frama-c/jessie crashes with Unexpected error (Cil.SizeOfError("Undefined sizeof on a function.", _)).
ID0002376: This issue was created automatically from Mantis Issue 2376. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0002376 | Frama-C | Plug-in > jessie | public | 2018-05-29 | 2018-05-29 |
| Reporter | foo | Assigned To | cmarche | Resolution | open |
| Priority | normal | Severity | crash | Reproducibility | always |
| Platform | - | OS | - | OS Version | - |
| Product Version | Frama-C 16-Sulfur | Target Version | - | Fixed in Version | - |
Description :
Hi all,
I'm very new to the frama-c and why ecosystem. I hope it's really a bug with frama-c and not jessie.
The C input is:
#include<stdlib.h>
int main(void) { char *p =malloc(5); p[0] = 4; return 3; }
I'd like to verify that the write to p[0] goes toa valid address.
$ Frama-c -val -jessie t.c [kernel] Parsing t.c (with preprocessing) [value] Analyzing a complete application starting at main [value] Computing initial state [value] Initial state computed [value:initial-state] Values of globals at initialization __fc_random_counter ∈ -..- __fc_rand_max ∈ {32767} __fc_heap_status ∈ -..- __fc_mblen_state ∈ -..- __fc_mbtowc_state ∈ -..- __fc_wctomb_state ∈ -..- t.c:4:[value] allocating variable __malloc_main_l4 t.c:5:[value] warning: out of bounds write. assert \valid(p + 0); [value] done for function main [value] ====== VALUES COMPUTED ====== [value:final-states] Values at end of function main: __fc_heap_status ∈ -..- p ∈ {{ &__malloc_main_l4[0] }} __retres ∈ {3} __malloc_main_l4[0] ∈ {4} [1..4] ∈ UNINITIALIZED [jessie] Starting Jessie translation [jessie] warning: \separated is not supported by Jessie. This predicate will be ignored [kernel] Current source was: FRAMAC_SHARE/libc/stdlib.h:389 The full backtrace is: Raised at file "src/kernel_services/ast_queries/cil.ml", line 5238, characters 9-67 Called from file "common.ml", line 329, characters 27-46 Called from file "norm.ml", line 1551, characters 11-55 Called from file "norm.ml", line 1571, characters 37-71 Called from file "norm.ml", line 1614, characters 22-47 Called from file "norm.ml", line 1685, characters 19-43 Called from file "src/kernel_services/ast_queries/cil.ml", line 2239, characters 15-31 Called from file "src/kernel_services/ast_queries/cil.ml" (inlined), line 3543, characters 17-35 Called from file "src/kernel_services/ast_queries/cil.ml", line 3572, characters 12-19 Called from file "src/kernel_services/ast_queries/cil.ml", line 2278, characters 13-16 Called from file "src/kernel_services/ast_queries/cil.ml", line 3576, characters 23-50 Called from file "src/kernel_services/ast_queries/cil.ml", line 2254, characters 21-41 Called from file "src/kernel_services/ast_queries/cil.ml", line 3613, characters 14-38 Called from file "src/kernel_services/ast_queries/cil.ml", line 2254, characters 21-41 Called from file "src/kernel_services/ast_queries/cil.ml", line 3602, characters 5-80 Called from file "src/kernel_services/ast_queries/cil.ml", line 3840, characters 16-37 Called from file "src/kernel_services/ast_queries/cil.ml", line 2278, characters 13-16 Called from file "src/kernel_services/ast_queries/cil.ml", line 2323, characters 24-57 Called from file "src/kernel_services/ast_queries/cil.ml", line 3808, characters 5-53 Called from file "src/kernel_services/ast_queries/cil.ml" (inlined), line 6463, characters 17-37 Called from file "src/kernel_services/ast_queries/cil.ml", line 6468, characters 24-33 Called from file "src/kernel_services/ast_queries/cil.ml", line 6470, characters 3-20 Called from file "src/kernel_services/ast_queries/cil.ml", line 2254, characters 21-41 Called from file "src/kernel_services/ast_queries/cil.ml", line 6487, characters 15-39 Called from file "common.ml", line 580, characters 2-13 Called from file "norm.ml", line 1959, characters 2-26 Called from file "register.ml", line 158, characters 4-23 Called from file "register.ml", line 278, characters 6-12 Called from file "src/kernel_services/plugin_entry_points/journal.ml", line 442, characters 19-22 Re-raised at file "src/kernel_services/plugin_entry_points/journal.ml", line 457, characters 10-17 Called from file "queue.ml", line 105, characters 6-15 Called from file "src/kernel_internals/runtime/boot.ml", line 37, characters 4-20 Called from file "src/kernel_services/cmdline_parameters/cmdline.ml", line 789, characters 2-9 Called from file "src/kernel_services/cmdline_parameters/cmdline.ml", line 819, characters 18-64 Called from file "src/kernel_services/cmdline_parameters/cmdline.ml", line 228, characters 4-8
Unexpected error (Cil.SizeOfError("Undefined sizeof on a function.", _)).
Please report as 'crash' at http://bts.frama-c.com/.
Your Frama-C version is Sulfur-20171101.
Note that a version and a backtrace alone often do not contain enough
information to understand the bug. Guidelines for reporting bugs are at:
http://bts.frama-c.com/dokuwiki/doku.php?id=mantis:frama-c:bug_reporting_guidelines[kernel] writing journal in file `./.frama-c/frama_c_journal.ml'.
Additional Information :
I'm using frama-c Sulfur-20171101 why 2.40 Why3 0.88.3 ocaml 4.06.1