[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[csmith-bugs] Uninitialized field of union
Hello,
this is a continuation to a thread about accessing at CRC-time
members of unions through which an initialization
has not occurred. The last message in the thread was
The example below is very similar to the program that started that thread:
an union is initialized through a particular member, and at CRC-time,
the union is read from through another, wider member.
The example was generated with the last version as of now:
/*
* This is a RANDOMLY GENERATED PROGRAM.
*
* Generator: csmith 2.1.0
* Git version: b911750
* Options: --max-pointer-depth 3 --max-funcs 2 --max-array-dim 2 --max-array-len-per-dim 3 --max-struct-fields 5 --no-volatiles --no-argc --unions
* Seed: 2541560484
*/
Line 230 reads on the first iteration 32 bits from the beginning of g_17, whereas only 11 bits have been initialized through f0.
since it influences the generation of programs? Here's mine:
integer size = 4
pointer size = 8
Pascal
/*
* This is a RANDOMLY GENERATED PROGRAM.
*
* Generator: csmith 2.1.0
* Git version: b911750
* Options: --max-pointer-depth 3 --max-funcs 2 --max-array-dim 2 --max-array-len-per-dim 3 --max-struct-fields 5 --no-volatiles --no-argc --unions
* Seed: 2541560484
*/
#include "csmith.h"
static long __undefined;
/* --- Struct/Union Declarations --- */
union U0 {
int64_t f0;
const uint32_t f1;
signed f2 : 3;
uint32_t f3;
};
union U1 {
unsigned f0 : 11;
signed : 0;
uint8_t f1;
uint32_t f2;
};
/* --- GLOBAL VARIABLES --- */
static union U1 g_13 = {9UL};
static uint8_t g_14 = 0xD2L;
static union U1 g_17[3] = {{0xB5AF9F7CL}, {0xB5AF9F7CL}, {0xB5AF9F7CL}};
static int32_t g_19 = 0x3EDB3952L;
static union U0 g_23 = {0L};
static union U0 *g_22 = &g_23;
static uint64_t g_32 = 0xDAE89405DBD55ADBLL;
static uint32_t g_49 = 1UL;
static int16_t g_53 = (-1L);
static int32_t g_55 = 0xA1AEA078L;
static int32_t g_79 = 0xEDED6215L;
static uint32_t g_80 = 4294967295UL;
static int16_t g_96 = 0xBBA7L;
static uint16_t g_97 = 65535UL;
static uint64_t g_135 = 0x7413A7E429369BD4LL;
static uint16_t g_162 = 3UL;
static int16_t *g_168 = &g_53;
static int16_t **g_167 = &g_168;
static uint64_t g_210 = 0x1DA4DADB69EBD4F2LL;
static int32_t g_252 = 0x61819A6AL;
static uint8_t g_253[3] = {0x8EL, 0x8EL, 0x8EL};
static uint64_t g_256 = 9UL;
static uint16_t g_262 = 65527UL;
static int64_t g_271 = 9L;
static uint32_t g_272 = 0xF87870E3L;
static int32_t *g_284[3] = {&g_79, &g_79, &g_79};
static int16_t g_290[2] = {0x9871L, 0x9871L};
static int32_t g_314[2] = {0x8D991BF4L, 0x8D991BF4L};
static union U1 g_331 = {0x7DE6D6B8L};
static union U1 g_344 = {4294967295UL};
static int32_t **g_365[3][2] = {{(void*)0, (void*)0}, {(void*)0, (void*)0}, {(void*)0, (void*)0}};
static int32_t ** const *g_364 = &g_365[2][1];
static int32_t ** const **g_363 = &g_364;
static uint64_t g_418 = 1UL;
static int32_t g_426 = 1L;
/* --- FORWARD DECLARATIONS --- */
static int32_t func_1(void);
static uint64_t func_4(uint32_t p_5, union U1 p_6, uint64_t p_7, uint8_t p_8, union U1 p_9);
/* --- FUNCTIONS --- */
/* ------------------------------------------ */
/*
* reads : g_14 g_17 g_19 g_23.f1 g_290 g_256 g_167 g_168 g_53 g_96 g_23.f3 g_13.f0 g_271 g_79 g_210 g_252 g_17.f0 g_284 g_135
* writes: g_13 g_32 g_23.f3 g_314 g_210 g_79 g_135 g_284
*/
static int32_t func_1(void)
{ /* block id: 0 */
uint16_t l_10 = 65529UL;
union U1 l_11 = {0xA86BA47CL};
union U1 *l_12[2][1];
uint64_t *l_291[1];
int32_t l_292[1];
int16_t ***l_332[1][2];
int32_t l_399 = (-10L);
int32_t *l_455 = (void*)0;
int32_t **l_457 = &l_455;
int i, j;
for (i = 0; i < 2; i++)
{
for (j = 0; j < 1; j++)
l_12[i][j] = &l_11;
}
for (i = 0; i < 1; i++)
l_291[i] = &g_256;
for (i = 0; i < 1; i++)
l_292[i] = (-1L);
for (i = 0; i < 1; i++)
{
for (j = 0; j < 2; j++)
l_332[i][j] = (void*)0;
}
if (((safe_mul_func_int16_t_s_s(((func_4(l_10, (g_13 = l_11), g_14, (~(safe_lshift_func_int16_t_s_s(l_10, 9))), g_17[0]) >= ((safe_mod_func_int16_t_s_s(6L, l_11.f0)) & (safe_unary_minus_func_uint64_t_u((g_32 = (l_292[0] = (((((safe_div_func_uint8_t_u_u(g_23.f1, 0x6CL)) & l_10) < l_11.f0) != l_10) | g_290[0]))))))) >= 0xDBL), 0xF744L)) , l_292[0]))
{ /* block id: 182 */
int32_t l_301 = (-1L);
union U1 l_312 = {0xF488365CL};
int32_t l_313 = 0x5124B50EL;
int32_t *l_315[1][2];
int i, j;
for (i = 0; i < 1; i++)
{
for (j = 0; j < 2; j++)
l_315[i][j] = &g_55;
}
l_292[0] |= ((safe_mod_func_int32_t_s_s(((((safe_sub_func_int64_t_s_s(((g_314[1] = (safe_mod_func_int8_t_s_s((safe_lshift_func_int16_t_s_s(l_301, ((safe_add_func_int64_t_s_s((g_256 < (**g_167)), g_96)) , (safe_lshift_func_int8_t_s_s(l_301, (((safe_lshift_func_int8_t_s_u((l_313 = (safe_sub_func_int64_t_s_s(func_4(l_301, g_17[0], ((func_4((g_23.f3++), (l_301 , g_17[0]), g_13.f0, l_301, l_312) , g_13.f0) >= l_301), l_11.f0, l_312), 0L))), 0)) <= 18446744073709551615UL) , g_271)))))), g_79))) < g_210), g_210)) <= 8UL) < g_252) ^ l_312.f0), 4294967290UL)) > l_301);
}
else
{ /* block id: 187 */
int32_t **l_317 = &g_284[0];
int32_t ***l_316 = &l_317;
uint32_t *l_318 = &g_23.f3;
union U1 l_319 = {2UL};
union U0 l_328 = {0x62EA837A7E7F28E2LL};
int16_t *l_370 = &g_290[1];
int32_t l_401 = 0x3495B4D9L;
int32_t l_402[3][3] = {{0xAAABA1ACL, (-9L), 0xAAABA1ACL}, {0xAAABA1ACL, (-9L), 0xAAABA1ACL}, {0xAAABA1ACL, (-9L), 0xAAABA1ACL}};
uint32_t l_435 = 0xDA92B66BL;
uint8_t l_440 = 255UL;
uint32_t l_452 = 0x952C124EL;
union U1 **l_456 = &l_12[0][0];
int i, j;
(***l_316) &= ((func_4(((*l_318) = (0x39L != (0x54731B12L && ((void*)0 != l_316)))), l_319, (g_210 = g_19), g_17[0].f0, l_319) <= 0x0DADL) < (**g_167));
for (g_135 = 0; (g_135 <= 1); g_135 += 1)
{ /* block id: 193 */
int32_t *l_329 = &g_314[0];
union U1 l_330 = {4294967295UL};
uint8_t *l_333 = &l_319.f1;
int32_t l_373[2][1];
int32_t l_400 = 0x88DAA7BDL;
uint32_t l_403 = 4294967291UL;
uint64_t l_425 = 18446744073709551606UL;
uint64_t l_432 = 18446744073709551607UL;
int32_t l_451 = 4L;
int i, j;
for (i = 0; i < 2; i++)
{
for (j = 0; j < 1; j++)
l_373[i][j] = 0L;
}
}
(**l_316) = &l_292[0];
(*l_456) = &g_344;
}
(*l_457) = &l_292[0];
return g_256;
}
/* ------------------------------------------ */
/*
* reads : g_19
* writes:
*/
static uint64_t func_4(uint32_t p_5, union U1 p_6, uint64_t p_7, uint8_t p_8, union U1 p_9)
{ /* block id: 2 */
const int32_t * const l_18 = &g_19;
const int32_t *l_21[3][1];
const int32_t **l_20 = &l_21[2][0];
uint32_t l_50[3][1];
int32_t l_67 = (-7L);
uint16_t l_87 = 0xA32DL;
int8_t l_138 = 0x84L;
int32_t l_160 = 7L;
int32_t l_161 = 0x768F058CL;
uint32_t l_201 = 0x8CC48AF1L;
int32_t l_260[2];
int64_t l_261[2];
int i, j;
for (i = 0; i < 3; i++)
{
for (j = 0; j < 1; j++)
l_21[i][j] = (void*)0;
}
for (i = 0; i < 3; i++)
{
for (j = 0; j < 1; j++)
l_50[i][j] = 5UL;
}
for (i = 0; i < 2; i++)
l_260[i] = 0x68F17BB5L;
for (i = 0; i < 2; i++)
l_261[i] = (-1L);
(*l_20) = l_18;
for (p_9.f1 = 0; (p_9.f1 <= 2); p_9.f1 += 1)
{ /* block id: 6 */
union U0 *l_26 = &g_23;
int32_t *l_27 = &g_19;
int32_t l_63[1][2];
int16_t **l_170 = &g_168;
uint32_t l_283 = 1UL;
int i, j;
for (i = 0; i < 1; i++)
{
for (j = 0; j < 2; j++)
l_63[i][j] = (-5L);
}
}
l_67 &= p_5;
return (*l_18);
}
/* ---------------------------------------- */
int main (void)
{
int i, j;
int print_hash_value = 0;
platform_main_begin();
crc32_gentab();
func_1();
transparent_crc(g_13.f0, "g_13.f0", print_hash_value);
transparent_crc(g_14, "g_14", print_hash_value);
for (i = 0; i < 3; i++)
{
transparent_crc(g_17[i].f0, "g_17[i].f0", print_hash_value);
transparent_crc(g_17[i].f2, "g_17[i].f2", print_hash_value);
if (print_hash_value) printf("index = [%d]\n", i);
}
transparent_crc(g_19, "g_19", print_hash_value);
transparent_crc(g_23.f1, "g_23.f1", print_hash_value);
transparent_crc(g_23.f2, "g_23.f2", print_hash_value);
transparent_crc(g_23.f3, "g_23.f3", print_hash_value);
transparent_crc(g_32, "g_32", print_hash_value);
transparent_crc(g_49, "g_49", print_hash_value);
transparent_crc(g_53, "g_53", print_hash_value);
transparent_crc(g_55, "g_55", print_hash_value);
transparent_crc(g_79, "g_79", print_hash_value);
transparent_crc(g_80, "g_80", print_hash_value);
transparent_crc(g_96, "g_96", print_hash_value);
transparent_crc(g_97, "g_97", print_hash_value);
transparent_crc(g_135, "g_135", print_hash_value);
transparent_crc(g_162, "g_162", print_hash_value);
transparent_crc(g_210, "g_210", print_hash_value);
transparent_crc(g_252, "g_252", print_hash_value);
for (i = 0; i < 3; i++)
{
transparent_crc(g_253[i], "g_253[i]", print_hash_value);
if (print_hash_value) printf("index = [%d]\n", i);
}
transparent_crc(g_256, "g_256", print_hash_value);
transparent_crc(g_262, "g_262", print_hash_value);
transparent_crc(g_271, "g_271", print_hash_value);
transparent_crc(g_272, "g_272", print_hash_value);
for (i = 0; i < 2; i++)
{
transparent_crc(g_290[i], "g_290[i]", print_hash_value);
if (print_hash_value) printf("index = [%d]\n", i);
}
for (i = 0; i < 2; i++)
{
transparent_crc(g_314[i], "g_314[i]", print_hash_value);
if (print_hash_value) printf("index = [%d]\n", i);
}
transparent_crc(g_331.f0, "g_331.f0", print_hash_value);
transparent_crc(g_344.f0, "g_344.f0", print_hash_value);
transparent_crc(g_418, "g_418", print_hash_value);
transparent_crc(g_426, "g_426", print_hash_value);
platform_main_end(crc32_context ^ 0xFFFFFFFFUL, print_hash_value);
return 0;
}
/************************ statistics *************************
XXX max struct depth: 0
breakdown:
depth: 0, occurrence: 121
XXX total union variables: 11
XXX non-zero bitfields defined in structs: 3
XXX zero bitfields defined in structs: 1
XXX const bitfields defined in structs: 0
XXX volatile bitfields defined in structs: 0
XXX structs with bitfields in the program: 16
breakdown:
indirect level: 0, occurrence: 11
indirect level: 1, occurrence: 3
indirect level: 2, occurrence: 2
XXX full-bitfields structs in the program: 0
breakdown:
XXX times a bitfields struct's address is taken: 4
XXX times a bitfields struct on LHS: 1
XXX times a bitfields struct on RHS: 32
XXX times a single bitfield on LHS: 1
XXX times a single bitfield on RHS: 26
XXX max expression depth: 34
breakdown:
depth: 1, occurrence: 14
depth: 2, occurrence: 2
depth: 13, occurrence: 1
depth: 21, occurrence: 1
depth: 34, occurrence: 1
XXX total number of pointers: 141
XXX times a variable address is taken: 37
XXX times a pointer is dereferenced on RHS: 34
breakdown:
depth: 1, occurrence: 25
depth: 2, occurrence: 5
depth: 3, occurrence: 4
XXX times a pointer is dereferenced on LHS: 72
breakdown:
depth: 1, occurrence: 59
depth: 2, occurrence: 10
depth: 3, occurrence: 3
XXX times a pointer is compared with null: 6
XXX times a pointer is compared with address of another variable: 1
XXX times a pointer is compared with another pointer: 2
XXX times a pointer is qualified to be dereferenced: 1450
XXX max dereference level: 4
breakdown:
level: 0, occurrence: 0
level: 1, occurrence: 160
level: 2, occurrence: 30
level: 3, occurrence: 18
level: 4, occurrence: 7
XXX number of pointers point to pointers: 26
XXX number of pointers point to scalars: 111
XXX number of pointers point to structs: 0
XXX percent of pointers has null in alias set: 16.3
XXX average alias set size: 1.13
XXX times a non-volatile is read: 349
XXX times a non-volatile is write: 225
XXX times a volatile is read: 0
XXX times read thru a pointer: 0
XXX times a volatile is write: 0
XXX times written thru a pointer: 0
XXX times a volatile is available for access: 0
XXX percentage of non-volatile access: 100
XXX forward jumps: 0
XXX backward jumps: 2
XXX stmts: 12
XXX max block depth: 1
breakdown:
depth: 0, occurrence: 7
depth: 1, occurrence: 5
XXX percentage a fresh-made variable is used: 18.2
XXX percentage an existing variable is used: 81.8
FYI: the random generator makes assumptions about the integer size. See platform.info for more details.
********************* end of statistics **********************/