A pointer can be reported as belonging to an adjacent memory blocks in the bittree memory model
ID0001836: This issue was created automatically from Mantis Issue 1836. Further discussion may take place here.
| Id | Project | Category | View | Due Date | Updated |
|---|---|---|---|---|---|
| ID0001836 | Frama-C | Plug-in > E-ACSL | public | 2014-07-16 | 2014-09-15 |
| Reporter | arvidj | Assigned To | signoles | Resolution | fixed |
| Priority | normal | Severity | minor | Reproducibility | sometimes |
| Platform | - | OS | - | OS Version | - |
| Product Version | - | Target Version | - | Fixed in Version | Frama-C Neon-20140301 |
Description :
There is a one-off error in the calculation of to which block a pointer. The following series of calls to the memory model triggers it (but I've got no simple program example which reproduces the error).
struct _block bk1 = {.ptr = 1, .size = 1}; __add_element(&bk1); assert(__get_cont((void*)0) == NULL); assert(__get_cont((void*)1) == &bk2); assert(__get_cont((void*)2) == NULL); // will report 2 as belonging to bk1.
The offending line in e_acsl_bittree.c is:
else if((size_t)ptr <= tmp->leaf->size + tmp->addr)
where the comparison is strict and another clause should be added to handle the case of empty structs.