters 24-34 Called from file "src/value/eval.ml", line 4090, characters 7-62 Called from file "cil/src/ext/dataflow.ml", line 274, characters 27-46 Called from file "cil/src/ext/dataflow.ml", line 287, characters 16-40 Called from file "cil/src/ext/dataflow.ml", line 402, characters 8-21 Called from file "cil/src/ext/dataflow.ml", line 406, characters 9-22 Called from file "src/value/eval.ml", line 4681, characters 14-37 Called from file "src/value/eval.ml", line 5145, characters 4-67 Called from file "src/value/eval.ml", line 5400, characters 11-44 Re-raised at file "src/value/eval.ml", line 5416, characters 47-50 Called from file "src/project/state_builder.ml", line 1025, characters 2-6 Re-raised at file "src/project/state_builder.ml", line 1029, characters 8-11 Called from file "src/value/register.ml", line 59, characters 4-24 Called from file "queue.ml", line 134, characters 6-20 Called from file "src/kernel/boot.ml", line 36, characters 4-20 Called from file "src/kernel/cmdline.ml", line 713, characters 2-9 Called from file "src/kernel/cmdline.ml", line 195, characters 4-8
Unexpected error (File "cil/ocamlutil/cilutil.ml", line 918, characters 10-16: Assertion failed).
Please report as 'crash' at http://bts.frama-c.com/
Note that a backtrace alone often does not have information to
understand the bug. Guidelines for reporting bugs are at:
http://bts.frama-c.com/dokuwiki/doku.php?id=mantis:frama-c:bug_reporting_guidelinesregehr@home:~/csmith/scripts$