Can I skip eva's assertion on signed overflow?

Question

Sample code:

void main(){
    unsigned int x;
    x = 1U << 31;  // OK
    x = 1 << 31; // Sign overflowed
    return;
}

frama-c-gui -eva main.c:

void main(void)
{
    unsigned int x;
    x = 1U << 31;
    /*@ assert Eva: signed_overflow: 1 << 31 ≤ 2147483647; */
    x = (unsigned int)(1 << 31);
    return;
}

Get red alarm because of signed overflow on line 4. I have existing code with ton of hardware registers defined with mask bits and shifting bits like this. It's unreasonable to modify the code add "U" for all the mask bits. Is there a option in eval plugin to treat these constants as unsigned integer?

score 1 · Accepted Answer · answered Mar 13 '19 at 07:50

There are some options in the kernel to control which kinds of alarms should be emitted (see frama-c -kernel-h or the manual, especially its section 6.3, for more information).

In your particular case, you are probably interested in -no-warn-signed-overflow, that will disable alarms related to overflows on signed arithmetic. Eva will then assume 2-complement arithmetic, and emit a warning about that if the situation occurs, but only once for the whole analysis.

Can I skip eva's assertion on signed overflow?

1 Answers1