It’s obviously a bug in Csmith. Your understanding is correct.
"--max-pointer-depth"should be the one to limit indirection level for
pointer deference and other usages.
*From:*csmith-dev-bounces@flux.utah.edu
[mailto:csmith-dev-bounces@flux.utah.edu] *On Behalf Of *Tahina Ramananandro
*Sent:* Tuesday, October 20, 2015 12:59 PM
*To:* csmith-dev@flux.utah.edu
*Subject:* [csmith-dev] --max-pointer-depth not honored?
Dear Csmith developers,
I have been testing Csmith 2.2.0 (Git version dcef523), and I am trying
to understand the meaning of the --max-pointer-depth option.
If I understood well, Csmith with --max-pointer-depth N should produce a
program with pointer-dereferencing expressions of length at most N+1
(i.e. without pointer dereferences of the form *..*x with N+2 stars or
more.)
However, with --max-pointer-depth 0, I still managed to produce the
attached C program with a depth-2 pointer dereference (and similarly,
with --max-pointer-depth 1 and a depth-3 pointer dereference, although
in the latter case, it is hard to generate such programs if shorter than
400 lines).
Moreover, massive tests show that, with --no-checksum --no-argc
--no-arrays --no-bitfields --no-structs --no-unions
--max-pointer-depth 1, more than 70% of all programs generated by Csmith
(regardless of their sizes) reach pointer dereference level 3 or more
(sometimes up to 8).
So, is my understanding correct?
- If so, is there a bug in Csmith that makes --max-pointer-depth not
properly honored?
- Otherwise, what should be the exact meaning of this option, and which
use cases were intended? How could I control the maximum pointer
dereference level in Csmith-generated programs?
And then, a final question too: even though it might be possible to
limit the level of pointer dereference expressions, is there a way to
limit the depth of pointer types?
Thank you in advance for your help.
Best regards,
--
Tahina Oliver Ramananandro, Ph. D.
Senior Engineer, Advanced Compilers and Formal Verification
Reservoir Labs, Inc.
632 Broadway, Suite 803
New York, NY 10012
USA
Phone: +1 (212) 780-0527 ext. 157
E-mail: ramananandro@reservoir.com <mailto:ramananandro@reservoir.com>,
tahina@ramananandro.org <mailto:tahina@ramananandro.org>
Web: http://tahina.ramananandro.org
<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftahina.ramananandro.org&data=01%7c01%7cxuyang%40microsoft.com%7c6ee7ac19d630425d5e3308d2d9896cc5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Opb%2f%2bvTUJpjUQyQDT%2fAaWjf1j9W1u%2bYjFWW%2fw%2bI422k%3d>
Notes:
[#] Here I consider that --max-pointer-depth 0 does not prevent Csmith
from producing pointers at large, by contrast to --no-pointers