search

Boolector / boolector

A Satisfiability Modulo Theories (SMT) solver for the theories of fixed-size bit-vectors, arrays and uninterpreted functions.
http://boolector.github.io
Other
325 stars 63 forks source link

Segment fault at btorexp.c:1471 #105

Closed rainoftime closed 4 years ago

rainoftime commented 4 years ago

Hi, for the following formula,

(set-logic BV)
(declare-fun _substvar_27_ () (_ BitVec 11))
(declare-fun _substvar_36_ () (_ BitVec 11))
(declare-const bv_11-0 (_ BitVec 11))
(assert (not (forall ((q10 (_ BitVec 11)) (q11 (_ BitVec 12)) (q12 Bool) (q13 (_ BitVec 11))) (=> (= (_ bv0 11) bv_11-0 q10 (bvurem bv_11-0 _substvar_36_) _substvar_27_) false))))
(check-sat)

boolector (commit 76aafdf) throws a seg fault

ASAN:SIGSEGV
=================================================================
==69202==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x7fba75f4763b bp 0x7ffdded18690 sp 0x7ffdded18660 T0)
    #0 0x7fba75f4763a in btor_exp_bv_urem /home/peisen/test/tofuzz/boolector/src/btorexp.c:1471
    #1 0x7fba75f4040c in btor_exp_create /home/peisen/test/tofuzz/boolector/src/btorexp.c:57
    #2 0x7fba7611d281 in elim_vars /home/peisen/test/tofuzz/boolector/src/preprocess/btorder.c:401
    #3 0x7fba7611d9c8 in btor_cer_node /home/peisen/test/tofuzz/boolector/src/preprocess/btorder.c:445
    #4 0x7fba7603aeea in simplify /home/peisen/test/tofuzz/boolector/src/btorslvquant.c:2587
    #5 0x7fba7603b151 in sat_quant_solver /home/peisen/test/tofuzz/boolector/src/btorslvquant.c:2611
    #6 0x7fba75f3451c in btor_check_sat /home/peisen/test/tofuzz/boolector/src/btorcore.c:3036
    #7 0x7fba75e3296f in boolector_sat /home/peisen/test/tofuzz/boolector/src/boolector.c:639
    #8 0x7fba7610df90 in check_sat /home/peisen/test/tofuzz/boolector/src/parser/btorsmt2.c:4529
    #9 0x7fba76111a0b in read_command_smt2 /home/peisen/test/tofuzz/boolector/src/parser/btorsmt2.c:4695
    #10 0x7fba76114937 in parse_smt2_parser /home/peisen/test/tofuzz/boolector/src/parser/btorsmt2.c:4952
    #11 0x7fba75f8deae in parse_aux /home/peisen/test/tofuzz/boolector/src/btorparse.c:68
    #12 0x7fba75f8fae6 in btor_parse /home/peisen/test/tofuzz/boolector/src/btorparse.c:235
    #13 0x7fba75e9caeb in boolector_parse /home/peisen/test/tofuzz/boolector/src/boolector.c:4680
    #14 0x40cb32 in boolector_main /home/peisen/test/tofuzz/boolector/src/btormain.c:1440
    #15 0x4024f5 in main /home/peisen/test/tofuzz/boolector/src/boolectormain.c:17
    #16 0x7fba7599a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #17 0x402408 in _start (/home/peisen/test/tofuzz/boolector/build/bin/boolector+0x402408)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/peisen/test/tofuzz/boolector/src/btorexp.c:1471 btor_exp_bv_urem
==69202==ABORTING
mpreiner commented 4 years ago

Duplicate #97.