WP appears to assume left-to-right evaluation order for int addition
ID0002272: This issue was created automatically from Mantis Issue 2272. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0002272 | Frama-C | Kernel | public | 2017-01-16 | 2017-01-16 |
| Reporter | Jochen | Assigned To | virgile | Resolution | open |
| Priority | low | Severity | minor | Reproducibility | always |
| Platform | Silicon-20161101 | OS | xubuntu | OS Version | - |
| Product Version | Frama-C 14-Silicon | Target Version | - | Fixed in Version | - |
Description :
The following issue originated from our student Robert. Running "frama-c -wp -wp-rte robert.c" on the attached program reports 3 proof goals, all of which are proven by Qed. However, according to ISO/IEC 9899:2011 §6.5 (2), the behavior of this function is undefined, since "x" is modified more than once between two sequence points.
Replacing the "4" in the ensures clause in line 2 by "2" or "3", or replacing the whole formula in line 2 by "\false", all results in one unproven goal (and two proven goals). Therefore, it seems that Frama-C's justification for proving "\result==4" is not that the function won't return anyway, due to the undefined behavior, considered as throwing an exception.