0

While working with Frama-C I discovered an issue which leads to an unexpected error. The following code snippet shows a minimal reproducer of the problem (simplified as far as possible).

_Bool get_bool(void){ return (_Bool)1; };
_Bool pass_bool(_Bool b){ return b; };

_Bool b_flag1, b_flag2;

int main(){

    b_flag1 = pass_bool( !((_Bool) get_bool()) );
    b_flag2 = pass_bool( (_Bool) get_bool() );
}

When running Frama-C with frama-c -deps -eva test.c I get the following error (only an excerpt of the error message):

[kernel] Parsing test.c (with preprocessing)
[eva] Analyzing a complete application starting at main
[eva] Computing initial state
[eva] Initial state computed
[eva:initial-state] Values of globals at initialization
  b_flag1 ∈ {0}
  b_flag2 ∈ {0}
[eva] done for function main
[kernel] Current source was: test.c:7
  The full backtrace is:
  Raised at Offsetmap.Make.merge in file "src/kernel_services/abstract_interp/offsetmap.ml", line 945, characters 23-35
  .
  .
  .
  Called from Cmdline.play_in_toplevel in file "src/kernel_services/cmdline_parameters/cmdline.ml", line 876, characters 18-64
  Called from Cmdline.catch_toplevel_run in file "src/kernel_services/cmdline_parameters/cmdline.ml", line 235, characters 4-8
  
  Unexpected error (File "src/kernel_services/abstract_interp/offsetmap.ml", line 945, characters 23-29: Assertion failed).
  Please report as 'crash' at https://git.frama-c.com/pub/frama-c/issues
  Your Frama-C version is 25.0-beta (Manganese).
  Note that a version and a backtrace alone often do not contain enough
  information to understand the bug. Guidelines for reporting bugs are at:
  https://git.frama-c.com/pub/frama-c/-/wikis/Guidelines-for-reporting-bugs

There are some changes that allow a correct analysis:

  1. If each function is called only once the error does not occur. It does not matter which one (commenting out the first line of the main as well as the second line leads to a correct analysis).
    .
    .
    b_flag1 = pass_bool( !((_Bool) get_bool()) );
    //b_flag2 = pass_bool( (_Bool) get_bool() );
}
  1. Another possibility to avoid an error is to omit the typecast in the call of the function pass_bool.
    .
    .
    b_flag1 = pass_bool( ! get_bool() );
    b_flag2 = pass_bool( get_bool() );
}
  1. Furthermore, no error occurs when temporary variables are used for the results of get_bool.
    .
    .
    _Bool b_tmp1 = !((_Bool) get_bool());
    _Bool b_tmp2 = (_Bool) get_bool();

    b_flag1 = pass_bool( b_tmp1 );
    b_flag2 = pass_bool( b_tmp2 );
}
  1. If the negation of the return value of get_bool is omitted, no error occurs either.

I can not explain this behavior and would be pleased about solutions or hints.

Gruber
  • 25
  • 5
  • Does the behavior change if you move the declaration `_Bool b_flag1, b_flag2;` inside `main()` ? – sj95126 Aug 11 '22 at 17:12
  • Apparently you have crashed Frama-C, did you use an own plugin? As the error message says, report it to the developers. A quick web research revealed [this GitLab instance](https://git.frama-c.com/pub/frama-c/-/issues). You might want to use it. – the busybee Aug 11 '22 at 20:08
  • Hi @sj95126, unfortunately this modification also leads to the same error. – Gruber Aug 12 '22 at 04:05
  • Thanks @the busybee I will document it there. – Gruber Aug 12 '22 at 04:08
  • Indeed you found a bug and thanks to your report, it has been fixed: https://git.frama-c.com/pub/frama-c/-/issues/2623 (available on the public Git branch, to be included in the next public release, 26, but it will take a while). So I'm not sure how to answer this question: should I just mention "it was a bug, it has been fixed, now it works"? Should *you* do it instead, to earn the points? Should the question be closed since it is not necessarily relevant anymore? – anol Sep 02 '22 at 13:43

1 Answers1

1

It was a bug and was reported on: https://git.frama-c.com/pub/frama-c/-/issues/2623. It has been solved and works now.

Gruber
  • 25
  • 5