Skip to content

Unexpected verification result related to bit-field #3709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
muchang opened this issue Jan 7, 2019 · 6 comments
Closed

Unexpected verification result related to bit-field #3709

muchang opened this issue Jan 7, 2019 · 6 comments
Labels
bug

Comments

@muchang
Copy link

muchang commented Jan 7, 2019 

struct X {
   unsigned long u31:31;
};

struct X x;

int main ()
{
      if ((x.u31 - 2) >= 0)
	{assert(0);}

return 0; }

#include <assert.h>

struct {
  int a:4;
  int :4;
  int b:4;
  int c:4;
} x = { 2,3,4 };

int main ()
{
  if (x.b != 3)
    {assert(0); }
return 0; }

#include <assert.h>
struct foo
{
  unsigned long long b:40;
} x;

void test1(unsigned long long res)
{
  if (x.b<<32 != res)
    {assert(0); } 
}

int main()
{
  x.b = 0x0100;
  test1(0);
  return 0;
}

CBMC version: 5.10
Operating system: Ubuntu 18.04
Exact command line resulting in the issue: cbmc <file.c>
What behaviour did you expect:Result in SUCCESS (proofed by compiling with gcc and executing)
What happened instead:[foo.assertion.1] assertion 0: FAILURE
kroening pushed a commit that referenced this issue Jan 8, 2019
extended test for case of unnamed bit-fields (#3709)
266bfa3
kroening pushed a commit that referenced this issue Jan 8, 2019
extended test for case of unnamed bit-fields (#3709)
5c4e0b9 
The C front-end needs to ignore the unnamed bit-field during struct
initialization.
kroening pushed a commit that referenced this issue Jan 8, 2019
test for bit-field promotion (#3709)
d9c36cb 
Usual promotion rules apply to bit-fields -- thus, an unsigned bit-field
that is smaller than 'int' gets promoted to 'int', and thus yields a signed
expression. Issue #3709.
@kroening
Copy link
Member

kroening commented Jan 8, 2019

Many thanks -- I've made PRs for the first two problems.

I'll need to look a bit more into the third. gcc on Ubuntu 18.04 passes this, but clang gives a failure. This may well be implementation-defined or undefined behavior.

@kroening kroening added the bug label Jan 8, 2019
kroening pushed a commit that referenced this issue Jan 8, 2019
test for bit-field promotion (#3709)
d22370b 
Usual promotion rules apply to bit-fields -- thus, an unsigned bit-field
that is smaller than 'int' gets promoted to 'int', and thus yields a signed
expression. Issue #3709.
kroening pushed a commit that referenced this issue Jan 8, 2019
test for bit-field promotion (#3709)
935a2eb 
Usual promotion rules apply to bit-fields -- thus, an unsigned bit-field
that is smaller than 'int' gets promoted to 'int', and thus yields a signed
expression. Issue #3709.
tautschnig added a commit that referenced this issue Jan 8, 2019
@tautschnig
Merge pull request #3712 from diffblue/struct-initialization-unnamed-…
4714c4e 
…bit-field

extended test for case of unnamed bit-fields (#3709)
kroening pushed a commit that referenced this issue Jan 8, 2019
fix anonymous struct member initialization
b80ba12 
The C front-end needs to ignore the unnamed bit-field during struct
initialization; issue #3709.
@kroening kroening mentioned this issue Jan 8, 2019
Merged
4 tasks
kroening pushed a commit that referenced this issue Jan 8, 2019
fix anonymous struct member initialization
4338b33 
The C front-end needs to ignore the unnamed bit-field during struct
initialization; issue #3709.
@kroening kroening mentioned this issue Jan 8, 2019
Merged
4 tasks
kroening pushed a commit that referenced this issue Jan 8, 2019
fix anonymous struct member initialization
4548fc1 
The C front-end needs to ignore the unnamed bit-field during struct
initialization; issue #3709.
@muchang
Copy link
Author

muchang commented Jan 8, 2019

Thank you so much for your update, the third one may be the implementation-defined feature.
Here is another case related to bit-field:

#include <assert.h>
typedef struct _st {
    long int iIndex : 24;
} st;
st *next;

void f(void)
{
    int nIndx;
    const static long int constreg[] = { 0xFEFEFEFE,};
    next->iIndex = constreg[0];
}

int main(void)
{
  st a;
  next = &a;
  f();
  if (next->iIndex != 0xFFFEFEFE)
    {assert(0);} 
  return 0;
}

CBMC version: 5.10
Operating system: Ubuntu 18.04
Exact command line resulting in the issue: cbmc <file.c>
What behaviour did you expect:Result in SUCCESS (proofed by compiling with gcc and executing)
What happened instead:[foo.assertion.1] assertion 0: FAILURE

@kroening
Copy link
Member

kroening commented Jan 9, 2019

I looked at the third one. I think this is undefined behavior. The bit-field should get promoted to signed long long. Then you are doing an overflowing signed left shift.

@kroening
Copy link
Member

kroening commented Jan 9, 2019

I.e., clang failing this is ok.

@kroening
Copy link
Member

kroening commented Jan 9, 2019

The problem in the "other case" has already been fixed with ab6e2d1.

@kroening kroening closed this as completed Jan 9, 2019
@muchang
Copy link
Author

muchang commented Jan 9, 2019

Thank you for your confirmation! I also think the third one is undefined behavior. This issue can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kroening @muchang