[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[csmith-bugs] 2.0.0: dangling pointer passed as argument to function in generated program

To: csmith-bugs@flux.utah.edu
Subject: [csmith-bugs] 2.0.0: dangling pointer passed as argument to function in generated program
From: Pascal Cuoq <pascal.cuoq@cea.fr>
Date: Fri, 29 Apr 2011 15:00:08 +0200
List-archive: </listarchives/csmith-bugs>
List-help: <mailto:csmith-bugs-request@flux.utah.edu?subject=help>
List-id: Csmith Bugs Mailing List <csmith-bugs.flux.utah.edu>
List-post: <mailto:csmith-bugs@flux.utah.edu>
List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-bugs>, <mailto:csmith-bugs-request@flux.utah.edu?subject=subscribe>
List-unsubscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-bugs>, <mailto:csmith-bugs-request@flux.utah.edu?subject=unsubscribe>

As per the discussion on http://blog.regehr.org/archives/523 , here isone example:


/*
 * This is a RANDOMLY GENERATED PROGRAM.
 *
 * Generator: csmith 2.0.0
 * svn version: exported
 * Options:   --no-volatiles --no-argc
 * Seed:      3726910497
 */

frama-c -cpp-command "gcc -C -E -I runtime " -val -slevel 999999assert.18185648.3.c -no-results -machdep x86_64

says there is a dangling pointer "used" at line 143. If you run it, itrefers to a variable tmp_28, which can be made sense of by using thecommand


frama-c -cpp-command "gcc -C -E -I runtime " assert.18185648.3.c -print

Here, tmp_28 corresponds to the results of the call to func_104(),passed as an argument to some other function. func_104() does:


    ...
    (*p_106) = &l_114;
    return (*p_106);
}

Prev by Date: Re: [csmith-bugs] missing header file after "make install"
Next by Date: Re: [csmith-bugs] missing header file after "make install"
Previous by thread: Re: [csmith-bugs] compilation failure on Solaris SPARC
Next by thread: [csmith-bugs] 2.0.0: read from and write to the same location within two sequence points
Index(es):
- Date
- Thread