[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] --max-pointer-depth not honored?

It’s obviously a bug in Csmith. Your understanding is correct. "--max-pointer-depth" should be the one to limit indirection level for pointer deference and other usages.


From: csmith-dev-bounces@flux.utah.edu [mailto:csmith-dev-bounces@flux.utah.edu] On Behalf Of Tahina Ramananandro
Sent: Tuesday, October 20, 2015 12:59 PM
To: csmith-dev@flux.utah.edu
Subject: [csmith-dev] --max-pointer-depth not honored?


Dear Csmith developers,


I have been testing Csmith 2.2.0 (Git version dcef523), and I am trying to understand the meaning of the --max-pointer-depth option.


If I understood well, Csmith with --max-pointer-depth N should produce a program with pointer-dereferencing expressions of length at most N+1 (i.e. without pointer dereferences of the form *..*x with N+2 stars or more.)


However, with --max-pointer-depth 0, I still managed to produce the attached C program with a depth-2 pointer dereference  (and similarly, with --max-pointer-depth 1 and a depth-3 pointer dereference, although in the latter case, it is hard to generate such programs if shorter than 400 lines).


Moreover, massive tests show that, with --no-checksum --no-argc  --no-arrays --no-bitfields --no-structs --no-unions --max-pointer-depth 1, more than 70% of all programs generated by Csmith (regardless of their sizes) reach pointer dereference level 3 or more (sometimes up to 8).


So, is my understanding correct?

- If so, is there a bug in Csmith that makes --max-pointer-depth not properly honored? 

- Otherwise, what should be the exact meaning of this option, and which use cases were intended? How could I control the maximum pointer dereference level in Csmith-generated programs?


And then, a final question too: even though it might be possible to limit the level of pointer dereference expressions, is there a way to limit the depth of pointer types?


Thank you in advance for your help.


Best regards,



Tahina Oliver Ramananandro, Ph. D.

Senior Engineer, Advanced Compilers and Formal Verification

Reservoir Labs, Inc.

632 Broadway, Suite 803

New York, NY 10012


Phone: +1 (212) 780-0527 ext. 157



[#] Here I consider that --max-pointer-depth 0 does not prevent Csmith from producing pointers at large, by contrast to --no-pointers