[unsoundness/undefined-behavior] crab-llvm, uninitialized variable

Practical-Formal-Methods / adiff

Tool for differentially testing soundness and precision of program analyzers

MIT License

11 stars 6 forks source link

[unsoundness/undefined-behavior] crab-llvm, uninitialized variable #122

Closed chkl closed 5 years ago

chkl commented 6 years ago

extern void __VERIFIER_error() __attribute__((__noreturn__));
extern void __VERIFIER_assume(int);
void __VERIFIER_assert(int cond)
{
    if (!cond)    {
    ERROR:
        __VERIFIER_error();
    }
}
extern int __VERIFIER_nondet_int(void);

int main()
{
    int x  = __VERIFIER_nondet_int();
    if (x > 1) {
        int i;
        __VERIFIER_assert(i >= x);
    }
    return 1;
}

crab-llvm says "unsat", whereas all other verifiers say "sat".

There are a lot of those cases.

chkl commented 6 years ago

It's undefined behavior nonetheless it is curious that crab-llvm disagrees with seahorn. Question asked here: https://github.com/seahorn/crab-llvm/issues/20