Hello.
Here is a new, extremely interesting program generated by Csmith:
/*
* This is a RANDOMLY GENERATED PROGRAM.
*
* Generator: csmith 2.1.0
* Git version: a5e5fd1
* Options: --max-expr-complexity 15 --max-pointer-depth 3 --max-funcs 4 --max-array-dim 2 --max-array-len-per-dim 3 --max-struct-fields 12 --max-union-fields 12 --no-volatiles --bitfields --no-argc --unions
* Seed: 1904236191
*/
A reduced version is like this:
union U4 { unsigned f0 : 31; } u = { -1 };
main(){
++u.f0;
return 0;
}
Frama-C's value analysis with option -val-signed-overflow-alarms says:
/home/cuoq/r.c:5:[kernel] warning: Signed overflow. assert (int)u.f0+1 ≤ 2147483647LL;
Its reasoning is that ++u.f0 can be expanded into u.f0 = ((int)u.f0) + 1; and that the
addition takes places between signed ints, and is therefore subject to undefined
overflows, one of which just happens to take place in this program.
What do you think?
Pascal